Tencent Cloud Automation Assistant (TencentCloud Automation Tools, TAT) is a native operation and deployment tool for Cloud Virtual Machine (CVM) and Lighthouse instances. The Automation Assistant provides an automated remote operation method, allowing batch execution of commands (Shell, PowerShell, etc.) without the need for login credentials. It can be used to run automated operation scripts, poll processes, install/uninstall software, update applications, and install patches.

This plugin encapsulates the Remote Command Execution API and the Query Execution Task API.

The Automation Assistant must be enabled for the instance (free of charge).

1. Log in to the Tencent Cloud console, click on your avatar in the top right corner, and select "Access Management"
2. In the left menu, select "Access Keys" > "API Key Management"
3. Click "Create Key" to create a new API key
4. Save the generated SecretId and SecretKey. The SecretKey is only displayed once during creation, so please keep it safe

1. Log in to the Tencent Cloud console and go to the "Cloud Virtual Machine (CVM)" or "Lighthouse" product page
2. Find the instance you want to operate on in the instance list
3. Instance ID format is ins-xxxxxxxx

1. Log in to the Tencent Cloud console, you can view the current region in the top left corner of the instance list page
2. Region format is ap-city_code, such as ap-guangzhou (Guangzhou), ap-beijing (Beijing), etc.
3. You can also get the complete region list through the Query Region List API

If you are already inside an instance, you can get instance information through the instance metadata service:

# Get instance ID, only for CVM
curl http://metadata.tencentyun.com/latest/meta-data/instance-id

# Get instance region
curl http://metadata.tencentyun.com/latest/meta-data/placement/region

Note: The instance metadata service can only be accessed from within the instance, and the data is not encrypted. Please take appropriate measures to protect sensitive data.

• secret_id: Required, Tencent Cloud API key SecretId.
• secret_key: Required, Tencent Cloud API key SecretKey.
• region: Required, Tencent Cloud region, e.g., ap-guangzhou.
• instance_ids: Required, List of instance IDs, separated by ,, ;, or newline, e.g., ins-123456,ins-123456.
• script: Required, Command to execute, e.g., ls -l. The plugin will encode it in base64. Parameters like {{some-key}} can be used, which can be defined in the plugin's parameters field.
• command_type: Optional, Command type. Currently supported values: SHELL, POWERSHELL, BAT. Default: SHELL.
• timeout: Optional, Command execution timeout in seconds. Default: 60 seconds.
• working_directory: Optional, Working directory for command execution. Default: /root.
• enable_parameter: Optional, Whether to enable parameters. Default: false.
• parameters: Optional, Parameter definitions, e.g., {"some-key": "some-value"}, which can be used in the plugin's script parameter.
• username: Optional, Username for command execution. Default: root.
• interval: Optional, Polling interval for execution results in milliseconds. Default: 10000 milliseconds.
• query_instance: Optional, Whether to query instance execution results after completion. Default: false.

For detailed parameter information, refer to the API documentation.

The plugin parameter script corresponds to the API parameter content, and the plugin will automatically encode it in base64.

Define Tencent Cloud API keys in a secret repository file, e.g., env.yml:

# env.yml
SECRET_ID: xxx
SECRET_KEY: xxx

# Declare that this secret repository file can be referenced by specified repositories
allow_slugs:
  - your-group/your-repo

# Declare that this secret repository file can be referenced by tcloud-cmd plugin tasks
allow_images:
  - tencentcom/tcloud-cmd

Example 1:

# .cnb.yml
main:
  push:
    - stages:
      - name: tcloud-cmd
        # Reference the secret repository file
        imports: https://xxx/env.yml
        image: tencentcom/tcloud-cmd
        settings:
          secret_id: ${SECRET_ID}
          secret_key: ${SECRET_KEY}
          region: ap-guangzhou
          instance_ids: ins-123456,ins-123456
          script: ls
          query_instance: true

Example 2:

# .cnb.yml
main:
  push:
    - stages:
      - name: tcloud-cmd
        imports: https://xxx/env.yml
        image: tencentcom/tcloud-cmd
        settings:
          secret_id: ${SECRET_ID}
          secret_key: ${SECRET_KEY}
          region: ap-guangzhou
          instance_ids: ins-123456,ins-123456
          script: ls {{some-path}}
          enable_parameter: true
          parameters: {"some-path": "some-directory"}
          query_instance: true

docker run --rm \
    -e TZ=Asia/Shanghai \
    -e PLUGIN_SECRET_ID='xxx' \
    -e PLUGIN_SECRET_KEY='xxx' \
    -e PLUGIN_REGION='ap-guangzhou' \
    -e PLUGIN_SCRIPT='ls {{directory}}' \
    -e PLUGIN_INSTANCE_IDS='ins-xxx,ins-xxx' \
    -e PLUGIN_WORKING_DIRECTORY='xxx' \
    -e PLUGIN_ENABLE_PARAMETER='true' \
    -e PLUGIN_PARAMETERS='{"directory": "xxx"}' \
    -e PLUGIN_USERNAME=root \
    -e PLUGIN_COMMAND_TYPE=SHELL \
    -e PLUGIN_TIMEOUT=10 \
    -v $(pwd):$(pwd) \
    -w $(pwd) \
    tencentcom/tcloud-cmd