Kana yako IT masisitimu akakura nekukurumidza, iwe uchakurumidza kana gare gare watarisana nesarudzo: mutsara wedzera zviwanikwa zvevanhu kuti utsigire kana kutanga otomatiki. Kusvika pane imwe nguva, isu takagara mune yekutanga paradigm, uye ipapo nzira refu yeInfrastructure-as-Code yakatanga.
Zvechokwadi, NSPK haisi yekutanga, asi mamiriro ezvinhu akadaro akatonga mukambani mumakore ekutanga ekuvapo kwayo, uye iyo yaiva makore anofadza zvikuru. Zita randu ndi , ndanga ndichitsigira Linux masisitimu ane yakakwirira kuwanikwa zvinodiwa kweanopfuura makore gumi. Akabatana neboka reNSPK munaJanuary 10 uye, zvinosuruvarisa, haana kuona kutanga kwekuvapo kwekambani, asi akauya padanho rekuchinja kukuru.
Kazhinji, tinogona kutaura kuti timu yedu inopa 2 zvigadzirwa zvekambani. Chekutanga infrastructure. Tsamba inofanira kushanda, DNS inofanira kushanda, uye vatongi vedomeni vanofanira kukurega iwe mumaseva asingafaniri kuparara. Iyo kambani IT landscape yakakura! Aya ndiwo mabhizinesi & mishoni akakosha masisitimu, izvo zvinodiwa zvekuwanikwa kune vamwe 99,999. Chechipiri chigadzirwa mavhavha pachawo, emuviri uye chaiwo. Aripo anofanira kutariswa, uye matsva anofanira kugara achiendeswa kuvatengi vanobva kumadhipatimendi akawanda. Muchinyorwa chino ndinoda kutarisa pamagadzirirwo atakaita zvivakwa zvinokonzeresa sevha yehupenyu kutenderera.
Kutanga kwenzira
Pakutanga kwerwendo rwedu, tekinoroji yedu stack yakaita seizvi:
OS CentOS 7
FreeIPA Domain Controllers
Automation - Ansible(+Shongwe), Cobbler
Zvese izvi zvaive mu3 domains, yakapararira munzvimbo dzinoverengeka dzedata. Mune imwe nzvimbo yedata kune masisitimu ehofisi uye nzvimbo dzekuyedza, mune imwe yese pane PROD.
Kugadzira maseva pane imwe nguva kwaitaridzika seizvi:
MuVM template, CentOS ishoma uye hushoma hunodiwa hwakafanana nechakarurama /etc/resolv.conf, zvimwe zvinouya kuburikidza neAnsible.
CMDB - Excel.
Kana sevha iri yemuviri, saka panzvimbo yekukopa iyo chaiyo muchina, iyo OS yakaiswa pairi uchishandisa Cobbler - iyo MAC kero yevavariro server inowedzerwa kuCobbler config, sevha inogamuchira IP kero kuburikidza neDHCP, uye ipapo OS. inowedzerwa.
Pakutanga isu takatomboedza kuita imwe mhando yekumisikidza manejimendi muCobbler. Asi nekufamba kwenguva, izvi zvakatanga kuunza matambudziko nekutakurika kwezvigadziriso kune dzimwe nzvimbo dzedata uye kune Ansible kodhi yekugadzirira maVM.
Panguva iyoyo, vazhinji vedu takaona Ansible sekuwedzera kuri nyore kweBash uye hatina skimp pamagadzirirwo tichishandisa shell uye sed. Zvose Bashsible. Izvi zvakazoita kuti chokwadi chekuti kana bhuku rekutamba nekuda kwechimwe chikonzero harina kushanda paseva, zvaive nyore kudzima sevha, kugadzirisa bhuku rekutamba uye kurimhanyisa zvakare. Pakanga pasina kushandurwa kwezvinyorwa, pasina kutakurika kwezvigadziriso.
Semuenzaniso, isu taida kushandura imwe config pane ese maseva:
- Isu tinoshandura zvigadziriso pamaseva aripo mune inonzwisisika segment/data center. Dzimwe nguva kwete muzuva rimwe - zvinodiwa zvekuwanikwa uye mutemo wenhamba huru haibvumiri shanduko dzese kushandiswa kamwechete. Uye dzimwe shanduko dzinogona kuparadza uye dzinoda kutangazve chimwe chinhu - kubva kumasevhisi kuenda kuOS pachayo.
