An approach IaC (Infrastructure seCode) haingori chete yekodhi iyo yakachengetwa mudura, asiwo yevanhu uye maitiro akatenderedza iyi kodhi. Zvinogoneka here kushandisazve nzira kubva pakuvandudza software kuenda kune manejimendi manejimendi uye tsananguro? Ingave pfungwa yakanaka kuchengeta iyi pfungwa mupfungwa paunenge uchiverenga chinyorwa.

Ichi chinyorwa changu zvesimba pamusoro DevopsConf 2019-05-28.

Masiraidhi nemavhidhiyo

Chirungu vERSION
Russian version
Dry run 2019-04-24 SpbLUG
Vhidhiyo(RU) kubva kuDevopsConf 2019-05-28
Vhidhiyo(RU) kubva kuDINS DevOps EVENING 2019-06-20
masiraidhi

Infrastructure as bash history

Ngatitii wauya kune chimwe chirongwa, vobva vakuudza kuti: “taita Zvivakwa seCode". Muchokwadi zvinobuda Infrastructure as bash history kana semuenzaniso Zvinyorwa se bash nhoroondo. Iyi ndiyo mamiriro chaiwo chaiwo, somuenzaniso, nyaya yakafanana yakatsanangurwa naDenis Lysenko muhurukuro Nzira yekutsiva iyo yese yekuvaka uye kutanga kurara murunyararo, akataura mawaniro avakaita zvivakwa zvakabatana zvepurojekiti kubva munhoroondo yebash.

Nechimwe chido, tinogona kutaura izvozvo Infrastructure as bash history Izvi zvakafanana kodhi:

reproducibility: Unogona kutora bash nhoroondo, mhanyisa mirairo kubva ipapo, uye iwe unogona, nenzira, kuwana dhizaini yekushanda sechibuda.
shanduro: unoziva kuti ndiani akapinda uye zvavakaita, zvakare, haisi chokwadi kuti izvi zvinokutungamirira kukugadzirisa kushanda pakubuda.
nhoroondo: nyaya yekuti ndiani akaita chii. chete iwe haugone kuishandisa kana iwe ukarasikirwa neserver.

Chii chandinofanira kuita?

Zvivakwa seCode

Kunyangwe nyaya inoshamisa senge Infrastructure as bash history unogona kuidhonza nenzeve Zvivakwa seCode, asi kana tichida kuita chimwe chinhu chakaoma kupfuura iyo yakanaka yekare LAMP server, tichasvika pakugumisa kuti iyi code inoda kuchinjwa, kuchinjwa, kuvandudzwa. Zvadaro tinoda kutarisa kufanana pakati Zvivakwa seCode uye kuvandudzwa kwesoftware.

DRY

Pachirongwa chekusimudzira sisitimu, pakanga paine subtask nguva nenguva gadzirisa SDS: tiri kuburitsa kuburitswa kutsva - inoda kuburitswa kuti iwedzere kuongororwa. Basa racho rakanyanya nyore:

pinda pano kuburikidza ssh uye ita murairo.
kopira faira ipapo.
gadzirisa config pano.
tanga basa ipapo
...
Purofiti!

Kune yakatsanangurwa pfungwa, bash inopfuura zvakakwana, kunyanya mumatanho ekutanga epurojekiti, kana ichangotanga. Izvi hazvina kuipa kuti unoshandisa bash, asi nekufamba kwenguva pane zvikumbiro zvekuendesa chimwe chinhu chakafanana, asi chakasiyana zvishoma. Chinhu chekutanga chinouya mupfungwa kopi-paste. Uye ikozvino tatova nemagwaro maviri akafanana chaizvo anoita chinhu chimwe chete. Nekufamba kwenguva, huwandu hwezvinyorwa hwakakura, uye isu takatarisana nenyaya yekuti kune imwe bhizinesi pfungwa yekuisa yekumisikidza inoda kuwiriraniswa pakati pezvinyorwa zvakasiyana, izvi zvakaoma.

