通过Terraform添加并配置CDN域名的操作步骤及前提条件

阿里云CDN产品已经接入Terraform，可以通过Terraform来实现快速配置。本文介绍如何使用Terraform添加CDN域名，并且为域名添加功能配置。

背景信息

HashiCorp Terraform 是一个IT基础架构自动化编排工具，可以用代码来管理维护 IT 资源。Terraform的命令行接口（CLI）提供一种简单机制，用于将配置文件部署到阿里云或其他任意支持的云上，并对其进行版本控制。它编写了描述云资源拓扑的配置文件中的基础结构，例如虚拟机、存储账户和网络接口。

Terraform是一个高度可扩展的工具，通过 Provider 来支持新的基础架构。Terraform能够让您在阿里云上轻松使用简单模板语言来定义、预览和部署云基础结构。您可以使用Terraform来创建、修改、删除ECS、VPC、RDS、SLB等多种资源。

阿里云作为中国内地第一家与 Terraform 集成的云厂商，terraform-provider-alicloud目前已经提供了超过 163 个 Resource 和 113 个 Data Source，覆盖计算，存储，网络，负载均衡，CDN，容器服务，中间件，访问控制，数据库等超过35款产品，已经满足了大量大客户的自动化上云需求。

关于Terraform的更多信息，具体请参见什么是Terraform。

前提条件

已完成Terraform的安装与配置，Terraform支持常见的macOS、Windows、Linux操作系统，具体操作请参见在本地安装和配置Terraform。
若本地未安装Terraform，您可以通过Cloud Shell配置Terraform。阿里云Cloud Shell是一款帮助提升运维效率的免费产品，预装了Terraform的组件，并配置好身份凭证（credentials），因此您可直接在Cloud Shell中运行Terraform的命令。具体操作请参见在Cloud Shell中使用Terraform。

操作步骤

说明

以下的操作流程以在Cloud Shell中使用Terraform添加并配置CDN域名进行演示。

打开浏览器，访问Cloud Shell的地址https://shell.aliyun.com。
更多Cloud Shell入口及使用请参见使用云命令行。
登录Cloud Shell。
说明
建议您使用RAM账号登录，为确保您的阿里云账号的安全，如非必要，避免使用阿里云账号访问云资源。
编写Terraform模板。
Terraform模板可以用于初始化provider和添加resource配置，使用Terraform配置语法编写之后以.tf后缀保存为资源文件。
您可以在Terraform官网的alicloud页面上查看添加和配置阿里云CDN域名的语法规则。
使用vim命令直接编写模板：
```
shell@Alicloud:~$ vim provider.tf
```
以下为provider.tf文件的示例内容：
说明
resource参数的可选字段可以在terraform官网文档 Alibaba Cloud Provider CDN产品目录下查找到。
cdn_type、scope、sources参数字段的配置方法参见AddCdnDomain - 添加域名中同名的请求参数。
function_name参数的可选字段以及function_arg 的配置方法请参见域名配置功能函数。
```
# 定义provider是阿里云
provider "alicloud" {}

# 添加一个加速域名
resource "alicloud_cdn_domain_new" "domain" {
  domain_name = "yourcdndomain.example.com"
  cdn_type    = "download"
  scope       = "overseas"
  sources {
    content  = "172.16.0.1"
    type     = "ipaddr"
    priority = "20"
    port     = 80
    weight   = "15"
  }
}

# 为加速域名配置一个访问IP白名单
resource "alicloud_cdn_domain_config" "config" {
  domain_name   = alicloud_cdn_domain_new.domain.domain_name
  function_name = "ip_allow_list_set"
  function_args {
    arg_name  = "ip_list"
    arg_value = "192.168.0.1"
  }
}
```
执行terraform init命令初始化配置。
此步骤中，Terraform会自动检测.tf文件中的provider字段，然后发送请求到Terraform官方GitHub下载最新版本相关资源的模块和插件。若打印如下信息，则表示初始化成功。
```
* provider.alicloud: version = "~> 1.171"
Terraform has been successfully initialized!
```

