I ngcaciso
“Ubuhlobo” bethu baqala kwiminyaka emibini edluleyo. Ndifike kwindawo entsha yokusebenza, apho umlawuli wangaphambili wandishiya ngokungaqhelekanga le software njengelifa. Andifumananga nto kwi-Intanethi ngaphandle kwamaxwebhu asemthethweni. Kwangoku, ukuba u-google "i-rudder", kwi-99% yamatyala iya kuza nayo: iihelms zeenqanawa kunye ne-quadcopters. Ndikwazile ukufumana indlela yokusondela kuye. Ekubeni uluntu lwale software alunamsebenzi, ndaye ndagqiba ekubeni ndibelane ngamava am kunye ne-rake. Ndicinga ukuba oku kuya kuba luncedo kumntu.
Ngoko iRudder
I-Rudder ngumthombo ovulekileyo wophicotho kunye nolawulo lolawulo oluluncedo olunceda ukuzenzekelayo ukucwangciswa kwenkqubo. Isebenza kumgaqo wokufaka i-arhente kumsebenzisi ngamnye wokugqibela. Ngokusebenzisa ujongano olufanelekileyo, sinokubeka iliso ukuba ingakanani na iziseko zophuhliso ezihambelana nayo yonke imigaqo-nkqubo echaziweyo.
Sebenzisa
Ngezantsi ndiza kudwelisa into endiyisebenzisela iRudder.
-
Ulawulo lweefayile kunye noqwalaselo: ./ssh/authorized_keys ; /etc/hosts ; iiptables ; (kwaye ke apho ukucinga kwakho kukhokelela khona)
-
Ulawulo lweepakethe ezifakiweyo: zabbix.agent okanye nayiphi na enye isoftware
Ufakelo lweseva
Kutshanje ndiye ndahlaziya ukusuka kwinguqulo yesi-5 ukuya kwi-6.1, yonke into ihambe kakuhle. Ngezantsi yimiyalelo kaDeban/Ubuntu kodwa kukho nenkxaso:
Ndiya kufihla ukufakela kwi-spoilers ukuze ndingakuphazamisi.
Spoiler
Ukuxhomekeka
i-rudder-server ifuna iJava RE ubuncinane inguqulelo yesi-8, ingafakelwa kwindawo yokugcina esemgangathweni:
Ukujonga ukuba ifakelwe na
java -version
ukuba sisigqibo
-bash: java: command not found
uze ufake
apt install default-jre
UmSebenzi
Ukungenisa isitshixo
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -
Nanku umbhalo ngokwawo
pub 4096R/474A19E8 2011-12-15 Rudder Project (release key) <[email protected]>
Key fingerprint = 7C16 9817 7904 212D D58C B4D1 9322 C330 474A 19E8
Ekubeni singenalo umrhumo ohlawulwayo, songeza le ndawo yokugcina yokugcina
echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list
Hlaziya uluhlu lweendawo zokugcina kwaye ufake umncedisi
apt update
apt install rudder-server-root
Yenza umlawuli womsebenzisi
rudder server create-user -u admin -p "Ваш Пароль"
Kwixesha elizayo singakwazi ukulawula abasebenzisi ngokusebenzisa i-config
Yiloo nto, umncedisi ulungile.
ULungiselelo lweseva
Ngoku kufuneka ungeze iidilesi ze-IP zama-agent okanye i-subnet yonke kwi-agent ye-rudder, sigxininisa kumgaqo-nkqubo wokhuseleko.
Izicwangciso -> Ngokubanzi
Kwindawo ethi "Yongeza inethiwekhi", faka idilesi kunye nemaski kwifomathi xxxx/xx. Ukuze uvumele ukufikelela kuzo zonke iidilesi zothungelwano lwangaphakathi (Ngaphandle kokuba oku kuyinethiwekhi yovavanyo kwaye usemva kwe-NAT) faka: 0.0.0.0/0
Kubalulekile - emva kokufaka idilesi ye-ip, ungakulibali ukucofa Gcina utshintsho, ngaphandle koko akukho nto iya kugcinwa.
Izibuko
Vula la mazibuko alandelayo kumncedisi
-
443-tcp
-
5309-tcp
-
514 udp
Silungise ukuseta iseva yokuqala.
Ukufakela i-Agent
Spoiler
Yongeza isitshixo
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -
Iminwe engundoqo
pub 4096R/474A19E8 2011-12-15 Rudder Project (release key) <[email protected]>
Key fingerprint = 7C16 9817 7904 212D D58C B4D1 9322 C330 474A 19E8
Ukongeza indawo yokugcina
echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list
Ukufakela i-arhente
apt update
apt install rudder-agent
Ukuseta iarhente
Sibonisa kwi-arhente idilesi ye-IP yomncedisi wepolisi
rudder agent policy-server <rudder server ip or hostname> #Без скобок. Можно также использовать доменное имя
Ngokusebenzisa lo myalelo ulandelayo siya kuthumela isicelo sokongeza iarhente entsha kumncedisi, kwimizuzu embalwa iya kuvela kuluhlu lweearhente ezintsha, ndiya kuchaza indlela yokongeza kwicandelo elilandelayo.
rudder agent inventory
Sinokunyanzela i-arhente ukuba iqalise kwaye iya kuthumela isicelo ngoko nangoko
rudder agent run
I-arhente yethu imisiwe, masiqhubeke.
