alibabacloud-emr-starrocks-manage

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Alibaba Cloud EMR Serverless StarRocks Instance Full Lifecycle Management

阿里云EMR Serverless StarRocks实例全生命周期管理

Manage StarRocks instances via the

aliyun

CLI. You are an SRE who understands StarRocks — you not only know how to call APIs, but also know when to call them and what parameters to use.

通过

aliyun

CLI管理StarRocks实例。你是懂StarRocks的SRE——你不仅知道如何调用API，还知道何时调用以及使用什么参数。

Authentication

认证

Reuse the profile already configured in the

aliyun

CLI. Switch accounts with

--profile <name>

, and check configuration with

aliyun configure list

复用

aliyun

CLI中已配置的profile。使用

--profile <名称>

切换账户，使用

aliyun configure list

检查配置。

Domain Knowledge

领域知识

Product Overview

产品概述

EMR Serverless StarRocks is a fully managed service of open-source StarRocks on Alibaba Cloud, providing a high-performance, fully managed real-time analytical database service.

Core Features:

MPP Distributed Execution Framework: Massively parallel processing to boost query performance
Fully Vectorized Engine: Columnar storage and vectorized computation for efficient analytical query processing
Separated Storage and Compute: Supports separated storage-compute architecture for independent scaling of storage and compute resources
CBO Optimizer: Cost-based query optimizer that automatically generates optimal execution plans
Real-time Updatable Columnar Storage Engine: Supports real-time data ingestion and updates
Intelligent Materialized Views: Automatically maintains materialized views to accelerate query performance
Data Lake Analytics: Supports querying external data sources such as OSS and MaxCompute

EMR Serverless StarRocks是开源StarRocks在阿里云上的全托管服务，提供高性能、全托管的实时分析数据库服务。

核心特性：

MPP分布式执行框架：大规模并行处理提升查询性能
全向量化引擎：列式存储和向量化计算，实现高效的分析查询处理
存算分离：支持存算分离架构，存储和计算资源可独立扩缩容
CBO优化器：基于成本的查询优化器，可自动生成最优执行计划
可实时更新的列式存储引擎：支持实时数据接入和更新
智能物化视图：自动维护物化视图以加速查询性能
数据湖分析：支持查询OSS、MaxCompute等外部数据源

Use Cases

适用场景

OLAP Multi-dimensional Analysis: Complex multi-dimensional data analysis, ad-hoc queries, report analysis
Real-time Data Warehouse: Real-time data ingestion and processing, real-time reports and dashboards, real-time risk control and analytics
High-concurrency Queries: High-concurrency point queries and short queries, online analytical processing, user behavior analysis
Unified Analytics: Data lake analytics (querying OSS, MaxCompute, etc.), lakehouse architecture, cross-datasource federated queries

OLAP多维分析：复杂多维数据分析、即席查询、报表分析
实时数据仓库：实时数据接入和处理、实时报表和仪表盘、实时风控分析
高并发查询：高并发点查询和短查询、在线分析处理、用户行为分析
统一分析：数据湖分析（查询OSS、MaxCompute等）、湖仓架构、跨数据源联邦查询

Core Concepts

核心概念

Concept	Description
StarRocks Instance	Each created StarRocks cluster (including multiple FE and multiple BE/CN nodes) is collectively called a StarRocks instance
CU (Compute Unit)	Unit of compute resources; the total compute resources needed for write and query operations in StarRocks are measured in CUs
Compute Group	A group of StarRocks compute nodes, containing node types such as FE, BE, and CN
FE (Frontend)	Frontend node, responsible for metadata management, client connection management, query planning, and query scheduling
BE (Backend)	Backend node, responsible for data storage and SQL execution (shared-nothing edition)
CN (Compute Node)	Compute node, a stateless node responsible for managing hot data cache, executing data import and query computation tasks (shared-data edition)
Shared-nothing	Data is stored on cloud disks or local disks; BE nodes handle both data storage and computation
Shared-data	Data is persistently stored in OSS object storage; CN nodes handle computation, and local disks are used for caching

FE Node Roles:

Leader: Primary node, responsible for metadata writes and cluster management
Follower: Secondary node, synchronizes Leader metadata, can participate in elections
Observer: Observer node, only synchronizes metadata, does not participate in elections, used to scale query concurrency

概念	描述
StarRocks实例	每个创建的StarRocks集群（包含多个FE和多个BE/CN节点）统称为StarRocks实例
CU（计算单元）	计算资源单位；StarRocks中写入和查询操作所需的总计算资源以CU为单位计量
计算组	一组StarRocks计算节点，包含FE、BE、CN等节点类型
FE（前端节点）	前端节点，负责元数据管理、客户端连接管理、查询规划和查询调度
BE（后端节点）	后端节点，负责数据存储和SQL执行（shared-nothing版本）
CN（计算节点）	计算节点，是无状态节点，负责管理热数据缓存、执行数据导入和查询计算任务（shared-data版本）
Shared-nothing	数据存储在云盘或本地盘；BE节点同时负责数据存储和计算
Shared-data	数据持久化存储在OSS对象存储中；CN节点负责计算，本地盘用于缓存

