文档

通过Terraform添加并配置DCDN域名

更新时间:

阿里云DCDN产品已经接入Terraform,可以通过Terraform来实现快速配置。本文介绍如何使用Terraform添加DCDN域名,并且为域名添加功能配置。

背景信息

HashiCorp Terraform 是一个IT基础架构自动化编排工具,可以用代码来管理维护 IT 资源。Terraform的命令行接口(CLI)提供一种简单机制,用于将配置文件部署到阿里云或其他任意支持的云上,并对其进行版本控制。它编写了描述云资源拓扑的配置文件中的基础结构,例如虚拟机、存储账户和网络接口。

Terraform是一个高度可扩展的工具,通过 Provider 来支持新的基础架构。Terraform能够让您在阿里云上轻松使用 简单模板语言 来定义、预览和部署云基础结构。您可以使用Terraform来创建、修改、删除ECS、VPC、RDS、SLB等多种资源。

阿里云作为中国内地第一家与 Terraform 集成的云厂商,terraform-provider-alicloud目前已经提供了超过 163 个 Resource 和 113 个 Data Source,覆盖计算,存储,网络,负载均衡,CDN,容器服务,中间件,访问控制,数据库等超过35款产品,已经满足了大量大客户的自动化上云需求。

关于Terraform的更多信息,具体请参见什么是Terraform

前提条件

  • 已完成Terraform的安装与配置,Terraform支持常见的macOS、Windows、Linux操作系统,具体操作请参见在本地安装和配置Terraform

  • 若本地未安装Terraform,您可以通过Cloud Shell配置Terraform。阿里云Cloud Shell是一款帮助提升运维效率的免费产品,预装了Terraform的组件,并配置好身份凭证(credentials),因此您可直接在Cloud Shell中运行Terraform的命令。具体操作请参见在Cloud Shell中使用Terraform

操作步骤

说明

以下的操作流程以在Cloud Shell中使用Terraform添加并配置DCDN域名进行演示。

  1. 打开浏览器,访问Cloud Shell的地址https://shell.aliyun.com

    更多Cloud Shell入口及使用请参见使用云命令行

  2. 登录Cloud Shell。

    说明

    建议您使用RAM账号登录,为确保您的阿里云账号的安全,如非必要,避免使用阿里云账号访问云资源。

  3. 编写Terraform模板。

    Terraform模板可以用于初始化provider和添加resource配置,使用Terraform配置语法编写之后以.tf后缀保存为资源文件。

    您可以在Terraform官网的alicloud页面上查看添加和配置阿里云CDN域名的语法规则。

    使用vim命令直接编写模板:

    shell@Alicloud:~$ vim provider.tf

    以下为provider.tf文件的示例内容:

    说明
    # 定义provider是阿里云
    provider "alicloud" {}
    
    # 添加一个加速域名
    resource "alicloud_dcdn_domain" "domain" {
      domain_name = "dcdn.example.com"
      scope       = "overseas"
      sources {
        content  = "172.16.0.1"
        type     = "ipaddr"
        priority = "20"
        port     = 80
        weight   = "15"
      }
    }
    
    # 为加速域名配置一个访问IP白名单
    resource "alicloud_dcdn_domain_config" "config" {
      domain_name   = alicloud_cdn_domain_new.domain.domain_name
      function_name = "ip_allow_list_set"
      function_args {
        arg_name  = "ip_list"
        arg_value = "192.168.0.1"
      }
    }
  4. 执行terraform init命令初始化配置。

    此步骤中,Terraform会自动检测.tf文件中的provider字段,然后发送请求到Terraform官方GitHub下载最新版本相关资源的模块和插件。若打印如下信息,则表示初始化成功。

    * provider.alicloud: version = "~> 1.171"
    Terraform has been successfully initialized!
  5. 执行terraform plan命令预览配置,用于校验配置。

    shell@Alicloud:~$ terraform plan
    Refreshing Terraform state in-memory prior to plan...
    The refreshed state will be used to calculate this plan, but will not be
    persisted to local or remote state storage.
    
