Idan kayan aikin IT ɗin ku sun girma cikin sauri, ba dade ko ba dade za ku fuskanci zaɓi: ƙara yawan albarkatun ɗan adam don tallafawa ta ko fara aiki da kai. Har zuwa wani lokaci, mun rayu a cikin yanayin farko, sa'an nan kuma aka fara doguwar hanyar zuwa Infrastructure-as-Code.
Tabbas, NSPK ba farawa ba ne, amma irin wannan yanayi ya yi mulki a cikin kamfanin a cikin shekarun farko na kasancewarsa, kuma waɗannan shekaru ne masu ban sha'awa sosai. Sunana , Na kasance ina tallafawa kayan aikin Linux tare da buƙatun samuwa sama da shekaru 10. Ya shiga kungiyar NSPK a cikin Janairu 2016 kuma, da rashin alheri, bai ga farkon kasancewar kamfanin ba, amma ya zo a wani mataki na manyan canje-canje.
Gabaɗaya, zamu iya cewa ƙungiyarmu tana ba da samfuran 2 don kamfani. Na farko shi ne kayayyakin more rayuwa. Mail ya kamata yayi aiki, DNS yakamata yayi aiki, kuma masu kula da yanki yakamata su bar ku cikin sabar da bai kamata ya fado ba. Yanayin IT na kamfanin yana da girma! Waɗannan su ne tsarin kasuwanci& manufa masu mahimmanci, abubuwan da ake buƙata don wasu sune 99,999. Samfurin na biyu shine sabobin da kansu, na zahiri da kama-da-wane. Ana buƙatar sa ido kan waɗanda suke da su, kuma dole ne a kai sababbi akai-akai ga abokan ciniki daga sassa da yawa. A cikin wannan labarin ina so in mayar da hankali kan yadda muka haɓaka kayan aikin da ke da alhakin yanayin rayuwar uwar garke.
Fara daga tafiya
A farkon tafiyarmu, tarin fasahar mu ya yi kama da haka:
OS CentOS 7
FreeIPA Domain Controllers
Automation - Mai yiwuwa (+Tower), Cobbler
Duk wannan yana cikin yankuna 3, wanda aka bazu a cikin cibiyoyin bayanai da yawa. A cikin ɗaya cibiyar bayanai akwai tsarin ofis da wuraren gwaji, a cikin sauran akwai PROD.
Ƙirƙirar sabar a lokaci ɗaya yayi kama da haka:
A cikin samfurin VM, CentOS kadan ne kuma mafi ƙarancin da ake buƙata shine daidai /etc/resolv.conf, sauran yana zuwa ta hanyar Mai yiwuwa.
CMDB - Excel.
Idan uwar garken na zahiri ne, to, maimakon kwafin injin kama-da-wane, an shigar da OS akan shi ta amfani da Cobbler - ana ƙara adiresoshin MAC na uwar garken da aka yi niyya zuwa tsarin Cobbler, uwar garken yana karɓar adireshin IP ta hanyar DHCP, sannan OS ɗin. an kara.
Da farko ma mun yi ƙoƙarin yin wani nau'i na sarrafa sanyi a cikin Cobbler. Amma bayan lokaci, wannan ya fara kawo matsaloli tare da ɗaukar nauyin daidaitawa duka zuwa sauran cibiyoyin bayanai da kuma lambar da za a iya yiwuwa don shirya VMs.
A wancan lokacin, yawancin mu mun fahimci Mai yiwuwa a matsayin madaidaiciyar tsawo na Bash kuma ba mu yi watsi da ƙira ta amfani da harsashi da sed. Gabaɗaya Bashsible. Wannan a ƙarshe ya haifar da gaskiyar cewa idan littafin wasan kwaikwayo saboda wasu dalilai bai yi aiki akan uwar garken ba, yana da sauƙi don share uwar garken, gyara littafin wasan kuma sake kunna shi. A zahiri babu sigar rubutun, babu motsin saiti.
Misali, muna son canza wasu saiti akan duk sabar:
- Muna canza saitin akan sabar da ake da su a cikin ma'ana / cibiyar bayanai. Wani lokaci ba a cikin rana ɗaya ba - buƙatun samun dama da ka'idar manyan lambobi ba sa ƙyale duk canje-canje a yi amfani da su a lokaci ɗaya. Kuma wasu canje-canje na iya zama masu lalacewa kuma suna buƙatar sake kunna wani abu - daga ayyuka zuwa OS kanta.
