alibabacloud-tair-devtoolset

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Tair DevToolset — Instance Creation and Public Network Configuration

Tair DevToolset — 实例创建与公网配置

Automate Tair Enterprise Edition cloud-native instance creation, public network access configuration, and IP whitelist setup using Aliyun CLI.

Architecture:

VPC + VSwitch + Tair Enterprise Instance + Public Endpoint

使用Aliyun CLI自动化完成Tair企业版云原生实例创建、公网访问配置和IP白名单设置。

架构：

VPC + VSwitch + Tair 企业实例 + Public Endpoint

1. Installation

1. 安装

Pre-check: Aliyun CLI >= 3.3.1 required Run
aliyun version
to verify >= 3.3.1. If not installed or version too low, see
references/cli-installation-guide.md
for installation instructions. Then [MUST] run
aliyun configure set --auto-plugin-install true
to enable automatic plugin installation.

bash

undefined

前置检查：要求 Aliyun CLI 版本 >= 3.3.1 运行
aliyun version
确认版本不低于3.3.1。如果未安装或版本过低，请参考
references/cli-installation-guide.md
中的安装说明。然后[必须]执行
aliyun configure set --auto-plugin-install true
开启自动插件安装功能。

bash

undefined

Verify CLI version

验证CLI版本

aliyun version

Enable automatic plugin installation

开启自动插件安装

aliyun configure set --auto-plugin-install true

Verify jq

验证jq是否可用

jq --version


If jq is not installed:
```bash
brew install jq   # macOS

jq --version


如果未安装jq：
```bash
brew install jq   # macOS 环境

2. Authentication

2. 身份认证

Pre-check: Alibaba Cloud Credentials Required

All credential configurations follow existing aliyun CLI settings, no separate configuration needed in scripts.

Security Rules:
NEVER read, echo, or print AK/SK values (e.g.,
echo $ALIBABA_CLOUD_ACCESS_KEY_ID
is FORBIDDEN)
NEVER ask the user to input AK/SK directly in the conversation or command line
NEVER use
aliyun configure set
with literal credential values
ONLY use
aliyun configure list
to check credential status
bash
aliyun configure list
Check the output for a valid profile (AK, STS, or OAuth identity).

If no valid profile exists, STOP here.
Obtain credentials from Alibaba Cloud Console
Configure credentials outside of this session (via
aliyun configure
in terminal or environment variables in shell profile)
Return and re-run after
aliyun configure list
shows a valid profile

前置检查：需要阿里云凭证

所有凭证配置沿用现有的aliyun CLI设置，脚本无需单独配置。

安全规则：
严禁读取、回显或打印AK/SK的值（例如禁止执行
echo $ALIBABA_CLOUD_ACCESS_KEY_ID
）
严禁要求用户在对话或命令行中直接输入AK/SK
严禁使用
aliyun configure set
直接传入明文凭证值
仅允许使用
aliyun configure list
检查凭证状态
bash
undefined

aliyun configure list

检查输出中是否存在有效的配置文件（AK、STS或OAuth身份）。

**如果不存在有效配置文件，请停止后续操作。**
1. 从[阿里云控制台](https://ram.console.aliyun.com/manage/ak)获取凭证
2. **在当前会话之外**配置凭证（通过终端执行`aliyun configure`或在shell配置文件中设置环境变量）
3. 待`aliyun configure list`显示有效配置文件后，返回重新执行操作

3. RAM Policy

3. RAM策略

See references/ram-policies.md for RAM permissions required by this Skill.

