Kuyambira "poyambira" mpaka masauzande a maseva m'malo khumi ndi awiri a data. Momwe tidathamangitsira kukula kwa zomangamanga za Linux

Ngati zida zanu za IT zikukula mwachangu, posachedwa mudzakumana ndi chisankho: onjezerani anthu kuti azithandizira kapena kuyambitsa zokha. Mpaka nthawi ina, tinkakhala mu paradigm yoyamba, ndiyeno njira yayitali yopita ku Infrastructure-as-Code inayamba.

Inde, NSPK si chiyambi, koma chikhalidwe choterocho chinalamulira mu kampaniyo m'zaka zoyambirira za kukhalapo kwake, ndipo izo zinali zaka zosangalatsa kwambiri. Dzina langa ndi Kornyakov wotchedwa Dmitry, Ndakhala ndikuthandizira maziko a Linux okhala ndi zofunikira zopezeka kwazaka zopitilira 10. Analowa nawo gulu la NSPK mu January 2016 ndipo, mwatsoka, sanawone chiyambi cha kukhalapo kwa kampaniyo, koma adadza pa siteji ya kusintha kwakukulu.

Nthawi zambiri, titha kunena kuti gulu lathu limapereka zinthu ziwiri zamakampani. Choyamba ndi zomangamanga. Imelo iyenera kugwira ntchito, DNS iyenera kugwira ntchito, ndipo oyang'anira madambwe akuyenera kukulowetsani ma seva omwe sayenera kugwa. Mawonekedwe a kampani ya IT ndi aakulu! Awa ndi machitidwe ofunikira abizinesi & mishoni, zofunika kupezeka kwa ena ndi 2. Chinthu chachiwiri ndi ma seva okha, akuthupi komanso enieni. Zomwe zilipo ziyenera kuyang'aniridwa, ndipo zatsopano ziyenera kuperekedwa pafupipafupi kwa makasitomala ochokera m'madipatimenti ambiri. M'nkhaniyi ndikufuna kuyang'ana momwe tidapangira zomangamanga zomwe zimayang'anira moyo wa seva.

Chiyambi cha njira

Kumayambiriro kwa ulendo wathu, kuchuluka kwathu kwaukadaulo kumawoneka motere:
OS CentOS 7
FreeIPA Domain Controllers
Zodzichitira - Ansible(+Nsanja), Cobbler

Zonsezi zinali mu madera a 3, kufalikira kumalo angapo a deta. Pamalo amodzi a data pali machitidwe a ofesi ndi malo oyesera, mu ena onse pali PROD.

Kupanga ma seva nthawi imodzi kumawoneka motere:

Mu template ya VM, CentOS ndi yochepa ndipo zofunikira zochepa zimakhala ngati zolondola /etc/resolv.conf, zina zonse zimabwera kudzera mu Ansible.

CMDB - Excel.

Ngati seva ili ndi thupi, ndiye kuti m'malo motengera makina enieni, OS idayikidwapo pogwiritsa ntchito Cobbler - maadiresi a MAC a seva yomwe chandamale amawonjezedwa ku Cobbler config, seva imalandira adilesi ya IP kudzera pa DHCP, kenako OS. iwonjezedwa.

Poyamba tidayesetsanso kuchita mtundu wina wa kasamalidwe ka Cobbler. Koma m'kupita kwa nthawi, izi zinayamba kubweretsa mavuto ndi kusuntha kwa masanjidwe onse kumalo ena a data komanso ku Ansible code pokonzekera ma VM.

Panthawiyo, ambiri aife tidawona kuti Ansible ngati njira yowonjezera ya Bash ndipo sitinadumphire pamapangidwe pogwiritsa ntchito chipolopolo ndi sed. Zonse Bashsible. Izi pamapeto pake zidapangitsa kuti ngati buku lamasewera pazifukwa zina silinagwire ntchito pa seva, zinali zosavuta kufufuta seva, kukonza buku lamasewera ndikuyendetsanso. Panalibe kusinthidwa kwa zolembedwa, palibe kusuntha kwa kasinthidwe.

