模板名称
ACS-ECS-RepairImage 修复镜像
模板描述
镜像修复, 镜像修复是基于镜像检测的结果对镜像进行离线修复, 关于镜像检测 https://help.aliyun.com/zh/ecs/user-guide/overview-18, 修复流程会首先基于Alibaba cloud linux镜像创建一台修复实例,将您的镜像的快照创建云盘挂载到修复实例上,离线修复数据盘,然后将修复后的数据盘创建新的镜像。 一些限制 1)当您的镜像的系统类型是如ubuntu 22.04 64位等公共镜像系统类型时,修复后生成的镜像类型会是如ubuntu_64位自定义镜像系统类型。
模板类型
自动化
所有者
Alibaba Cloud
输入参数
参数名称 | 描述 | 类型 | 是否必填 | 默认值 | 约束 |
zoneId | 交换机可用区 | String | 是 | ||
repairImageId | 修复镜像ID | String | 是 | ||
baseImageId | 基础镜像 | String | 是 | ||
instanceType | 实例类型 | String | 是 | ||
securityGroupId | 安全组 | String | 是 | ||
vSwitchId | 交换机 | String | 是 | ||
regionId | 地域ID | String | 否 | {{ ACS::RegionId }} | |
systemDiskCategory | 系统盘的云盘种类 | String | 否 | cloud_essd | |
repairItems | 修复项目 | List | 否 | assist |
输出参数
参数名称 | 描述 | 类型 |
imageId | String |
执行此模板需要的权限策略
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateImage",
"ecs:CreateSnapshot",
"ecs:DeleteInstance",
"ecs:DeleteSnapshot",
"ecs:DescribeDisks",
"ecs:DescribeImages",
"ecs:DescribeInstances",
"ecs:DescribeInvocationResults",
"ecs:DescribeInvocations",
"ecs:DescribeSnapshots",
"ecs:InvokeCommand",
"ecs:RebootInstance",
"ecs:RunCommand",
"ecs:RunInstances"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
详情
模板内容
FormatVersion: OOS-2019-06-01
Description:
zh-cn: 镜像修复, 镜像修复是基于镜像检测的结果对镜像进行离线修复, 关于镜像检测 https://help.aliyun.com/zh/ecs/user-guide/overview-18,
修复流程会首先基于Alibaba cloud linux镜像创建一台修复实例,将您的镜像的快照创建云盘挂载到修复实例上,离线修复数据盘,然后将修复后的数据盘创建新的镜像。
一些限制 1)当您的镜像的系统类型是如ubuntu 22.04 64位等公共镜像系统类型时,修复后生成的镜像类型会是如ubuntu_64位自定义镜像系统类型。
en: Image repair, which is an offline repair of an image based on the results of image check, Please refer to this document for image check https://www.alibabacloud.com/help/en/ecs/user-guide/overview-18
The repair process will first create a repair instance based on the Alibaba cloud Linux image, create a cloud disk snapshot of your image, mount it to the repair instance, repair the data disk offline, and then create a new image of the repaired data disk.
name-en: ACS-ECS-RepairImage
name-zh-cn: 修复镜像
categories:
- image_manage
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: 地域ID
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
zoneId:
Type: String
Label:
en: VSwitch Availability Zone
zh-cn: 交换机可用区
AssociationProperty: ALIYUN::ECS::ZoneId
AssociationPropertyMetadata:
RegionId: regionId
repairImageId:
Type: String
Label:
en: ImageId that needs to be repaired
zh-cn: 修复镜像ID
AssociationProperty: ALIYUN::ECS::Image::ImageId
AssociationPropertyMetadata:
RegionId: regionId
SupportedImageOwnerAlias:
- self
OSType: linux
baseImageId:
Type: String
Label:
en: BaseImage
zh-cn: 基础镜像
Description:
en: (The basic image is used to create a repair instance. You need to select a basic image with the same architecture as the repair target image. For example, the custom image you want to repair is x86_64, please select aliyun_3_X64 image)
zh-cn: <font color='red'>基础镜像用来创建修复实例, 您需要选择和修复目标镜像同架构的基础镜像, 如您要修复的自定义镜像是x86_64镜像,请选择 aliyun_3_x64 镜像</font>
AllowedValues:
- aliyun_3_x64_20G_alibase_20230727.vhd
- aliyun_3_arm64_20G_alibase_20230731.vhd
instanceType:
Label:
en: InstanceType
zh-cn: 实例类型
Type: String
AssociationProperty: ALIYUN::ECS::Instance::InstanceType
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
securityGroupId:
Label:
en: SecurityGroupId
zh-cn: 安全组
Type: String
