ProHoster > Ibhulogi > Ulawulo > Ukufakwa kunye nokusebenza kweRudder

Ukufakwa kunye nokusebenza kweRudder

Ukufakwa kunye nokusebenza kweRudder

I ngcaciso

“Ubuhlobo” bethu baqala kwiminyaka emibini edluleyo. Ndifike kwindawo entsha yokusebenza, apho umlawuli wangaphambili wandishiya ngokungaqhelekanga le software njengelifa. Andifumananga nto kwi-Intanethi ngaphandle kwamaxwebhu asemthethweni. Kwangoku, ukuba u-google "i-rudder", kwi-99% yamatyala iya kuza nayo: iihelms zeenqanawa kunye ne-quadcopters. Ndikwazile ukufumana indlela yokusondela kuye. Ekubeni uluntu lwale software alunamsebenzi, ndaye ndagqiba ekubeni ndibelane ngamava am kunye ne-rake. Ndicinga ukuba oku kuya kuba luncedo kumntu.

Ngoko iRudder

I-Rudder ngumthombo ovulekileyo wophicotho kunye nolawulo lolawulo oluluncedo olunceda ukuzenzekelayo ukucwangciswa kwenkqubo. Isebenza kumgaqo wokufaka i-arhente kumsebenzisi ngamnye wokugqibela. Ngokusebenzisa ujongano olufanelekileyo, sinokubeka iliso ukuba ingakanani na iziseko zophuhliso ezihambelana nayo yonke imigaqo-nkqubo echaziweyo.

Sebenzisa

Ngezantsi ndiza kudwelisa into endiyisebenzisela iRudder.

  • Ulawulo lweefayile kunye noqwalaselo: ./ssh/authorized_keys ; /etc/hosts ; iiptables ; (kwaye ke apho ukucinga kwakho kukhokelela khona)

  • Ulawulo lweepakethe ezifakiweyo: zabbix.agent okanye nayiphi na enye isoftware

Ufakelo lweseva

Kutshanje ndiye ndahlaziya ukusuka kwinguqulo yesi-5 ukuya kwi-6.1, yonke into ihambe kakuhle. Ngezantsi yimiyalelo kaDeban/Ubuntu kodwa kukho nenkxaso: RHEL/CentOS и Sles.

Ndiya kufihla ukufakela kwi-spoilers ukuze ndingakuphazamisi.

Spoiler

Ukuxhomekeka

i-rudder-server ifuna iJava RE ubuncinane inguqulelo yesi-8, ingafakelwa kwindawo yokugcina esemgangathweni:

Ukujonga ukuba ifakelwe na

java -version

ukuba sisigqibo

-bash: java: command not found

uze ufake

apt install default-jre

UmSebenzi

Ukungenisa isitshixo

wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -

Nanku umbhalo ngokwawo

pub  4096R/474A19E8 2011-12-15 Rudder Project (release key) <[email protected]>
      Key fingerprint = 7C16 9817 7904 212D D58C  B4D1 9322 C330 474A 19E8

Ekubeni singenalo umrhumo ohlawulwayo, songeza le ndawo yokugcina yokugcina

echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list

Hlaziya uluhlu lweendawo zokugcina kwaye ufake umncedisi

apt update
apt install rudder-server-root

Yenza umlawuli womsebenzisi

rudder server create-user -u admin -p "Ваш Пароль"

Kwixesha elizayo singakwazi ukulawula abasebenzisi ngokusebenzisa i-config

Yiloo nto, umncedisi ulungile.

ULungiselelo lweseva

Ngoku kufuneka ungeze iidilesi ze-IP zama-agent okanye i-subnet yonke kwi-agent ye-rudder, sigxininisa kumgaqo-nkqubo wokhuseleko.