- Gyara shi a cikin Mai yiwuwa
- Mun gyara shi a cikin Cobbler
- Maimaita lokutan N don kowane yanki / cibiyar bayanai
Domin duk canje-canjen su tafi daidai, ya zama dole a yi la'akari da abubuwa da yawa, kuma canje-canje na faruwa akai-akai.
- Refactoring m code, sanyi fayiloli
- Canza mafi kyawun ayyuka na ciki
- Canje-canje dangane da sakamakon binciken abubuwan da suka faru/hatsari
- Canza matakan tsaro, na ciki da waje. Misali, ana sabunta PCI DSS tare da sabbin buƙatu kowace shekara
Ci gaban ababen more rayuwa da farkon tafiya
Yawan sabobin / wuraren ma'ana / cibiyoyin bayanai sun girma, kuma tare da su adadin kurakurai a cikin saiti. A wani lokaci, mun zo zuwa hanyoyi guda uku waɗanda ke buƙatar haɓaka gudanarwar daidaitawa:
- Kayan aiki da kai. Kuskuren ɗan adam a cikin ayyukan maimaitawa yakamata a kauce masa gwargwadon yiwuwa.
- Maimaituwa. Yana da sauƙin sarrafa abubuwan more rayuwa lokacin da ake iya faɗi. Tsarin sabobin da kayan aikin don shirye-shiryen su ya kamata su kasance iri ɗaya a ko'ina. Hakanan yana da mahimmanci ga ƙungiyoyin samfuran - bayan gwaji, aikace-aikacen dole ne a ba da tabbacin ƙarewa a cikin yanayin samarwa da aka daidaita daidai da yanayin gwaji.
- Sauƙi da bayyana gaskiyar yin canje-canje ga gudanarwar daidaitawa.
Ya rage don ƙara kayan aikin guda biyu.
Mun zaɓi GitLab CE azaman ma'ajiyar lambar mu, ba kalla ba don ginanniyar CI/CD ɗin sa.
Vault of secrets - Hashicorp Vault, incl. don babban API.
Tsarin gwaji da ayyuka masu yiwuwa - Molecule+Testinfra. Gwaje-gwaje suna tafiya da sauri idan kun haɗa zuwa mitogen mai yiwuwa. A lokaci guda kuma, mun fara rubuta namu CMDB da ƙungiyar makaɗa don turawa ta atomatik (a cikin hoton da ke sama Cobbler), amma wannan labari ne mabanbanta, wanda abokin aikina da babban mai haɓaka waɗannan tsarin za su fada nan gaba.
Zabin mu:
Molecule + Testinfra
Mai yiwuwa + Hasumiya + AWX
Duniyar Sabar + DITNET (ci gaban kansa)
Saurayi
Gitlab + GitLab mai gudu
Hashicorp Vault
Af, game da m matsayin. Da farko akwai daya kawai, amma bayan da yawa refactorings akwai 17 daga cikinsu. Ina bayar da shawarar sosai a karya monolith cikin rawar jiki, wanda za'a iya ƙaddamar da shi daban; Bugu da ƙari, kuna iya ƙara tags. Mun raba matsayin ta hanyar aiki - hanyar sadarwa, shiga, fakiti, hardware, kwayoyin halitta da sauransu. Gabaɗaya, mun bi dabarun da ke ƙasa. Ban nace cewa wannan ita ce kadai gaskiya ba, amma ta yi mana aiki.
- Kwafi sabobin daga "hoton zinare" mugunta ne!Babban hasara shi ne cewa ba ku san ainihin halin da hotunan ke ciki ba, kuma duk canje-canjen za su zo ga duk hotuna a cikin duk gonakin da aka yi amfani da su.
- Yi amfani da tsoffin fayilolin sanyi zuwa mafi ƙanƙanta kuma yarda da wasu sassan cewa ku ke da alhakin manyan fayilolin tsarin, alal misali:
- Bar /etc/sysctl.conf komai, saitin ya kamata ya kasance cikin /etc/sysctl.d/ kawai. Tsohuwar ku a cikin fayil ɗaya, al'ada don aikace-aikacen a wani.
