Introduction to ECS image deployment packages - Compute Nest

When you deploy services in multiple regions by using Elastic Compute Service (ECS) images, you need to perform complicated operations such as manually replicating and mapping ECS images and managing permissions. To simplify the deployment process, Compute Nest provides ECS image deployment packages. This topic describes how ECS image deployment packages work. This topic also describes how to create and use an ECS image deployment package.

Background information

Purpose
During service deployment, ECS images are often used for multi-region deployment. However, ECS images are region-specific. To implement multi-region deployment, you need to replicate ECS images to each region and specify an ECS image for the corresponding region in a template. The operations include manually replicating and mapping ECS images and managing permissions. Each time a new image version is released, you need to repeat the operations. This complicates the multi-region deployment process.
Benefits
As a service provider, you need to only create the source ECS image, configure the ECS image deployment package in the Compute Nest console, and then associate the ECS image deployment package with the source ECS image. The subsequent operations such as image replication, image mapping, and permission management are performed by Compute Nest.
- Image replication: Compute Nest replicates the source ECS image that you created to the general account of Compute Nest that is used to replicate the image to multiple regions.
- Image mapping: Compute Nest checks whether the ImageId parameter is specified in a template. If the parameter is specified, the image ID can be associated with an ECS image deployment package in the service details. When a customer deploys the service, Compute Nest checks the region in which the service is deployed and automatically uses the image ID corresponding to the region instead of the image ID specified in the template. This way, the image ID and region are dynamically mapped.
- Permission management: The permissions of an ECS image deployment package are related to the associated service. If no service is associated with an ECS image deployment package, the ECS image deployment package is private and only the corresponding service provider can use the ECS image deployment package. If at least one public service is associated with an ECS image deployment package, the ECS image deployment package is public. If all services associated with an ECS image deployment package are private, the ECS image deployment package is private. If a whitelist is configured for an associated service, the whitelist also applies to the ECS image deployment package.

Limits

You can modify the cloud resources of an ECS image deployment package in a template.

ROS

If you use Resource Orchestration Service (ROS) for service deployment, you must specify the ImageId parameter in the Resource section of the ROS template.

You can specify an image ID of the following cloud resources:
- ECS instance (ALIYUN::ECS::Instance)
- ECS instance group (ALIYUN::ECS::InstanceGroup)
- Scaling group (ALIYUN::ESS::ScalingGroup)
- Elastic High Performance Computing (E-HPC) cluster (ALIYUN::EHPC::Cluster)
You can specify an image ID by using the ImageId parameter.
The value of the ImageId parameter must be a string. You cannot obtain the value from an input parameter or a built-in function in the template.

Terraform

If you use Terraform for service deployment, you must specify the image_id parameter in the template.

You can specify an image ID of the following cloud resources:
- ECS instance (alicloud_instance)
- Scaling group (ALIYUN::ESS::ScalingGroup)
You can specify an image ID by using the image_id parameter.
The value of the image_id parameter must be a string. You cannot obtain the value from an input parameter or a built-in function in the template.

Create and use an ECS image deployment package

Prerequisites

An ECS image is created. Compute Nest supports custom images and Alibaba Cloud Marketplace images. You can select an image type based on your business requirements.

Custom image: the custom ECS images within your Alibaba Cloud account.
If you do not have a custom image, you can create one. For more information, see Create a custom image from an instance.
Alibaba Cloud Marketplace image: the images on sale in Alibaba Cloud Marketplace.
You can search for images in Alibaba Cloud Marketplace based on your business requirements.

Create an ECS image deployment package

Configure the basic information about the deployment package.

Log on to the Compute Nest console. In the left-side navigation pane, click Service Deployment Package. In the Deployment Package section of the Service Deployment Package page, click Create Deployment Package.

In the Deployment Package Information section, configure the parameters described in the following table.

Parameter	Description
Deployment Package Name	The name of the deployment package. The name must be 3 to 128 characters in length, and can contain letters, digits, and underscores (_). The name cannot be changed after the deployment package is created.
Version Name	The name of the deployment package version. The name must be 3 to 50 characters in length, and can contain letters, digits, and underscores (_).
Description	The description of the deployment package. The description must be 10 to 500 characters in length.
Resource Group	The name of the resource group to which the deployment package belongs. Resource groups are used to group your resources by usage, permission, and region. You can use resource groups to organize your resources in a hierarchical manner and group resources based on users and projects. For more information, see Manage resource groups.
Tag Settings	The tags that you want to add to the deployment package. Select or enter complete tag keys and tag values. You can add up to 20 tags to a deployment package. If no tag key or tag value are available, you can create a custom tag. For more information, see Add a custom tag.

