Foreword
βUshamwariβ hwedu hwakatanga makore maviri apfuura. Ndakauya kunzvimbo itsva yebasa, uko admin wekare akambondisiira software iyi senhaka. Hapana chimwe chandakawana paInternet kunze kwezvinyorwa zvepamutemo. Kunyangwe iye zvino, kana iwe ukatsvaga "rudder" google, mu99% yezviitiko zvichauya: zvikepe zvechikepe uye quadcopters. Ndakakwanisa kuwana nzira yekutaura naye. Sezvo nharaunda yesoftware iyi isingaite, ndakafunga kugovera ruzivo rwangu uye rake. Ndinofunga izvi zvichabatsira mumwe munhu.
Saka Rudder
Rudder ndeye yakavhurika sosi yekuongorora uye yekumisikidza manejimendi utility iyo inobatsira otomatiki sisitimu kumisikidzwa. Inoshanda pamusimboti wekuisa mumiriri kune yega yega mushandisi. Kuburikidza nechitarisiko chiri nyore, tinogona kutarisa kuti yakawanda sei zvivakwa zvedu zvinoenderana nemitemo yese yakatarwa.
Shandisa
Pazasi ini ndichanyora zvandinoshandisa Rudder.
-
Kudzora kwemafaira uye zvigadziriso: ./ssh/authorized_keys ; /etc/hosts ; iptables; (uye ipapo fungidziro yako inotungamira)
-
Kudzora kwemapakeji akaiswa: zabbix.agent kana chero imwe software
Kuisa server
Nguva pfupi yadarika ndakagadziridza kubva kuvhezheni 5 kusvika 6.1, zvese zvakafamba zvakanaka. Pazasi pane mirairo yeDeban/Ubuntu asi pane zvakare rutsigiro: ΠΈ .
Ini ndichavanza kuisirwa mune vaparadzi kuti ndisakukanganisa iwe.
pomuparadzi
Dependencies
rudder-server inoda Java RE ingangoita vhezheni 8, inogona kuiswa kubva kune yakajairwa repository:
Kutarisa kuona kana yakaiswa
java -versionkana mhedziso
-bash: java: command not foundwobva waisa
apt install default-jreServer
Kupinza kiyi
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -Heino chinyorwa pachacho
pub 4096R/474A19E8 2011-12-15 Rudder Project (release key) <[email protected]>
Key fingerprint = 7C16 9817 7904 212D D58C B4D1 9322 C330 474A 19E8Sezvo isu tisina kubhadhara kunobhadharwa, isu tinowedzera inotevera repository
echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.listGadzirisa rondedzero yezvinyorwa uye isa server
apt update
apt install rudder-server-rootGadzira mushandisi admin
rudder server create-user -u admin -p "ΠΠ°Ρ ΠΠ°ΡΠΎΠ»Ρ"Mune ramangwana isu tinogona kubata vashandisi kuburikidza neiyo config
Ndizvozvo, sevha yakagadzirira.
Server Tuning
Iye zvino iwe unofanirwa kuwedzera iyo IP kero yevamiririri kana iyo subnet yese kune yekumhanyisa mumiriri, isu tinotarisa pane yekuchengetedza mutemo.
Settings -> General
Mundima ye "Wedzera network", isa kero uye mask mufomati xxxx/xx. Kuti ubvumidze kupinda kubva kumakero ese emukati network (Kunze kwekunge iyi iri test network uye uri kuseri kweNAT) pinda: 0.0.0.0/0
Zvakakosha - mushure mekuwedzera ip kero, usakanganwa kudzvanya Chengetedza shanduko, kana zvisina kudaro hapana chichachengetwa.
Zviteshi
Vhura zviteshi zvinotevera pane sevha
-
443 - tcp
-
5309 - tcp
-
514 - udp
Isu takarongedza yekutanga server setup.
Agent Installation
pomuparadzi
Kuwedzera kiyi
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -Key fingerprint
pub 4096R/474A19E8 2011-12-15 Rudder Project (release key) <[email protected]>
Key fingerprint = 7C16 9817 7904 212D D58C B4D1 9322 C330 474A 19E8Kuwedzera repository
echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.listKuisa mumiririri
apt update
apt install rudder-agentAgent setup
Isu tinoratidza kumumiririri iyo IP kero yepolicy server
rudder agent policy-server <rudder server ip or hostname> #ΠΠ΅Π· ΡΠΊΠΎΠ±ΠΎΠΊ. ΠΠΎΠΆΠ½ΠΎ ΡΠ°ΠΊΠΆΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π΄ΠΎΠΌΠ΅Π½Π½ΠΎΠ΅ ΠΈΠΌΡ Nekumhanyisa iwo unotevera rairo isu tinotumira chikumbiro chekuwedzera mumiriri mutsva kune server, mumaminitsi mashoma ichaonekwa mune runyorwa rwevamiriri vatsva, ini ndichatsanangura maitiro ekuwedzera muchikamu chinotevera.
rudder agent inventoryIsu tinogona zvakare kumanikidza mumiriri kuti atange uye inotumira chikumbiro ipapo ipapo
rudder agent runAgent yedu yagadzirwa, ngatienderere mberi.
