docs:自建 MongoDB 迁移到云数据库的terraform模板

Author: wbw2048

solution/tech-solution/migrate-ecs-mongodb-to-cloud/README.md

@@ -0,0 +1,52 @@
+<!-- DOCS_DESCRIPTION_CN -->
+本示例用于实现解决方案[自建 MongoDB 迁移到云数据库](https://www.aliyun.com/solution/tech-solution/migrate-self-managed-mongodb-to-cloud), 涉及到专有网络（VPC）、交换机（VSwitch）、云服务器（ECS）、云数据库（MongoDB） 等资源的创建。
+<!-- DOCS_DESCRIPTION_CN -->
+
+<!-- DOCS_DESCRIPTION_EN -->
+This example demonstrates the implementation of the solution [Migrate self-managed mongodb to cloud](https://www.aliyun.com/solution/tech-solution/migrate-self-managed-mongodb-to-cloud). It involves the creation, and deployment of resources such as Virtual Private Cloud (VPC), VSwitch, Elastic Compute Service (ECS), and ApsaraDB for MongoDB.
+<!-- DOCS_DESCRIPTION_EN -->
+
+<!-- BEGIN_TF_DOCS -->
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_alicloud"></a> [alicloud](#provider\_alicloud) | 1.253.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.7.2 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [alicloud_ecs_command.run_command](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ecs_command) | resource |
+| [alicloud_ecs_invocation.install_mongodb](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ecs_invocation) | resource |
+| [alicloud_instance.mongodb_server](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/instance) | resource |
+| [alicloud_mongodb_instance.mongodb](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/mongodb_instance) | resource |
+| [alicloud_security_group.security_group](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/security_group) | resource |
+| [alicloud_security_group_rule.http](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/security_group_rule) | resource |
+| [alicloud_security_group_rule.mongodb_egress](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/security_group_rule) | resource |
+| [alicloud_security_group_rule.mongodb_ingress](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/security_group_rule) | resource |
+| [alicloud_security_group_rule.rdp](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/security_group_rule) | resource |
+| [alicloud_vpc.vpc](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/vpc) | resource |
+| [alicloud_vswitch.vswitch](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/vswitch) | resource |
+| [random_id.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [alicloud_images.default](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/images) | data source |
+| [alicloud_instance_types.default](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/instance_types) | data source |
+| [alicloud_mongodb_zones.default](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/mongodb_zones) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_db_name"></a> [db\_name](#input\_db\_name) | 请输入自建MongoDB数据库名称（由小写字母、数字及特殊字符 -\_ 组成，以小写字母开头，小写字母或数字结尾，最多64个字符）。 | `string` | `"mongodb_transfer_test"` | no |
+| <a name="input_db_password"></a> [db\_password](#input\_db\_password) | 请输入自建MongoDB数据库密码。密码长度为8-32位，需包含大写字母、小写字母、数字和特殊字符（如：!@#$%^&*()\_+-=）。 | `string` | n/a | yes |
+| <a name="input_db_user_name"></a> [db\_user\_name](#input\_db\_user\_name) | 请输入自建MongoDB数据库账号（长度为2-16个字符，仅允许小写字母、大写字母、数字和下划线，必须以字母开头，以字母或数字结尾）。 | `string` | n/a | yes |
+| <a name="input_ecs_instance_password"></a> [ecs\_instance\_password](#input\_ecs\_instance\_password) | 请输入服务器登录密码。密码长度为8-30位，必须包含大写字母、小写字母、数字和特殊字符（如：!@#$%^&*\_-+=\|{}[]:;'<>,.?/）。 | `string` | n/a | yes |
+| <a name="input_mongodb_account_password"></a> [mongodb\_account\_password](#input\_mongodb\_account\_password) | 请输入MongoDB Root密码。密码长度为6-32位，需包含大写字母、小写字母、数字和特殊字符（如：!@#$%^&*()\_+-=）。 | `string` | n/a | yes |
+| <a name="input_mongodb_instance_class"></a> [mongodb\_instance\_class](#input\_mongodb\_instance\_class) | 请输入MongoDB实例规格（例如：mdb.shard.2x.xlarge.d）。根据您的数据库负载选择合适的规格。 | `string` | `"mdb.shard.2x.xlarge.d"` | no |
+| <a name="input_region_id"></a> [region\_id](#input\_region\_id) | 请输入地域ID（例如：cn-hangzhou）。 | `string` | `"cn-hangzhou"` | no |
+<!-- END_TF_DOCS -->