- Yi amfani da share fayiloli don shirya raka'a na tsarin.
- Samfura duk saitin kuma haɗa su gaba ɗaya; idan zai yiwu, babu sed ko kwatankwacinsa a cikin littattafan wasan kwaikwayo
- Sake sabunta lambar tsarin gudanarwa na sanyi:
- Rarraba ayyuka zuwa mahallin ma'ana kuma sake rubuta monolith zuwa matsayi
- Yi amfani da linters! Mai yiwuwa-lint, yaml-lint, da sauransu
- Canja tsarin ku! Babu abin kunya. Wajibi ne a bayyana yanayin tsarin
- Don duk rawar da za ku iya kuna buƙatar rubuta gwaje-gwaje a cikin kwayoyin kuma samar da rahotanni sau ɗaya a rana.
- A cikin yanayinmu, bayan shirya gwaje-gwaje (wanda akwai fiye da 100), an sami kusan kurakurai 70000. Ya ɗauki watanni da yawa don gyara shi.
aiwatar da mu
Don haka, matakan da za a iya ɗauka sun kasance a shirye, an tsara su kuma an duba su ta linters. Kuma ko da gits ana tashe ko'ina. Amma tambayar amintaccen isar da lambar zuwa sassa daban-daban ta kasance a buɗe. Mun yanke shawarar yin aiki tare da rubutun. Ga alama kamar haka:
Bayan canjin ya zo, an ƙaddamar da CI, an ƙirƙiri uwar garken gwaji, ana fitar da ayyuka, kuma a gwada ta kwayoyin. Idan komai yayi daidai, lambar tana zuwa reshen samfur. Amma ba ma yin amfani da sabon lambar zuwa sabobin da ke cikin na'urar. Wannan wani nau'i ne na dakatarwa wanda ya zama dole don samun wadataccen tsarin mu. Kuma lokacin da abubuwan more rayuwa suka yi girma, dokar manyan lambobi ta zo cikin wasa - ko da kun tabbata cewa canjin ba shi da lahani, yana iya haifar da mummunan sakamako.
Hakanan akwai zaɓuɓɓuka da yawa don ƙirƙirar sabobin. Mun ƙare zaɓin rubutun Python na al'ada. Kuma ga CI mai yiwuwa:
- name: create1.yml - Create a VM from a template
vmware_guest:
hostname: "{{datacenter}}".domain.ru
username: "{{ username_vc }}"
password: "{{ password_vc }}"
validate_certs: no
cluster: "{{cluster}}"
datacenter: "{{datacenter}}"
name: "{{ name }}"
state: poweredon
folder: "/{{folder}}"
template: "{{template}}"
customization:
hostname: "{{ name }}"
domain: domain.ru
dns_servers:
- "{{ ipa1_dns }}"
- "{{ ipa2_dns }}"
networks:
- name: "{{ network }}"
type: static
ip: "{{ip}}"
netmask: "{{netmask}}"
gateway: "{{gateway}}"
wake_on_lan: True
start_connected: True
allow_guest_control: True
wait_for_ip_address: yes
disk:
- size_gb: 1
type: thin
datastore: "{{datastore}}"
- size_gb: 20
type: thin
datastore: "{{datastore}}"Wannan shine abin da muka zo, tsarin yana ci gaba da rayuwa da haɓakawa.
- 17 Matsaloli masu yiwuwa don kafa uwar garken. An ƙirƙira kowane ɗayan ayyukan don warware wani aiki mai ma'ana daban (saguwa, dubawa, izinin mai amfani, saka idanu, da sauransu).
- Gwajin rawar kai. Molecule + TestInfra.
- Ci gaban kansa: CMDB + Orchestrator.
- Lokacin ƙirƙirar uwar garke ~ mintuna 30 ne, mai sarrafa kansa kuma a zahiri mai zaman kansa daga jerin gwano.
- Jiha ɗaya/sunan kayayyakin more rayuwa a cikin dukkan sassa - littattafan wasan kwaikwayo, wuraren ajiya, abubuwan haɓakawa.
- Binciken matsayin uwar garke na yau da kullun tare da tsarar rahotanni game da sabani tare da ma'auni.
Ina fatan labarina zai yi amfani ga wadanda suke a farkon tafiyarsu. Wane tari na atomatik kuke amfani da shi?
source: www.habr.com