This topic describes how to use Operation Orchestration Service (OOS) to create or update an image for an Elastic Compute Service (ECS) instance.

Background information

You may often need to update the software of your ECS instances, such as updating the backend service version or installing security patches. You can use the Create or Update Images feature of OOS to facilitate software updates. OOS allows you to create an image from an existing ECS instance or update an image.

Procedure

  1. Log on to the OOS console.
  2. In the left-side navigation pane, choose Common O&M Tasks > Create or Update Images.
  3. On the Create or Update Images page, click Create.
  4. Select Create Image from Existing Instance or Update Image. In this example, select Create Image from Existing Instance.
  5. In the General Settings section, enter a name in the New Image Name field.
  6. Set Permissions to Use Existing Permissions of Current Account or Specify RAM Role and Use Permissions Granted to This Role.

    In this example, select Specify RAM Role and Use Permissions Granted to This Role and select OOSServiceRole as the Resource Access Management (RAM) role. If no RAM roles are available, create a RAM role for OOS. For more information, see Grant RAM permissions for OOS. If you already know how to create a RAM role for OOS, you can directly click View Authorization Policies and Manual Authorization to complete RAM permission settings. For more information about the required permission policy, see the following JSON script.

    Permission policy for creating an image from an existing instance:
    {
      "Version": "1",
      "Statement": [
        {
          "Action": [
            "ecs:CreateImage",
            "ecs:DescribeImages",
            "ecs:ModifyImageSharePermission",
            "ecs:CopyImage",
            "ecs:RunCommand",
            "ecs:DescribeInvocationResults",
            "ecs:DescribeRegions",
            "ecs:DescribeInstances",
            "ecs:DescribeInvocations"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "ess:ModifyScalingConfiguration"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": "oos:*",
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": "ram:PassRole",
          "Resource": "*",
          "Effect": "Allow",
          "Condition": {
            "StringEquals": {
              "acs:Service": "oos.aliyuncs.com"
            }
          }
        }
      ]
    }
    						
    Permission policy for updating an image:
    {
      "Version": "1",
      "Statement": [
        {
          "Action": "oos:*",
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": "ram:PassRole",
          "Resource": "*",
          "Effect": "Allow",
          "Condition": {
            "StringEquals": {
              "acs:Service": "oos.aliyuncs.com"
            }
          }
        },
        {
          "Action": [
            "ecs:RunCommand",
            "ecs:RunInstances",
            "ecs:StopInstance",
            "ecs:DescribeRegions",
            "ecs:DeleteInstance",
            "ecs:CreateImage",
            "ecs:DescribeImages",
            "ecs:ModifyImageSharePermission",
            "ecs:CopyImage",
            "ecs:RebootInstance",
            "ecs:DescribeInvocationResults",
            "ecs:InstallCloudAssistant",
            "ecs:DescribeCloudAssistantStatus",
            "ecs:DescribeInstances",
            "ecs:DescribeInvocations"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "ess:ModifyScalingConfiguration"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
      ]
    }
    						
  7. In the Select Instances section, select the target ECS instance.
  8. In the Send Remote Commands section, specify Command Type.

    In this example, select Linux Shell (such as echo hello and hostname).

  9. Click Execute Now.

  10. On the Executions page, view the created execution. If the execution status appears as Running, an image is being created or updated.
  11. To view details about the execution, click Details in the Actions column. On the page that appears, click the Logs tab.