Magana
“abotakarmu” ta soma ne shekaru biyu da suka wuce. Na zo wani sabon wurin aiki, inda admin na baya ya bar min wannan software a matsayin gado. Ba zan iya samun wani abu a Intanet ba sai takaddun hukuma. Har yanzu, idan kun yi google "rudder", a cikin 99% na lokuta zai zo da: helms da quadcopters. Na yi nasarar samun hanyar zuwa gare shi. Tun da al'ummar wannan software ba ta da komai, na yanke shawarar raba gwaninta da rake. Ina tsammanin wannan zai zama da amfani ga wani.
So RUDDER
RUDDER shine buɗaɗɗen tushen dubawa da kayan aikin gudanarwa na daidaitawa wanda ke taimakawa daidaita tsarin tsarin. Yana aiki akan ka'idar shigar da wakili ga kowane mai amfani na ƙarshe. Ta hanyar ingantacciyar hanyar sadarwa, za mu iya saka idanu nawa kayan aikin mu suka bi duk ƙayyadaddun manufofi.
Amfani
A ƙasa zan jera abin da nake amfani da RUDDER don.
-
Sarrafa fayiloli da saiti: ./ssh/authorized_keys ; /etc/hosts; iptables; (sannan kuma inda tunanin ku yake kaiwa)
-
Sarrafa fakitin da aka shigar: zabbix.agent ko kowace software
Shigar da uwar garken
Kwanan nan na sabunta daga sigar 5 zuwa 6.1, komai yayi kyau. Da ke ƙasa akwai umarni don Deban/Ubuntu amma kuma akwai tallafi: и .
Zan ɓoye shigarwa a cikin masu ɓarna don kada in raba hankalin ku.
batawa
Dogara
Rudder-uwar garken yana buƙatar Java RE aƙalla sigar 8, ana iya shigar dashi daga daidaitaccen ma'ajiya:
Dubawa don ganin ko an shigar dashi
java -versionidan karshen
-bash: java: command not foundsannan kayi install
apt install default-jreServer
Ana shigo da maɓalli
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -Ga buga kanta
pub 4096R/474A19E8 2011-12-15 Rudder Project (release key) <[email protected]>
Key fingerprint = 7C16 9817 7904 212D D58C B4D1 9322 C330 474A 19E8Tun da ba mu da biyan kuɗin da aka biya, muna ƙara ma'ajiya mai zuwa
echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.listƊaukaka lissafin ma'ajiya kuma shigar da uwar garken
apt update
apt install rudder-server-rootƘirƙiri admin mai amfani
rudder server create-user -u admin -p "Ваш Пароль"A nan gaba za mu iya sarrafa masu amfani ta hanyar daidaitawa
Shi ke nan, uwar garken yana shirye.
Sauraron Sabar
Yanzu kuna buƙatar ƙara adiresoshin IP na wakilai ko gabaɗayan subnet zuwa wakilin rudder, muna mai da hankali kan manufofin tsaro.
Saituna -> Gaba ɗaya
A cikin filin "Ƙara cibiyar sadarwa", shigar da adireshin da abin rufe fuska a cikin tsari xxxx/xx. Domin ba da damar shiga daga duk adiresoshin cibiyar sadarwar cikin gida (sai dai idan wannan cibiyar sadarwa ce ta gwaji kuma kuna bayan NAT) shigar da: 0.0.0.0/0
Muhimmanci - bayan ƙara adireshin ip, kar a manta da danna Ajiye canje-canje, in ba haka ba babu abin da zai adana.
Jirgin ruwa
Buɗe tashoshin jiragen ruwa masu zuwa akan uwar garken
-
443 - ku
-
5309 - tcp
-
514 - ku
Mun tsara saitin uwar garken farko.
Shigar da wakili
batawa
Ƙara maɓalli
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -Maɓallin yatsa
pub 4096R/474A19E8 2011-12-15 Rudder Project (release key) <[email protected]>
Key fingerprint = 7C16 9817 7904 212D D58C B4D1 9322 C330 474A 19E8Ƙara wurin ajiya
echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.listShigar da wakili
apt update
apt install rudder-agentSaitin wakili
Muna nuna wa wakilin adireshin IP na uwar garken manufofin
rudder agent policy-server <rudder server ip or hostname> #Без скобок. Можно также использовать доменное имя Ta hanyar aiwatar da umarni mai zuwa za mu aika da buƙatar ƙara sabon wakili zuwa uwar garken, cikin mintuna kaɗan zai bayyana a cikin jerin sabbin wakilai, zan yi bayanin yadda ake ƙarawa a sashe na gaba.
rudder agent inventoryHakanan zamu iya tilasta wa wakilin ya fara kuma zai aika da bukatar nan take
rudder agent runAn kafa wakilinmu, mu ci gaba.
Ƙara wakilai
Shiga
https://127.0.0.1/rudder/index.html
Wakilin ku zai bayyana a cikin sashin "Karɓi sababbin nodes", duba akwatin kuma danna Karɓa
Ya kamata ya ɗauki ɗan lokaci kaɗan har sai tsarin ya bincika uwar garken don bin ka'ida
Ƙirƙirar ƙungiyoyin uwar garken
Bari mu ƙirƙiri ƙungiya (wanda har yanzu nishaɗi ne), ba tare da sanin dalilin da ya sa masu haɓaka suka yi irin wannan mugunyar ƙungiyar ba, amma kamar yadda na fahimta, babu wata hanya. Je zuwa Gudanarwar Node -> Sashen Ƙungiyoyi kuma danna kan Ƙirƙiri, zaɓi rukuni na tsaye da suna.