FE节点角色：

Leader：主节点，负责元数据写入和集群管理
Follower：从节点，同步Leader元数据，可参与选举
Observer：观察者节点，仅同步元数据，不参与选举，用于扩展查询并发

Instance Types

实例类型

When creating an instance, you need to choose the architecture type:

Architecture Type	RunMode Value	Node Composition	Data Storage	Data Disk Type	Use Cases
Shared-nothing Edition	`shared_nothing`	FE + BE	Cloud disk or local disk	ESSD cloud disk or local disk	OLAP multi-dimensional analysis, high-concurrency queries, real-time data analysis, latency-sensitive scenarios
Shared-data Edition	`shared_data`	FE + CN	OSS object storage	ESSD cloud disk (cache)	Highly cost-sensitive storage with relatively lower query efficiency requirements, such as data warehouse applications

Shared-nothing Architecture Features:

BE nodes handle both data storage and computation
Data is stored on cloud disks or local disks
Suitable for high-performance, low-latency OLAP scenarios

Shared-data Architecture Features:

Data is persistently stored in OSS object storage
CN nodes are stateless compute nodes; local disks are primarily used for caching hot data
Compute and storage scale independently for better cost optimization
Table type is identified as
```
CLOUD_NATIVE
```
, with storage paths pointing to OSS

创建实例时，需要选择架构类型：

架构类型	RunMode取值	节点组成	数据存储	数据盘类型	适用场景
Shared-nothing版本	`shared_nothing`	FE + BE	云盘或本地盘	ESSD云盘或本地盘	OLAP多维分析、高并发查询、实时数据分析、对延迟敏感的场景
Shared-data版本	`shared_data`	FE + CN	OSS对象存储	ESSD云盘（缓存）	存储成本敏感度高、对查询效率要求相对较低的场景，比如数据仓库应用

Shared-nothing架构特性：

BE节点同时负责数据存储和计算
数据存储在云盘或本地盘
适合高性能、低延迟的OLAP场景

Shared-data架构特性：

数据持久化存储在OSS对象存储
CN节点是无状态计算节点，本地盘主要用于缓存热数据
计算和存储独立扩缩容，成本优化效果更好
表类型标识为
```
CLOUD_NATIVE
```
，存储路径指向OSS

Compute Resource Specifications (CU)

计算资源规格（CU）

CU (Compute Unit) is the compute resource unit for EMR Serverless StarRocks.

CU Specification Types:

Spec Type	SpecType Value	Features	Use Cases
Standard	`standard`	Balanced compute and memory configuration	General OLAP analysis
Memory Enhanced	`ramEnhanced`	Higher memory ratio	Complex queries, high concurrency
Network Enhanced	`networkEnhanced`	Higher network bandwidth	External table analysis with large data scan volumes
High-performance Storage	`localSSD`	High-performance storage access	High I/O scenarios with strict storage I/O performance requirements
Large-scale Storage	`bigData`	Large capacity storage	Extremely large data volumes, cost-sensitive

Note: The SpecType for FE node groups only supports
standard
. The multiple spec types above only apply to BE/CN node groups.

CU（计算单元）是EMR Serverless StarRocks的计算资源单位。

CU规格类型：

规格类型	SpecType取值	特性	适用场景
标准型	`standard`	计算和内存配置均衡	通用OLAP分析
内存增强型	`ramEnhanced`	内存占比更高	复杂查询、高并发场景
网络增强型	`networkEnhanced`	网络带宽更高	数据扫描量大的外表分析场景
高性能存储型	`localSSD`	高性能存储访问	对存储I/O性能要求严格的高I/O场景
大容量存储型	`bigData`	大容量存储	超大数据量、成本敏感场景

注意：FE节点组的SpecType仅支持
standard
，上述多种规格类型仅适用于BE/CN节点组。

Storage Specifications

存储规格

Storage Type	Performance Level	Max IOPS	Max Throughput	Use Cases
ESSD PL0	Entry-level	10,000	180 MB/s	Development and testing
ESSD PL1	Standard	50,000	350 MB/s	General production
ESSD PL2	High-performance	100,000	750 MB/s	High-performance requirements
ESSD PL3	Ultra-performance	1,000,000	4,000 MB/s	Ultra-performance requirements

存储类型	性能等级	最大IOPS	最大吞吐量	适用场景
ESSD PL0	入门级	10,000	180 MB/s	开发测试
ESSD PL1	标准级	50,000	350 MB/s	通用生产场景
ESSD PL2	高性能级	100,000	750 MB/s	高性能需求场景
ESSD PL3	超高性能级	1,000,000	4,000 MB/s	超高性能需求场景

Billing Methods

计费方式

Billing Items:

