ProHoster > Блог > Whakahaerenga > Te whakatu i tetahi roopu Nomad ma te whakamahi i te Consul me te whakauru ki a Gitlab

Te whakatu i tetahi roopu Nomad ma te whakamahi i te Consul me te whakauru ki a Gitlab

Whakataki

Ina tata nei, kua tere te tipu o te rongonui o Kubernetes - kua maha ake nga kaupapa e whakatinana ana. I hiahia ahau ki te pa atu ki tetahi kaitoi penei i a Nomad: he mea tino pai mo nga kaupapa e whakamahi ana i etahi atu otinga mai i HashiCorp, hei tauira, Vault me ​​Consul, a ko nga kaupapa ake ehara i te mea uaua mo te hanganga. Kei roto i tenei rauemi nga tohutohu mo te whakauru i a Nomad, te whakakotahi i nga pona e rua ki roto i te kapoi, me te whakauru i a Nomad me Gitlab.

Te whakatu i tetahi roopu Nomad ma te whakamahi i te Consul me te whakauru ki a Gitlab

pae whakamatautau

He iti mo te papa whakamatautau: e toru nga kaitoro mariko e whakamahia ana me nga ahuatanga o te 2 PTM, 4 RAM, 50 Gb SSD, ka hono ki te whatunga rohe noa. O ratou ingoa me o ratou wahitau IP:

  1. nomad-livelinux-01: 172.30.0.5
  2. nomad-livelinux-02: 172.30.0.10
  3. consul-livelinux-01: 172.30.0.15

Te whakaurunga o Nomad, Consul. Te hanga i te roopu Nomad

Me timata ki te whakaurunga taketake. Ahakoa he ngawari te tatūnga, ka whakaahuahia e au mo te pono o te tuhinga: i hangaia mai i nga tauira me nga tuhipoka mo te uru tere ina hiahiatia.

I mua i te timata ki te parakatihi, ka matapakihia e tatou te wahanga ariā, na te mea i tenei wahanga he mea nui kia mohio ki te hanganga a meake nei.

E rua a matou kohanga nomad ka hiahia matou ki te whakakotahi i a raatau ki roto i te kapoi, a hei nga ra kei te heke mai ka hiahia ano matou ki te whakahiato kapoi aunoa - mo tenei ka hiahia matou ki te Consul. Ma tenei taputapu, he mahi tino ngawari te whakahiato me te taapiri i nga pona hou: ka hono te node Nomad i hangaia ki te kaihoko Consul, ka hono atu ki te roopu Nomad o naianei. No reira, i te timatanga ka whakauruhia e matou te kaitoro Consul, whirihorahia te whakamanatanga http taketake mo te pae tukutuku (kaore he whakamanatanga ma te taunoa ka taea te uru atu ki tetahi wahitau o waho), me nga Kaihautu ano i runga i nga tūmau Nomad, ka mutu ka haere noa tatou ki Nomad.

He tino ngawari te whakauru i nga taputapu a HashiCorp: ko te tikanga, ka nukuhia e matou te konae rua ki te raarangi bin, ka whakatuu i te konae whirihoranga o te taputapu, ka hanga i tana konae ratonga.

Tikiake i te kōnae ā-rua a Consul ka wetewete ki roto i te whaiaronga kāinga o te kaiwhakamahi:

root@consul-livelinux-01:~# wget https://releases.hashicorp.com/consul/1.5.0/consul_1.5.0_linux_amd64.zip
root@consul-livelinux-01:~# unzip consul_1.5.0_linux_amd64.zip
root@consul-livelinux-01:~# mv consul /usr/local/bin/

Inaianei kei a maatau he kaunihera kaunihera kua rite mo etahi atu whirihoranga.

Hei mahi tahi me Consul, me hanga e matou he taviri ahurei ma te whakamahi i te whakahau keygen:

root@consul-livelinux-01:~# consul keygen

Me haere tatou ki te whakarite i te whirihoranga Consul, te hanga i tetahi whaiaronga /etc/consul.d/ me te hanganga e whai ake nei:

/etc/consul.d/
├── bootstrap
│   └── config.json

Kei roto i te whaiaronga bootstrap he konae whirihora config.json - kei roto ka tautuhia e matou nga tautuhinga Consul. Ko ona ihirangi:

{
"bootstrap": true,
"server": true,
"datacenter": "dc1",
"data_dir": "/var/consul",
"encrypt": "your-key",
"log_level": "INFO",
"enable_syslog": true,
"start_join": ["172.30.0.15"]
}

