Tair DevToolset — Instance Creation and Public Network Configuration

Automate Tair Enterprise Edition cloud-native instance creation, public network access configuration, and IP whitelist setup using Aliyun CLI.

Architecture: VPC + VSwitch + Tair Enterprise Instance + Public Endpoint

---

1. Installation

Pre-check: Aliyun CLI >= 3.3.1 required
Run aliyun version to verify >= 3.3.1. If not installed or version too low,
see references/cli-installation-guide.md for installation instructions.
Then [MUST] run aliyun configure set --auto-plugin-install true to enable automatic plugin installation.

CODEBLOCK0

If jq is not installed:

brew install jq   # macOS

---

2. Authentication

Pre-check: Alibaba Cloud Credentials Required
All credential configurations follow existing aliyun CLI settings, no separate configuration needed in scripts.
Security Rules:

• - NEVER read, echo, or print AK/SK values (e.g., echo $ALIBABA_CLOUD_ACCESS_KEY_ID is FORBIDDEN)
• NEVER ask the user to input AK/SK directly in the conversation or command line
• NEVER use aliyun configure set with literal credential values
• ONLY use aliyun configure list to check credential status

> aliyun configure list
> 

Check the output for a valid profile (AK, STS, or OAuth identity).
If no valid profile exists, STOP here.

1. 1. Obtain credentials from Alibaba Cloud Console
2. Configure credentials outside of this session (via aliyun configure in terminal or environment variables in shell profile)
3. Return and re-run after aliyun configure list shows a valid profile

---

3. RAM Policy

See references/ram-policies.md for RAM permissions required by this Skill.

Core permissions:

RAM Action	Description
INLINECODE9	Create Tair instance
INLINECODE10

Query instance status |
| r-kvstore:ModifySecurityIps | Modify IP whitelist |
| r-kvstore:AllocateInstancePublicConnection | Allocate public endpoint |
| r-kvstore:DescribeDBInstanceNetInfo | Query network info |

[MUST] Permission Failure Handling: When any command or API call fails due to permission errors at any point during execution, follow this process:

1. 1. Read references/ram-policies.md to get the full list of permissions required by this SKILL
2. Use ram-permission-diagnose skill to guide the user through requesting the necessary permissions
3. Pause and wait until the user confirms that the required permissions have been granted

---

4. Parameter Confirmation

IMPORTANT: Parameter Confirmation — Before executing any command or API call,
ALL user-customizable parameters (e.g., RegionId, instance names, CIDR blocks,
passwords, domain names, resource specifications, etc.) MUST be confirmed with the
user. Do NOT assume or use default values without explicit user approval.

Parameter	Required	Description	Default
VPCID	Yes	VPC ID, e.g. INLINECODE16	—
VSWITCHID

Yes | VSwitch ID, e.g. vsw-bp1xxx | — | | REGION_ID | No | Region ID | cn-hangzhou | | ZONE_ID | No | Zone ID | cn-hangzhou-h | | INSTANCE_TYPE | No | Instance series | tair_rdb | | INSTANCE_CLASS | No | Instance specification | tair.rdb.1g | | INSTANCE_NAME | No | Instance name | tair-benchmark-<timestamp> |

Common Specifications

Standard Architecture

InstanceClass	Memory	Bandwidth	Max Connections	QPS Reference
tair.rdb.1g	1 GB	768 Mbps	30,000	300,000
tair.rdb.2g

2 GB | 768 Mbps | 30,000 | 300,000 | | tair.rdb.4g | 4 GB | 768 Mbps | 40,000 | 300,000 | | tair.rdb.8g | 8 GB | 768 Mbps | 40,000 | 300,000 | | tair.rdb.16g | 16 GB | 768 Mbps | 40,000 | 300,000 | | tair.rdb.24g | 24 GB | 768 Mbps | 50,000 | 300,000 | | tair.rdb.32g | 32 GB | 768 Mbps | 50,000 | 300,000 | | tair.rdb.64g | 64 GB | 768 Mbps | 50,000 | 300,000 |

5. Core Workflow

[MUST] Execution Constraints

• - MUST and ONLY use scripts/create-and-connect-test.sh script to complete instance creation, whitelist configuration, public endpoint allocation, etc.
• DO NOT bypass the script to directly call aliyun r-kvstore CLI commands for the above operations
• DO NOT write or concatenate aliyun CLI commands to replace script functionality
• Model's responsibility is: collect parameters → set environment variables → run script. No improvisation allowed.

Set environment variables with collected parameters and run the all-in-one script:

CODEBLOCK3

The script will automatically complete: Create instance → Wait for ready → Configure whitelist → Allocate public endpoint → Get public connection info.

---

6. Success Verification

See references/verification-method.md for detailed verification steps.

Quick instance status verification:
CODEBLOCK4

Confirm InstanceStatus is Normal and public endpoint is allocated.

---

7. Troubleshooting

Issue	Solution
Connection timeout	Check if whitelist includes current public IP (must be IPv4)
Public endpoint empty

Confirm allocate-instance-public-connection executed successfully and wait for instance to recover to Normal |

---

8. Best Practices

1. 1. Use pay-as-you-go (PostPaid) for testing
2. Only add test machine's public IP to whitelist, follow least privilege principle

---

9. Reference Links

Reference	Description
references/cli-installation-guide.md	Aliyun CLI Installation and Configuration Guide
references/ram-policies.md

RAM Permission Policy Document | | references/related-commands.md | Related CLI Commands and Parameters | | references/verification-method.md | Success Verification Method | | references/acceptance-criteria.md | Acceptance Criteria |