Injiniya Hargitsi: fasahar lalata da gangan. Kashi na 2

Lura. fassara: Wannan labarin ya ci gaba da babban jerin labaran daga mai bishara na fasaha na AWS Adrian Hornsby, wanda ya tsara don bayyanawa a cikin sauƙi da kuma bayyana mahimmancin mahimmancin gwaji don rage sakamakon gazawar a cikin tsarin IT.

"Idan kun kasa shirya shirin, to kuna shirin gaza." - Benjamin Franklin

В bangare na farko A cikin wannan jerin labaran, na gabatar da manufar injiniyan hargitsi kuma na bayyana yadda yake taimakawa wajen ganowa da gyara kurakurai a cikin tsarin kafin su haifar da gazawar samarwa. Hakanan ya tattauna yadda injiniyan rudani ke haɓaka ingantaccen canjin al'adu tsakanin ƙungiyoyi.

A ƙarshen ɓangaren farko, na yi alkawarin yin magana game da "kayan aiki da hanyoyin gabatar da gazawa a cikin tsarin." Kaico, kaina na da nasa tsare-tsare game da wannan batu, kuma a cikin wannan labarin zan yi ƙoƙari in amsa tambaya mafi shaharar da ta taso tsakanin mutanen da ke son shiga aikin injiniyan hargitsi: Me za a fara karya?

Babbar tambaya! Koyaya, da alama bai damu da wannan panda ba musamman…

Kada ku yi rikici da hargitsin panda!

Amsa gajere: Nuna ayyuka masu mahimmanci tare da hanyar buƙatu.

Amsa mai tsayi amma mafi fayyace: Don fahimtar inda za a fara gwaji tare da hargitsi, kula da bangarori uku:

1. Kalli tarihin hatsari da kuma gano alamu;
2. Yanke shawara m dogara;
3. Yi amfani da abin da ake kira wuce gona da iri tasiri.

Yana da ban dariya, amma wannan ɓangaren ana iya kiran shi cikin sauƙi "Tafiya zuwa Gano Kai da Fadakarwa". A ciki za mu fara "wasa" tare da wasu kayan kida masu kyau.

1. Amsar ta kasance a baya

Idan kun tuna, a kashi na farko na gabatar da manufar Gyara Kurakurai (COE) - hanyar da muke yin nazari akan kurakuran mu - kurakuran fasaha, tsari ko tsari - don fahimtar dalilansu da hana su. maimaituwa a nan gaba . Gabaɗaya, wannan shine inda yakamata ku fara.

"Don fahimtar halin yanzu, kuna buƙatar sanin abubuwan da suka gabata." - Karl Sagan

Dubi tarihin gazawa, yi musu alama a COE ko bayan mutuwa sannan a rarraba su. Gano samfuran gama-gari waɗanda galibi ke haifar da matsaloli, kuma ga kowane COE, tambayi kanka wannan tambaya:

"Za a iya annabta wannan kuma don haka an hana shi ta hanyar allurar kuskure?"

Na tuna gazawa ɗaya a farkon aiki na. Za a iya hana shi cikin sauƙi idan da mun gudanar da gwaje-gwajen hargitsi guda biyu:

A ƙarƙashin yanayi na al'ada, al'amuran baya suna amsa tambayoyin lafiya daga Load balancer (ELB)). ELB yana amfani da waɗannan cak ɗin don tura buƙatun zuwa lokuta masu lafiya. Lokacin da ya bayyana cewa misali "marasa lafiya", ELB yana daina aika buƙatun zuwa gare shi. Wata rana, bayan kamfen ɗin tallace-tallace mai nasara, yawan zirga-zirga ya karu kuma masu goyon baya sun fara mayar da martani ga binciken lafiya a hankali fiye da yadda aka saba. Ya kamata a ce wadannan duban lafiya sun kasance zurfi, wato, an duba yanayin abin dogaro.

Koyaya, komai yayi kyau na ɗan lokaci.

Sa'an nan, riga a ƙarƙashin yanayin damuwa, ɗayan al'amuran ya fara aiwatar da wani aiki mara mahimmanci, aikin ETL cron na yau da kullun. Haɗin babban zirga-zirga da cronjob ya tura amfani da CPU zuwa kusan 100%. Yawan nauyin CPU ya kara rage martani ga binciken lafiya, har ELB ya yanke shawarar cewa misalin yana fuskantar matsalolin aiki. Kamar yadda aka zata, ma'auni ya daina rarraba zirga-zirga zuwa gare shi, wanda, bi da bi, ya haifar da karuwa a cikin nauyin da ya rage a cikin rukuni.