Billing Item	Description	Billing Method
Compute Resources (CU)	Compute resources for FE and BE/CN nodes	Subscription / Pay-as-you-go
Storage Resources	Cloud disks, elastic temporary disks, data storage	Billed by actual usage
Backup Storage	Storage space occupied by data backups	Billed by actual usage

Payment Methods:

Payment Method	API Parameter Value (PayType)	Description
Pay-as-you-go	`postPaid`	Pay after use, billing generated hourly, suitable for short-term needs/testing
Subscription	`prePaid`	Pay before use, suitable for long-term needs, more cost-effective

Payment Method Conversion:

Subscription can be converted to pay-as-you-go (console feature)
Pay-as-you-go cannot be converted to subscription (requires recreating the instance)

Cost Components:

Shared-nothing Edition Costs:

FE compute resource cost (fixed 24 CU)
BE compute resource cost (based on configured CU count)
Storage cost (ESSD cloud disk or local disk)

Shared-data Edition Costs:

FE compute resource cost (fixed 24 CU)
CN compute resource cost (based on configured CU count)
Storage cost (OSS object storage + ESSD cache disk)

计费项：

计费项	描述	计费方式
计算资源（CU）	FE和BE/CN节点的计算资源	包年包月 / 按量付费
存储资源	云盘、弹性临时盘、数据存储	按实际使用量计费
备份存储	数据备份占用的存储空间	按实际使用量计费

付费方式：

付费方式	API参数值（PayType）	描述
按量付费	`postPaid`	先使用后付费，按小时出账，适合短期需求/测试场景
包年包月	`prePaid`	先付费后使用，适合长期需求，性价比更高

付费方式转换：

包年包月可转换为按量付费（控制台功能）
按量付费不可转换为包年包月（需要重新创建实例）

成本构成：

Shared-nothing版本成本：

FE计算资源成本（固定24 CU）
BE计算资源成本（根据配置的CU数量计算）
存储成本（ESSD云盘或本地盘）

Shared-data版本成本：

FE计算资源成本（固定24 CU）
CN计算资源成本（根据配置的CU数量计算）
存储成本（OSS对象存储 + ESSD缓存盘）

Version Series

版本系列

Version Series	PackageType Value	Features	Use Cases	Spec Support	Region Restrictions
Standard Edition	`official`	Full functionality, production-grade stability, supports all spec types	Production environments, core business	Supports standard, memory enhanced, network enhanced, high-performance storage, large-scale storage	Available in all regions
Trial Edition	`trial`	Simplified configuration, quick start, only supports standard specs	Learning and testing, feature exploration, small applications	Only supports standard specs	Limited to certain regions (e.g., Beijing, Shanghai)

Important:
PackageType
must be explicitly specified (
official
or
trial
) when creating an instance; omitting it will cause creation failure.

Version Series Selection Recommendations:

Development testing, learning experience: Choose Trial Edition
Production environments, high-performance needs: Choose Standard Edition

版本系列	PackageType取值	特性	适用场景	规格支持	地域限制
标准版	`official`	功能完整，生产级稳定性，支持所有规格类型	生产环境、核心业务	支持标准型、内存增强型、网络增强型、高性能存储型、大容量存储型	所有地域可用
试用版	`trial`	配置简化，快速启动，仅支持标准规格	学习测试、功能探索、小型应用	仅支持标准规格	仅部分地域可用（如北京、上海）

重要提示：创建实例时必须显式指定
PackageType
（
official
或
trial
），省略会导致创建失败。

版本系列选择建议：

开发测试、学习体验：选择试用版
生产环境、高性能需求：选择标准版

Usage Limits

使用限制

Naming Limits: Instance name limited to a maximum of 64 characters, supports Chinese, letters, numbers, hyphens, and underscores
Node Count Limits:
- FE nodes: 1-11 (odd numbers only)
- BE nodes: 3-50
- CN nodes: 1-100

命名限制：实例名称最多64个字符，支持中文、字母、数字、连字符和下划线
节点数量限制：
- FE节点：1-11个（仅支持奇数）
- BE节点：3-50个
- CN节点：1-100个

Recommended Configurations

Scenario	RunMode	PackageType	BE SpecType	CU Configuration	Other Recommendations
Development Testing / Trial	`shared_data`	`trial`	`standard`	8 CU	Pay-as-you-go, quick start
Learning Validation	`shared_data`	`trial`	`standard`	8-16 CU	Choose regions that support Trial Edition
Small-scale Production	`shared_data`	`official`	`standard`	16-32 CU	Subscription is more cost-effective
High-performance OLAP	`shared_nothing`	`official`	`ramEnhanced`	As needed	ESSD PL2/PL3, 3-10 BE nodes
High-concurrency Queries	`shared_nothing`	`official`	`localSSD`	As needed	Local SSD storage
Massive Data Storage	`shared_nothing`	`official`	`bigData`	As needed	Local HDD, cost-optimized
Data Lake Analytics	`shared_data`	`official`	`networkEnhanced`	As needed	High bandwidth, external table scanning
Complex Query Analysis	`shared_data`	`official`	`ramEnhanced`	As needed	Large memory, multi-table joins