Izicwangciso -> Ngokubanzi

Ukufakwa kunye nokusebenza kweRudder

Kwindawo ethi "Yongeza inethiwekhi", faka idilesi kunye nemaski kwifomathi xxxx/xx. Ukuze uvumele ukufikelela kuzo zonke iidilesi zothungelwano lwangaphakathi (Ngaphandle kokuba oku kuyinethiwekhi yovavanyo kwaye usemva kwe-NAT) faka: 0.0.0.0/0

Kubalulekile - emva kokufaka idilesi ye-ip, ungakulibali ukucofa Gcina utshintsho, ngaphandle koko akukho nto iya kugcinwa.

Izibuko

Vula la mazibuko alandelayo kumncedisi

  • 443-tcp

  • 5309-tcp

  • 514 udp

Silungise ukuseta iseva yokuqala.

Ukufakela i-Agent

Spoiler

Yongeza isitshixo

wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -

Iminwe engundoqo

pub  4096R/474A19E8 2011-12-15 Rudder Project (release key) <[email protected]>
      Key fingerprint = 7C16 9817 7904 212D D58C  B4D1 9322 C330 474A 19E8

Ukongeza indawo yokugcina

echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list

Ukufakela i-arhente

apt update
apt install rudder-agent

Ukuseta iarhente

Sibonisa kwi-arhente idilesi ye-IP yomncedisi wepolisi

rudder agent policy-server <rudder server ip or hostname> #Без скобок. Можно также использовать доменное имя

Ngokusebenzisa lo myalelo ulandelayo siya kuthumela isicelo sokongeza iarhente entsha kumncedisi, kwimizuzu embalwa iya kuvela kuluhlu lweearhente ezintsha, ndiya kuchaza indlela yokongeza kwicandelo elilandelayo.

rudder agent inventory

Sinokunyanzela i-arhente ukuba iqalise kwaye iya kuthumela isicelo ngoko nangoko

rudder agent run

I-arhente yethu imisiwe, masiqhubeke.

Ukongeza ii-arhente

Ngema

https://127.0.0.1/rudder/index.html

Ukufakwa kunye nokusebenza kweRudder

I-arhente yakho iya kuvela kwicandelo elithi "Yamkela iinodi ezintsha", khangela ibhokisi kwaye ucofe uYamkela

Ukufakwa kunye nokusebenza kweRudder

Kufuneka kuthathe ixesha elincinane de inkqubo ijonge umncedisi ukuthobela

Ukudala amaqela eseva

Masenze iqela (eselilolonwabo), singazi ukuba kutheni abaphuhlisi benze iqela elibi kangaka, kodwa njengoko ndiyiqonda, ayikho enye indlela. Yiya kulawulo lweNode -> Amaqela icandelo kwaye ucofe ku Yenza, khetha iqela elimileyo kunye negama.

Ukufakwa kunye nokusebenza kweRudder

Sihluza iseva esiyifunayo ngeempawu ezikhethekileyo, umzekelo, ngedilesi ye-ip, kwaye ugcine

Ukufakwa kunye nokusebenza kweRudder

Iqela limiselwe.

Ukumisela imithetho

Yiya kumgaqo-nkqubo woqwalaselo → Imigaqo kwaye wenze umthetho omtsha

Ukufakwa kunye nokusebenza kweRudder

Yongeza iqela elilungiselelwe ngaphambili (oku kunokwenziwa kamva)

Ukufakwa kunye nokusebenza kweRudder

Kwaye senza ulwalathiso olutsha

Ukufakwa kunye nokusebenza kweRudder

Masenze isikhokelo sokongeza izitshixo zikawonke-wonke kwi-.ssh/authorized_keys. Ndisebenzisa oku xa umqeshwa omtsha ehamba, okanye ukubuyisela i-inshurensi, umzekelo, ukuba umntu ngempazamo usike isitshixo sam.

