Masana abwino abwenzi. Poyembekezera kuyamba kwa kuyenda kwatsopano pa mlingo Tikugawana nanu zomasulira zatsopano. Pitani.
Kugwiritsa ntchito Pulumi ndi zilankhulo zamapulogalamu opangira zida zamakina (Infrastructure as Code) kumapereka maubwino ambiri: kupezeka kwa luso ndi chidziwitso, kuchotsedwa kwa boilerplate mu code kudzera pakuchotsa, zida zodziwika bwino ndi gulu lanu, monga ma IDE ndi ma linter. Zida zonsezi zopangira mapulogalamuwa sizimangopangitsa kuti tizipanga zambiri, komanso zimakulitsa mtundu wa code yathu. Chifukwa chake, ndizachilengedwe kuti kugwiritsa ntchito zilankhulo zamapulogalamu omwe ali ndi zolinga zambiri kumatilola kuyambitsa njira ina yofunika yopangira mapulogalamu - kuyesa.
M'nkhaniyi, tiwona momwe Pulumi imatithandizira kuyesa zida zathu monga ma code.
Chifukwa chiyani kuyesa zomangamanga?
Musanayambe mwatsatanetsatane, ndi bwino kufunsa funso: "N'chifukwa chiyani kuyesa zomangamanga konse?" Pali zifukwa zambiri za izi ndipo nazi zina mwa izo:
- Kuyesa mayunitsi a magwiridwe antchito kapena magawo a pulogalamu yanu
- Imatsimikizira zomwe zikufunidwa ndi zopinga zina.
- Kuzindikira zolakwika zomwe wamba, monga kusowa kwachinsinsi kwa chidebe chosungirako kapena osatetezedwa, kutsegula pa intaneti kupita kumakina enieni.
- Kuyang'ana kukhazikitsidwa kwa zomangamanga.
- Kuyesa nthawi yoyeserera ya malingaliro a pulogalamu yomwe ikuyenda mkati mwazomangamanga zanu "zokonzedwa" kuti muwone magwiridwe antchito pambuyo popereka.
- Monga tikuonera, pali njira zambiri zoyesera zowonongeka. Polumi ili ndi njira zoyesera nthawi iliyonse pa sipekitiramu iyi. Tiyeni tiyambe ndikuwona momwe zimagwirira ntchito.
Kuyesa kwamagulu
Mapulogalamu a Pulumi amalembedwa muzilankhulo zamapulogalamu monga JavaScript, Python, TypeScript kapena Go. Chifukwa chake, mphamvu zonse za zilankhulo izi, kuphatikiza zida zawo ndi malaibulale, kuphatikiza zoyeserera, zimapezeka kwa iwo. Pulumi ndi mitambo yambiri, zomwe zikutanthauza kuti zitha kugwiritsidwa ntchito poyesa kuchokera kwa wopereka mtambo aliyense.
(M'nkhaniyi, ngakhale tikulankhula zinenero zambiri komanso multicloud, timagwiritsa ntchito JavaScript ndi Mocha ndikuyang'ana pa AWS. Mukhoza kugwiritsa ntchito Python unittest, Pitani mayeso chimango, kapena dongosolo lililonse mayeso mukufuna. Ndipo, ndithudi, Pulumi imagwira ntchito bwino ndi Azure, Google Cloud, Kubernetes.)
Monga taonera, pali zifukwa zingapo zomwe mungafune kuyesa khodi yanu ya zomangamanga. Chimodzi mwa izo ndikuyesa mayunitsi ochiritsira. Chifukwa code yanu ikhoza kukhala ndi ntchito - mwachitsanzo, kuwerengera CIDR, kuwerengera mozama mayina, ma tag, ndi zina. - inu mwina mukufuna kuyesa iwo. Izi ndi zofanana ndi kulemba mayeso anthawi zonse a mapulogalamu m'chinenero chomwe mumakonda.
Kuti muvutike pang'ono, mutha kuwona momwe pulogalamu yanu imagawira zothandizira. Kuti tichitire fanizo, tiyerekeze kuti tikufunika kupanga seva yosavuta ya EC2 ndipo tikufuna kutsimikizira izi:
- Zochitika zili ndi tag
Name. - Zitsanzo zisagwiritse ntchito zolemba zamkati
userData- tiyenera kugwiritsa ntchito AMI (chithunzi). - Sipayenera kukhala SSH yowonekera pa intaneti.
