Dumelang thapama metswalle. Ka tebello ea ho qala ha phallo e ncha ka sekhahla Re arolelana le uena phetolelo e ncha. Eya.
Ho sebelisa Pulumi le lipuo tsa mananeo a akaretsang bakeng sa khoutu ea litšebeletso (Infrastructure as Code) ho fana ka melemo e mengata: ho fumaneha ha litsebo le tsebo, ho tlosoa ha boilerplate ka khoutu ka ho ikemela, lisebelisoa tse tloaelehileng ho sehlopha sa hau, joalo ka li-IDE le li-linters. Lisebelisoa tsena tsohle tsa boenjiniere ba software ha li re etse feela hore re atlehe, empa hape li ntlafatsa boleng ba khoutu ea rona. Ka hona, ke ntho ea tlhaho hore tšebeliso ea lipuo tse sebelisoang ka kakaretso e u lumella ho hlahisa mokhoa o mong oa bohlokoa oa nts'etsopele ea software - ho etsa liteko.
Sengoliloeng sena, re tla sheba hore na Pulumi e re thusa joang ho lekola lits'ebetso tsa rona joalo ka khoutu.
Hobaneng ho lekoa lisebelisoa tsa motheo?
Pele re bua ka botlalo, ho bohlokoa ho botsa potso ena: "Hobaneng ho leka lisebelisoa tsa motheo ho hang?" Ho na le mabaka a mangata a sena mme mona ke a mang a ona:
- Teko ea yuniti ea mesebetsi ka bomong kapa likaroloana tsa mohopolo oa lenaneo la hau
- E netefatsa boemo bo lakatsehang ba meralo ea motheo khahlano le litšitiso tse itseng.
- Ho sibolloa ha liphoso tse tloaelehileng, joalo ka khaello ea encryption ea nkho ea polokelo kapa phihlello e sa sireletsehang, phihlello e bulehileng ho tloha Marang-rang ho ea ho mechini ea sebele.
- Ho hlahloba ts'ebetsong ea phano ea litšebeletso tsa motheo.
- Ho etsa tlhahlobo ea nako ea ho sebetsa ea logic ea ts'ebeliso e sebetsang ka har'a meaho ea hau ea "programme" ho lekola ts'ebetso kamora ho fana.
- Joalo ka ha re bona, ho na le mefuta e mengata e fapaneng ea likhetho tsa tlhahlobo ea lisebelisoa. Polumi e na le mekhoa ea ho etsa liteko sebakeng se seng le se seng sepakapakeng sena. A re qaleng 'me re bone hore na e sebetsa joang.
Teko ea yuniti
Mananeo a Pulumi a ngotsoe ka lipuo tse hlophisitsoeng ka kakaretso tse kang JavaScript, Python, TypeScript kapa Go. Ka hona, matla a felletseng a lipuo tsena, ho kenyeletsoa lisebelisoa le lilaebrari tsa bona, ho kenyeletsoa le meralo ea liteko, li fumaneha ho bona. Pulumi e na le maru a mangata, ho bolelang hore e ka sebelisoa bakeng sa liteko ho tsoa ho mofani ofe kapa ofe oa maru.
(Sengoliloeng sena, leha re le lipuo tse ngata le multicloud, re sebelisa JavaScript le Mocha mme re tsepamisitse maikutlo ho AWS. U ka sebelisa Python unittest, E-ea moralo oa tlhahlobo, kapa moralo ofe kapa ofe oa tlhahlobo oo u o ratang. Mme, ehlile, Pulumi e sebetsa hantle ka Azure, Google Cloud, Kubernetes.)
Joalo ka ha re se re bone, ho na le mabaka a 'maloa ao u ka batlang ho lekola khoutu ea hau ea litšebeletso. E 'ngoe ea tsona ke tlhahlobo e tloaelehileng ea li-unit. Hobane khoutu ea hau e ka ba le mesebetsi - mohlala, ho bala CIDR, ho bala mabitso, li-tag, joalo-joalo. - mohlomong u tla batla ho li hlahloba. Sena se tšoana le ho ngola liteko tse tloaelehileng tsa yuniti bakeng sa lits'ebetso ka puo eo u e ratang haholo ea lenaneo.
Ho rarahana le ho feta, o ka hlahloba hore na lenaneo la hau le abela lisebelisoa joang. Ho etsa mohlala, ha re nahane hore re hloka ho theha seva e bonolo ea EC2 mme re batla ho etsa bonnete ba tse latelang:
- Liketsahalo li na le tag
Name. - Maemo ha aa lokela ho sebelisa mongolo oa inline
userData- re tlameha ho sebelisa AMI (setšoantšo). - Ha hoa lokela ho ba le SSH e pepesitsoeng Inthaneteng.