Configure the ECS image deployment package.
1. In the Deployment Package Content section, select ECS Image for the Deployment Package Type parameter. Configure the Image Type and Select Product parameters based on the ECS image that you prepared.
2. In the Distribution Settings section, select the regions to which you want to distribute the deployment package. In this example, All Regions is selected.
  Important
  You must select at least one region to distribute the deployment package.
3. Click Publish Deployment Package.
  After a deployment package is published, you cannot modify the content of the published version. You can only create new versions or new deployment packages.
  Note
  - If you need to test the deployment package, click Save Deployment Package. After you complete the test, click Publish Deployment Package.
  - If the deployment package is not published, you cannot test the deployment package in the selected distribution regions. In this case, you can test the deployment package only in the region in which the ECS image resides.
View the deployment package.
1. Return to the Service Deployment Package page. Find the deployment package that you created and click its name to go to the Deployment Package Details page to view the deployment progress.
2. After the deployment package enters the Available state, find the version that you want to view on the Deployment Package Version tab and click View in the Actions column to view the distribution results of the deployment package.
Note
The duration to distribute an image may vary from several minutes to several hours based on the region and image size.

Use an ECS image deployment package

In this example, a private service is created to describe how to use an ECS image deployment package.

Log on to the Compute Nest console.
In the left-side navigation pane, click My Services. On the Created Services tab of the My Services page, click Create Service.
On the Create Service page, set Select Service Creation Method to Custom Launch, Select Service Type to Private Service, and then click Next: Configure Settings.
On the Create Service page, specify basic information about the service as prompted. In the Template section, select a template or enter a template name. In this example, Scenario-based Template is selected.

If the template content contains the ImageId parameter, configure the Associate ECS Image parameter in the Deployment Package Association section.

Sample template

Note

This sample template is used for testing only.