Muna tace uwar garken da muke buƙata ta fasali na musamman, misali, ta adireshin IP, da adanawa
An kafa kungiyar.
Kafa dokoki
Jeka manufofin Kanfigareshan → Dokoki kuma ƙirƙirar sabuwar doka
Ƙara ƙungiyar da aka shirya a baya (ana iya yin wannan daga baya)
Kuma mun kafa sabon umarni
Bari mu ƙirƙiri umarni don ƙara maɓallan jama'a zuwa .ssh/authorized_keys. Ina amfani da wannan lokacin da sabon ma'aikaci ya fita, ko don sake inshora, misali, idan wani ya yanke maɓalli na da gangan.
Je zuwa manufofin Kanfigareshan → Umarnin a gefen hagu muna ganin "Laburare Directive" Nemo "Sakamakon Nesa → Maɓallan izini na SSH", a dama danna Ƙirƙiri Umarni
Muna shigar da bayanai game da mai amfani kuma mu ƙara maɓallinsa. Na gaba, zaɓi manufofin aikace-aikacen
-
Duniya-Tsoffin manufofin
-
Ƙarfafa - Yi aiki akan zaɓaɓɓun sabar
-
Audit - Zai gudanar da bincike kuma ya gaya wa abokan ciniki ke da maɓalli
Tabbatar da nuna mulkin mu
Sai ka ajiye ka gama.
Duba
An ƙara maɓalli cikin nasara
Buns
Wakilin yana ba da cikakken bayani game da uwar garken. Lissafin fakitin da aka shigar, musaya, buɗe tashoshin jiragen ruwa da ƙari mai yawa, waɗanda zaku iya gani a hoton da ke ƙasa
Hakanan zaka iya shigar da sarrafa software ba kawai akan Linux ba har ma akan Windows, ban duba ƙarshen ba, babu buƙata.
Daga marubucin
Kuna iya tambaya, me yasa aka sake ƙirƙira dabaran idan an riga an ƙirƙira mai yiwuwa da ɗan tsana tuntuni?
Ina amsawa: Mai yiwuwa yana da wasu kura-kurai, misali, ba mu ga halin da wannan tsarin yake a yanzu ba, ko kuma yanayin da aka saba da shi lokacin da kuka ƙaddamar da aikin ko littafin wasan kwaikwayo kuma kurakurai sun bayyana, kuma kun fara hawa kan uwar garken ku gani. wane kunshin aka sabunta a ina. Kuma kawai ban yi aiki da yar tsana ba..
Shin akwai rashin amfani ga RUDDER? Da yawa... Farawa daga gaskiyar cewa wakilai sun faɗi kuma dole ne ku sake shigar da su ko amfani da umarnin sake saitin rudder. (amma ta hanyar, Ban ga wannan a cikin sigar 6 ba tukuna), wanda ya haifar da saiti mai sarƙaƙƙiya da ƙirar ƙima.
Akwai fa'idodi? Hakanan akwai fa'idodi da yawa: Ba kamar sanannen Mai yiwuwa ba, muna da hanyar sadarwa ta yanar gizo wacce a cikinta zaku iya ganin ƙa'idar da muka yi amfani da ita. Misali, shin tashoshin jiragen ruwa da ke mannewa cikin duniya, menene yanayin wutar lantarki, an shigar da jami'an tsaro ko wasu na'urori.
Wannan software cikakke ne ga sashin tsaro na bayanai, tunda yanayin abubuwan more rayuwa koyaushe zai kasance a gaban idanunku, kuma idan kowane ɗayan ƙa'idodin ya haskaka ja, to wannan shine dalilin ziyartar uwar garken. Kamar yadda na ce, na yi amfani da Rudder tsawon shekaru 2 yanzu, kuma idan kun shan taba shi kadan, rayuwa ta inganta. Abu mafi wahala a cikin manyan abubuwan more rayuwa shine cewa ba ku tuna abin da uwar garken ke ciki ba, ko Yuni ya rasa shigar da jami'an tsaro ko kuma ya daidaita iptables daidai, amma rudder zai taimaka muku ci gaba da lura da duk abubuwan da suka faru. Aware yana nufin makamai! )
PS Ya juya fiye da yadda na tsara, ba zan kwatanta yadda ake shigar da fakiti ba, idan ba zato ba tsammani akwai buƙatun, zan rubuta wani ɓangare na biyu.
PSS Labarin don dalilai ne na bayanai, na yanke shawarar raba shi tunda akwai ƙarancin bayanai akan Intanet. Wataƙila wannan zai zama mai ban sha'awa ga wani. Barka da rana, abokai masoyi)
Hakoki na Talla
Sabbin almara Shin ko Windows tare da masu sarrafa dangin AMD EPYC masu ƙarfi da injin Intel NVMe mai sauri. Yi sauri don yin oda!
source: www.habr.com