Nama template
ACS-ECS-ScheduleApplyPatchBaseline: Menjadwalkan penerapan baseline patch ke instance ECS tertentu.
Deskripsi template
Mengonfigurasi baseline patch untuk instance Elastic Compute Service (ECS) sesuai jadwal.
Tipe template
Otomatis
Pemilik
Alibaba Cloud
Parameter input
Parameter | Deskripsi | Tipe | Wajib | Nilai default | Batasan |
targets | Target instance | Json | Ya | ||
timerTrigger | Jenis tugas terjadwal. | Json | Ya | ||
regionId | ID wilayah. | String | Tidak | {{ ACS::RegionId }} | |
resourceType | Tipe sumber daya. | String | Tidak | ALIYUN::ECS::Instance | |
action | Mode eksekusi. | String | Tidak | install | |
whetherCreateSnapshot | Menentukan apakah akan membuat snapshot untuk disk sistem. | Boolean | Tidak | False | |
retentionDays | Periode retensi snapshot. | Number | Tidak | 7 | |
rebootIfNeed | Restart | Boolean | Tidak | False | |
timeout | Periode timeout untuk menjalankan perintah pada instance ECS. | Number | Tidak | 7.200 | |
rateControl | Konkurensi eksekusi tugas | Json | Tidak | {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10} | |
OOSAssumeRole | Peran Resource Access Management (RAM) yang diasumsikan oleh CloudOps Orchestration Service (OOS). | String | Tidak | "" |
Parameter output
Parameter | Deskripsi | Tipe |
commandOutputs | List |
Kebijakan izin yang diperlukan untuk mengeksekusi template
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateSnapshot",
"ecs:DescribeCloudAssistantStatus",
"ecs:DescribeDisks",
"ecs:DescribeInstances",
"ecs:DescribeInvocationResults",
"ecs:DescribeInvocations",
"ecs:DescribeManagedInstances",
"ecs:DescribeSnapshots",
"ecs:InvokeCommand",
"ecs:RebootInstance",
"ecs:RunCommand"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecd:CreateSnapshot",
"ecd:DescribeCloudAssistantStatus",
"ecd:DescribeDesktops",
"ecd:DescribeInvocations",
"ecd:DescribeSnapshots",
"ecd:RebootDesktops",
"ecd:RunCommand"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oos:GetApplicationGroup",
"oos:ListInstancePatchStates"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Rincian
Untuk informasi lebih lanjut, lihat ACS-ECS-ScheduleApplyPatchBaseline.yml di GitHub.
Konten Template
FormatVersion: OOS-2019-06-01
Description:
name-en: ACS-ECS-ScheduleApplyPatchBaseline
name-zh-cn: Schedules applying a patch baseline on specified ECS instances
en: Schedules applying a patch baseline on specified ECS instances.
zh-cn: Schedules applying a patch baseline on ECS instances.
Parameters:
regionId:
Label:
en: Region ID
zh-cn: Region ID
Type: String
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
resourceType:
Type: String
Label:
en: Resource type
zh-cn: Resource type
AssociationPropertyMetadata:
LocaleKey: TargetResourceType
AllowedValues:
- ALIYUN::ECS::Instance
- ALIYUN::ECS::ManagedInstance
- ALIYUN::ECD::Desktop
Default: ALIYUN::ECS::Instance
targets:
Type: Json
Label:
en: Target instance
zh-cn: Target instance
AssociationProperty: Targets
AssociationPropertyMetadata:
ResourceType: resourceType
RegionId: regionId
Status: Running
timerTrigger:
Type: Json
Label:
en: Timer trigger
zh-cn: Timer trigger
AssociationProperty: ALIYUN::OOS::Component::TimerTrigger
AssociationPropertyMetadata:
MinuteInterval: 30
action:
Label:
en: Execution mode
zh-cn: Execution mode
Type: String
AllowedValues:
- install
- scan
Default: install
AssociationPropertyMetadata:
LocaleKey: OOSPatchExecuteType
whetherCreateSnapshot:
Label:
en: Whether to create a snapshot for the system disk
zh-cn: Whether to create a snapshot for the system disk
Type: Boolean
Default: false
AssociationPropertyMetadata:
Visible:
Condition:
'Fn::Equals':
- '${action}'
- install
retentionDays:
Label:
en: Snapshot retention period in days
zh-cn: Snapshot retention period in days
Type: Number
MinValue: 1
MaxValue: 65536
Default: 7
