通過Terraform添加並配置CDN網域名稱的操作步驟及前提條件 - CDN

阿里雲CDN產品已經接入Terraform，可以通過Terraform來實現快速配置。本文介紹如何使用Terraform添加CDN網域名稱，並且為網域名稱添加功能配置。

背景資訊

HashiCorp Terraform 是一個IT基礎架構自動化編排工具，可以用代碼來管理維護 IT 資源。Terraform的命令列介面（CLI）提供一種簡單機制，用於將設定檔部署到阿里雲或其他任意支援的雲上，並對其進資料列版本設定。它編寫了描述雲資源拓撲的設定檔中的基礎結構，例如虛擬機器、儲存賬戶和網路介面。

Terraform是一個高度可擴充的工具，通過 Provider 來支援新的基礎架構。Terraform能夠讓您在阿里雲上便於使用簡單範本語言來定義、預覽和部署雲基礎結構。您可以使用Terraform來建立、修改、刪除ECS、VPC、RDS、SLB等多種資源。

阿里雲作為中國內地第一家與 Terraform 整合的雲廠商，terraform-provider-alicloud目前已經提供了超過 163 個 Resource 和 113 個 Data Source，覆蓋計算，儲存，網路，負載平衡，CDN，Container Service，中介軟體，存取控制，資料庫等超過35款產品，已經滿足了大量大客戶的自動化上雲需求。

關於Terraform的更多資訊，具體請參見什麼是Terraform。

前提條件

已完成Terraform的安裝與配置，Terraform支援常見的macOS、Windows、Linux作業系統，具體操作請參見在本地安裝和配置Terraform。
若本地未安裝Terraform，您可以通過Cloud Shell配置Terraform。阿里雲Cloud Shell是一款協助提升營運效率的免費產品，預裝了Terraform的組件，並配置好身份憑證（credentials），因此您可直接在Cloud Shell中運行Terraform的命令。具體操作請參見在Cloud Shell中使用Terraform。

操作步驟

說明

以下的操作流程以在Cloud Shell中使用Terraform添加並配置CDN網域名稱進行示範。

開啟瀏覽器，訪問Cloud Shell的地址https://shell.alibabacloud.com/。
更多Cloud Shell入口及使用請參見使用雲命令列。
登入Cloud Shell。
說明
建議您使用RAM帳號登入，為確保您的阿里雲帳號的安全，如非必要，避免使用阿里雲帳號訪問雲資源。
編寫Terraform模板。
Terraform模板可以用於初始化provider和添加resource配置，使用Terraform配置文法編寫之後以.tf尾碼儲存為資源檔。
您可以在Terraform官網的alicloud頁面上查看添加和配置阿里雲CDN網域名稱的文法規則。
使用vim命令直接編寫模板：
```
shell@Alicloud:~$ vim provider.tf
```
以下為provider.tf檔案的樣本內容：
說明
resource參數的可選欄位可以在terraform官網文檔 Alibaba Cloud Provider CDN產品目錄下尋找到。
cdn_type、scope、sources參數欄位的配置方法參見AddCdnDomain - 添加網域名稱中同名的請求參數。
function_name參數的可選欄位以及function_arg 的配置方法請參見網域名稱配置功能函數。
```
# 定義provider是阿里雲
provider "alicloud" {}

# 添加一個加速網域名稱
resource "alicloud_cdn_domain_new" "domain" {
  domain_name = "yourcdndomain.example.com"
  cdn_type    = "download"
  scope       = "overseas"
  sources {
    content  = "172.16.0.1"
    type     = "ipaddr"
    priority = "20"
    port     = 80
    weight   = "15"
  }
}

# 為加速網域名稱配置一個訪問IP白名單
resource "alicloud_cdn_domain_config" "config" {
  domain_name   = alicloud_cdn_domain_new.domain.domain_name
  function_name = "ip_allow_list_set"
  function_args {
    arg_name  = "ip_list"
    arg_value = "192.168.0.1"
  }
}
```
執行terraform init命令初始化配置。
此步驟中，Terraform會自動檢測.tf檔案中的provider欄位，然後發送請求到Terraform官方GitHub下載最新版本相關資源的模組和外掛程式。若列印如下資訊，則表示初始化成功。
```
* provider.alicloud: version = "~> 1.171"
Terraform has been successfully initialized!
```