Zvinoitika kuti kune tsika yakadai seDRY (Usazvidzokorora). Pfungwa ndeyekushandisa zvakare kodhi iripo. Zvinonzwika zviri nyore, asi isu hatina kuuya kune izvi pakarepo. Muchiitiko chedu, yakanga iri pfungwa yebhanari: kuparadzanisa configs kubva kune zvinyorwa. Avo. bhizinesi pfungwa yekuti kuiswa kunoiswa sei zvakasiyana, inogadzirisa zvakasiyana.

SOLID yeCFM

Nokufamba kwenguva purojekiti yakakura uye kuenderera kwepanyama kwaive kubuda kwaAnsible. Chikonzero chikuru chekutaridzika kwayo ndechekuti pane hunyanzvi pachikwata uye iyo bash haina kugadzirwa yakaoma logic. Ansible akatangawo kuve nemusoro wakaoma. Kudzivirira pfungwa dzakaoma kubva pakushanduka kuita mhirizhonga, kune misimboti yekuronga kodhi mukuvandudza software SOLID Zvakare, semuenzaniso, Grigory Petrov mumushumo wekuti "Sei nyanzvi yeIT ichida zita remunhu" yakasimudza mubvunzo wekuti munhu akagadzirwa nenzira yekuti zviri nyore kwaari kuti ashande nemamwe masangano emagariro, mukuvandudza software idzi. zvinhu. Kana tikabatanidza pfungwa mbiri idzi toramba tichidzikudziridza, tinoona kuti tinogona kushandisawo SOLID kuita kuti zvive nyore kuchengetedza uye kugadzirisa pfungwa iyi mune ramangwana.

The Single Responsibility Principle

Kirasi yega yega inoita basa rimwe chete.

Hapana chikonzero chekusanganisa kodhi uye kugadzira monolithic divine spaghetti monsters. Zvivako zvinofanira kuva nezvidhinha zviri nyore. Zvinoitika kuti kana iwe ukatsemura Ansible playbook kuita zvidimbu zvidiki, verenga Ansible mabasa, zvino ari nyore kuchengetedza.

The Open Closed Principle

Yakavhurika/yakavharwa musimboti.

Vhura kuti uwedzere: zvinoreva kuti maitiro echinhu anogona kuwedzerwa nekugadzira mhando nyowani dzenhengo.
Yakavharwa kuchinja: Nekuda kwekuwedzera maitiro esangano, hapana shanduko inofanirwa kuitwa kune kodhi inoshandisa izvo masangano.

Pakutanga, takaisa zvivakwa zvekuyedza pamakina chaiwo, asi nekuda kwekuti bhizinesi pfungwa yekutumirwa yaive yakaparadzana nekuita, isu takawedzera kutenderera kune baremetall pasina matambudziko.

Iyo Liskov Kutsiva Nheyo

Barbara Liskov's substitution principle. zvinhu zviri muchirongwa zvinofanirwa kutsiviwa nezviitiko zve subtypes yavo pasina kushandura kuita kwakaringana kwechirongwa.

Kana iwe ukachitarisa zvakanyanya, hachisi chinhu chechero chirongwa chinogona kushandiswa ipapo SOLID, zvinowanzoitika nezveCFM, semuenzaniso, pane imwe purojekiti inofanirwa kuendesa bhokisi reJava application pamusoro peakasiyana Java, maseva ekushandisa, dhatabhesi, OS, nezvimwe. Ndichishandisa muenzaniso uyu, ndichafunga mamwe mazano SOLID

Muchiitiko chedu, pane chibvumirano mukati meboka rezvivakwa kuti kana isu takaisa iyo imbjava kana oraclejava basa, saka isu tine java binary inogadziriswa. Izvi zvinodiwa nekuti Mabasa ekumusoro anoenderana nemaitiro aya; Panguva imwecheteyo, izvi zvinotibvumira kutsiva imwe java kuita / vhezheni neimwe pasina kushandura iyo application deployment logic.

Dambudziko riri pano riri pakuti hazvibviri kuita izvi muAnsible, somugumisiro wekuti zvimwe zvibvumirano zvinoonekwa mukati mechikwata.

