Pulogalamu ya ProHoster > Blog > Ulamuliro > Chosangalatsa chokhazikitsa ma seva popanda zozizwitsa ndi Configuration Management

Chosangalatsa chokhazikitsa ma seva popanda zozizwitsa ndi Configuration Management

Chinali kuyandikira Chaka Chatsopano. Ana m'dziko lonselo anali atatumiza kale makalata kwa Santa Claus kapena kudzipangira okha mphatso, ndipo wowayang'anira wamkulu, mmodzi wa ogulitsa akuluakulu, anali kukonzekera apotheosis ya malonda. Mu December, katundu pa malo ake a deta amawonjezeka kangapo. Chifukwa chake, kampaniyo idaganiza zosintha malo a data ndikuyika ma seva atsopano angapo m'malo mwa zida zomwe zidafika kumapeto kwa moyo wake wautumiki. Izi zimamaliza nkhani yotsutsana ndi ma snowflake omwe akugwedezeka, ndipo chisangalalo chimayamba.

Chosangalatsa chokhazikitsa ma seva popanda zozizwitsa ndi Configuration Management
Zipangizozi zinafika pamalowa miyezi ingapo isanafike pachimake chogulitsa. Ntchito zogwirira ntchito, zachidziwikire, zimadziwa momwe angakhazikitsire ndi zomwe angakonze pa maseva kuti awabweretse kumalo opangira. Koma tinkafunika kusintha izi ndikuchotsa chinthu chaumunthu. Kuonjezera apo, ma seva adasinthidwa asanayambe kusamuka kwa machitidwe a SAP omwe anali ofunika kwambiri kwa kampaniyo.

Kutumizidwa kwa ma seva atsopano kunali kogwirizana kwambiri ndi tsiku lomaliza. Ndipo kusuntha kunatanthauza kuyika pachiwopsezo kutumizidwa kwa mphatso biliyoni imodzi komanso kusamuka kwa machitidwe. Ngakhale gulu lopangidwa ndi Atate Frost ndi Santa Claus silinathe kusintha tsikuli - mutha kusamutsa dongosolo la SAP la kasamalidwe ka nyumba yosungiramo katundu kamodzi kokha pachaka. Kuyambira pa Disembala 31 mpaka Januware 1, malo osungiramo katundu wamkulu wa ogulitsa, onse kukula kwa mabwalo a mpira 20, amasiya ntchito yawo kwa maola 15. Ndipo iyi ndi nthawi yokhayo yosunthira dongosolo. Tinalibe malo olakwitsa poyambitsa maseva.

Ndiloleni ndifotokoze momveka bwino: nkhani yanga ikuwonetsa zida ndi njira zowongolera zomwe gulu lathu limagwiritsa ntchito.

Kusintha koyang'anira kasamalidwe kumakhala ndi magawo angapo. Chofunikira kwambiri ndi dongosolo la CMS. Pogwira ntchito m'mafakitale, kusowa kwa gawo limodzi mwamagawowo kungayambitse zozizwitsa zosasangalatsa.

Kuwongolera kwa OS

Gawo loyamba ndi dongosolo loyang'anira kuyika kwa machitidwe ogwiritsira ntchito pa ma seva akuthupi ndi enieni. Imapanga masinthidwe oyambira a OS, ndikuchotsa chinthu chamunthu.

Pogwiritsa ntchito makinawa, tidalandira ma seva omwe ali ndi OS oyenera kuti azingowonjezera zokha. Panthawi ya "kutsanulidwa" adalandira chiwerengero chochepa cha ogwiritsa ntchito am'deralo ndi makiyi a SSH a anthu onse, komanso kusintha kwa OS kosasinthasintha. Titha kutsimikiziridwa kuti timayang'anira ma seva kudzera mu CMS ndipo tinali otsimikiza kuti panalibe zodabwitsa "pansipa" pamlingo wa OS.

Ntchito "yapamwamba" yoyendetsera makina oyika ndikukhazikitsa ma seva kuchokera pamlingo wa BIOS/Firmware kupita ku OS. Zambiri apa zimadalira zida ndi ntchito zokhazikitsira. Kwa zida zosiyanasiyana, mungaganizire REDFISH API. Ngati zida zonse zimachokera kwa wogulitsa m'modzi, ndiye kuti nthawi zambiri zimakhala zosavuta kugwiritsa ntchito zida zokonzekera (mwachitsanzo, HP ILO Amplifier, DELL OpenManage, etc.).

