ECS实例一般会配置云盘、弹性网卡、弹性公网IP等相关资源。当您为ECS实例绑定标签的时候,可以使用运维编排服务(OOS)为这些相关资源自动绑定标签,保证ECS实例与相关资源标签的一致性,方便后续维护。
背景信息
本示例中,将通过OOS自定义模板为ECS实例的相关资源(云盘、弹性网卡、弹性公网IP)自动绑定标签owner:alice。
说明 OOS模板、ECS实例、云盘、弹性网卡、弹性公网IP必须在同一地域下。
步骤一:创建RAM角色并授权
- 使用阿里云账号登录RAM控制台。
- 创建自定义权限策略OOSAutoTag,详情请参见创建自定义策略。
自定义权限策略OOSAutoTag内容如下所示:
{ "Version": "1", "Statement": [ { "Action": [ "ecs:DescribeDisks", "ecs:DescribeInstances", "ecs:TagResources" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "vpc:TagResources" ], "Resource": "*", "Effect": "Allow" } ] }权限策略说明如下表所示:
权限策略 相关参数 允许查询ECS实例、弹性网卡、弹性公网IP的信息。 ecs:DescribeInstances允许查询云盘的信息。 ecs:DescribeDisks允许为ECS实例、云盘、弹性网卡创建并绑定标签。 ecs:TagResources允许为弹性公网IP创建并绑定标签。 vpc:TagResources - 创建RAM角色OOSServiceRole。
详情请参见 创建普通服务角色。
- 为RAM角色OOSServiceRole授权自定义策略OOSAutoTag。
详情请参见 为RAM角色授权。
- 为RAM角色OOSServiceRole授权系统策略AliyunOOSFullAccess。
详情请参见 为RAM角色授权。
步骤二:创建并执行OOS模板
- 登录OOS控制台。
- 在左侧导航栏,单击我的模板。
- 在顶部菜单栏左上角处,选择地域。
- 创建自定义模板。
- 单击创建模板。
- 在基本信息区域,输入模板名称(例如:AutoTag)。
- 单击JSON页签,编写模板代码,然后单击创建模板。
模板代码示例:
{ "FormatVersion": "OOS-2019-06-01", "Description": { "en": "When instance is labeled with the specified tag, Tags will be propagated to the related resources.", "zh-cn": "当实例绑定特定标签时,传播标签到与实例相关的云盘、弹性网卡、弹性公网IP资源", "name-zh-cn": "当实例绑定特定标签时,传播标签到与实例相关的云盘、弹性网卡、弹性公网IP资源", "categories": [ "event-trigger" ] }, "Parameters": { "TagKey": { "Type": "String", "Description": "Tag key for tag instance" }, "TagValue": { "Type": "String", "Description": "Tag value for tag instance" }, "OOSAssumeRole": { "Description": { "en": "The RAM role to be assumed by OOS.", "zh-cn": "OOS扮演的RAM角色" }, "Type": "String", "Default": "OOSServiceRole" } }, "RamRole": "{{ OOSAssumeRole }}", "Tasks": [ { "Name": "eventTrigger", "Description": { "en": "Monitor the ECS instance TAG event.", "zh-cn": "监控实例标签变化" }, "Action": "ACS::EventTrigger", "Properties": { "Product": "tag", "Name": [ "Tag:ChangeOnResource" ], "Level": [ "INFO" ], "Content": { "product": [ "ecs" ], "resourceType": [ "instance" ] } }, "Outputs": { "instanceId": { "ValueSelector": ".content.resourceId", "Type": "String" }, "isTag": { "ValueSelector": ".content.addedTags|select(.{{TagKey}}==\"{{TagValue}}\") |[.] |all|tostring", "Type": "String" } } }, { "Name": "whetherNeedTag", "Action": "ACS::Choice", "Description": { "zh-cn": "判断是否需要传播的标签", "en": "Determine whether the tag needs to be propagated" }, "Properties": { "DefaultTask": "describeInstancesFinally", "Choices": [ { "When": { "Fn::Equals": [ "true", "{{ eventTrigger.isTag }}" ] }, "NextTask": "describeInstances" } ] } }, { "Name": "describeInstances", "Action": "ACS::ExecuteAPI", "Description": { "zh-cn": "查询实例,获取与实例相关的弹性网卡、弹性公网IP资源", "en": "Query the instance to obtain the network interface and elastic public network IP resources related to the instance." }, "Properties": { "Service": "ECS", "API": "DescribeInstances", "Parameters": { "RegionId": "{{ ACS::RegionId }}", "InstanceIds": [ "{{ eventTrigger.instanceId }}" ] } }, "Outputs": { "eips": { "Type": "List", "ValueSelector": "Instances.Instance[].EipAddress.AllocationId" }, "enis": { "Type": "List", "ValueSelector": "Instances.Instance[].NetworkInterfaces.NetworkInterface[].NetworkInterfaceId" } } }, { "Name": "describeDisks", "Action": "ACS::ExecuteAPI", "Description": { "zh-cn": "根据实例ID获取云盘信息", "en": "Obtain