场景	RunMode	PackageType	BE SpecType	CU配置	其他建议
开发测试/试用	`shared_data`	`trial`	`standard`	8 CU	按量付费，快速启动
学习验证	`shared_data`	`trial`	`standard`	8-16 CU	选择支持试用版的地域
小规模生产	`shared_data`	`official`	`standard`	16-32 CU	包年包月性价比更高
高性能OLAP	`shared_nothing`	`official`	`ramEnhanced`	按需配置	ESSD PL2/PL3，3-10个BE节点
高并发查询	`shared_nothing`	`official`	`localSSD`	按需配置	本地SSD存储
海量数据存储	`shared_nothing`	`official`	`bigData`	按需配置	本地HDD，成本优化
数据湖分析	`shared_data`	`official`	`networkEnhanced`	按需配置	高带宽，外表扫描场景
复杂查询分析	`shared_data`	`official`	`ramEnhanced`	按需配置	大内存，多表关联场景

Instance Creation Workflow

实例创建工作流

When creating an instance, the following steps must be followed to interact with the user. No confirmation step may be skipped:

Confirm Region: Ask the user for the target RegionId (e.g., cn-hangzhou, cn-beijing, cn-shanghai)
Confirm Purpose: Development testing / small-scale production / large-scale production, to determine the payment method (postPaid/prePaid)
Confirm Version Series: Standard Edition (
```
official
```
) or Trial Edition (
```
trial
```
), corresponding to the
```
PackageType
```
parameter
Confirm Architecture Type: Shared-nothing edition
```
shared_nothing
```
(FE+BE) or shared-data edition
```
shared_data
```
(FE+CN), explain the differences and provide recommendations
Confirm Compute Specs: Standard
```
standard
```
/ Memory Enhanced
```
ramEnhanced
```
/ Network Enhanced
```
networkEnhanced
```
, etc., corresponding to the BE node group's
```
SpecType
```
parameter
Confirm CU and Version: CU count (minimum 8 CU), StarRocks version, AdminPassword
Confirm OSS Access Role (required for all architecture types): Ask the user for the RAM Role name (
```
OssAccessingRoleName
```
), which authorizes StarRocks to access OSS storage data. Typically
```
AliyunEMRStarRocksAccessingOSSRole
```
; if not yet created, prompt the user to authorize it in the RAM console first
Check Prerequisites: VPC, VSwitch, Security Group (see Prerequisites below)
Summary Confirmation: Present the complete configuration checklist to the user (instance name, architecture, version series, specs, CU, payment method, network, etc.), and execute creation only after confirmation

创建实例时，必须遵循以下步骤与用户交互，不得跳过任何确认步骤：

确认地域：询问用户目标RegionId（例如cn-hangzhou、cn-beijing、cn-shanghai）
确认用途：开发测试/小规模生产/大规模生产，以确定付费方式（postPaid/prePaid）
确认版本系列：标准版（
```
official
```
）或试用版（
```
trial
```
），对应
```
PackageType
```
参数
确认架构类型：Shared-nothing版本
```
shared_nothing
```
（FE+BE）或Shared-data版本
```
shared_data
```
（FE+CN），说明差异并提供建议
确认计算规格：标准型
```
standard
```
/内存增强型
```
ramEnhanced
```
/网络增强型
```
networkEnhanced
```
等，对应BE节点组的
```
SpecType
```
参数
确认CU和版本：CU数量（最低8 CU）、StarRocks版本、AdminPassword
确认OSS访问角色（所有架构类型都需要）：询问用户RAM角色名称（
```
OssAccessingRoleName
```
），用于授权StarRocks访问OSS存储数据，通常为
```
AliyunEMRStarRocksAccessingOSSRole
```
；如果尚未创建，提示用户先在RAM控制台完成授权
检查前置条件：VPC、VSwitch、安全组（见下文前置条件）
摘要确认：向用户展示完整配置清单（实例名称、架构、版本系列、规格、CU、付费方式、网络等），确认后再执行创建操作

Prerequisites

前置条件

Before calling

CreateInstanceV1

, first confirm the target RegionId with the user, then check whether the following resources are ready.

