Mount NAS file systems to ECS instances - Auto Scaling - Alibaba Cloud Documentation Center

This topic describes how to use a lifecycle hook of Auto Scaling to put ECS instances into the Pending Add or Pending Remove state and then use an Operation Orchestration Service (OOS) template to automatically mount Apsara File Storage NAS (NAS) file systems to Linux ECS instances.

Prerequisites

An Alibaba Cloud account is created. To create an Alibaba Cloud account, go to the account registration page.
A scaling group is created and enabled.
A NAS file system is created, and a mount target is created for the NAS file system. For information about mount targets, see Manage mount targets. Make sure that the following requirements are met:
- If the network type of the scaling group is virtual private cloud (VPC), the network type of the mount target must also be VPC. The mount target and the scaling group must reside in the same VPC.
- If the network type of the scaling group is classic network, the network type of the mount target must also be classic network.
- The type of protocol that you want to use to mount NAS file systems must be Network File System (NFS).
A RAM role is created for Operation Orchestration Service (OOS). The trusted entity type of the RAM role is Alibaba Cloud Service. The trusted service is Operation Orchestration Service. The RAM role has the permissions that are required to perform operations on the OOS template. For more information, see Grant RAM permissions to OOS.
Note In this topic, the OOSServiceRole RAM role is used as an example. You can also use other roles.

Background information

A file system is the basic storage unit of NAS. After you mount NAS file systems to ECS instances, you can use the NAS file systems in a similar way as you use local file systems. This enhances data security and fault tolerance. You cannot specify NAS file systems when you create a scaling configuration. However, you can use a lifecycle hook and an OOS template to automatically mount NAS file systems to ECS instances. This is more efficient than manually mounting file systems to ECS instances after the instances are created.

Procedure

In the following example, the ACS-ESS-LifeCycleAttachNASFileSystemToInstance public template is used to describe how to automatically mount a NAS file system to a Linux ECS instance during a scale-out activity.

Step 1: Grant OOS permissions to a RAM user
Step 2: Create a lifecycle hook and trigger a scale-out activity
Step 3: (Optional) View the execution status of the OOS template

Step 1: Grant OOS permissions to a RAM user

If you want to execute OOS templates as a RAM user, you must have OOS permissions. When you execute the ACS-ESS-LifeCycleAttachNASFileSystemToInstance public template, you also need to use ECS resources, Auto Scaling resources, and NAS file systems.

Log on to the RAM console.

Create a policy.

In the left-side navigation pane, choose Permissions > Policies.
On the Policies page, click Create Policy.

On the Create Custom Policy page, configure parameters based on your business requirements, and click OK.

The following table describes the parameter settings used in this example. For parameters that are not described in the table, use the default settings.

Parameter Description

Policy Name Enter ESSHookPolicyForAttachNAS.

Configuration Mode Select Script.

Parameter	Description
Policy Name	Enter ESSHookPolicyForAttachNAS.
Configuration Mode	Select Script.
Policy Document	Enter the following content: `{ "Version": "1", "Statement": [ { "Action": [ "ecs:DescribeInvocations", "ecs:RunCommand", "ecs:DescribeInvocationResults", "ecs:DescribeInstances" ], "Resource": "", "Effect": "Allow" }, { "Action": [ "ess:CompleteLifecycleAction" ], "Resource": "", "Effect": "Allow" } ] }`

Policy Document

Enter the following content:

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeInvocations",
                "ecs:RunCommand",
                "ecs:DescribeInvocationResults",
                "ecs:DescribeInstances"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ess:CompleteLifecycleAction"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

Attach the policy to the OOSServiceRole RAM role.
1. In the left-side navigation pane, choose Identities > Roles.
2. Find the RAM role OOSServiceRole and click Add Permissions in the Actions column.
  Attach the policy to the RAM role OOSServiceRole that is assumed by OOS to complete the authorization.
3. In the Add Permissions panel, configure parameters based on your business requirements, and click OK.
  The following table describes the parameter settings used in this example. For parameters that are not described in the table, use the default settings.
  Parameter Description
  Authorized Scope Select Alibaba Cloud Account.
  Select Policy Select the ESSHookPolicyForAttachNAS custom policy.

Parameter	Description
Authorized Scope	Select Alibaba Cloud Account.
Select Policy	Select the ESSHookPolicyForAttachNAS custom policy.

Step 2: Create a lifecycle hook and trigger a scale-out activity

Log on to the Auto Scaling console.
In the left-side navigation pane, click Scaling Groups.
In the top navigation bar, select the region where Auto Scaling is activated.
Find a scaling group and use one of the following methods to go to the scaling group details page:
- Click the ID of the scaling group in the Scaling Group Name/ID column.
- Click Details in the Actions column.

Create a lifecycle hook.

In the upper part of the page, click the Lifecycle Hook tab.
Click Create Lifecycle Hook.

Configure parameters for the lifecycle hook and click OK.

The following table describes the parameter settings used in this example. For parameters that are not described in the table, use the default settings.


