全部产品
Search

搜索本产品

    CloudOps Orchestration Service:ACS-ECS-BulkyApplyPatchBaseline

    文档中心

    CloudOps Orchestration Service:ACS-ECS-BulkyApplyPatchBaseline

    更新时间:Dec 21, 2025

    Nama Template

    ACS-ECS-BulkyApplyPatchBaseline: Menerapkan baseline patch secara batch ke instance ECS

    Eksekusi Sekarang

    Deskripsi Template

    Mengonfigurasi baseline patch untuk beberapa instance Elastic Compute Service (ECS) secara bersamaan.

    Tipe Template

    Otomatis

    Pemilik

    Alibaba Cloud

    Parameter Masukan

    Parameter

    Deskripsi

    Tipe

    Diperlukan

    Nilai Default

    Batasan

    targets

    Target instance

    Json

    Ya

    regionId

    ID wilayah.

    String

    Tidak

    {{ ACS::RegionId }}

    resourceType

    Tipe sumber daya.

    String

    Tidak

    ALIYUN::ECS::Instance

    action

    Operasi yang akan dilakukan pada baseline patch.

    String

    Tidak

    install

    whetherCreateSnapshot

    Menentukan apakah akan membuat snapshot untuk disk sistem dari instance ECS.

    Boolean

    Tidak

    False

    retentionDays

    Periode retensi snapshot.

    Number

    Tidak

    7

    rebootIfNeed

    Apakah ingin melakukan restart?

    Boolean

    Tidak

    False

    rateControl

    Laju eksekusi tugas konkuren

    Json

    Tidak

    {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10}

    OOSAssumeRole

    Peran Resource Access Management (RAM) yang diasumsikan oleh CloudOps Orchestration Service (OOS).

    String

    Tidak

    ""

    timeout

    Periode timeout untuk menjalankan perintah pada instance ECS.

    Number

    Tidak

    7200

    Parameter Output

    Parameter

    Deskripsi

    Tipe

    commandOutput

    String

    Kebijakan Izin yang Diperlukan untuk Menjalankan Template

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:CreateSnapshot",
                "ecs:DescribeCloudAssistantStatus",
                "ecs:DescribeDisks",
                "ecs:DescribeInstances",
                "ecs:DescribeInvocationResults",
                "ecs:DescribeInvocations",
                "ecs:DescribeManagedInstances",
                "ecs:DescribeSnapshots",
                "ecs:InvokeCommand",
                "ecs:RebootInstance",
                "ecs:RunCommand"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ecd:CreateSnapshot",
                "ecd:DescribeCloudAssistantStatus",
                "ecd:DescribeDesktops",
                "ecd:DescribeInvocations",
                "ecd:DescribeSnapshots",
                "ecd:RebootDesktops",
                "ecd:RunCommand"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "oos:GetApplicationGroup",
                "oos:ListInstancePatchStates"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    Detail