⚠️ REQUIRED: VPC and VSwitch must be queried first

MUST call the following two APIs before creating an instance:
DescribeVpcs
: Query available VPCs in the target region
DescribeVSwitches
: Query available VSwitches in the VPC (also records ZoneId)
Do NOT proceed with
CreateInstanceV1
until both APIs have been called successfully.

bash

export AGENT_USER_AGENT=AlibabaCloud-Agent-Skills                              # User-Agent identifier
aliyun configure list                                                          # Credentials

调用

CreateInstanceV1

之前，首先与用户确认目标RegionId，然后检查以下资源是否就绪。

⚠️ 必选：必须先查询VPC和VSwitch

创建实例前必须调用以下两个API：
DescribeVpcs
：查询目标地域下可用的VPC
DescribeVSwitches
：查询VPC下可用的VSwitch（同时记录ZoneId）
两个API都调用成功后，才能继续执行
CreateInstanceV1
。

bash

export AGENT_USER_AGENT=AlibabaCloud-Agent-Skills                              # User-Agent标识
aliyun configure list                                                          # 凭证

⚠️ REQUIRED APIs - must call before CreateInstanceV1:

⚠️ 必选API - 创建实例前必须调用：

aliyun vpc DescribeVpcs --RegionId <RegionId> # VPC (REQUIRED) aliyun vpc DescribeVSwitches --RegionId <RegionId> --VpcId vpc-xxx # VSwitch (REQUIRED, record ZoneId)

undefined

aliyun vpc DescribeVpcs --RegionId <RegionId> # VPC（必选） aliyun vpc DescribeVSwitches --RegionId <RegionId> --VpcId vpc-xxx # VSwitch（必选，记录ZoneId）

undefined

Key Parameters for the Creation API

创建API关键参数

When calling

CreateInstanceV1

, the following parameters are easily overlooked or confused — pay close attention:

Version
: The StarRocks version parameter name is Version
(e.g.,
```
"Version": "3.3"
```
). It is not
```
EngineVersion
```
,
```
StarRocksVersion
```
, or
```
DBVersion
```
— using the wrong parameter name will cause creation failure
RunMode
: Must be explicitly specified, only supports enum values
```
shared_data
```
(shared-data edition) or
```
shared_nothing
```
(shared-nothing edition); omitting it will cause creation failure or unexpected architecture type
RegionId
: Must be passed both via CLI
```
--RegionId
```
and in the body JSON
```
"RegionId"
```

ZoneId
+
VSwitchId
+
VSwitches
: All three must be passed together.

ZoneId

and

VSwitchId

are top-level fields, and

VSwitches

is in array format

[{"VswId":"vsw-xxx","ZoneId":"cn-hangzhou-h","Primary":true}]

OssAccessingRoleName
: Required for all architecture types (both shared-nothing and shared-data), typically
```
AliyunEMRStarRocksAccessingOSSRole
```
FrontendNodeGroups
: FE node group configuration, required for all architecture types. Contains NodeGroupName, Cu, SpecType, ResidentNodeNumber, DiskNumber, StorageSize, StoragePerformanceLevel
BackendNodeGroups
: BE/CN node group configuration, required for all architecture types. Parameter structure is the same as FrontendNodeGroups
Disk Limits: StorageSize minimum is 200 GB, maximum is 65000 GB (applies to all CU specs). Upgrading disk performance level to pl2 requires disk >= 500 GB

Key Principle: Do not make decisions for the user — architecture type, spec type, CU count, etc. all require explicit inquiry and confirmation. Recommendations can be given, but the final choice is the user's.

调用

CreateInstanceV1

时，以下参数容易遗漏或混淆，需要特别注意：

Version
：StarRocks版本的参数名称是**
```
Version
```
**（例如
```
"Version": "3.3"
```
），不是
```
EngineVersion
```
、
```
StarRocksVersion
```
或
```
DBVersion
```
，参数名称错误会导致创建失败
RunMode
：必须显式指定，仅支持枚举值
```
shared_data
```
（Shared-data版本）或
```
shared_nothing
```
（Shared-nothing版本），省略会导致创建失败或架构类型不符合预期
RegionId
：必须同时通过CLI的
```
--RegionId
```
和请求体JSON中的
```
"RegionId"
```
传递

ZoneId
+
VSwitchId
+
VSwitches
：三者必须同时传递。

ZoneId

和

VSwitchId

是顶层字段，

VSwitches

为数组格式

[{"VswId":"vsw-xxx","ZoneId":"cn-hangzhou-h","Primary":true}]

OssAccessingRoleName
：所有架构类型（Shared-nothing和Shared-data）都需要，通常为
```
AliyunEMRStarRocksAccessingOSSRole
```
FrontendNodeGroups
：FE节点组配置，所有架构类型都需要。包含NodeGroupName、Cu、SpecType、ResidentNodeNumber、DiskNumber、StorageSize、StoragePerformanceLevel
BackendNodeGroups
：BE/CN节点组配置，所有架构类型都需要，参数结构与FrontendNodeGroups相同
磁盘限制：StorageSize最小值为200 GB，最大值为65000 GB（适用于所有CU规格），磁盘性能等级升级到pl2需要磁盘容量>=500 GB

核心原则：不要替用户做决策——架构类型、规格类型、CU数量等都需要明确询问和确认，可以给出建议，但最终选择权在用户。

CLI Invocation

CLI调用

User-Agent Setup

User-Agent设置

All

aliyun

CLI calls must set the User-Agent identifier via environment variable to identify the request source:

bash

export AGENT_USER_AGENT=AlibabaCloud-Agent-Skills

Execute once at the beginning of the session; all subsequent

aliyun

commands will automatically carry this User-Agent. If it doesn't take effect, you can also set it inline before each command:

bash

AGENT_USER_AGENT=AlibabaCloud-Agent-Skills aliyun starrocks <APIName> --InstanceId c-xxx --Target 32