Ukongeza ii-arhente
Ngema
https://127.0.0.1/rudder/index.html
I-arhente yakho iya kuvela kwicandelo elithi "Yamkela iinodi ezintsha", khangela ibhokisi kwaye ucofe uYamkela
Kufuneka kuthathe ixesha elincinane de inkqubo ijonge umncedisi ukuthobela
Ukudala amaqela eseva
Masenze iqela (eselilolonwabo), singazi ukuba kutheni abaphuhlisi benze iqela elibi kangaka, kodwa njengoko ndiyiqonda, ayikho enye indlela. Yiya kulawulo lweNode -> Amaqela icandelo kwaye ucofe ku Yenza, khetha iqela elimileyo kunye negama.
Sihluza iseva esiyifunayo ngeempawu ezikhethekileyo, umzekelo, ngedilesi ye-ip, kwaye ugcine
Iqela limiselwe.
Ukumisela imithetho
Yiya kumgaqo-nkqubo woqwalaselo → Imigaqo kwaye wenze umthetho omtsha
Yongeza iqela elilungiselelwe ngaphambili (oku kunokwenziwa kamva)
Kwaye senza ulwalathiso olutsha
Masenze isikhokelo sokongeza izitshixo zikawonke-wonke kwi-.ssh/authorized_keys. Ndisebenzisa oku xa umqeshwa omtsha ehamba, okanye ukubuyisela i-inshurensi, umzekelo, ukuba umntu ngempazamo usike isitshixo sam.
Yiya kumgaqo-nkqubo woqwalaselo → Izikhokelo ngasekhohlo sibona “ithala leencwadi” Fumana “ufikelelo olukude → izitshixo ezigunyazisiweyo ze-SSH”, ekunene nqakraza Yenza uMyalelo
Sifaka ulwazi malunga nomsebenzisi kwaye songeza isitshixo sakhe. Okulandelayo, khetha umgaqo-nkqubo wesicelo
-
Global - Umgaqo-nkqubo oMiselweyo
-
Ukunyanzelisa-Phumeza kwiiseva ezikhethiweyo
-
Uphicotho-Iza kwenza uphicotho-zincwadi kwaye ichaze ukuba ngabaphi abathengi abanesitshixo
Qiniseka ukuba ubonisa umthetho wethu
Emva koko gcina kwaye ugqibile.
Jonga
Isitshixo songezwe ngempumelelo
Iibhanti
I-arhente inikezela ngolwazi olupheleleyo malunga nomncedisi. Uluhlu lweepakethe ezifakiweyo, ujongano, izibuko ezivulekileyo kunye nokunye okuninzi, onokukubona kwiscreenshot esingezantsi
Unokufaka kwaye ulawule isoftware kungekuphela nje kwiLinux kodwa nakwiWindows, khange ndiyijonge le yokugqibela, bekungekho mfuneko.
Isuka kumbhali
Usenokuba uyabuza, kutheni ukubuyisela kwakhona ivili ukuba i-ansible kunye ne-puppet sele iyilwe kwakudala?
Ndiyaphendula: I-Ansible inezithintelo ezithile, umzekelo, asiboni ukuba le meko ikhoyo ngoku, okanye imeko eqhelekileyo xa usungula indima okanye incwadi yokudlala kunye neempazamo zokuphazamiseka, kwaye uqala ukukhwela kumncedisi kwaye ubone. yeyiphi ipakethe ehlaziyiweyo apho. Kwaye khange ndisebenze ngonopopi..
Ngaba kukho naziphi na izinto ezingalunganga kwi-Rudder? Kakhulu. (kodwa ngendlela, andikayiboni le kwinguqulo yesi-6 okwangoku), okukhokelela kucwangciso olunzima kakhulu kunye nojongano olungenangqiqo.
Ngaba kukho naziphi na iingenelo? Kwaye kukho iingenelo ezininzi: Ngokungafaniyo ne-Ansible eyaziwayo, sinojongano lwewebhu apho unokubona ukuthotyelwa esikwenzileyo. Umzekelo, ngaba amazibuko ancamathele ngaphandle elizweni, ithini imeko yefirewall, ziiarhente zokhuseleko ezifakiweyo okanye ezinye izixhobo.
Le software igqibelele kwisebe lokhuseleko lolwazi, ekubeni imeko yeziseko zophuhliso iya kuhlala iphambi kwamehlo akho, kwaye ukuba nayiphi na imigaqo ikhanyisa ngombala obomvu, ke esi sizathu sokutyelela umncedisi. Njengoko benditshilo, bendisebenzisa iRudder iminyaka eyi-2 ngoku, kwaye ukuba uyayitshaya kancinci, ubomi buya kuba ngcono. Into enzima kakhulu kwisiseko esikhulu kukuba awukhumbuli ukuba yiyiphi imeko umncedisi, nokuba uJuni ulahlekelwe ukufaka ii-agent zokhuseleko okanye nokuba ulungiselele iptables ngokuchanekileyo, kodwa i-rudder iya kukunceda uhlale uhambelana nazo zonke iziganeko. Ukuqonda kuthetha ukuba uxhobile! )
I-PS Kwaba kuninzi kunokuba ndicwangcise, andiyi kuchaza indlela yokufaka iiphakheji, ukuba ngokukhawuleza kukho izicelo, ndiya kubhala inxalenye yesibini.
I-PSS Eli nqaku lenzelwe iinjongo zolwazi, ndagqiba ekubeni sabelane ngalo kuba kukho ulwazi oluncinci kakhulu kwi-Intanethi. Mhlawumbi oku kuya kuba nomdla kumntu. Nibe nosuku oluhle bahlobo abathandekayo)
Njengentengiso
Iiseva ze-Epic - yi le
umthombo: www.habr.com