引言
在华为云上,对CDN缓存内容进行刷新是一个常见的需求,以确保最新的内容能尽快被用户访问到。通过使用Go语言,我们可以开发一个自动化的工具来实现这一需求,并将其集成到Jenkins中以实现持续部署。下面我们将分步骤讲解如何实现。
1. 实现CDN的刷新
要用Go实现华为云CDN的刷新工作,我们需要首先安装go-sdk
,这是华为云为Go开发者提供的SDK,包含了操作华为云服务的API接口。
步骤1.1 安装华为云官方Go SDK
我们可以使用go get
命令来安装SDK:
go get -u github.com/huaweicloud/huaweicloud-sdk-go-v3
步骤1.2 创建CDN刷新任务
使用华为云apiexplorer查看一下cdn的实例代码:
创建刷新缓存任务实例,有V1 V2版本区别,但是看了一眼,目测代码没有什么区别,这里就继续使用v1版本了:
package mainimport ("fmt""github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"cdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1""github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1/model"region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1/region"
)func main() {// The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.// In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environmentak := os.Getenv("CLOUD_SDK_AK")sk := os.Getenv("CLOUD_SDK_SK")auth := global.NewCredentialsBuilder().WithAk(ak).WithSk(sk).Build()client := cdn.NewCdnClient(cdn.CdnClientBuilder().WithRegion(region.ValueOf("cn-north-1")).WithCredential(auth).Build())request := &model.CreateRefreshTasksRequest{}request.Body = &model.RefreshTaskRequest{}response, err := client.CreateRefreshTasks(request)if err == nil {fmt.Printf("%+v\n", response)} else {fmt.Println(err)}
}
根据上面的代码做一个简单的实例,演示如何使用华为云Go SDK创建CDN刷新任务:
域名使用 传入的方式,这里就直接使用了os.Args,传递参数:
package mainimport ("fmt""github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global""github.com/huaweicloud/huaweicloud-sdk-go-v3/core/config"cdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1""github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1/model""github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1/region""os"
)func main() {if len(os.Args) < 2 {fmt.Println("Usage: go run main.go <your-cdn-url>")return}cdnUrl := os.Args[1]ak := "YOUR_ACCESS_KEY"sk := "YOUR_SECRET_KEY"auth := global.NewCredentialsBuilder().WithAk(ak).WithSk(sk).Build()hcClient := cdn.NewCdnClient(cdn.CdnClientBuilder().WithRegion(region.ValueOf("cn-north-1")).WithCredential(auth).WithHttpConfig(config.DefaultHttpConfig()).Build())// Create CDN refresh taskcreateRefreshTask(hcClient, cdnUrl)
}func createRefreshTask(hcClient *cdn.CdnClient, cdnUrl string) {refreshTaskRequest := &model.CreateRefreshTasksRequest{}typeRefreshTask := model.GetRefreshTaskRequestBodyTypeEnum().DIRECTORYmodeRefreshTask := model.GetRefreshTaskRequestBodyModeEnum().DETECT_MODIFY_REFRESHzhUrlEncodeRefreshTask := falserefreshTaskbody := &model.RefreshTaskRequestBody{Type: &typeRefreshTask,Mode: &modeRefreshTask,ZhUrlEncode: &zhUrlEncodeRefreshTask,Urls: []string{cdnUrl},}refreshTaskRequest.Body = &model.RefreshTaskRequest{RefreshTask: refreshTaskbody,}// Create the refresh taskresponse, err := hcClient.CreateRefreshTasks(refreshTaskRequest)if err != nil {fmt.Fprintf(os.Stderr, "Error creating CDN refresh task: %s\n", err)os.Exit(2)}fmt.Printf("CDN refresh task created successfully: %s\n", response)
}
在上述代码中,替换**YOUR_ACCESS_KEY**
、**YOUR_SECRET_KEY**
为你的华为云账号的密钥信息。
尝试运行脚本:
go run main.go https://xxx.xxx.com/
末尾以**/**单斜线结尾!
注:以上代码以刷新目录为例,且只刷新变更资源!具体参数或者其他需求可以参考:https://console.huaweicloud.com/apiexplorer/#/openapi/CDN/doc?version=v1&api=CreateRefreshTasks,文档中参数!