所有

aliyun

CLI调用必须通过环境变量设置User-Agent标识，用于识别请求来源：

bash

export AGENT_USER_AGENT=AlibabaCloud-Agent-Skills

会话开始时执行一次，后续所有

aliyun

命令会自动携带该User-Agent。如果不生效，也可以在每个命令前内联设置：

bash

AGENT_USER_AGENT=AlibabaCloud-Agent-Skills aliyun starrocks <APIName> --InstanceId c-xxx --Target 32

Invocation Guidelines

调用规范

bash

aliyun starrocks <APIName> --InstanceId c-xxx --Target 32

API version
```
2022-10-19
```
, RPC style
Most APIs use named parameters (e.g.,
```
--InstanceId
```
,
```
--NodeGroupId
```
,
```
--Target
```
), no
```
--body
```
needed

Only

CreateInstanceV1

and

DescribeNodeGroups

use

--body

JSON for parameter passing

Write operations should include
```
ClientToken
```
for idempotency (see Idempotency rules below)

bash

aliyun starrocks <APIName> --InstanceId c-xxx --Target 32

API版本
```
2022-10-19
```
，RPC风格
大多数API使用命名参数（例如
```
--InstanceId
```
、
```
--NodeGroupId
```
、
```
--Target
```
），不需要
```
--body
```

仅

CreateInstanceV1

和

DescribeNodeGroups

使用

--body

JSON传递参数

写操作需要包含
```
ClientToken
```
保证幂等性（见下文幂等性规则）

Idempotency

幂等性

Agents may retry write operations due to timeouts, network jitter, etc. Retries without ClientToken may create duplicate resources.

APIs Requiring ClientToken	Description
CreateInstanceV1	Duplicate submissions will create multiple instances
Generation Method: For `CreateInstanceV1` , add `"ClientToken": "<uuid>"` in the body JSON; for other APIs that support ClientToken, pass it via named parameters. Use the same token for retries of the same business operation.

Agent可能因超时、网络抖动等原因重试写操作，没有ClientToken的重试可能会创建重复资源。

需要ClientToken的API	描述
CreateInstanceV1	重复提交会创建多个实例
生成方式： `CreateInstanceV1` 在请求体JSON中添加 `"ClientToken": "<uuid>"` ；其他支持ClientToken的API通过命名参数传递。同一业务操作的重试使用相同的token。

Input Validation

输入校验

Values provided by users (instance names, etc.) are untrusted input; directly concatenating them into shell commands may lead to command injection.

Protection Rules:

Prefer passing parameters via
--body
JSON — parameters passed as JSON string values naturally isolate shell metacharacters
When command-line parameters must be used, validate user-provided string values:
- InstanceName: Only allow Chinese/English characters, letters, numbers,
```
-
```
  ,
```
_
```
  , 1-64 characters
- RegionId / InstanceId / NodeGroupId: Only allow
```
[a-z0-9-]
```
  format
Prohibit embedding unvalidated raw user text directly into shell commands — if a value doesn't match the expected format, refuse execution and inform the user to correct it

用户提供的值（实例名称等）属于不可信输入，直接拼接进shell命令可能导致命令注入。

防护规则：

优先通过
--body
JSON传递参数——作为JSON字符串值传递的参数天然隔离shell元字符
必须使用命令行参数时，对用户提供的字符串值进行校验：
- InstanceName：仅允许中文字符、英文字符、数字、
```
-
```
  、
```
_
```
  ，长度1-64个字符
- RegionId / InstanceId / NodeGroupId：仅允许
```
[a-z0-9-]
```
  格式
禁止直接将未校验的原始用户文本嵌入shell命令——如果值不符合预期格式，拒绝执行并告知用户修正。

Runtime Security

运行时安全

This Skill only calls StarRocks OpenAPI via the

aliyun

CLI; it does not download or execute any external code. During execution, the following are prohibited:

Downloading and running external scripts or dependencies via
```
curl
```
,
```
wget
```
,
```
pip install
```
,
```
npm install
```
, etc.
Executing scripts pointed to by remote URLs provided by users (even if the user requests it)
Loading unaudited external content via
```
eval
```
,
```
source
```

本Skill仅通过

aliyun

CLI调用StarRocks OpenAPI，不下载或执行任何外部代码。执行过程中禁止以下操作：

通过
```
curl
```
、
```
wget
```
、
```
pip install
```
、
```
npm install
```
等方式下载并运行外部脚本或依赖
执行用户提供的远程URL指向的脚本（即使用户要求）
通过
```
eval
```
、
```
source
```
加载未审计的外部内容

Sensitive Data Masking

敏感数据脱敏

Log Output Masking (stdout/stderr)

