From f2691906a9cfc1b4d5543e3adf3bb855374ccebc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=96=93=E6=BA=AA?= Date: Tue, 21 Oct 2025 19:58:23 +0800 Subject: [PATCH] build-an-observability-system-for-ai-applications-at-low-costs --- .../README.md | 48 ++++++ .../main.tf | 140 ++++++++++++++++++ .../outputs.tf | 14 ++ .../variables.tf | 37 +++++ 4 files changed, 239 insertions(+) create mode 100644 solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/README.md create mode 100644 solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/main.tf create mode 100644 solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/outputs.tf create mode 100644 solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/variables.tf diff --git a/solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/README.md b/solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/README.md new file mode 100644 index 000000000..8f7ccce5b --- /dev/null +++ b/solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/README.md @@ -0,0 +1,48 @@ + +本示例用于实现解决方案[使用ARMS监控自建大模型应用实现可观测](https://www.aliyun.com/solution/tech-solution-deploy/2922005), 涉及到专有网络(VPC)、交换机(VSwitch)、云服务器(ECS)、RAM 用户等资源的创建。 + + + +This example is used to implement solution [build-an-observability-system-for-ai-applications-at-low-costs](https://www.aliyun.com/solution/tech-solution-deploy/2922005). It involves the creation, and deployment of resources such as Virtual Private Cloud (VPC), VSwitch, Elastic Compute Service (ECS), and RAM users. + + + +## Providers + +| Name | Version | +|------|---------| +| [alicloud](#provider\_alicloud) | n/a | +| [random](#provider\_random) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [alicloud_ecs_command.run_command](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ecs_command) | resource | +| [alicloud_ecs_invocation.invoke_script](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ecs_invocation) | resource | +| [alicloud_instance.ecs_instance](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/instance) | resource | +| [alicloud_ram_access_key.ramak](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ram_access_key) | resource | +| [alicloud_ram_user.ram_user](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ram_user) | resource | +| [alicloud_ram_user_policy_attachment.attach_policy_to_user](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ram_user_policy_attachment) | resource | +| [alicloud_security_group.security_group](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/security_group) | resource | +| [alicloud_security_group_rule.allow_8000](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/security_group_rule) | resource | +| [alicloud_vpc.vpc](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/vpc) | resource | +| [alicloud_vswitch.vswitch](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/vswitch) | resource | +| [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [alicloud_images.default](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/data-sources/images) | data source | +| [alicloud_regions.current_region_ds](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/data-sources/regions) | data source | +| [alicloud_zones.default](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/data-sources/zones) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [arms\_license\_key](#input\_arms\_license\_key) | 当前环境 ARMS License Key。可以通过OpenAPI获取,前往,输入参数中填写RegionId(部署地域),单击发起调用,获取结果中LicenseKey对应的值。 | `string` | n/a | yes | +| [bai\_lian\_api\_key](#input\_bai\_lian\_api\_key) | 百炼 API-KEY,需开通百炼模型服务再获取 API-KEY,详情请参考:https://help.aliyun.com/zh/model-studio/developer-reference/get-api-key | `string` | n/a | yes | +| [ecs\_instance\_password](#input\_ecs\_instance\_password) | 服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)` | `string` | n/a | yes | +| [ecs\_instance\_type](#input\_ecs\_instance\_type) | 实例类型 | `string` | `"ecs.t6-c1m2.large"` | no | + \ No newline at end of file diff --git a/solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/main.tf b/solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/main.tf new file mode 100644 index 000000000..48e87b72c --- /dev/null +++ b/solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/main.tf @@ -0,0 +1,140 @@ +# ------------------------------------------------------------------------------ +# 核心资源定义 (Main Resource Definitions) +# +# 本文件包含了模块的核心基础设施资源。 +# 这里的代码负责根据输入变量来创建和配置所有云资源。 +# ------------------------------------------------------------------------------ + +# 配置阿里云提供商 (Provider) +provider "alicloud" { + region = "cn-shanghai" +} + +# 查询当前部署地域 +data "alicloud_regions" "current_region_ds" { + current = true +} + +# 查询支持指定ECS实例规格和磁盘类型的可用区 +data "alicloud_zones" "default" { + available_disk_category = "cloud_essd" + available_resource_creation = "VSwitch" + available_instance_type = var.ecs_instance_type +} + +# 创建一个随机ID,用于生成唯一的资源名称后缀,避免命名冲突 +resource "random_string" "suffix" { + length = 8 + lower = true + upper = false + numeric = false + special = false +} + +# 定义一个局部变量,将随机ID用作通用名称后缀 +locals { + common_name = random_string.suffix.id + region = data.alicloud_regions.current_region_ds.regions.0.id +} + +# 创建一个专有网络(VPC),为云资源提供一个隔离的网络环境 +resource "alicloud_vpc" "vpc" { + cidr_block = "192.168.0.0/16" + vpc_name = "vpc-${local.common_name}" +} + +# 创建一个交换机(VSwitch),用于在VPC内划分一个子网 +resource "alicloud_vswitch" "vswitch" { + vpc_id = alicloud_vpc.vpc.id + cidr_block = "192.168.0.0/24" + zone_id = data.alicloud_zones.default.zones.0.id + vswitch_name = "vswitch-${local.common_name}" +} + +# 创建一个安全组,作为虚拟防火墙来控制ECS实例的网络访问 +resource "alicloud_security_group" "security_group" { + vpc_id = alicloud_vpc.vpc.id + security_group_name = "sg-${local.common_name}" +} + +# 在安全组中添加入方向规则,允许外部流量访问8000端口 +resource "alicloud_security_group_rule" "allow" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "intranet" + policy = "accept" + port_range = "8000/8000" + priority = 1 + security_group_id = alicloud_security_group.security_group.id + cidr_ip = "192.168.0.0/24" + # 如需允许从公网访问ECS,请将cidr_ip修改为0.0.0.0/0 + # cidr_ip = "0.0.0.0/0" +} + +# 查询可用的阿里云镜像 +data "alicloud_images" "default" { + # name_regex = "^aliyun_3_x64_20G_alibase_.*" + name_regex = "^ubuntu_24_04_x64_20G_alibase_.*" + most_recent = true + owners = "system" +} + +# 创建一个RAM用户,用于后续给ECS实例授权访问其他云服务 +resource "alicloud_ram_user" "ram_user" { + name = "ram-user-${local.common_name}" +} + +# 为前面创建的RAM用户生成一个Access Key +resource "alicloud_ram_access_key" "ramak" { + user_name = alicloud_ram_user.ram_user.name +} + +# 为RAM用户附加一个系统策略 +resource "alicloud_ram_user_policy_attachment" "attach_policy_to_user" { + user_name = alicloud_ram_user.ram_user.name + # 策略类型为系统预设策略 + policy_type = "System" + # 授予日志服务的完全访问权限 + policy_name = "AliyunLogFullAccess" +} + +# 创建一台ECS实例(云服务器) +resource "alicloud_instance" "ecs_instance" { + instance_name = "ecs-${local.common_name}" + image_id = data.alicloud_images.default.images[0].id + instance_type = var.ecs_instance_type + system_disk_category = "cloud_essd" + security_groups = [alicloud_security_group.security_group.id] + vswitch_id = alicloud_vswitch.vswitch.id + password = var.ecs_instance_password + internet_max_bandwidth_out = 5 +} + +# 创建一个云助手命令,指令用于:部署示例应用,并通过应用接口来调用大模型 +resource "alicloud_ecs_command" "run_command" { + name = "command-run-${local.common_name}" + command_content = base64encode(<用实际值替换): + curl http://:8000/docs # 查看应用信息 + curl -X 'POST' 'http://:8000/agent/invoke' -H 'Content-Type: application/json' -d '{"input": {"input": "北京天气怎么样?"}}' # 调用大模型,等待返回结果。 + EOF + value = alicloud_instance.ecs_instance.public_ip +} \ No newline at end of file diff --git a/solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/variables.tf b/solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/variables.tf new file mode 100644 index 000000000..5040d3bc3 --- /dev/null +++ b/solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/variables.tf @@ -0,0 +1,37 @@ +# ------------------------------------------------------------------------------ +# 模块输入变量 (Module Input Variables) +# +# 本文件定义了该 Terraform 模块所有可配置的输入变量。 +# 每个变量都包含了详细的 'description',以说明其用途、格式和默认值逻辑。 +# 请参考这些描述来正确配置模块。 +# ------------------------------------------------------------------------------ + +# 指定创建的ECS云服务器的规格。 +variable "ecs_instance_type" { + type = string + default = "ecs.t6-c1m2.large" + description = "实例类型" +} + +# 用于登录ECS实例的密码。 +variable "ecs_instance_password" { + type = string + sensitive = true + description = "服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)" + # default = "" +} + +# 百炼API-KEY +variable "bai_lian_api_key" { + type = string + description = "百炼 API-KEY,需开通百炼模型服务再获取 API-KEY,详情请参考:https://help.aliyun.com/zh/model-studio/developer-reference/get-api-key" + # default = "" +} + +# ARMS LicenseKey +variable "arms_license_key" { + type = string + description = "当前环境 ARMS License Key。可以通过OpenAPI获取,前往,输入参数中填写RegionId(部署地域),单击发起调用,获取结果中LicenseKey对应的值。" + # default = "" +} +