Yana gabatowa Sabuwar Shekara. Yara a duk faɗin ƙasar sun riga sun aika wasiƙu zuwa Santa Claus ko kuma sun ba da kyauta ga kansu, kuma babban mai zartar da su, ɗaya daga cikin manyan dillalai, yana shirya don apotheosis na tallace-tallace. A watan Disamba, nauyin da ke kan cibiyar bayanansa yana ƙaruwa sau da yawa. Don haka, kamfanin ya yanke shawarar sabunta cibiyar bayanai tare da sanya sabbin sabobin dozin da yawa a maimakon kayan aiki da ke kawo karshen rayuwar sabis. Wannan ya ƙare labarin a kan bangon dusar ƙanƙara mai jujjuyawa, kuma abin ban sha'awa ya fara.
Kayan aikin sun isa wurin watanni da yawa kafin kololuwar tallace-tallace. Sabis na ayyuka, ba shakka, ya san yadda da abin da za a saita akan sabobin don kawo su cikin yanayin samarwa. Amma muna buƙatar sarrafa wannan kuma mu kawar da yanayin ɗan adam. Bugu da ƙari, an maye gurbin sabobin kafin ƙaurawar tsarin tsarin SAP wanda ke da mahimmanci ga kamfanin.
An danganta ƙaddamar da sabbin sabobin zuwa wa'adin ƙarshe. Kuma motsa shi yana nufin yin haɗari da jigilar kayayyaki biliyan ɗaya da ƙaura na tsarin. Ko da ƙungiyar da ta ƙunshi Uba Frost da Santa Claus ba za su iya canza kwanan wata ba - za ku iya canja wurin tsarin SAP don sarrafa ɗakunan ajiya sau ɗaya kawai a shekara. Daga ranar 31 ga Disamba zuwa 1 ga Janairu, manyan shagunan sayar da kayayyaki, a jimlar girman filayen kwallon kafa 20, sun dakatar da aikinsu na sa'o'i 15. Kuma wannan shine kawai lokacin lokacin motsa tsarin. Ba mu da wurin kuskure lokacin gabatar da sabobin.
Bari in bayyana a sarari: labarina yana nuna kayan aiki da tsarin sarrafa tsarin da ƙungiyarmu ke amfani da su.
Kundin tsarin gudanarwa ya ƙunshi matakai da yawa. Babban bangaren shine tsarin CMS. A cikin aikin masana'antu, rashin ɗayan matakan ba makawa zai haifar da mu'ujizai marasa daɗi.
Gudanar da shigarwa na OS
Matakin farko shine tsarin sarrafa shigar da tsarin aiki akan sabar na zahiri da kama-da-wane. Yana ƙirƙirar saitunan OS na asali, yana kawar da yanayin ɗan adam.
Yin amfani da wannan tsarin, mun sami daidaitattun misalan uwar garken tare da OS dace don ƙarin aiki da kai. A lokacin “zubawa” sun sami ƙaramin saiti na masu amfani da gida da maɓallan SSH na jama'a, da kuma daidaitaccen tsarin OS. Za a iya ba mu garantin sarrafa sabar ta hanyar CMS kuma mun tabbata cewa babu wani abin mamaki "ƙasa a ƙasa" a matakin OS.
Babban aikin "mafi girman" don tsarin gudanarwar shigarwa shine saita sabobin ta atomatik daga matakin BIOS/Firmware zuwa OS. Yawancin anan ya dogara da kayan aiki da ayyukan saitin. Don kayan aiki iri-iri, zaku iya la'akari . Idan duk kayan aikin daga mai siyarwa ɗaya ne, to sau da yawa ya fi dacewa don amfani da kayan aikin gudanarwa da aka shirya (misali, HP ILO Amplifier, DELL OpenManage, da sauransu).
