157 lines
4.1 KiB
Markdown
157 lines
4.1 KiB
Markdown
# CosyVoice访问OSS配置指南
|
||
|
||
## 问题说明
|
||
CosyVoice复刻服务需要访问OSS存储的音频文件,但默认情况下CosyVoice没有访问用户OSS的权限。
|
||
|
||
## 解决方案:配置RAM权限
|
||
|
||
### 1. 创建RAM角色
|
||
在阿里云RAM控制台创建角色,允许CosyVoice服务访问OSS:
|
||
|
||
```json
|
||
{
|
||
"Version": "1",
|
||
"Statement": [
|
||
{
|
||
"Effect": "Allow",
|
||
"Action": [
|
||
"oss:GetObject",
|
||
"oss:HeadObject"
|
||
],
|
||
"Resource": [
|
||
"acs:oss:*:*:{bucket-name}/*"
|
||
]
|
||
}
|
||
]
|
||
}
|
||
```
|
||
|
||
**参数说明:**
|
||
- `{bucket-name}`:替换为你的OSS存储桶名称
|
||
|
||
### 2. 配置信任策略
|
||
为RAM角色添加信任策略,允许DashScope服务扮演该角色:
|
||
|
||
```json
|
||
{
|
||
"Version": "1",
|
||
"Statement": [
|
||
{
|
||
"Effect": "Allow",
|
||
"Principal": {
|
||
"Service": [
|
||
"dashscope.aliyuncs.com"
|
||
]
|
||
},
|
||
"Action": "sts:AssumeRole"
|
||
}
|
||
]
|
||
}
|
||
```
|
||
|
||
### 3. 授权步骤(控制台操作)
|
||
|
||
**步骤1:创建自定义权限策略**
|
||
1. 登录阿里云控制台 → 访问控制(RAM) → 权限管理 → 权限策略
|
||
2. 点击"创建策略"
|
||
3. 选择"脚本配置"
|
||
4. 粘贴上述JSON权限策略
|
||
5. 策略名称:`CosyVoice-OSS-Access`
|
||
6. 点击"确定"
|
||
|
||
**步骤2:创建RAM角色**
|
||
1. RAM → 身份管理 → 角色 → 创建角色
|
||
2. 选择"阿里云服务" → "DashScope"
|
||
3. 输入角色名称:`CosyVoice-OSS-Role`
|
||
4. 完成创建
|
||
|
||
**步骤3:授权角色访问OSS**
|
||
1. 在角色详情页面,点击"添加权限"
|
||
2. 搜索并添加:
|
||
- `AliyunOSSReadOnlyAccess`(阿里云OSS只读权限)
|
||
- `CosyVoice-OSS-Access`(自定义权限)
|
||
3. 点击"确定"
|
||
|
||
**步骤4:获取ARN**
|
||
在角色详情页面,复制"ARN":
|
||
```
|
||
acs:ram::{你的AccountID}:role/CosyVoice-OSS-Role
|
||
```
|
||
|
||
### 4. 配置application.yaml
|
||
|
||
在 `yudao-server/src/main/resources/application.yaml` 中添加:
|
||
|
||
```yaml
|
||
yudao:
|
||
cosyvoice:
|
||
# ... 其他配置
|
||
# RAM角色ARN(用于授权CosyVoice访问OSS)
|
||
ram-role-arn: "acs:ram::{AccountID}:role/CosyVoice-OSS-Role"
|
||
```
|
||
|
||
### 5. 修改OSS访问方式
|
||
|
||
在 `CosyVoiceClient.buildClonePayload()` 中,添加授权信息:
|
||
|
||
```java
|
||
// 在请求头中添加Authorization
|
||
Request httpRequest = new Request.Builder()
|
||
.url(properties.getVoiceEnrollmentUrl())
|
||
.addHeader("Authorization", "Bearer " + properties.getApiKey())
|
||
.addHeader("Content-Type", "application/json")
|
||
// 添加STS临时凭证(需要先调用AssumeRole获取临时凭证)
|
||
.addHeader("x-acs-security-token", "{security-token}")
|
||
.post(RequestBody.create(payload.getBytes(StandardCharsets.UTF_8), JSON))
|
||
.build();
|
||
```
|
||
|
||
### 6. 获取STS临时凭证(Java代码)
|
||
|
||
```java
|
||
import com.aliyun.sts20150401.Client;
|
||
import com.aliyun.sts20150401.models.AssumeRoleRequest;
|
||
import com.aliyun.sts20150401.models.AssumeRoleResponse;
|
||
|
||
public String getSecurityToken() {
|
||
// 需要配置RAM角色ARN和访问密钥
|
||
AssumeRoleRequest request = new AssumeRoleRequest()
|
||
.setRoleArn(properties.getRamRoleArn())
|
||
.setRoleSessionName("cosyvoice-session");
|
||
|
||
AssumeRoleResponse response = client.assumeRole(request);
|
||
return response.body.credentials.securityToken;
|
||
}
|
||
```
|
||
|
||
### 7. 完整实现思路
|
||
|
||
1. **本地开发**:使用STS临时凭证
|
||
2. **生产环境**:
|
||
- 方案A:配置RAM角色,让CosyVoice直接访问OSS
|
||
- 方案B:将音频文件上传到CosyVoice可访问的公共OSS存储桶
|
||
|
||
## 替代方案:使用公共OSS存储桶
|
||
|
||
如果RAM权限配置复杂,可以:
|
||
|
||
1. 创建公共可读的OSS存储桶
|
||
2. 将音频文件上传到该存储桶
|
||
3. 使用公共URL进行复刻
|
||
|
||
**注意**:公共存储桶存在安全风险,仅用于测试!
|
||
|
||
## 验证配置
|
||
|
||
配置完成后,重新测试语音复刻功能:
|
||
|
||
1. 查看日志中的请求URL是否可公网访问
|
||
2. 查看是否还有"url error"错误
|
||
3. 查看复刻是否成功返回voice_id
|
||
|
||
## 参考资料
|
||
|
||
- [阿里云RAM权限管理](https://help.aliyun.com/zh/ram/instance/role/parameter-overview)
|
||
- [STS临时凭证](https://help.aliyun.com/zh/acs/STS/usage-scenarios/usage-scenarios)
|
||
- [CosyVoice错误代码](https://help.aliyun.com/zh/model-studio/error-code#error-url)
|