← 返回 Skills 市场
huaweiclouddev

huawei-cloud-sac-new-api

作者 huaweicloud-skills-team · GitHub ↗ · v0.0.1 · MIT-0
cross-platform ✓ 安全检测通过
36
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install huawei-cloud-sac-new-api
功能描述
Deploy NewAPI LLM Gateway on Huawei Cloud via Terraform. Use when deploying a unified LLM API gateway for multi-model management, load balancing, and key rot...
使用说明 (SKILL.md)

Huawei Cloud NewAPI LLM Gateway

Overview

Deploy the "Building a NewAPI LLM Gateway" solution end-to-end on Huawei Cloud. The platform provides a NewAPI-based LLM API gateway for unified management and forwarding of multiple large model API requests, supporting load balancing, key rotation, and usage statistics.

Architecture: ECS (Ubuntu 22.04) and VPC and Subnet and Security Group (SSH port 22 and NewAPI Web port 3000) and EIP and EVS (system disk). Cloud-init installs Docker and launches the NewAPI gateway container.

Tool chain: Playwright CLI (solution info extraction) + Python 3.10+ (helper scripts) + Terraform 1.5+ (declarative deployment). No KooCLI — all resource operations through Terraform.

Prerequisites

  • Python 3.10+, Playwright CLI, Terraform 1.5+ — see CLI Installation Guide
  • Huawei Cloud AK/SK via environment variables (HW_ACCESS_KEY, HW_SECRET_KEY); if not set, prompt user to manually edit terraform.auto.tfvars.json to fill in AK/SK — ⛔ never read or display this file in conversation context
  • IAM user with sufficient permissions — see IAM Policies

Security

  • 🚫 Never expose AK/SK in conversation or output
  • 🚫 Never ask user to type AK/SK in chat
  • 🚫 Never read or display terraform.auto.tfvars.json in conversation context (contains AK/SK)
  • ✅ Prefer IAM users over primary account
  • ✅ Modification ops (apply, destroy) require explicit user confirmation

Core Commands

Placeholder values (see Parameters for per-OS resolution):

Placeholder Linux / macOS Windows PowerShell Windows CMD
\x3Cpython> python3 python python
\x3Cscript_dir> ./scripts ./scripts scripts
\x3Ctemp_dir> /tmp $env:TEMP %TEMP%
\x3Cregion> cn-north-4 cn-north-4 cn-north-4
\x3Cworkdir> newapi-workdir newapi-workdir newapi-workdir
\x3Csolution_detail_page_url> (see Notes below) (same) (same)
\x3Ctf_template_url> (see Notes below) (same) (same)

\x3Csolution_detail_page_url> = https://www.huaweicloud.com/solution/implementations/building-a-newapi-llm-gateway.html

\x3Ctf_template_url> = https://documentation-samples.obs.cn-north-4.myhuaweicloud.com/solution-as-code-publicbucket/solution-as-code-moudle/building-a-newapi-llm-gateway/building-a-newapi-llm-gateway.tf.json

# 1. Extract solution info
\x3Cpython> \x3Cscript_dir>/extract_sac_deploy_info.py \
  --url "\x3Csolution_detail_page_url>" \
  --out \x3Ctemp_dir>/sac_selected.json

# 2. Download and normalize template
\x3Cpython> \x3Cscript_dir>/download_tf_template_file.py \
  --url "\x3Ctf_template_url>" \
  --out-dir \x3Ctemp_dir>/\x3Cworkdir>

\x3Cpython> \x3Cscript_dir>/normalize_tf_providers.py \x3Ctemp_dir>/\x3Cworkdir> \
  --region "\x3Cregion>"

# 3. List variables for review
\x3Cpython> \x3Cscript_dir>/list_tf_variables.py \x3Ctemp_dir>/\x3Cworkdir>

# 4. Deploy
terraform -chdir=\x3Ctemp_dir>/\x3Cworkdir> init
terraform -chdir=\x3Ctemp_dir>/\x3Cworkdir> plan
# ⛔ STOP — Review the plan output above. Do NOT auto-apply.
# Confirm with the user (AskUserQuestion or equivalent) before proceeding.
# Only after explicit user confirmation:
terraform -chdir=\x3Ctemp_dir>/\x3Cworkdir> apply

# 5. Verify
terraform -chdir=\x3Ctemp_dir>/\x3Cworkdir> state list
terraform -chdir=\x3Ctemp_dir>/\x3Cworkdir> output -json

# 6. Cleanup
terraform -chdir=\x3Ctemp_dir>/\x3Cworkdir> destroy
python -c "import os; f='\x3Ctemp_dir>/\x3Cworkdir>/terraform.auto.tfvars.json'; os.path.exists(f) and os.remove(f)"

Workflow

1. Extract solution info

After running the Core Commands step 1, display the results to the user:

  • Solution name: title field from output JSON
  • Estimated price: estimated_price_text field
  • Deploy links: list each text and url from deploy_links array
  • If title or estimated_price_text is empty, warn the user and suggest manual verification on the solution page

2. Download and normalize template

normalize_tf_providers.py writes terraform.auto.tfvars.json (including region and other parameters). If environment variables HW_ACCESS_KEY/HW_SECRET_KEY are not set, AK/SK fields are left empty. Tell the user the file path and prompt them to manually edit it to fill in AK/SK. ⛔ Never read or display the file contents in conversation context. Then continue to the next step.

3. Confirm variables

Review with user. Block apply if sensitive variables are empty/weak.

4. Deploy

STOP — Before running terraform apply, review the terraform plan output and confirm with the user (AskUserQuestion or equivalent). Do NOT auto-apply. Only proceed after explicit user confirmation.

5. Verify

See Verification Method and Acceptance Criteria.