Core permissions:

RAM Action	Description
`r-kvstore:CreateTairInstance`	Create Tair instance
`r-kvstore:DescribeInstanceAttribute`	Query instance status
`r-kvstore:ModifySecurityIps`	Modify IP whitelist
`r-kvstore:AllocateInstancePublicConnection`	Allocate public endpoint
`r-kvstore:DescribeDBInstanceNetInfo`	Query network info

[MUST] Permission Failure Handling: When any command or API call fails due to permission errors at any point during execution, follow this process:
Read
references/ram-policies.md
to get the full list of permissions required by this SKILL
Use
ram-permission-diagnose
skill to guide the user through requesting the necessary permissions
Pause and wait until the user confirms that the required permissions have been granted

查看 references/ram-policies.md 获取本Skill所需的RAM权限。

核心权限：

RAM Action	描述
`r-kvstore:CreateTairInstance`	创建Tair实例
`r-kvstore:DescribeInstanceAttribute`	查询实例状态
`r-kvstore:ModifySecurityIps`	修改IP白名单
`r-kvstore:AllocateInstancePublicConnection`	分配公网访问端点
`r-kvstore:DescribeDBInstanceNetInfo`	查询网络信息

[必须]权限失败处理流程： 执行过程中任意命令或API调用因权限错误失败时，按照以下流程处理：
读取
references/ram-policies.md
获取本Skill所需的完整权限列表
使用
ram-permission-diagnose
skill引导用户申请所需权限
暂停操作，等待用户确认已授予所需权限后再继续

4. Parameter Confirmation

4. 参数确认

IMPORTANT: Parameter Confirmation — Before executing any command or API call, ALL user-customizable parameters (e.g., RegionId, instance names, CIDR blocks, passwords, domain names, resource specifications, etc.) MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.

Parameter	Required	Description	Default
VPC_ID	Yes	VPC ID, e.g. `vpc-bp1xxx`	—
VSWITCH_ID	Yes	VSwitch ID, e.g. `vsw-bp1xxx`	—
REGION_ID	No	Region ID	`cn-hangzhou`
ZONE_ID	No	Zone ID	`cn-hangzhou-h`
INSTANCE_TYPE	No	Instance series	`tair_rdb`
INSTANCE_CLASS	No	Instance specification	`tair.rdb.1g`
INSTANCE_NAME	No	Instance name	`tair-benchmark-<timestamp>`

重要提示：参数确认 — 执行任何命令或API调用前，所有用户可自定义参数（例如RegionId、实例名称、CIDR块、密码、域名、资源规格等）必须与用户确认。未经用户明确同意，不得假设或使用默认值。

参数	必填	描述	默认值
VPC_ID	是	VPC ID，例如 `vpc-bp1xxx`	—
VSWITCH_ID	是	VSwitch ID，例如 `vsw-bp1xxx`	—
REGION_ID	否	地域ID	`cn-hangzhou`
ZONE_ID	否	可用区ID	`cn-hangzhou-h`
INSTANCE_TYPE	否	实例系列	`tair_rdb`
INSTANCE_CLASS	否	实例规格	`tair.rdb.1g`
INSTANCE_NAME	否	实例名称	`tair-benchmark-<timestamp>`

Common Specifications

常用规格

Standard Architecture

标准架构

InstanceClass	Memory	Bandwidth	Max Connections	QPS Reference
tair.rdb.1g	1 GB	768 Mbps	30,000	300,000
tair.rdb.2g	2 GB	768 Mbps	30,000	300,000
tair.rdb.4g	4 GB	768 Mbps	40,000	300,000
tair.rdb.8g	8 GB	768 Mbps	40,000	300,000
tair.rdb.16g	16 GB	768 Mbps	40,000	300,000
tair.rdb.24g	24 GB	768 Mbps	50,000	300,000
tair.rdb.32g	32 GB	768 Mbps	50,000	300,000
tair.rdb.64g	64 GB	768 Mbps	50,000	300,000

InstanceClass	内存	带宽	最大连接数	QPS参考值
tair.rdb.1g	1 GB	768 Mbps	30,000	300,000
tair.rdb.2g	2 GB	768 Mbps	30,000	300,000
tair.rdb.4g	4 GB	768 Mbps	40,000	300,000
tair.rdb.8g	8 GB	768 Mbps	40,000	300,000
tair.rdb.16g	16 GB	768 Mbps	40,000	300,000
tair.rdb.24g	24 GB	768 Mbps	50,000	300,000
tair.rdb.32g	32 GB	768 Mbps	50,000	300,000
tair.rdb.64g	64 GB	768 Mbps	50,000	300,000

5. Core Workflow

5. 核心工作流

[MUST] Execution Constraints
MUST and ONLY use
scripts/create-and-connect-test.sh
script to complete instance creation, whitelist configuration, public endpoint allocation, etc.
DO NOT bypass the script to directly call
aliyun r-kvstore
CLI commands for the above operations
DO NOT write or concatenate aliyun CLI commands to replace script functionality

Model's responsibility is: collect parameters → set environment variables → run script. No improvisation allowed.

