Tair DevToolset — Instance Creation and Public Network Configuration

Automate Tair Enterprise Edition cloud-native instance creation, public network access configuration, and IP whitelist setup using Aliyun CLI.

Architecture: VPC + VSwitch + Tair Enterprise Instance + Public Endpoint

---

1. Installation

Pre-check: Aliyun CLI >= 3.3.1 required Run aliyun version to verify >= 3.3.1. If not installed or version too low, see references/cli-installation-guide.md for installation instructions. Then [MUST] run aliyun configure set --auto-plugin-install true to enable automatic plugin installation.

# Verify CLI version
aliyun version

# Enable automatic plugin installation
aliyun configure set --auto-plugin-install true

# Verify jq
jq --version

If jq is not installed:

brew install jq   # macOS

---

2. Authentication

Pre-check: Alibaba Cloud Credentials Required

All credential configurations follow existing aliyun CLI settings, no separate configuration needed in scripts.

Security Rules:

• NEVER read, echo, or print AK/SK values (e.g., echo $ALIBABA_CLOUD_ACCESS_KEY_ID is FORBIDDEN)
• NEVER ask the user to input AK/SK directly in the conversation or command line
• NEVER use aliyun configure set with literal credential values
• ONLY use aliyun configure list to check credential status

aliyun configure list

Check the output for a valid profile (AK, STS, or OAuth identity).

If no valid profile exists, STOP here.

1. Obtain credentials from Alibaba Cloud Console
2. Configure credentials outside of this session (via aliyun configure in terminal or environment variables in shell profile)
3. Return and re-run after aliyun configure list shows a valid profile

---

3. RAM Policy

See references/ram-policies.md for RAM permissions required by this Skill.

Core permissions:

RAM Action	Description
r-kvstore:CreateTairInstance	Create Tair instance
r-kvstore:DescribeInstanceAttribute	Query instance status
r-kvstore:ModifySecurityIps	Modify IP whitelist
r-kvstore:AllocateInstancePublicConnection	Allocate public endpoint
r-kvstore:DescribeDBInstanceNetInfo	Query network info

[MUST] Permission Failure Handling: When any command or API call fails due to permission errors at any point during execution, follow this process:

1. Read references/ram-policies.md to get the full list of permissions required by this SKILL
2. Use ram-permission-diagnose skill to guide the user through requesting the necessary permissions
3. Pause and wait until the user confirms that the required permissions have been granted

---

4. Parameter Confirmation

IMPORTANT: Parameter Confirmation — Before executing any command or API call, ALL user-customizable parameters (e.g., RegionId, instance names, CIDR blocks, passwords, domain names, resource specifications, etc.) MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.

Parameter	Required	Description	Default
VPC_ID	Yes	VPC ID, e.g. vpc-bp1xxx	—
VSWITCH_ID	Yes	VSwitch ID, e.g. vsw-bp1xxx	—
REGION_ID	No	Region ID	cn-hangzhou
ZONE_ID	No	Zone ID	cn-hangzhou-h
INSTANCE_TYPE	No	Instance series	tair_rdb
INSTANCE_CLASS	No	Instance specification	tair.rdb.1g
INSTANCE_NAME	No	Instance name	tair-benchmark-<timestamp>

Common Specifications

Standard Architecture

InstanceClass	Memory	Bandwidth	Max Connections	QPS Reference
tair.rdb.1g	1 GB	768 Mbps	30,000	300,000
tair.rdb.2g	2 GB	768 Mbps	30,000	300,000
tair.rdb.4g	4 GB	768 Mbps	40,000	300,000
tair.rdb.8g	8 GB	768 Mbps	40,000	300,000
tair.rdb.16g	16 GB	768 Mbps	40,000	300,000
tair.rdb.24g	24 GB	768 Mbps	50,000	300,000
tair.rdb.32g	32 GB	768 Mbps	50,000	300,000
tair.rdb.64g	64 GB	768 Mbps	50,000	300,000

5. Core Workflow

[MUST] Execution Constraints

• MUST and ONLY use scripts/create-and-connect-test.sh script to complete instance creation, whitelist configuration, public endpoint allocation, etc.
• DO NOT bypass the script to directly call aliyun r-kvstore CLI commands for the above operations
• DO NOT write or concatenate aliyun CLI commands to replace script functionality
• Model's responsibility is: collect parameters → set environment variables → run script. No improvisation allowed.

Set environment variables with collected parameters and run the all-in-one script:

export VPC_ID="<user-confirmed VPC_ID>"
export VSWITCH_ID="<user-confirmed VSWITCH_ID>"

# Optional parameters
export REGION_ID="cn-hangzhou"
export ZONE_ID="cn-hangzhou-h"
export INSTANCE_TYPE="tair_rdb"
export INSTANCE_CLASS="tair.rdb.1g"
# For NAT environment, manually set public IP
# export MY_PUBLIC_IP="your-public-ip"

bash scripts/create-and-connect-test.sh

The script will automatically complete: Create instance → Wait for ready → Configure whitelist → Allocate public endpoint → Get public connection info.

---

6. Success Verification

See references/verification-method.md for detailed verification steps.

Quick instance status verification:

aliyun r-kvstore describe-instance-attribute \
  --instance-id "${INSTANCE_ID}" \
  --user-agent AlibabaCloud-Agent-Skills

Confirm InstanceStatus is Normal and public endpoint is allocated.

---

7. Troubleshooting

Issue	Solution
Connection timeout	Check if whitelist includes current public IP (must be IPv4)
Public endpoint empty	Confirm allocate-instance-public-connection executed successfully and wait for instance to recover to Normal

---

8. Best Practices

1. Use pay-as-you-go (PostPaid) for testing
2. Only add test machine's public IP to whitelist, follow least privilege principle

---

9. Reference Links

Reference	Description
references/cli-installation-guide.md	Aliyun CLI Installation and Configuration Guide
references/ram-policies.md	RAM Permission Policy Document
references/related-commands.md	Related CLI Commands and Parameters
references/verification-method.md	Success Verification Method
references/acceptance-criteria.md	Acceptance Criteria