ROSTemplateFormatVersion: '2015-09-01'
Description:
  en: This template deploys custom image for single instance, supports creating new
    VPC and specifying VPC.
  zh-cn: 
Conditions:
  CreateVpcConditions:
    Fn::Equals:
    - true
    - Ref: WhetherCreateVpc
  IfAllocatePublicIP:
    Fn::Equals:
    - Ref: AllocatePublicIP
    - true
Parameters:
  PayType:
    Type: String
    Label:
      en: ECS Instance Charge Type
      zh-cn: 
    AssociationProperty: ChargeType
    AssociationPropertyMetadata:
      LocaleKey: InstanceChargeType
    Default: PostPaid
    AllowedValues:
      - PostPaid
      - PrePaid
  PayPeriodUnit:
    Type: String
    Label:
      en: Pay Period Unit
      zh-cn: 
    AssociationProperty: PayPeriodUnit
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Not:
            Fn::Equals:
              - ${PayType}
              - PostPaid
    Default: Month
    AllowedValues:
      - Month
      - Year
  PayPeriod:
    Type: Number
    Label:
      en: Period
      zh-cn: 
    AssociationProperty: PayPeriod
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Not:
            Fn::Equals:
              - ${PayType}
              - PostPaid
    Default: 1
    AllowedValues:
      - 1
      - 2
      - 3
      - 4
      - 5
      - 6
      - 7
      - 8
      - 9
  EcsInstanceType:
    Type: String
    Label:
      en: Instance Type
      zh-cn: 
    AssociationProperty: ALIYUN::ECS::Instance::InstanceType
    AssociationPropertyMetadata:
      ZoneId: ${ZoneId}
      InstanceChargeType: ${InstanceChargeType}
  ZoneId:
    Type: String
    Label:
      en: Availability Zone
      zh-cn:
    AssociationProperty: ALIYUN::ECS::Instance::ZoneId
  WhetherCreateVpc:
    Type: Boolean
    Label:
      en: WhetherCreateVpc
      zh-cn: 
    Default: false
  VpcCidrBlock:
    Type: String
    Label:
      en: VPC CIDR IPv4 Block
      zh-cn: 
    Description:
      zh-cn: 
      en: 'The ip address range of the VPC in the CidrBlock form; <br>You can use
        the following ip address ranges and their subnets: <br><font color=''green''>[10.0.0.0/8]</font><br><font
        color=''green''>[172.16.0.0/12]</font><br><font color=''green''>[192.168.0.0/16]</font>'
    AssociationProperty: ALIYUN::VPC::VPC::CidrBlock
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
          - ${WhetherCreateVpc}
          - true
    Default: 192.168.0.0/16
  VSwitchCidrBlock:
    Type: String
    Label:
      en: VSwitch CIDR Block
      zh-cn: 
    Description:
      zh-cn:  
      en: Must belong to the subnet segment of VPC.
    AssociationProperty: ALIYUN::VPC::VSwitch::CidrBlock
    AssociationPropertyMetadata:
      VpcCidrBlock: VpcCidrBlock
      Visible:
        Condition:
          Fn::Equals:
          - ${WhetherCreateVpc}
          - true
    Default: 192.168.1.0/24
  VpcId:
    Type: String
    Label:
      en: VPC ID
      zh-cn: 
    AssociationProperty: ALIYUN::ECS::VPC::VPCId
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
          - ${WhetherCreateVpc}
          - false
    Default: ''
  VSwitchId:
    Type: String
    Label:
      en: VSwitch ID
      zh-cn: 
    AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
    AssociationPropertyMetadata:
      VpcId: ${VpcId}
      ZoneId: ${ZoneId}
      Visible:
        Condition:
          Fn::Equals:
          - ${WhetherCreateVpc}
          - false
    Default: ''
  InstancePassword:
    Type: String
    Label:
      en: Instance Password
      zh-cn: 
    Description:
      en: Server login password, Length 8-30, must contain three(Capital letters,
        lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol
        in)
      zh-cn: 
    ConstraintDescription:
      en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers,
        ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)
      zh-cn: 
    AssociationProperty: ALIYUN::ECS::Instance::Password
    AllowedPattern: '[0-9A-Za-z\_\-\&:;''<>,=%`~!@#\(\)\$\^\*\+\|\{\}\[\]\.\?\/]+$'
    MinLength: 8
    MaxLength: 30
    NoEcho: true
  SystemDiskCategory:
    Type: String
    Label:
      en: System Disk Category
      zh-cn: 
    AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory
    AssociationPropertyMetadata:
      LocaleKey: DiskCategory