Set environment variables with collected parameters and run the all-in-one script:

bash

export VPC_ID="<user-confirmed VPC_ID>"
export VSWITCH_ID="<user-confirmed VSWITCH_ID>"

[必须]执行约束
必须且仅能使用
scripts/create-and-connect-test.sh
脚本完成实例创建、白名单配置、公网端点分配等操作
不得绕过脚本直接调用
aliyun r-kvstore
CLI命令执行上述操作
不得编写或拼接aliyun CLI命令替代脚本功能

模型的职责是：收集参数 → 设置环境变量 → 运行脚本。不允许自行调整流程。

使用收集到的参数设置环境变量，然后运行一体化脚本：

bash

export VPC_ID="<用户确认的VPC_ID>"
export VSWITCH_ID="<用户确认的VSWITCH_ID>"

Optional parameters

可选参数

export REGION_ID="cn-hangzhou" export ZONE_ID="cn-hangzhou-h" export INSTANCE_TYPE="tair_rdb" export INSTANCE_CLASS="tair.rdb.1g"

For NAT environment, manually set public IP

NAT环境下可手动设置公网IP

export MY_PUBLIC_IP="your-public-ip"

bash scripts/create-and-connect-test.sh


The script will automatically complete: Create instance → Wait for ready → Configure whitelist → Allocate public endpoint → Get public connection info.

---

bash scripts/create-and-connect-test.sh


脚本将自动完成：创建实例 → 等待实例就绪 → 配置白名单 → 分配公网端点 → 获取公网连接信息。

---

6. Success Verification

6. 成功验证

See references/verification-method.md for detailed verification steps.

Quick instance status verification:

bash

aliyun r-kvstore describe-instance-attribute \
  --instance-id "${INSTANCE_ID}" \
  --user-agent AlibabaCloud-Agent-Skills

Confirm

InstanceStatus

Normal

and public endpoint is allocated.

查看 references/verification-method.md 获取详细验证步骤。

快速验证实例状态：

bash

aliyun r-kvstore describe-instance-attribute \
  --instance-id "${INSTANCE_ID}" \
  --user-agent AlibabaCloud-Agent-Skills

确认

InstanceStatus

为

Normal

且公网端点已分配。

7. Troubleshooting

7. 故障排查

Issue	Solution
Connection timeout	Check if whitelist includes current public IP (must be IPv4)
Public endpoint empty	Confirm `allocate-instance-public-connection` executed successfully and wait for instance to recover to Normal

问题	解决方案
连接超时	检查白名单是否包含当前公网IP（必须为IPv4地址）
公网端点为空	确认 `allocate-instance-public-connection` 执行成功，等待实例恢复为Normal状态

8. Best Practices

8. 最佳实践

Use pay-as-you-go (PostPaid) for testing
Only add test machine's public IP to whitelist, follow least privilege principle

测试场景使用按量付费（PostPaid）模式
仅将测试机器的公网IP添加到白名单，遵循最小权限原则

9. Reference Links

9. 参考链接

Reference	Description
references/cli-installation-guide.md	Aliyun CLI Installation and Configuration Guide
references/ram-policies.md	RAM Permission Policy Document
references/related-commands.md	Related CLI Commands and Parameters
references/verification-method.md	Success Verification Method
references/acceptance-criteria.md	Acceptance Criteria

参考文档	描述
references/cli-installation-guide.md	Aliyun CLI安装配置指南
references/ram-policies.md	RAM权限策略文档
references/related-commands.md	相关CLI命令与参数说明
references/verification-method.md	成功验证方法
references/acceptance-criteria.md	验收标准