solution/tech-solution/migrate-ecs-mongodb-to-cloud/main.tf

@@ -0,0 +1,137 @@
+provider "alicloud" {
+  region = var.region_id
+}
+
+resource "random_id" "suffix" {
+  byte_length = 8
+}
+data "alicloud_mongodb_zones" "default" {
+}
+
+data "alicloud_instance_types" "default" {
+  system_disk_category = "cloud_essd"
+  image_id             = data.alicloud_images.default.images[0].id
+  instance_type_family = "ecs.c6"
+  availability_zone    = data.alicloud_mongodb_zones.default.zones[length(data.alicloud_mongodb_zones.default.zones) - 1].id
+}
+
+data "alicloud_images" "default" {
+  name_regex  = "^aliyun_3_x64_20G_alibase_*"
+  most_recent = true
+  owners      = "system"
+}
+
+locals {
+  common_name = random_id.suffix.id
+  ecs_command = <<SHELL
+#!/bin/bash
+cat << INNER_EOF >> ~/.bash_profile
+export DB_NAME=${var.db_name}
+export DB_USERNAME=${var.db_user_name}
+export DB_PASSWORD=${var.db_password}
+export ROS_DEPLOY=true
+INNER_EOF
+
+source ~/.bash_profile
+
+curl -fsSL https://help-static-aliyun-doc.aliyuncs.com/install-script/ecs-mongo-to-cloud/install_init.sh|bash
+SHELL
+}
+
+# VPC Resources
+resource "alicloud_vpc" "vpc" {
+  vpc_name   = "VPC_HZ"
+  cidr_block = "192.168.0.0/16"
+}
+
+resource "alicloud_vswitch" "vswitch" {
+  vpc_id       = alicloud_vpc.vpc.id
+  cidr_block   = "192.168.1.0/24"
+  zone_id      = data.alicloud_mongodb_zones.default.zones[length(data.alicloud_mongodb_zones.default.zones) - 1].id
+  vswitch_name = "vsw_001"
+}
+
+# Security Group
+resource "alicloud_security_group" "security_group" {
+  vpc_id              = alicloud_vpc.vpc.id
+  security_group_name = "sg-mongodb-${local.common_name}"
+  security_group_type = "normal"
+}
+
+# Security Group Rules
+resource "alicloud_security_group_rule" "http" {
+  type              = "ingress"
+  ip_protocol       = "tcp"
+  port_range        = "80/80"
+  cidr_ip           = "0.0.0.0/0"
+  security_group_id = alicloud_security_group.security_group.id
+}
+
+resource "alicloud_security_group_rule" "rdp" {
+  type              = "ingress"
+  ip_protocol       = "tcp"
+  port_range        = "3389/3389"
+  cidr_ip           = "0.0.0.0/0"
+  security_group_id = alicloud_security_group.security_group.id
+}
+
+resource "alicloud_security_group_rule" "mongodb_ingress" {
+  type              = "ingress"
+  ip_protocol       = "tcp"
+  port_range        = "27017/27017"
+  cidr_ip           = "0.0.0.0/0"
+  security_group_id = alicloud_security_group.security_group.id
+}
+
+resource "alicloud_security_group_rule" "mongodb_egress" {
+  type              = "egress"
+  ip_protocol       = "tcp"
+  port_range        = "27017/27017"
+  cidr_ip           = "0.0.0.0/0"
+  security_group_id = alicloud_security_group.security_group.id
+}
+
+# MongoDB Resources
+resource "alicloud_mongodb_instance" "mongodb" {
+  engine_version      = "8.0"
+  db_instance_class   = var.mongodb_instance_class
+  db_instance_storage = 20
+  name                = "mongodb_test"
+  account_password    = var.mongodb_password
+  security_ip_list    = ["192.168.1.0/24"]
+  vpc_id              = alicloud_vpc.vpc.id
+  vswitch_id          = alicloud_vswitch.vswitch.id
+  storage_engine      = "WiredTiger"
+  storage_type        = "cloud_essd1"
+}
+
+# ECS Resources
+resource "alicloud_instance" "mongodb_server" {
+  instance_name              = "mongodb-server-${local.common_name}"
+  system_disk_category       = data.alicloud_instance_types.default.system_disk_category
+  image_id                   = data.alicloud_images.default.images[0].id
+  vswitch_id                 = alicloud_vswitch.vswitch.id
+  password                   = var.ecs_instance_password
+  instance_type              = data.alicloud_instance_types.default.instance_types[0].id
+  internet_max_bandwidth_out = 5
+  security_groups            = [alicloud_security_group.security_group.id]
+}
+
+resource "alicloud_ecs_command" "run_command" {
+  name             = "install-mongodb-${local.common_name}"
+  description      = "install_mongodb_${local.common_name}_description"
+  enable_parameter = false
+  type             = "RunShellScript"
+  command_content  = base64encode(local.ecs_command)
+  timeout          = 3600
+  working_dir      = "/root"
+}
+
+resource "alicloud_ecs_invocation" "install_mongodb" {
+  instance_id = [alicloud_instance.mongodb_server.id]
+  command_id  = alicloud_ecs_command.run_command.id
+  depends_on  = [alicloud_mongodb_instance.mongodb, alicloud_instance.mongodb_server]
+  timeouts {
+    create = "10m"
+  }
+}

