DocsICP FilingConsole
官方文档
首页

Automatically run scripts on ECS instances

更新时间:
复制 MD 格式
产品详情
我的收藏

This tutorial describes how to use an Auto Scaling lifecycle hook to suspend an ECS instance and a CloudOps Orchestration Service (OOS) template to automatically execute a script on the instance during scaling activities.

Prerequisites

  • A scaling group is created and enabled.

  • You have a script ready. This tutorial uses a script that installs Apache on a CentOS 7.6 Linux instance as an example.

  • A RAM role is created for the OOS service. For this role, the trusted entity is set to Alibaba Cloud Service and the trusted service is set to CloudOps Orchestration Service. The role must have the permissions to execute OOS templates. For more information, see Set and grant a RAM role for OOS.

    Note

    This topic uses OOSServiceRole as an example RAM role. You can also use a different custom RAM role.

Procedure

This tutorial uses the ACS-ESS-LifeCycleRunCommand public OOS template to demonstrate how to automatically run a script on an ECS instance during a scale-out event.

Step 1: Configure OOS RAM role permissions

The ACS-ESS-LifeCycleRunCommand template requires permissions to perform operations on ECS and Auto Scaling resources. You must grant these permissions to the RAM role that OOS assumes.

  1. Log on to the Resource Access Management (RAM) console.

  2. Create a policy.

    1. In the navigation pane on the left, click Permission Management > Access Policies.

    2. Click Create Access Policy.

    3. On the Create Policy page, select the JSON tab, configure the parameters, and then click OK.

      The following table describes the parameters that are used in this tutorial. Use the default values for other parameters.

      Parameter

      Description

      Name

      Enter ESSHookPolicyForRunCommand.

      Policy Document

      Enter the following content:

      {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeInvocationResults",
                "ecs:DescribeInvocations",
                "ecs:RunCommand"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ess:CompleteLifecycleAction"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

  3. Attach the policy to the OOSServiceRole RAM role.

    1. In the navigation pane on the left, click Identity Management > Roles.

    2. Find OOSServiceRole and click Add Permissions in the Actions column.

      Grant the required permissions to the OOSServiceRole RAM role.

    3. On the Grant Permission page, specify the resource scope and permissions, and then click OK.

      The following table describes the parameters that are used in this tutorial. Use the default values for other parameters.

      Parameter

      Description

      Resource Scope

      Select Account.

      Policies

      Add the custom policy ESSHookPolicyForRunCommand.

Step 2: Create a lifecycle hook for scale-out events

When you create the lifecycle hook, configure it to use an OOS template. This ensures that the script is automatically run when a scale-out event is triggered.

  1. Log on to the Auto Scaling console.

  2. In the left-side navigation pane, click Scaling Groups.

  3. In the top navigation bar, select a region.

  4. Find the desired scaling group and use one of the following methods to open the scaling group details page.

    • Click the ID of the scaling group in the Scaling Group Name/ID column.

    • Click Details in the Actions column.

  5. Create a lifecycle hook for the scale-out event.

    1. In the upper part of the details page, click the Event and adhesive hook tab.

    2. Click Create Lifecycle Hook.

    3. Configure the lifecycle hook parameters and click OK.

      The following table describes the parameters that are used in this tutorial. Use the default values for other parameters.

      Parameter

      Description

      Name

      Enter ESSHookForRunCommand.

      Scaling Activity Type

      Select Scale-Out.

      Timeout Period

      Enter a timeout period, for example, 300 seconds.

      Note

      The timeout specifies how long custom operations can run. If the timeout is too short, the operations may fail. Evaluate the time required for your custom operations and set an appropriate timeout.

      Default Execution Policy

      Select Continue.

      Send Notification When Lifecycle Hook Takes Effect

      Configure the template as follows:

      • Notification Method: Select OOS Template.

      • OOS Template Type: Select Public Templates.

      • Public Template: Select ACS-ESS-LifeCycleRunCommand.

      Configure the execution parameters for ACS-ESS-LifeCycleRunCommand as follows:

      • commandType: Select RunShellScript.