Kuti tiyike Os pa maseva akuthupi, tidagwiritsa ntchito Cobbler yodziwika bwino, yomwe imatanthawuza mndandanda wamafayilo omwe amavomerezana ndi ntchitoyo. Powonjezera seva yatsopano pazomangamanga, injiniyayo adamanga adilesi ya MAC ya seva ku mbiri yofunikira ku Cobbler. Poyambira pa netiweki kwa nthawi yoyamba, seva idalandira adilesi yakanthawi ndi OS yatsopano. Kenako adasamutsidwa ku chandamale VLAN/IP adiresi ndi anapitiriza ntchito kumeneko. Inde, kusintha VLAN kumatenga nthawi ndipo kumafuna kugwirizana, koma kumapereka chitetezo chowonjezera pakuyika mwangozi kwa seva pamalo opangira.

Tidapanga ma seva enieni kutengera ma tempulo okonzedwa pogwiritsa ntchito HashiСorp Packer. Chifukwa chake chinali chofanana: kuteteza zolakwika zomwe zingatheke zaumunthu pakuyika OS. Koma, mosiyana ndi maseva akuthupi, Packer amachotsa kufunikira kwa PXE, booting network, ndi VLAN kusintha. Izi zapangitsa kuti zikhale zosavuta komanso zosavuta kupanga ma seva enieni.

Chosangalatsa chokhazikitsa ma seva popanda zozizwitsa ndi Configuration Management
Mpunga. 1. Kuyang'anira kukhazikitsa machitidwe opangira opaleshoni.

Kusamalira zinsinsi

Dongosolo lililonse loyang'anira masinthidwe lili ndi deta yomwe iyenera kubisidwa kwa ogwiritsa ntchito wamba, koma ikufunika kukonzekera machitidwe. Awa ndi mawu achinsinsi a ogwiritsa ntchito am'deralo ndi maakaunti a ntchito, makiyi a satifiketi, Zizindikiro zosiyanasiyana za API, ndi zina zambiri. Nthawi zambiri amatchedwa "zinsinsi."

Ngati simukudziwa kuyambira pachiyambi pomwe ndi momwe mungasungire zinsinsi izi, ndiye, kutengera kulimba kwa zofunikira zachitetezo chazidziwitso, njira zotsatirazi zosungira ndizotheka:

  • mwachindunji mu code yowongolera kasinthidwe kapena mafayilo omwe ali munkhokwe;
  • pazida zapadera zowongolera masinthidwe (mwachitsanzo, Ansible Vault);
  • mu machitidwe a CI/CD (Jenkins/TeamCity/GitLab/etc.) kapena mu kasamalidwe kasamalidwe kachitidwe (Ansible Tower/Ansible AWX);
  • zinsinsi zimathanso kusamutsidwa "pamanja". Mwachitsanzo, amaikidwa pamalo otchulidwa, ndiyeno amagwiritsidwa ntchito ndi machitidwe oyendetsera masinthidwe;
  • mitundu yosiyanasiyana ya pamwamba.

Njira iliyonse ili ndi zovuta zake. Chachikulu ndi kusowa kwa ndondomeko zopezera zinsinsi: sizingatheke kapena zovuta kudziwa yemwe angagwiritse ntchito zinsinsi zina. Choyipa china ndi kusowa kwa ma auditing ndi moyo wonse. Momwe mungasinthire mwachangu, mwachitsanzo, kiyi yapagulu yomwe yalembedwa mu code ndi machitidwe angapo okhudzana?

