Chakanga chave pedyo neGoredzva. Vana munyika yose vakanga vatotumira tsamba kuna Santa Claus kana kuzviitira zvipo, uye muurayi wavo mukuru, mumwe wevatengesi vakuru, akanga achigadzirira apotheosis yekutengesa. Muna Zvita, mutoro uri panzvimbo yayo yedata unowedzera kakawanda. Naizvozvo, kambani yakafunga kuvandudza nzvimbo yedata uye kuisa mukushanda akati wandei maseva matsva pachinzvimbo chemidziyo yaisvika kumagumo ehupenyu hwayo hwesevhisi. Izvi zvinopedzisa ngano pamusoro pemashure ekutenderera kwemazaya echando, uye iyo inofadza inotanga.
Midziyo yacho yakasvika panzvimbo iyi mwedzi yakati wandei isati yatanga kutengesa. Basa rekushanda, hongu, rinoziva maitiro uye chii chekugadzirisa pamaseva kuitira kuti vaunze munzvimbo yekugadzira. Asi isu taifanira kuita otomatiki izvi uye kubvisa chinhu chemunhu. Mukuwedzera, maseva akatsiviwa kusati kwatama kweseti yeSAP masisitimu aive akakosha kune kambani.
Kutumirwa kwemaseva matsva kwakanyatso kusungirirwa panguva yakatarwa. Uye kuifambisa kwaireva kukanganisa zvese kutumirwa kwebhirioni zvipo uye kutama kwehurongwa. Kunyangwe timu inoumbwa naBaba Frost naSanta Claus haina kukwanisa kuchinja zuva - unogona kutamisa iyo SAP sisitimu yekutarisira imba yekuchengetera kamwe chete pagore. Kubva muna Zvita 31 kusvika Ndira 1, matura makuru emutengesi, akazara saizi yenhandare dzenhabvu makumi maviri, anomisa basa ravo kwemaawa gumi nemashanu. Uye iyi ndiyo chete nguva yekufambisa sisitimu. Isu takanga tisina nzvimbo yekukanganisa pakuunza maseva.
Rega ndive pachena: nyaya yangu inoratidza maturusi uye kugadzirisa manejimendi maitiro anoshandiswa nechikwata chedu.
Iyo configuration manejimendi yakaoma ine akati wandei mazinga. Chinhu chakakosha ndeye CMS system. Mukushanda kwemaindasitiri, kusavapo kweimwe yemazinga kwaizotungamira kune zvishamiso zvisingafadzi.
OS yekuisa manejimendi
Yekutanga nhanho ihurongwa hwekugadzirisa kuisirwa kweanoshanda masisitimu pane emuviri uye chaiwo maseva. Inogadzira masisitimu eOS, kubvisa chinhu chemunhu.
Tichishandisa iyi sisitimu, takagamuchira akajairwa sevha mameseji neOS akakodzera imwe otomatiki. Munguva ye "kudururwa" vakagamuchira vashoma seti yevashandisi venzvimbo uye neruzhinji SSH makiyi, pamwe neinowirirana OS kumisikidzwa. Isu taigona kuvimbiswa kubata maseva kuburikidza neCMS uye taiva nechokwadi chekuti pakanga pasina zvinoshamisa "pasi pazasi" padanho reOS.
Iyo "yakanyanya" basa rekuisa manejimendi system nderekugadzirisa otomatiki maseva kubva paBIOS/Firmware level kuenda kuOS. Zvakawanda pano zvinoenderana nemidziyo uye kuseta mabasa. Kune heterogeneous midziyo, unogona kufunga . Kana iyo hardware yese ichibva kune mumwe mutengesi, saka kazhinji zviri nyore kushandisa akagadzirira-akagadzirwa manejimendi maturusi (semuenzaniso, HP ILO Amplifier, DELL OpenManage, nezvimwewo).
