-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathACS-ECS-BulkyApplyPatchBaseline.yml
245 lines (245 loc) · 6.37 KB
/
ACS-ECS-BulkyApplyPatchBaseline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
FormatVersion: OOS-2019-06-01
Description:
name-en: ACS-ECS-BulkyApplyPatchBaseline
name-zh-cn: 批量在ECS实例中配置补丁基线
en: Bulky apply patch baseline on ECS instance
zh-cn: 批量在ECS实例中配置补丁基线
Parameters:
regionId:
Label:
en: RegionId
zh-cn: 地域ID
AssociationProperty: RegionId
Type: String
Default: '{{ ACS::RegionId }}'
resourceType:
Type: String
Label:
en: ResourceType
zh-cn: 资源类型
AssociationPropertyMetadata:
LocaleKey: TargetResourceType
AllowedValues:
- ALIYUN::ECS::Instance
- ALIYUN::ECS::ManagedInstance
- ALIYUN::ECD::Desktop
Default: ALIYUN::ECS::Instance
targets:
Label:
en: TargetInstance
zh-cn: 目标实例
Type: Json
AssociationProperty: Targets
AssociationPropertyMetadata:
ResourceType: resourceType
RegionId: regionId
action:
Label:
en: Action
zh-cn: 配置补丁基线的方式
Type: String
AllowedValues:
- install
- scan
Default: install
AssociationPropertyMetadata:
LocaleKey: OOSPatchExecuteType
whetherCreateSnapshot:
Label:
en: WhetherCreateSnapshot
zh-cn: 是否为系统盘创建快照
Type: Boolean
Default: false
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- '${action}'
- install
retentionDays:
Label:
en: RetentionDays
zh-cn: 快照保留天数
Type: Number
MinValue: 1
MaxValue: 65536
Default: 7
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- '${whetherCreateSnapshot}'
- true
rebootIfNeed:
Label:
en: RebootIfNeed
zh-cn: 是否重启
Type: Boolean
Default: false
AssociationPropertyMetadata:
Visible:
Condition:
'Fn::Equals':
- '${action}'
- install
rateControl:
Label:
en: RateControl
zh-cn: 任务执行的并发比率
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 10
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: OOS扮演的RAM角色
Type: String
Default: ''
timeout:
Label:
en: Timeout
zh-cn: ECS实例中执行命令的超时时间
Type: Number
Default: 7200
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: getInstance
Description:
en: Views the ECS instances
zh-cn: 获取ECS实例
Action: ACS::SelectTargets
Properties:
RegionId: '{{ regionId }}'
ResourceType: '{{ resourceType }}'
Filters:
- '{{ targets }}'
Outputs:
instanceIds:
Type: List
ValueSelector: Instances.Instance[].InstanceId
- Name: applyPatchBaseline
Description:
en: Apply patch baseline on ECS instance
zh-cn: 在ECS实例中配置补丁基线
Action: ACS::ECS::ApplyPatchBaseline
When:
Fn::Equals:
- '{{ resourceType }}'
- ALIYUN::ECS::Instance
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ ACS::TaskLoopItem }}'
action: '{{ action }}'
whetherCreateSnapshot: '{{ whetherCreateSnapshot }}'
retentionDays: '{{ retentionDays }}'
rebootIfNeed: '{{ rebootIfNeed }}'
timeout: '{{ timeout }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.instanceIds }}'
Outputs:
commandOutputs:
AggregateType: Fn::ListJoin
AggregateField: commandOutput
Outputs:
commandOutput:
Type: String
ValueSelector: commandOutput
- Name: applyPatchBaselineOnManagedInstance
Description:
en: Apply patch baseline on ECS managed instance
zh-cn: 在ECS托管实例中配置补丁基线
Action: ACS::ECS::ApplyPatchBaselineOnMangedInstance
When:
Fn::Equals:
- '{{ resourceType }}'
- ALIYUN::ECS::ManagedInstance
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ ACS::TaskLoopItem }}'
action: '{{ action }}'
timeout: '{{ timeout }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.instanceIds }}'
Outputs:
commandOutputs:
AggregateType: Fn::ListJoin
AggregateField: commandOutput
Outputs:
commandOutput:
Type: String
ValueSelector: commandOutput
- Name: applyPatchBaselineOnECDInstance
Description:
en: Apply patch baseline on ECD instance
zh-cn: 在ECD实例中配置补丁基线
Action: ACS::ECD::ApplyPatchBaseline
When:
Fn::Equals:
- '{{ resourceType }}'
- ALIYUN::ECD::Desktop
Properties:
regionId: '{{ regionId }}'
desktopId: '{{ ACS::TaskLoopItem }}'
action: '{{ action }}'
rebootIfNeed: '{{ rebootIfNeed }}'
whetherCreateSnapshot: '{{ whetherCreateSnapshot }}'
timeout: '{{ timeout }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.instanceIds }}'
Outputs:
commandOutputs:
AggregateType: Fn::ListJoin
AggregateField: commandOutput
Outputs:
commandOutput:
Type: String
ValueSelector: commandOutput
Outputs:
commandOutput:
Type: String
Value:
Fn::If:
- Fn::Equals:
- '{{ resourceType }}'
- ALIYUN::ECS::Instance
- '{{ applyPatchBaseline.commandOutputs }}'
- Fn::If:
- Fn::Equals:
- '{{ resourceType }}'
- ALIYUN::ECS::ManagedInstance
- '{{ applyPatchBaselineOnManagedInstance.commandOutputs }}'
- '{{ applyPatchBaselineOnECDInstance.commandOutputs }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- action
- whetherCreateSnapshot
- retentionDays
- rebootIfNeed
- timeout
Label:
default:
zh-cn: 配置参数
en: Configure Parameters
- Parameters:
- regionId
- resourceType
- targets
Label:
default:
zh-cn: 选择实例
en: Select Instances
- Parameters:
- rateControl
- OOSAssumeRole
Label:
default:
zh-cn: 高级选项
en: Control Options