This topic describes how to use a lifecycle hook of Auto Scaling to put ECS instances into the wait state and then use an Operation Orchestration Service (OOS) template to automatically bind secondary elastic network interfaces (ENIs) associated with elastic IP addresses (EIPs) to the instances.
Prerequisites
- An Alibaba Cloud account is created. To create an Alibaba Cloud account, go to the account registration page.
- A scaling group is created and enabled.
- A RAM role is created for Operation Orchestration Service (OOS). The trusted entity type of the RAM role is Alibaba Cloud Service. The trusted service is Operation Orchestration Service. The RAM role has the permissions that are required to perform operations on the OOS template. For more information, see Grant RAM permissions to OOS. Note In this topic, the OOSServiceRole RAM role is used as an example. You can also use other roles.
Background information
An ENI is a virtual network interface controller (NIC) that can be bound to a VPC-type ECS instance. You can use ENIs to deploy high-availability clusters and perform low-cost failovers and fine-grained network management. ENIs are classified into two types: primary ENIs and secondary ENIs. Primary ENIs are created along with ECS instances. You cannot unbind primary ENIs from instances. Secondary ENIs can be created separately. You can bind or unbind secondary ENIs to or from instances. For more information, see Overview.
An EIP is a public IP address that you can purchase and hold as an independent resource. You can use EIPs to own public IP addresses until the EIPs are released. You can associate or disassociate EIPs with or from resources such as ECS instances and ENIs to meet your business requirements. For more information, see Elastic IP addresses.
Procedure
Step 1: Grant OOS permissions to the RAM user
You must be granted the permissions to execute OOS templates. Resources of ECS, Auto Scaling, and Elastic IP Address are involved when the O&M operations specified in the ACS-ESS-LifeCycleCreateNetworkInterfaceAndEipAndAttachToInstance template are performed.
- Log on to the RAM console.
- In the left-side navigation pane, choose .
- Find the RAM role OOSServiceRole and click Add Permissions in the Actions column. Attach the policy to the RAM role OOSServiceRole that is assumed by OOS to complete the authorization.
- In the Add Permissions panel, configure the parameters and click OK.The following table describes the parameters used in this example. Use the default values for parameters that are not mentioned in the table.
Parameter Description Authorization Select Alibaba Cloud account all resources. Select Policy Select the AliyunECSFullAccess, AliyunESSFullAccess, and AliyunEIPFullAccess system policies.
Step 2: Create a lifecycle hook for scale-out events and trigger a scale-out event
- Log on to the Auto Scaling console.
- In the left-side navigation pane, click Scaling Groups.
- In the top navigation bar, select the region where Auto Scaling is activated.
- Find a scaling group and use one of the following methods to go to the scaling group details page:
- Click the ID of the scaling group in the Scaling Group Name/ID column.
- Click Details in the Actions column.
- Create a lifecycle hook for scale-out events.
- Trigger a scale-out event.A scale-out event is triggered in this example by manually executing a scaling rule. You can also trigger scale-out events by using scheduled or event-triggered tasks.Note If scaling activities are triggered when you manually execute scaling rules, lifecycle hooks take effect. Lifecycle hooks do not take effect when you manually add or remove ECS instances to or from a scaling group.After the scaling rule is executed, an ECS instance is automatically created. The ESSHookForAttachNicWithEip lifecycle hook in the scaling group puts the ECS instance into the wait state. Auto Scaling notifies OOS to perform the O&M operations specified in the ACS-ESS-LifeCycleCreateNetworkInterfaceAndEipAndAttachToInstance template on the ECS instance.If the scaling activity fails and the following error information appears, go to the OOS console to view the execution result of O&M tasks. For more information, see Step 3: (Optional) View the execution status of the OOS template.
- Check whether the automatically created ECS instance meets your expectations.
Step 3: (Optional) View the execution status of the OOS template
- Log on to the OOS console.
- In the left-side navigation pane, click Executions.
- Find the execution task by time and click Details in the Actions column.
- In the upper part of the page, click Advanced View and view the execution status on the Execution Result tab.
- If the execution succeeds, the execution status appears on the Execution Result tab.
- If the execution fails, an error message appears on the Execution Result tab.
- If the execution succeeds, the execution status appears on the Execution Result tab.
FAQ
- Error message: Forbidden.Unauthorized message: A required authorization for the specified action is not supplied.
Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the RAM role OOSServiceRole. Before OOS can manage the resources that are described in the OOS template, you must grant the required permissions to the RAM role.
- Error message: Forbidden.RAM message: User not authorized to operate on the specified resource, or this API doesn't support RAM.
Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the RAM role OOSServiceRole. Before OOS can manage the resources that are described in the OOS template, you must grant the required permissions to the RAM role.
- Error message: LifecycleHookIdAndLifecycleActionToken.Invalid message: The specified lifecycleActionToken and lifecycleActionId you provided does not match any in process lifecycle action.
Solution: Estimate the timeout period of the lifecycle hook to make sure that the O&M task specified in the OOS template can be completed within the timeout period.