- Kuigadzirisa muAnsible
- Tinozvigadzirisa muCobbler
- Dzokorora N nguva kune yega yega ine musoro segment/data center
Kuti shanduko dzese dzifambe zvakanaka, zvaive zvakafanira kufunga nezvezvinhu zvakawanda, uye shanduko dzinoitika nguva dzose.
- Refactoring ansible code, configuration mafaira
- Kushandura maitiro akanaka emukati
- Shanduko dzinobva pamhedzisiro yekuongororwa kwezviitiko / njodzi
- Kuchinja kuchengetedzwa kwemitemo, mukati uye kunze. Semuenzaniso, PCI DSS inovandudzwa nezvitsva zvinodiwa gore rega rega
Infrastructure kukura uye kutanga kwerwendo
Nhamba yemaseva / inonzwisisika domains / data centers yakakura, uye pamwe navo nhamba yezvikanganiso mukugadzirisa. Pane imwe nguva, takasvika kunzira nhatu umo manejimendi ekugadzirisa inoda kuvandudzwa:
- Automation. Kukanganisa kwevanhu mukudzokorora kunofanirwa kudziviswa zvakanyanya sezvinobvira.
- Kudzokorora. Zviri nyore kwazvo kubata zvivakwa kana zvichinge zvichizivikanwa. Kugadziriswa kwemaseva uye zvishandiso zvekugadzirira kwavo kunofanirwa kunge kwakafanana kwese. Izvi zvakakoshawo kune zvikwata zvechigadzirwa - mushure mekuyedzwa, chishandiso chinofanirwa kuvimbiswa kupedzisira chiri munzvimbo yekugadzira yakagadziridzwa zvakafanana neyakaedzwa nzvimbo.
- Kureruka uye kujeka kwekuita shanduko kune yekumisikidza manejimendi.
Inoramba ichiwedzera maturusi maviri.
Isu takasarudza GitLab CE seyedu kodhi repository, kwete zvishoma kune yayo yakavakirwa-muCI/CD modules.
Vault yezvakavanzika - Hashicorp Vault, incl. yeiyo huru API.
Kuyedza magadzirirwo uye anobatika mabasa - Molecule+Testinfra. Miedzo inoenda nekukurumidza zvakanyanya kana iwe ukabatana kune inonzwisisika mitogen. Panguva imwecheteyo, takatanga kunyora yedu CMDB uye orchestrator yekuendesa otomatiki (mumufananidzo uri pamusoro peCobbler), asi iyi inyaya yakasiyana zvachose, iyo wandaishanda naye uye mugadziri mukuru weaya masisitimu achataura mune ramangwana.
Sarudzo yedu:
Molecule + Testinfra
Ansible + Shongwe + AWX
Nyika yeSevha + DITNET (Yega kuvandudza)
Cobbler
Gitlab + GitLab mumhanyi
Hashicorp Vault
Nenzira, pamusoro pemabasa anonzwisisika. Pakutanga kwaingova neimwe chete, asi mushure mekudzokororwa kwakawanda kwave kune 17. Ndinokurudzira zvakasimba kuputsa monolith kuita mabasa asina simba, ayo anogona kuzotangwa zvakasiyana; uyezve, unogona kuwedzera ma tags. Isu takapatsanura mabasa nekushanda - network, kutema miti, mapakeji, Hardware, molecule nezvimwe. Kazhinji, takatevera nzira iri pasi apa. Handisimbirire kuti ichi ndicho chokwadi chega, asi chakatiitira.
- Kutevedzera maseva kubva ku "mufananidzo wegoridhe" kwakaipa!Chinhu chikuru chakashata ndechekuti iwe hauzive chaizvo kuti mapikicha ari mumamiriro api izvozvi, uye kuti shanduko dzese dzinouya kumifananidzo yese mumapurazi ese ekuona.
- Shandisa default configuration mafaira kusvika kushoma uye bvumirana nemamwe madhipatimendi kuti iwe unotarisira iwo makuru system mafaira, somuenzaniso:
- Siya /etc/sysctl.conf isina chinhu, marongero anofanirwa kunge ari mukati /etc/sysctl.d/. Yako default mune imwe faira, tsika yekushandisa mune imwe.
