Manuia le aoauli uo. I le faʻamoemoe o le amataga o se tafe fou i le fua Matou te faasoa atu ia te oe se faaliliuga fou. Alu.
O le faʻaaogaina o le Pulumi ma le faʻaogaina lautele o gagana polokalame mo le faʻaogaina o tulafono tetele (Infrastructure as Code) e maua ai le tele o faʻamanuiaga: o le maua o tomai ma le malamalama, faʻaumatiaina o le boilerplate i le code e ala i le faʻaaogaina, meafaigaluega masani i lau 'au, e pei o IDE ma linters. O nei mea faigaluega fa'ainisinia faakomepiuta e le gata ina fa'atupuina atili ai i tatou, ae fa'aleleia atili ai fo'i le lelei o la tatou code. O le mea lea, e masani lava o le faʻaaogaina o gagana faʻapolokalame faʻamoemoe lautele e mafai ai ona matou faʻalauiloaina se isi faʻataʻitaʻiga taua o le atinaʻeina o polokalama - faʻataʻitaʻiga.
I lenei tusiga, o le a tatou vaʻavaʻai i le auala e fesoasoani ai Pulumi ia i matou e suʻe a matou atinaʻe-as-code.
Aisea e su'e ai atina'e?
Aʻo leʻi faʻamatalaina auʻiliʻili, e tatau ona fai le fesili: "Aisea e suʻe ai mea tetele?" E tele mafuaaga mo lenei mea ma o nisi nei o latou:
- Su'ega iunite o galuega ta'ito'atasi po'o ni vaega o lau fa'atatau polokalame
- Fa'amaonia le tulaga mana'omia o atina'e fa'asaga i nisi fa'agata.
- Su'esu'eina o mea sese masani, e pei o le leai o se fa'amalamalamaga o se pakete e teu ai po'o le le puipuia, tatala avanoa mai le Initaneti i masini masini.
- Siakiina le fa'atinoina o le fa'atinoina o galuega tetele.
- Fa'atino su'ega fa'ata'ita'i ole fa'atatau ole talosaga o lo'o fa'agasolo i totonu o au atina'e "polokalame" e siaki ai galuega fa'atino pe a uma ona tu'uina atu.
- E pei ona mafai ona tatou vaʻaia, o loʻo i ai le tele o faʻataʻitaʻiga faʻataʻitaʻiga filifiliga. O Polumi e iai faiga mo su'ega i so'o se vaega o lenei fusi. Sei o tatou amata ma vaai pe faapefea ona aoga.
Su'ega iunite
O polokalame Pulumi o loʻo tusia i gagana faʻapolokalame faʻapitoa e pei o le JavaScript, Python, TypeScript poʻo le Go. O le mea lea, o le malosi atoatoa o nei gagana, e aofia ai a latou meafaigaluega ma faletusi, e aofia ai faʻatulagaga o suʻega, o loʻo avanoa mo i latou. Pulumi e tele-cloud, o lona uiga e mafai ona faʻaoga mo suʻega mai soʻo se kamupani e tuʻuina atu ao.
(I lenei tusiga, e ui lava i le tele o gagana ma multicloud, matou te faʻaogaina le JavaScript ma le Mocha ma taulaʻi i le AWS. E mafai ona e faʻaogaina le Python unittest, Alu su'ega fa'avae, po'o so'o se isi fa'ata'ita'iga e te mana'o ai. Ma, ioe, e galue lelei Pulumi ma Azure, Google Cloud, Kubernetes.)
E pei ona tatou va'ai, e tele mafua'aga e te mana'o ai e fa'ata'ita'i lau fa'ailoga fa'apitoa. O se tasi oi latou o suʻega faʻapitoa masani. Ona o lau code atonu e iai ni galuega - mo se faʻataʻitaʻiga, e faʻatatau le CIDR, faʻatatauina igoa, pine, ma isi. - atonu e te manaʻo e suʻe i latou. E tutusa lea ma le tusiaina o su'ega i iunite masani mo talosaga i lau gagana polokalame e sili ona e fiafia iai.
Ina ia sili atu le lavelave, e mafai ona e siaki pe faʻafefea ona faʻasoa e lau polokalama punaoa. Mo se faʻataʻitaʻiga, seʻi o tatou mafaufau e manaʻomia le fatuina o se EC2 server faigofie ma matou te manaʻo ia mautinoa mea nei:
- O fa'ata'ita'iga e iai se fa'ailoga
Name. - E le tatau i fa'ata'ita'iga ona fa'aogaina fa'amaumauga i totonu
userData- e tatau ona tatou faʻaogaina se AMI (ata). - E le tatau ona iai se SSH e fa'aalia ile Initaneti.