Kuisa iyo OS pamaseva emuviri, takashandisa iyo inozivikanwa Cobbler, iyo inotsanangura seti yekuisa profiles inobvumirana nebasa rekushanda. Paunenge uchiwedzera sevha nyowani kune zvivakwa, injinjiniya yakasunga sevha yeMAC kero kune inodiwa mbiri muCobbler. Pakubhomba pamusoro penetiweki kekutanga, sevha yakagamuchira kero yenguva pfupi uye itsva OS. Yakabva yaendeswa kune yakananga VLAN/IP kero ndokuenderera mberi nebasa ipapo. Ehe, kushandura VLAN kunotora nguva uye kunoda kurongeka, asi kunopa imwe dziviriro pakuiswa netsaona kwesevha munzvimbo yekugadzira.
Isu takagadzira chaiwo maseva zvichienderana nematemplate akagadzirirwa uchishandisa HashiΠ‘orp Packer. Chikonzero chaive chimwe chete: kudzivirira zvikanganiso zvingangoitika zvevanhu pakuisa OS. Asi, kusiyana nemaseva emuviri, Packer inobvisa kudiwa kwePXE, network booting, uye VLAN shanduko. Izvi zvaita kuti zvive nyore uye nyore kugadzira sevha chaiyo.
Mupunga. 1. Kugadzirisa kuiswa kwemaitiro ekushanda.
Kutarisira zvakavanzika
Chero dhizaini manejimendi system ine data inofanirwa kuvanzwa kubva kune vakajairwa vashandisi, asi inodiwa kugadzirira masisitimu. Aya mapassword evashandisi venzvimbo uye maakaundi ebasa, makiyi ezvitupa, akasiyana API Tokens, nezvimwewo. Anowanzonzi "zvakavanzika".
Kana iwe usingatarise kubva pakutanga kuti ndeipi uye sei kuchengetedza zvakavanzika izvi, saka, zvichienderana nekuoma kweruzivo rwekuchengetedza ruzivo, nzira dzinotevera dzekuchengetedza dzinogona kuitika:
- zvakananga mukodhi yekudzora kodhi kana mumafaira ari mudura;
- mune akasarudzika ekugadzirisa manejimendi maturusi (semuenzaniso, Ansible Vault);
- muCI/CD masisitimu (Jenkins/TeamCity/GitLab/etc.) kana mumagadzirirwo ekugadzirisa masisitimu (Ansible Tower/Ansible AWX);
- zvakavanzika zvinogonawo kutamiswa "nemaoko". Semuenzaniso, iwo akaiswa munzvimbo yakatarwa, uye ipapo anoshandiswa nemagadzirirwo ekugadzirisa masisitimu;
- kusanganiswa kwakasiyana-siyana kwepamusoro.
Nzira imwe neimwe ine zvipingamupinyi zvayo. Chinonyanya kukosha ndechekushaya mitemo yekuwana zvakavanzika: hazvibviri kana zvakaoma kuziva kuti ndiani angashandisa zvimwe zvakavanzika. Chimwe chinokanganisa kushaikwa kwekuwana ongororo uye kutenderera kwehupenyu huzere. Nzira yekukurumidza kutsiva, semuenzaniso, kiyi yeruzhinji yakanyorwa mukodhi uye mune dzinoverengeka masisitimu ane hukama?
Isu takashandisa iyo yepakati yakavanzika yekuchengetedza HashiCorp Vault. Izvi zvakatibvumira:
- chengetedza zvakavanzika. Iwo akavharidzirwa, uye kunyangwe kana mumwe munhu akawana mukana kune iyo Vault dhatabhesi (semuenzaniso, nekuidzoreredza kubva kune backup), havazokwanisa kuverenga zvakavanzika zvakachengetwa ipapo;
- kuronga mitemo yekuwana zvakavanzika. Izvo chete zvakavanzika "zvakagoverwa" kwavari zvinowanikwa kune vashandisi uye maapplication;
- odhita kuwana zvakavanzika. Chero zviito zvine zvakavanzika zvinorekodhwa muVault audit log;
- kuronga zvizere "hupenyu hwehupenyu" hwekushanda nezvakavanzika. Ivo vanogona kugadzirwa, kubviswa, kuseta zuva rekupera, nezvimwe.
