Mount NAS file systems to ECS instances - Auto Scaling - Alibaba Cloud Documentation Center

This topic describes how to use the lifecycle hook feature of Auto Scaling to put an Elastic Compute Service (ECS) instance into the Pending state and then use an CloudOps Orchestration Service (OOS) template to automatically mount an Apsara File Storage NAS (NAS) file system to an ECS instance that runs Linux.

Prerequisites

An Alibaba Cloud account is created. To create an Alibaba Cloud account, go to the Sign up to Alibaba Cloud page.
A scaling group is created and enabled.
A NAS file system that has a mount target is created. For information about mount targets, see Manage mount targets. The mount target of the NAS file system must meet the following requirements:
- If the network type of the scaling group is virtual private cloud (VPC), the network type of the mount target must also be VPC. The mount target and the scaling group must reside in the same VPC.
- If the network type of the scaling group is classic network, the network type of the mount target must also be classic network.
- The protocol that you want to use to mount the NAS file system must be Network File System (NFS).
A RAM role is created for OOS. The trusted entity type of the RAM role is Alibaba Cloud Service. The trusted service is CloudOps Orchestration Service. The RAM role has the permissions to perform O&M operations that are defined in OOS templates. For more information, see Grant RAM permissions to OOS.
Note
In this topic, the OOSServiceRole RAM role is used as an example. You can also use other roles.

Background information

A file system is the basic storage unit of NAS. After you mount NAS file systems to ECS instances, you can use the NAS file systems in a similar way as you use local file systems. This enhances data security and fault tolerance. You cannot specify NAS file systems when you create a scaling configuration. However, you can use a lifecycle hook and an OOS template to automatically mount a NAS file system to an ECS instance. This is more efficient than manually mounting a NAS file system to the ECS instance.

Procedure

In this example, the ACS-ESS-LifeCycleAttachNASFileSystemToInstance public template is used to show how to mount a NAS file system to an ECS instance that runs Linux during a scale-out.

Step 1: Grant OOS permissions to a RAM user
Step 2: Create a lifecycle hook and trigger a scale-out
Step 3: (Optional) View the OOS execution

Step 1: Grant OOS permissions to a RAM user

You must have the permissions to execute OSS templates. In this example, the ACS-ESS-LifeCycleAttachNASFileSystemToInstance public template is used. The template defines the ECS, Auto Scaling, and NAS resources that are required to perform O&M operations during the scale-out.

Log on to the RAM console.

Create a policy.

In the left-side navigation pane, choose Permissions > Policies.
On the Policies page, click Create Policy.

On the Create Policy page, click the JSON tab, configure parameters as prompted, and then click OK.

The following table describes the parameters used in this example. For parameters that are not described in the table, use the default settings.

Parameter

Description

Name

Enter ESSHookPolicyForAttachNAS.

Policy document

Enter the following content:

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeInvocations",
                "ecs:RunCommand",
                "ecs:DescribeInvocationResults",
                "ecs:DescribeInstances"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ess:CompleteLifecycleAction"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

Attach the policy to the OOSServiceRole RAM role.
1. In the left-side navigation pane, choose Identities > .
2. Find the OOSServiceRole RAM role and click Add Permissions in the Actions column.
  Grant the required permissions to OOSServiceRole.
3. In the Add Permissions panel, configure parameters as prompted and click OK.
  The following table describes the parameters used in this example. For parameters that are not described in the table, use the default settings.
  Parameter
  Description
  Authorized Scope
  Select Alibaba Cloud Account.
  Select Policy
  Select the following custom policy: ESSHookPolicyForAttachNAS.

Step 2: Create a lifecycle hook and trigger a scale-out

Log on to the Auto Scaling console.
In the left-side navigation pane, click Scaling Groups.
In the top navigation bar, select the region where Auto Scaling is activated.
Find a scaling group and use one of the following methods to go to the scaling group details page:
- Click the ID of the scaling group in the Scaling Group Name/ID column.
- Click Details in the Actions column.

Create a lifecycle hook.

In the upper part of the scaling group details page, click the Lifecycle Hook tab.
Click Create Lifecycle Hook.

Configure parameters of the lifecycle hook and click OK.

The following table describes the parameters used in this example. For parameters that are not described in the table, use the default settings.

