阿里云CDN产品已经接入Terraform,可以通过Terraform来实现快速配置。本文介绍如何使用Terraform添加CDN域名,并且为域名添加功能配置。
背景信息
HashiCorp Terraform 是一个IT基础架构自动化编排工具,可以用代码来管理维护 IT 资源。Terraform的命令行接口(CLI)提供一种简单机制,用于将配置文件部署到阿里云或其他任意支持的云上,并对其进行版本控制。它编写了描述云资源拓扑的配置文件中的基础结构,例如虚拟机、存储账户和网络接口。
Terraform是一个高度可扩展的工具,通过 Provider 来支持新的基础架构。Terraform能够让您在阿里云上轻松使用 简单模板语言 来定义、预览和部署云基础结构。您可以使用Terraform来创建、修改、删除ECS、VPC、RDS、SLB等多种资源。
阿里云作为中国内地第一家与 Terraform 集成的云厂商,terraform-provider-alicloud目前已经提供了超过 163 个 Resource 和 113 个 Data Source,覆盖计算,存储,网络,负载均衡,CDN,容器服务,中间件,访问控制,数据库等超过35款产品,已经满足了大量大客户的自动化上云需求。
关于Terraform的更多信息,具体请参见什么是Terraform。
前提条件
已完成Terraform的安装与配置,Terraform支持常见的macOS、Windows、Linux操作系统,具体操作请参见在本地安装和配置Terraform。
若本地未安装Terraform,您可以通过Cloud Shell配置Terraform。阿里云Cloud Shell是一款帮助提升运维效率的免费产品,预装了Terraform的组件,并配置好身份凭证(credentials),因此您可直接在Cloud Shell中运行Terraform的命令。具体操作请参见在Cloud Shell中使用Terraform。
操作步骤
以下的操作流程以在Cloud Shell中使用Terraform添加并配置CDN域名进行演示。
打开浏览器,访问Cloud Shell的地址https://shell.alibabacloud.com/。
更多Cloud Shell入口及使用请参见使用云命令行。
登录Cloud Shell。
说明建议您使用RAM账号登录,为确保您的阿里云账号的安全,如非必要,避免使用阿里云账号访问云资源。
编写Terraform模板。
Terraform模板可以用于初始化provider和添加resource配置,使用Terraform配置语法编写之后以
.tf
后缀保存为资源文件。您可以在Terraform官网的alicloud页面上查看添加和配置阿里云CDN域名的语法规则。
使用vim命令直接编写模板:
shell@Alicloud:~$ vim provider.tf
以下为provider.tf文件的示例内容:
说明resource参数的可选字段可以在terraform官网文档 Alibaba Cloud Provider CDN产品目录下查找到。
cdn_type、scope、sources参数字段的配置方法参见AddCdnDomain - 添加域名中同名的请求参数。
function_name参数的可选字段以及function_arg 的配置方法请参见域名配置功能函数。
# 定义provider是阿里云 provider "alicloud" {} # 添加一个加速域名 resource "alicloud_cdn_domain_new" "domain" { domain_name = "yourcdndomain.example.com" cdn_type = "download" scope = "overseas" sources { content = "172.16.0.1" type = "ipaddr" priority = "20" port = 80 weight = "15" } } # 为加速域名配置一个访问IP白名单 resource "alicloud_cdn_domain_config" "config" { domain_name = alicloud_cdn_domain_new.domain.domain_name function_name = "ip_allow_list_set" function_args { arg_name = "ip_list" arg_value = "192.168.0.1" } }
执行terraform init命令初始化配置。
此步骤中,Terraform会自动检测
.tf
文件中的provider字段,然后发送请求到Terraform官方GitHub下载最新版本相关资源的模块和插件。若打印如下信息,则表示初始化成功。* provider.alicloud: version = "~> 1.171" Terraform has been successfully initialized!
执行terraform plan命令预览配置,用于校验配置。
shell@Alicloud:~$ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_cdn_domain_config.config will be created + resource "alicloud_cdn_domain_config" "config" { + config_id = (known after apply) + domain_name = "yourcdndomain.example.com" + function_name = "ip_allow_list_set" + id = (known after apply) + status = (known after apply) + function_args { + arg_name = "ip_list" + arg_value = "192.168.0.1" } } # alicloud_cdn_domain_new.domain will be created + resource "alicloud_cdn_domain_new" "domain" { + cdn_type = "download" + cname = (known after apply) + domain_name = "yourcdndomain.example.cn" + id = (known after apply) + resource_group_id = (known after apply) + scope = "overseas" + certificate_config { + cert_name = (known after apply) + cert_type = (known after apply) + force_set = (known after apply) + private_key = (sensitive value) + server_certificate = (sensitive value) + server_certificate_status = (known after apply) } + sources { + content = "172.16.0.1" + port = 80 + priority = 20 + type = "ipaddr" } } Plan: 2 to add, 0 to change, 0 to destroy.
执行terraform apply添加CDN加速域名和对应的配置。
运行apply命令以后,还需要校对配置,确认无误后输入yes二次确认,然后就开始执行,接着等待几分钟。
说明参数前面的
+
代表新添加的资源,当销毁资源时,参数前面对应的符号会变为-
;更改一些参数需要重新部署资源时,该资源前面的符号为-/+
;在旧参数和新参数内容之间有→
符号标识。shell@Alicloud:~$ terraform apply An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_cdn_domain_config.config will be created + resource "alicloud_cdn_domain_config" "config" { + config_id = (known after apply) + domain_name = "yourcdndomain.example.com" + function_name = "ip_allow_list_set" + id = (known after apply) + status = (known after apply) + function_args { + arg_name = "ip_list" + arg_value = "192.168.0.1" } } # alicloud_cdn_domain_new.domain will be created + resource "alicloud_cdn_domain_new" "domain" { + cdn_type = "download" + cname = (known after apply) + domain_name = "yourcdndomain.example.com" + id = (known after apply) + resource_group_id = (known after apply) + scope = "overseas" + certificate_config { + cert_name = (known after apply) + cert_type = (known after apply) + force_set = (known after apply) + private_key = (sensitive value) + server_certificate = (sensitive value) + server_certificate_status = (known after apply) } + sources { + content = "172.16.0.1" + port = 80 + priority = 20 + type = "ipaddr" } } Plan: 2 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_cdn_domain_new.domain: Creating... alicloud_cdn_domain_new.domain: Still creating... [10s elapsed] alicloud_cdn_domain_new.domain: Still creating... [20s elapsed] alicloud_cdn_domain_new.domain: Still creating... [30s elapsed] alicloud_cdn_domain_new.domain: Still creating... [40s elapsed]
命令执行成功之后,将会看到以下的命令提示,也可以登录CDN控制台上查看已经添加的加速域名及其配置。
alicloud_cdn_domain_new.domain: Still creating... [7m10s elapsed] alicloud_cdn_domain_new.domain: Still creating... [7m20s elapsed] alicloud_cdn_domain_new.domain: Creation complete after 7m24s [id=yourcdndomain.example.com] alicloud_cdn_domain_config.config: Creating... alicloud_cdn_domain_config.config: Still creating... [10s elapsed] alicloud_cdn_domain_config.config: Still creating... [20s elapsed] alicloud_cdn_domain_config.config: Still creating... [30s elapsed] alicloud_cdn_domain_config.config: Creation complete after 36s [id=yourcdndomain.example.com:ip_allow_list_set:238025248620544] Apply complete! Resources: 2 added, 0 changed, 0 destroyed. shell@Alicloud:~$