ansible devops codestyle
Kai! Sunana Ina aiki a matsayin injiniya a cikin sashen haɓaka aikin sarrafa kansa. Kowace rana, ana fitar da sabbin abubuwan gina aikace-aikacen zuwa ɗaruruwan sabar kamfen. Kuma a cikin wannan labarin, na raba gwaninta na amfani da Mai yiwuwa don waɗannan dalilai.
Wannan jagorar yana ba da hanya don tsara masu canji a cikin turawa. An tsara wannan jagorar don waɗanda suka riga sun yi amfani da matsayi a cikin littattafan wasan kwaikwayo kuma suka karanta amma yana fuskantar matsaloli kamar haka:
- Bayan samun m a cikin lambar, ba shi yiwuwa a fahimci abin da ke da alhakin kai tsaye;
- Akwai ayyuka da yawa, kuma masu canji suna buƙatar haɗa su da ƙima ɗaya, amma ba ya aiki;
- Samun wahalar bayyana wa wasu yadda dabaru na masu canji a cikin littattafan wasanku ke aiki
Mun ci karo da wadannan matsalolin kan ayyuka a kamfaninmu, sakamakon haka muka zo ga ka’idojin tsara ma’auni a cikin littattafan wasanmu, wanda har ya kai ga warware wadannan matsalolin.
Sauye-sauye a cikin matsayi
Rawar da keɓantaccen abu ne na tsarin turawa. Kamar kowane abu na tsarin, dole ne ya sami hanyar sadarwa don hulɗa tare da sauran tsarin. Masu canjin matsayi irin wannan mu'amala ne.
Dauki, misali, rawar api, wanda ke shigar da aikace-aikacen Java akan uwar garken. Wadanne canje-canje yake da shi?
Ana iya raba masu canjin matsayi zuwa nau'i biyu ta nau'in:
1. Свойства
a) независимые от среды
б) зависимые от среды
2. Связи
a) слушатели
б) запросы внутри системы
в) запросы в среду
Kaddarorin masu canzawa sauye-sauye ne waɗanda ke ayyana halayen rawar.
Canje-canjen Tambayoyi masu canji ne waɗanda aka yi amfani da ƙimar su don zayyana albarkatu na waje da rawar.
Masu Sauraro Masu Sauyawa masu canji ne waɗanda ake amfani da ƙimar su don samar da masu canjin tambaya.
A gefe guda, 1a, 2a, 2b masu canji ne waɗanda ba su dogara da yanayin ba (ƙarfe, albarkatun waje, da sauransu) kuma ana iya cika su da ƙima mai ƙima a cikin rawar da ba ta dace ba. Duk da haka, masu canji kamar 1.b da 2.c ba za a iya cika su da dabi'u ban da 'misali', tun da za su canza daga tsayawa zuwa tsayawa dangane da yanayin.
salon code
- Sunan mai canzawa dole ne ya fara da sunan rawar. Wannan zai sauƙaƙa a iya gano a nan gaba ko wace rawa mai canjin ya fito da kuma abin da ke da alhakinsa.
- Lokacin amfani da masu canji a cikin matsayi, dole ne ku tabbatar da bin ƙa'idar ɓoyewa kuma ku yi amfani da masu canji da aka ayyana ko dai a cikin rawar da kanta ko a cikin ayyukan da na yanzu ya dogara da su.
-
A guji amfani da ƙamus don masu canji. Mai yiwuwa ba ya ƙyale ka ka soke ƙimar kowane mutum cikin sauƙi a cikin ƙamus.
Misalin mugun canji:
myrole_user: login: admin password: adminAnan, shiga shine matsakaicin matsakaici, kuma kalmar sirri ita ce madaidaicin dogaro. Amma
tunda an haɗa su cikin ƙamus, za ku ƙididdige shi gaba ɗaya
Koyaushe. Wanda ke da matukar wahala. Gara ta wannan hanya:myrole_user_login: admin myrole_user_password: admin
Canje-canje a cikin littafan wasan turawa
Lokacin tattara littafin wasan kwaikwayo (nan gaba ana kiransa littafin wasan kwaikwayo), muna bin ƙa'idar cewa yakamata a sanya shi a cikin wani wurin ajiya na daban. Kamar matsayin: kowanne a cikin ma'ajin git ɗin sa. Wannan yana ba ku damar gane cewa ayyuka da littafin wasan kwaikwayon abubuwa ne daban-daban masu zaman kansu na tsarin ƙaddamarwa, kuma canje-canje a cikin wani abu bai kamata ya shafi aikin ɗayan ba. Ana samun wannan ta hanyar canza tsoffin dabi'u na masu canji.