Parameter	Description
Name	Enter ESSHookForAttachNAS.
Scaling Activity	Select Scale-out Event.
Timeout Period	Configure the Timeout Period parameter based on your business requirements. In this example, set the value to 300. Note The timeout period is the period of time during which you can perform operations on instances. If the timeout period is shorter than the period of time that is required to perform operations, the operations may fail. We recommend that you estimate the period of time that is required to perform custom operations on instances and configure the Timeout Period parameter based on your business requirements.
Default Execution Policy	Select Continue.
Actions performed during the hook	Specify a notification method or the action that you want Auto Scaling to perform. In this example: Select OOS Template. Select Public Templates. Select ACS-ESS-LifeCycleAttachNASFileSystemToInstance. Configure the following parameters in the ACS-ESS-LifeCycleAttachNASFileSystemToInstance public template: MountTargetDomain: Enter the domain name of the mount target of the NAS file system. MountDir: Specify the directory to which that you want to mount the NAS file system. The default directory is /mnt. FileSystemVersion: Specify a protocol type. The value 0 specifies that the NFSv4 protocol is used to mount the NAS file system. The value 1 specifies that the NFSv3 protocol is used to mount the NAS file system. In this example, 0 is used. RateControl: Specify a rate control type. Valid values: Batch-based Control and Concurrency-based Control. In this example, Concurrency-based Control is used. OOSAssumeRole: Select Specify RAM Role and Use Permissions Granted to This Role and then select OOSServiceRole. In Step 1, the OOSServiceRole RAM role is granted permissions to manage ECS, Auto Scaling, and NAS resources. OOS owns the preceding permissions after it assumes the RAM role.

Trigger a scale-out activity.
A scale-out activity is triggered in this example by manually executing a scaling rule. You can also trigger scale-out activities by using scheduled or event-triggered tasks.
Note If scaling activities are triggered when you manually execute scaling rules, lifecycle hooks take effect. Lifecycle hooks do not take effect when you manually add or remove ECS instances to or from a scaling group.
1. In the upper part of the page, click the Scaling Rules and Activities tab, and then click the Scaling Rules tab.
2. Click Create Scaling Rule.
3. In the Create Scaling Rule dialog box, configure parameters based on your business requirements and click OK.
  The following table describes the parameter settings used in this example. For parameters that are not described in the table, use the default settings.
  Parameter Description
  Rule Name Enter Add1.
  Rule Type Select Simple Scaling Rule.
  Operation Set the value to Add 1 Instances.
4. Find the Add1 scaling rule and click Execute in the Actions column.
5. In the message that appears, click OK.
After the scaling rule is executed, an ECS instance is automatically created. The ESSHookForAttachNAS lifecycle hook in the scaling group puts the ECS instance into the Pending Add state. Auto Scaling notifies OOS to perform the O&M operations specified in the ACS-ESS-LifeCycleAttachNASFileSystemToInstance public template on the ECS instance.
Check whether the ECS instance meets your expectations.
1. In the upper part of the page, click the Instances tab.
2. Find the ECS instance and click its ID in the ECS Instance ID/Name column.
3. In the Basic Information section, click Connect.
4. Log on to the instance and run the following command to view the mount result:
```
df -h | grep aliyun
```
  If the mount path of the NAS file system exists in the command output as shown in the following figure, the NAS file system is mounted. You can also run the nfsstat -c command to check the protocol version. Client nfs v4 indicates the protocol version is v4.
  If an ECS instance is created but is not mounted with a NAS file system, go to the OOS console to view the execution results of O&M tasks. For more information, see Step 3: (Optional) View the execution status of the OOS template.

Parameter	Description
Rule Name	Enter Add1.
Rule Type	Select Simple Scaling Rule.
Operation	Set the value to Add 1 Instances.

Step 3: (Optional) View the execution status of the OOS template

Log on to the OOS console.
In the left-side navigation pane, click Executions.
Find the execution task by time and click Details in the Actions column.
In the upper part of the page, click Advanced View and view the execution status on the Execution Result tab.
- If the execution is successful, the execution status appears on the Execution Result tab.
- If the execution fails, an error message appears on the Execution Result tab.

FAQ

If you fail to execute an O&M task, find the cause based on the error message in the execution result. The following section describes the common error messages and solutions:

Error message: Forbidden.Unauthorized message: A required authorization for the specified action is not supplied.
Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the RAM role OOSServiceRole. Before OOS can manage the resources that are described in the OOS template, you must grant the required permissions to the RAM role.
Error message: Forbidden.RAM message: User not authorized to operate on the specified resource, or this API doesn't support RAM.
Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the RAM role OOSServiceRole. Before OOS can manage the resources that are described in the OOS template, you must grant the required permissions to the RAM role.
Error message: LifecycleHookIdAndLifecycleActionToken.Invalid message: The specified lifecycleActionToken and lifecycleActionId you provided does not match any in process lifecycle action.
Solution: Estimate the timeout period of the lifecycle hook to make sure that the O&M task specified in the OOS template can be completed within the timeout period.