O lenei faʻataʻitaʻiga e faʻavae i luga :
index.js:
"use strict";
let aws = require("@pulumi/aws");
let group = new aws.ec2.SecurityGroup("web-secgrp", {
ingress: [
{ protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
{ protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },
],
});
let userData =
`#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &`;
let server = new aws.ec2.Instance("web-server-www", {
instanceType: "t2.micro",
securityGroups: [ group.name ], // reference the group object above
ami: "ami-c55673a0" // AMI for us-east-2 (Ohio),
userData: userData // start a simple web server
});
exports.group = group;
exports.server = server;
exports.publicIp = server.publicIp;
exports.publicHostName = server.publicDns;
Ole polokalame fa'avae Pulumi lea: e na'o le tu'ufa'atasia o le EC2 vaega fa'aleaogaina ma se fa'ata'ita'iga. Ae ui i lea, e tatau ona maitauina o iinei tatou te solia uma tulafono e tolu o loʻo taʻua i luga. Tatou tusi su'ega!
Su'ega tusitusi
O le fausaga lautele oa matou suʻega o le a pei o suʻega masani a Mocha:
ec2tests.js
test.js:
let assert = require("assert");
let mocha = require("mocha");
let pulumi = require("@pulumi/pulumi");
let infra = require("./index");
describe("Infrastructure", function() {
let server = infra.server;
describe("#server", function() {
// TODO(check 1): Должен быть тэг Name.
// TODO(check 2): Не должно быть inline-скрипта userData.
});
let group = infra.group;
describe("#group", function() {
// TODO(check 3): Не должно быть SSH, открытого в Интернет.
});
});
Se'i o tatou tusi la tatou su'ega muamua: ia mautinoa o lo'o i ai le fa'ailoga i taimi Name. Ina ia siaki lenei mea matou te maua naʻo le EC2 faʻataʻitaʻiga mea ma siaki le meatotino talafeagai tags:
// check 1: Должен быть тэг Name.
it("must have a name tag", function(done) {
pulumi.all([server.urn, server.tags]).apply(([urn, tags]) => {
if (!tags || !tags["Name"]) {
done(new Error(`Missing a name tag on server ${urn}`));
} else {
done();
}
});
});E foliga mai o se suʻega masani, ae faʻatasi ai ma ni nai vaega e tatau ona matauina:
- Talu ai matou te fesiligia le tulaga o se punaoa aʻo leʻi faʻapipiʻiina, o matou suʻega e faʻatautaia i taimi uma i le "fuafuaga" (poʻo le "faʻaaliga") faʻaoga. O le mea lea, e tele mea totino o latou tau o le a le toe maua mai pe o le a le faʻamatalaina. E aofia ai meatotino uma o lo'o fa'atatauina e lau 'au'aunaga ao. Ole mea masani lea mo a tatou su'ega - e na'o le siakiina o fa'amatalaga o lo'o i totonu. O le a matou toe foʻi i lenei mataupu mulimuli ane, pe a oʻo mai i suʻega tuʻufaʻatasia.
- Talu ai o mea totino uma a Pulumi o galuega faatino, ma o le tele o ia mea e iloilo fa'atasi, e mana'omia le fa'aogaina o le auala e fa'aoga ai tau. E talitutusa lenei mea ma folafolaga ma galuega
then. - Talu ai o loʻo matou faʻaaogaina le tele o meatotino e faʻaalia ai le punaoa URN i le feʻau sese, matou te manaʻomia le faʻaogaina o le galuega
pulumi.alle tuufaatasia ai. - Ma le mea mulimuli, talu ai o nei tau e fuafua faʻatasi, matou te manaʻomia le faʻaogaina o le async callback feature a Mocha.
donepo o le toe faafoi atu o se folafolaga.
O le taimi lava e fa'atulaga ai mea uma, o le a tatou maua le avanoa i mea fa'aoga e pei o fa'atauga faigofie JavaScript. Meatotino tags o se faafanua (asociative array), o lea o le a matou mautinoa e (1) e le sese, ma (2) o loʻo i ai se ki mo Name. E matua faigofie lava ma o lea e mafai ona matou siakiina soo se mea!
Ia tatou tusi la tatou siaki lona lua. E sili atu ona faigofie:
// check 2: Не должно быть inline-скрипта userData.
it("must not use userData (use an AMI instead)", function(done) {
pulumi.all([server.urn, server.userData]).apply(([urn, userData]) => {
if (userData) {
done(new Error(`Illegal use of userData on server ${urn}`));
} else {
done();
}
});
});Ma le mea mulimuli, tatou tusi le suega lona tolu. O le a fai si lavelave teisi ona o loʻo matou suʻeina tulafono faʻaoga e fesoʻotaʻi ma le vaega saogalemu, lea e mafai ona tele, ma le CIDR laina i na tulafono, lea e mafai foi ona tele. Ae na mafai ona matou:
// check 3: Не должно быть SSH, открытого в Интернет.
it("must not open port 22 (SSH) to the Internet", function(done) {
pulumi.all([ group.urn, group.ingress ]).apply(([ urn, ingress ]) => {
if (ingress.find(rule =>
rule.fromPort == 22 && rule.cidrBlocks.find(block =>
block === "0.0.0.0/0"))) {
done(new Error(`Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on group ${urn}`));
} else {
done();
}
});
});Pau lava lena. Se'i o tatou faia loa su'ega!