Don shigar da OS akan sabobin jiki, mun yi amfani da sanannen Cobbler, wanda ke bayyana saitin bayanan bayanan shigarwa da aka yarda da sabis ɗin aiki. Lokacin ƙara sabon uwar garken zuwa kayan aikin injiniya, injiniyan ya ɗaure adireshin MAC na uwar garken zuwa bayanin martaba da ake buƙata a cikin Cobbler. Lokacin yin booting akan hanyar sadarwar a karon farko, uwar garken ta karɓi adireshin wucin gadi da sabon OS. Sa'an nan aka canjawa wuri zuwa manufa VLAN/IP address kuma ci gaba da aiki a can. Ee, canza VLAN yana ɗaukar lokaci kuma yana buƙatar daidaitawa, amma yana ba da ƙarin kariya daga shigar da sabar ta bazata a cikin yanayin samarwa.
Mun ƙirƙiri sabar masu kama-da-wane bisa samfuran da aka shirya ta amfani da HashiCorp Packer. Dalili ɗaya ne: don hana yiwuwar kurakuran ɗan adam lokacin shigar da OS. Amma, ba kamar sabobin jiki ba, Packer yana kawar da buƙatar PXE, booting cibiyar sadarwa, da canje-canjen VLAN. Wannan ya sa ya zama mafi sauƙi da sauƙi don ƙirƙirar sabobin kama-da-wane.
Shinkafa 1. Gudanar da shigarwa na tsarin aiki.
Gudanar da sirri
Duk wani tsarin gudanarwa na daidaitawa ya ƙunshi bayanan da yakamata a ɓoye daga masu amfani na yau da kullun, amma ana buƙatar shirya tsarin. Waɗannan kalmomin sirri ne don masu amfani da gida da asusun sabis, maɓallan takaddun shaida, Alamomin API daban-daban, da sauransu. Yawancin lokaci ana kiran su “asiri”.
Idan ba ku ƙayyade daga farkon inda kuma yadda za a adana waɗannan asirin ba, to, dangane da tsananin buƙatun tsaro na bayanan, hanyoyin da za a adana su na iya yiwuwa:
- kai tsaye a cikin lambar sarrafa sanyi ko a cikin fayiloli a cikin ma'ajin;
- a cikin kayan aikin gudanarwa na musamman (misali, Vault mai yiwuwa);
- a cikin tsarin CI / CD (Jenkins / TeamCity / GitLab / da dai sauransu) ko a cikin tsarin gudanarwa na tsari (Hasumiyar Hasumiya / Mai yiwuwa AWX);
- Hakanan ana iya canja wurin sirrin "da hannu". Misali, an shimfida su a wani takamaiman wuri, sannan ana amfani da su ta tsarin sarrafa tsarin;
- daban-daban haduwa na sama.
Kowace hanya tana da nata rashin amfani. Babban shine rashin manufofin samun damar yin amfani da sirri: ba shi yiwuwa ko wuya a tantance wanda zai iya amfani da wasu sirrin. Wani hasara kuma shine rashin samun damar yin bita da cikakken tsarin rayuwa. Yadda za a maye gurbin da sauri, alal misali, maɓallin jama'a wanda aka rubuta a cikin lambar kuma a cikin wasu tsarin da ke da alaƙa?
Mun yi amfani da ma'ajiyar sirri HashiCorp Vault. Wannan ya ba mu damar:
- kiyaye sirri lafiya. An ɓoye su, kuma ko da wani ya sami damar shiga bayanan Vault (misali, ta hanyar maido da shi daga maajiyar), ba za su iya karanta sirrin da aka adana a wurin ba;
- tsara manufofi don samun damar sirri. Sai kawai asirin "an ware" zuwa gare su suna samuwa ga masu amfani da aikace-aikace;
- duba samun damar sirri. Ana yin rikodin duk wani aiki tare da asirce a cikin kundin binciken Vault;
- shirya cikakken "zagayowar rayuwa" na aiki tare da asirai. Ana iya ƙirƙira su, soke su, saita ranar karewa, da sauransu.