Tidagwiritsa ntchito malo osungira achinsinsi a HashiCorp Vault. Izi zidatilola:

  • sungani zinsinsi motetezeka. Amasungidwa mwachinsinsi, ndipo ngakhale wina atapeza mwayi wopezeka pa database ya Vault (mwachitsanzo, poyibwezeretsa kuchokera ku zosunga zobwezeretsera), sangathe kuwerenga zinsinsi zomwe zasungidwa pamenepo;
  • konza ndondomeko zopezera zinsinsi. Zinsinsi zokhazokha "zoperekedwa" kwa iwo zomwe zimapezeka kwa ogwiritsa ntchito ndi mapulogalamu;
  • kufufuza kupeza zinsinsi. Zochita zilizonse zokhala ndi zinsinsi zimalembedwa mu chipika chowunikira cha Vault;
  • konzekerani "moyo wozungulira" wathunthu wogwira ntchito ndi zinsinsi. Atha kupangidwa, kuthetsedwa, kukhazikitsa tsiku lotha ntchito, etc.
  • zosavuta kuphatikiza ndi machitidwe ena omwe amafunikira kupeza zinsinsi;
  • komanso gwiritsani ntchito kubisa-kumapeto, mapasiwedi anthawi imodzi a OS ndi nkhokwe, ziphaso zamalo ovomerezeka, ndi zina zambiri.

Tsopano tiyeni tipitirire ku dongosolo lapakati lovomerezeka ndi chilolezo. Zinali zotheka kuchita popanda izo, koma kuyang'anira ogwiritsa ntchito machitidwe ambiri okhudzana ndizovuta kwambiri. Takonza zotsimikizira ndi kuvomereza kudzera mu ntchito ya LDAP. Kupanda kutero, Vault iyenera kutulutsa mosalekeza ndikusunga ma tokeni otsimikizira kwa ogwiritsa ntchito. Ndipo kuchotsa ndi kuwonjezera ogwiritsa ntchito kungasinthe kukhala funso "kodi ndidapanga / kuchotsa akaunti ya ogwiritsa ntchito paliponse?"

Timawonjezera gawo lina pamakina athu: kasamalidwe ka zinsinsi ndi kutsimikizira kwapakati / kuvomereza:

Chosangalatsa chokhazikitsa ma seva popanda zozizwitsa ndi Configuration Management
Mpunga. 2. Kusamalira zinsinsi.

Kasamalidwe ka kasinthidwe

Tidafika pachimake - dongosolo la CMS. Kwa ife, uku ndikuphatikiza kwa Ansible ndi Red Hat Ansible AWX.

M'malo mwa Ansible, Chef, Puppet, SaltStack angagwiritsidwe ntchito. Tinasankha Ansible kutengera njira zingapo.

  • Choyamba, ndizosiyanasiyana. Seti ya ma module okonzeka owongolera ndi zochititsa chidwi. Ndipo ngati mulibe zokwanira, mutha kusaka pa GitHub ndi Galaxy.
  • Kachiwiri, palibe chifukwa chokhazikitsa ndi othandizira pazida zoyendetsedwa, kutsimikizira kuti samasokoneza katunduyo, ndikutsimikizira kusowa kwa "bookmark".
  • Chachitatu, Ansible ali ndi chotchinga chochepa cholowera. Katswiri waluso amalemba buku lamasewera lomwe limagwira ntchito tsiku loyamba logwira ntchito ndi chinthucho.

Koma Ansible yekha m'malo opangira sikunali kokwanira kwa ife. Kupanda kutero, mavuto ambiri angabwere ndi kuletsa kulowa ndikuwunika zochita za oyang'anira. Kodi mungaletse bwanji kulowa? Kupatula apo, kunali kofunikira kuti dipatimenti iliyonse iziyang'anira (werengani: yendetsani Ansible playbook) "yake" ma seva. Kodi mungalole bwanji antchito ena okha kuti aziyendetsa mabuku a Ansible? Kapena momwe mungayang'anire yemwe adayambitsa buku lamasewera popanda kukhazikitsa zambiri zam'deralo pa maseva ndi zida zomwe zikuyenda Ansible?

Gawo la mkango la nkhani zoterezi likuthetsedwa ndi Red Hat Ansible Tower, kapena pulojekiti yake yotseguka yopita kumtunda Mtengo wa AWX. Ichi ndichifukwa chake tidakonda kwa kasitomala.

Ndipo kukhudzanso kumodzi pazithunzi za dongosolo lathu la CMS. Buku lamasewera loyenera liyenera kusungidwa mu kasamalidwe ka code repository. Ife tiri nazo izo GitLab CE.

