build-an-observability-system-for-ai-applications-at-low-costs

Author: yorklol

solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/README.md

@@ -0,0 +1,48 @@
+<!-- DOCS_DESCRIPTION_CN -->
+本示例用于实现解决方案[使用ARMS监控自建大模型应用实现可观测](https://www.aliyun.com/solution/tech-solution-deploy/2922005),  涉及到专有网络（VPC）、交换机（VSwitch）、云服务器（ECS）、RAM 用户等资源的创建。
+<!-- DOCS_DESCRIPTION_CN -->
+
+<!-- DOCS_DESCRIPTION_EN -->
+This example is used to implement solution [build-an-observability-system-for-ai-applications-at-low-costs](https://www.aliyun.com/solution/tech-solution-deploy/2922005). It involves the creation, and deployment of resources such as Virtual Private Cloud (VPC), VSwitch, Elastic Compute Service (ECS), and RAM users.
+<!-- DOCS_DESCRIPTION_EN -->
+
+<!-- BEGIN_TF_DOCS -->
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_alicloud"></a> [alicloud](#provider\_alicloud) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [alicloud_ecs_command.run_command](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ecs_command) | resource |
+| [alicloud_ecs_invocation.invoke_script](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ecs_invocation) | resource |
+| [alicloud_instance.ecs_instance](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/instance) | resource |
+| [alicloud_ram_access_key.ramak](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ram_access_key) | resource |
+| [alicloud_ram_user.ram_user](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ram_user) | resource |
+| [alicloud_ram_user_policy_attachment.attach_policy_to_user](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/ram_user_policy_attachment) | resource |
+| [alicloud_security_group.security_group](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/security_group) | resource |
+| [alicloud_security_group_rule.allow_8000](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/security_group_rule) | resource |
+| [alicloud_vpc.vpc](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/vpc) | resource |
+| [alicloud_vswitch.vswitch](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/resources/vswitch) | resource |
+| [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [alicloud_images.default](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/data-sources/images) | data source |
+| [alicloud_regions.current_region_ds](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/data-sources/regions) | data source |
+| [alicloud_zones.default](https://registry.terraform.io/providers/hashicorp/alicloud/latest/docs/data-sources/zones) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_arms_license_key"></a> [arms\_license\_key](#input\_arms\_license\_key) | 当前环境 ARMS License Key。可以通过OpenAPI获取，前往<https://api.aliyun.com/api/ARMS/2019-08-08/DescribeTraceLicenseKey>，输入参数中填写RegionId（部署地域），单击发起调用，获取结果中LicenseKey对应的值。 | `string` | n/a | yes |
+| <a name="input_bai_lian_api_key"></a> [bai\_lian\_api\_key](#input\_bai\_lian\_api\_key) | 百炼 API-KEY，需开通百炼模型服务再获取 API-KEY，详情请参考：https://help.aliyun.com/zh/model-studio/developer-reference/get-api-key | `string` | n/a | yes |
+| <a name="input_ecs_instance_password"></a> [ecs\_instance\_password](#input\_ecs\_instance\_password) | 服务器登录密码,长度8-30，必须包含三项（大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号）` | `string` | n/a | yes |
+| <a name="input_ecs_instance_type"></a> [ecs\_instance\_type](#input\_ecs\_instance\_type) | 实例类型 | `string` | `"ecs.t6-c1m2.large"` | no |
+<!-- END_TF_DOCS -->

solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/main.tf

@@ -0,0 +1,140 @@
+# ------------------------------------------------------------------------------
+# 核心资源定义 (Main Resource Definitions)
+#
+# 本文件包含了模块的核心基础设施资源。
+# 这里的代码负责根据输入变量来创建和配置所有云资源。
+# ------------------------------------------------------------------------------
+
+# 配置阿里云提供商 (Provider)
+provider "alicloud" {
+  region = "cn-shanghai"
+}
+
+# 查询当前部署地域
+data "alicloud_regions" "current_region_ds" {
+  current = true
+}
+
+# 查询支持指定ECS实例规格和磁盘类型的可用区
+data "alicloud_zones" "default" {
+  available_disk_category     = "cloud_essd"
+  available_resource_creation = "VSwitch"
+  available_instance_type     = var.ecs_instance_type
+}
+
+# 创建一个随机ID，用于生成唯一的资源名称后缀，避免命名冲突
+resource "random_string" "suffix" {
+  length  = 8
+  lower   = true
+  upper   = false
+  numeric = false
+  special = false
+}
+
+# 定义一个局部变量，将随机ID用作通用名称后缀
+locals {
+  common_name = random_string.suffix.id
+  region      = data.alicloud_regions.current_region_ds.regions.0.id
+}
+
+# 创建一个专有网络（VPC），为云资源提供一个隔离的网络环境
+resource "alicloud_vpc" "vpc" {
+  cidr_block = "192.168.0.0/16"
+  vpc_name   = "vpc-${local.common_name}"
+}
+
+# 创建一个交换机（VSwitch），用于在VPC内划分一个子网
+resource "alicloud_vswitch" "vswitch" {
+  vpc_id       = alicloud_vpc.vpc.id
+  cidr_block   = "192.168.0.0/24"
+  zone_id      = data.alicloud_zones.default.zones.0.id
+  vswitch_name = "vswitch-${local.common_name}"
+}
+
+# 创建一个安全组，作为虚拟防火墙来控制ECS实例的网络访问
+resource "alicloud_security_group" "security_group" {
+  vpc_id              = alicloud_vpc.vpc.id
+  security_group_name = "sg-${local.common_name}"
+}
+
+# 在安全组中添加入方向规则，允许外部流量访问8000端口
+resource "alicloud_security_group_rule" "allow" {
+  type              = "ingress"
+  ip_protocol       = "tcp"
+  nic_type          = "intranet"
+  policy            = "accept"
+  port_range        = "8000/8000"
+  priority          = 1
+  security_group_id = alicloud_security_group.security_group.id
+  cidr_ip           = "192.168.0.0/24"
+  # 如需允许从公网访问ECS，请将cidr_ip修改为0.0.0.0/0
+  # cidr_ip           = "0.0.0.0/0"
+}
+
+# 查询可用的阿里云镜像
+data "alicloud_images" "default" {
+  # name_regex  = "^aliyun_3_x64_20G_alibase_.*"
+  name_regex  = "^ubuntu_24_04_x64_20G_alibase_.*"
+  most_recent = true
+  owners      = "system"
+}
+
+# 创建一个RAM用户，用于后续给ECS实例授权访问其他云服务
+resource "alicloud_ram_user" "ram_user" {
+  name = "ram-user-${local.common_name}"
+}
+
+# 为前面创建的RAM用户生成一个Access Key
+resource "alicloud_ram_access_key" "ramak" {
+  user_name = alicloud_ram_user.ram_user.name
+}
+
+# 为RAM用户附加一个系统策略
+resource "alicloud_ram_user_policy_attachment" "attach_policy_to_user" {
+  user_name = alicloud_ram_user.ram_user.name
+  # 策略类型为系统预设策略
+  policy_type = "System"
+  # 授予日志服务的完全访问权限
+  policy_name = "AliyunLogFullAccess"
+}
+
+# 创建一台ECS实例（云服务器）
+resource "alicloud_instance" "ecs_instance" {
+  instance_name              = "ecs-${local.common_name}"
+  image_id                   = data.alicloud_images.default.images[0].id
+  instance_type              = var.ecs_instance_type
+  system_disk_category       = "cloud_essd"
+  security_groups            = [alicloud_security_group.security_group.id]
+  vswitch_id                 = alicloud_vswitch.vswitch.id
+  password                   = var.ecs_instance_password
+  internet_max_bandwidth_out = 5
+}
+
+# 创建一个云助手命令，指令用于：部署示例应用，并通过应用接口来调用大模型
+resource "alicloud_ecs_command" "run_command" {
+  name = "command-run-${local.common_name}"
+  command_content = base64encode(<<EOF
+#!/bin/bash
+export ARMS_APP_NAME=llm_app
+export ARMS_REGION_ID=${local.region}
+export ARMS_IS_PUBLIC=True
+export ARMS_LICENSE_KEY=${var.arms_license_key}
+export DASHSCOPE_API_KEY=${var.bai_lian_api_key}
+
+curl -fsSL https://help-static-aliyun-doc.aliyuncs.com/install-script/ai-observable/install.sh | bash # 部署应用
+
+EOF
+  )
+  working_dir = "/root"
+  type        = "RunShellScript"
+  timeout     = 3600
+}
+
+# 在指定的ECS实例上执行上面创建的云助手命令
+resource "alicloud_ecs_invocation" "invoke_script" {
+  instance_id = [alicloud_instance.ecs_instance.id]
+  command_id  = alicloud_ecs_command.run_command.id
+  timeouts {
+    create = "15m"
+  }
+}

solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/outputs.tf

@@ -0,0 +1,14 @@
+output "ecs_login_address" {
+  description = "部署应用的ECS实例的登录地址。登录后执行"
+  value       = format("https://ecs-workbench.aliyun.com/?from=ecs&instanceType=ecs&regionId=%s&instanceId=%s&resourceGroupId=", local.region, alicloud_instance.ecs_instance.id)
+}
+
+output "ecs_public_ip" {
+  description = <<EOF
+  为确保可以从公网访问，请配置ECS的安全组对所有IP开放8000端口（即在main.tf中，将cidr_ip改为"0.0.0.0/0"）
+  接口调用示例（将<ecs_public_ip>用实际值替换）：
+  curl http://<ecs_public_ip>:8000/docs # 查看应用信息
+  curl -X 'POST' 'http://<ecs_public_ip>:8000/agent/invoke' -H 'Content-Type: application/json' -d '{"input": {"input": "北京天气怎么样？"}}' # 调用大模型，等待返回结果。
+  EOF
+  value       = alicloud_instance.ecs_instance.public_ip
+}

solution/tech-solution/build-an-observability-system-for-ai-applications-at-low-costs/variables.tf

@@ -0,0 +1,37 @@
+# ------------------------------------------------------------------------------
+# 模块输入变量 (Module Input Variables)
+#
+# 本文件定义了该 Terraform 模块所有可配置的输入变量。
+# 每个变量都包含了详细的 'description'，以说明其用途、格式和默认值逻辑。
+# 请参考这些描述来正确配置模块。
+# ------------------------------------------------------------------------------
+
+# 指定创建的ECS云服务器的规格。
+variable "ecs_instance_type" {
+  type        = string
+  default     = "ecs.t6-c1m2.large"
+  description = "实例类型"
+}
+
+# 用于登录ECS实例的密码。
+variable "ecs_instance_password" {
+  type        = string
+  sensitive   = true
+  description = "服务器登录密码,长度8-30，必须包含三项（大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号）"
+  # default   = ""
+}
+
+# 百炼API-KEY
+variable "bai_lian_api_key" {
+  type        = string
+  description = "百炼 API-KEY，需开通百炼模型服务再获取 API-KEY，详情请参考：https://help.aliyun.com/zh/model-studio/developer-reference/get-api-key"
+  # default   = ""
+}
+
+# ARMS LicenseKey
+variable "arms_license_key" {
+  type        = string
+  description = "当前环境 ARMS License Key。可以通过OpenAPI获取，前往<https://api.aliyun.com/api/ARMS/2019-08-08/DescribeTraceLicenseKey>，输入参数中填写RegionId（部署地域），单击发起调用，获取结果中LicenseKey对应的值。"
+  # default   = ""
+}
+