Ezi ehihie enyi. Na atụmanya nke mmalite nke ọhụụ ọhụrụ na ọnụego Anyị na-ekekọrịta gị ntụgharị asụsụ ọhụrụ. Gaa.
Iji Pulumi na asụsụ mmemme izugbe maka koodu akụrụngwa (Infrastructure as Code) na-enye ọtụtụ uru: nnweta nka na ihe ọmụma, mkpochapụ nke efere efere na koodu site na abstraction, ngwaọrụ ndị otu gị maara nke ọma, dị ka IDE na linters. Ngwa injinịa sọftụwia niile ọ bụghị naanị na-eme ka anyị na-arụpụtakwu ihe, kamakwa na-emeziwanye ogo koodu anyị. Ya mere, ọ bụ ihe okike na iji asụsụ mmemme izugbe na-enye anyị ohere iwebata omume mmepe ngwanrọ ọzọ dị mkpa - ule.
N'isiokwu a, anyị ga-eleba anya ka Pulumi si enyere anyị aka ịnwale akụrụngwa-dị ka koodu.
Kedu ihe kpatara nwalee akụrụngwa?
Tupu ịbanye n'ime nkọwa, ọ bara uru ịjụ ajụjụ a: "Gịnị kpatara nwalee akụrụngwa ma ọlị?" Enwere ọtụtụ ihe kpatara nke a ma lee ụfọdụ n'ime ha:
- Nnwale nkeji otu ọrụ ma ọ bụ iberibe mgbagha nke mmemme gị
- Na-enyocha ọnọdụ achọrọ nke akụrụngwa megide ihe mgbochi ụfọdụ.
- Nchọpụta mmejọ ndị a na-ahụkarị, dị ka enweghị izo ya ezo nke ịwụ nchekwa ma ọ bụ enweghị nchekwa, ohere mepere emepe site na ịntanetị gaa na igwe mebere.
- Na-enyocha mmejuputa nke inye akụrụngwa.
- Na-eme nnwale oge ọsọ nke mgbagha ngwa na-agba ọsọ n'ime akụrụngwa “emebere” gị iji lelee arụmọrụ ma emesịa.
- Dịka anyị nwere ike ịhụ, enwere nhọrọ nnwale akụrụngwa dị iche iche. Polumi nwere usoro maka nnwale n'oge ọ bụla na ụdịdị a. Ka anyị bido hụ ka o si arụ ọrụ.
Nnwale otu
Edere mmemme Pulumi n'asụsụ mmemme izugbe dịka JavaScript, Python, TypeScript ma ọ bụ Go. Ya mere, ike zuru oke nke asụsụ ndị a, gụnyere ngwá ọrụ na ụlọ akwụkwọ ha, gụnyere usoro ule, dị maka ha. Pulumi bụ igwe ojii dị iche iche, nke pụtara na enwere ike iji ya mee nnwale sitere na igwe ojii ọ bụla.
(N'isiokwu a, n'agbanyeghị ịbụ multilingual na multicloud, anyị na-eji Javascript na Mocha ma lekwasị anya na AWS. Ị nwere ike iji Python). unittest, Gaa ule kpuchie, ma ọ bụ ihe ọ bụla ọzọ ule kpuchie na-amasị gị. Ma, n'ezie, Pulumi na-arụ ọrụ dị ukwuu na Azure, Google Cloud, Kubernetes.)
Dịka anyị hụworo, enwere ọtụtụ ihe kpatara ị ga-eji nwalee koodu akụrụngwa gị. Otu n'ime ha bụ nnwale unit. N'ihi na koodu gị nwere ike ịnwe ọrụ - dịka ọmụmaatụ, ịgbakọ CIDR, gbakọọ aha, mkpado, wdg. - eleghị anya ị ga-achọ ịnwale ha. Nke a bụ otu ịde ule nkeji oge niile maka ngwa n'asụsụ mmemme ọkacha mmasị gị.
Iji nweta ntakịrị mgbagwoju anya, ị nwere ike ịlele ka mmemme gị si ekenye akụrụngwa. Iji maa atụ, ka anyị were ya na anyị kwesịrị ịmepụta sava EC2 dị mfe ma anyị chọrọ ijide n'aka na ihe ndị a bụ:
- Ihe atụ nwere mkpado
Name. - Ihe atụ ekwesịghị iji ederede inline
userData- anyị ga-eji AMI (onyinyo). - Enweghị SSH ekpughere na ịntanetị.
