Skip to content

build-an-observability-system-for-ai-applications-at-low-costs #398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 22, 2025
Merged

build-an-observability-system-for-ai-applications-at-low-costs #398

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions ...lution/build-an-observability-system-for-ai-applications-at-low-costs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
<!-- DOCS_DESCRIPTION_CN -->
本示例用于实现解决方案[使用ARMS监控自建大模型应用实现可观测](https://www.aliyun.com/solution/tech-solution-deploy/2922005), 涉及到专有网络(VPC)、交换机(VSwitch)、云服务器(ECS)、RAM 用户等资源的创建。
<!-- DOCS_DESCRIPTION_CN -->

<!-- DOCS_DESCRIPTION_EN -->
This example is used to implement solution [build-an-observability-system-for-ai-applications-at-low-costs](https://www.aliyun.com/solution/tech-solution-deploy/2922005). It involves the creation, and deployment of resources such as Virtual Private Cloud (VPC), VSwitch, Elastic Compute Service (ECS), and RAM users.
<!-- DOCS_DESCRIPTION_EN -->

<!-- BEGIN_TF_DOCS -->
## Providers

| Name | Version |
|------|---------|
| <a name="provider_alicloud"></a> [alicloud](#provider\_alicloud) | n/a |
| <a name="provider_random"></a> [random](#provider\_random) | n/a |

## Modules

No modules.

## Resources

| Name | Type |
|------|------|
| [alicloud_ecs_command.run_command](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ecs_command) | resource |
| [alicloud_ecs_invocation.invoke_script](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ecs_invocation) | resource |
| [alicloud_instance.ecs_instance](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/instance) | resource |
| [alicloud_ram_access_key.ramak](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ram_access_key) | resource |
| [alicloud_ram_user.ram_user](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ram_user) | resource |
| [alicloud_ram_user_policy_attachment.attach_policy_to_user](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ram_user_policy_attachment) | resource |
| [alicloud_security_group.security_group](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/security_group) | resource |
| [alicloud_security_group_rule.allow_8000](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/security_group_rule) | resource |
| [alicloud_vpc.vpc](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/vpc) | resource |
| [alicloud_vswitch.vswitch](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/vswitch) | resource |
| [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [alicloud_images.default](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/data-sources/images) | data source |
| [alicloud_regions.current_region_ds](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/data-sources/regions) | data source |
| [alicloud_zones.default](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/data-sources/zones) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_arms_license_key"></a> [arms\_license\_key](#input\_arms\_license\_key) | 当前环境 ARMS License Key。可以通过OpenAPI获取,前往<https://api.aliyun.com/api/ARMS/2019-08-08/DescribeTraceLicenseKey>,输入参数中填写RegionId(部署地域),单击发起调用,获取结果中LicenseKey对应的值。 | `string` | n/a | yes |
| <a name="input_bai_lian_api_key"></a> [bai\_lian\_api\_key](#input\_bai\_lian\_api\_key) | 百炼 API-KEY,需开通百炼模型服务再获取 API-KEY,详情请参考:https://help.aliyun.com/zh/model-studio/developer-reference/get-api-key | `string` | n/a | yes |
| <a name="input_ecs_instance_password"></a> [ecs\_instance\_password](#input\_ecs\_instance\_password) | 服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)` | `string` | n/a | yes |
| <a name="input_ecs_instance_type"></a> [ecs\_instance\_type](#input\_ecs\_instance\_type) | 实例类型 | `string` | `"ecs.t6-c1m2.large"` | no |
<!-- END_TF_DOCS -->
140 changes: 140 additions & 0 deletions ...tion/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
# ------------------------------------------------------------------------------
# 核心资源定义 (Main Resource Definitions)
#
# 本文件包含了模块的核心基础设施资源。
# 这里的代码负责根据输入变量来创建和配置所有云资源。
# ------------------------------------------------------------------------------

# 配置阿里云提供商 (Provider)
provider "alicloud" {
region = "cn-shanghai"
}

# 查询当前部署地域
data "alicloud_regions" "current_region_ds" {
current = true
}

# 查询支持指定ECS实例规格和磁盘类型的可用区
data "alicloud_zones" "default" {
available_disk_category = "cloud_essd"
available_resource_creation = "VSwitch"
available_instance_type = var.ecs_instance_type
}

# 创建一个随机ID,用于生成唯一的资源名称后缀,避免命名冲突
resource "random_string" "suffix" {
length = 8
lower = true
upper = false
numeric = false
special = false
}

# 定义一个局部变量,将随机ID用作通用名称后缀
locals {
common_name = random_string.suffix.id
region = data.alicloud_regions.current_region_ds.regions.0.id
}

# 创建一个专有网络(VPC),为云资源提供一个隔离的网络环境
resource "alicloud_vpc" "vpc" {
cidr_block = "192.168.0.0/16"
vpc_name = "vpc-${local.common_name}"
}

# 创建一个交换机(VSwitch),用于在VPC内划分一个子网
resource "alicloud_vswitch" "vswitch" {
vpc_id = alicloud_vpc.vpc.id
cidr_block = "192.168.0.0/24"
zone_id = data.alicloud_zones.default.zones.0.id
vswitch_name = "vswitch-${local.common_name}"
}