Parameter	Description
Name	Enter ESSHookForAttachNAS.
Scaling Activity	Select Scale-out Event.
Timeout Period	Configure the Timeout Period parameter based on your business requirements. Unit: seconds. In this example, the Timeout Period parameter is set to 300. Note The timeout period is the period of time during which you can perform custom operations on ECS instances. If the timeout period is shorter than the period of time that is required to perform the custom operations, the operations may fail. We recommend that you estimate the period of time that is required to perform custom operations on ECS instances and configure the Timeout Period parameter based on your business requirements.
Default Execution Policy	Select Continue.
Send Notification When Lifecycle Hook Takes Effect	Specify a notification method or the action that you want Auto Scaling to perform after the lifecycle hook times out. In this example, perform the following operations: Select OOS Template. Select Public Templates. Select ACS-ESS-LifeCycleAttachNASFileSystemToInstance. In the ACS-ESS-LifeCycleAttachNASFileSystemToInstance public template, you must configure the following parameters: mountTargetDomain: Enter the domain name of the mount target of the NAS file system. MountDir: Specify the directory to which that you want to mount the NAS file system. The default directory is /mnt. FileSystemVersion: Specify a protocol type. A value of 0 indicates that the NFSv4 protocol is used to mount the NAS file system. A value of 1 indicates that the NFSv3 protocol is used to mount the NAS file system. In this example, 0 is used. RateControl: Specify a rate control type. Valid values: Batch-based Control and Concurrency-based Control. In this example, Concurrency-based Control is used. OOSAssumeRole: Select Specify RAM Role and Use Permissions Granted to This Role and then select OOSServiceRole. In Step 1: Grant OOS permissions to a RAM user, OOSServiceRole is granted the permissions on the ECS, Auto Scaling, and NAS resources. OOS obtains the preceding permissions after it assumes the RAM role.

Trigger a scale-out.
In this example, a scale-out is manually triggered by executing a scaling rule. You can also trigger scale-outs by using scheduled or event-triggered tasks.
Note
If scaling activities are triggered when you manually execute scaling rules, lifecycle hooks take effect. However, lifecycle hooks do not take effect when you manually add or remove ECS instances to or from a scaling group.
1. In the upper part of the scaling group details page, click the Scaling Rules and Event-triggered Tasks tab.
2. Click the Scaling Rules tab, and then click Create Scaling Rule in the upper-right corner.
3. In the Create Scaling Rule dialog box, configure parameters of the scaling rule and click OK.
  The following table describes the parameters used in this example. For parameters that are not described in the table, use the default settings.
  Parameter
  Description
  Rule Name
  Enter Add1.
  Rule Type
  Select Simple Scaling Rule.
  Operation
  Set the value to Add 1 Instances.
4. On the Scaling Rules tab, find the Add1 scaling rule and click Execute in the Actions column.
5. In the Execute Scaling Rule message, click OK.
After the scaling rule is executed, Auto Scaling adds one ECS instance to the scaling group. However, the ECS instance enters the Pending Add state because of the ESSHookForAttachNAS lifecycle hook that is in effect before the ECS instance is added. During the timeout period of the lifecycle hook, Auto Scaling notifies OOS to execute the O&M operations that are defined in the ACS-ESS-LifeCycleAttachNASFileSystemToInstance public template.
Check whether the NAS file system is mounted to the ECS instance.
1. In the upper part of the scaling group details page, click the Instances tab.
2. Find the ECS instance and click its ID in the ECS Instance ID/Name column.
3. In the Basic Information section of the Instance Details tab, click Connect.
4. Log on to the ECS instance and run the following command to view the mounting result:
```
df -h | grep aliyun
```
  If the mount path of the NAS file system exists in the command output as shown in the following figure, the NAS file system is mounted. You can also run the nfsstat -c command to check the protocol version. Client nfs v4 indicates that the protocol version is v4.
  If the ECS instance is created but has no mounted NAS file system, go to the OOS console to view the execution of the O&M operations. For more information, see Step 3: (Optional) View the OOS execution.

Step 3: (Optional) View the OOS execution

Log on to the OOS console.
In the left-side navigation pane, choose Automated Tasks > Task Execution Management.
Find the execution task by time and click Details in the Actions column.
On the execution details page, view information about the OOS execution.
For example, in the Basic Information section, you can view the execution ID and status. In the Execution Result section, you can click a task node to view the execution details. For more information, see View the details of an execution.
Note
If an execution failed, the error message is displayed in the Execution Result section.

FAQ

If you fail to execute an O&M task, troubleshoot the failure based on the error message in the execution result. The following section describes the common error messages and solutions:

Error message: Forbidden.Unauthorized message: A required authorization for the specified action is not supplied.
Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the RAM role OOSServiceRole. Before OOS can manage the resources that are declared in the OOS template, you must grant required permissions to the RAM role.
Error message: Forbidden.RAM message: User not authorized to operate on the specified resource, or this API doesn't support RAM.
Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the RAM role OOSServiceRole. Before OOS can manage the resources that are declared in the OOS template, you must grant required permissions to the RAM role.
Error message: LifecycleHookIdAndLifecycleActionToken.Invalid message: The specified lifecycleActionToken and lifecycleActionId you provided does not match any in process lifecycle action.
Solution: Check whether the timeout period of the lifecycle hook is sufficient for the O&M task specified in the OOS template to complete.

Parameter	Description
Authorized Scope	Select Alibaba Cloud Account.
Select Policy	Select the following custom policy: ESSHookPolicyForAttachNAS.

Parameter	Description
Rule Name	Enter Add1.
Rule Type	Select Simple Scaling Rule.
Operation	Set the value to Add 1 Instances.