Foreword
"Ushamwari" hwedu hwakatanga makore maviri apfuura. Ndakauya kunzvimbo itsva yebasa, uko admin wekare akambondisiira software iyi senhaka. Hapana chandakawana paInternet kunze kwemagwaro epamutemo. Kunyangwe ikozvino, kana iwe uka google "rudder", mu99% yezviitiko zvinopa kunze: mavhiri ekutungamirira uye quadcopters. Ndakakwanisa kuwana nzira yekuzvibata nayo. Sezvo Nharaunda yeiyi software isina basa, ndakafunga kugovera ruzivo rwangu uye rakes. Ndinofunga zvichabatsira mumwe munhu.
Saka, Rudder
Rudder ndeye yakavhurika sosi yekumisikidza yekuongorora uye manejimendi yekushandisa iyo inobatsira otomatiki sisitimu kumisikidzwa. Inoshanda nekuisa mumiririri pamushandisi wega wega. Kuburikidza nemushandisi-ane hushamwari interface, isu tinogona kutarisa kuti zvivakwa zvedu zvinopindirana sei nemitemo yese yakatarwa.
Shandisa
Pazasi ini ndichanyora zvandinoshandisa Rudder.
Kudzora kwemafaira uye zvigadziriso: ./ssh/authorized_keys ; /etc/hosts ; iptables; (uye ipapo chero kwaunofunga kunotora iwe)
Kudzora kwemapakeji akaiswa: zabbix.agent kana chero imwe software
Kuisa server
Ndakavandudza kubva pavhezheni 5 kuenda pa6.1 nguva pfupi yadarika, uye zvese zvakafamba zvakanaka. Pazasi pane mirairo yeDebian.Ubuntu asi kunewo rutsigiro: и .
Ini ndichavanza kuiswa mune vaparadzi kuti ndisakukanganisa iwe.
pomuparadzi
Dependencies
Iyo rudder-server inoda Java RE ingangoita vhezheni 8, iyo inogona kuiswa kubva kune yakajairwa repository:
Ngatitarisei kana yakaiswa
java -versionkana mhedziso
-bash: java: command not foundtobva taisa
apt install default-jreServer
Isai kiyi
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -Heino imprint pachayo
pub 4096R/474A19E8 2011-12-15 Rudder Project (release key) <security@rudder-project.org>
Key fingerprint = 7C16 9817 7904 212D D58C B4D1 9322 C330 474A 19E8Sezvo isu tisina kubhadhara kunobhadharwa, tiri kuwedzera inotevera repository
echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.listGadzirisa rondedzero yezvinyorwa uye isa server
apt update
apt install rudder-server-rootGadzira mushandisi admin
rudder server create-user -u admin -p "Ваш Пароль"Mune ramangwana isu tinogona kubata vashandisi kuburikidza neiyo config
Ndizvozvo, sevha yakagadzirira.
Server Tuning
Zvino zvakakosha kuwedzera IP kero dzevamiririri kana iyo subnet yese kune inodzora mumiriri, ichitarisa pane yekuchengetedza mutemo.
Settings -> General
Mumunda "Wedzera network" Isa kero uye mask mufomati xxxx/xx. Kuti ubvumire kupinda kubva kumakero ese emukati network (kana zvirizvo iyi iri test network uye uri kuseri kweNAT) pinda: 0.0.0.0/0
Zvakakosha: mushure mekuwedzera IP kero, usakanganwa kudzvanya Chengetedza shanduko, zvikasadaro hapana chichachengetwa.
Zviteshi
Pa server, vhura zvinotevera zviteshi
443 - tcp
5309 - tcp
514 - udp
Isu takarongedza yekutanga server setup.
Kuisa Agent
pomuparadzi
Kuwedzera kiyi
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -Kudhinda kiyi
pub 4096R/474A19E8 2011-12-15 Rudder Project (release key) <security@rudder-project.org>
Key fingerprint = 7C16 9817 7904 212D D58C B4D1 9322 C330 474A 19E8Kuwedzera repository
echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.listKuisa mumiririri
apt update
apt install rudder-agentKugadzira agent
Isu tinoratidza kumumiririri iyo IP kero yepolicy server
rudder agent policy-server <rudder server ip or hostname> #Без скобок. Можно также использовать доменное имя Nekumhanyisa iwo unotevera rairo isu tinotumira chikumbiro chekuwedzera mumiriri mutsva kune server, mumaminitsi mashoma ichaonekwa mune runyorwa rwevamiriri vatsva, maitiro ekuwedzera ini ndichatsanangura muchikamu chinotevera.
rudder agent inventoryIsu tinogona zvakare kumanikidza mumiriri kuti atange uye inotumira chikumbiro nekukurumidza.
rudder agent runAgent yedu yagadzirwa, ngatienderere mberi.
Kuwedzera vamiririri
Ngatipindei mukati
https://127.0.0.1/rudder/index.html
Muchikamu "Gamuchira node nyowani" mumiriri wako achaonekwa, tarisa bhokisi uye tinya Gamuchira
Zvinotora nguva shoma kuti sisitimu itarise sevha kuti inoenderana here.