# 创建一个安全组,作为虚拟防火墙来控制ECS实例的网络访问
resource "alicloud_security_group" "security_group" {
vpc_id = alicloud_vpc.vpc.id
security_group_name = "sg-${local.common_name}"
}

# 在安全组中添加入方向规则,允许外部流量访问8000端口
resource "alicloud_security_group_rule" "allow" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "8000/8000"
priority = 1
security_group_id = alicloud_security_group.security_group.id
cidr_ip = "192.168.0.0/24"
# 如需允许从公网访问ECS,请将cidr_ip修改为0.0.0.0/0
# cidr_ip = "0.0.0.0/0"
}

# 查询可用的阿里云镜像
data "alicloud_images" "default" {
# name_regex = "^aliyun_3_x64_20G_alibase_.*"
name_regex = "^ubuntu_24_04_x64_20G_alibase_.*"
most_recent = true
owners = "system"
}

# 创建一个RAM用户,用于后续给ECS实例授权访问其他云服务
resource "alicloud_ram_user" "ram_user" {
name = "ram-user-${local.common_name}"
}

# 为前面创建的RAM用户生成一个Access Key
resource "alicloud_ram_access_key" "ramak" {
user_name = alicloud_ram_user.ram_user.name
}

# 为RAM用户附加一个系统策略
resource "alicloud_ram_user_policy_attachment" "attach_policy_to_user" {
user_name = alicloud_ram_user.ram_user.name
# 策略类型为系统预设策略
policy_type = "System"
# 授予日志服务的完全访问权限
policy_name = "AliyunLogFullAccess"
}

# 创建一台ECS实例(云服务器)
resource "alicloud_instance" "ecs_instance" {
instance_name = "ecs-${local.common_name}"
image_id = data.alicloud_images.default.images[0].id
instance_type = var.ecs_instance_type
system_disk_category = "cloud_essd"
security_groups = [alicloud_security_group.security_group.id]
vswitch_id = alicloud_vswitch.vswitch.id
password = var.ecs_instance_password
internet_max_bandwidth_out = 5
}

# 创建一个云助手命令,指令用于:部署示例应用,并通过应用接口来调用大模型
resource "alicloud_ecs_command" "run_command" {
name = "command-run-${local.common_name}"
command_content = base64encode(<<EOF
#!/bin/bash
export ARMS_APP_NAME=llm_app
export ARMS_REGION_ID=${local.region}
export ARMS_IS_PUBLIC=True
export ARMS_LICENSE_KEY=${var.arms_license_key}
export DASHSCOPE_API_KEY=${var.bai_lian_api_key}

curl -fsSL https://help-static-aliyun-doc.aliyuncs.com/install-script/ai-observable/install.sh | bash # 部署应用

EOF
)
working_dir = "/root"
type = "RunShellScript"
timeout = 3600
}

# 在指定的ECS实例上执行上面创建的云助手命令
resource "alicloud_ecs_invocation" "invoke_script" {
instance_id = [alicloud_instance.ecs_instance.id]
command_id = alicloud_ecs_command.run_command.id
timeouts {
create = "15m"
}
}
14 changes: 14 additions & 0 deletions ...n/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
output "ecs_login_address" {
description = "部署应用的ECS实例的登录地址。登录后执行"
value = format("https://ecs-workbench.aliyun.com/?from=ecs&instanceType=ecs&regionId=%s&instanceId=%s&resourceGroupId=", local.region, alicloud_instance.ecs_instance.id)
}

output "ecs_public_ip" {
description = <<EOF
为确保可以从公网访问,请配置ECS的安全组对所有IP开放8000端口(即在main.tf中,将cidr_ip改为"0.0.0.0/0")。
接口调用示例(将<ecs_public_ip>用实际值替换):
curl http://<ecs_public_ip>:8000/docs # 查看应用信息
curl -X 'POST' 'http://<ecs_public_ip>:8000/agent/invoke' -H 'Content-Type: application/json' -d '{"input": {"input": "北京天气怎么样?"}}' # 调用大模型,等待返回结果。
EOF
value = alicloud_instance.ecs_instance.public_ip
}
37 changes: 37 additions & 0 deletions ...tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# ------------------------------------------------------------------------------
# 模块输入变量 (Module Input Variables)
#
# 本文件定义了该 Terraform 模块所有可配置的输入变量。
# 每个变量都包含了详细的 'description',以说明其用途、格式和默认值逻辑。
# 请参考这些描述来正确配置模块。
# ------------------------------------------------------------------------------

# 指定创建的ECS云服务器的规格。
variable "ecs_instance_type" {
type = string
default = "ecs.t6-c1m2.large"
description = "实例类型"
}

# 用于登录ECS实例的密码。
variable "ecs_instance_password" {
type = string
sensitive = true
description = "服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)"
# default = ""
}

# 百炼API-KEY
variable "bai_lian_api_key" {
type = string
description = "百炼 API-KEY,需开通百炼模型服务再获取 API-KEY,详情请参考:https://help.aliyun.com/zh/model-studio/developer-reference/get-api-key"
# default = ""
}

# ARMS LicenseKey
variable "arms_license_key" {
type = string
description = "当前环境 ARMS License Key。可以通过OpenAPI获取,前往<https://api.aliyun.com/api/ARMS/2019-08-08/DescribeTraceLicenseKey>,输入参数中填写RegionId(部署地域),单击发起调用,获取结果中LicenseKey对应的值。"
# default = ""
}

Loading