      • commandContent: Enter the script to be run. This tutorial uses the script that automatically installs Apache as an example.

        yum install -y httpd
systemctl start httpd
systemctl enable httpd

      • OOSAssumeRole: Select OOSServiceRole. In the Procedure section, you granted permissions to this role for managing ECS and Auto Scaling resources. OOS assumes this RAM role to obtain those permissions.

  6. Trigger a scale-out event.

    This tutorial uses a manually executed scaling rule as an example. You can also trigger scale-out events with scheduled or event-triggered tasks.

    Note

    Lifecycle hooks are triggered by scaling rules, but not by manually adding or removing ECS instances from a scaling group.

    1. On the details page of the scaling group, click the Scaling Rules and Event-triggered Tasks tab.

    2. On the Scaling Rules tab, click Create Scaling Rule.

    3. Set the scaling rule parameters and click OK.

      The following table describes the parameters that are used in this tutorial. Use the default values for other parameters.

      Parameter

      Description

      Rule Name

      Enter Add1.

      Rule Type

      Select Simple Scaling Rule.

      Operation

      Set to add 1 instance.

    4. In the scaling rule list, find the Add1 rule and click Recurrently in the Actions column.

    5. Click OK.

    After the scaling rule executes, an ECS instance is automatically created. Because the ESSHookForRunCommand lifecycle hook exists in the scaling group, the new instance enters a wait state. OOS is then notified to perform the operations defined in the ACS-ESS-LifeCycleRunCommand template.

  7. Verify that the automatically created ECS instance is properly configured.

    1. In the upper part of the details page, click the Instance Management tab.

    2. Find the automatically created ECS instance and click the instance ID in the ECS Instance ID/Name column.

    3. In the navigation pane on the left, click Cloud Assistant.

    4. In the upper-right corner of the page, click Create/Run Command.

    5. Run the following command to check the Apache installation status.

      For more information, see Create and run a command. The command content is as follows:

      systemctl status httpd

      • On the Command Execution Result tab, view the execution details. If the result shows that the Apache service is installed and the status is active, the script in the commandContent parameter of the ACS-ESS-LifeCycleRunCommand template ran successfully.

      • If an ECS instance is created but Apache fails to install automatically, go to the OOS console to view the task execution details. For more information, see (Optional) Step 3: View the OOS execution details.

(Optional) Step 3: View the OOS execution details

  1. Log on to the OOS console.

  2. In the navigation pane on the left, choose Automated Tasks > Task Execution Management.

  3. Find the execution based on the start time and click Details in the Actions column.

  4. The execution details page provides a complete overview of the task.

    For example, you can view the execution ID and status in the Basic Information section. You can also click a task node in the Execution Result section to view its details. For more information, see View the details of an execution.

    Note

    If the execution fails, the related error message is displayed on the execution details page.

FAQ

If an Operation and Maintenance (O&M) task fails, find the cause based on the error message in the execution result. For more information, see FAQ.

Common error messages are as follows:

Error message

Cause

Solution

Forbidden.Unauthorized message: A required authorization for the specified action is not supplied.

Auto Scaling is not authorized to perform the specified action.

Verify that the required permissions are granted to the OOSServiceRole RAM role.

Forbidden.RAM message: User not authorized to operate on the specified resource, or this API doesn't support RAM.

The RAM user or RAM role does not have the permissions to operate on the corresponding resource.

Verify that the OOSServiceRole RAM role has the required permissions. For example, you can grant the sample permissions for the OOS service to the RAM role. You must add operation permissions to the RAM role to ensure that the OOS service can manage the resources specified in the OOS template.

LifecycleHookIdAndLifecycleActionToken.Invalid message: The specified lifecycleActionToken and lifecycleActionId you provided does not match any in process lifecycle action.

The ongoing lifecycle action has expired or has been aborted.

Evaluate the timeout period of the lifecycle hook to ensure that the O&M tasks defined in the OOS template can be completed within the timeout period.

References

To run scripts on existing ECS instances in a scaling group, use the rolling update feature. For more information, see the following topics:

Previous:Apply an automatic snapshot policy to ECS instancesNext:Automatically add or remove the private IP addresses of ECS instances to or from the IP address whitelist of a PolarDB cluster