Nan da nan, duk sauran al'amura suma sun fara gaza duba lafiyarsu.

Fara sabon misali yana buƙatar zazzagewa da shigar da fakiti kuma ya ɗauki lokaci mai tsawo fiye da ɗaukar ELB don kashe su - ɗaya bayan ɗaya - a cikin rukunin autoscaling. A bayyane yake cewa ba da daɗewa ba tsarin duka ya kai matsayi mai mahimmanci kuma aikace-aikacen ya rushe.

Sannan har abada mun fahimci abubuwan da ke gaba:

• Shigar da software lokacin ƙirƙirar sabon misali yana ɗaukar lokaci mai tsawo; yana da kyau a ba da fifiko ga tsarin da ba za a iya canzawa ba kuma Golden AMI.
• A cikin hadaddun yanayi, martani ga binciken-lafiya da ELBs yakamata su ɗauki fifiko - abu na ƙarshe da kuke so shine dagula rayuwa ga sauran al'amuran.
• Caching na gida na duba lafiyar yana taimakawa da yawa (har ma na ƴan daƙiƙa kaɗan).
• A cikin yanayi mai wahala, kada ku gudanar da ayyukan cron da sauran matakai marasa mahimmanci - ajiye albarkatun don ayyuka masu mahimmanci.
• Lokacin yin sikelin atomatik, yi amfani da ƙananan misalai. Ƙungiyar ƙananan samfurori 10 sun fi kyau fiye da rukuni na 4 manyan; idan misali daya ya kasa, a cikin farko yanayin 10% na zirga-zirga za a rarraba a kan maki 9, a cikin na biyu - 25% na zirga-zirga a kan maki uku.

Sabili da haka, za a iya hango hakan, don haka a hana shi ta hanyar gabatar da matsalar?

A, kuma ta hanyoyi da dama.

Na farko, ta hanyar siffanta babban amfani da CPU ta amfani da kayan aiki irin su stress-ng ko cpuburn:

❯ stress-ng --matrix 1 -t 60s

danniya-ng

Na biyu, ta hanyar overloading da misali da wrk da sauran makamantan su:

❯ wrk -t12 -c400 -d20s http://127.0.0.1/api/health

Gwaje-gwajen suna da sauƙin sauƙi, amma suna iya ba da abinci mai kyau don tunani ba tare da shiga cikin damuwa na gazawar gaske ba.

Duk da haka, kar a tsaya nan. Yi ƙoƙarin sake haifar da haɗarin a cikin yanayin gwaji kuma duba amsar ku ga tambayar "Shin ana iya hango hakan don haka a hana shi ta hanyar gabatar da kuskure?" Wannan ƙaramin gwajin hargitsi ne a cikin gwajin hargitsi don gwada zato, amma farawa da gazawa.

Shin mafarki ne, ko kuwa ya faru da gaske?

Don haka bincika tarihin gazawa, bincika EOC, yi alama da kuma rarraba su ta hanyar "buga radius" -ko mafi daidai, adadin abokan ciniki da abin ya shafa - sannan ku nemi alamu. Tambayi kanka ko ana iya annabta wannan kuma an hana shi ta hanyar gabatar da matsalar. Duba amsar ku.

Sa'an nan kuma canza zuwa mafi yawan alamu tare da mafi girman kewayon.

2. Gina taswirar dogaro

Ɗauki ɗan lokaci don tunani game da aikace-aikacenku. Akwai taswirar taswirar abin dogaronta? Kun san irin tasirin da za su yi idan aka samu gazawa?

Idan ba ku saba da lambar aikace-aikacenku ba ko kuma ta zama babba, zai yi wahala a fahimci abin da lambar ke yi da abin da suka dogara da shi. Fahimtar waɗannan abubuwan dogaro da tasirin su akan aikace-aikacen da masu amfani yana da mahimmanci don sanin inda za'a fara tare da injiniyan hargitsi: wurin farawa shine ɓangaren tare da mafi girman tasirin radius.