Kugadzira Mapoka eSeva
Ngatigadzirei boka (chinhu chinonakidza kwazvo), handizivi kuti sei vagadziri vakaita marwadzo akadaro mumbongoro kuti vaumbe mapoka, asi sekunzwisisa kwandinoita, hapana imwe nzira. Enda kuNode manejimendi -> Mapoka chikamu uye tinya Gadzira, sarudza static boka uye zita.
Isu tinosefa sevha yatinoda neakakosha maficha, semuenzaniso ne IP kero, uye chengetedza
Boka rinomiswa.
Kugadzira mitemo
Enda kuConfiguration policy → Mitemo uye gadzira mutemo mutsva
Wedzera boka kuboka rakambogadzirirwa (izvi zvinogona kuitwa gare gare)
Uye isu tinogadzira gwara idzva
Ngatigadzirei dhairekitori rekuwedzera makiyi eruzhinji ku .ssh/authorized_keys. Ini ndinoshandisa izvi kana mushandi mutsva asiya, kana kuti reinsurance, semuenzaniso, kana mumwe munhu netsaona akacheka kiyi yangu.
Enda kuConfiguration policy → Madhairekitori kuruboshwe tinoona "Directive raibhurari" Tsvaga "Remote kupinda → SSH makiyi ane mvumo", kurudyi tinya Gadzira Directive.
Isu tinoisa data remushandisi uye tinowedzera kiyi yake. Zvadaro tinosarudza mutemo wekushanda
Global - The default policy
Enforce - Ita pamaseva akasarudzwa
Odhita - Ichaita ongororo uye kukuudza kuti ndevapi vatengi vane kiyi
Iva nechokwadi chekuratidza mutemo wedu
Zvadaro tinochengetedza uye zvinhu zvose zvakagadzirira.
Kuongorora
Kiyi yawedzerwa zvinobudirira
Buns
Mumiririri anopa ruzivo rwakazara nezve server. Rondedzero yemapakeji akaiswa, mainterface, akavhurika madoko uye nezvimwe zvakawanda, izvo iwe zvaunogona kuona muiyo skrini pazasi
Izvo zvakare zvinogoneka kuisa uye kutonga software kwete paLinux chete asiwo paWindows, ini handina kutarisa yekupedzisira, pakanga pasina chikonzero.
Kubva kumunyori
Iwe unogona kunge uchibvunza, sei kudzoreredza vhiri kana zvinonzwisisika uye chidhori zvakatogadzirwa?
Mhinduro: Ansible ine zvikanganiso zvayo, semuenzaniso, isu hatisi kuona mamiriro azvino ekugadzirisa, kana mamiriro akajairwa kana iwe uchimhanyisa chikamu kana playbook uye kukanganisa kukanganisa kunobhururuka kunze, uye iwe unotanga kukwira sevha uye kuona kuti ndeipi package yakagadziridzwa kupi. Uye handisati ndamboshanda nechipopi.
Pane zvakaderera kune Rudder? Zvakawanda .. Kutanga nenyaya yekuti vamiririri vanodonha uye unofanirwa kuvadzosera kana kushandisa rudder reset command. (asi nenzira, handisati ndaona izvi muvhezheni 6 parizvino), ichipera neyakaomesesa setup uye isina musoro interface.
Pane zvakanakira here? Uye kune akawanda mabhenefiti: Kusiyana neanozivikanwa Ansible, isu tine webhu interface inoratidza kutevedzera kwatakaita. Semuyenzaniso, kunyangwe zviteshi zviri kuoneswa pasirese, mafirewall ari munzvimbo ipi, angave maajeji kana mamwe majeti akaiswa.
Iyi software yakakwana kune dhipatimendi rekuchengetedza ruzivo, sezvo mamiriro ezvivakwa achagara ari pamberi pemeso ako, uye kana chero yemitemo inovhenekera mutsvuku, saka ichi ndicho chikonzero chekushanyira sevha. Sezvandakataura, ndanga ndichishandisa Rudder kwemakore maviri ikozvino, uye kana ukaiputa zvishoma, ipapo hupenyu hunova nani. Chinhu chakanyanya kuoma muhukuru hwezvivakwa ndechekuti hauyeuke kuti sevha iri papi, ingave junior akapotsa kugadzwa kwevamiriri vekuchengetedza kana kuti akagadzira iptables nenzira kwayo, asi rudder ichakubatsira iwe kuziva zviitiko zvese. Kuziva kunoreva kuti une zvombo! )
P.S. Yakazove yakawanda kupfuura yandakaronga, ini handisi kuzotsanangura nzira yekuisa mapakeji, kana kamwe kamwe pane zvikumbiro, ini ndichanyora chikamu chechipiri.
PSS Chinyorwa chine ruzivo, ndakasarudza kugovera nekuti pane ruzivo rushoma paInternet. Zvichida zvichava zvinonakidza kune mumwe munhu. Ivai nezuva rakanaka, vadikani)
Pamusoro pekodzero dzekutsvaga
Epic maseva - ichi chi kana Windows Nema processor ane simba eAMD EPYC uye madhiraivha eIntel NVMe anomhanya kwazvo. Odha izvozvi!
Source: www.habr.com