Tamomoe su'ega
I le tele o tulaga, e mafai ona e faia su'ega i le auala masani, e fa'aaoga ai le auivi o le su'ega o lau filifiliga. Ae o loʻo i ai le tasi vaega o Pulumi e tatau ona faʻalogo i ai.
E masani lava, e faʻatautaia polokalame Pulumi, o le pulumi CLI (Command Line interface) e faʻaaogaina, lea e faʻapipiʻi ai le taimi o le gagana, pulea le faʻalauiloaina o le afi Pulumi ina ia mafai ona faʻamaumau faʻagaioiga ma punaoa ma aofia ai i le fuafuaga, ma isi. Peitai, e tasi lava le faafitauli. Pe a tamo'e i lalo o le fa'atonuga o lau fa'avae su'ega, o le a leai se feso'ota'iga i le va o le CLI ma le masini Pulumi.
Ina ia foia lenei mataupu, e tatau ona tatou faʻamaonia mea nei:
- Igoa o le Poloketi, o lo'o iai i le fesuiaiga o le siosiomaga
PULUMI_NODEJS_PROJECT(poʻo, sili atu i le lautele,PULUMI__PROJECT для других языков).
Le igoa o le faaputuga o loʻo faʻamaonia i le fesuiaiga o le siosiomagaPULUMI_NODEJS_STACK(poʻo, sili atu i le lautele,PULUMI__ STACK).
Au fa'aputu fetuutuunai fetuutuunai. E mafai ona maua i latou e fa'aaoga ai se fesuiaiga o le siosiomagaPULUMI_CONFIGma o latou faatulagaga o le faafanua JSON ma pa'aga autu/taua.O le polokalame o le a tuʻuina atu lapataiga e faʻaalia ai e le o maua le fesoʻotaʻiga i le CLI / masini i le taimi o le faʻatinoga. E taua tele lenei mea ona o lau polokalama o le a le faʻaaogaina se mea ma e ono oʻo mai o se mea e ofo ai pe a le o le mea lena na e faʻamoemoe e fai! Ina ia taʻu atu ia Pulumi o le mea tonu lea e te manaʻomia, e mafai ona e faʻapipiʻi
PULUMI_TEST_MODEвtrue.Vaai faalemafaufau e tatau ona tatou faʻamaonia le igoa ole poloketi i totonu
my-ws, igoa faaputugadev, ma le AWS Regionus-west-2. Ole laina ole faʻatonuga mo suʻega Mocha o le a pei o lenei:$ PULUMI_TEST_MODE=true PULUMI_NODEJS_STACK="my-ws" PULUMI_NODEJS_PROJECT="dev" PULUMI_CONFIG='{ "aws:region": "us-west-2" }' mocha tests.jsO le faia o lenei mea, e pei ona faʻamoemoeina, o le a faʻaalia ai ia i matou e tolu a matou suʻega le manuia!
Infrastructure #server 1) must have a name tag 2) must not use userData (use an AMI instead) #group 3) must not open port 22 (SSH) to the Internet 0 passing (17ms) 3 failing 1) Infrastructure #server must have a name tag: Error: Missing a name tag on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 2) Infrastructure #server must not use userData (use an AMI instead): Error: Illegal use of userData on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 3) Infrastructure #group must not open port 22 (SSH) to the Internet: Error: Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on groupSei o tatou faaleleia la tatou polokalame:
"use strict"; let aws = require("@pulumi/aws"); let group = new aws.ec2.SecurityGroup("web-secgrp", { ingress: [ { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, ], }); let server = new aws.ec2.Instance("web-server-www", { tags: { "Name": "web-server-www" }, instanceType: "t2.micro", securityGroups: [ group.name ], // reference the group object above ami: "ami-c55673a0" // AMI for us-east-2 (Ohio), }); exports.group = group; exports.server = server; exports.publicIp = server.publicIp; exports.publicHostName = server.publicDns;Ona toe faia lea o suʻega:
Infrastructure #server ✓ must have a name tag ✓ must not use userData (use an AMI instead) #group ✓ must not open port 22 (SSH) to the Internet 3 passing (16ms)Na sologa lelei mea uma... Hurray! ✓✓✓
Pau lava lena mo aso nei, ae o le a tatou talanoa e uiga i faʻataʻitaʻiga faʻataʻitaʻiga i le vaega lona lua o le faaliliuga 😉
puna: www.habr.com