執行terraform plan命令預覽配置，用於校正配置。

shell@Alicloud:~$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # alicloud_cdn_domain_config.config will be created
  + resource "alicloud_cdn_domain_config" "config" {
      + config_id     = (known after apply)
      + domain_name   = "yourcdndomain.example.com"
      + function_name = "ip_allow_list_set"
      + id            = (known after apply)
      + status        = (known after apply)

      + function_args {
          + arg_name  = "ip_list"
          + arg_value = "192.168.0.1"
        }
    }

  # alicloud_cdn_domain_new.domain will be created
  + resource "alicloud_cdn_domain_new" "domain" {
      + cdn_type          = "download"
      + cname             = (known after apply)
      + domain_name       = "yourcdndomain.example.cn"
      + id                = (known after apply)
      + resource_group_id = (known after apply)
      + scope             = "overseas"

      + certificate_config {
          + cert_name                 = (known after apply)
          + cert_type                 = (known after apply)
          + force_set                 = (known after apply)
          + private_key               = (sensitive value)
          + server_certificate        = (sensitive value)
          + server_certificate_status = (known after apply)
        }

      + sources {
          + content  = "172.16.0.1"
          + port     = 80
          + priority = 20
          + type     = "ipaddr"
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

執行terraform apply添加CDN加速網域名稱和對應的配置。

運行apply命令以後，還需要校對配置，確認無誤後輸入yes二次確認，然後就開始執行，接著等待幾分鐘。

說明

參數前面的+代表新添加的資源，當銷毀資源時，參數前面對應的符號會變為-；更改一些參數需要重新部署資源時，該資源前面的符號為-/+；在舊參數和新參數內容之間有→符號標識。

shell@Alicloud:~$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # alicloud_cdn_domain_config.config will be created
  + resource "alicloud_cdn_domain_config" "config" {
      + config_id     = (known after apply)
      + domain_name   = "yourcdndomain.example.com"
      + function_name = "ip_allow_list_set"
      + id            = (known after apply)
      + status        = (known after apply)

      + function_args {
          + arg_name  = "ip_list"
          + arg_value = "192.168.0.1"
        }
    }

  # alicloud_cdn_domain_new.domain will be created
  + resource "alicloud_cdn_domain_new" "domain" {
      + cdn_type          = "download"
      + cname             = (known after apply)
      + domain_name       = "yourcdndomain.example.com"
      + id                = (known after apply)
      + resource_group_id = (known after apply)
      + scope             = "overseas"

      + certificate_config {
          + cert_name                 = (known after apply)
          + cert_type                 = (known after apply)
          + force_set                 = (known after apply)
          + private_key               = (sensitive value)
          + server_certificate        = (sensitive value)
          + server_certificate_status = (known after apply)
        }

      + sources {
          + content  = "172.16.0.1"
          + port     = 80
          + priority = 20
          + type     = "ipaddr"
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

alicloud_cdn_domain_new.domain: Creating...
alicloud_cdn_domain_new.domain: Still creating... [10s elapsed]
alicloud_cdn_domain_new.domain: Still creating... [20s elapsed]
alicloud_cdn_domain_new.domain: Still creating... [30s elapsed]
alicloud_cdn_domain_new.domain: Still creating... [40s elapsed]

命令執行成功之後，將會看到以下的命令提示，也可以登入CDN控制台上查看已經添加的加速網域名稱及其配置。

alicloud_cdn_domain_new.domain: Still creating... [7m10s elapsed]
alicloud_cdn_domain_new.domain: Still creating... [7m20s elapsed]
alicloud_cdn_domain_new.domain: Creation complete after 7m24s [id=yourcdndomain.example.com]
alicloud_cdn_domain_config.config: Creating...
alicloud_cdn_domain_config.config: Still creating... [10s elapsed]
alicloud_cdn_domain_config.config: Still creating... [20s elapsed]
alicloud_cdn_domain_config.config: Still creating... [30s elapsed]
alicloud_cdn_domain_config.config: Creation complete after 36s [id=yourcdndomain.example.com:ip_allow_list_set:238025248620544]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
shell@Alicloud:~$