Chitsanzo ichi chachokera :
index.js:
"use strict";
let aws = require("@pulumi/aws");
let group = new aws.ec2.SecurityGroup("web-secgrp", {
ingress: [
{ protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
{ protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },
],
});
let userData =
`#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &`;
let server = new aws.ec2.Instance("web-server-www", {
instanceType: "t2.micro",
securityGroups: [ group.name ], // reference the group object above
ami: "ami-c55673a0" // AMI for us-east-2 (Ohio),
userData: userData // start a simple web server
});
exports.group = group;
exports.server = server;
exports.publicIp = server.publicIp;
exports.publicHostName = server.publicDns;
Ili ndiye pulogalamu yoyambira ya Pulumi: imangogawa gulu lachitetezo la EC2 ndi chitsanzo. Komabe, ziyenera kudziwidwa kuti apa tikuphwanya malamulo onse atatu omwe tawatchula pamwambapa. Tiyeni tilembe mayeso!
Kulemba mayeso
Mapangidwe a mayeso athu aziwoneka ngati mayeso okhazikika a Mocha:
ec2tess.js
test.js:
let assert = require("assert");
let mocha = require("mocha");
let pulumi = require("@pulumi/pulumi");
let infra = require("./index");
describe("Infrastructure", function() {
let server = infra.server;
describe("#server", function() {
// TODO(check 1): Должен быть тэг Name.
// TODO(check 2): Не должно быть inline-скрипта userData.
});
let group = infra.group;
describe("#group", function() {
// TODO(check 3): Не должно быть SSH, открытого в Интернет.
});
});
Tsopano tiyeni tilembe mayeso athu oyamba: onetsetsani kuti zochitikazo zili ndi tag Name. Kuti tiwone izi timangotenga chinthu cha EC2 ndikuwunika zomwe zikugwirizana tags:
// check 1: Должен быть тэг Name.
it("must have a name tag", function(done) {
pulumi.all([server.urn, server.tags]).apply(([urn, tags]) => {
if (!tags || !tags["Name"]) {
done(new Error(`Missing a name tag on server ${urn}`));
} else {
done();
}
});
});Zikuwoneka ngati kuyesa kwanthawi zonse, koma ndi zinthu zingapo zofunika kuziganizira:
- Chifukwa timafunsa momwe zinthu zilili tisanatumizidwe, kuyesa kwathu kumayendetsedwa mu "mapulani" (kapena "kuwoneratu"). Chifukwa chake, pali zinthu zambiri zomwe zikhalidwe zake sizidzabwezedwanso kapena sizidzafotokozedwa. Izi zikuphatikiza zonse zomwe zatulutsidwa zowerengedwa ndi omwe akukupatsani mtambo. Izi ndizabwinobwino pamayeso athu - timangoyang'ana zomwe zalowa. Tidzabwereranso ku nkhaniyi pambuyo pake, ikafika pamayeso ophatikiza.
- Popeza kuti zinthu zonse za Pulumi ndizotuluka, ndipo zambiri zimawunikidwa mosagwirizana, tiyenera kugwiritsa ntchito njira yogwiritsira ntchito kuti tipeze zikhalidwe. Izi ndizofanana kwambiri ndi malonjezo ndi ntchito
then. - Popeza tikugwiritsa ntchito zinthu zingapo kuti tiwonetse URN yachidziwitso mu uthenga wolakwika, tiyenera kugwiritsa ntchito ntchitoyi
pulumi.allkuwaphatikiza. - Pomaliza, popeza izi zimawerengedwa molingana, tiyenera kugwiritsa ntchito mawonekedwe a Mocha omwe adamangidwa async.
donekapena kubweza lonjezo.
Titakhazikitsa zonse, titha kupeza zolowetsamo ngati ma JavaScript osavuta. Katundu tags ndi mapu (associative array), kotero tingowonetsetsa kuti (1) si zabodza, ndipo (2) pali kiyi ya Name. Ndi zophweka ndipo tsopano tikhoza kuyesa chirichonse!
Tsopano tiyeni tilembe cheke chathu chachiwiri. Ndizosavuta:
// check 2: Не должно быть inline-скрипта userData.
it("must not use userData (use an AMI instead)", function(done) {
pulumi.all([server.urn, server.userData]).apply(([urn, userData]) => {
if (userData) {
done(new Error(`Illegal use of userData on server ${urn}`));
} else {
done();
}
});
});Ndipo potsiriza, tiyeni tilembe mayeso achitatu. Izi zidzakhala zovuta pang'ono chifukwa tikuyang'ana malamulo olowetsamo okhudzana ndi gulu la chitetezo, lomwe lingakhalepo ambiri, ndi ma CIDR omwe ali mu malamulo amenewo, omwe angakhalenso ambiri. Koma tinakwanitsa:
// check 3: Не должно быть SSH, открытого в Интернет.
it("must not open port 22 (SSH) to the Internet", function(done) {
pulumi.all([ group.urn, group.ingress ]).apply(([ urn, ingress ]) => {
if (ingress.find(rule =>
rule.fromPort == 22 && rule.cidrBlocks.find(block =>
block === "0.0.0.0/0"))) {
done(new Error(`Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on group ${urn}`));
} else {
done();
}
});
});Ndizomwezo. Tsopano tiyeni tiyendetse mayeso!