- mai sauƙin haɗawa tare da sauran tsarin da ke buƙatar samun damar yin amfani da sirri;
- sannan kuma yi amfani da boye-boye na karshen-zuwa-karshe, kalmomin shiga na lokaci daya don OS da bayanai, takaddun shaida na cibiyoyin da aka ba da izini, da sauransu.
Yanzu bari mu matsa zuwa tsakiyar Tantance kalmar sirri da kuma tsarin izini. Yana yiwuwa a yi ba tare da shi ba, amma gudanar da masu amfani a yawancin tsarin da ke da alaƙa ba shi da mahimmanci. Mun saita tabbaci da izini ta hanyar sabis na LDAP. In ba haka ba, Vault zai ci gaba da fitar da kuma ci gaba da lura da alamun tabbatarwa ga masu amfani. Kuma sharewa da ƙara masu amfani zai juya zuwa nema "Shin na ƙirƙiri/ share wannan asusun mai amfani a ko'ina?"
Muna ƙara wani matakin zuwa tsarin mu: sarrafa asirin da tabbaci / izini na tsakiya:
Shinkafa 2. Gudanar da sirri.
Gudanarwar saiti
Mun kai ga ainihin - tsarin CMS. A cikin yanayinmu, wannan haɗin gwiwa ne na AWX mai yiwuwa da jar hula.
Maimakon Mai yiwuwa, Chef, Puppet, SaltStack ana iya amfani dashi. Mun zaɓi Mai yiwuwa bisa sharuɗɗa da yawa.
- Na farko, shi ne versatility. Saitin na'urori masu shirye don sarrafawa . Kuma idan ba ku da isasshen shi, kuna iya bincika GitHub da Galaxy.
- Abu na biyu, babu buƙatar shigarwa da tallafawa wakilai akan kayan aikin da aka sarrafa, tabbatar da cewa ba sa tsoma baki tare da kaya, kuma tabbatar da rashin "alamomi".
- Na uku, Ansible yana da ƙananan shingen shiga. Kwararren injiniya zai rubuta littafin wasan kwaikwayo mai aiki a zahiri a ranar farko ta aiki tare da samfurin.
Amma Mai yiwuwa kadai a cikin yanayin samarwa bai ishe mu ba. In ba haka ba, matsaloli da yawa za su taso tare da hana shiga da duba ayyukan masu gudanarwa. Yadda za a ƙuntata shiga? Bayan haka, ya zama dole kowane sashe ya sarrafa (karanta: gudanar da littafin wasan kwaikwayo mai yiwuwa) saitin sabobin “nasa”. Yadda za a ƙyale wasu ma'aikata kawai su gudanar da takamaiman littattafan wasan kwaikwayo masu dacewa? Ko kuma yadda za a bibiyar wanda ya ƙaddamar da littafin wasan kwaikwayo ba tare da kafa ilimin gida mai yawa akan sabar da kayan aiki masu gudana ba?
Kashi na zaki na irin wadannan matsalolin ana magance su ta hanyar Red Hat , ko kuma buɗaɗɗen tushen aikinsa na sama . Shi ya sa muka fifita shi ga abokin ciniki.
Kuma ƙarin taɓawa ga hoton tsarin mu na CMS. Ya kamata a adana littafin wasa mai yiwuwa a cikin tsarin sarrafa ma'ajiyar lamba. Muna da shi .
Don haka, saitin da kansu ana sarrafa su ta hanyar haɗin AWX / GitLab mai yiwuwa / mai yiwuwa (duba siffa 3). Tabbas, AWX/GitLab an haɗa shi tare da tsarin tabbatarwa guda ɗaya, kuma an haɗa littafin wasa mai yiwuwa tare da HashiCorp Vault. Saitunan suna shigar da yanayin samarwa kawai ta hanyar AWX mai yiwuwa, wanda aka ƙayyade duk "dokokin wasan": wanda zai iya saita menene, inda za'a sami lambar sarrafa tsarin don CMS, da sauransu.
