使用API配置阿里云负载均衡器

Saturday, June 1, 2019

当SLB后端需要添加比较多转发策略的时候,在web页面添加比较费时费力,使用阿里API直接操作的话比较快捷方便。

首先需要生成一个子账号对应用户AccessKey,子账号需要有SLB的操作权限。

下面我们来创建一个443端口监听,这里我们需要用到AccessKey、AccessSecret、SLB所在的区(例如华东2区,即上海区cn-shanghai)、后端虚拟服务器组的ID

添加后端虚拟服务器组

首先添加后端虚拟服务器组,新添加的后端虚拟服务器组的名称为test1、后端端口为81端口

注意更改注释中提到的LoadBalancerId

#!/usr/bin/env python
#coding=utf-8

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest
client = AcsClient('your_key', 'your_secret', 'cn-shanghai')

request = CommonRequest()
request.set_accept_format('json')
request.set_domain('slb.aliyuncs.com')
request.set_method('POST')
request.set_protocol_type('https')
request.set_version('2014-05-15')
# 本次操作为创建后端虚拟服务器组
request.set_action_name('CreateVServerGroup')

request.add_query_param('RegionId', 'cn-shanghai')
# 配置本次操作的负载均衡器的ID
request.add_query_param('LoadBalancerId', 'your_LoadBalancerId')
request.add_query_param('VServerGroupName', 'test1')
# 配置后端ECS,分别配置ECS的ID、端口、负载均衡权重
request.add_query_param('BackendServers', '[{"Type":"ecs","ServerId":"your_ecs_id_01","Port":81,"Weight":100},{"Type":"ecs","ServerId":"your_ecs_id_02","Port":81,"Weight":100},{"Type":"ecs","ServerId":"your_ecs_id_03","Port":81,"Weight":100}]')

response = client.do_action_with_exception(request)

查看虚拟服务器组

假若SLB已经定义好了一些后端服务器组,如果我们要获取这些后端服务器组的ID和描述的话,我们需要先查看一下虚拟服务器组。

注意更改注释中提到的LoadBalancerId

#!/usr/bin/env python
#coding=utf-8

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest
client = AcsClient('your_key', 'your_secret', 'cn-shanghai')

request = CommonRequest()
request.set_accept_format('json')
request.set_domain('slb.aliyuncs.com')
request.set_method('POST')
request.set_protocol_type('https') 
request.set_version('2014-05-15')
request.set_action_name('DescribeVServerGroups')

request.add_query_param('LoadBalancerId', 'your_LoadBalancerId')
request.add_query_param('RegionId', 'cn-shanghai')
request.add_query_param('IncludeListener', 'true')
request.add_query_param('IncludeRule', 'true')

response = client.do_action_with_exception(request)

print(str(response, encoding = 'utf-8'))

这样我们就能获取到虚拟服务器组的ID了

创建端口监听

创建一个443端口监听(使用https协议)

注意更改注释中提到的CertificateIdServerGroupIdLoadBalancerId

#!/usr/bin/env python
#coding=utf-8

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest
# 填入AccessKey、AccessSecret、你的SLB所在的区,比如cn-shanghai
client = AcsClient('your_key', 'your_secret', 'cn-shanghai')

request = CommonRequest()
request.set_accept_format('json')
request.set_domain('slb.aliyuncs.com')
request.set_method('POST')
request.set_protocol_type('https')
request.set_version('2014-05-15')
# 本次操作为创建SLB监听
request.set_action_name('CreateLoadBalancerHTTPSListener')