Ana kiran ganowa da tattara bayanan abin dogaro "gina taswirar dogaro» (taswirar dogaro). Ana yin wannan yawanci don aikace-aikace tare da babban tushe na lamba ta amfani da kayan aikin bayanin lamba. (Babban bayanin lamba) da kayan aiki (kayan aiki). Hakanan zaka iya gina taswira ta hanyar lura da zirga-zirgar hanyar sadarwa.

Duk da haka, ba duk abin dogara ba iri ɗaya ne (wanda ke ƙara dagula tsarin). Wasu m, sauran - sakandare (aƙalla a ka'idar, tun da sau da yawa hadurruka suna faruwa saboda matsaloli tare da abubuwan dogaro waɗanda aka ɗauka ba mahimmanci ba).

Ba tare da dogaro mai mahimmanci ba, sabis ɗin ba zai iya aiki ba. Abubuwan dogaro da ba su da mahimmanci"ya kamata ba» don rinjayar sabis a yayin faɗuwa. Don fahimtar abin dogaro, kuna buƙatar samun cikakkiyar fahimtar API ɗin da aikace-aikacenku ke amfani da shi. Wannan na iya zama da wahala fiye da yadda ake gani - aƙalla don manyan aikace-aikace.

Fara da shiga cikin duk APIs. Haskaka mafi mahimmanci da mahimmanci. Take halin da ake ciki daga ma'ajiyar lambar, duba shi rajistan ayyukan haɗi, sannan duba takardun shaida (hakika, idan akwai - in ba haka ba har yanzu kuna daоmatsaloli masu girma). Yi amfani da kayan aikin don bayanin martaba da kuma ganowa, tace kiran waje.

Kuna iya amfani da shirye-shirye kamar netstat - mai amfani da layin umarni wanda ke nuna jerin duk hanyoyin haɗin yanar gizo (active sockets) a cikin tsarin. Misali, don lissafin duk haɗin kai na yanzu, rubuta:

❯ netstat -a | more 

A cikin AWS zaka iya amfani da shi kwarara rajistan ayyukan VPC hanya ce da ke ba ku damar tattara bayanai game da zirga-zirgar IP zuwa ko daga musaya na cibiyar sadarwa a cikin VPC. Irin wannan rajistan ayyukan kuma na iya taimakawa tare da wasu ayyuka - alal misali, neman amsar tambayar dalilin da yasa wasu zirga-zirgar ababen hawa ba su isa ga misali ba.

Hakanan zaka iya amfani AWS X-ray. X-Ray yana ba ku damar samun cikakkun bayanai, "mafi dacewa" (karshe-zuwa-karshe) Bayanin buƙatun yayin da suke tafiya cikin aikace-aikacen, da kuma gina taswirar abubuwan da ke cikin aikace-aikacen. Ya dace sosai idan kana buƙatar gano abin dogaro.

AWS X-Ray Console

Taswirar dogaro da hanyar sadarwa mafita ce kawai. Ee, yana nuna wanne aikace-aikacen ke sadarwa da wane, amma akwai wasu abubuwan dogaro.

Yawancin aikace-aikacen suna amfani da DNS don haɗawa zuwa abubuwan dogaro, yayin da wasu na iya amfani da gano sabis ko ma adiresoshin IP masu ƙarfi a cikin fayilolin sanyi (misali. /etc/hosts).

Misali, zaku iya ƙirƙirar DNS blackhole tare da taimakon iptables kuma ga abin karyawa. Don yin wannan, shigar da umarni mai zuwa:

❯ iptables -I OUTPUT -p udp --dport 53 -j REJECT -m comment --comment "Reject DNS"

Black Hole na DNS

Idan a ciki /etc/hosts ko wasu fayilolin sanyi, zaku sami adiresoshin IP waɗanda ba ku san komai game da su ba (eh, abin takaici, wannan ma yana faruwa), zaku iya sake zuwa ceto. iptables. A ce kun gano 8.8.8.8 kuma ba ku san cewa wannan adireshin uwar garken DNS ne na jama'a na Google ba. Ta amfani iptables Kuna iya toshe zirga-zirga mai shigowa da mai fita zuwa wannan adireshin ta amfani da umarni masu zuwa:

❯ iptables -A INPUT -s 8.8.8.8 -j DROP -m comment --comment "Reject from 8.8.8.8"
❯ iptables -A OUTPUT -d 8.8.8.8 -j DROP -m comment --comment "Reject to 8.8.8.8"

Rufe shiga

Dokar farko ta sauke duk fakiti daga DNS na jama'a na Google: ping aiki, amma fakiti ba a mayar. Doka ta biyu ta sauke duk fakitin da suka samo asali daga tsarin ku zuwa ga jama'a na Google - a mayar da martani ga ping mun samu Ba a yarda da aiki ba.

