During automated O&M, some operations must be performed with caution. These operations include deleting important resources and purchasing instances with high costs. If these operations are automatically performed, you may lose control of your resources, and risks may occur. However, if you do not automate these operations, you need to perform them manually or in other non-automated ways. The ACS::Approve action helps you find a balance between automated executions and operations that require special attention.
Prerequisites
A DingTalk group used to receive alert notifications is created. The webhook URL of the DingTalk chatbot that you want to configure for the DingTalk group is obtained. For more information, see Obtain the webhook URL of a DingTalk chatbot.
Solution
When the ACS::Approve action is to be executed in a template and a task is to be approved, CloudOps Orchestration Service (OOS) suspends the subsequent operations. The execution changes to the Waiting state and a notification that contains an approval link is sent to the administrator. After the administrator receives the notification, the administrator can determine whether to approve the task based on the business requirements. If the task is approved, OOS continues to perform subsequent operations. If the task is rejected, OOS stops the execution and the execution changes to the Canceled state.
Procedure
Log on to the CloudOps Orchestration Service console.
In the left-side navigation pane, choose
. On the Custom Template page, click Create Template. In the Select Sample Template step, configure the parameters and click Next.In the Create Template step, click the YAML tab. Copy the template content in the "Appendix 1: Template for approving restart of ECS instances" section of this topic and paste the template content into the code editor. Click Create Template. In the Template Basic Information dialog box, configure the Template Name parameter and click OK.
In the left-side navigation pane, choose
. On the Custom Template page, find the created template and click Create Execution in the Actions column.On the Create Task page, configure the required parameters in the Basic Information step and click Next Step: Parameter Settings.
In the Parameter Settings step, configure the following parameters:
targets: required. The Elastic Compute Service (ECS) instances to be restarted.
webHookUrl: required. The webhook URL of the DingTalk chatbot for receiving the approval notifications that contain approval links. For more information about how to obtain the webhook URL, see the "Obtain the webhook URL of a DingTalk chatbot" topic.
rateControl: optional. The concurrency and error threshold.
atMobiles: optional. The users to be notified when an approval notification is sent to the specified DingTalk group.
atAll: optional. Specifies whether to notify all group members when an approval notification is sent to the specified DingTalk group.
OOSAssumeRole: optional. The Resource Access Management (RAM) role to be assumed by OOS. By default, OOS uses the permissions granted to the current account. If a RAM role is specified, OOS assumes this role to execute O&M tasks.
Click Next Step: OK. Then, click Create.
In the left-side navigation pane, choose
. On the Task Execution Management page, view the created execution. If the execution is in the Waiting state, the users whose mobile numbers are specified are notified in the DingTalk group. The users can click the approval link in the approval notification to approve or reject the O&M task based on the business requirements.
Appendix 1: Template for approving ECS instance restart
The template executes the following tasks in sequence:
Query the information about the ECS instances to be restarted.
Send a notification that contains an approval link to notify the specified users of approving the restart of the ECS instances.
Restart the ECS instances if the restart request is approved.
The following sample code provides a sample template in the YAML format:
FormatVersion: OOS-2019-06-01 Description: en: Bulky restarts the ECS instances with Approval. name-en: BulkyRebootInstancesWithApproval Parameters: targets: Type: Json AssociationProperty: Targets AssociationPropertyMetadata: ResourceType: 'ALIYUN::ECS::Instance' rateControl: Description: en: Concurrency ratio of task execution. Type: Json AssociationProperty: RateControl Default: Mode: Concurrency MaxErrors: 0 Concurrency: 100% webHookUrl: Description: en: >- The webHook url of dingtalk group assistant, e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414. zh-cn: >- Type: String atMobiles: Description: en: >- The telephone numbers of member in dingtalk group assistant @, when notify comes. Type: List Default: - '1390000****' atAll: Description: en: 'assistant @ all members in dingtalk group or not, when notify comes.' Type: String Default: 'false' OOSAssumeRole: Description: en: The RAM role to be assumed by OOS. Type: String Default: OOSServiceRole RamRole: '{{ OOSAssumeRole }}' Tasks: - Name: getInstance Description: en: Views the ECS instances. Action: 'ACS::SelectTargets' Properties: ResourceType: 'ALIYUN::ECS::Instance' Filters: - '{{ targets }}' Outputs: instanceIds: Type: List ValueSelector: 'Instances.Instance[].InstanceId' instanceNames: Type: List ValueSelector: 'Instances.Instance[].InstanceName' - Name: approveRestart Action: 'ACS::Approve' Properties: NotifyType: WebHook WebHook: URI: '{{webhookUrl}}' Headers: Content-Type: application/json Content: msgtype: text text: content: >- Notify: please approve instances restart, instance names to approve are {{getInstance.instanceNames}}, sent by {{ACS::RegionId}} oos {{ACS::ExecutionId}}. at: atMobiles: '{{atMobiles}}' isAtAll: '{{atAll}}' - Name: rebootInstance Action: 'ACS::ECS::RebootInstance' Description: en: Restarts the ECS instances. Properties: instanceId: '{{ ACS::TaskLoopItem }}' Loop: RateControl: '{{ rateControl }}' Items: '{{ getInstance.instanceIds }}' Outputs: instanceIds: Type: List Value: '{{ getInstance.instanceIds }}'