- Shandisa override mafaira kugadzirisa systemd units.
- Tendedzera zvese zvigadziriso uye uzvisanganise zvachose; kana zvichibvira, hapana sed kana analogues ayo mumabhuku ekutamba.
- Refactoring iyo configuration manejimendi system kodhi:
- Dura mabasa pasi kuita masangano ane musoro uye nyorazve iyo monolith kuita mabasa
- Shandisa linters! Ansible-lint, yaml-lint, nezvimwe
- Chinja maitiro ako! No bashsible. Izvo zvinodiwa kutsanangura mamiriro ehurongwa
- Kune ese Ansible mabasa iwe unofanirwa kunyora bvunzo mumorekuru uye kugadzira mishumo kamwe pazuva.
- Muchiitiko chedu, mushure mekugadzirira miedzo (iyo inopfuura 100), inenge 70000 zvikanganiso zvakawanikwa. Zvakatora mwedzi yakati kuti kuzvigadzirisa.
Kuitwa kwedu
Saka, mabasa anonzwisisika aive akagadzirira, akatemerwa uye akatariswa nemalinters. Uye kunyange gits inosimudzwa kwese kwese. Asi mubvunzo wekuvimbika kuendeswa kwekodhi kuzvikamu zvakasiyana wakaramba wakavhurika. Takasarudza kuwiriranisa nemagwaro. Zvinoita sekuti:
Mushure mekunge shanduko yasvika, CI inotangwa, sevha yekuyedza inogadzirwa, mabasa anotenderedzwa, uye akaedzwa nemorekuru. Kana zvinhu zvose zvakanaka, kodhi inoenda kubazi reprod. Asi isu hatishandise kodhi nyowani kumaseva aripo mumushini. Iyi imhando yekumisa iyo inodiwa pakuwanikwa kwepamusoro kwemasisitimu edu. Uye kana zvivakwa zvave zvakakura, mutemo wenhamba huru unouya - kunyangwe uine chokwadi chekuti shanduko haina kukuvadza, inogona kutungamira kumhedzisiro yakaipa.
Kune zvakare akawanda sarudzo dzekugadzira maseva. Takazopedzisira tasarudza tsika dzePython zvinyorwa. Uye kune CI zvinogoneka:
- name: create1.yml - Create a VM from a template
vmware_guest:
hostname: "{{datacenter}}".domain.ru
username: "{{ username_vc }}"
password: "{{ password_vc }}"
validate_certs: no
cluster: "{{cluster}}"
datacenter: "{{datacenter}}"
name: "{{ name }}"
state: poweredon
folder: "/{{folder}}"
template: "{{template}}"
customization:
hostname: "{{ name }}"
domain: domain.ru
dns_servers:
- "{{ ipa1_dns }}"
- "{{ ipa2_dns }}"
networks:
- name: "{{ network }}"
type: static
ip: "{{ip}}"
netmask: "{{netmask}}"
gateway: "{{gateway}}"
wake_on_lan: True
start_connected: True
allow_guest_control: True
wait_for_ip_address: yes
disk:
- size_gb: 1
type: thin
datastore: "{{datastore}}"
- size_gb: 20
type: thin
datastore: "{{datastore}}"Izvi ndizvo zvatauya, sisitimu inoramba ichirarama nekusimudzira.
- 17 Mabasa anokodzera ekumisikidza sevha. Rimwe nerimwe remabasa rakagadzirirwa kugadzirisa rakasiyana rine musoro basa (kutema miti, kuongorora, mvumo yemushandisi, kutarisa, nezvimwewo).
- Kuedza basa. Molecule + TestInfra.
- Kuvandudza pachedu: CMDB + Orchestrator.
- Nguva yekugadzira sevha ndeye ~ maminitsi makumi matatu, otomatiki uye anozvimiririra pamutsara webasa.
- Iyo yakafanana mamiriro / mazita ezvivakwa muzvikamu zvese - playbooks, repositories, virtualization zvinhu.
- Cheki chezuva nezuva chechimiro cheseva nekugadzirwa kwemishumo pane kusawirirana nechiyero.
Ndinovimba kuti nyaya yangu ichabatsira kune avo vari kutanga kwerwendo rwavo. Ndeipi automation stack yaunoshandisa?
Source: www.habr.com