This topic describes how to use a lifecycle hook of Auto Scaling to put ECS instances into the wait state and then use an Operation Orchestration Service (OOS) template to automatically add or remove the instances to or from the whitelist of an AnalyticDB for MySQL cluster.

Prerequisites

  • An Alibaba Cloud account is created. To create an Alibaba Cloud account, go to the account registration page.
  • A scaling group is created and enabled.
  • An AnalyticDB for MySQL cluster is created.
  • A RAM role is created for OOS. For more information, see Grant RAM permissions for OOS.
    Note The OOSServiceRole RAM role is used in this example. You can also use other custom RAM roles, but you must make sure that the used RAM role has the permissions required to execute OOS templates.

Background information

A scaling group can be associated with Server Load Balancer (SLB) or ApsaraDB RDS (RDS) instances, but cannot be associated with AnalyticDB for MySQL clusters. If your business data is stored on an AnalyticDB for MySQL cluster, you must manually add or remove your ECS instances to or from the whitelist of the AnalyticDB for MySQL cluster. This is time-consuming and inefficient. You can use a lifecycle hook and an OOS template to automatically add or remove ECS instances to or from the whitelist of an AnalyticDB for MySQL cluster.

Procedure

In the following example, the ACS-ESS-LifeCycleModifyAnalyticDBIPWhitelist public template is used to demonstrate how to automatically add an ECS instance to the whitelist of an AnalyticDB for MySQL cluster during a scale-out event. Perform the following operations:
Note If you want to remove ECS instances from the whitelist of an AnalyticDB for MySQL cluster during a scale-in event, you can create a lifecycle hook for scale-in events and then trigger a scale-in event.

Step 1: Grant OOS permissions to the RAM user

You must be granted the permissions to execute OOS templates. Resources of ECS, Auto Scaling, and AnalyticDB for MySQL are involved when the O&M operations specified in the ACS-ESS-LifeCycleModifyAnalyticDBIPWhitelist template are performed.

  1. Log on to the RAM console.
  2. Create a policy.
    1. In the left-side navigation pane, choose Permissions > Policies.
    2. On the Policies page, click Create Policy.
    3. On the Create Custom Policy page, configure the parameters and click OK.
      The following table describes the parameters used in this example. Use the default values for parameters that are not mentioned in the table.
      Parameter Description
      Policy Name Enter ESSHookPolicyForAnalyticDBWhitelist.
      Configuration Mode Select Script.
      Policy Document Enter the following content:
      {
          "Version": "1",
          "Statement": [
              {
                  "Action": [
                      "ecs:DescribeInstances"
                  ],
                  "Resource": "*",
                  "Effect": "Allow"
              },
              {
                  "Action": [
                      "adb:ModifyDBClusterAccessWhiteList"
                  ],
                  "Resource": "*",
                  "Effect": "Allow"
              },
              {
                  "Action": [
                      "ess:CompleteLifecycleAction"
                  ],
                  "Resource": "*",
                  "Effect": "Allow"
              }
          ]
      }
  3. Attach the policy to the OOSServiceRole RAM role.
    1. In the left-side navigation pane, click RAM Roles.
    2. Find the OOSServiceRole RAM role and click Add Permissions in the Actions column.
      Attach the policy to the OOSServiceRole RAM role assumed by OOS to complete the authorization.
    3. In the Add Permissions panel, configure the parameters and click OK.
      The following table describes the parameters used in this example. Use the default values for parameters that are not mentioned in the table.
      Parameter Description
      Authorization Select Alibaba Cloud account all resources.
      Select Policy Select the ESSHookPolicyForAnalyticDBWhitelist policy.

Step 2: Create a lifecycle hook for scale-out events and trigger a scale-out event