The Interface Segregation Principle

Kupatsanura musimboti wemushandisirwo: "Mazhinji maratidziro-akanangana nevatengi ari nani pane imwechete-chinangwa-chinangwa interface.

Pakutanga, takaedza kuisa kusiyanisa kwese kwekushandiswa kwekushandisa mune imwe Ansible playbook, asi zvaive zvakaoma kutsigira, uye nzira kana isu tine yekunze interface yakataurwa (mutengi anotarisira port 443), ipapo hurongwa hunogona kuunganidzwa kubva kune mumwe munhu. zvidhinha zvekushandisa chaiko.

The Dependency Inversion Principle

Nheyo yekutsamira inversion. Mamodule pamazinga epamusoro haafaniri kutsamira pamamodule pamazinga akaderera. Marudzi ese ari maviri emamodule anofanirwa kuenderana neabstractions. Zvisungo hazvifanirwe kutsamira pane zvakadzama. Tsanangudzo dzinofanirwa kuenderana neabstractions.

Pano muenzaniso uchabva pane antipattern.

Mumwe wevatengi anga aine gore rega.
Takahodha mavirtual machines mukati megore.
Asi nekuda kwechimiro chegore, kutumirwa kwekushandisa kwakasungirirwa kune iyo hypervisor iyo VM yaive.

Avo. Yepamusoro-level application deployment logic yakayerera nekutsamira kune yakaderera mazinga e hypervisor, uye izvi zvaireva matambudziko pakushandisazve pfungwa iyi. Usazviita nenzira iyi.

Kusangana

Infrastructure sekodhi haisi yekodhi chete, asiwo nezvehukama pakati pekodhi nevanhu, nezvekudyidzana pakati pevagadziri vezvivakwa.

Bhasi factor

Ngatifungei kuti une Vasya pane purojekiti yako. Vasya anoziva zvose pamusoro pezvivakwa zvako, chii chichaitika kana Vasya akangoerekana anyangarika? Iyi imamiriro ezvinhu chaiwo, nokuti anogona kurohwa nebhazi. Dzimwe nguva zvinoitika. Kana izvi zvikaitika uye ruzivo pamusoro pekodhi, chimiro chayo, mashandiro ayo, kutaridzika uye mapassword asina kugoverwa pakati peboka, saka unogona kusangana nenhamba yemamiriro asingafadzi. Kudzikisa njodzi idzi uye kugovera ruzivo mukati mechikwata, unogona kushandisa nzira dzakasiyana

Pair Devopsing

Hazvina kufanana sejoke, kuti maadmins ainwa doro, akachinja mapassword, uye analogue yemapurogiramu maviri. Avo. mainjiniya maviri anogara pasi pakombuta imwe, kiibhodhi imwe uye tanga kuseta zvivakwa zvako pamwe chete: kumisikidza sevha, kunyora Ansible basa, nezvimwe. Zvinonzwika zvakanaka, asi hazvina kushanda kwatiri. Asi zviitiko zvakakosha zvemuitiro uyu zvakashanda. Mushandi mutsva anouya, mutungamiri wake anotora basa rechokwadi pamwe chete naye, anoshanda uye anotamisa ruzivo.

Imwe nyaya yakakosha ndeyekufona kwechiitiko. Munguva yedambudziko, boka reavo vari pabasa nevanobatanidzwa vanoungana, mutungamiri mumwe anogadzwa, anogovera skrini yake uye anotaurira chitima chepfungwa. Vamwe vatori vechikamu vanotevera pfungwa dzemutungamiri, vanosora matipi kubva kuconsole, tarisa kuti havana kupotsa mutsara murogi, uye dzidza zvinhu zvitsva nezve system. Iyi nzira yakashanda kakawanda kupfuura kwete.

Kodhi Ongororo

Zvine musoro, zvaive zvakanyanya kushanda kuparadzira ruzivo nezve zvivakwa uye kuti zvinoshanda sei uchishandisa kodhi ongororo:

Izvo zvivakwa zvinotsanangurwa nekodhi mune repository.
Shanduko dzinoitika mune rimwe bazi rakasiyana.
Munguva yekusanganisa chikumbiro, iwe unogona kuona iyo delta yekuchinja mune zvivakwa.