- nyore kubatanidza nemamwe masisitimu anoda kuwana zvakavanzika;
- uye zvakare shandisa yekupedzisira-kusvika-kumagumo encryption, imwe-nguva mapassword eiyo OS uye dhatabhesi, zvitupa zvemvumo nzvimbo, nezvimwe.
Zvino ngatiendererei kune yepakati authentication uye mvumo system. Zvaigoneka kuita pasina iyo, asi kutonga vashandisi mune akawanda ane hukama masisitimu hakusi kudiki. Isu takagadzirisa kutendeseka uye mvumo kuburikidza nesevhisi yeLDAP. Zvikasadaro, Vault yaizofanira kuramba ichiburitsa uye nekuchengeta ma tokeni echokwadi evashandisi. Uye kudzima nekuwedzera vashandisi kunoshanduka kuita kuda "ndakagadzira / kudzima iyi account yemushandisi kwese kupi?"
Isu tinowedzera imwe nhanho kune yedu sisitimu: zvakavanzika manejimendi uye yepakati authentication / mvumo:
Mupunga. 2. Secrets management.
Configuration management
Takasvika padanho - iyo CMS system. Kwatiri, uku kusanganiswa kweAnsible uye Red Hat Ansible AWX.
Panzvimbo yeAnsible, Chef, Puppet, SaltStack inogona kushandiswa. Isu takasarudza Ansible zvichibva pane akati wandei maitiro.
- Chekutanga, ndeye versatility. Seti yemamodule akagadzirira-akagadzirwa ekutonga . Uye kana iwe usina zvakakwana, unogona kutsvaga paGitHub uye Galaxy.
- Chechipiri, hapana chikonzero chekuisa uye kutsigira vamiririri pamidziyo inogadziriswa, kuratidza kuti havakanganise mutoro, uye kusimbisa kusavapo kwe "bookmark".
- Chechitatu, Ansible ine yakaderera chipingamupinyi chekupinda. Injiniya anokwanisa anonyora bhuku rekutamba rinoshanda pazuva rekutanga rekushanda nechigadzirwa.
Asi Ansible ari ega munzvimbo yekugadzira yakanga isina kutikwanira. Zvikasadaro, matambudziko mazhinji aizomuka nekudzora kupinda uye kuongorora zviito zvevatariri. Nzira yekudzivirira kupinda? Mushure mezvose, zvaive zvakakodzera kuti dhipatimendi rega rega ritore (verenga: mhanyisa Ansible playbook) "yayo" seti yemaseva. Maitiro ekubvumidza chete vamwe vashandi kumhanyisa chaiwo Ansible playbooks? Kana kuti ungateedzera sei kuti ndiani akatanga bhuku rekutamba pasina kumisikidza ruzivo rwakawanda rwemunharaunda pamaseva nemidziyo inomhanya Ansible?
Chikamu cheshumba chenyaya dzakadaro chinogadziriswa neRed Hat , kana purojekiti yake yakavhurika-inokwira kumusoro . Ndosaka takazvisarudzira kune mutengi.
Uye imwezve kubata kune mufananidzo weCMS system yedu. Ansible playbook inofanira kuchengetwa mucode repository management systems. Isu tinayo .
Saka, zvigadziriso pachazvo zvinotungamirirwa nekubatanidzwa kweAnsible/Ansible AWX/GitLab (ona Fig. 3). Ehe, AWX/GitLab inosanganiswa neayo imwe yechokwadi sisitimu, uye Ansible playbook inosanganiswa neHashiCorp Vault. Zvigadziriso zvinopinda munzvimbo yekugadzira chete kuburikidza neAnsible AWX, iyo yose "mitemo yemutambo" inotsanangurwa: ndiani anogona kugadzirisa chii, kupi kuwana kodhi yekugadzirisa kodhi yeCMS, nezvimwe.
