-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathACS-ECS-RepairImage.yml
387 lines (387 loc) · 12 KB
/
ACS-ECS-RepairImage.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
FormatVersion: OOS-2019-06-01
Description:
zh-cn: 镜像修复, 镜像修复是基于镜像检测的结果对镜像进行离线修复, 关于镜像检测 https://help.aliyun.com/zh/ecs/user-guide/overview-18,
修复流程会首先基于Alibaba cloud linux镜像创建一台修复实例,将您的镜像的快照创建云盘挂载到修复实例上,离线修复数据盘,然后将修复后的数据盘创建新的镜像。
一些限制 1)当您的镜像的系统类型是如ubuntu 22.04 64位等公共镜像系统类型时,修复后生成的镜像类型会是如ubuntu_64位自定义镜像系统类型。
en: Image repair, which is an offline repair of an image based on the results of image check, Please refer to this document for image check https://www.alibabacloud.com/help/en/ecs/user-guide/overview-18
The repair process will first create a repair instance based on the Alibaba cloud Linux image, create a cloud disk snapshot of your image, mount it to the repair instance, repair the data disk offline, and then create a new image of the repaired data disk.
name-en: ACS-ECS-RepairImage
name-zh-cn: 修复镜像
categories:
- image_manage
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: 地域ID
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
zoneId:
Type: String
Label:
en: VSwitch Availability Zone
zh-cn: 交换机可用区
AssociationProperty: ALIYUN::ECS::ZoneId
AssociationPropertyMetadata:
RegionId: regionId
repairImageId:
Type: String
Label:
en: ImageId that needs to be repaired
zh-cn: 修复镜像ID
AssociationProperty: ALIYUN::ECS::Image::ImageId
AssociationPropertyMetadata:
RegionId: regionId
SupportedImageOwnerAlias:
- self
OSType: linux
baseImageId:
Type: String
Label:
en: BaseImage
zh-cn: 基础镜像
Description:
en: (The basic image is used to create a repair instance. You need to select a basic image with the same architecture as the repair target image. For example, the custom image you want to repair is x86_64, please select aliyun_3_X64 image)
zh-cn: <font color='red'>基础镜像用来创建修复实例, 您需要选择和修复目标镜像同架构的基础镜像, 如您要修复的自定义镜像是x86_64镜像,请选择 aliyun_3_x64 镜像</font>
AllowedValues:
- aliyun_3_x64_20G_alibase_20230727.vhd
- aliyun_3_arm64_20G_alibase_20230731.vhd
instanceType:
Label:
en: InstanceType
zh-cn: 实例类型
Type: String
AssociationProperty: ALIYUN::ECS::Instance::InstanceType
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
securityGroupId:
Label:
en: SecurityGroupId
zh-cn: 安全组
Type: String
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
AssociationPropertyMetadata:
RegionId: regionId
vSwitchId:
Label:
en: VSwitchId
zh-cn: 交换机
Type: String
AssociationProperty: ALIYUN::VPC::VSwitch::VSwitchId
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
Filters:
- SecurityGroupId: securityGroupId
systemDiskCategory:
Label:
en: SystemDiskCategory
zh-cn: 系统盘的云盘种类
Type: String
AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory
AssociationPropertyMetadata:
RegionId: regionId
InstanceType: instanceType
Default: cloud_essd
repairItems:
Label:
en: RepairItems
zh-cn: 修复项目
Type: List
AllowedValues:
- all
- assist
- aegis
- growpart
- virtio
- selinux
- dhcp
- grub
- fstab
- nvme
- cloudinit
Default: assist
Tasks:
- Name: checkImage
Action: ACS::CheckFor
Description:
en: Check if the image is x86_ 64 or arm64
zh-cn: 检查镜像是否为x86_64或arm64
Properties:
Service: ECS
API: DescribeImages
Parameters:
RegionId: '{{ regionId }}'
ImageId: '{{ repairImageId }}'
DesiredValues:
- x86_64
- arm64
PropertySelector: Images.Image[0].Architecture
Outputs:
architecture:
Type: String
ValueSelector: Images.Image[0].Architecture
snapshotId:
Type: String
ValueSelector: Images.Image[0].DiskDeviceMappings.DiskDeviceMapping[0].SnapshotId
imageName:
Type: String
ValueSelector: Images.Image[0].ImageName
osType:
Type: String
ValueSelector: Images.Image[0].OSType
platform:
Type: String
ValueSelector: Images.Image[0].Platform
bootMode:
Type: String
ValueSelector: Images.Image[0].BootMode
- Name: runInstances
Action: ACS::ExecuteAPI
Description:
en: Creates one ECS instances
zh-cn: 创建一个ECS实例
Properties:
Service: ECS
API: RunInstances
Parameters:
RegionId: '{{ regionId }}'
Amount: 1
ImageId: '{{ baseImageId }}'
InstanceType: '{{ instanceType }}'
InstanceName: 'image_repair_please_no_delete'
SecurityGroupId: '{{ securityGroupId }}'
VSwitchId: '{{ vSwitchId }}'
InternetMaxBandwidthIn: 200
InternetMaxBandwidthOut: 0
SystemDiskCategory: '{{ systemDiskCategory }}'
DataDisk:
- SnapshotId: '{{ checkImage.snapshotId }}'
DiskName: 'image_repair_{{ checkImage.snapshotId }}'
Category: '{{ systemDiskCategory }}'
InstanceChargeType: PostPaid
Outputs:
instanceId:
Type: String
ValueSelector: InstanceIdSets.InstanceIdSet[0]