Me titiro motuhake ki nga tohutohu matua me o raatau tikanga:

  • Bootstrap: pono. Ka taea e matou te taapiri aunoa i nga pona hou mena ka hono. Ka kite ahau kaore matou e whakaatu i konei te maha o nga waahanga e tumanakohia ana.
  • tūmau: pono. Whakahohehia te aratau tūmau. Ko te Kaipupuri mo tenei miihini mariko anake te kaimau me te rangatira i tenei wa, ko te VM a Nomad nga kaihoko.
  • kaiwhakarato raraunga: dc1. Tauwhāitihia te ingoa o te pokapū raraunga hei hanga i te tautau. Me rite tonu ki nga kaihoko me nga kaitoro.
  • whakamuna: to-ki. Ko te matua, he mea ahurei me te rite ki nga kaihoko me nga kaitoro katoa. I hangaia ma te tono consul keygen.
  • timata_hono. I roto i tenei rarangi ka tohuhia he rarangi o nga wahitau IP e hono ai te hononga. I tenei wa ka waiho noa to matou ake wahi noho.

I tenei wa ka taea e taatau te whakahaere consul ma te whakamahi i te raina whakahau:

root@consul-livelinux-01:~# /usr/local/bin/consul agent -config-dir /etc/consul.d/bootstrap -ui

He huarahi pai tenei ki te patuiro inaianei, heoi, kare e taea e koe te whakamahi tonu i tenei tikanga mo nga take maamaa. Me hanga he konae ratonga hei whakahaere i a Consul ma te punaha:

root@consul-livelinux-01:~# nano /etc/systemd/system/consul.service

Nga ihirangi o te konae consul.service: 

[Unit]
Description=Consul Startup process
After=network.target
 
[Service]
Type=simple
ExecStart=/bin/bash -c '/usr/local/bin/consul agent -config-dir /etc/consul.d/bootstrap -ui' 
TimeoutStartSec=0
 
[Install]
WantedBy=default.target

Whakarewa Consul mā systemctl:

root@consul-livelinux-01:~# systemctl start consul

Me titiro tatou: me mahi tonu ta maatau ratonga, a ma te whakahaere i nga whakahau a nga mema kaunihera me kite tatou i to tatou tūmau:

root@consul-livelinux:/etc/consul.d# consul members
consul-livelinux    172.30.0.15:8301  alive   server  1.5.0  2         dc1  <all>

I muri mai: te whakauru i te Nginx me te whakarite i te takawaenga me te whakamanatanga http. Ka whakauruhia e matou te nginx na roto i te kaiwhakahaere kete me te raarangi /etc/nginx/sites-enabled ka hangaia e matou he konae whirihoranga consul.conf me nga mea e whai ake nei:

upstream consul-auth {
    server localhost:8500;
}

server {

    server_name consul.doman.name;
    
    location / {
      proxy_pass http://consul-auth;
      proxy_set_header Host $host;
      auth_basic_user_file /etc/nginx/.htpasswd;
      auth_basic "Password-protected Area";
    }
}

Kaua e wareware ki te hanga i tetahi konae .htpasswd me te whakaputa i te ingoa kaiwhakamahi me te kupuhipa mo taua mea. Kei te hiahiatia tenei mea kia kore ai te pae tukutuku e waatea ki nga tangata katoa e mohio ana ki to tatou rohe. Heoi, i te wa e whakatuu ana i a Gitlab, me whakarere tenei - mena ka kore e taea te tuku i ta tatou tono ki Nomad. I roto i taku kaupapa, ko Gitlab me Nomad kei runga noa i te paetukutuku hina, na reira kaore he raruraru penei i konei.

I nga toenga e rua ka whakauruhia e matou nga kaihoko a Consul i runga i nga tohutohu e whai ake nei. Ka whakahoki ano i nga taahiraa me te konae rua:

root@nomad-livelinux-01:~# wget https://releases.hashicorp.com/consul/1.5.0/consul_1.5.0_linux_amd64.zip
root@nomad-livelinux-01:~# unzip consul_1.5.0_linux_amd64.zip
root@nomad-livelinux-01:~# mv consul /usr/local/bin/

Ma te whakataurite ki te tūmau o mua, ka waihangahia he raarangi mo nga konae whirihoranga /etc/consul.d me te hanganga e whai ake nei:

/etc/consul.d/
├── client
│   └── config.json

Nga ihirangi o te kōnae config.json:

{
    "datacenter": "dc1",
    "data_dir": "/opt/consul",
    "log_level": "DEBUG",
    "node_name": "nomad-livelinux-01",
    "server": false,
    "encrypt": "your-private-key",
    "domain": "livelinux",
    "addresses": {
      "dns": "127.0.0.1",
      "https": "0.0.0.0",
      "grpc": "127.0.0.1",
      "http": "127.0.0.1"
    },
    "bind_addr": "172.30.0.5", # локальный адрес вм
    "start_join": ["172.30.0.15"], # удаленный адрес консул сервера
    "ports": {
      "dns": 53
     }

Tiakina nga huringa ka haere tonu ki te whakarite i te konae ratonga, me ona ihirangi:

/etc/systemd/system/consul.service:

[Unit]
Description="HashiCorp Consul - A service mesh solution"
Documentation=https://www.consul.io/
Requires=network-online.target
After=network-online.target

[Service]
User=root
Group=root
ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d/client
ExecReload=/usr/local/bin/consul reload
KillMode=process
Restart=on-failure

[Install]
WantedBy=multi-user.target

Ka whakarewahia e matou he kaitohutohu i runga i te tūmau. Na, i muri i te whakarewatanga, me kite tatou i te ratonga whirihora i roto i nga mema nsul. Ko te tikanga kua pai te hono atu ki te tautau hei kaihoko. Whakahokia ano i runga i te tuarua o te tūmau ka mutu ka taea te tiimata ki te whakauru me te whirihora i a Nomad.

Ko etahi atu korero mo te whakaurunga o Nomad e whakaahuatia ana i roto i ana tuhinga mana. E rua nga tikanga whakauru tawhito: te tango i te konae rua me te whakahiato mai i te puna. Ka whiriwhiria e au te tikanga tuatahi.

parau: Kei te tino tere te whakawhanaketanga o te kaupapa, ka tukuna nga whakahou hou. Tena pea ka puta he putanga hou i te wa e oti ai tenei tuhinga. Na, i mua i te panui, ka tūtohu ahau ki te tirotiro i te putanga o Nomad i tenei wa me te tango. 

root@nomad-livelinux-01:~# wget https://releases.hashicorp.com/nomad/0.9.1/nomad_0.9.1_linux_amd64.zip
root@nomad-livelinux-01:~# unzip nomad_0.9.1_linux_amd64.zip
root@nomad-livelinux-01:~# mv nomad /usr/local/bin/
root@nomad-livelinux-01:~# nomad -autocomplete-install
root@nomad-livelinux-01:~# complete -C /usr/local/bin/nomad nomad
root@nomad-livelinux-01:~# mkdir /etc/nomad.d

Whai muri i te wetewete, ka whiwhi matou i tetahi konae takirua Nomad e 65 MB te taumaha - me nuku ki /usr/local/bin.

Waihangahia he whaiaronga raraunga mo Nomad ka whakatika i tana konae ratonga (kaore pea i te timatanga):

root@nomad-livelinux-01:~# mkdir --parents /opt/nomad
root@nomad-livelinux-01:~# nano /etc/systemd/system/nomad.service

Whakapirihia nga rarangi e whai ake nei ki reira:

[Unit]
Description=Nomad
Documentation=https://nomadproject.io/docs/
Wants=network-online.target
After=network-online.target

[Service]
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/local/bin/nomad agent -config /etc/nomad.d
KillMode=process
KillSignal=SIGINT
LimitNOFILE=infinity
LimitNPROC=infinity
Restart=on-failure
RestartSec=2
StartLimitBurst=3
StartLimitIntervalSec=10
TasksMax=infinity

[Install]
WantedBy=multi-user.target

Heoi, kaore matou i te tere ki te whakarewa i te nomad - kaore ano matou i hanga i tana konae whirihoranga:

root@nomad-livelinux-01:~# mkdir --parents /etc/nomad.d
root@nomad-livelinux-01:~# chmod 700 /etc/nomad.d
root@nomad-livelinux-01:~# nano /etc/nomad.d/nomad.hcl
root@nomad-livelinux-01:~# nano /etc/nomad.d/server.hcl

Ko te hanganga whaiaronga whakamutunga ka penei:

/etc/nomad.d/
├── nomad.hcl
└── server.hcl

Me whai i te kōnae nomad.hcl te whirihoranga e whai ake nei:

datacenter = "dc1"
data_dir = "/opt/nomad"

Nga ihirangi o te kōnae server.hcl:

server {
  enabled = true
  bootstrap_expect = 1
}

consul {
  address             = "127.0.0.1:8500"
  server_service_name = "nomad"
  client_service_name = "nomad-client"
  auto_advertise      = true
  server_auto_join    = true
  client_auto_join    = true
}

bind_addr = "127.0.0.1" 

advertise {
  http = "172.30.0.5"
}

client {
  enabled = true
}

Kaua e wareware ki te huri i te konae whirihoranga i runga i te tūmau tuarua - i reira ka hiahia koe ki te huri i te uara o te tohutohu http.