Mupunga. 3. Kugadzirisa kugadzirisa.
Test management
Kugadzirisa kwedu kunounzwa mune kodhi fomu. Naizvozvo, isu tinomanikidzwa kutamba nemirairo yakafanana nevagadziri vesoftware. Taifanira kuronga maitiro ekusimudzira, kuenderera kuyedzwa, kuendesa uye kushandiswa kwekodhi yekumisikidza kumaseva ekugadzira.
Kana izvi zvikasaitwa nekukasira, saka mabasa akanyorerwa kugadziridzwa angamira kutsigirwa uye kugadziridzwa, kana kuti arege kutangwa mukugadzira. Mushonga wemarwadzo aya unozivikanwa, uye wakazviratidza muchirongwa ichi:
- basa rega rega rinofukidzwa neyuniti bvunzo;
- bvunzo dzinoitwa otomatiki pese paine shanduko mukodhi inogadzirisa zvigadziriso;
- shanduko mune yekumisikidza manejimendi kodhi inoburitswa munzvimbo yekugadzira chete mushure mekubudirira kupasa ese bvunzo uye kodhi ongororo.
Kuvandudzwa kwekodhi uye manejimendi manejimendi zvadzikama uye zvakanyanya kufanofungidzira. Kuronga kuenderera mberi kuyedzwa, takashandisa GitLab CI/CD toolkit, uye takatora .
Pese paine shanduko mune yekumisikidza manejimendi kodhi, GitLab CI/CD inodaidza Molecule:
- inotarisa kodhi syntax,
- inosimudza mudziyo weDocker,
- inoshandisa iyo yakagadziridzwa kodhi kune yakagadzirwa mudziyo,
- inotarisa basa rekushaya simba uye inomhanyisa miedzo yekodhi iyi (iyo granularity pano iri padanho rinonzwisisika, ona Fig. 4).
Takaendesa zvigadziriso kunzvimbo yekugadzira tichishandisa Ansible AWX. Injiniya dzekushanda dzakashandisa shanduko yekumisikidza kuburikidza neakafanotsanangurwa matemplate. AWX yakazvimiririra "yakumbira" iyo yazvino vhezheni yekodhi kubva kuGitLab master bazi pese payaishandiswa. Nenzira iyi takabvisa kushandiswa kwekodhi isina kuedzwa kana yechinyakare munzvimbo yekugadzira. Nomuzvarirwo, iyo kodhi yakapinda tenzi bazi chete mushure mekuedzwa, kuongorora uye kubvumidzwa.
Mupunga. 4. Kuedza otomatiki kwemabasa muGitLab CI/CD.
Panewo dambudziko rine chekuita nekushanda kwemaitiro ekugadzira. Muhupenyu chaihwo, zvakanyanya kuoma kuita shanduko yekuchinja kuburikidza neCMS kodhi chete. Mamiriro ezvinhu ekukurumidzira anomuka kana injiniya achifanira kushandura gadziriso "pano uye ikozvino", pasina kumirira kugadziridzwa kwekodhi, kuyedzwa, kubvumidzwa, nezvimwe.
Nekuda kweizvozvo, nekuda kwekuchinja kwemanyorero, kusawirirana kunoonekwa mukugadziriswa pamhando imwechete yemidziyo (semuenzaniso, sysctl marongero anogadziriswa zvakasiyana paHA cluster node). Kana iyo chaiyo yekumisikidzwa pamidziyo inosiyana kubva kune yakatsanangurwa muCMS kodhi.