6. Cleanup

Parameters

Parameter Required Default Constraint
region Yes cn-north-4 Only supported region
AK/SK Yes Env vars HW_ACCESS_KEY/HW_SECRET_KEY; if absent, prompt user to edit tfvars.json (⛔ never read tfvars.json in context)
ecs_password Yes 8-26 chars, mixed case + digit + special
ecs_flavor No x1.8u.16g ECS flavor ID
system_disk_size No 100 40-1024 GB
bandwidth_size No 300 EIP bandwidth in Mbit/s
charging_unit No month month or year
charging_period No 1

Post-Deploy Output

  • terraform output -json — includes access_instructions with NewAPI gateway URL
  • NewAPI Web UI: http://\x3CEIP>:3000 (allow ~10 min for cloud-init)
  • Verify: ssh root@\x3CEIP> "docker ps" shows NewAPI container running

Output Format

terraform output -json returns JSON with the following key fields:

{
  "access_instructions": { "value": "http://\x3CEIP>:3000" },
  "ecs_eip":             { "value": "\x3CElastic IP>" },
  "ecs_id":              { "value": "\x3CECS Instance ID>" },
  "vpc_id":              { "value": "\x3CVPC ID>" }
}

All script outputs are in JSON format: extract_sac_deploy_info.py outputs solution info JSON, list_tf_variables.py outputs variable list JSON.

Verification

Verify deployment results step by step:

  1. Template extraction — Check \x3Ctemp_dir>/sac_selected.json contains solution_name, price fields
  2. Template download — Confirm .tf files exist under \x3Ctemp_dir>/newapi-workdir and terraform validate passes
  3. Variable confirmation — Sensitive variables (AK/SK, password) are not empty in list_tf_variables.py output; user confirmed overrides
  4. Deploymentterraform plan shows no errors; user confirmed deployment; after apply, terraform state list shows all expected resources
  5. Service reachability — Wait 10-15 min for cloud-init, then curl -s http://\x3CEIP>:3000 returns 200
  6. Containerssh root@\x3CEIP> "docker ps" shows NewAPI container running

See Verification Method and Acceptance Criteria for details.

Best Practices

  • Always terraform plan before apply
  • Start with charging_unit=month; switch to year after validation
  • Allow 10-15 min post-deploy for cloud-init
  • Monitor NewAPI dashboard for API usage and key rotation status

Reference Documents

Document Description
CLI Installation Guide Install Python, Playwright CLI, Terraform
IAM Policies Permissions, agency setup, failure handling
Verification Method Step-by-step verification per workflow step
Acceptance Criteria Full deployment acceptance checklist
Related Commands Terraform, scripts, remote access reference

Notes

  • Only cn-north-4 region supported
  • terraform.auto.tfvars.json is sensitive — never commit to VCS; never read or display in conversation context
  • normalize_tf_providers.py writes region to tfvars; AK/SK left empty if env vars not set, user must fill manually
  • Tool chain: Playwright CLI + Python + Terraform — no KooCLI
安全使用建议
Install only if you intend to let an agent help provision Huawei Cloud resources. Use a dedicated least-privilege IAM user, review Terraform plans before apply or destroy, expect possible cloud charges, keep terraform.auto.tfvars.json out of version control/logs/artifacts, delete it after use, and restrict public network access where possible.
能力评估
Purpose & Capability
The skill artifacts consistently match the stated purpose: extract Huawei Cloud solution information, download and normalize Terraform templates, deploy a NewAPI gateway, verify it, and clean up resources.
Instruction Scope
The workflow uses network access, local file writes, environment variables, shell commands, and Terraform apply/destroy; these are expected for the purpose and the skill explicitly requires user confirmation before state-changing Terraform operations.
Install Mechanism
Prerequisite installation is documented for Python, Playwright CLI, browser support, and Terraform, including some global/system paths, but there is no hidden installer, background worker, or persistence mechanism.
Credentials
The documented workflow is scoped to Huawei Cloud cn-north-4 and specific Huawei-hosted URLs, though helper scripts accept arbitrary user-supplied URLs and directories, so users should keep inputs within the intended deployment context.
Persistence & Privilege
The skill writes Terraform working files and terraform.auto.tfvars.json, which may contain plaintext Huawei Cloud AK/SK; this is disclosed, outputs are masked, and cleanup is documented, but the local secret file still needs careful protection.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install huawei-cloud-sac-new-api
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /huawei-cloud-sac-new-api 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
- Initial release: Deploy NewAPI LLM Gateway solution to Huawei Cloud using Terraform, supporting unified API gateway management for large language models. - Provides end-to-end workflow: solution extraction, Terraform template management, deployment, verification, and cleanup. - Enforces strict AK/SK (API key) and sensitive data handling: never display or read credentials in chat; prompts user to edit files manually. - Includes step-by-step deployment, confirmation checkpoints, variable review, and resource validation for secure, transparent operations. - Outputs all key deployment results and instructions in structured JSON format for easy integration and review.
元数据
Slug huawei-cloud-sac-new-api
版本 0.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

huawei-cloud-sac-new-api 是什么?

Deploy NewAPI LLM Gateway on Huawei Cloud via Terraform. Use when deploying a unified LLM API gateway for multi-model management, load balancing, and key rot... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 36 次。

如何安装 huawei-cloud-sac-new-api?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install huawei-cloud-sac-new-api」即可一键安装,无需额外配置。

huawei-cloud-sac-new-api 是免费的吗?

是的,huawei-cloud-sac-new-api 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

huawei-cloud-sac-new-api 支持哪些平台?

huawei-cloud-sac-new-api 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 huawei-cloud-sac-new-api?

由 huaweicloud-skills-team(@huaweiclouddev)开发并维护,当前版本 v0.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论