    ACS-ECS-BulkyApplyPatchBaseline: Detail

    Konten Template

    FormatVersion: OOS-2019-06-01
Description:
  name-en: ACS-ECS-BulkyApplyPatchBaseline
  name-zh-cn: Bulky apply patch baseline on ECS instance
  en: Bulky apply patch baseline on ECS instance
  zh-cn: Bulky apply patch baseline on ECS instance
Parameters:
  regionId:
    Label:
      en: RegionId
      zh-cn: Region ID
    AssociationProperty: RegionId
    Type: String
    Default: '{{ ACS::RegionId }}'
  resourceType:
    Type: String
    Label:
      en: ResourceType
      zh-cn: Resource Type
    AssociationPropertyMetadata:
      LocaleKey: TargetResourceType
    AllowedValues:
      - ALIYUN::ECS::Instance
      - ALIYUN::ECS::ManagedInstance
      - ALIYUN::ECD::Desktop
    Default: ALIYUN::ECS::Instance
  targets:
    Label:
      en: TargetInstance
      zh-cn: Target Instance
    Type: Json
    AssociationProperty: Targets
    AssociationPropertyMetadata:
      ResourceType: resourceType
      RegionId: regionId
  action:
    Label:
      en: Action
      zh-cn: The method to apply the patch baseline
    Type: String
    AllowedValues:
      - install
      - scan
    Default: install
    AssociationPropertyMetadata:
      LocaleKey: OOSPatchExecuteType
  whetherCreateSnapshot:
    Label:
      en: WhetherCreateSnapshot
      zh-cn: Specifies whether to create a snapshot for the system disk
    Type: Boolean
    Default: false
    AssociationPropertyMetadata:
      Visible:
        Condition:
            Fn::Equals:
              - '${action}'
              - install
  retentionDays:
    Label:
      en: RetentionDays
      zh-cn: Snapshot retention period in days
    Type: Number
    MinValue: 1
    MaxValue: 65536
    Default: 7
    AssociationPropertyMetadata:
      Visible:
        Condition:
            Fn::Equals:
              - '${whetherCreateSnapshot}'
              - true
  rebootIfNeed:
    Label:
      en: RebootIfNeed
      zh-cn: Specifies whether to restart the instance if required
    Type: Boolean
    Default: false
    AssociationPropertyMetadata:
      Visible:
        Condition:
            'Fn::Equals':
              - '${action}'
              - install
  rateControl:
    Label:
      en: RateControl
      zh-cn: Concurrency rate for task execution
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: The RAM role for OOS to assume
    Type: String
    Default: ''
  timeout:
    Label:
      en: Timeout
      zh-cn: Timeout period for executing commands on the ECS instance
    Type: Number
    Default: 7200
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: getInstance
    Description:
      en: Views the ECS instances
      zh-cn: Retrieves ECS instances
    Action: ACS::SelectTargets
    Properties:
      RegionId: '{{ regionId }}'
      ResourceType: '{{ resourceType }}'
      Filters:
        - '{{ targets }}'
    Outputs:
      instanceIds:
        Type: List
        ValueSelector: Instances.Instance[].InstanceId
  - Name: applyPatchBaseline
    Description:
      en: Apply patch baseline on ECS instance
      zh-cn: Apply patch baseline on ECS instance
    Action: ACS::ECS::ApplyPatchBaseline
    When:
      Fn::Equals:
        - '{{ resourceType }}'
        - ALIYUN::ECS::Instance
    Properties:
      regionId: '{{ regionId }}'
      instanceId: '{{ ACS::TaskLoopItem }}'
      action: '{{ action }}'
      whetherCreateSnapshot: '{{ whetherCreateSnapshot }}'
      retentionDays: '{{ retentionDays }}'
      rebootIfNeed: '{{ rebootIfNeed }}'
      timeout: '{{ timeout }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
      Outputs:
        commandOutputs:
          AggregateType: Fn::ListJoin
          AggregateField: commandOutput
    Outputs:
      commandOutput:
        Type: String
        ValueSelector: commandOutput
  - Name: applyPatchBaselineOnManagedInstance
    Description:
      en: Apply patch baseline on ECS managed instance
      zh-cn: Apply patch baseline on ECS managed instance
    Action: ACS::ECS::ApplyPatchBaselineOnMangedInstance
    When:
      Fn::Equals:
        - '{{ resourceType }}'
        - ALIYUN::ECS::ManagedInstance
    Properties:
      regionId: '{{ regionId }}'
      instanceId: '{{ ACS::TaskLoopItem }}'
      action: '{{ action }}'
      timeout: '{{ timeout }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
      Outputs:
        commandOutputs:
          AggregateType: Fn::ListJoin
          AggregateField: commandOutput
    Outputs:
      commandOutput:
        Type: String
        ValueSelector: commandOutput
  - Name: applyPatchBaselineOnECDInstance
    Description:
      en: Apply patch baseline on ECD instance
      zh-cn: Apply patch baseline on ECD instance
    Action: ACS::ECD::ApplyPatchBaseline
    When:
      Fn::Equals:
        - '{{ resourceType }}'
        - ALIYUN::ECD::Desktop
    Properties:
      regionId: '{{ regionId }}'
      desktopId: '{{ ACS::TaskLoopItem }}'
      action: '{{ action }}'
      rebootIfNeed: '{{ rebootIfNeed }}'
      whetherCreateSnapshot: '{{ whetherCreateSnapshot }}'
      timeout: '{{ timeout }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
      Outputs:
        commandOutputs:
          AggregateType: Fn::ListJoin
          AggregateField: commandOutput
    Outputs:
      commandOutput:
        Type: String
        ValueSelector: commandOutput
Outputs:
  commandOutput:
    Type: String
    Value:
      Fn::If:
        - Fn::Equals:
            - '{{ resourceType }}'
            - ALIYUN::ECS::Instance
        - '{{ applyPatchBaseline.commandOutputs }}'
        - Fn::If:
            - Fn::Equals:
                - '{{ resourceType }}'
                - ALIYUN::ECS::ManagedInstance
            - '{{ applyPatchBaselineOnManagedInstance.commandOutputs }}'
            - '{{ applyPatchBaselineOnECDInstance.commandOutputs }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - action
          - whetherCreateSnapshot
          - retentionDays
          - rebootIfNeed
          - timeout
        Label:
          default:
            zh-cn: Configure Parameters
            en: Configure Parameters
      - Parameters:
          - regionId
          - resourceType
          - targets
        Label:
          default:
            zh-cn: Select Instances
            en: Select Instances
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: Advanced Options
            en: Control Options