  1. Log on to the Auto Scaling console.
  2. In the left-side navigation pane, click Scaling Groups.
  3. In the top navigation bar, select a region.
  4. Find the scaling group and use one of the following methods to open the details page of the scaling group:
    • Click the ID of the scaling group in the Scaling Group Name/ID column.
    • Click Details in the Actions column.
  5. Create a lifecycle hook for scale-out events.
    1. In the upper part of the page, click the Lifecycle Hook tab.
    2. Click Create Lifecycle Hook.
    3. Configure parameters for the lifecycle hook and click OK.
      The following table describes the parameters used in this example. Use the default values for parameters that are not mentioned in the table.
      Parameter Description
      Name Enter ESSHookForAddAnalyticDBWhitelist.
      Applicable Scaling Activity Type Select Scale-out Event.
      Timeout Period Enter an appropriate value, such as 300.
      Note The timeout period is the period of time during which to perform customized operations. If the period is short, the operations may fail to be performed. Estimate the time required to perform the operations and set an appropriate timeout period.
      Execution Policy Select Continue.
      Notification Method Configure the following settings:
      • Notification method: Select OOS Template.
      • OOS template type: Select Public Templates.
      • Public template: Select ACS-ESS-LifeCycleModifyAnalyticDBIPWhitelist from the drop-down list.
      The following section describes the parameters for the ACS-ESS-LifeCycleModifyAnalyticDBIPWhitelist template:
      • dbClusterId: Enter the ID of the AnalyticDB for MySQL cluster.
      • modifyMode: Select Append from the drop-down list. This value applies to scale-out events and allows ECS instances to be added to the whitelist of the AnalyticDB for MySQL cluster.
      • Permissions: Select OOSServiceRole from the drop-down list. In Step 1, the OOSServiceRole RAM role is granted permissions to manage ECS, Auto Scaling, and AnalyticDB for MySQL resources. OSS owns the preceding permissions after it assumes the RAM role.
  6. Trigger a scale-out event.
    A scale-out event is triggered in this example by manually executing a scaling rule. You can also trigger scale-out events by using scheduled or event-triggered tasks.
    Note Lifecycle hooks take effect when scaling activities are manually triggered by executing scaling rules. Lifecycle hooks do not take effect when you manually add or remove ECS instances to or from a scaling group.
    1. In the upper part of the page, click the Scaling Rules tab.
    2. Click Create Scaling Rule.
    3. In the Create Scaling Rule dialog box, configure the parameters and click OK.
      The following table describes the parameters used in this example. Use the default values for parameters that are not mentioned in the table.
      Parameter Description
      Rule Name Enter Add1.
      Rule Type Select Simple Scaling Rule.
      Operation Set this parameter to Add 1 Instances.
    4. Find the created Add1 scaling rule and click Execute in the Actions column.
    5. In the message that appears, click OK.
    After the scaling rule is executed, an ECS instance is automatically created. The ESSHookForAddAnalyticDBWhitelist lifecycle hook in the scaling group puts the ECS instance into the wait state. Auto Scaling notifies OOS to perform the O&M operations specified in the ACS-ESS-LifeCycleModifyAnalyticDBIPWhitelist template on the ECS instance.

Step 3: View the whitelist of the AnalyticDB for MySQL cluster

  1. Log on to the AnalyticDB for MySQL console.
  2. In the left-side navigation pane, click Clusters.
  3. Find the AnalyticDB for MySQL cluster and click its ID in the Cluster ID/Cluster Description column.
  4. In the left-side navigation pane, click Data Security.
    The following figure shows that the private IP address of the ECS instance is added to the whitelist of the AnalyticDB for MySQL cluster as specified in the ACS-ESS-LifeCycleModifyAnalyticDBIPWhitelist template.adb-whitelist

    If an ECS instance is created but its private IP address is not added to the whitelist of the AnalyticDB for MySQL cluster, go to the OOS console to view the execution results of O&M tasks. For more information, see Step 4: (Optional) View the execution status of the OOS template.

Step 4: (Optional) View the execution status of the OOS template

  1. Log on to the OOS console.
  2. In the left-side navigation pane, click Executions.
  3. Find the execution by time and click Details in the Actions column.
  4. In the upper part of the page, click Advanced View and view the execution status on the Execution Result tab.
    • If the execution succeeds, the execution status appears on the Execution Result tab.exec-success
    • If the execution fails, an error message appears on the Execution Result tab.exec-failed

FAQ

If an O&M task fails to be executed, find the cause based on the error message in the execution result. The following section describes the common error messages and their solutions:
  • Error message: Forbidden.Unauthorized message: A required authorization for the specified action is not supplied.

    Solution: Check whether you have granted the required permissions to the OOSServiceRole RAM role, such as the sample permissions in Step 1. You must grant required permissions to the OOSServiceRole RAM role to make sure that OOS can manage the resources involved in OOS templates.

  • Error message: Forbidden.RAM message: User not authorized to operate on the specified resource, or this API doesn't support RAM.

    Solution: Check whether you have granted the required permissions to the OOSServiceRole RAM role, such as the sample permissions in Step 1. You must grant required permissions to the OOSServiceRole RAM role to make sure that OOS can manage the resources involved in OOS templates.

  • Error message: LifecycleHookIdAndLifecycleActionToken.Invalid message: The specified lifecycleActionToken and lifecycleActionId you provided does not match any in process lifecycle action.

    Solution: Estimate the timeout period of the lifecycle hook to make sure that the O&M task specified in the OOS template can be complete within the timeout period.