Chinonyanya kukosha apa chaiva chokuti vaongorori vakasarudzwa mumwe nomumwe, maererano nehurongwa, i.e. neimwe dhigirii yemukana iwe uchakwira muchikamu chitsva chezvivakwa.

Code Style

Nekufamba kwenguva, squabbles dzakatanga kuoneka panguva yekuongorora, nekuti ... vaongorori vaive nemaitiro avo uye kutenderera kwevanoongorora vakarongedza nemhando dzakasiyana: 2 nzvimbo kana 4, kameraCase kana nyoka_case. Zvakanga zvisingabviri kuita izvi pakarepo.

Pfungwa yekutanga yaive yekukurudzira kushandisa linter, mushure mezvose, munhu wese injinjini, munhu wese akangwara. Asi vapepeti vakasiyana, OS, hazvina kunaka
Izvi zvakashanduka kuita bot yakanyora kuderera kune yega yega ine dambudziko uye yakanamatira iyo linter inobuda. Asi kazhinji pane zvimwe zvakakosha zvekuita uye kodhi yakaramba isina kurongeka.

Green Kuvaka Master

Nguva inopfuura, uye tasvika kumhedziso yekuti kuzvipira kusapasa mimwe miedzo hakugone kubvumidzwa muna tenzi. Voila! Isu takagadzira Green Build Master, iyo yave ichiitwa mukuvandudza software kwenguva yakareba:

Budiriro iri kuitika mune rimwe bazi rakasiyana.
Miedzo iri kuitika pa thread iyi.
Kana iyo miedzo ikakundikana, iyo kodhi haizoiite iyo tenzi.

Kuita sarudzo iyi kwairwadza kwazvo, nekuti... yakakonzera kukakavara kwakawanda, asi zvaive zvakakosha, nekuti... Ongororo dzakatanga kugamuchira zvikumbiro zvekubatanidza pasina misiyano muchimiro, uye nekufamba kwenguva nhamba yenzvimbo dzedambudziko yakatanga kuderera.

IaC Testing

Pamusoro pekutarisa maitiro, unogona kushandisa zvimwe zvinhu, semuenzaniso, kutarisa kuti zvivakwa zvako zvinonyatso kuendesa. Kana kuti tarisa kuti kuchinja kwezvivakwa hakuzotungamira mukurasikirwa nemari. Neiko ikoku kungadikanwa? Mubvunzo wakaoma uye uzivi, zviri nani kupindura nenyaya iyo neimwe nzira paiva ne-auto-scaler paPowershell iyo isina kutarisa mamiriro emuganhu => mamwe maVM akasikwa kupfuura zvakakodzera => mutengi akashandisa mari yakawanda kupfuura yakarongwa. Izvi hazvinakidze zvakanyanya, asi zvingaite kuti ubate kukanganisa uku pamatanho ekutanga.

Mumwe anogona kubvunza, sei kuita zvivakwa zvakaomarara zvakanyanya kuoma? Miedzo yezvivakwa, senge kodhi, haisi yekurerutsa, asi nezve kuziva mashandisirwo ako anofanira kushanda.

IaC Kuedza Piramidhi

IaC Testing: Static Analysis

Kana iwe ukatumira zvese zvivakwa kamwechete uye wotarisa kuti zvinoshanda, unogona kuona kuti zvinotora nguva yakawanda uye zvinoda nguva yakawanda. Naizvozvo, hwaro hunofanirwa kunge huri chinhu chinoshanda nekukurumidza, pane zvakawanda, uye chinovhara nzvimbo zhinji dzechinyakare.

