This topic describes how to use a lifecycle hook to put ECS instances into the wait state and then use an Operation Orchestration Service (OOS) template to automatically add or remove the instances to or from the whitelist of an ApsaraDB for Redis (Redis) instance.

Prerequisites

  • An Alibaba Cloud account is created. To create an Alibaba Cloud account, go to the account registration page.
  • A scaling group is created and enabled.
  • A Redis instance is created.
  • A RAM role is created for OOS. For more information, see Grant RAM permission for OOS.
    Note The OOSServiceRole RAM role is used in this example. You can also use other custom RAM roles, but you must make sure that the used RAM role has the permissions required to execute OOS templates.

Background information

A scaling group can be associated with Server Load Balancer (SLB) or ApsaraDB for RDS (RDS) instances, but cannot be associated with Redis instances. If your business data is stored on a Redis instance, you must manually add or remove your ECS instances to or from the whitelist of the Redis instance. This is time-consuming and inefficient. You can use lifecycle hooks and OOS templates to automatically add or remove ECS instances to or from the whitelist of a Redis instance.

Procedure

The following example uses the ACS-ESS-LifeCycleModifyRedisIPWhitelist public template to demonstrate how to add ECS instances to the whitelist of a Redis instance during scale-out events. Perform the following steps:
Note If you want to remove ECS instances from the whitelist of a Redis instance during scale-in events, you can create lifecycle hooks that are applicable to scale-in events and then trigger the scale-in events.

Step 1: Grant OOS permissions to the RAM user

You must be granted the permissions required to execute OOS templates. Resources of ECS, Auto Scaling, and Redis are involved when O&M operations specified in the ACS-ESS-LifeCycleModifyRedisIPWhitelist template are performed.

  1. Log on to the RAM console.
  2. In the left-side navigation pane, click RAM Roles.
  3. Create a policy.
    1. In the left-side navigation pane, choose Permissions > Policies.
    2. In the upper-left corner of the Policies page, click Create Policy.
    3. On the Create Custom Policy page, configure parameters for the policy and click OK.
      The following table describes the parameters used in this example. Use the default values for parameters that are not mentioned in the table.
      Parameter Description
      Policy Name Enter ESSHookPolicyForRedisWhitelist.
      Configuration Mode Select Script.
      Policy Document Enter the following content:
      {
          "Version": "1",
          "Statement": [
              {
                  "Action": [
                      "ecs:DescribeInstances"
                  ],
                  "Resource": "*",
                  "Effect": "Allow"
              },
              {
                  "Action": [
                      "kvstore:ModifySecurityIps"
                  ],
                  "Resource": "*",
                  "Effect": "Allow"
              },
              {
                  "Action": [
                      "ess:CompleteLifecycleAction"
                  ],
                  "Resource": "*",
                  "Effect": "Allow"
              }
          ]
      }
  4. Attach the policy to the OOSServiceRole RAM role.
    1. In the left-side navigation pane, click RAM Roles.
    2. Find the OOSServiceRole RAM role and click Add Permissions in the Actions column.
      Attach the policy to the OOSServiceRole RAM role assumed by OOS to complete the authorization.
    3. In the Add Permissions panel, configure the parameters and click OK.
      The following table describes the parameters used in this example. Use the default values for parameters that are not mentioned in the table.
      Parameter Description
      Authorization Select Alibaba Cloud account all resources.
      Select Policy Select Custom Policy and then the ESSHookPolicyForRedisWhitelist policy.

Step 2: Create a lifecycle hook for scale-out events and trigger a scale-out event

If you want to automatically add ECS instances to the whitelist of a Redis instance when scale-out events are triggered, you can set the notification method to OOS Template and configure related parameters when you create lifecycle hooks.