Lokacin tattara littafin wasan kwaikwayo, don taƙaitawa, yana yiwuwa a yi watsi da tsoffin dabi'u na masu canjin matsayi a wurare guda biyu: a cikin ma'auni na playbook da kuma masu canji na kaya.
mydeploy # Каталог деплоя
├── deploy.yml # Плейбук деплоя
├── group_vars # Каталог переменных плейбука
│ ├── all.yml # Файл для переменных связи всей системы
│ └── myapi.yml # Файл переменных свойств группы myapi
└── inventories #
└── prod # Каталог окружения prod
├── prod.ini # Инвентори файл
└── group_vars # Каталог для переменных инвентори
└── myapi #
├── vars.yml # Средозависимые переменные группы myapi
└── vault.yml # Секреты (всегда средозависимы) ** -
Bambanci shi ne cewa ana amfani da masu canjin littafin wasan koyaushe lokacin kiran littattafan wasan da ke matsayi ɗaya tare da shi. Wannan yana nufin cewa waɗannan masu canji suna da kyau don canza tsoffin ƙima na masu canji waɗanda ba su dogara da yanayin ba. Sabanin haka, za a yi amfani da masu canjin ƙididdiga ne kawai don wani yanayi na musamman, wanda ya dace da ƙayyadaddun canjin yanayi.
Yana da mahimmanci a lura cewa fifiko mai canzawa ba zai ƙyale ka ka sake fayyace masu canji da farko a cikin ma'auni na littafin wasan ba sannan kuma daban a cikin kaya iri ɗaya.
Wannan yana nufin cewa tuni a wannan matakin kuna buƙatar yanke shawara ko mai canzawa ya dogara da muhalli ko a'a kuma sanya shi a daidai wurin.
Misali, a cikin aiki ɗaya, madaidaicin da ke da alhakin ba da damar SSL ya dogara da muhalli na dogon lokaci, tunda ba za mu iya ba da damar SSL ba saboda dalilan da suka wuce ikonmu a ɗaya daga cikin tashoshi. Bayan mun gyara wannan batu, ya zama matsakaici mai zaman kansa kuma ya koma masu canjin littafin wasa.
Canje-canjen Dukiya don Ƙungiyoyi
Bari mu fadada samfurin mu a cikin Hoto na 1 ta hanyar ƙara ƙungiyoyin sabobin 2 tare da aikace-aikacen Java daban-daban, amma tare da saitunan daban-daban.
Ka yi tunanin yadda littafin wasan zai kasance a wannan yanayin:
- hosts: myapi
roles:
- api
- hosts: bbauth
roles:
- auth
- hosts: ghauth
roles:
- authMuna da rukunoni uku a cikin littafin wasan kwaikwayo, don haka ana ba da shawarar ƙirƙirar fayilolin rukuni da yawa a cikin mabambantan ƙididdiga na rukuni_vars da masu canjin littafin wasan lokaci guda. Fayil ɗin rukuni ɗaya a wannan yanayin shine bayanin bangare ɗaya na aikace-aikacen ku a cikin littafin wasan kwaikwayo. Lokacin da ka buɗe fayil ɗin rukuni a cikin masu canji na littafin wasa, nan da nan za ku ga duk bambance-bambance daga dabi'un da aka saba da su na ayyukan da aka ba ƙungiyar. A cikin ƙididdiga masu canji: bambance-bambance a cikin halayen rukuni daga rumfa zuwa rumfa.
salon code
- Yi ƙoƙarin kada ku yi amfani da masu canji na host_vars kwata-kwata, kamar yadda ba su bayyana tsarin ba, amma kawai wani lamari na musamman, wanda a cikin dogon lokaci zai haifar da tambayoyi: "Me yasa wannan rundunar ya bambanta da sauran?", Amsar wacce ita ce. ba ko da yaushe sauki samu.