Bash inonetsa

Ngationei muenzaniso usingakoshi. sarudza mafaera ese mudhairekitori razvino uye kopi kune imwe nzvimbo. Chinhu chekutanga chinouya mupfungwa:

for i in * ; do 
    cp $i /some/path/$i.bak
done

Ko kana paine nzvimbo muzita refaira? Zvakanaka, zvakanaka, isu takangwara, tinoziva mashandisiro ekotesheni:

for i in * ; do cp "$i" "/some/path/$i.bak" ; done

Kuita zvakanaka? Aihwa! Ko kana pasina chinhu mudhairekitori, i.e. globbing haishande.

find . -type f -exec mv -v {} dst/{}.bak ;

Waita zvakanaka manje? Kwete... Wakanganwa chingava muzita refaira n.

touch x
mv x  "$(printf "foonbar")"
find . -type f -print0 | xargs -0 mv -t /path/to/target-dir

Static analysis tools

Dambudziko kubva padanho rakapfuura rinogona kubatwa kana takanganwa makotesheni, nekuti izvi kune mishonga yakawanda mumasikirwo. Shellcheck, kazhinji pane akawanda, uye kazhinji unogona kuwana linter ye stack yako pasi peIDE yako.

mutauro
Tool

Bash
Shellcheck

Ruby
RuboCop

python
Plint

anable
Ansible Lint

IaC Testing: Unit Tests

Sezvatakaona kubva pamuenzaniso wapfuura, linters hadzina masimba ese uye haigone kuratidza ese ane dambudziko nzvimbo. Kupfuurirazve, nekuenzanisa nekuyedzwa mukuvandudza software, tinogona kuyeuka mayuniti bvunzo. Chinobva changouya mupfungwa shunit, juniti, rspec, pytest. Asi chii chekuita neanonzwisisika, chef, saltstack nevamwe vakaita saivo?

Pakutanga takataura nezvazvo SOLID uye kuti zvivakwa zvedu zvinofanira kuva nezvidhinha zvidiki. Nguva yavo yasvika.

Izvo zvivakwa zvakakamurwa kuita zvidhinha zvidiki, semuenzaniso, Ansible mabasa.
Imwe mhando yenzvimbo inoiswa, ingave docker kana VM.
Isu tinoshandisa yedu Ansible basa kune ino bvunzo nharaunda.
Isu tinotarisa kuti zvese zvakashanda sezvataitarisira (tinomhanya bvunzo).
Tinosarudza zvakanaka kana kwete.

IaC Testing: Zvishandiso zvekuedza Unit

Mubvunzo, ndedzipi bvunzo dzeCFM? Iwe unogona kungomhanyisa script, kana iwe unogona kushandisa yakagadzirira-yakagadzirwa mhinduro dzeizvi:

CFM
Tool

Anable
Testinfra

musoro
Inspect

musoro
Serverspec

saltstack
Kurasika

Muenzaniso we testinfra, kutarisa kuti vashandisi test1, test2 varipo uye vari muboka sshusers:

def test_default_users(host):
    users = ['test1', 'test2' ]
    for login in users:
        assert host.user(login).exists
        assert 'sshusers' in host.user(login).groups

Chii chokusarudza? Mubvunzo wakaoma uye wakaoma, heino muenzaniso wekuchinja mumapurojekiti pa github ye2018-2019:

IaC Testing masisitimu

Mubvunzo unomuka: sei kuisa zvose pamwe chete uye kutanga? Inogona tora uzviite iwe pachako kana paine nhamba yakakwana yemainjiniya. Kana kuti iwe unogona kutora yakagadzirira-yakagadzirwa mhinduro, kunyangwe isina akawanda kwazvo:

CFM
Tool

Anable
molecule

musoro
Test Kitchen

Terraform
Terrates

Muenzaniso wekuchinja mumapurojekiti pagithub ye2018-2019:

Molecule vs. Testkitchen

Pakutanga isu akaedza kushandisa testkitchen:

Gadzira VM nenzira yakafanana.
Shandisa mabasa akakodzera.
Mhanyai kuongorora.

Kwema 25-35 mabasa akashanda 40-70 maminitsi, ayo akanga akareba.

Nhanho inotevera yaive shanduko kuenda kujenkins/docker/ansible/molecule. Idiologically zvese zvakafanana

Lint mabhuku ekutamba.
Rongedza mabasa.
Tanga mudziyo
Shandisa mabasa akakodzera.
Mhanya testinfra.
Tarisa kusaziva.