Lura: a cikin wannan yanayin zai fi kyau a yi amfani da shi whois 8.8.8.8, amma wannan misali ne kawai.

Za mu iya zuwa zurfin zurfin rami na zomo, saboda duk abin da ke amfani da TCP da UDP a zahiri ya dogara da IP kuma. A mafi yawan lokuta, IP yana da alaƙa da ARP. Kar a manta game da firewalls...

Idan ka sha kwayar ja, za ka zauna a Wonderland, kuma zan nuna maka yadda zurfin rami na zomo ke tafiya."

Hanyar da ta fi dacewa ita ce cire haɗin motoci daya bayan daya ka ga abin da ya karye... zama "Biri hargitsi." Tabbas, yawancin tsarin samarwa ba a tsara su don irin wannan mummunan harin ba, amma aƙalla ana iya gwada shi a cikin yanayin gwaji.

Gina taswirar dogaro galibi babban aiki ne mai tsayi sosai. Kwanan nan na yi magana da wani abokin ciniki wanda ya kwashe kusan shekaru 2 yana haɓaka kayan aiki wanda ke haifar da taswirorin dogaro kai tsaye don ɗaruruwan microservices da umarni.

Sakamakon, duk da haka, yana da ban sha'awa sosai kuma yana da amfani. Za ku koyi abubuwa da yawa game da tsarin ku, dogaronsa da ayyukansa. Bugu da ƙari, yi haƙuri: tafiya ce ta fi muhimmanci.

3. Hattara da wuce gona da iri

"Duk wanda ya yi mafarkin menene, ya yi imani da shi." - Demosthenes

Shin kun taɓa jin labarin wuce gona da iri tasiri?

A cewar Wikipedia, tasirin wuce gona da iri shine "rashin fahimta wanda amincewar mutum a cikin ayyukansa da yanke shawara ya fi girman haƙiƙanin haƙiƙanin waɗannan hukunce-hukuncen, musamman ma lokacin da matakin amincewa ya ƙaru."

Dangane da ilhami da gogewa...

A cikin gwaninta na, wannan murdiya alama ce mai kyau na inda za a fara da injiniyan hargitsi.

Hattara da ma'aikacin da ya fi ƙarfin zuciya:

Charlie: "Wannan abu bai faɗi cikin shekaru biyar ba, komai yana da kyau!"
Crash: "Dakata... Zan zo nan ba da jimawa ba!"

Son zuciya a sakamakon wuce gona da iri abu ne mai ban tsoro kuma har ma da hadari saboda abubuwa daban-daban da ke tasiri a kansa. Wannan gaskiya ne musamman lokacin da 'yan ƙungiyar suka zubar da zukatansu a cikin fasaha ko kuma sun dauki lokaci mai yawa suna "gyara" ta.

Taƙaice

Neman wurin farawa don injiniyan hargitsi koyaushe yana haifar da ƙarin sakamako fiye da yadda ake tsammani, kuma ƙungiyoyin da suka fara fasa abubuwa da sauri suna rasa mahimmin jigon duniya da ban sha'awa na (hargitsi-)aikin injiniya - m amfani hanyoyin kimiyya и shaida na zahiri don ƙira, haɓakawa, aiki, kiyayewa da haɓaka tsarin (software).

Wannan ya ƙare kashi na biyu. Da fatan za a rubuta bita, raba ra'ayi ko kawai tafa hannuwa Medium. A kashi na gaba I da gaske Zan yi la'akari da kayan aiki da hanyoyin don gabatar da gazawa a cikin tsarin. Har sai!

PS daga mai fassara

Karanta kuma a kan shafinmu:

• «Injiniya Hargitsi: fasahar lalata da gangan. Kashi na 1";
• «Yadda ake samun babban wadatar a Kubernetes";
• «Kulawa da Kubernetes (rahoton bita da bidiyo)";
• «Gwaji tare da kube-proxy da rashin samun kumburi a Kubernetes".

source: www.habr.com