      InstanceType: ${EcsInstanceType}
    AllowedValues:
    - cloud_efficiency
    - cloud_ssd
    - cloud_essd
  SystemDiskSize:
    Type: Number
    Label:
      zh-cn: 
      en: System Disk Space (GB)
    Default: 200
  DataDiskCategory:
    Type: String
    Label:
      zh-cn: 
      en: Data disk type
    AssociationProperty: ALIYUN::ECS::Disk::DataDiskCategory
    AssociationPropertyMetadata:
      InstanceType: EcsInstanceType
      ZoneId: ZoneId
      LocaleKey: DiskCategory
  DataDiskSize:
    Type: Number
    Label:
      zh-cn: 
      en: Data disk space
    Description:
      zh-cn: 
      en: 'ECS Instance disk size, range of values: 20-32768, units: GB'
    Default: 200
    MinValue: 20
    MaxValue: 32768
  AllocatePublicIP:
    Type: Boolean
    Label:
      zh-cn: 
      en: allocate public ip
    Default: true
  InternetMaxBandwidthOut:
    Type: Number
    Label:
      zh-cn: 
      en: Internet Max Bandwidth Out
    Description:
      zh-cn: 
      en: no public ip if zero
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
          - ${AllocatePublicIP}
          - true
    Default: 5
    MinValue: 0
    MaxValue: 100
Resources:
  EcsVpc:
    Type: ALIYUN::ECS::VPC
    Condition: CreateVpcConditions
    Properties:
      CidrBlock:
        Ref: VpcCidrBlock
      VpcName:
        Ref: ALIYUN::StackName
  EcsVSwitch:
    Type: ALIYUN::ECS::VSwitch
    Condition: CreateVpcConditions
    Properties:
      ZoneId:
        Ref: ZoneId
      VpcId:
        Ref: EcsVpc
      CidrBlock:
        Ref: VSwitchCidrBlock
  EcsSecurityGroup:
    Type: ALIYUN::ECS::SecurityGroup
    Properties:
      # Specify a name for the security group based on the software name.
      #SecurityGroupName: nginx-sg
      VpcId:
        Fn::If:
        - CreateVpcConditions
        - Ref: EcsVpc
        - Ref: VpcId
      # Specify inbound rules of the security group based on the ports that are listened to by the software. By default, all ports are enabled in the outbound direction.
      #SecurityGroupIngress:
      #  - PortRange: 80/80
      #    Priority: 1
      #    SourceCidrIp: 0.0.0.0/0
      #    IpProtocol: tcp
  EcsInstanceGroup:
    Type: ALIYUN::ECS::InstanceGroup
    Properties:
      ZoneId:
        Ref: ZoneId
      VpcId:
        Fn::If:
        - CreateVpcConditions
        - Ref: EcsVpc
        - Ref: VpcId
      VSwitchId:
        Fn::If:
        - CreateVpcConditions
        - Ref: EcsVSwitch
        - Ref: VSwitchId
      SecurityGroupId:
        Ref: EcsSecurityGroup
      ImageId: centos_7
      IoOptimized: optimized
      InstanceChargeType:
        Ref: PayType
      PeriodUnit:
        Ref: PayPeriodUnit
      Period:
        Ref: PayPeriod
      SystemDiskCategory:
        Ref: SystemDiskCategory
      # You can adjust the size of the system disk based on your business requirements.
      SystemDiskSize:
        Ref: SystemDiskSize
      # The configurations of the data disk.
      DiskMappings:
      - Category:
          Ref: DataDiskCategory
        Size:
          Ref: DataDiskSize
      MaxAmount: 1
      InstanceType:
        Ref: EcsInstanceType
      Password:
        Ref: InstancePassword
      # The public bandwidth. A value of 0 indicates that Internet access is disabled.
      InternetMaxBandwidthOut:
        Fn::If:
        - IfAllocatePublicIP
        - Ref: InternetMaxBandwidthOut
        - 0
      InstanceName:
        Fn::Join:
        - '-'
        - - Ref: ALIYUN::StackName
          - '[1,4]'
  WaitConditionHandle:
    Type: ALIYUN::ROS::WaitConditionHandle
    Properties: {}
  WaitCondition:
    Type: ALIYUN::ROS::WaitCondition
    Properties:
      Count: 1
      Handle:
        Ref: WaitConditionHandle
      # The timeout period to run the command.
      Timeout: 300
  InstanceRunCommand:
    Type: ALIYUN::ECS::RunCommand
    Properties:
      InstanceIds:
        Fn::GetAtt:
        - EcsInstanceGroup
        - InstanceIds
      CommandContent:
        Fn::Sub:
        - |
          #!/bin/bash
          # 1. If you use a data disk, you must format the data disk and mount it to the specified directory. In this example, the data disk is mounted to the /data directory.
          init_and_mount_data_disk() {
            local fs_type=$1
            local mount_point=$2

