Create or update an image - CloudOps Orchestration Service

This topic describes how to use CloudOps Orchestration Service (OOS) to create or update an image for an Elastic Compute Service (ECS) instance.

Background information

You may often need to update the software of your ECS instances, such as updating the backend service version or installing security patches. You can use the Create or Update Images feature of OOS to facilitate software updates. OOS allows you to create an image from an existing ECS instance or update an image.

Procedure

Log on to the OOS console.
In the left-side navigation pane, choose Common O&M Tasks > Create or Update Images.
Click Create.
Select Create Image from Existing Instance or Update Image. In this example, Create Image from Existing Instance is selected.
In the General Settings section, enter a name in the New Image Name field.

Set the Permissions parameter to Use Existing Permissions of Current Account or Specify RAM Role and Use Permissions Granted to This Role.

In this example, Specify RAM Role and Use Permissions Granted to This Role is specified and OOSServiceRole is selected as the RAM role. If no RAM roles are available, create a RAM role for OOS. For more information, see Grant RAM permissions for OOS. If you already know how to create a RAM role for OOS, you can directly click View Authorization Policies and Manual Authorization to complete RAM permission settings. For more information about the required permission policy, see the following JSON script.

Permission policy for creating an image from an existing instance:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:CreateImage",
        "ecs:DescribeImages",
        "ecs:ModifyImageSharePermission",
        "ecs:CopyImage",
        "ecs:RunCommand",
        "ecs:DescribeInvocationResults",
        "ecs:DescribeRegions",
        "ecs:DescribeInstances",
        "ecs:DescribeInvocations"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ess:ModifyScalingConfiguration"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "oos:*",
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:PassRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "acs:Service": "oos.aliyuncs.com"
        }
      }
    }
  ]
}

Permission policy for updating an image:

{
  "Version": "1",
  "Statement": [
    {
      "Action": "oos:*",
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:PassRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "acs:Service": "oos.aliyuncs.com"
        }
      }
    },
    {
      "Action": [
        "ecs:RunCommand",
        "ecs:RunInstances",
        "ecs:StopInstance",
        "ecs:DescribeRegions",
        "ecs:DeleteInstance",
        "ecs:CreateImage",
        "ecs:DescribeImages",
        "ecs:ModifyImageSharePermission",
        "ecs:CopyImage",
        "ecs:RebootInstance",
        "ecs:DescribeInvocationResults",
        "ecs:InstallCloudAssistant",
        "ecs:DescribeCloudAssistantStatus",
        "ecs:DescribeInstances",
        "ecs:DescribeInvocations"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ess:ModifyScalingConfiguration"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}

In the Select Instances section, select the ECS instance.
In the Send Remote Commands section, specify Command Type. In this example, Linux Shell is selected.
Click Execute Now.
On the Executions page, view the created execution. If the execution status appears as Running, an image is being created or updated.
To view more information about the execution, click Details in the Actions column. On the page that appears, click the Logs tab.