Mohlala ona o thehiloe ho :
index.js:
"use strict";
let aws = require("@pulumi/aws");
let group = new aws.ec2.SecurityGroup("web-secgrp", {
ingress: [
{ protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
{ protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },
],
});
let userData =
`#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &`;
let server = new aws.ec2.Instance("web-server-www", {
instanceType: "t2.micro",
securityGroups: [ group.name ], // reference the group object above
ami: "ami-c55673a0" // AMI for us-east-2 (Ohio),
userData: userData // start a simple web server
});
exports.group = group;
exports.server = server;
exports.publicIp = server.publicIp;
exports.publicHostName = server.publicDns;
Ena ke lenaneo la mantlha la Pulumi: e fana feela ka sehlopha sa ts'ireletso sa EC2 le mohlala. Leha ho le joalo, ho ke ho hlokomeloe hore mona re tlōla melao eohle e meraro e boletsoeng ka holimo. Ha re ngoleng liteko!
Ho ngola liteko
Sebopeho se akaretsang sa liteko tsa rona se tla shebahala joalo ka liteko tse tloaelehileng tsa Mocha:
ec2tes.js
test.js:
let assert = require("assert");
let mocha = require("mocha");
let pulumi = require("@pulumi/pulumi");
let infra = require("./index");
describe("Infrastructure", function() {
let server = infra.server;
describe("#server", function() {
// TODO(check 1): Должен быть тэг Name.
// TODO(check 2): Не должно быть inline-скрипта userData.
});
let group = infra.group;
describe("#group", function() {
// TODO(check 3): Не должно быть SSH, открытого в Интернет.
});
});
Joale ha re ngoleng teko ea rona ea pele: etsa bonnete ba hore mehlala e na le tag Name. Ho hlahloba sena re fumana feela ntho ea mohlala ea EC2 ebe re sheba thepa e tsamaellanang le eona tags:
// check 1: Должен быть тэг Name.
it("must have a name tag", function(done) {
pulumi.all([server.urn, server.tags]).apply(([urn, tags]) => {
if (!tags || !tags["Name"]) {
done(new Error(`Missing a name tag on server ${urn}`));
} else {
done();
}
});
});E shebahala joalo ka tlhahlobo e tloaelehileng, empa e na le likarolo tse 'maloa tse lokelang ho elelloa:
- Hobane re botsa boemo ba sesebelisoa pele se romelloa, liteko tsa rona li lula li etsoa ka mokhoa oa "moralo" (kapa "preview"). Kahoo, ho na le thepa e ngata eo boleng ba eona bo ke keng ba hlola bo khutlisoa kapa bo ke keng ba hlalosoa. Sena se kenyelletsa thepa eohle ea tlhahiso e baloang ke mofani oa hau oa leru. Sena se tloaelehile bakeng sa liteko tsa rona - re sheba feela lintlha tse kentsoeng. Re tla khutlela tabeng ena hamorao, ha ho tluoa litekong tsa ho kopanya.
- Kaha thepa eohle ea lisebelisoa tsa Pulumi ke liphetho, 'me tse ngata tsa tsona li hlahlojoa ka mokhoa o ts'oanang, re hloka ho sebelisa mokhoa oa ho sebelisa ho fihlella litekanyetso. Sena se tšoana haholo le litšepiso le ts'ebetso
then. - Kaha re sebelisa thepa e 'maloa ho bontša URN ea mohloli molaetseng oa phoso, re hloka ho sebelisa ts'ebetso
pulumi.allho di kopanya. - Qetellong, kaha litekanyetso tsena li baloa ka mokhoa o ts'oanang, re hloka ho sebelisa karolo ea Mocha e hahiloeng ka har'a async callback.
donekapa ho kgutlisa tshepiso.
Ha re se re hlophisitse tsohle, re tla ba le phihlello ea lintho tse kentsoeng joalo ka boleng bo bonolo ba JavaScript. Thepa tags ke 'mapa (associative array), kahoo re tla etsa bonnete ba hore (1) ha se leshano, 'me (2) ho na le senotlolo sa Name. Ho bonolo haholo mme joale re ka leka eng kapa eng!
Joale ha re ngoleng cheke ea rona ea bobeli. E bonolo le ho feta:
// check 2: Не должно быть inline-скрипта userData.
it("must not use userData (use an AMI instead)", function(done) {
pulumi.all([server.urn, server.userData]).apply(([urn, userData]) => {
if (userData) {
done(new Error(`Illegal use of userData on server ${urn}`));
} else {
done();
}
});
});Mme qetellong, ha re ngoleng teko ya boraro. Sena se tla ba thata haholoanyane hobane re batla melao ea ho kena e amanang le sehlopha sa ts'ireletso, eo ho eona ho ka bang le tse ngata, le mekhahlelo ea CIDR melaong eo, eo hape e ka bang le e mengata. Empa re atlehile:
// check 3: Не должно быть SSH, открытого в Интернет.
it("must not open port 22 (SSH) to the Internet", function(done) {
pulumi.all([ group.urn, group.ingress ]).apply(([ urn, ingress ]) => {
if (ingress.find(rule =>
rule.fromPort == 22 && rule.cidrBlocks.find(block =>
block === "0.0.0.0/0"))) {
done(new Error(`Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on group ${urn}`));
} else {
done();
}
});
});Ke phetho. Joale ha re phetheng liteko!