2. 查询file URL余量
在创建刷新任务后,我们可能还需要查询当前账户下的URL刷新余量,以确保后续操作不会受到次数限制的影响。
步骤2.1 查询CDN file URL余量
可以在上面的Go程序中继续添加以下查询余量的代码片段:
参照:https://console.huaweicloud.com/apiexplorer/#/openapi/CDN/debug?version=v1&api=ShowQuota
尝试调试,查看返回值数据结构,编写代码如下:
// 查询URL 目录余量
func queryCdnQuota(hcClient *cdn.CdnClient) {request := &model.ShowQuotaRequest{}response, err := hcClient.ShowQuota(request)if err != nil {fmt.Fprintf(os.Stderr, "Error querying CDN quota: %s\n", err)os.Exit(2)}// 请确保 response.Quotas 不是nil,否则可能会导致空指针异常if response.Quotas == nil {fmt.Fprintln(os.Stderr, "Error: received nil Quotas in response")os.Exit(2)}// 自定义类型名称的映射typeNameMap := map[string]string{"file_refresh": "缓存刷新剩余Url条数","dir_refresh": "缓存刷新剩余目录数",}// Print out the customized quota informationfmt.Println("CDN quota information:")for _, quota := range *response.Quotas {// 检查quota.Type是否为我们关心的类型之一if customName, ok := typeNameMap[*quota.Type]; ok {remaining := *quota.QuotaLimit - *quota.Usedfmt.Printf("- %s: %d\n", customName, remaining)}}
}
在main函数中增加一下代码:
queryCdnQuota(hcClient)
此片段會在创建CDN刷新任务之后调用ShowQuota
接口,查询并打印出当前账户的URL以及目录刷新余量信息。typeNameMap部分是我想自定义一下输出打印的名称,增加可读性!
完成代码如下:
package mainimport ("fmt""github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global""github.com/huaweicloud/huaweicloud-sdk-go-v3/core/config"cdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1""github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1/model""github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1/region""os"
)func main() {if len(os.Args) < 2 {fmt.Println("Usage: go run main.go <your-cdn-url>")return}cdnUrl := os.Args[1]ak := "YOUR_ACCESS_KEY"sk := "YOUR_SECRET_KEY"auth := global.NewCredentialsBuilder().WithAk(ak).WithSk(sk).Build()hcClient := cdn.NewCdnClient(cdn.CdnClientBuilder().WithRegion(region.ValueOf("cn-north-1")).WithCredential(auth).WithHttpConfig(config.DefaultHttpConfig()).Build())// Create CDN refresh taskcreateRefreshTask(hcClient, cdnUrl)
}func createRefreshTask(hcClient *cdn.CdnClient, cdnUrl string) {refreshTaskRequest := &model.CreateRefreshTasksRequest{}typeRefreshTask := model.GetRefreshTaskRequestBodyTypeEnum().DIRECTORYmodeRefreshTask := model.GetRefreshTaskRequestBodyModeEnum().DETECT_MODIFY_REFRESHzhUrlEncodeRefreshTask := falserefreshTaskbody := &model.RefreshTaskRequestBody{Type: &typeRefreshTask,Mode: &modeRefreshTask,ZhUrlEncode: &zhUrlEncodeRefreshTask,Urls: []string{cdnUrl},}refreshTaskRequest.Body = &model.RefreshTaskRequest{RefreshTask: refreshTaskbody,}// Create the refresh taskresponse, err := hcClient.CreateRefreshTasks(refreshTaskRequest)if err != nil {fmt.Fprintf(os.Stderr, "Error creating CDN refresh task: %s\n", err)os.Exit(2)}fmt.Printf("CDN refresh task created successfully: %s\n", response)
}
运行代码返回数据格式如下:
go run main.go https://xxx.xxx.com/
3. 在Jenkins节点上运行程序
一旦我们的Go程序可以正确执行CDN刷新和查询余量的操作,接下来的步骤就是在Jenkins中配置该程序的运行环境。
步骤3.1 创建一个新的Jenkins任务
在Jenkins中创建一个Freestyle项目或者Pipeline项目,此部分取决于你的工作流。为了简便说明,我们这里以Freestyle项目为例。
步骤3.2 配置构建步骤
首先添加一个参数化构建过程,传入参数:
限制一下可运行的节点:
在你的Jenkins任务配置页中,添加一个构建步骤,选择“Execute shell”(对于Linux系统)或“Execute Windows batch command”(对于Windows系统),并填入以下内容:
# 假设你的Go程序名为`main`,且已经编译到Jenkins的工作空间中
cd /home/flush-hw&&./main $dir
确保构建环境中已经安装了Go运行时,并且环境变量已经配置,这样main
程序才可以在Jenkins节点上运行没有问题。
注:main要有可执行权限,复制过来要记得chmod +x main .
