-
Notifications
You must be signed in to change notification settings - Fork 17
/
ACS::ECS::ApplyPatchBaselineOnMangedInstance.yml
119 lines (118 loc) · 3.48 KB
/
ACS::ECS::ApplyPatchBaselineOnMangedInstance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
FormatVersion: OOS-2019-06-01
Description:
name-en: ACS::ECS::ApplyPatchBaselineOnMangedInstance
name-zh-cn: 在ECS托管实例中配置补丁基线
en: Apply patch baseline on ECS managed instance
zh-cn: 在ECS托管实例中配置补丁基线
Parameters:
regionId:
Description:
en: The ID of region
zh-cn: 地域ID
Type: String
Default: '{{ ACS::RegionId }}'
instanceId:
Description:
en: The ID of ECS instance
zh-cn: ECS实例ID
Type: String
action:
Description:
en: The action to apply patch baseline
zh-cn: 配置补丁基线的方式
Type: String
AllowedValues:
- install
- scan
Default: install
rebootIfNeed:
Description:
en: Whether to reboot
zh-cn: 是否重启
Type: Boolean
Default: false
timeout:
Description:
en: The value of the invocation timeout period of a command on ECS instances.
zh-cn: ECS实例中执行命令的超时时间。
Type: Number
Default: 1800
Tasks:
- Name: queryInstanceOSType
Action: 'ACS::ExecuteApi'
Description:
en: Queries ECS managed instance OS type
zh-cn: 获取托管实例的操作系统类型
Properties:
Service: ECS
API: DescribeManagedInstances
Parameters:
RegionId: '{{ regionId }}'
InstanceId:
- '{{ instanceId }}'
Outputs:
OSType:
Type: String
ValueSelector: 'Instances[].OsType'
instanceId:
Type: Json
ValueSelector: .
- Name: applyLinuxPatchBaseline
Description:
en: Apply patch baseline on Linux managed instance
zh-cn: 在Linux类型托管实例中配置补丁基线
When:
'Fn::Equals':
- '{{ queryInstanceOSType.OSType }}'
- Linux
Action: 'ACS::ECS::RunCommandForApplyPatchBaseline'
Properties:
instanceId: '{{ instanceId }}'
regionId: '{{ regionId }}'
timeout: '{{ timeout }}'
commandType: RunShellScript
commandContent: |-
#/bin/bash
if [ '{{ action }}' != 'scan' ] ; then
acs-plugin-manager --exec --plugin=patch_manager --params --operation,install,--reboot,no
else
acs-plugin-manager --exec --plugin=patch_manager --params --operation,scan
fi
Outputs:
commandOutput:
Type: String
ValueSelector: invocationOutput
- Name: applyWindowsPatchBaseline
Description:
en: Apply patch baseline on Windows instance
zh-cn: 在Windows类型实例中配置补丁基线
When:
'Fn::Equals':
- '{{ queryInstanceOSType.OSType }}'
- Windows
Action: 'ACS::ECS::RunCommandForApplyPatchBaseline'
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ instanceId }}'
timeout: '{{ timeout }}'
commandType: RunPowerShellScript
commandContent: |-
if ('{{ action }}' -eq 'scan'){
acs-plugin-manager.exe --exec --plugin=patch_manager_win --params "-operation",scan
}else{
acs-plugin-manager.exe --exec --plugin=patch_manager_win --params "-operation,install,-reboot,no"
}
Outputs:
commandOutput:
Type: String
ValueSelector: invocationOutput
Outputs:
commandOutput:
Type: String
Value:
'Fn::If':
- 'Fn::Equals':
- Linux
- '{{ queryInstanceOSType.OSType }}'
- '{{ applyLinuxPatchBaseline.commandOutput }}'
- '{{ applyWindowsPatchBaseline.commandOutput }}'