Mwachitsanzo, tinkafuna kusintha zina pa ma seva onse:

1. Timasintha kasinthidwe pa ma seva omwe alipo mu gawo lomveka / data center. Nthawi zina osati tsiku limodzi - zofunikira zopezeka ndi lamulo la anthu ambiri salola kuti kusintha konse kuchitidwe kamodzi. Ndipo zosintha zina zitha kuwononga ndipo zimafuna kuyambitsanso china chake - kuchokera ku mautumiki kupita ku OS yomwe.
2. Kukonza mu Ansible
3. Timakonza mu Cobbler
4. Bwerezani nthawi za N pagawo lililonse lomveka bwino

Kuti kusintha konse kuyende bwino, kunali koyenera kuganizira zinthu zambiri, ndipo kusintha kumachitika nthawi zonse.

• Refactoring code ansible, kasinthidwe owona
• Kusintha machitidwe abwino amkati
• Zosintha potengera zotsatira za kuwunika kwa zochitika / ngozi
• Kusintha miyezo ya chitetezo, mkati ndi kunja. Mwachitsanzo, PCI DSS imasinthidwa ndi zofunikira zatsopano chaka chilichonse

Kukula kwa zomangamanga ndi chiyambi cha ulendo

Chiwerengero cha ma seva / madera omveka bwino / malo osungira deta anakula, ndipo nawo chiwerengero cha zolakwika pakukonzekera. Panthawi ina, tidafika kunjira zitatu zomwe kasamalidwe kasamalidwe kamayenera kukhazikitsidwa:

1. Zochita zokha. Zolakwa zaumunthu pochita zinthu mobwerezabwereza ziyenera kupewedwa momwe zingathere.
2. Kubwerezabwereza. Ndizosavuta kuyang'anira zomangamanga ngati zikuwonekeratu. Kukonzekera kwa ma seva ndi zida zokonzekera ziyenera kukhala zofanana kulikonse. Izi ndizofunikanso kwa magulu azinthu - pambuyo poyesedwa, ntchitoyo iyenera kutsimikiziridwa kuti idzakhala m'malo opangira opangidwa mofanana ndi malo oyesera.
3. Kuphweka ndi kuwonekera popanga kusintha kwa kasinthidwe kasamalidwe.

Zimatsalira kuwonjezera zida zingapo.

Tidasankha GitLab CE ngati malo athu osungira, osati ma module ake omangidwira a CI/CD.

Mtsinje wa zinsinsi - Hashicorp Vault, incl. kwa API wamkulu.

Kuyesa masinthidwe ndi maudindo oyenera - Molecule+Testinfra. Mayesero amapita mwachangu kwambiri ngati mulumikizana ndi mitogen yowoneka bwino. Panthawi imodzimodziyo, tinayamba kulemba CMDB yathu ndi oimba kuti titumiziretu (pa chithunzi pamwambapa Cobbler), koma iyi ndi nkhani yosiyana kwambiri, yomwe mnzanga ndi wopanga machitidwewa adzanena m'tsogolomu.

Kusankha kwathu:

Molekyu + Testinfra
Ansible + Tower + AWX
Dziko la Seva + DITNET (Kukula Kwake)
Wosoka
Gitlab + GitLab wothamanga
Hashicorp Vault

Mwa njira, za maudindo oyenera. Poyamba panali imodzi yokha, koma pambuyo pokonzanso kangapo panali 17. Ndikupangira mwamphamvu kuswa monolith kukhala maudindo opanda mphamvu, omwe amatha kukhazikitsidwa mosiyana; kuwonjezera apo, mutha kuwonjezera ma tag. Tidagawa maudindowo ndi magwiridwe antchito - network, kudula mitengo, phukusi, zida, ma molekyulu etc. Kawirikawiri, tinatsatira njira yomwe ili pansipa. Sindikukakamira kuti ichi ndi chowonadi chokha, koma zidatithandiza.