Ko te mea whakamutunga i tenei waahanga ko te whirihora i a Nginx mo te takawaenga me te whakatu i te whakamanatanga http. Nga ihirangi o te kōnae nomad.conf:

upstream nomad-auth {
        server 172.30.0.5:4646;
}

server {

        server_name nomad.domain.name;
        
        location / {
	        proxy_pass http://nomad-auth;
	        proxy_set_header Host $host;
	        auth_basic_user_file /etc/nginx/.htpasswd;
		   auth_basic "Password-protected Area";
        }
        
}

Inaianei ka taea e taatau te uru atu ki te pae tukutuku ma te whatunga o waho. Tūhono ka haere ki te whārangi tūmau:

Te whakatu i tetahi roopu Nomad ma te whakamahi i te Consul me te whakauru ki a Gitlab
Whakaahua 1. Rārangi o ngā tūmau i te kāhui Nomad

Ka whakaatu pai nga kaitoro e rua ki te panui, ka kite tatou i te mea ano i roto i te putanga o te whakahau mana node nomad:

Te whakatu i tetahi roopu Nomad ma te whakamahi i te Consul me te whakauru ki a Gitlab
Whakaahua 2. Putanga o te tono mana node nomad

He aha te korero mo te Consul? Kia titiro tatou. Haere ki te paewhiri mana Consul, ki te wharangi nodes:
Te whakatu i tetahi roopu Nomad ma te whakamahi i te Consul me te whakauru ki a Gitlab
Whakaahua 3. Rārangi o ngā kōpuku i te kāhui Consul

Inaianei kei a maatau tetahi Nomad e mahi tahi ana me te Kaihoko. I te waahanga whakamutunga, ka tae atu ki te waahanga ngahau: te whakarite i te tuku ipu Docker mai i Gitlab ki Nomad, me te korero ano mo etahi atu ahuatanga motuhake.

Waihangahia te Runner Gitlab

Hei tuku i nga whakaahua docker ki Nomad, ka whakamahia e matou he kaihoroi motuhake me te konae rua Nomad kei roto (i konei, ma te ara, ka taea e matou te kite i tetahi atu waahanga o nga tono Hashicorp - takitahi he konae takirua kotahi). Tukuna atu ki te whaiaronga kaihoroi. Me hanga he Dockerfile ngawari mo taua mea me nga mea e whai ake nei:


FROM alpine:3.9
RUN apk add --update --no-cache libc6-compat gettext
COPY nomad /usr/local/bin/nomad

I roto i taua kaupapa ka hangaia e matou .gitlab-ci.yml:

variables:
  DOCKER_IMAGE: nomad/nomad-deploy
  DOCKER_REGISTRY: registry.domain.name
 

stages:
  - build

build:
  stage: build
  image: ${DOCKER_REGISTRY}/nomad/alpine:3
  script:
    - tag=${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest
    - docker build --pull -t ${tag} -f Dockerfile .
    - docker push ${tag}

Ko te mutunga, ka whiwhi tatou i te ahua o te kaihoroi Nomad i roto i te Gitlab Registry, inaianei ka taea e tatou te haere tika ki te putunga kaupapa, te hanga Pipeline me te whirihora i te mahi nomad a Nomad.

Tatūnga kaupapa

Me timata me te konae mahi mo Nomad. Ko taku kaupapa i roto i tenei tuhinga ka tino maamaa: kotahi te mahi. Ko nga korero o .gitlab-ci ka penei:

variables:
  NOMAD_ADDR: http://nomad.address.service:4646
  DOCKER_REGISTRY: registry.domain.name
  DOCKER_IMAGE: example/project

stages:
  - build
  - deploy

build:
  stage: build
  image: ${DOCKER_REGISTRY}/nomad-runner/alpine:3
  script:
    - tag=${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${CI_COMMIT_SHORT_SHA}
    - docker build --pull -t ${tag} -f Dockerfile .
    - docker push ${tag}


deploy:
  stage: deploy
  image: registry.example.com/nomad/nomad-runner:latest
  script:
    - envsubst '${CI_COMMIT_SHORT_SHA}' < project.nomad > job.nomad
    - cat job.nomad
    - nomad validate job.nomad
    - nomad plan job.nomad || if [ $? -eq 255 ]; then exit 255; else echo "success"; fi
    - nomad run job.nomad
  environment:
    name: production
  allow_failure: false
  when: manual