Ho matha liteko
Maemong a mangata, o ka etsa liteko ka mokhoa o tloaelehileng, o sebelisa moralo oa tlhahlobo oa khetho ea hau. Empa ho na le tšobotsi e le 'ngoe ea Pulumi eo u lokelang ho e ela hloko.
Ka tloaelo, ho tsamaisa mananeo a Pulumi, pulimi CLI (Command Line interface) e sebelisoa, e lokisang nako ea ho sebetsa ea puo, e laola ho qalisoa ha mochine oa Pulumi e le hore ts'ebetso e nang le lisebelisoa e ka ngoloa 'me e kenyelelitsoe moralo, joalo-joalo. Leha ho le joalo, ho na le bothata bo le bong. Ha u sebetsa tlas'a taolo ea moralo oa hau oa teko, ho ke ke ha e-ba le puisano pakeng tsa CLI le mochine oa Pulumi.
Ho rarolla bothata bona, re hloka feela ho totobatsa tse latelang:
- Lebitso la morero, le leng teng ho feto-fetoha ha tikoloho
PULUMI_NODEJS_PROJECT(kapa, ka kakaretso,PULUMI__PROJECT для других языков).
Lebitso la stack le boletsoeng ho feto-fetoha ha tikolohoPULUMI_NODEJS_STACK(kapa, ka kakaretso,PULUMI__ STACK).
Liphetoho tsa tlhophiso ea stack ea hau. Li ka fumanoa ho sebelisoa phetoho ea tikolohoPULUMI_CONFIG'me sebopeho sa bona ke' mapa oa JSON o nang le li-key/value pairs.Lenaneo le tla fana ka litemoso tse bontšang hore khokahanyo ho CLI / enjene ha e fumanehe nakong ea ts'ebetso. Sena se bohlokoa hobane lenaneo la hau le ke ke la fana ka letho mme ho ka makatsa haeba e se seo u neng u rerile ho se etsa! Ho bolella Pulumi hore sena ke sona seo u se hlokang, u ka kenya
PULUMI_TEST_MODEвtrue.Nahana hore re hloka ho hlakisa lebitso la projeke ho
my-ws, lebitso la stackdev, le Sebaka sa AWSus-west-2. Mohala oa taelo oa ho etsa liteko tsa Mocha o tla shebahala tjena:$ PULUMI_TEST_MODE=true PULUMI_NODEJS_STACK="my-ws" PULUMI_NODEJS_PROJECT="dev" PULUMI_CONFIG='{ "aws:region": "us-west-2" }' mocha tests.jsHo etsa sena, joalokaha ho lebeletsoe, ho tla re bontša hore re na le liteko tse tharo tse hlōlehileng!
Infrastructure #server 1) must have a name tag 2) must not use userData (use an AMI instead) #group 3) must not open port 22 (SSH) to the Internet 0 passing (17ms) 3 failing 1) Infrastructure #server must have a name tag: Error: Missing a name tag on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 2) Infrastructure #server must not use userData (use an AMI instead): Error: Illegal use of userData on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 3) Infrastructure #group must not open port 22 (SSH) to the Internet: Error: Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on groupHa re lokiseng lenaneo la rona:
"use strict"; let aws = require("@pulumi/aws"); let group = new aws.ec2.SecurityGroup("web-secgrp", { ingress: [ { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, ], }); let server = new aws.ec2.Instance("web-server-www", { tags: { "Name": "web-server-www" }, instanceType: "t2.micro", securityGroups: [ group.name ], // reference the group object above ami: "ami-c55673a0" // AMI for us-east-2 (Ohio), }); exports.group = group; exports.server = server; exports.publicIp = server.publicIp; exports.publicHostName = server.publicDns;Ebe u etsa liteko hape:
Infrastructure #server ✓ must have a name tag ✓ must not use userData (use an AMI instead) #group ✓ must not open port 22 (SSH) to the Internet 3 passing (16ms)Tsohle di tsamaile hantle... Hurray! ✓✓✓
Ke tsohle tsa kajeno, empa re tla bua ka tlhahlobo ea phepelo karolong ea bobeli ea phetolelo 😉
Source: www.habr.com