            # Query disk devices and exclude disk partitions.
            devices=(`lsblk -o NAME,FSTYPE --noheadings --nodeps | awk '$2 == "" {print $1}'`)
            # Query the disk devices that do not have file systems.
            for device in ${!devices[@]};
            do
              lsblk -o NAME,FSTYPE --noheadings  | awk '$2 != "" {print $1}' | grep ${!device}
              if [[ $?  -eq 1 ]]; then
                data_disk=${!device}
                break
              fi
            done

            # Create a file system for the data disk.
            mkfs -t ${!fs_type} /dev/${!data_disk}

            cp /etc/fstab /etc/fstab.bak
            mkdir ${!mount_point}
            # Update the /etc/fstab file and mount the disk.
            echo `blkid /dev/${!data_disk} | awk '{print $2}' | sed 's/\\\"//g'` ${!mount_point} ext4 defaults 0 0 >> /etc/fstab
            mount -a
          }

          # Mount the disk to the /data directory.
          init_and_mount_data_disk ext4 /data

          # 2. Install the software or initialize the software. For example, specify a data disk directory as the data file directory.
          # yum install -y nginx

          # 3. If you need to start the software at startup, add and enable the corresponding system service.
          # systemctl enable nginx.service

          # 4. Configure the startup script or start the system service.
          # systemctl start nginx.service

          # 5. If the script is successfully executed, trigger a callback and stop waiting based on WaitCondition.
          ${CurlCli} -d "{\"Data\" : \"Success\", \"status\" : \"SUCCESS\"}"
          # If the script fails to be executed, run the following command to return FAILURE and the error message.
          # ${CurlCli} -d "{\"Data\" : \"error message\", \"status\" : \"FAILURE\"}"
        - CurlCli:
            Fn::GetAtt:
            - WaitConditionHandle
            - CurlCli
      Type: RunShellScript
      # Set the timeout period based on the command execution time. Unit: seconds. If the command execution times out, the deployment fails.
      Timeout: 300
 
# The outputs are defined based on the software requirements.
 
# In this example, NGINX is used and the output is the public URL to access the website.
#Outputs:
#  endpoint:
#    Condition: IfAllocatePublicIP
#    Description:
#      zh-cn: 
#      en: Public IP Addresses
#    Value:
#      Fn::Sub:
#        - http://${ServerAddress}
#        - ServerAddress:
#            Fn::Select:
#              - 0
#              - Fn::GetAtt:
#                  - EcsInstanceGroup
#                  - PublicIps
Metadata:
  ALIYUN::ROS::Interface:
 
## The order of parameter groups determines the order of the parameters displayed on the page to create the service instance.
 
## If most instance types are supported, such as the instances of the x86 architecture, you can specify the zone configurations first by referring to the comments.
#    ParameterGroups:
#      - Parameters:
#          - ZoneId
#        Label:
#          default:
#            zh-cn: 
#            en: Zone Configuration
#      - Parameters:
#          - WhetherCreateVpc
#          - VpcCidrBlock
#          - VSwitchCidrBlock
#          - VpcId
#          - VSwitchId
#        Label:
#          default:
#            zh-cn: 
#            en: VPC Configuration
#      - Parameters:
#          - PayType
#          - PayPeriodUnit
#          - PayPeriod
#        Label:
#          default:
#            en: PayType Configuration
#            zh-cn: 
#      - Parameters:
#          - EcsInstanceType
#          - InstancePassword
#          - SystemDiskCategory
#          - SystemDiskSize
#          - DataDiskCategory
#          - DataDiskSize
#          - AllocatePublicIP
#          - InternetMaxBandwidthOut
#        Label:
#          default:
#            en: Instance
#            zh-cn: 
    ParameterGroups:
    - Parameters:
        - PayType
        - PayPeriodUnit
        - PayPeriod
      Label:
        default:
          en: PayType Configuration
          zh-cn: 
    - Parameters:
      - EcsInstanceType
      Label:
        default:
          zh-cn: 
          en: ECS Instance Type Configuration
    - Parameters:
      - ZoneId
      Label:
        default:
          zh-cn: 
          en: Zone Configuration
    - Parameters:
      - WhetherCreateVpc
      - VpcCidrBlock
      - VSwitchCidrBlock
      - VpcId
      - VSwitchId
      Label:
        default:
          zh-cn:
          en: VPC Configuration
    - Parameters:
      - InstancePassword
      - SystemDiskCategory
      - SystemDiskSize
      - DataDiskCategory
      - DataDiskSize
      - AllocatePublicIP
      - InternetMaxBandwidthOut
      Label:
        default:
          en: Instance
          zh-cn: 
    TemplateTags:
    - acs:example:Independent software vendor (ISV) software deployment: This template is used to deploy a single instance with a data disk by using a custom image. A public IP address is optional.

Click Select Deployment Package. In the dialog box that appears, select the deployment package and version that you want to use and click OK. The source image specified in the template is replaced with the ECS image deployment package.
Important
- If a deployment package of the draft version has not been distributed, the associated ECS image that is not distributed can be used only in the region in which the image is created.
- If a deployment package of a formal version has been distributed, the associated ECS image that is already distributed can be used in the region in which the image is created and the regions to which the image is distributed.
Save and test the service. After the service passes the test, check whether the service meets the review criteria of Compute Nest and submit the service for review. For more information, see Review criteria.
After the service is approved, publish the service. For more information, see Publish a service.
When a customer creates a service instance in a region, the associated image that has been distributed to the region is used.
- Image ID before replacement
- Image ID after replacement

References

For more information about how to create a service in Compute Nest, see Create a service.
If you no longer need a deployment package or deployment package version, you can delete it. For more information, see Delete a deployment package.
If you need to modify a deployment package such as the distribution regions and content, you can create a new version. For more information, see Create a version.
For more information about how to configure the update settings of a deployment package, see Configure service update settings.