Shinkafa 3. Gudanarwar daidaitawa.
Gudanar da gwaji
An gabatar da tsarin mu a cikin nau'in lamba. Saboda haka, an tilasta mana mu yi wasa da dokoki iri ɗaya da masu haɓaka software. Muna buƙatar tsara hanyoyin haɓakawa, ci gaba da gwaji, bayarwa da aikace-aikacen lambar daidaitawa zuwa sabobin samarwa.
Idan ba a yi haka nan da nan ba, to ayyukan da aka rubuta don daidaitawa ko dai za su daina tallafawa da gyara su, ko kuma za su daina ƙaddamar da samarwa. An san maganin wannan ciwo, kuma ya tabbatar da kansa a cikin wannan aikin:
- kowace rawar tana rufe ta gwaje-gwaje na raka'a;
- ana gudanar da gwaje-gwaje ta atomatik a duk lokacin da aka sami wani canji a cikin lambar da ke sarrafa abubuwan daidaitawa;
- Ana fitar da canje-canje a cikin lambar sarrafa saitin a cikin yanayin samarwa kawai bayan nasarar cin nasarar duk gwaje-gwaje da sake duba lambar.
Haɓaka lambar da sarrafa tsari sun zama mafi natsuwa kuma ana iya faɗi. Don tsara ci gaba da gwaji, mun yi amfani da kayan aikin GitLab CI/CD, kuma mun ɗauka .
A duk lokacin da aka sami canji a cikin lambar gudanarwa, GitLab CI/CD yana kiran Molecule:
- yana duban syntax code,
- yana ɗaga kwandon Docker,
- yana amfani da lambar da aka gyara zuwa akwati da aka ƙirƙira,
- yana duba rawar da ake yi don idempotency kuma yana gudanar da gwaje-gwaje don wannan lambar (girma a nan yana kan matakin rawar da ya dace, duba hoto 4).
Mun isar da jeri zuwa yanayin samarwa ta amfani da AWX mai yiwuwa. Injiniyoyin ayyuka sun yi amfani da sauye-sauye na tsari ta hanyar ƙayyadaddun samfuri. AWX da kansa ya “nemi” sabuwar sigar lambar daga babban reshen GitLab duk lokacin da aka yi amfani da ita. Ta wannan hanyar mun cire amfani da lambar da ba a gwada ba ko dadewa a cikin yanayin samarwa. A zahiri, lambar ta shiga babban reshe ne kawai bayan gwaji, bita da yarda.
Shinkafa 4. Gwaji ta atomatik na ayyuka a GitLab CI/CD.
Har ila yau, akwai matsala da ke da alaƙa da aikin tsarin samarwa. A cikin rayuwa ta ainihi, yana da matukar wahala a yi canje-canjen sanyi ta hanyar lambar CMS kaɗai. Yanayin gaggawa yana tasowa lokacin da injiniya dole ne ya canza tsarin "nan da yanzu", ba tare da jiran gyaran lamba, gwaji, amincewa, da dai sauransu ba.
A sakamakon haka, saboda canje-canje na manual, bambance-bambance suna bayyana a cikin tsari akan nau'in kayan aiki iri ɗaya (alal misali, saitunan sysctl an saita su daban akan nodes na gungun HA). Ko ainihin tsari akan kayan aiki ya bambanta da wanda aka ƙayyade a cikin lambar CMS.
