All Products
Search
Document Center

CloudOps Orchestration Service:Use DingTalk to approve OOS tasks

Last Updated:Sep 11, 2024

During automated O&M, some operations must be performed with caution. These operations include deleting important resources and purchasing instances with high costs. If these operations are automatically performed, you may lose control of your resources, and risks may occur. However, if you do not automate these operations, you need to perform them manually or in other non-automated ways. The ACS::Approve action helps you find a balance between automated executions and operations that require special attention.

Prerequisites

A DingTalk group used to receive alert notifications is created. The webhook URL of the DingTalk chatbot that you want to configure for the DingTalk group is obtained. For more information, see Obtain the webhook URL of a DingTalk chatbot.

Solution

When the ACS::Approve action is to be executed in a template and a task is to be approved, CloudOps Orchestration Service (OOS) suspends the subsequent operations. The execution changes to the Waiting state and a notification that contains an approval link is sent to the administrator. After the administrator receives the notification, the administrator can determine whether to approve the task based on the business requirements. If the task is approved, OOS continues to perform subsequent operations. If the task is rejected, OOS stops the execution and the execution changes to the Canceled state.

Procedure

  1. Log on to the CloudOps Orchestration Service console.

  2. In the left-side navigation pane, choose Automated Task > Custom Template. On the Custom Template page, click Create Template. In the Select Sample Template step, configure the parameters and click Next.image

  3. In the Create Template step, click the YAML tab. Copy the template content in the "Appendix 1: Template for approving restart of ECS instances" section of this topic and paste the template content into the code editor. Click Create Template. In the Template Basic Information dialog box, configure the Template Name parameter and click OK. image

  4. In the left-side navigation pane, choose Automated Task > Custom Template. On the Custom Template page, find the created template and click Create Execution in the Actions column.

  5. On the Create Task page, configure the required parameters in the Basic Information step and click Next Step: Parameter Settings.

  6. In the Parameter Settings step, configure the following parameters:

    • targets: required. The Elastic Compute Service (ECS) instances to be restarted.

    • webHookUrl: required. The webhook URL of the DingTalk chatbot for receiving the approval notifications that contain approval links. For more information about how to obtain the webhook URL, see the "Obtain the webhook URL of a DingTalk chatbot" topic.

    • rateControl: optional. The concurrency and error threshold.

    • atMobiles: optional. The users to be notified when an approval notification is sent to the specified DingTalk group.

    • atAll: optional. Specifies whether to notify all group members when an approval notification is sent to the specified DingTalk group.

    • OOSAssumeRole: optional. The Resource Access Management (RAM) role to be assumed by OOS. By default, OOS uses the permissions granted to the current account. If a RAM role is specified, OOS assumes this role to execute O&M tasks. image

  7. Click Next Step: OK. Then, click Create.

  8. In the left-side navigation pane, choose Automated Task > Task Execution Management. On the Task Execution Management page, view the created execution. If the execution is in the Waiting state, the users whose mobile numbers are specified are notified in the DingTalk group. The users can click the approval link in the approval notification to approve or reject the O&M task based on the business requirements.

Appendix 1: Template for approving ECS instance restart

  • The template executes the following tasks in sequence:

    1. Query the information about the ECS instances to be restarted.

    2. Send a notification that contains an approval link to notify the specified users of approving the restart of the ECS instances.

    3. Restart the ECS instances if the restart request is approved.

  • The following sample code provides a sample template in the YAML format:

    FormatVersion: OOS-2019-06-01
    Description:
      en: Bulky restarts the ECS instances with Approval.
       
      name-en: BulkyRebootInstancesWithApproval
       
    Parameters:
      targets:
        Type: Json
        AssociationProperty: Targets
        AssociationPropertyMetadata:
          ResourceType: 'ALIYUN::ECS::Instance'
      rateControl:
        Description:
          en: Concurrency ratio of task execution.
           
        Type: Json
        AssociationProperty: RateControl
        Default:
          Mode: Concurrency
          MaxErrors: 0
          Concurrency: 100%
      webHookUrl:
        Description:
          en: >-
            The webHook url of dingtalk group assistant,
            e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414.
          zh-cn: >-
             
        Type: String
      atMobiles:
        Description:
          en: >-
            The telephone numbers of member in dingtalk group assistant @, when
            notify comes.
           
        Type: List
        Default:
          - '1390000****'
      atAll:
        Description:
          en: 'assistant @ all members in dingtalk group or not, when notify comes.'
           
        Type: String
        Default: 'false'
      OOSAssumeRole:
        Description:
          en: The RAM role to be assumed by OOS.
           
        Type: String
        Default: OOSServiceRole
    RamRole: '{{ OOSAssumeRole }}'
    Tasks:
      - Name: getInstance
        Description:
          en: Views the ECS instances.
           
        Action: 'ACS::SelectTargets'
        Properties:
          ResourceType: 'ALIYUN::ECS::Instance'
          Filters:
            - '{{ targets }}'
        Outputs:
          instanceIds:
            Type: List
            ValueSelector: 'Instances.Instance[].InstanceId'
          instanceNames:
            Type: List
            ValueSelector: 'Instances.Instance[].InstanceName'
      - Name: approveRestart
        Action: 'ACS::Approve'
        Properties:
          NotifyType: WebHook
          WebHook:
            URI: '{{webhookUrl}}'
            Headers:
              Content-Type: application/json
            Content:
              msgtype: text
              text:
                content: >-
                  Notify: please approve instances restart, instance names to
                  approve  are {{getInstance.instanceNames}}, sent by
                  {{ACS::RegionId}} oos {{ACS::ExecutionId}}.
              at:
                atMobiles: '{{atMobiles}}'
                isAtAll: '{{atAll}}'
      - Name: rebootInstance
        Action: 'ACS::ECS::RebootInstance'
        Description:
          en: Restarts the ECS instances.
           
        Properties:
          instanceId: '{{ ACS::TaskLoopItem }}'
        Loop:
          RateControl: '{{ rateControl }}'
          Items: '{{ getInstance.instanceIds }}'
    Outputs:
      instanceIds:
        Type: List
        Value: '{{ getInstance.instanceIds }}'