Batch run commands on multiple ECS instances

Background information

You can remotely run commands on multiple Elastic Compute Service (ECS) instances. This is one of the most common operations and maintenance (O&M) operations. For example, you can run commands to install or uninstall software, or start or stop a process on ECS instances. In most cases, you may need to run the same command on multiple ECS instances and aggregate the execution results.

For example, you can apply this feature to business applications.You can run the required command to update runtime environment and customer code via rolling updates. This improves the reliability of application deployment.

You can remotely connect to ECS instances through Secure Shell (SSH). However, this may create potential risks after you enable access to the SSH port of an ECS instance over the Internet. To fix the security issue, you can create jump servers and access ECS instances through these jump servers. However, this may increase complexity and costs.

Ansible is a popular open source O&M tool in the industry. You can use Ansible for remote access. However, the authentication method is independent of the Alibaba Cloud account system. As a result, you cannot use Alibaba Cloud tools to control access. In addition, the operational records of Ansible cannot be audited by Alibaba Cloud.

If you are using Windows ECS instances, you can remotely run commands by using PowerShell. However, this creates significant challenges when you configure or maintain these ECS instances.

To fix the preceding issues, we recommend that you integrate Alibaba Cloud OOS with Cloud Assistant. This integration allows you to batch run commands on multiple ECS instances. Cloud Assistant provides a number of atomic features that are used to run commands on ECS instances. OOS also provides various features. These features allow you to manage scheduled and event-driven O&M tasks, process multiple O&M tasks at a time, and create custom templates for O&M tasks. The integration provides a secure, easy, and efficient method to perform O&M tasks on ECS instances.

Preparations

Make sure that Alibaba Cloud Command Line Interface (CLI) V3.0.19 or later is installed and configured. To download the installation package of Alibaba Cloud CLI from GitHub, visit https://github.com/aliyun/aliyun-cli/releases. For more information about the configuration, see Interactive configuration (fast).

Run a public template

Open a local shell and run the following command to remotely run the echo 123 command on the i-id45678zxcvb and i-id45679zxcvb Linux ECS instances that reside in the China (Beijing) region:

aliyun oos StartExecution --region cn-hangzhou --TemplateName ACS-ECS-BulkyRunCommand --Parameters '{"commandType":"RunShellScript", "commandContent":"echo 123",  "targets":{"Type":"ResourceIds", "ResourceIds":["i-id45678zxcvb","i-id45679zxcvb"]}, "rateControl":{"maxErrors":0,"mode":"Concurrency"}, "OOSAssumeRole":"" }'

In the preceding command, the StartExecution operation is called to run the ACS-ECS-BulkyRunCommand public template that includes the ResourceIds and commandContent parameters. If "ExecutionId":"exec-xxxxx" appears in the JSON-formatted result, it indicates that the command is being processed. Record the value of the ExecutionId parameter and specify the value in the following ListExecutions command to query the progress and result:

aliyun oos ListExecutions --region cn-hangzhou --ExecutionId "exec-id123456zxcvb"

If the command is being processed, a value that is similar to Running appears in the Status parameter of the result. The value of the TotalTasks parameter indicates the total number of commands. The value of the SuccessTasks parameter indicates the number of successful commands. The difference between the two values indicates the number of pending commands.

{
	"Execution": {
		"Outputs": {},
		"TemplateName": "ACS-ECS-BulkyRunCommand",
		"Parameters": {
			"commandType": "RunShellScript",
			"OOSAssumeRole": "",
			"rateControl": {
				"maxErrors": 0,
				"mode": "Concurrency"
			},
			"targets": {
				"ResourceIds": [
					"i-id45678zxcvb","i-id45679zxcvb"
				],
				"Type": "ResourceIds"
			},
			"commandContent": "echo 123"
		},
		"Counters": {
			"Failed": 0,
			"Success": 0,
			"Total": 0
		},
		"ExecutedBy": "aliyun-account1",
		"LoopMode": "Automatic",
		"Mode": "Automatic",
		"TemplateId": "t-123456zxcvb",
		"Status": "Running",
		"TemplateVersion": "v2",
		"SafetyCheck": "Skip",
		"StartDate": "2019-10-15T07:22:03Z",
		"ExecutionId": "exec-id123456zxcvb",
		"CurrentTasks": []
	},
	"RequestId": "1A9B1817-0530-470C-8640-BADADADB220BD"
}
You can run the ListExecutions command multiple times until the final result appears in the value of the Outputs parameter. The following figure shows the final result of this example.

Create a custom template

You can create and run custom templates for which the required parameters are specified. This simplifies the process to run commands. Add the following code to a custom template. You can customize the template based on your business requirements.

aliyun oos CreateTemplate --region cn-hangzhou --TemplateName sample123 --Content '{
"FormatVersion": "OOS-2019-06-01",
"Tasks": [
{
"Name": "runCommand",
"Action": "ACS::ECS::RunCommand",
"Properties": {
"commandContent": "echo 1234",
"instanceId": "{{ ACS::TaskLoopItem }}",
"commandType": "RunShellScript"
},
"Loop": {
"Items": ["i-id45678zxcvb","i-id45679zxcvb"],
"Outputs": {
"commandOutputs": {
"AggregateType": "Fn::ListJoin",
"AggregateField": "commandOutput"
}
}
},
"Outputs": {
"commandOutput": {
"Type": "String",
"ValueSelector": "invocationOutput"
}
}
}
],
"Outputs": {
"commandOutputs": {
"Type": "List",
"Value": "{{ runCommand.commandOutputs }}"
}
}
}'		

After the custom template is created, run the following command to execute the template:

aliyun oos StartExecution --region cn-hangzhou --TemplateName sample123 --Parameters '{}'		

In this example, the StartExecution operation is called to execute the sample123 custom template. You do not need to set extra parameters. The preceding operations are performed by running commands in CLI. You can also perform these operations in the OOS console.

Learn more

Alibaba Cloud OOS is an automatic O&M platform. You can use OOS to manage scheduled, event-driven, and cross-region O&M tasks. You can also use OOS to process multiple O&M tasks at a time. OOS allows you to run commands on ECS instances. In addition, you can use OOS to perform the required operations. For example, you can create, release, start, or stop ECS instances, modify configurations and upgrade the network bandwidth for ECS instances, or attach disks to ECS instances. To obtain more information about OOS, join the DingTalk group to contact OOS customer service. The DingTalk group number is 23330931. OOS offers online support in the group.

To log on to the OOS console, visit https://oos.console.aliyun.com.