Choncho, zokonzekera zokha zimayendetsedwa ndi Ansible / Ansible AWX / GitLab (onani Chithunzi 3). Zachidziwikire, AWX/GitLab imaphatikizidwa ndi kachitidwe kamodzi kotsimikizira, ndipo Ansible playbook imaphatikizidwa ndi HashiCorp Vault. Zosintha zimalowa m'malo opangira kokha kudzera mu Ansible AWX, momwe "malamulo a masewera" amatchulidwa: ndani angakonze chiyani, komwe angapezeko kachidindo kasamalidwe ka CMS, ndi zina zotero.

Chosangalatsa chokhazikitsa ma seva popanda zozizwitsa ndi Configuration Management
Mpunga. 3. Kusintha kasamalidwe.

Kuwongolera mayeso

Kukonzekera kwathu kumaperekedwa mu mawonekedwe a code. Choncho, timakakamizika kusewera ndi malamulo omwewo monga opanga mapulogalamu. Tinafunika kukonza njira zachitukuko, kuyesa kosalekeza, kutumiza ndi kugwiritsa ntchito ma code kasinthidwe kumaseva opanga.

Ngati izi sizichitika nthawi yomweyo, ndiye kuti maudindo omwe alembedwera masinthidwewo asiya kuthandizidwa ndi kusinthidwa, kapena asiya kukhazikitsidwa popanga. Machiritso a ululuwu amadziwika, ndipo adziwonetsera okha mu polojekitiyi:

  • gawo lirilonse liri ndi mayeso a mayunitsi;
  • kuyesa kumayendetsedwa zokha nthawi iliyonse pakakhala kusintha kulikonse mu code yomwe imayendetsa masanjidwewo;
  • zosintha mu kasamalidwe kasamalidwe kasamalidwe kasamalidwe amamasulidwa kumalo opanga pokhapokha atapambana mayeso onse ndi kuwunika kwa code.

Kupanga ma code ndi kasinthidwe kasamalidwe kakhala bata komanso zodziwikiratu. Kuti tikonzekere kuyesa kosalekeza, tidagwiritsa ntchito zida za GitLab CI/CD, ndikutenga Ansible Molecule.

Nthawi zonse pakakhala kusintha kwa kasamalidwe kasamalidwe, GitLab CI/CD imayimba Molecule:

  • imayang'ana syntax ya code,
  • amakweza chidebe cha Docker,
  • imagwiritsa ntchito code yosinthidwa ku chidebe chopangidwa,
  • imayang'ana udindo wa idempotency ndikuyesa mayeso a code iyi (granularity apa ili pamlingo woyenera, onani mkuyu 4).

Tinapereka masinthidwe kumalo opangira pogwiritsa ntchito Ansible AWX. Akatswiri opanga ntchito adagwiritsa ntchito masinthidwe osinthika kudzera mu ma template omwe adafotokozedweratu. AWX payokha "inapempha" mtundu waposachedwa kwambiri kuchokera kunthambi yayikulu ya GitLab nthawi iliyonse ikagwiritsidwa ntchito. Mwanjira iyi sitinaphatikizepo kugwiritsa ntchito ma code osayesedwa kapena achikale m'malo opanga. Mwachibadwa, code inalowa mu nthambi ya master pambuyo poyesedwa, kubwereza ndi kuvomereza.

Chosangalatsa chokhazikitsa ma seva popanda zozizwitsa ndi Configuration Management
Mpunga. 4. Kuyesera modzidzimutsa kwa maudindo mu GitLab CI/CD.

Palinso vuto lokhudzana ndi kayendetsedwe ka machitidwe opangira. M'moyo weniweni, ndizovuta kwambiri kusintha masinthidwe kudzera pa CMS code yokha. Zochitika zadzidzidzi zimachitika pamene injiniya ayenera kusintha kasinthidwe "pano ndi pano", osadikirira kusintha kwa ma code, kuyesa, kuvomereza, ndi zina zotero.

Chotsatira chake, chifukwa cha kusintha kwamanja, kusagwirizana kumawoneka mu kasinthidwe pa zida zamtundu womwewo (mwachitsanzo, makonzedwe a sysctl amapangidwa mosiyana pa HA cluster nodes). Kapena masinthidwe enieni pazida amasiyana ndi omwe akufotokozedwa mu code ya CMS.