# 监听协议类型,配置为HTTPS
request.add_query_param('ListenerProtocol', 'HTTPS')
# 监听端口为443
request.add_query_param('ListenerPort', '443')
# 监听的名称配置为“https_443”,可自行配置
request.add_query_param('Description', 'https_443')
request.add_query_param('Scheduler', 'wrr')
request.add_query_param('StickySession', 'off')
request.add_query_param('EnableHttp2', 'on')
request.add_query_param('TLSCipherPolicy', 'tls_cipher_policy_1_0')
request.add_query_param('AclStatus', 'off')
request.add_query_param('Bandwidth', '-1')
request.add_query_param('IdleTimeout', '15')
request.add_query_param('RequestTimeout', '60')
request.add_query_param('Gzip', 'on')
request.add_query_param('XForwardedFor', 'on')
request.add_query_param('XForwardedFor_SLBID', 'off')
request.add_query_param('XForwardedFor_SLBIP', 'off')
request.add_query_param('XForwardedFor_proto', 'off')
# 配置证书ID,请更改'your_cert_id'
request.add_query_param('ServerCertificateId', 'your_cert_id')
request.add_query_param('HealthCheck', 'on')
request.add_query_param('HealthCheckConnectPort', '-520')
request.add_query_param('HealthCheckURI', '/')
request.add_query_param('HealthCheckHttpCode', 'http_2xx,http_3xx')
request.add_query_param('HealthCheckTimeout', '5')
request.add_query_param('HealthCheckInterval', '2')
request.add_query_param('HealthyThreshold', '3')
request.add_query_param('UnhealthyThreshold', '3')
# 打开后端虚拟后端服务器
request.add_query_param('VServerGroup', 'on')
# 配置虚后端拟服务器的ID,请更改'your_VServerGroupId'
request.add_query_param('VServerGroupId', 'your_VServerGroupId')
# 配置本次操作的负载均衡器的ID,请更改'your_LoadBalancerId'
request.add_query_param('LoadBalancerId', 'your_LoadBalancerId')
request.add_query_param('RegionId', 'cn-shanghai')

response = client.do_action_with_exception(request)

启动端口监听

以上操作创建了443端口监听,但是还没有启动,现在我们需要启动端口监听。

注意更改注释中提到的LoadBalancerIdListenerPort

#!/usr/bin/env python
#coding=utf-8

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest
# 填入AccessKey、AccessSecret、你的SLB所在的区
client = AcsClient('your_key', 'your_secret', 'cn-shanghai')

request = CommonRequest()
request.set_accept_format('json')
request.set_domain('slb.aliyuncs.com')
request.set_method('POST')
request.set_protocol_type('https')
request.set_version('2014-05-15')
# 本次操作为启动SLB端口监听
request.set_action_name('StartLoadBalancerListener')
# 配置本次操作的负载均衡器的ID
request.add_query_param('LoadBalancerId', 'your_LoadBalancerId')
# 配置需要启动的端口
request.add_query_param('ListenerPort', '443')

response = client.do_action_with_exception(request)

添加域名转发策略

我们监听了443端口,我们肯定想要不同的子域名转发到不同的后端,比如a.example.com转发到test_a后端服务器组,b.example.com转发到test_b后端服务器组

下面我们将test.example.com转发到后端服务器组test1

注意更改注释中提到的LoadBalancerId

按照下面代码的格式配置RuleList

#!/usr/bin/env python
#coding=utf-8

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest
client = AcsClient('your_key', 'your_secret', 'cn-shanghai')

request = CommonRequest()
request.set_accept_format('json')
request.set_domain('slb.aliyuncs.com')
request.set_method('POST')
request.set_protocol_type('https')
request.set_version('2014-05-15')

request.set_action_name('CreateRules')

request.add_query_param('RegionId', 'cn-shanghai')
request.add_query_param('LoadBalancerId', 'your_LoadBalancerId')
request.add_query_param('ListenerPort', '443')
# 添加后端转发策略
request.add_query_param('RuleList', '[{"RuleName":"auto_named_rule","Domain":"test.example.com","VServerGroupId":"test1虚拟服务器组的ID"}]')

response = client.do_action_with_exception(request)

删除端口监听

如果不想再开放某个端口,可以直接删除

#!/usr/bin/env python
#coding=utf-8

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest
client = AcsClient('your_key', 'your_secret', 'cn-shanghai')

request = CommonRequest()
request.set_accept_format('json')
request.set_domain('slb.aliyuncs.com')
request.set_method('POST')
request.set_protocol_type('https')
request.set_version('2014-05-15')
request.set_action_name('DeleteLoadBalancerListener')

request.add_query_param('LoadBalancerId', 'your_LoadBalancerId')
# 本次操作删除的是443端口
request.add_query_param('ListenerPort', '443')

response = client.do_action_with_exception(request)