disk ids based on instance id." }, "Properties": { "Service": "ECS", "API": "DescribeDisks", "Parameters": { "RegionId": "{{ ACS::RegionId }}", "InstanceId": "{{ eventTrigger.instanceId }}" } }, "Outputs": { "diskIds": { "Type": "List", "ValueSelector": "Disks.Disk[].DiskId" } } }, { "Name": "tagResourcesDisks", "Action": "ACS::ExecuteAPI", "Description": { "zh-cn": "标记云盘", "en": "Tag disks" }, "Properties": { "Service": "ECS", "API": "TagResources", "Parameters": { "RegionId": "{{ ACS::RegionId }}", "ResourceIds": [ "{{ ACS::TaskLoopItem }}" ], "ResourceType": "disk", "Tags": [ { "Key": "{{TagKey}}", "Value": "{{TagValue}}" } ] } }, "Loop": { "RateControl": { "Mode": "Batch", "MaxErrors": 0, "Batch": [ 50 ], "BatchPauseOption": "Automatic", "ConcurrencyInBatches": [ 1 ] }, "Items": "{{ describeDisks.diskIds }}" } }, { "Name": "tagResourcesEnis", "Action": "ACS::ExecuteAPI", "Description": { "zh-cn": "标记弹性网卡", "en": "Tag network interface." }, "Properties": { "Service": "ECS", "API": "TagResources", "Parameters": { "RegionId": "{{ ACS::RegionId }}", "ResourceIds": [ "{{ ACS::TaskLoopItem }}" ], "ResourceType": "eni", "Tags": [ { "Key": "{{TagKey}}", "Value": "{{TagValue}}" } ] } }, "Loop": { "RateControl": { "Mode": "Batch", "MaxErrors": 0, "Batch": [ 50 ], "BatchPauseOption": "Automatic", "ConcurrencyInBatches": [ 1 ] }, "Items": "{{ describeInstances.enis }}" } }, { "Name": "tagResourcesEips", "Action": "ACS::ExecuteAPI", "Description": { "zh-cn": "标记弹性公网IP", "en": "Tag eips" }, "Properties": { "Service": "VPC", "API": "TagResources", "Parameters": { "RegionId": "{{ ACS::RegionId }}", "ResourceIds": [ "{{ ACS::TaskLoopItem }}" ], "ResourceType": "eip", "Tags": [ { "Key": "{{TagKey}}", "Value": "{{TagValue}}" } ] } }, "Loop": { "RateControl": { "Mode": "Batch", "MaxErrors": 1, "Batch": [ 50 ], "BatchPauseOption": "Automatic", "ConcurrencyInBatches": [ 1 ] }, "Items": "{{ describeInstances.eips }}" } }, { "Name": "describeInstancesFinally", "Action": "ACS::ExecuteAPI", "Description": { "zh-cn": "查询实例状态", "en": "Views the ECS instances Status." }, "Properties": { "Service": "ECS", "API": "DescribeInstances", "Parameters": { "RegionId": "{{ ACS::RegionId }}", "InstanceIds": [ "{{ eventTrigger.instanceId }}" ] } }, "Outputs": { "status": { "Type": "String", "ValueSelector": "Instances.Instance[].Status" } } } ], "Outputs": { "instanceId": { "Value": "{{ eventTrigger.instanceId}}", "Type": "String" }, "diskIds": { "Value": "{{ describeDisks.diskIds }}", "Type": "String" }, "eips": { "Value": "{{ describeInstances.eips }}", "Type": "String" }, "enis": { "Value": "{{ describeInstances.enis }}", "Type": "String" } } }
- 执行自定义模板。
- 在左侧导航栏,单击我的模板,找到自定义模板AutoTag,在操作列,单击创建执行。
- 保持默认设置,单击下一步:设置参数。
- 填写参数,并单击下一步:确定。
本示例中填写的参数如下:
- TagKey:输入标签键
owner。 - TagValue:输入标签值
alice。 - OOSAssumeRole:选择RAM角色OOSServiceRole。
- TagKey:输入标签键
- 单击创建。
- 在左侧导航栏,单击我的模板,找到自定义模板AutoTag,在操作列,单击创建执行。
步骤三:为ECS实例绑定标签
- 登录ECS管理控制台。
- 在左侧导航栏,选择实例与镜像 > 实例。
- 在顶部菜单栏左上角处,选择地域。
- 在实例列表中,找到目标ECS实例,在标签列单击标签图标,为其绑定标签
owner:alice。
执行结果
为ECS绑定标签的事件会自动触发OOS模板AutoTag的执行,该ECS实例下的云盘、弹性网卡、弹性公网IP会自动绑定标签owner:alice。
在文档使用中是否遇到以下问题
更多建议
匿名提交