    
    ------------------------------------------------------------------------
    
    An execution plan has been generated and is shown below.
    Resource actions are indicated with the following symbols:
      + create
    
    Terraform will perform the following actions:
    
      # alicloud_dcdn_domain_config.config will be created
      + resource "alicloud_dcdn_domain_config" "config" {
          + config_id     = (known after apply)
          + domain_name   = "dcdn.example.com"
          + function_name = "ip_allow_list_set"
          + id            = (known after apply)
          + status        = (known after apply)
    
          + function_args {
              + arg_name  = "ip_list"
              + arg_value = "192.168.0.1"
            }
        }
    
      # alicloud_dcdn_domain.domain will be created
      + resource "alicloud_dcdn_domain" "domain" {
          + cname             = (known after apply)
          + domain_name       = "dcdn.example.cn"
          + id                = (known after apply)
          + resource_group_id = (known after apply)
          + scope             = "overseas"
    
          + certificate_config {
              + cert_name                 = (known after apply)
              + cert_type                 = (known after apply)
              + force_set                 = (known after apply)
              + private_key               = (sensitive value)
              + server_certificate        = (sensitive value)
              + server_certificate_status = (known after apply)
            }
    
          + sources {
              + content  = "172.16.0.1"
              + port     = 80
              + priority = “20”
              + type     = "ipaddr"
              + weight   = "15"
            }
        }
    
    Plan: 2 to add, 0 to change, 0 to destroy.
  6. 执行terraform apply添加DCDN加速域名和对应的配置。

    运行apply命令以后,还需要校对配置,确认无误后输入yes二次确认,然后就开始执行,接着等待几分钟。

    说明

    参数前面的+代表新添加的资源,当销毁资源时,参数前面对应的符号会变为-;更改一些参数需要重新部署资源时,该资源前面的符号为-/+;在旧参数和新参数内容之间有符号标识。

    shell@Alicloud:~$ terraform apply
    
    An execution plan has been generated and is shown below.
    Resource actions are indicated with the following symbols:
      + create
    
    Terraform will perform the following actions:
    
      # alicloud_dcdn_domain_config.config will be created
      + resource "alicloud_dcdn_domain_config" "config" {
          + config_id     = (known after apply)
          + domain_name   = "dcdn.example.com"
          + function_name = "ip_allow_list_set"
          + id            = (known after apply)
          + status        = (known after apply)
    
          + function_args {
              + arg_name  = "ip_list"
              + arg_value = "192.168.0.1"
            }
        }
    
      # alicloud_dcdn_domain.domain will be created
      + resource "alicloud_dcdn_domain" "domain" {
          + cname             = (known after apply)
          + domain_name       = "dcdn.example.com"
          + id                = (known after apply)
          + resource_group_id = (known after apply)
          + scope             = "overseas"
    
          + certificate_config {
              + cert_name                 = (known after apply)
              + cert_type                 = (known after apply)
              + force_set                 = (known after apply)
              + private_key               = (sensitive value)
              + server_certificate        = (sensitive value)
              + server_certificate_status = (known after apply)
            }
    
          + sources {
              + content  = "172.16.0.1"
              + port     = 80
              + priority = “20”
              + type     = "ipaddr"
              + weight   = "15"
            }
        }
    
    Plan: 2 to add, 0 to change, 0 to destroy.
    
    Do you want to perform these actions?
      Terraform will perform the actions described above.
      Only 'yes' will be accepted to approve.
    
      Enter a value: yes
    
    alicloud_dcdn_domain.domain: Creating...
    alicloud_dcdn_domain.domain: Still creating... [10s elapsed]
    alicloud_dcdn_domain.domain: Still creating... [20s elapsed]
    alicloud_dcdn_domain.domain: Still creating... [30s elapsed]
    alicloud_dcdn_domain.domain: Still creating... [40s elapsed]
  7. 命令执行成功之后,将会看到以下的命令提示,也可以登录DCDN控制台上查看已经添加的加速域名及其配置。

    alicloud_dcdn_domain.domain: Still creating... [7m10s elapsed]
    alicloud_dcdn_domain.domain: Still creating... [7m20s elapsed]
    alicloud_dcdn_domain.domain: Creation complete after 7m24s [id=dcdn.example.com]
    alicloud_dcdn_domain_config.config: Creating...
    alicloud_dcdn_domain_config.config: Still creating... [10s elapsed]
    alicloud_dcdn_domain_config.config: Still creating... [20s elapsed]
    alicloud_dcdn_domain_config.config: Still creating... [30s elapsed]
    alicloud_dcdn_domain_config.config: Creation complete after 36s [id=dcdn.example.com:ip_allow_list_set:238025248620544]
    
    Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
    shell@Alicloud:~$