Saboda haka, ban da ci gaba da gwaji, muna duba yanayin samarwa don bambance-bambancen tsari. Mun zaɓi zaɓi mafi sauƙi: gudanar da lambar daidaitawar CMS a cikin yanayin "bushe gudu", wato, ba tare da yin amfani da canje-canje ba, amma tare da sanarwar duk bambance-bambance tsakanin tsarin da aka tsara da ainihin tsari. Mun aiwatar da wannan ta lokaci-lokaci gudanar da duk littattafan wasan kwaikwayo masu dacewa tare da zaɓin "-check" akan sabar samarwa. Kamar ko da yaushe, AWX mai yiwuwa ne ke da alhakin ƙaddamarwa da kuma adana littafin wasan har zuwa yau (duba siffa 5):
Shinkafa 5. Bincika don rashin daidaituwa a cikin AWX mai yiwuwa.
Bayan dubawa, AWX yana aika rahoton rashin daidaituwa ga masu gudanarwa. Suna nazarin daidaitawar matsala sannan kuma suna gyara ta ta littattafan wasan da aka gyara. Wannan shine yadda muke kula da tsari a cikin yanayin samarwa kuma CMS koyaushe yana sabuntawa kuma yana aiki tare. Wannan yana kawar da "mu'ujiza" marasa dadi lokacin da ake amfani da lambar CMS akan sabar "sarrafa".
Yanzu muna da mahimman gwajin gwaji wanda ya ƙunshi AWX/GitLab/Molecule mai yiwuwa (Hoto 6).
Shinkafa 6. Gudanar da gwaji.
Da wahala? Ba na jayayya. Amma irin wannan hadadden tsarin gudanarwa ya zama cikakkiyar amsa ga tambayoyi da yawa da suka shafi sarrafa sarrafa uwar garken. Yanzu daidaitattun sabar dillali koyaushe suna da ƙayyadaddun tsari. CMS, ba kamar injiniyan injiniya ba, ba zai manta da ƙara saitunan da ake buƙata ba, ƙirƙirar masu amfani da aiwatar da yawa ko ɗaruruwan saitunan da ake buƙata.
Babu "ilimin sirri" a cikin saitunan sabobin da mahalli a yau. Duk abubuwan da ake buƙata suna nunawa a cikin littafin wasan kwaikwayo. Babu sauran kerawa da umarnin da ba su da tushe: “Shigar da shi kamar Oracle na yau da kullun, amma kuna buƙatar saka wasu saitunan sysctl kuma ƙara masu amfani tare da UID ɗin da ake buƙata. Tambayi mutanen da ke aiki, sun sani".
Ikon gano bambance-bambancen daidaitawa da gyara su cikin hanzari yana ba da kwanciyar hankali. Ba tare da tsarin gudanarwa ba, wannan yawanci ya bambanta. Matsaloli suna taruwa har sai wata rana sun "harba" a cikin samarwa. Sa'an nan kuma za a yi bayyani, ana duba abubuwan da aka gyara kuma a gyara su. Kuma sake zagayowar ta sake maimaitawa
Kuma ba shakka, mun hanzarta ƙaddamar da sabobin zuwa aiki daga kwanaki da yawa zuwa sa'o'i.
To, a kan Sabuwar Shekara ta Hauwa'u kanta, lokacin da yara ke cike da farin ciki suna ba da kyauta kuma manya suna yin buri kamar yadda kullun ya buge, injiniyoyinmu sun yi hijirar tsarin SAP zuwa sababbin sabobin. Ko da Santa Claus zai ce mafi kyawun mu'ujizai su ne waɗanda aka shirya sosai.
PS Teamungiyar mu sau da yawa takan gamu da gaskiyar cewa abokan ciniki suna so su magance matsalolin sarrafa sanyi a sauƙaƙe. Da kyau, kamar dai ta hanyar sihiri - tare da kayan aiki ɗaya. Amma a cikin rayuwa duk abin da ya fi rikitarwa (eh, ba a sake ba da harsashi na azurfa): dole ne ka ƙirƙiri wani tsari gaba ɗaya ta amfani da kayan aikin da suka dace da ƙungiyar abokin ciniki.
Mawallafi: Sergey Artemov, gine-ginen sashen "Jet Infosystems"
source: www.habr.com