Ihe atụ a dabere na :
index.js:
"use strict";
let aws = require("@pulumi/aws");
let group = new aws.ec2.SecurityGroup("web-secgrp", {
ingress: [
{ protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
{ protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },
],
});
let userData =
`#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &`;
let server = new aws.ec2.Instance("web-server-www", {
instanceType: "t2.micro",
securityGroups: [ group.name ], // reference the group object above
ami: "ami-c55673a0" // AMI for us-east-2 (Ohio),
userData: userData // start a simple web server
});
exports.group = group;
exports.server = server;
exports.publicIp = server.publicIp;
exports.publicHostName = server.publicDns;
Nke a bụ mmemme Pulumi bụ isi: ọ na-ekenye otu nchekwa EC2 na ihe atụ. Otú ọ dị, ekwesịrị ịmara na ebe a, anyị na-emebi iwu atọ ahụ ekwuru n'elu. Ka anyị dee ule!
Nnwale edemede
Usoro izugbe nke ule anyị ga-adị ka ule Mocha oge niile:
ec2tests.js
test.js:
let assert = require("assert");
let mocha = require("mocha");
let pulumi = require("@pulumi/pulumi");
let infra = require("./index");
describe("Infrastructure", function() {
let server = infra.server;
describe("#server", function() {
// TODO(check 1): Должен быть тэг Name.
// TODO(check 2): Не должно быть inline-скрипта userData.
});
let group = infra.group;
describe("#group", function() {
// TODO(check 3): Не должно быть SSH, открытого в Интернет.
});
});
Ugbu a, ka anyị dee ule mbụ anyị: jide n'aka na ọnọdụ ndị ahụ nwere mkpado Name. Iji lelee nke a, anyị ga-enweta naanị ihe atụ EC2 wee lelee akụrụngwa kwekọrọ tags:
// check 1: Должен быть тэг Name.
it("must have a name tag", function(done) {
pulumi.all([server.urn, server.tags]).apply(([urn, tags]) => {
if (!tags || !tags["Name"]) {
done(new Error(`Missing a name tag on server ${urn}`));
} else {
done();
}
});
});Ọ dị ka nnwale oge niile, mana nwere njirimara ole na ole kwesịrị ịrịba ama:
- N'ihi na anyị na-ajụ ọnọdụ akụrụngwa tupu ebunye ya, a na-eme ule anyị mgbe niile na ọnọdụ "atụmatụ" (ma ọ bụ "nhụchalụ"). Ya mere, e nwere ọtụtụ ihe onwunwe nke ụkpụrụ agaghị eweghachi ma ọ bụ na-agaghị akọwapụta ya. Nke a gụnyere ihe nrụpụta niile nke ndị na-eweta igwe ojii gbakọrọ. Nke a bụ ihe nkịtị maka ule anyị - naanị anyị na-elele data ntinye. Anyị ga-alaghachi na mbipụta a ma emechaa, mgbe a bịara n'ule ntinye.
- Ebe ọ bụ na akụrụngwa akụrụngwa Pulumi niile bụ nsonaazụ, yana ọtụtụ n'ime ha na-enyocha n'otu n'otu, anyị kwesịrị iji usoro itinye iji nweta ụkpụrụ. Nke a dị nnọọ ka nkwa na ọrụ
then. - Ebe anyị na-eji ọtụtụ akụrụngwa iji gosi URL akụ na ozi njehie, anyị kwesịrị iji ọrụ ahụ
pulumi.allijikọta ha. - N'ikpeazụ, ebe ọ bụ na a na-agbakọ ụkpụrụ ndị a n'otu n'otu, anyị kwesịrị iji njirimara oku async arụnyere arụnyere na Mocha.
donema ọ bụ iweghachi nkwa.
Ozugbo anyị haziela ihe niile, anyị ga-enweta ntinye dị ka ụkpụrụ Javascript dị mfe. Ngwongwo tags bụ maapụ (ihe jikọrọ ọnụ), yabụ anyị ga-ahụ naanị na ọ bụ (1) ọ bụghị ụgha, yana (2) enwere igodo maka ya. Name. Ọ dị nnọọ mfe ma ugbu a anyị nwere ike ịnwale ihe ọ bụla!
Ugbu a, ka anyị dee akwụkwọ ndenye ego nke abụọ. Ọ dị mfe karị:
// check 2: Не должно быть inline-скрипта userData.
it("must not use userData (use an AMI instead)", function(done) {
pulumi.all([server.urn, server.userData]).apply(([urn, userData]) => {
if (userData) {
done(new Error(`Illegal use of userData on server ${urn}`));
} else {
done();
}
});
});N'ikpeazụ, ka anyị dee ule nke atọ. Nke a ga-abụ ntakịrị ihe mgbagwoju anya n'ihi na anyị na-achọ iwu nbanye jikọtara ya na otu nchekwa, nke nwere ike ịbụ ọtụtụ, na CIDR dị na iwu ndị ahụ, nke nwekwara ike ịdị ọtụtụ. Mana anyị jisiri ike:
// check 3: Не должно быть SSH, открытого в Интернет.
it("must not open port 22 (SSH) to the Internet", function(done) {
pulumi.all([ group.urn, group.ingress ]).apply(([ urn, ingress ]) => {
if (ingress.find(rule =>
rule.fromPort == 22 && rule.cidrBlocks.find(block =>
block === "0.0.0.0/0"))) {
done(new Error(`Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on group ${urn}`));
} else {
done();
}
});
});Ọ gwụla. Ugbu a, ka anyị na-agba ọsọ ule!