Matsalolin haɗi
Duk da haka, wannan game da masu canji na dukiya ne, amma menene game da masu canjin mahaɗin?
Bambancinsu shine dole ne su kasance suna da ƙima ɗaya a cikin ƙungiyoyi daban-daban.
A farkon akwai yi amfani da tsari mai ban mamaki:
hostvars[groups['bbauth'][0]]['auth_bind_port'], amma nan da nan aka yi watsi da shi
saboda yana da aibu. Na farko, girman girman. Na biyu, dogara ga takamaiman mai watsa shiri a cikin rukuni. Abu na uku, ya zama dole a tattara bayanai daga dukkan runduna kafin fara jigilar kaya, idan ba ma son samun kuskuren canji wanda ba a bayyana shi ba.
A sakamakon haka, an yanke shawarar yin amfani da masu canjin hanyar haɗi.
Matsalolin haɗi masu canji ne waɗanda ke cikin littafin wasan kuma ana buƙata don haɗa abubuwan tsarin.
Masu canjin hanyar haɗin gwiwa suna da yawa a cikin masu canjin tsarin gaba ɗaya group_vars/all/vars kuma an kafa su ta hanyar cire duk masu canjin saurara daga kowace kungiya, da kuma ƙara sunan ƙungiyar da aka cire mai sauraro daga farkon canjin.
Don haka, an tabbatar da daidaito da rashin haɗin sunayen sunaye.
Bari mu yi ƙoƙari mu ɗaure masu canji daga misalin da ke sama:
Ka yi tunanin cewa muna da masu canji waɗanda suka dogara da juna:
# roles/api/defaults:
# Переменная запроса
api_auth1_address: "http://example.com:80"
api_auth2_address: "http://example2.com:80"
# roles/auth/defaults:
# Переменная слушатель
auth_bind_port: "20000"Bari mu sanya shi a cikin masu canji gama gari group_vars/all/vars duk masu sauraro, kuma a saka sunan kungiyar zuwa sunan:
# group_vars/all/vars
bbauth_auth_bind_port: "20000"
ghauth_auth_bind_port: "30000"
# group_vars/bbauth/vars
auth_bind_port: "{{ bbauth_auth_bind_port }}"
# group_vars/ghauth/vars
auth_bind_port: "{{ ghauth_auth_bind_port }}"
# group_vars/myapi/vars
api_auth1_address: "http://{{ bbauth_auth_service_name }}:{{ bbauth_auth_bind_port }}"
api_auth2_address: "http://{{ ghauth_auth_service_name }}:{{ ghauth_auth_bind_port }}"Yanzu, ta hanyar canza ƙimar mai haɗawa, za mu tabbata cewa buƙatar za ta je tashar jiragen ruwa ɗaya.
salon code
- Tun da matsayi da ƙungiyoyi abubuwa ne daban-daban a cikin tsarin, kuna buƙatar samun sunaye daban-daban a gare su, to, masu canza hanyar haɗin yanar gizon za su nuna daidai cewa suna cikin takamaiman rukuni na sabobin, kuma ba ga wani matsayi a cikin tsarin ba.
Fayilolin muhalli
Matsayi na iya amfani da fayiloli waɗanda suka bambanta daga yanayi zuwa yanayi.
Takaddun shaida na SSL misali ne na irin waɗannan fayiloli. Ajiye su azaman rubutu
a cikin m ba dace sosai. Amma ya dace don adana hanyar zuwa gare su a cikin ma'auni.
Misali, muna amfani da maballin api_ssl_key_file: "/path/to/file".
Tun da yake a bayyane yake cewa takardar shaidar maɓalli za ta canza daga yanayi zuwa yanayi, wannan maɗaukaki ne mai dogara ga muhalli, wanda ke nufin ya kamata a kasance a cikin fayil ɗin.
group_vars/myapi/vars ƙididdiga masu canji, kuma sun ƙunshi ƙimar 'misali'.