AssociationPropertyMetadata:
Visible:
Condition:
'Fn::Equals':
- '${whetherCreateSnapshot}'
- true
rebootIfNeed:
Label:
en: Whether to restart
zh-cn: Whether to restart
Type: Boolean
Default: false
AssociationPropertyMetadata:
Visible:
Condition:
'Fn::Equals':
- '${action}'
- install
timeout:
Label:
en: The timeout period for running commands on ECS instances
zh-cn: The timeout period for running commands on ECS instances
Type: Number
Default: 7200
rateControl:
Label:
en: The concurrency rate for task execution
zh-cn: The concurrency rate for task execution
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 10
OOSAssumeRole:
Label:
en: The RAM role that OOS assumes
zh-cn: The RAM role that OOS assumes
Type: String
Default: ''
AssociationPropertyMetadata:
TimerTrigger: '${timerTrigger}'
RamRole: '{{ OOSAssumeRole }}'
Conditions:
isECSInstance:
Fn::Equals:
- '{{ resourceType }}'
- ALIYUN::ECS::Instance
isECSManagedInstance:
Fn::Equals:
- '{{ resourceType }}'
- ALIYUN::ECS::ManagedInstance
isECDInstance:
Fn::Equals:
- '{{ resourceType }}'
- ALIYUN::ECD::Desktop
Tasks:
- Name: timerTrigger
Action: ACS::TimerTrigger
Description:
en: Triggers a task based on a schedule.
zh-cn: Triggers a task based on a schedule.
Properties:
Type:
Fn::Select:
- type
- '{{timerTrigger}}'
Expression:
Fn::Select:
- expression
- '{{timerTrigger}}'
StartDate:
Fn::Select:
- startDate
- '{{ timerTrigger }}'
EndDate:
Fn::Select:
- endDate
- '{{ timerTrigger }}'
TimeZone:
Fn::Select:
- timeZone
- '{{ timerTrigger }}'
- Name: getInstance
Description:
en: Gets the specified ECS instances.
zh-cn: Gets the specified ECS instances.
Action: ACS::SelectTargets
Properties:
RegionId: '{{ regionId }}'
ResourceType: '{{ resourceType }}'
Filters:
- '{{ targets }}'
Outputs:
instanceIds:
Type: List
ValueSelector: Instances.Instance[].InstanceId
- Name: applyPatchBaseline
Description:
en: Applies a patch baseline on an ECS instance.
zh-cn: Applies a patch baseline on an ECS instance.
Action: ACS::ECS::ApplyPatchBaseline
When: isECSInstance
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ ACS::TaskLoopItem }}'
action: '{{ action }}'
whetherCreateSnapshot: '{{ whetherCreateSnapshot }}'
retentionDays: '{{ retentionDays }}'
rebootIfNeed: '{{ rebootIfNeed }}'
timeout: '{{ timeout }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.instanceIds }}'
Outputs:
commandOutputs:
AggregateType: Fn::ListJoin
AggregateField: commandOutput
Outputs:
commandOutput:
Type: String
ValueSelector: commandOutput
- Name: applyPatchBaselineOnManagedInstance
Description:
en: Applies a patch baseline on an ECS managed instance.
zh-cn: Applies a patch baseline on an ECS managed instance.
Action: ACS::ECS::ApplyPatchBaselineOnMangedInstance
When: isECSManagedInstance
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ ACS::TaskLoopItem }}'
action: '{{ action }}'
timeout: '{{ timeout }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.instanceIds }}'
Outputs:
commandOutputs:
AggregateType: Fn::ListJoin
AggregateField: commandOutput
Outputs:
commandOutput:
Type: String
ValueSelector: commandOutput
- Name: applyPatchBaselineOnECDInstance
Description:
en: Applies a patch baseline on an ECD instance.
zh-cn: Applies a patch baseline on an ECD instance.
Action: ACS::ECD::ApplyPatchBaseline
When: isECDInstance
Properties:
regionId: '{{ regionId }}'
desktopId: '{{ ACS::TaskLoopItem }}'
action: '{{ action }}'
rebootIfNeed: '{{ rebootIfNeed }}'
whetherCreateSnapshot: '{{ whetherCreateSnapshot }}'
timeout: '{{ timeout }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.instanceIds }}'
Outputs:
commandOutputs:
AggregateType: Fn::ListJoin
AggregateField: commandOutput
Outputs:
commandOutput:
Type: String
ValueSelector: commandOutput
Outputs:
commandOutputs:
Type: List
Value: '{{ applyPatchBaseline.commandOutputs }}'