Chifukwa chake, kuwonjezera pakuyesa kosalekeza, timayang'ana madera opangira zinthu zosagwirizana ndi kasinthidwe. Tinasankha njira yosavuta: kuyendetsa kachidindo ka CMS mu "dry run" mode, ndiko kuti, popanda kugwiritsa ntchito zosintha, koma ndi chidziwitso cha kusiyana konse pakati pa kukonzekera ndi kukonzanso kwenikweni. Tidachita izi poyendetsa mabuku onse a Ansible nthawi ndi nthawi ndi njira ya "-check" pamaseva opanga. Monga nthawi zonse, Ansible AWX ili ndi udindo woyambitsa ndi kusunga buku lamasewera (onani mkuyu 5):

Chosangalatsa chokhazikitsa ma seva popanda zozizwitsa ndi Configuration Management
Mpunga. 5. Imayang'ana kusagwirizana kwa kasinthidwe mu Ansible AWX.

Pambuyo pofufuza, AWX imatumiza lipoti la kusiyana kwa olamulira. Amaphunzira masinthidwe ovuta ndikuwongolera kudzera m'mabuku ochezera osinthidwa. Umu ndi momwe timasungira kasinthidwe m'malo opanga ndipo CMS imakhala yanthawi zonse komanso yolumikizidwa. Izi zimachotsa "zozizwitsa" zosasangalatsa pamene CMS code imagwiritsidwa ntchito pa maseva "opanga".

Tsopano tili ndi gawo lofunikira loyesa lomwe lili ndi Ansible AWX/GitLab/Molecule (Chithunzi 6).

Chosangalatsa chokhazikitsa ma seva popanda zozizwitsa ndi Configuration Management
Mpunga. 6. Kuwongolera mayeso.

Zovuta? sindikutsutsana. Koma zovuta zotere za kasinthidwe kasamalidwe zakhala yankho lathunthu ku mafunso ambiri okhudzana ndi kusinthika kwa kasinthidwe ka seva. Tsopano ma seva wamba a ogulitsa nthawi zonse amakhala ndi kasinthidwe kotsimikizika. CMS, mosiyana ndi injiniya, sangaiwale kuwonjezera zoikamo zofunika, kupanga ogwiritsa ntchito ndikuchita makonda ambiri kapena mazana ofunikira.

Palibe "chidziwitso chachinsinsi" m'makonzedwe a maseva ndi malo lero. Zofunikira zonse zikuwonetsedwa m'buku lamasewera. Palibenso zaluso komanso malangizo osamveka: "Ikani ngati Oracle wamba, koma muyenera kufotokoza zosintha zingapo za sysctl ndikuwonjezera ogwiritsa ntchito ndi UID yofunikira. Funsani anyamata omwe akugwira ntchito, akudziwa".

Kutha kuzindikira kusagwirizana kwa kasinthidwe ndikuwongolera mwachangu kumapereka mtendere wamumtima. Popanda dongosolo loyang'anira masinthidwe, izi nthawi zambiri zimawoneka mosiyana. Mavuto amawunjikana mpaka tsiku lina "akuwombera" kupanga. Ndiye debriefing ikuchitika, kasinthidwe amafufuzidwa ndi kukonzedwa. Ndipo kuzungulira kubwereza kachiwiri

Ndipo zowona, tidafulumizitsa kukhazikitsidwa kwa ma seva kuti agwire ntchito kuyambira masiku angapo mpaka maola.

Chabwino, pa Tsiku la Chaka Chatsopano palokha, pamene ana anali kumasula mphatso mokondwera ndi akuluakulu akupanga zofuna pamene chimes anakantha, akatswiri athu anasamutsa dongosolo la SAP kupita ku maseva atsopano. Ngakhale Santa Claus adzanena kuti zozizwitsa zabwino kwambiri ndizo zokonzekera bwino.

PS Gulu lathu nthawi zambiri limakumana ndi mfundo yoti makasitomala amafuna kuthana ndi zovuta zamasinthidwe momwe angathere. Momwemo, ngati ndi matsenga - ndi chida chimodzi. Koma m'moyo zonse zimakhala zovuta kwambiri (inde, zipolopolo zasiliva sizinaperekedwenso): muyenera kupanga ndondomeko yonse pogwiritsa ntchito zida zomwe zili zoyenera kwa gulu la kasitomala.

Wolemba: Sergey Artemov, katswiri wa zomangamanga Mayankho a DevOps "Jet Infosystems"

Source: www.habr.com

Kuwonjezera ndemanga