Kunyorera mabasa makumi mana uye bvunzo kune gumi nemaviri kwakatanga kutora anenge maminetsi gumi nemashanu.

Zvekusarudza zvinoenderana nezvakawanda zvinhu, senge stack inoshandiswa, hunyanzvi muchikwata, nezvimwe. pano munhu wese anozvisarudzira ega nzira yekuvhara iyo Unit yekuyedza mubvunzo

IaC Kuedzwa: Kubatanidzwa Miedzo

Nhanho inotevera mupiramidhi yekuyedza zvivakwa ichave bvunzo dzekubatanidza. Iwo akafanana neUnit bvunzo:

Zvivako zvakakamurwa kuita zvidhinha zvidiki, semuenzaniso Ansible mabasa.
Imwe mhando yenzvimbo inoiswa, ingave docker kana VM.
Kune iyi test environment shanda mijenya Mabasa anonzwisisika.
Isu tinotarisa kuti zvese zvakashanda sezvataitarisira (tinomhanya bvunzo).
Tinosarudza zvakanaka kana kwete.

Zvichireva kutaura, isu hatitarise kuita kwechimwe chinhu cheiyo system senge muyuniti bvunzo, isu tinotarisa kuti sevha inogadziriswa sei yakazara.

IaC Kuedza: Kupera Kupedzisa Miedzo

Pamusoro pepiramidhi tinokwaziswa neEnd to End bvunzo. Avo. Isu hatitarise kuita kwesevha yakaparadzana, script yakaparadzana, kana chidhinha chakasiyana chezvivakwa zvedu. Isu tinotarisa kuti maseva mazhinji akabatana pamwechete, zvivakwa zvedu zvinoshanda sezvatinotarisira. Nehurombo, handisati ndamboona akagadzirira-akagadzirwa mabhokisi mhinduro, pamwe nekuti... Izvo zvivakwa zvinowanzosiyana uye zvakaoma template uye kugadzira chimiro chekuyedza. Nekuda kweizvozvo, munhu wese anogadzira yavo mhinduro. Pane chinodiwa, asi hapana mhinduro. Naizvozvo, ini ndichakuudza izvo zviripo kuitira kusundidzira vamwe kuti vataure pfungwa dzakanaka kana kukwesha mhino dzangu muchokwadi chekuti zvese zvakagadzirwa kare pamberi pedu.

Chirongwa chine nhoroondo yakapfuma. Inoshandiswa mumasangano makuru uye pamwe mumwe nemumwe wenyu akayambuka nenzira isina kunanga nayo. Iyo application inotsigira akawanda dhatabhesi, kubatanidzwa, nezvimwe. Kuziva kuti zvivakwa zvingaite sei ndeye yakawanda docker-compose mafaera, uye kuziva kuti ndedzipi bvunzo dzekumhanya munzvimbo ipi iJenkins.

Ichi chirongwa chakashanda kwenguva yakareba, kusvika mukati mehurongwa tsvakurudzo hatina kuedza kuendesa izvi kuOpenshift. Iyo midziyo inoramba yakafanana, asi iyo yekutanga nharaunda yachinja (mhoro DRY zvakare).

Pfungwa yekutsvagisa yakaenderera mberi, uye mukuvhurika vakawana chinhu chakadai se APB (Ansible Playbook Bundle), iyo inokutendera iwe kurongedza ruzivo rwekuisa zvivakwa mumudziyo. Avo. kune inodzokororwa, inoyedzwa poindi yeruzivo pamafambisirwo ezvivakwa.

Zvese izvi zvainzwika zvakanaka kudzamara tamhanyira mune heterogeneous infrastructure: taida Windows yebvunzo. Nekuda kweizvozvo, ruzivo rwechii, kupi, sei kuendesa, uye bvunzo iri mujenkins.

mhedziso

Infrastructure seCode iri

Code mune repository.
Kudyidzana kwevanhu.
Infrastructure test.

Links

Source: www.habr.com

Zvandakadzidza kubva Kuedza 200 Mitsetse yeInfrastructure Code