Hanya mafi dacewa a wannan yanayin ita ce sanya fayil ɗin maɓalli a cikin ma'ajiyar littafin wasa tare da hanya
files/prod/certs/myapi.key, to darajar canjin za ta kasance:
api_ssl_key_file: "prod/certs/myapi.key". Abin da ya dace ya ta'allaka ne a cikin gaskiyar cewa mutanen da ke da alhakin ƙaddamar da tsarin a kan wani matsayi na musamman suna da nasu wuri na musamman a cikin ma'ajin don adana fayilolinsu. A lokaci guda, yana yiwuwa a ƙayyade cikakkiyar hanyar zuwa takardar shaidar akan uwar garken, idan an ba da takaddun shaida ta wani tsarin.
Matsaloli da yawa a cikin yanayi ɗaya
Yawancin lokaci ana buƙatar tura kusan kusan iri ɗaya tashoshi a cikin yanayi guda tare da ƙarancin bambance-bambance. A wannan yanayin, muna raba masu canji masu dogaro da muhalli zuwa waɗanda ba su canzawa a cikin wannan yanayin da waɗanda suke yi. Kuma muna fitar da na ƙarshe kai tsaye cikin fayilolin kaya da kansu. Bayan wannan magudin, yana yiwuwa a ƙirƙiri wani kaya kai tsaye a cikin kundin tsarin muhalli.
Zai sake amfani da kayan aikin group_vars kuma zai iya sake fasalta wasu masu canji kai tsaye don kansa.
Tsarin shugabanci na ƙarshe don aikin turawa:
mydeploy # Каталог деплоя
├── deploy.yml # Плейбук деплоя
├── files # Каталог для файлов деплоя
│ ├── prod # Католог для средозависимых файлов стенда prod
│ │ └── certs #
│ │ └── myapi.key #
│ └── test1 # Каталог для средозависимых файлов стенда test1
├── group_vars # Каталог переменных плейбука
│ ├── all.yml # Файл для переменных связи всей системы
│ ├── myapi.yml # Файл переменных свойств группы myapi
│ ├── bbauth.yml #
│ └── ghauth.yml #
└── inventories #
├── prod # Каталог окружения prod
│ ├── group_vars # Каталог для переменных инвентори
│ │ ├── myapi #
│ │ │ ├── vars.yml # Средозависимые переменные группы myapi
│ │ │ └── vault.yml # Секреты (всегда средозависимы)
│ │ ├── bbauth #
│ │ │ ├── vars.yml #
│ │ │ └── vault.yml #
│ │ └── ghauth #
│ │ ├── vars.yml #
│ │ └── vault.yml #
│ └── prod.ini # Инвентори стенда prod
└── test # Каталог окружения test
├── group_vars #
│ ├── myapi #
│ │ ├── vars.yml #
│ │ └── vault.yml #
│ ├── bbauth #
│ │ ├── vars.yml #
│ │ └── vault.yml #
│ └── ghauth #
│ ├── vars.yml #
│ └── vault.yml #
├── test1.ini # Инвентори стенда test1 в среде test
└── test2.ini # Инвентори стенда test2 в среде testTaƙaice
Bayan shirya masu canji daidai da labarin: kowane fayil tare da masu canji yana da alhakin takamaiman aiki. Kuma tun da fayil ɗin yana da wasu ayyuka, ya zama mai yiwuwa a sanya mutumin da ke da alhakin daidaiton kowane fayil. Misali, mai haɓaka tsarin ƙaddamar da tsarin ya zama alhakin cika daidaitattun masu canji na littafin wasa, yayin da mai gudanarwa, wanda aka bayyana matsayinsa a cikin ƙididdiga, ke da alhakin cika lissafin masu canji kai tsaye.
Matsayin ya zama naúrar ci gaba mai ƙunshe da kansa tare da keɓancewar nasu, yana ba mai haɓaka aikin damar haɓaka fasali maimakon daidaita rawar da ta dace da tsarin. Wannan batu ya kasance gaskiya musamman ga ayyuka gama gari ga duk tsarin yaƙin neman zaɓe.
Masu gudanar da tsarin ba sa buƙatar fahimtar lambar turawa. Duk abin da ake buƙata daga gare su don ƙaddamar da nasara shine cika fayilolin masu canjin yanayi.
Litattafai
marubucin
Kalyuzhny Denis Alexandrovich
source: www.habr.com