All Products
Document Center

Use OOS to create or update a custom image

Last Updated: Jun 11, 2020


For security reasons, you need to frequently update your custom images as needed, for example, installing the latest patch for the operating system at regular intervals, upgrading middleware software, or reinstalling the latest third-party software.
Manually updating an existing image involves four steps. First, create an Elastic Compute Service (ECS) instance based on the existing image. Then, log on to the ECS instance and perform related operations, such as upgrading software. Next, generate a new image based on the updated ECS instance. Lastly, release the ECS instance. The preceding procedure is time-consuming and error-prone.


Operation Orchestration Service (OOS) provides a public template for you to update custom images. In this way, you only need to create an execution based on the template before OOS automatically updates your images.
To use OOS to update a custom image, select a source image, that is, the image to be updated, set the required parameters, such as the shell commands for updating Linux-based ECS instances, and then click Create Execution.
No extra tools are required by OOS for image updates. In addition, you do not need to manually create, log on to, edit, or release a new ECS instance, or configure environment variables and AccessKey.
OOS allows you to create custom templates for scheduling automatic image updates or updating multiple images at a time.


  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Maintenance & Monitoring > Operation Orchestration Service. On the page that appears, click Public Templates.

  3. In the ACS-ECS-UpdateImage section, click Create Execution.oos

  4. Click Next: Parameter Settings.oos

  5. Set the following parameters:

    • sourceImageId: the ID of the source image to be updated.
    • instanceType: the type of the temporary ECS instance.
    • securityGroupId: the ID of the security group for the temporary ECS instance.
    • vSwitchId: the ID of the VSwitch for the temporary ECS instance.
    • commandContent: the commands to be run in the Cloud Assistant client on the temporary ECS instance for updating the image.
    • commandType: the type of the commands to be run. Cloud Assistant supports the following three types of commands: RunShellScript (shell commands for Linux-based ECS instances), RunBatScript (batch commands for Windows-based ECS instances), and RunPowerShellScript (PowerShell commands for Windows-based ECS instances).
    • targetImageName: the name of the new image.
    • OOSAssumeRole: the RAM role to be assumed by OOS for image updates. This parameter is valid only when the Permissions parameter is set to Specify RAM Role and Use Permissions Granted to This Role. By default, OOS uses the existing permissions of the current account.oos
  6. Click Next: Preview. On the page that appears, preview the configuration and click Confirm and Create.oos

  7. On the Executions page, you can view the created execution. If the execution status is displayed as Running, the image update is in progress.

  8. An execution in the Success state indicates that the corresponding image is successfully updated. You can view the ID of the new image on the Execution Result tab.

  9. To learn more about the image update process, click Details in the Actions column of an execution that has been successfully run. On the Execution Logs tab, you can view the progress and status of the execution.

Appendix 1: Public templates and logic

The public template ACS-ECS-UpdateImage contains the following code:

  1. FormatVersion: OOS-2019-06-01
  2. Description: Updates an existing ECS image via ECS Cloud Assistant then creates a
  3. ECS image.
  4. Parameters:
  5. sourceImageId:
  6. Description: The image ID for the ECS instances, centos_6_10_64_20G_alibase_20190326.vhd,
  7. for example.
  8. Type: String
  9. AllowedPattern: '[A-Za-z0-9_\-\.]*'
  10. MinLength: 1
  11. MaxLength: 40
  12. instanceType:
  13. Description: The instance type for the ECS instances, ecs.g5.large, for example.
  14. Type: String
  15. AllowedPattern: ecs\.[A-Za-z0-9\.\-]*
  16. MinLength: 1
  17. MaxLength: 30
  18. securityGroupId:
  19. Description: The security group ID for the ECS instances, sg-xxxxxxxxxxxxxxxxxxxx,
  20. for example.
  21. Type: String
  22. AllowedPattern: sg-[A-Za-z0-9]*
  23. MinLength: 1
  24. MaxLength: 30
  25. vSwitchId:
  26. Description: The virtual switch ID for the ECS instances, vsw-xxxxxxxxxxxxxxxxxxxx,
  27. for example.
  28. Type: String
  29. AllowedPattern: vsw-[A-Za-z0-9]*
  30. MinLength: 1
  31. MaxLength: 30
  32. commandContent:
  33. Description: The content of command.
  34. Type: String
  35. commandType:
  36. Description: The type of command to run in ECS instance.
  37. Type: String
  38. AllowedValues:
  39. - RunBatScript
  40. - RunPowerShellScript
  41. - RunShellScript
  42. MinLength: 1
  43. MaxLength: 30
  44. targetImageName:
  45. Description: The name of image.
  46. Type: String
  47. AllowedPattern: '[A-Za-z0-9\-_]*'
  48. MinLength: 1
  49. MaxLength: 30
  50. OOSAssumeRole:
  51. Description: The RAM role to be assumed by OOS.
  52. Type: String
  53. Default: OOSServiceRole
  54. RamRole: '{{ OOSAssumeRole }}'
  55. Tasks:
  56. - Name: checkNewImageName
  57. Action: ACS::CheckFor
  58. Description: Check image name is available.
  59. Properties:
  60. Service: ECS
  61. API: DescribeImages
  62. Parameters:
  63. ImageName: '{{ targetImageName }}'
  64. DesiredValues:
  65. - 0
  66. PropertySelector: TotalCount
  67. - Name: runInstances
  68. Action: ACS::ECS::RunInstances
  69. Description: Create a ECS instance for the cloud assistant.
  70. Properties:
  71. imageId: '{{ sourceImageId }}'
  72. instanceType: '{{ instanceType }}'
  73. securityGroupId: '{{ securityGroupId }}'
  74. vSwitchId: '{{ vSwitchId }}'
  75. Outputs:
  76. instanceId:
  77. ValueSelector: instanceIds[0]
  78. Type: String
  79. - Name: installCloudAssistant
  80. Action: ACS::ECS::InstallCloudAssistant
  81. Description: Install cloud assostant for ECS instance.
  82. OnError: deleteInstance
  83. Properties:
  84. instanceId: '{{ runInstances.instanceId }}'
  85. - Name: runCommand
  86. Action: ACS::ECS::RunCommand
  87. Description: Run command on ECS instance.
  88. OnError: deleteInstance
  89. Properties:
  90. commandContent: '{{ commandContent }}'
  91. commandType: '{{ commandType }}'
  92. instanceId: '{{ runInstances.instanceId }}'
  93. - Name: stopInstance
  94. Action: ACS::ECS::StopInstance
  95. Description: Stops the ECS instance by the instance ID.
  96. Properties:
  97. instanceId: '{{ runInstances.instanceId }}'
  98. - Name: createImage
  99. Action: ACS::ECS::CreateImage
  100. Description: Create image with the specified image name and instance ID.
  101. OnError: deleteInstance
  102. Properties:
  103. imageName: '{{ targetImageName }}'
  104. instanceId: '{{ runInstances.instanceId }}'
  105. Outputs:
  106. imageId:
  107. ValueSelector: imageId
  108. Type: String
  109. - Name: deleteInstance
  110. Action: ACS::ExecuteAPI
  111. Description: Deletes the ECS instance by the instance ID.
  112. Properties:
  113. Service: ECS
  114. API: DeleteInstance
  115. Risk: Normal
  116. Parameters:
  117. InstanceId: '{{ runInstances.instanceId }}'
  118. Force: true
  119. Outputs:
  120. imageId:
  121. Type: String
  122. Value: '{{ createImage.imageId }}'

The template executes the following tasks in sequence:

  1. Check whether the name of the new image is valid.
  2. Create and run a temporary ECS instance. The instance is created based on the parameters that you specify. That is, the image used by the instance is the source image you want to update, and the attributes of the instance are defined based on the configured parameters.
  3. Install the Cloud Assistant client on the temporary ECS instance if it is not installed.
  4. Run the commands used for image updates in the Cloud Assistant client on the temporary ECS instance, and wait until the commands are successfully run.
  5. Disable the temporary ECS instance after the commands are successfully run.
  6. Create an image for the temporary instance after it is disabled and wait until the new image is successfully created.
  7. Delete the temporary ECS instance.

Appendix 2: Comparison of different methods for updating images

The following table lists and compares various methods that Alibaba Cloud supports for updating images.

Method Requirements Advantages Disadvantages
Update an image by using OOS You only need to activate OOS. No other tool is required.
- This method is secure, reliable, and officially recommended.
- The operations are performed online. No installation is required.
- OOS provides public templates with built-in code.
- No AccessKey is required.
- OOS supports custom templates.
- OOS provides a flowchart for the execution process.
- OOS supports batch and scheduled operations.
Create a custom image by using snapshots
Create a custom image by using instances
No other tool is required. This method is implemented through easy and convenient operations in the ECS console.

- Instances and snapshots must be created manually.
- The procedure is complicated, error-prone, and inefficient.
Create a custom image by using Packer You need to install Packer. Packer is open-source and supported by various cloud service providers.
- Installation and maintenance are required.
- Code writing is required.