Kuwedzera vamiririri
Login
https://127.0.0.1/rudder/index.html
Mumiririri wako achaonekwa muchikamu che "Gamuchira node nyowani", tarisa bhokisi uye tinya Gamuchira
Zvinofanira kutora nguva shoma kusvikira sisitimu yatarisa sevha kuti inoenderana here
Kugadzira mapoka emaseva
Ngatigadzire boka (iro richiri varaidzo), tisingazive kuti sei vagadziri vakaita hutsinye hwakadai kuumbwa kweboka, asi sekunzwisisa kwandinoita, hapana imwe nzira. Enda kuNode manejimendi -> Mapoka chikamu uye tinya paGadzira, sarudza static boka uye zita.
Isu tinosefa sevha yatinoda neakakosha maficha, semuenzaniso, ne ip kero, uye chengetedza
Boka rinomiswa.
Kugadzira mitemo
Enda kuConfiguration policy β Mitemo uye gadzira mutemo mutsva
Wedzera boka rakagadzirirwa kare (izvi zvinogona kuitwa gare gare)
Uye isu tinogadzira gwara idzva
Ngatigadzirei dhairekitori rekuwedzera makiyi eruzhinji ku .ssh/authorized_keys. Ini ndinoshandisa izvi kana mushandi mutsva aenda, kana kuti reinsurance, semuenzaniso, kana mumwe munhu netsaona akacheka kiyi yangu.
Enda kuConfiguration policy β Madhairekitori kuruboshwe tinoona "Directive raibhurari" Tsvaga "Remote kupinda β SSH makiyi ane mvumo", kurudyi tinya Gadzira Directive.
Isu tinoisa ruzivo nezve mushandisi uye tinowedzera kiyi yake. Tevere, sarudza iyo application policy
-
Global - Default policy
-
Enforce - Ita pamaseva akasarudzwa
-
Audit - Ichaita ongororo uye kuudza vatengi vane kiyi
Iva nechokwadi chekuratidza mutemo wedu
Zvadaro chengetedza uye wapedza.
Kuongorora
Kiyi yawedzerwa zvinobudirira
Buns
Mumiririri anopa ruzivo rwakakwana nezve server. Rondedzero yemapakeji akaiswa, mainterface, akavhurika madoko uye nezvimwe zvakawanda, izvo iwe zvaunogona kuona muiyo skrini pazasi
Iwe unogona zvakare kuisa nekudzora software kwete paLinux chete asiwo paWindows, ini handina kutarisa yekupedzisira, pakanga pasina chikonzero ..
Kubva kumunyori
Iwe unogona kunge uchibvunza, sei kudzoreredza vhiri kana zvinonzwisisika uye chidhori zvakatogadzirwa kare kare?
Ini ndinopindura: Ansible ine zvimwe zvipingamupinyi, semuenzaniso, hatisi kuona kuti iyi gadziriso iri papi, kana mamiriro akajairika paunotanga basa kana bhuku rekutamba uye kukanganisa kukanganisa kunoonekwa, uye wotanga kukwira paseva woona. ndeipi package yakagadziridzwa kupi. Uye ini handina kungoshanda nepuppet ..
Pane zvakaipira here kuRudder? Zvakawanda .. Kutanga kubva pakuti vamiririri vanodonha uye iwe unofanirwa kuvadzosera kana kushandisa rudder reset command. (asi nenzira, handisati ndaona izvi muvhezheni 6 parizvino), zvichikonzera kuseta kwakaomarara uye isina musoro interface.
Pane zvakanakira here? Uye kune zvakare akawanda mabhenefiti: Kusiyana neanozivikanwa Ansible, isu tine webhu interface umo iwe unogona kuona kutevedzera kwatakashandisa. Semuyenzaniso, zviteshi zvinonamira kunze munyika, chii chiri mamiriro efirewall, vamiririri vekuchengetedza vakaisirwa kana mamwe magajeti.
Iyi software yakakwana kune dhipatimendi rekuchengetedza ruzivo, sezvo mamiriro ezvivakwa achagara ari pamberi pemeso ako, uye kana chero yemitemo inovhenekera mutsvuku, saka ichi ndicho chikonzero chekushanyira sevha. Sezvandakataura, ndanga ndichishandisa Rudder kwemakore maviri ikozvino, uye kana ukaiputa zvishoma, hupenyu hunova nani. Chinhu chakanyanya kuoma muhukuru hwezvivakwa ndechekuti hauyeuke kuti sevha iripi, ingave June akapotsa kuisa vamiririri vekuchengetedza kana kuti akagadzira iptables nenzira kwayo, asi rudder ichakubatsira kuti urambe uchiziva zviitiko zvese. Kuziva zvinoreva nezvombo! )
PS Zvakaitika zvakanyanya kupfuura zvandaironga, ini handisi kuzotsanangura nzira yekuisa mapakeji, kana kamwe kamwe pane zvikumbiro, ini ndichanyora chikamu chechipiri.
PSS Chinyorwa chacho ndechezvinangwa zveruzivo, ndakafunga kuchigovera sezvo paine ruzivo rushoma paInternet. Zvichida izvi zvichave zvinonakidza kune mumwe munhu. Ivai nezuva rakanaka, shamwari dzinodiwa)
Pamusoro pekodzero dzekutsvaga
Epic maseva - ichi chi kana Windows ine simba AMD EPYC mhuri processors uye inokurumidza Intel NVMe madhiraivha. Kurumidza kuodha!
Source: www.habr.com