I konei ka puta a ringa te tukunga, engari ka taea e koe te whirihora hei huri i nga ihirangi o te raarangi kaupapa. E rua nga waahanga o te Pipeline: ko te whakahiato whakaahua me te tuku ki te hunga nomad. I te wahanga tuatahi, ka kohia e matou he ahua docker ka pana ki roto i ta matou Rehita, a i te tuarua ka whakarewahia e matou a matou mahi ki Nomad. 

job "monitoring-status" {
    datacenters = ["dc1"]
    migrate {
        max_parallel = 3
        health_check = "checks"
        min_healthy_time = "15s"
        healthy_deadline = "5m"
    }

    group "zhadan.ltd" {
        count = 1
        update {
            max_parallel      = 1
            min_healthy_time  = "30s"
            healthy_deadline  = "5m"
            progress_deadline = "10m"
            auto_revert       = true
        }
        task "service-monitoring" {
            driver = "docker"

            config {
                image = "registry.domain.name/example/project:${CI_COMMIT_SHORT_SHA}"
                force_pull = true
                auth {
                    username = "gitlab_user"
                    password = "gitlab_password"
                }
                port_map {
                    http = 8000
                }
            }
            resources {
                network {
                    port "http" {}
                }
            }
        }
    }
}

Kia mahara kei a au he Rehitatanga motuhake me te tohi angitu i te ahua docker me uru atu ahau ki reira. Ko te otinga pai mo tenei keehi ko te whakauru i te takiuru me te kupuhipa ki roto i te Vault ka whakauru ki a Nomad. Ka tautoko a Nomad i a Vault. Engari tuatahi, me whakauru nga kaupapa here e tika ana mo Nomad i Vault ake; ka taea te tango:

# Download the policy and token role
$ curl https://nomadproject.io/data/vault/nomad-server-policy.hcl -O -s -L
$ curl https://nomadproject.io/data/vault/nomad-cluster-role.json -O -s -L

# Write the policy to Vault
$ vault policy write nomad-server nomad-server-policy.hcl

# Create the token role with Vault
$ vault write /auth/token/roles/nomad-cluster @nomad-cluster-role.json

Inaianei, kua hanga e matou nga kaupapa here e tika ana, ka taapirihia e matou te whakauru ki a Vault i te poraka mahi i roto i te konae job.nomad:

vault {
  enabled = true
  address = "https://vault.domain.name:8200"
  token = "token"
}

Ka whakamahi ahau i te whakamanatanga ma te tohu ka rehita tika ki konei, kei kona ano te whiringa ki te tohu i te tohu hei taurangi i te wa e tiimata ana te kaihoko nomad:

$ VAULT_TOKEN=<token> nomad agent -config /path/to/config

Inaianei ka taea e taatau te whakamahi i nga taviri me Vault. He ngawari te kaupapa o te mahi: ka hangaia e matou he konae i roto i te mahi Nomad ka penapena nga uara o nga taurangi, hei tauira:

template {
                data = <<EOH
{{with secret "secrets/pipeline-keys"}}
REGISTRY_LOGIN="{{ .Data.REGISTRY_LOGIN }}"
REGISTRY_PASSWORD="{{ .Data.REGISTRY_LOGIN }}{{ end }}"

EOH
    destination = "secrets/service-name.env"
    env = true
}

Ma tenei huarahi ngawari, ka taea e koe te whirihora i te tuku ipu ki te roopu Nomad me te mahi tahi a muri ake nei. Ka kii ahau ka aroha ahau ki a Nomad - he pai ake mo nga kaupapa iti ka taea e Kubernetes te whakararu ake, kaore hoki e mohio ki tona kaha. I tua atu, he tino pai a Nomad mo te hunga timata—he ngawari ki te whakauru me te whirihora. Heoi, i te wa e whakamatautau ana i etahi kaupapa, ka raru ahau me ona putanga o mua - he maha nga mahi taketake kaore i reira, kaore ranei e mahi tika. Heoi ano, e whakapono ana ahau ka whanake tonu a Nomad, a, kei te heke mai ka riro i a ia nga mahi e hiahiatia ana e te katoa.

Kaituhi: Ilya Andreev, i whakatikahia e Alexey Zhadan me te roopu Live Linux


Source: will.com

Tāpiri i te kōrero