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
AssociationPropertyMetadata:
RegionId: regionId
vSwitchId:
Label:
en: VSwitchId
zh-cn: 交换机
Type: String
AssociationProperty: ALIYUN::VPC::VSwitch::VSwitchId
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
Filters:
- SecurityGroupId: securityGroupId
systemDiskCategory:
Label:
en: SystemDiskCategory
zh-cn: 系统盘的云盘种类
Type: String
AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory
AssociationPropertyMetadata:
RegionId: regionId
InstanceType: instanceType
Default: cloud_essd
repairItems:
Label:
en: RepairItems
zh-cn: 修复项目
Type: List
AllowedValues:
- all
- assist
- aegis
- growpart
- virtio
- selinux
- dhcp
- grub
- fstab
- nvme
- cloudinit
Default: assist
Tasks:
- Name: checkImage
Action: ACS::CheckFor
Description:
en: Check if the image is x86_ 64 or arm64
zh-cn: 检查镜像是否为x86_64或arm64
Properties:
Service: ECS
API: DescribeImages
Parameters:
RegionId: '{{ regionId }}'
ImageId: '{{ repairImageId }}'
DesiredValues:
- x86_64
- arm64
PropertySelector: Images.Image[0].Architecture
Outputs:
architecture:
Type: String
ValueSelector: Images.Image[0].Architecture
snapshotId:
Type: String
ValueSelector: Images.Image[0].DiskDeviceMappings.DiskDeviceMapping[0].SnapshotId
imageName:
Type: String
ValueSelector: Images.Image[0].ImageName
osType:
Type: String
ValueSelector: Images.Image[0].OSType
platform:
Type: String
ValueSelector: Images.Image[0].Platform
bootMode:
Type: String
ValueSelector: Images.Image[0].BootMode
- Name: runInstances
Action: ACS::ExecuteAPI
Description:
en: Creates one ECS instances
zh-cn: 创建一个ECS实例
Properties:
Service: ECS
API: RunInstances
Parameters:
RegionId: '{{ regionId }}'
Amount: 1
ImageId: '{{ baseImageId }}'
InstanceType: '{{ instanceType }}'
InstanceName: 'image_repair_please_no_delete'
SecurityGroupId: '{{ securityGroupId }}'
VSwitchId: '{{ vSwitchId }}'
InternetMaxBandwidthIn: 200
InternetMaxBandwidthOut: 0
SystemDiskCategory: '{{ systemDiskCategory }}'
DataDisk:
- SnapshotId: '{{ checkImage.snapshotId }}'
DiskName: 'image_repair_{{ checkImage.snapshotId }}'
Category: '{{ systemDiskCategory }}'
InstanceChargeType: PostPaid
Outputs:
instanceId:
Type: String
ValueSelector: InstanceIdSets.InstanceIdSet[0]
- Name: untilInstanceReady
Action: ACS::WaitFor
Description:
en: Waits for the created instances to be Running status
zh-cn: 等待创建的实例进入运行中状态
Properties:
Service: ECS
API: DescribeInstances
Parameters:
RegionId: '{{ regionId }}'
InstanceIds:
- '{{ runInstances.instanceId }}'
DesiredValues:
- Running
PropertySelector: Instances.Instance[0].Status
- Name: checkForCreatedDiskReady
Action: ACS::CheckFor
Description:
en: Checks the disk status Available
zh-cn: 检测云盘的状态是否为可用的
OnError: stopInstances
Properties:
Service: ECS
API: DescribeDisks
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
DesiredValues:
- In_use
PropertySelector: Disks.Disk[0].Status
Outputs:
diskSN:
Type: String
ValueSelector: Disks.Disk[0].SerialNumber
diskId:
Type: String
ValueSelector: Disks.Disk[0].DiskId
- Name: runCommandOpenselinux
Action: ACS::ECS::RunCommand
Description:
en: Run cloud assistant command on ECS instance
zh-cn: 在实例中运行命令
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
commandContent: sed -i s/^SELINUX=.*/SELINUX=permissive/g /etc/selinux/config
commandType: RunShellScript
instanceId: '{{ runInstances.instanceId }}'
Outputs:
invocationOutput:
Type: String
ValueSelector: invocationOutput
- Name: rebootInstance
Action: ACS::ECS::RebootInstance
Description:
en: Reboot Instance
zh-cn: 重启实例
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ runInstances.instanceId }}'
- Name: runCommand
Action: ACS::ECS::InvokeCommand
Description:
en: Run cloud assistant command on ECS instance
zh-cn: 在实例中运行命令
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
commandId: 'ACS-ECS-ImageRepair-for-linux.sh'
parameters:
Fn::Join:
- ''
- - '{"repairitems":'
- '"'
- Fn::Join:
- ' '
- '{{repairItems}}'
- '"'
- ',"disk_serial":"'
- '{{checkForCreatedDiskReady.diskSN}}'
- '"}'
instanceId: '{{ runInstances.instanceId }}'
Outputs:
invocationOutput:
Type: String
ValueSelector: invocationOutput
- Name: waitDiskFlush
Action: ACS::Sleep
Description:
en: Waiting for IO flash disk
zh-cn: 等待IO落盘
Properties:
Duration: 1M
- Name: createSnapshot
Action: ACS::ECS::CreateSnapshot
Description:
en: Mount a data disk for the created ECS instance
zh-cn: 为云盘创建一个快照
OnError: deleteInstance
Properties:
regionId: '{{ regionId }}'
snapshotName: 'image_repair_{{ checkForCreatedDiskReady.diskId }}'
diskId: '{{ checkForCreatedDiskReady.diskId }}'
retentionDays: 1
Outputs:
snapshotId:
Type: String
ValueSelector: snapshotId
- Name: createImage
Action: ACS::ExecuteAPI
Description:
en: Creates image
zh-cn: 用快照创建镜像
OnError: deleteSnapshot
OnSuccess: deleteInstance
Properties:
Service: ECS
API: CreateImage
Parameters:
RegionId: '{{ regionId }}'
SnapshotId: '{{ createSnapshot.snapshotId }}'
ImageName:
Fn::Join:
- '_'
- - 'repaired'
- '{{ checkImage.imageName }}'
- Fn::FormatUTCTime:
- '{{ACS::CurrentUTCTime}}'
- '%Y%m%d%H%M%S'
DetectionStrategy: Standard
Platform:
Fn::Select:
- '{{ checkImage.platform }}'
- Aliyun: Aliyun
Anolis: Anolis
CentOS: CentOS
Ubuntu: Ubuntu
SUSE: SUSE
Debian: Debian
OpenSUSE: OpenSUSE
Red Hat: RedHat
Kylin: Kylin
UOS: UOS
Fedora: Fedora
CentOS Stream: CentOS Stream
AlmaLinux: AlmaLinux
Rocky Linux: Rocky Linux
Customized Linux: Customized Linux
Others Linux: Others Linux
BootMode: '{{ checkImage.bootMode }}'
Architecture: '{{ checkImage.architecture }}'
Outputs:
imageId:
Type: String
ValueSelector: ImageId
- Name: deleteSnapshot
Action: ACS::ExecuteAPI
Description:
en: Deletes the Snapshot
zh-cn: 释放创建的快照
OnError: deleteInstance
Properties:
Service: ECS
API: DeleteSnapshot
Parameters:
RegionId: '{{ regionId }}'
SnapshotId: '{{ createSnapshot.snapshotId }}'
Force: true
- Name: stopInstances #远程命令执行失败后等待1分钟再释放,否则报错“IncorrectInstanceStatus.Initializing”(ECS工程师:阿里云的实例有一分钟保护机制,刚创建的实例需要在60s之后才能删除。)
Action: ACS::Sleep
Description:
en: Waiting for instance initialization to complete
zh-cn: 等待保护机制失效
Properties:
Duration: 1M
- Name: deleteInstance
Action: ACS::ExecuteAPI
Description:
en: Deletes the ECS instance
zh-cn: 释放创建的ECS实例
Properties:
Service: ECS
API: DeleteInstance
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
Force: true
Outputs:
imageId:
Type: String
Value: '{{ createImage.imageId }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- regionId
- repairImageId
- baseImageId
Label:
default:
zh-cn: 选择镜像
en: Select Image
- Parameters:
- zoneId
- instanceType
- securityGroupId
- vSwitchId
- systemDiskCategory
Label:
default:
zh-cn: 实例规格
en: ECS Instance Configure
- Parameters:
- repairItems
Label:
default:
zh-cn: 发送远程命令
en: Run Command