4. 使用Jenkins Credentials管理AK/SK密钥
为了避免在代码中硬编码敏感信息,如Access Key和Secret Key,推荐使用Jenkins的Credentials插件来管理这些密钥。
步骤4.1 添加Credentials
在Jenkins中进入Credentials管理页面,添加一个新的Credentials,选择“Secret text”,其中**Secret**
字段填入AK:SK的格式。记住这里的**ID,**接下来绑定的时候会用到
步骤4.2 修改Go程序以获取Credentials
之后,你需要修改Go程序,让其从环境变量中读取AK和SK。例如:
package mainimport ("fmt""github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global""github.com/huaweicloud/huaweicloud-sdk-go-v3/core/config"cdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1""github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1/model""github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v1/region""os""strings"
)func main() {if len(os.Args) < 2 {fmt.Println("Usage: go run main.go <your-cdn-url>")return}cdnUrl := os.Args[1]// 尝试从环境变量中获取ak和skcreds := os.Getenv("huaweiyun-hn-cdn")if creds == "" {fmt.Fprintln(os.Stderr, "Error: Credentials environment variable is not set.")os.Exit(1)}parts := strings.SplitN(creds, ":", 2)if len(parts) != 2 {fmt.Fprintln(os.Stderr, "Error: Invalid credential format. Expected 'AK:SK'.")os.Exit(1)}ak, sk := parts[0], parts[1]auth := global.NewCredentialsBuilder().WithAk(ak).WithSk(sk).Build()hcClient := cdn.NewCdnClient(cdn.CdnClientBuilder().WithRegion(region.ValueOf("cn-north-1")).WithCredential(auth).WithHttpConfig(config.DefaultHttpConfig()).Build())// Create CDN refresh taskcreateRefreshTask(hcClient, cdnUrl)// Query remaining refresh and preload quotaqueryCdnQuota(hcClient)
}func createRefreshTask(hcClient *cdn.CdnClient, cdnUrl string) {refreshTaskRequest := &model.CreateRefreshTasksRequest{}typeRefreshTask := model.GetRefreshTaskRequestBodyTypeEnum().DIRECTORYmodeRefreshTask := model.GetRefreshTaskRequestBodyModeEnum().DETECT_MODIFY_REFRESHzhUrlEncodeRefreshTask := falserefreshTaskbody := &model.RefreshTaskRequestBody{Type: &typeRefreshTask,Mode: &modeRefreshTask,ZhUrlEncode: &zhUrlEncodeRefreshTask,Urls: []string{cdnUrl},}refreshTaskRequest.Body = &model.RefreshTaskRequest{RefreshTask: refreshTaskbody,}// Create the refresh taskresponse, err := hcClient.CreateRefreshTasks(refreshTaskRequest)if err != nil {fmt.Fprintf(os.Stderr, "Error creating CDN refresh task: %s\n", err)os.Exit(2)}fmt.Printf("CDN refresh task created successfully: %s\n", response)
}
func queryCdnQuota(hcClient *cdn.CdnClient) {request := &model.ShowQuotaRequest{}response, err := hcClient.ShowQuota(request)if err != nil {fmt.Fprintf(os.Stderr, "Error querying CDN quota: %s\n", err)os.Exit(2)}// 请确保 response.Quotas 不是nil,否则可能会导致空指针异常if response.Quotas == nil {fmt.Fprintln(os.Stderr, "Error: received nil Quotas in response")os.Exit(2)}// 自定义类型名称的映射typeNameMap := map[string]string{"file_refresh": "缓存刷新剩余Url条数","dir_refresh": "缓存刷新剩余目录数",}// Print out the customized quota informationfmt.Println("CDN quota information:")for _, quota := range *response.Quotas {// 检查quota.Type是否为我们关心的类型之一if customName, ok := typeNameMap[*quota.Type]; ok {remaining := *quota.QuotaLimit - *quota.Usedfmt.Printf("- %s: %d\n", customName, remaining)}}
}
步骤4.3 配置Jenkins任务以传递Credentials
在Jenkins任务的构建环境配置中,使用Credentials Binding插件将新添加的Credentials绑定到相应的环境变量中。在“Build Environment”选择“Use secret text(s) or file(s)”,命名为xxx并绑定AK/SK到指定凭据:
步骤4.4 测试运行
最后,在Jenkins中运行配置好的任务,检查输出以确保CDN刷新和余量查询均运行顺利。
5. 其他的需求
1. 经常输入域名的时候忘记/单斜线,是否可以自动补全?
2. 设置改阈值?剩余量到20可以自动报警?邮件or短信
3. 优雅的pipeline?
结语
通过上述步骤,我们成功地实现了通过Go语言操作华为云CDN刷新服务的功能,并将其集成到Jenkins任务中,同时安全地管理了敏感的AK/SK凭证。这样的自动化工具对于管理大量的CDN资源来说非常有用,可以大大提高工作效率。
注:以上大纲chatgpt生成代码结构也是,代码基本也是chatgpt生成,貌似中间就有几个&指针数据格式有问题修改了一下