- Name: untilInstanceReady
Action: ACS::WaitFor
Description:
en: Waits for the created instances to be Running status
zh-cn: 等待创建的实例进入运行中状态
Properties:
Service: ECS
API: DescribeInstances
Parameters:
RegionId: '{{ regionId }}'
InstanceIds:
- '{{ runInstances.instanceId }}'
DesiredValues:
- Running
PropertySelector: Instances.Instance[0].Status
- Name: checkForCreatedDiskReady
Action: ACS::CheckFor
Description:
en: Checks the disk status Available
zh-cn: 检测云盘的状态是否为可用的
OnError: stopInstances
Properties:
Service: ECS
API: DescribeDisks
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
DesiredValues:
- In_use
PropertySelector: Disks.Disk[0].Status
Outputs:
diskSN:
Type: String
ValueSelector: Disks.Disk[0].SerialNumber
diskId:
Type: String
ValueSelector: Disks.Disk[0].DiskId
- Name: runCommandOpenselinux
Action: ACS::ECS::RunCommand
Description:
en: Run cloud assistant command on ECS instance
zh-cn: 在实例中运行命令
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
commandContent: sed -i s/^SELINUX=.*/SELINUX=permissive/g /etc/selinux/config
commandType: RunShellScript
instanceId: '{{ runInstances.instanceId }}'
Outputs:
invocationOutput:
Type: String
ValueSelector: invocationOutput
- Name: rebootInstance
Action: ACS::ECS::RebootInstance
Description:
en: Reboot Instance
zh-cn: 重启实例
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ runInstances.instanceId }}'
- Name: runCommand
Action: ACS::ECS::InvokeCommand
Description:
en: Run cloud assistant command on ECS instance
zh-cn: 在实例中运行命令
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
commandId: 'ACS-ECS-ImageRepair-for-linux.sh'
parameters:
Fn::Join:
- ''
- - '{"repairitems":'
- '"'
- Fn::Join:
- ' '
- '{{repairItems}}'
- '"'
- ',"disk_serial":"'
- '{{checkForCreatedDiskReady.diskSN}}'
- '"}'
instanceId: '{{ runInstances.instanceId }}'
Outputs:
invocationOutput:
Type: String
ValueSelector: invocationOutput
- Name: waitDiskFlush
Action: ACS::Sleep
Description:
en: Waiting for IO flash disk
zh-cn: 等待IO落盘
Properties:
Duration: 1M
- Name: createSnapshot
Action: ACS::ECS::CreateSnapshot
Description:
en: Mount a data disk for the created ECS instance
zh-cn: 为云盘创建一个快照
OnError: deleteInstance
Properties:
regionId: '{{ regionId }}'
snapshotName: 'image_repair_{{ checkForCreatedDiskReady.diskId }}'
diskId: '{{ checkForCreatedDiskReady.diskId }}'
retentionDays: 1
Outputs:
snapshotId:
Type: String
ValueSelector: snapshotId
- Name: createImage
Action: ACS::ExecuteAPI
Description:
en: Creates image
zh-cn: 用快照创建镜像
OnError: deleteSnapshot
OnSuccess: deleteInstance
Properties:
Service: ECS
API: CreateImage
Parameters:
RegionId: '{{ regionId }}'
SnapshotId: '{{ createSnapshot.snapshotId }}'
ImageName:
Fn::Join:
- '_'
- - 'repaired'
- '{{ checkImage.imageName }}'
- Fn::FormatUTCTime:
- '{{ACS::CurrentUTCTime}}'
- '%Y%m%d%H%M%S'
DetectionStrategy: Standard
Platform:
Fn::Select:
- '{{ checkImage.platform }}'
- Aliyun: Aliyun
Anolis: Anolis
CentOS: CentOS
Ubuntu: Ubuntu
SUSE: SUSE
Debian: Debian
OpenSUSE: OpenSUSE
Red Hat: RedHat
Kylin: Kylin
UOS: UOS
Fedora: Fedora
CentOS Stream: CentOS Stream
AlmaLinux: AlmaLinux
Rocky Linux: Rocky Linux
Customized Linux: Customized Linux
Others Linux: Others Linux
BootMode: '{{ checkImage.bootMode }}'
Architecture: '{{ checkImage.architecture }}'
Outputs:
imageId:
Type: String
ValueSelector: ImageId
- Name: deleteSnapshot
Action: ACS::ExecuteAPI
Description:
en: Deletes the Snapshot
zh-cn: 释放创建的快照
OnError: deleteInstance
Properties:
Service: ECS
API: DeleteSnapshot
Parameters:
RegionId: '{{ regionId }}'
SnapshotId: '{{ createSnapshot.snapshotId }}'
Force: true
- Name: stopInstances #远程命令执行失败后等待1分钟再释放,否则报错“IncorrectInstanceStatus.Initializing”(ECS工程师:阿里云的实例有一分钟保护机制,刚创建的实例需要在60s之后才能删除。)
Action: ACS::Sleep
Description:
en: Waiting for instance initialization to complete
zh-cn: 等待保护机制失效
Properties:
Duration: 1M
- Name: deleteInstance
Action: ACS::ExecuteAPI
Description:
en: Deletes the ECS instance
zh-cn: 释放创建的ECS实例
Properties:
Service: ECS
API: DeleteInstance
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
Force: true
Outputs:
imageId:
Type: String
Value: '{{ createImage.imageId }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- regionId
- repairImageId
- baseImageId
Label:
default:
zh-cn: 选择镜像
en: Select Image
- Parameters:
- zoneId
- instanceType
- securityGroupId
- vSwitchId
- systemDiskCategory
Label:
default:
zh-cn: 实例规格
en: ECS Instance Configure
- Parameters:
- repairItems
Label:
default:
zh-cn: 发送远程命令
en: Run Command