Nnwale na-agba ọsọ
N'ọtụtụ ọnọdụ, ịnwere ike ịnwale ule n'ụzọ ọ na-adị, na-eji usoro ule nke nhọrọ gị. Ma enwere otu akụkụ nke Pulumi kwesịrị ịṅa ntị na ya.
Dị ka ọ na-adịkarị, iji mee mmemme Pulumi, a na-eji pulimi CLI (Command Line interface) nke na-ahazi oge a na-agba ọsọ nke asụsụ, na-achịkwa mwepụta nke injin Pulumi ka enwere ike ịdekọ ọrụ nwere akụrụngwa wee tinye na atụmatụ, wdg. Agbanyeghị, enwere otu nsogbu. Mgbe ị na-agba ọsọ n'okpuru njikwa nke usoro ule gị, a gaghị enwe nkwukọrịta n'etiti CLI na injin Pulumi.
Iji dozie nsogbu a, naanị anyị kwesịrị ịkọwapụta ihe ndị a:
- Aha oru ngo, nke dị na mgbanwe gburugburu ebe obibi
PULUMI_NODEJS_PROJECT(ma ọ bụ, karịa n'ozuzu,PULUMI__PROJECT для других языков).
Aha nchịkọta nke akọwapụtara na mgbanwe gburugburu ebe obibiPULUMI_NODEJS_STACK(ma ọ bụ, karịa n'ozuzu,PULUMI__ STACK).
Ụdị nhazi nchịkọta nchịkọta gị. Enwere ike nweta ha site na iji mgbanwe gburugburu ebe obibiPULUMI_CONFIGna usoro ha bụ map JSON nwere igodo/uru ụzọ abụọ.Ihe omume ahụ ga-enye ịdọ aka ná ntị na-egosi na njikọ na CLI / engine adịghị n'oge a na-egbu ya. Nke a dị mkpa n'ihi na mmemme gị agaghị etinye ihe ọ bụla ma ọ nwere ike iju gị anya ma ọ bụrụ na ọ bụghị ihe i bu n'obi ime! Iji gwa Pulumi na nke a bụ ihe ịchọrọ, ị nwere ike ịwụnye
PULUMI_TEST_MODEвtrue.Were ya na anyị kwesịrị ịkọwa aha oru ngo na
my-ws, nchịkọta ahadev, na AWS Mpagharaus-west-2. Ahịrị iwu maka ịgba ọsọ ule Mocha ga-adị ka nke a:$ PULUMI_TEST_MODE=true PULUMI_NODEJS_STACK="my-ws" PULUMI_NODEJS_PROJECT="dev" PULUMI_CONFIG='{ "aws:region": "us-west-2" }' mocha tests.jsIme nke a, dị ka a tụrụ anya ya, ga-egosi anyị na anyị enwetala ule atọ dara!
Infrastructure #server 1) must have a name tag 2) must not use userData (use an AMI instead) #group 3) must not open port 22 (SSH) to the Internet 0 passing (17ms) 3 failing 1) Infrastructure #server must have a name tag: Error: Missing a name tag on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 2) Infrastructure #server must not use userData (use an AMI instead): Error: Illegal use of userData on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 3) Infrastructure #group must not open port 22 (SSH) to the Internet: Error: Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on groupKa anyị dozie mmemme anyị:
"use strict"; let aws = require("@pulumi/aws"); let group = new aws.ec2.SecurityGroup("web-secgrp", { ingress: [ { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, ], }); let server = new aws.ec2.Instance("web-server-www", { tags: { "Name": "web-server-www" }, instanceType: "t2.micro", securityGroups: [ group.name ], // reference the group object above ami: "ami-c55673a0" // AMI for us-east-2 (Ohio), }); exports.group = group; exports.server = server; exports.publicIp = server.publicIp; exports.publicHostName = server.publicDns;Ma megharịa ule ahụ ọzọ:
Infrastructure #server ✓ must have a name tag ✓ must not use userData (use an AMI instead) #group ✓ must not open port 22 (SSH) to the Internet 3 passing (16ms)Ihe niile gara nke ọma... Hurray! ✓✓✓
Nke ahụ bụ naanị maka taa, mana anyị ga-ekwu maka nnwale nnabata na akụkụ nke abụọ nke ntụgharị asụsụ 😉
isi: www.habr.com