Naizvozvo, mukuwedzera kune kuenderera mberi kuyedzwa, isu tinotarisa kugadzirwa kwemamiriro ekugadzirisa kusawirirana. Isu takasarudza sarudzo iri nyore: kumhanya iyo CMS yekumisikidza kodhi mu "dry run" modhi, ndiko kuti, pasina kushandisa shanduko, asi nekuzivisa kwese kusawirirana pakati peyakarongwa uye chaiyo dhizaini. Isu takaita izvi nekugara tichimhanyisa ese Ansible playbooks ane "-cheki" sarudzo pamaseva ekugadzira. Senguva dzose, Ansible AWX ine basa rekutangisa nekuchengetedza bhuku rekutamba richifambirana nenguva (ona Fig. 5):
Mupunga. 5. Inotarisa kusawirirana kwekugadzirisa muAnsible AWX.
Mushure mekutarisa, AWX inotumira chirevo chekusawirirana kune maneja. Ivo vanodzidza iyo inonetsa kumisikidzwa vozoigadzirisa kuburikidza neyakagadziridzwa playbooks. Aya ndiwo maitiro atinochengetedza kurongeka munzvimbo yekugadzira uye iyo CMS inogara iripo uye yakawiriraniswa. Izvi zvinobvisa "zvishamiso" zvisingafadzi kana CMS kodhi inoshandiswa pa "kugadzira" maseva.
Isu ikozvino tine yakakosha yekuyedza layer inosanganisira Ansible AWX/GitLab/Molecule (Mufananidzo 6).
Mupunga. 6. Test management.
Zvakaoma? handiite nharo. Asi kuomarara kwakadai kwekugadzirisa manejimendi kwave mhinduro yakazara kumibvunzo mizhinji ine chekuita neautomation ye server kumisikidzwa. Iye zvino mutengesi akajairwa maseva anogara aine yakanyatso kutsanangurwa kumisikidzwa. CMS, kusiyana neinjiniya, haizokanganwa kuwedzera zvigadziriso zvinodikanwa, kugadzira vashandisi uye kuita gumi nemaviri kana mazana ezvirongwa zvinodiwa.
Iko hakuna "ruzivo rwakavanzika" muzvirongwa zvemaseva uye nharaunda nhasi. Zvese zvinodiwa zvinoratidzwa mubhuku rekutamba. Hapasisina kusika uye mirairo isina kujeka: "Iise seyakajairwa Oracle, asi iwe unofanirwa kutsanangura akati wandei sysctl marongero uye wedzera vashandisi neiyo UID inodiwa. Bvunza vakomana vari kushanda, vanoziva".
Iko kugona kuona kusawirirana kwezvigadziriso uye kuzvigadzirisa zvinopa runyararo rwepfungwa. Pasina gadziriro yekugadzirisa hurongwa, izvi zvinowanzotarisa zvakasiyana. Matambudziko anounganidza kusvikira rimwe zuva "vapfura" mukugadzira. Ipapo kubvunzurudzwa kunoitwa, zvigadziriso zvinotariswa uye zvinogadziriswa. Uye kutenderera kunodzokorora zvakare
Uye zvechokwadi, isu takamhanyisa kuvhurwa kwemaseva kuti ashande kubva mazuva akati wandei kusvika maawa.
Zvakanaka, paEvha Idzva Idzva pachayo, apo vana vaifara kusunungura zvipo uye vanhu vakuru vaiita zvishuvo sezvo chimes yakarova, mainjiniya edu akatamisa SAP system kumaseva matsva. Kunyange Santa Claus achataura kuti zvishamiso zvakanakisisa ndezviya zvakagadzirirwa zvakanaka.
PS Chikwata chedu chinowanzosangana nenyaya yekuti vatengi vanoda kugadzirisa matambudziko ekugadzirisa manejimendi zviri nyore sezvinobvira. Zvakanaka, sekunge nemashiripiti - nechishandiso chimwe. Asi muhupenyu zvinhu zvese zvakanyanya kuomarara (hongu, mabara esirivha haana kuendeswa zvakare): iwe unofanirwa kugadzira hurongwa hwese uchishandisa zvishandiso zviri nyore kune timu yemutengi.
Munyori: Sergey Artemov, mugadziri wedhipatimendi "Jet Infosystems"
Source: www.habr.com