Kuthamanga mayeso
Nthawi zambiri, mutha kuyesa mayeso mwachizolowezi, pogwiritsa ntchito mayeso omwe mwasankha. Koma pali mbali imodzi ya Pulumi yomwe ndi yofunika kuisamalira.
Kawirikawiri, kuyendetsa mapulogalamu a Pulumi, pulimi CLI (Command Line interface) imagwiritsidwa ntchito, yomwe imakonza nthawi yogwiritsira ntchito chinenero, imayendetsa kukhazikitsidwa kwa injini ya Pulumi kotero kuti ntchito ndi zothandizira zikhoza kulembedwa ndikuphatikizidwa mu ndondomeko, ndi zina zotero. Komabe, pali vuto limodzi. Mukathamanga pansi pa kayendetsedwe ka mayeso anu, sipadzakhala kulankhulana pakati pa CLI ndi injini ya Pulumi.
Kuti tichite zimenezi, tiyenera kufotokoza zotsatirazi:
- Dzina la polojekiti, lomwe lili muzosintha zachilengedwe
PULUMI_NODEJS_PROJECT(kapena, zambiri,PULUMI__PROJECT для других языков).
Dzina la stack lomwe limatchulidwa pakusintha kwachilengedwePULUMI_NODEJS_STACK(kapena, zambiri,PULUMI__ STACK).
Zosintha zamasinthidwe anu. Atha kupezeka pogwiritsa ntchito kusintha kwa chilengedwePULUMI_CONFIGndipo mawonekedwe awo ndi mapu a JSON okhala ndi makiyi / mtengo.Pulogalamuyi idzapereka machenjezo osonyeza kuti kulumikizidwa kwa CLI/injini sikukupezeka panthawi yophedwa. Izi ndizofunikira chifukwa pulogalamu yanu sikhala ikutumiza chilichonse ndipo zitha kudabwitsa ngati sizomwe mukufuna kuchita! Kuti muuze Pulumi kuti izi ndi zomwe mukufuna, mutha kukhazikitsa
PULUMI_TEST_MODEвtrue.Tiyerekeze kuti tikufunika kutchula dzina la polojekitiyi
my-ws, dzina lachikwamadev, ndi Chigawo cha AWSus-west-2. Mzere wolamula woyesa mayeso a Mocha udzawoneka motere:$ PULUMI_TEST_MODE=true PULUMI_NODEJS_STACK="my-ws" PULUMI_NODEJS_PROJECT="dev" PULUMI_CONFIG='{ "aws:region": "us-west-2" }' mocha tests.jsKuchita izi, monga kuyembekezera, kudzatiwonetsa kuti tili ndi mayeso atatu omwe talephera!
Infrastructure #server 1) must have a name tag 2) must not use userData (use an AMI instead) #group 3) must not open port 22 (SSH) to the Internet 0 passing (17ms) 3 failing 1) Infrastructure #server must have a name tag: Error: Missing a name tag on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 2) Infrastructure #server must not use userData (use an AMI instead): Error: Illegal use of userData on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 3) Infrastructure #group must not open port 22 (SSH) to the Internet: Error: Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on groupTiyeni tikonze pulogalamu yathu:
"use strict"; let aws = require("@pulumi/aws"); let group = new aws.ec2.SecurityGroup("web-secgrp", { ingress: [ { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, ], }); let server = new aws.ec2.Instance("web-server-www", { tags: { "Name": "web-server-www" }, instanceType: "t2.micro", securityGroups: [ group.name ], // reference the group object above ami: "ami-c55673a0" // AMI for us-east-2 (Ohio), }); exports.group = group; exports.server = server; exports.publicIp = server.publicIp; exports.publicHostName = server.publicDns;Kenako yesaninso mayesowo:
Infrastructure #server ✓ must have a name tag ✓ must not use userData (use an AMI instead) #group ✓ must not open port 22 (SSH) to the Internet 3 passing (16ms)Zonse zidayenda bwino... Hurray! ✓✓✓
Ndizo zonse za lero, koma tikambirana za kuyezetsa kutumizidwa mu gawo lachiwiri la kumasulira 😉
Source: www.habr.com