  1. Log on to the Auto Scaling console.
  2. In the left-side navigation pane, click Scaling Groups.
  3. In the top navigation bar, select a region.
  4. Find the scaling group and use one of the following methods to open the details page of the scaling group:
    • Click the ID of the scaling group in the Scaling Group Name/ID column.
    • In the Actions column corresponding to the scaling group, click Details.
  5. Create a lifecycle hook for scale-out events.
    1. In the left-side navigation pane, click Lifecycle Hooks.
    2. In the upper-left corner of the Lifecycle Hooks page, click Create Lifecycle Hook.
    3. Configure parameters for the lifecycle hook and click OK.
      The following table describes the parameters used in this example. Use the default values for parameters that are not mentioned in the table.
      Parameter Description
      Name Enter ESSHookForAddRedisWhitelist.
      Applicable Scaling Activity Type Select Scale-out Event.
      Timeout Period Enter a proper value, such as 300.
      Note The timeout period is the period of time during which customized operations are performed. If the period is short, the operations may fail to be performed. Evaluate and set a proper timeout period.
      Execution Policy Select Continue.
      Notification Method Configure the following settings:
      • Notification method: Select OOS Template.
      • OOS template type: Select Public Templates.
      • Public template: Select ACS-ESS-LifeCycleModifyRedisIPWhitelist from the drop-down list.
      The following section describes the parameters for ACS-ESS-LifeCycleModifyRedisIPWhitelist:
      • dbInstanceId: Enter the Redis instance ID.
      • modifyMode: Select Append. This value applies to scale-out events and allows ECS instances to be added to the whitelist of the Redis instance.
      • Permissions: Select OOSServiceRole. In Step 1, the OOSServiceRole RAM role is granted permissions on resources of ECS, Auto Scaling, and Redis. OSS owns the preceding permissions after it assumes the RAM role.
  6. Trigger a scale-out event.
    In this example, a scale-out event is triggered by manually executing a scaling rule. You can also trigger scale-out events by using scheduled or event-triggered tasks.
    Note Lifecycle hooks take effect when scaling activities are manually triggered by executing scaling rules. Lifecycle hooks do not take effect when you manually add or remove ECS instances to or from a scaling group.
    1. In the left-side navigation pane, click Scaling Rules.
    2. In the upper-left corner of the Scaling Rules page, click Create Scaling Rule.
    3. In the Create Scaling Rule dialog box, configure the parameters and click OK.
      The following table describes the parameters used in this example. Use the default values for parameters that are not mentioned in the table.
      Parameter Description
      Rule Name Enter Add1.
      Rule Type Select Simple Scaling Rule.
      Operation Set this parameter to Add 1 Instances.
    4. On the Scaling Rules page, find the created Add1 scaling rule and click Execute in the Actions column.
    5. In the Execute Scaling Rule message, click OK.
    After the scaling rule is executed, an ECS instance is automatically created. The ESSHookForAddRedisWhitelist lifecycle hook in the scaling group puts the ECS instance into the wait state. Auto Scaling automatically notifies OOS to perform the O&M operations specified in the ACS-ESS-LifeCycleModifyRedisIPWhitelist template on the ECS instance.

Step 3: View the whitelist of the Redis instance

  1. Log on to the Redis console.
  2. In the left-side navigation pane, click Instances.
  3. Find the Redis instance and click its ID in the Instance ID/Name column.
  4. In the left-side navigation pane, click Whitelist Settings.
    The following figure shows that the private IP address of the ECS instance is added to the whitelist of the Redis instance as specified in the ACS-ESS-LifeCycleModifyRedisIPWhitelist template. The whitelist of a Redis instance

    If the ECS instance is created, but its private IP address is not added to the whitelist of the Redis instance, go to the OOS console to view the execution result of O&M tasks. For more information, see Step 4 (optional): View the OOS execution status.

Step 4 (optional): View the OOS execution status

  1. Log on to the OOS console.
  2. In the left-side navigation pane, click Executions.
  3. Find the execution by time and click Details in the Actions column.
  4. On the page that appears, click the Advanced View tab.
    The execution status is displayed on the Execution Result tab. Success
    If the execution fails, the error message is also displayed on the Execution Result tab. Failed