ACS-CS-BulkyOSSecurityUpdate - CloudOps Orchestration Service

Template name

ACS-CS-BulkyOSSecurityUpdate

Execute Now

Template description

Updates the operating system kernel.

Template type

Automated

Owner

Alibaba Cloud

Input parameters

Parameter	Description	Type	Required	Default value	Limit
targets	The destination instances.	Json	Yes
regionId	The region ID.	String	No	{{ ACS::RegionId }}
rateControl	The rate control settings.	Json	No	{'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10}
OOSAssumeRole	The RAM role that is assumed by CloudOps Orchestration Service (OOS).	String	No	""

Output parameters

Parameter	Description	Type
commandOutputs		List

Permission policy that is required to execute the template

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeInstances",
                "ecs:DescribeInvocationResults",
                "ecs:DescribeInvocations",
                "ecs:RunCommand"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

References

For more information, see ACS-CS-BulkyOSSecurityUpdate.yml at GitHub.

Template content

FormatVersion: OOS-2019-06-01
Description:
  en: Updates OS security
   
  name-en: ACS-CS-BulkyOSSecurityUpdate
   
  categories:
    - run_command
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
       
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  targets:
    Label:
      en: TargetInstance
       
    Type: Json
    AssociationProperty: Targets
    AssociationPropertyMetadata:
      ResourceType: 'ALIYUN::ECS::Instance'
      RegionId: regionId
  rateControl:
    Label:
      en: RateControl
       
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
       
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: getInstance
    Description:
      en: Views the ECS instances
       
    Action: ACS::SelectTargets
    Properties:
      ResourceType: ALIYUN::ECS::Instance
      RegionId: '{{ regionId }}'
      Filters:
        - '{{ targets }}'
    Outputs:
      instanceIds:
        Type: List
        ValueSelector: Instances.Instance[].InstanceId
  - Name: runCommand
    Action: ACS::ECS::RunCommand
    Description:
      en: Execute cloud assistant command
       
    Properties:
      regionId: '{{ regionId }}'
      commandContent: |-
        yum update-minimal --exclude kernel* --security -y || true
      instanceId: '{{ ACS::TaskLoopItem }}'
      commandType: RunShellScript
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
      Outputs:
        commandOutputs:
          AggregateType: Fn::ListJoin
          AggregateField: commandOutput
    Outputs:
      commandOutput:
        Type: String
        ValueSelector: invocationOutput
Outputs:
  commandOutputs:
    Type: List
    Value: '{{ runCommand.commandOutputs }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - regionId
          - targets
        Label:
          default:
             
            en: Select Instances
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
             
            en: Control Options