• Kutengera ma seva kuchokera ku "chifaniziro chagolide" ndikoyipa!Choyipa chachikulu ndichakuti simukudziwa momwe zithunzizo zilili tsopano, komanso kuti zosintha zonse zidzafika pazithunzi zonse m'mafamu onse owonera.
• Gwiritsani ntchito mafayilo osasintha osasintha pang'ono ndikuvomerezana ndi madipatimenti ena kuti muli ndi udindo pamafayilo akuluakulu, mwachitsanzo:
  1. Siyani /etc/sysctl.conf opanda kanthu, zokonda ziyenera kukhala /etc/sysctl.d/. Zosasintha zanu mufayilo imodzi, makonda pakugwiritsa ntchito ina.
  2. Gwiritsani ntchito mafayilo owonjezera kuti musinthe ma units a systemd.
• Onetsani zosintha zonse ndikuziphatikiza; ngati kuli kotheka, palibe sed kapena ma analogue ake m'mabuku osewerera
• Kusintha kachitidwe kasamalidwe ka code:
  1. Gwirani ntchito muzinthu zomveka ndikulembanso monolith kukhala maudindo
  2. Gwiritsani ntchito linter! Ansible-lint, yaml-lint, etc
  3. Sinthani njira yanu! Palibe bashsible. Ndikofunikira kufotokoza mkhalidwe wa dongosolo
• Pamaudindo onse Ansible muyenera kulemba mayeso mu molekyulu ndikupanga malipoti kamodzi patsiku.
• Kwa ife, titatha kukonzekera mayesero (omwe alipo oposa 100), zolakwika za 70000 zinapezeka. Zinatenga miyezi ingapo kuti tikonze.

Kukhazikitsa kwathu

Choncho, maudindo anali okonzeka, templates ndi kufufuzidwa ndi linters. Ndipo ngakhale gits amakwezedwa kulikonse. Koma funso la kutumiza ma code odalirika kumagulu osiyanasiyana linakhala lotseguka. Tinaganiza zogwirizanitsa ndi zolemba. Zikuwoneka choncho:

Kusintha kukafika, CI imayambitsidwa, seva yoyesera imapangidwa, maudindo amatulutsidwa, ndikuyesedwa ndi molekyulu. Ngati zonse zili bwino, code imapita ku nthambi ya prod. Koma sitigwiritsa ntchito ma code atsopano ku ma seva omwe alipo mu makina. Uwu ndi mtundu woyimitsa womwe ndi wofunikira kuti makina athu azipezeka kwambiri. Ndipo pamene zomangamanga zimakhala zazikulu, lamulo la ziwerengero zambiri limagwira ntchito - ngakhale mutakhala otsimikiza kuti kusinthako kuli kopanda vuto, kungayambitse zotsatira zoopsa.

Palinso njira zambiri zopangira ma seva. Tinamaliza kusankha zolemba za Python. Ndipo kwa CI ansible:

- name: create1.yml - Create a VM from a template
  vmware_guest:
    hostname: "{{datacenter}}".domain.ru
    username: "{{ username_vc }}"
    password: "{{ password_vc }}"
    validate_certs: no
    cluster: "{{cluster}}"
    datacenter: "{{datacenter}}"
    name: "{{ name }}"
    state: poweredon
    folder: "/{{folder}}"
    template: "{{template}}"
    customization:
      hostname: "{{ name }}"
      domain: domain.ru
      dns_servers:
        - "{{ ipa1_dns }}"
        - "{{ ipa2_dns }}"
    networks:
      - name: "{{ network }}"
        type: static
        ip: "{{ip}}"
        netmask: "{{netmask}}"
        gateway: "{{gateway}}"
        wake_on_lan: True
        start_connected: True
        allow_guest_control: True
    wait_for_ip_address: yes
    disk:
      - size_gb: 1
        type: thin
        datastore: "{{datastore}}"
      - size_gb: 20
        type: thin
        datastore: "{{datastore}}"

Izi ndi zomwe tabwera, dongosololi likupitiriza kukhala ndi moyo ndikukula.

• 17 Maudindo ofunikira pakukhazikitsa seva. Udindo uliwonse wapangidwa kuti uthetse ntchito yomveka yosiyana (kudula mitengo, kufufuza, kuvomereza kwa ogwiritsa ntchito, kuyang'anira, etc.).
• Kuyesa ntchito. Molekyu + TestInfra.
• Kukula kwanu: CMDB + Orchestrator.
• Nthawi yopanga seva ndi mphindi pafupifupi 30, ndizodzipanga zokha komanso sizidalira pamzere wantchitoyo.
• Malo omwewo / kutchulidwa kwa zomangamanga m'magawo onse - playbooks, repositories, virtualization elements.
• Kuwunika kwa tsiku ndi tsiku kwa seva ndikutulutsa malipoti osagwirizana ndi muyezo.

Ndikukhulupirira kuti nkhani yanga idzakhala yothandiza kwa iwo omwe ali koyambirira kwa ulendo wawo. Kodi mumagwiritsa ntchito stack yanji?

Source: www.habr.com