This topic describes how to use the lifecycle hook feature of Auto Scaling to put Elastic Compute Service (ECS) instances into the Pending state and then use an Operation Orchestration Service (OOS) template to automatically add or remove the private IP addresses of the ECS instances to or from the IP address whitelist of an ApsaraDB for Redis instance.
Prerequisites
- An Alibaba Cloud account is created. To create an Alibaba Cloud account, go to the account registration page.
- A scaling group is created and enabled.
- An ApsaraDB for Redis instance is created.
- A RAM role is created for OOS. The trusted entity type of the RAM role is Alibaba Cloud Service. The trusted service is Operation Orchestration Service. The RAM role has the permissions to perform the O&M operations that are defined in OOS templates. For more information, see Grant RAM permissions to OOS. Note In this topic, the OOSServiceRole RAM role is used as an example. You can also use other roles.
Background information
A scaling group can be associated with Server Load Balancer (SLB) or ApsaraDB RDS instances, but cannot be associated with ApsaraDB for Redis instances. If your business data is stored on an ApsaraDB for Redis instance, you can use a lifecycle hook and an OOS template to automatically add or remove the private IP addresses of ECS instances in your scaling group to or from the IP address whitelist of the ApsaraDB for Redis instance. This is more efficient than manually adding or removing the private IP addresses of the ECS instances to or from the IP address whitelist of the ApsaraDB for Redis instance.
Procedure
- Step 1: Grant OOS permissions to the RAM role
- Step 2: Create a lifecycle hook and trigger a scale-out
- Step 3: Check the IP address whitelist of the ApsaraDB for Redis instance
- Step 4 (Optional) View the OOS execution
Step 1: Grant OOS permissions to the RAM role
You must have the permissions to execute OOS templates. In this example, the ACS-ESS-LifeCycleModifyRedisIPWhitelist public template is used. The template defines the ECS, Auto Scaling, and ApsaraDB for Redis resources that are required to perform O&M operations.
- Log on to the RAM console.
- Create a policy.
- Attach the policy to the OOSServiceRole RAM role.
Step 2: Create a lifecycle hook and trigger a scale-out
To automatically add the private IP address of an ECS instance to the IP address whitelist of the ApsaraDB for Redis instance during a scale-out, you must specify an OOS template as the notification method when you create a lifecycle hook.
- Log on to the Auto Scaling console.
- In the left-side navigation pane, click Scaling Groups.
- In the top navigation bar, select the region where Auto Scaling is activated.
- Find a scaling group and use one of the following methods to go to the scaling group details page:
- Click the ID of the scaling group in the Scaling Group Name/ID column.
- Click Details in the Actions column.
- Create a lifecycle hook.
- Trigger a scale-out. In this example, a scale-out is manually triggered by executing a scaling rule. You can also trigger scale-outs by using scheduled or event-triggered tasks.Note If scaling activities are triggered when you manually execute scaling rules, lifecycle hooks take effect. However, lifecycle hooks do not take effect when you manually add or remove ECS instances to or from a scaling group.After the scaling rule is executed, Auto Scaling adds one ECS instance to the scaling group. However, the ECS instance enters the Pending Add state because of the ESSHookForAddRedisWhitelist lifecycle hook that is in effect before the ECS instance is added. During the timeout period of the lifecycle hook, Auto Scaling notifies OOS to execute the O&M operations that are defined in the ACS-ESS-LifeCycleModifyRedisIPWhitelist public template.
Step 3: Check the IP address whitelist of the ApsaraDB for Redis instance
- Log on to the ApsaraDB for Redis console.
- In the left-side navigation pane, click Instances.
- Find the ApsaraDB for Redis instance and click its ID in the Instance ID/Name column.
- In the left-side navigation pane, click Whitelist Settings.
- If the private IP address of the ECS instance is added to the IP address whitelist of the ApsaraDB for Redis instance, the ACS-ESS-LifeCycleModifyRedisIPWhitelist public template takes effect.
- If the ECS instance is created but its private IP address is not added to the IP address whitelist of the ApsaraDB for Redis instance, go to the OOS console to view the execution of the O&M operations. For more information, see Step 4 (Optional) View the OOS execution.
Step 4 (Optional) View the OOS execution
- Log on to the OOS console.
- In the left-side navigation pane, click Executions.
- Find the execution task by time and click Details in the Actions column.
- On the execution details page, view information about the OOS execution. For example, in the Basic Information section, you can view the execution ID and status. In the Execution Result section, you can click a task node to view the execution details. For more information, see View the details of an execution.Note If an execution failed, the error message is displayed in the Execution Result section.
FAQ
- Error message: Forbidden.Unauthorized message: A required authorization for the specified action is not supplied.
Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the RAM role OOSServiceRole. Before OOS can manage the resources that are described in the OOS template, you must grant the required permissions to the RAM role.
- Error message: Forbidden.RAM message: User not authorized to operate on the specified resource, or this API doesn't support RAM.
Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the RAM role OOSServiceRole. Before OOS can manage the resources that are described in the OOS template, you must grant the required permissions to the RAM role.
- Error message: LifecycleHookIdAndLifecycleActionToken.Invalid message: The specified lifecycleActionToken and lifecycleActionId you provided does not match any in process lifecycle action.
Solution: Estimate the timeout period of the lifecycle hook to make sure that the O&M task specified in the OOS template can be completed within the timeout period.