执行terraform plan命令预览配置，用于校验配置。

shell@Alicloud:~$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # alicloud_cdn_domain_config.config will be created
  + resource "alicloud_cdn_domain_config" "config" {
      + config_id     = (known after apply)
      + domain_name   = "yourcdndomain.example.com"
      + function_name = "ip_allow_list_set"
      + id            = (known after apply)
      + status        = (known after apply)

      + function_args {
          + arg_name  = "ip_list"
          + arg_value = "192.168.0.1"
        }
    }

  # alicloud_cdn_domain_new.domain will be created
  + resource "alicloud_cdn_domain_new" "domain" {
      + cdn_type          = "download"
      + cname             = (known after apply)
      + domain_name       = "yourcdndomain.example.cn"
      + id                = (known after apply)
      + resource_group_id = (known after apply)
      + scope             = "overseas"

      + certificate_config {
          + cert_name                 = (known after apply)
          + cert_type                 = (known after apply)
          + force_set                 = (known after apply)
          + private_key               = (sensitive value)
          + server_certificate        = (sensitive value)
          + server_certificate_status = (known after apply)
        }

      + sources {
          + content  = "172.16.0.1"
          + port     = 80
          + priority = 20
          + type     = "ipaddr"
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

执行terraform apply添加CDN加速域名和对应的配置。

运行apply命令以后，还需要校对配置，确认无误后输入yes二次确认，然后就开始执行，接着等待几分钟。

说明

参数前面的+代表新添加的资源，当销毁资源时，参数前面对应的符号会变为-；更改一些参数需要重新部署资源时，该资源前面的符号为-/+；在旧参数和新参数内容之间有→符号标识。

shell@Alicloud:~$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # alicloud_cdn_domain_config.config will be created
  + resource "alicloud_cdn_domain_config" "config" {
      + config_id     = (known after apply)
      + domain_name   = "yourcdndomain.example.com"
      + function_name = "ip_allow_list_set"
      + id            = (known after apply)
      + status        = (known after apply)

      + function_args {
          + arg_name  = "ip_list"
          + arg_value = "192.168.0.1"
        }
    }

  # alicloud_cdn_domain_new.domain will be created
  + resource "alicloud_cdn_domain_new" "domain" {
      + cdn_type          = "download"
      + cname             = (known after apply)
      + domain_name       = "yourcdndomain.example.com"
      + id                = (known after apply)
      + resource_group_id = (known after apply)
      + scope             = "overseas"

      + certificate_config {
          + cert_name                 = (known after apply)
          + cert_type                 = (known after apply)
          + force_set                 = (known after apply)
          + private_key               = (sensitive value)
          + server_certificate        = (sensitive value)
          + server_certificate_status = (known after apply)
        }

      + sources {
          + content  = "172.16.0.1"
          + port     = 80
          + priority = 20
          + type     = "ipaddr"
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

alicloud_cdn_domain_new.domain: Creating...
alicloud_cdn_domain_new.domain: Still creating... [10s elapsed]
alicloud_cdn_domain_new.domain: Still creating... [20s elapsed]
alicloud_cdn_domain_new.domain: Still creating... [30s elapsed]
alicloud_cdn_domain_new.domain: Still creating... [40s elapsed]

命令执行成功之后，将会看到以下的命令提示，也可以登录CDN控制台上查看已经添加的加速域名及其配置。

alicloud_cdn_domain_new.domain: Still creating... [7m10s elapsed]
alicloud_cdn_domain_new.domain: Still creating... [7m20s elapsed]
alicloud_cdn_domain_new.domain: Creation complete after 7m24s [id=yourcdndomain.example.com]
alicloud_cdn_domain_config.config: Creating...
alicloud_cdn_domain_config.config: Still creating... [10s elapsed]
alicloud_cdn_domain_config.config: Still creating... [20s elapsed]
alicloud_cdn_domain_config.config: Still creating... [30s elapsed]
alicloud_cdn_domain_config.config: Creation complete after 36s [id=yourcdndomain.example.com:ip_allow_list_set:238025248620544]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
shell@Alicloud:~$