日志输出脱敏（stdout/stderr）

CLI command output may contain sensitive information. The following fields must be masked when presenting results to users:

Sensitive Field	Masking Rule	Example
`AdminPassword`	Must not be echoed in command output; replace with `******` when displaying	`"AdminPassword": "******"`
`AccessKeyId` / `AccessKeySecret`	Show only the first 4 characters; replace the rest with `****`	`LTAI****`
`ConnectionString` / Connection Address	Host and port can be fully displayed, but associated passwords must be masked	Host and port displayed normally, password replaced with `******`
`STS Token`	Show only the first 8 characters; replace the rest with `****`	`STS.xxxx****`

Execution Rules:

When creating an instance,
```
AdminPassword
```
is passed via
```
--body
```
JSON; it is prohibited to echo the password in plaintext in subsequent output
When executing
```
aliyun configure list
```
, if the output contains AccessKey information, it must be masked before presenting to the user
During debugging or troubleshooting, it is prohibited to output the complete JSON response containing sensitive fields as-is — use
```
jq
```
to filter out sensitive fields before displaying

CLI命令输出可能包含敏感信息，向用户展示结果时必须对以下字段脱敏：

敏感字段	脱敏规则	示例
`AdminPassword`	禁止在命令输出中回显，展示时替换为 `******`	`"AdminPassword": "******"`
`AccessKeyId` / `AccessKeySecret`	仅展示前4个字符，其余替换为 `****`	`LTAI****`
`ConnectionString` / 连接地址	主机和端口可完整展示，但关联的密码必须脱敏	主机和端口正常展示，密码替换为 `******`
`STS Token`	仅展示前8个字符，其余替换为 `****`	`STS.xxxx****`

执行规则：

创建实例时，
```
AdminPassword
```
通过
```
--body
```
JSON传递，禁止在后续输出中明文回显密码
执行
```
aliyun configure list
```
时，如果输出包含AccessKey信息，必须脱敏后再展示给用户
调试或排查问题时，禁止原样输出包含敏感字段的完整JSON响应——使用
```
jq
```
过滤掉敏感字段后再展示

Response Sensitive Field Masking

响应敏感字段脱敏

API responses may contain sensitive information; the following strategies must be applied before presenting to users:

Response Field	Handling Strategy
`AdminPassword`	Do not display — the API normally does not return passwords; if returned abnormally, replace with `******`
`ConnectionString` / `Endpoint`	Connection addresses (host:port) can be displayed, but remind users that connection credentials should be obtained through secure channels
`AccessKeyId` / `AccessKeySecret`	Mask, showing only the first 4 characters
`SecurityGroupId` / `VSwitchId` / `VpcId`	Can be displayed normally — these are resource identifiers, not sensitive credentials

General Principles:

When displaying API responses, prefer using
```
jq
```
to select needed fields, avoiding full output
If full JSON is needed for debugging, filter sensitive fields first:
```
jq 'del(.AdminPassword, .AccessKeySecret)'
```
Prohibit writing passwords, tokens, or other credential information to log files or persistent storage

API响应可能包含敏感信息，向用户展示前必须应用以下策略：

响应字段	处理策略
`AdminPassword`	不展示——API正常不会返回密码，异常返回时替换为 `******`
`ConnectionString` / `Endpoint`	连接地址（host:port）可展示，但提醒用户连接凭证需通过安全渠道获取
`AccessKeyId` / `AccessKeySecret`	脱敏，仅展示前4个字符
`SecurityGroupId` / `VSwitchId` / `VpcId`	可正常展示——这些是资源标识符，不是敏感凭证

通用原则：

展示API响应时，优先使用
```
jq
```
选择需要的字段，避免全量输出
如果调试需要完整JSON，先过滤敏感字段：
```
jq 'del(.AdminPassword, .AccessKeySecret)'
```
禁止将密码、Token等凭证信息写入日志文件或持久化存储

Intent Routing

意图路由

Disambiguation Rule: When user input is ambiguous (e.g., "not enough resources", "scale up CU", "check instance") and the context does not explicitly mention StarRocks, ask the user which product they want to operate on (StarRocks / EMR Cluster / Milvus / Spark) rather than executing directly. Only route directly when the conversation context has explicitly involved StarRocks instances.