solution/tech-solution/migrate-ecs-mongodb-to-cloud/output.tf

@@ -0,0 +1,6 @@
+# Outputs
+output "mongodb_inner_connection_string" {
+  description = "MongoDB内网连接地址"
+  value       = "mongodb://root:${var.mongodb_password}@${alicloud_mongodb_instance.mongodb.replica_sets[0].connection_domain}:27017/${var.db_name}"
+  sensitive   = true
+}

solution/tech-solution/migrate-ecs-mongodb-to-cloud/variable.tf

@@ -0,0 +1,61 @@
+# Parameters
+variable "region_id" {
+  description = "请输入地域ID（例如：cn-hangzhou）。"
+  default     = "cn-hangzhou"
+}
+
+variable "ecs_instance_password" {
+  description = "请输入服务器登录密码。密码长度为8-30位，必须包含大写字母、小写字母、数字和特殊字符（如：!@#$%^&*_-+=|{}[]:;'<>,.?/）。"
+  type        = string
+  sensitive   = true
+  validation {
+    condition     = length(var.ecs_instance_password) >= 8 && length(var.ecs_instance_password) <= 30 && can(regex("^[0-9A-Za-z\\_\\-\\&:;'<>,=%`~!@#\\(\\)\\$\\^\\*\\+\\|\\{\\}\\[\\]\\.\\?\\/]+$", var.ecs_instance_password))
+    error_message = "密码长度必须在8-30个字符之间，只能包含英文字母、数字和特殊字符!@#$%^&*()_+-=|{}[]:;'<>,.?/~`%=。"
+  }
+}
+
+variable "db_name" {
+  description = "请输入自建MongoDB数据库名称（由小写字母、数字及特殊字符 -_ 组成，以小写字母开头，小写字母或数字结尾，最多64个字符）。"
+  type        = string
+  default     = "mongodb_transfer_test"
+  validation {
+    condition     = can(regex("^([a-z][a-z0-9_-]{0,62}[a-z0-9])$", var.db_name)) && !contains(["admin", "config", "local", "test"], var.db_name)
+    error_message = "数据库名称格式不正确。名称应由小写字母、数字及特殊字符 -_ 组成，以小写字母开头，小写字母或数字结尾，最多64个字符，且不能为admin、config、local、test。"
+  }
+}
+
+variable "db_user_name" {
+  description = "请输入自建MongoDB数据库账号（长度为2-16个字符，仅允许小写字母、大写字母、数字和下划线，必须以字母开头，以字母或数字结尾）。"
+  type        = string
+  default     = "mongouser"
+  validation {
+    condition     = length(var.db_user_name) >= 2 && length(var.db_user_name) <= 16 && can(regex("^[a-zA-Z][a-zA-Z0-9_]*[a-zA-Z0-9]$", var.db_user_name))
+    error_message = "用户名格式不正确。用户名应由字母、数字和下划线组成，必须以字母开头，以字母或数字结尾，长度为2-16个字符。"
+  }
+}
+
+variable "db_password" {
+  description = "请输入自建MongoDB数据库密码。密码长度为8-32位，需包含大写字母、小写字母、数字和特殊字符（如：!@#$%^&*()_+-=）。"
+  type        = string
+  sensitive   = true
+  validation {
+    condition     = length(var.db_password) >= 8 && length(var.db_password) <= 32 && can(regex("^[0-9A-Za-z\\_\\-\\&:;'<>,=%`~!@#\\(\\)\\$\\^\\*\\+\\|\\{\\}\\[\\]\\.\\?\\/]+$", var.db_password))
+    error_message = "密码长度必须在8-32个字符之间，只能包含英文字母、数字和特殊字符!@#$%^&*()_+-=|{}[]:;'<>,.?/~`%=。"
+  }
+}
+
+variable "mongodb_instance_class" {
+  description = "请输入MongoDB实例规格（例如：mdb.shard.2x.xlarge.d）。根据您的数据库负载选择合适的规格。"
+  type        = string
+  default     = "mdb.shard.2x.xlarge.d"
+}
+
+variable "mongodb_password" {
+  description = "请输入MongoDB Root密码。密码长度为6-32位，需包含大写字母、小写字母、数字和特殊字符（如：!@#$%^&*()_+-=）。"
+  type        = string
+  sensitive   = true
+  validation {
+    condition     = length(var.mongodb_password) >= 6 && length(var.mongodb_password) <= 32 && can(regex("^[0-9A-Za-z\\_\\-\\&:;'<>,=%`~!@#\\(\\)\\$\\^\\*\\+\\|\\{\\}\\[\\]\\.\\?\\/]+$", var.mongodb_password))
+    error_message = "MongoDB Root密码长度必须在6-32个字符之间，只能包含英文字母、数字和特殊字符!@#$%^&*()_+-=|{}[]:;'<>,.?/~`%=。"
+  }
+}