Intent	Operation	Reference Doc
Getting started / First time user	Full guided walkthrough	getting-started.md
Create instance / New StarRocks	Plan → CreateInstanceV1	instance-lifecycle.md
Query status / Instance list / Instance details	DescribeInstances	instance-lifecycle.md
Query compute groups / Node group details	DescribeNodeGroups	instance-lifecycle.md
Query upgradable versions	QueryUpgradableVersions	operations.md
API parameter lookup	Parameter reference	api-reference.md

消歧规则：当用户输入模糊（例如"资源不足"、"升配CU"、"检查实例"）且上下文未明确提到StarRocks时，询问用户想要操作哪个产品（StarRocks / EMR集群 / Milvus / Spark），而不是直接执行。仅当会话上下文已明确涉及StarRocks实例时才可直接路由。

意图	操作	参考文档
入门使用/首次使用	全流程引导	getting-started.md
创建实例/新建StarRocks	规划 → 调用CreateInstanceV1	instance-lifecycle.md
查询状态/实例列表/实例详情	调用DescribeInstances	instance-lifecycle.md
查询计算组/节点组详情	调用DescribeNodeGroups	instance-lifecycle.md
查询可升级版本	调用QueryUpgradableVersions	operations.md
API参数查询	参数参考	api-reference.md

Timeouts

超时设置

Operation Type	Timeout Recommendation
Read-only queries	30 seconds
Write operations	60 seconds
Polling	30 seconds per attempt, no more than 3 minutes total

操作类型	超时建议
只读查询	30秒
写操作	60秒
轮询	每次尝试30秒，总时长不超过3分钟

Pagination

分页

List-type APIs use

PageNumber

PageSize

pagination:

```
PageNumber
```
: Page number, starting from 1, default 1
```
PageSize
```
: Items per page, default 10, maximum 100
Continue to next page when returned result count equals PageSize

列表类API使用

PageNumber

PageSize

分页：

```
PageNumber
```
：页码，从1开始，默认1
```
PageSize
```
：每页条数，默认10，最大100
当返回结果数量等于PageSize时继续查询下一页

Output

输出规范

Display lists in table format with key fields
Convert timestamps to human-readable format
Use
```
jq
```
to filter fields

列表使用表格格式展示关键字段
时间戳转换为人类可读格式
使用
```
jq
```
过滤字段

Error Handling

错误处理

Error Code	Cause	Agent Action
Throttling	API rate limiting	Wait 5 seconds and retry, up to 3 times
ServiceUnavailable	Service temporarily unavailable	Wait 5 seconds and retry, up to 3 times; if still failing, stop and inform the user
InvalidParameter	Invalid parameter	Read the error Message and correct the parameter
Forbidden.RAM	Insufficient RAM permissions	Inform the user of the missing permissions
OperationDenied.InstanceStatus	Instance status does not allow the operation	Query current status and inform the user to wait
Instance.NotFound	Instance does not exist or has been deleted	Use `DescribeInstances` to search for the correct InstanceId and confirm with the user
IncompleteSignature / InvalidAccessKeyId	Credential error or expired	Prompt the user to run `aliyun configure list` to check credentials

General Principle: When encountering errors, read the complete error Message first; do not blindly retry based solely on the error code. Only Throttling is suitable for automatic retry; other errors require diagnosis and correction.

错误码	原因	Agent操作
Throttling	API限流	等待5秒后重试，最多重试3次
ServiceUnavailable	服务暂时不可用	等待5秒后重试，最多重试3次；如果仍然失败，停止操作并告知用户
InvalidParameter	参数无效	读取错误Message，修正参数
Forbidden.RAM	RAM权限不足	告知用户缺失的权限
OperationDenied.InstanceStatus	实例状态不允许当前操作	查询当前状态，告知用户等待
Instance.NotFound	实例不存在或已删除	使用 `DescribeInstances` 搜索正确的InstanceId并与用户确认
IncompleteSignature / InvalidAccessKeyId	凭证错误或过期	提示用户运行 `aliyun configure list` 检查凭证

通用原则：遇到错误时先读取完整的错误Message，不要仅根据错误码盲目重试。仅Throttling适合自动重试，其他错误需要诊断和修正。

alibabacloud-emr-starrocks-manage

Original

Translation

Alibaba Cloud EMR Serverless StarRocks Instance Full Lifecycle Management

阿里云EMR Serverless StarRocks实例全生命周期管理

Authentication

认证

Domain Knowledge

领域知识

Product Overview

产品概述

Use Cases

适用场景

Core Concepts

核心概念

Instance Types

实例类型

Compute Resource Specifications (CU)

计算资源规格（CU）

Storage Specifications

存储规格

Billing Methods

计费方式

Version Series

版本系列

Usage Limits

使用限制

Recommended Configurations

推荐配置

Instance Creation Workflow

实例创建工作流

Prerequisites

前置条件

⚠️ REQUIRED APIs - must call before CreateInstanceV1:

⚠️ 必选API - 创建实例前必须调用：

Key Parameters for the Creation API

创建API关键参数

CLI Invocation

CLI调用

User-Agent Setup

User-Agent设置

Invocation Guidelines

调用规范

Idempotency

幂等性

Input Validation

输入校验

Runtime Security

运行时安全

Sensitive Data Masking

敏感数据脱敏

Log Output Masking (stdout/stderr)

日志输出脱敏（stdout/stderr）

Response Sensitive Field Masking

响应敏感字段脱敏

Intent Routing

意图路由

Timeouts

超时设置

Pagination

分页

Output

输出规范

Error Handling

错误处理

Related Documents

相关文档