Yiya kumgaqo-nkqubo woqwalaselo → Izikhokelo ngasekhohlo sibona “ithala leencwadi” Fumana “ufikelelo olukude → izitshixo ezigunyazisiweyo ze-SSH”, ekunene nqakraza Yenza uMyalelo

Sifaka ulwazi malunga nomsebenzisi kwaye songeza isitshixo sakhe. Okulandelayo, khetha umgaqo-nkqubo wesicelo

  • Global - Umgaqo-nkqubo oMiselweyo

  • Ukunyanzelisa-Phumeza kwiiseva ezikhethiweyo

  • Uphicotho-Iza kwenza uphicotho-zincwadi kwaye ichaze ukuba ngabaphi abathengi abanesitshixo

Ukufakwa kunye nokusebenza kweRudder

Qiniseka ukuba ubonisa umthetho wethu

Ukufakwa kunye nokusebenza kweRudder

Emva koko gcina kwaye ugqibile.

Jonga

Ukufakwa kunye nokusebenza kweRudder

Isitshixo songezwe ngempumelelo

Iibhanti

I-arhente inikezela ngolwazi olupheleleyo malunga nomncedisi. Uluhlu lweepakethe ezifakiweyo, ujongano, izibuko ezivulekileyo kunye nokunye okuninzi, onokukubona kwiscreenshot esingezantsi

Ukufakwa kunye nokusebenza kweRudder

Unokufaka kwaye ulawule isoftware kungekuphela nje kwiLinux kodwa nakwiWindows, khange ndiyijonge le yokugqibela, bekungekho mfuneko.

Isuka kumbhali

Usenokuba uyabuza, kutheni ukubuyisela kwakhona ivili ukuba i-ansible kunye ne-puppet sele iyilwe kwakudala?

Ndiyaphendula: I-Ansible inezithintelo ezithile, umzekelo, asiboni ukuba le meko ikhoyo ngoku, okanye imeko eqhelekileyo xa usungula indima okanye incwadi yokudlala kunye neempazamo zokuphazamiseka, kwaye uqala ukukhwela kumncedisi kwaye ubone. yeyiphi ipakethe ehlaziyiweyo apho. Kwaye khange ndisebenze ngonopopi..

Ngaba kukho naziphi na izinto ezingalunganga kwi-Rudder? Kakhulu. (kodwa ngendlela, andikayiboni le kwinguqulo yesi-6 okwangoku), okukhokelela kucwangciso olunzima kakhulu kunye nojongano olungenangqiqo.

Ngaba kukho naziphi na iingenelo? Kwaye kukho iingenelo ezininzi: Ngokungafaniyo ne-Ansible eyaziwayo, sinojongano lwewebhu apho unokubona ukuthotyelwa esikwenzileyo. Umzekelo, ngaba amazibuko ancamathele ngaphandle elizweni, ithini imeko yefirewall, ziiarhente zokhuseleko ezifakiweyo okanye ezinye izixhobo.

Le software igqibelele kwisebe lokhuseleko lolwazi, ekubeni imeko yeziseko zophuhliso iya kuhlala iphambi kwamehlo akho, kwaye ukuba nayiphi na imigaqo ikhanyisa ngombala obomvu, ke esi sizathu sokutyelela umncedisi. Njengoko benditshilo, bendisebenzisa iRudder iminyaka eyi-2 ngoku, kwaye ukuba uyayitshaya kancinci, ubomi buya kuba ngcono. Into enzima kakhulu kwisiseko esikhulu kukuba awukhumbuli ukuba yiyiphi imeko umncedisi, nokuba uJuni ulahlekelwe ukufaka ii-agent zokhuseleko okanye nokuba ulungiselele iptables ngokuchanekileyo, kodwa i-rudder iya kukunceda uhlale uhambelana nazo zonke iziganeko. Ukuqonda kuthetha ukuba uxhobile! )

I-PS Kwaba kuninzi kunokuba ndicwangcise, andiyi kuchaza indlela yokufaka iiphakheji, ukuba ngokukhawuleza kukho izicelo, ndiya kubhala inxalenye yesibini.

I-PSS Eli nqaku lenzelwe iinjongo zolwazi, ndagqiba ekubeni sabelane ngalo kuba kukho ulwazi oluncinci kakhulu kwi-Intanethi. Mhlawumbi oku kuya kuba nomdla kumntu. Nibe nosuku oluhle bahlobo abathandekayo)

Njengentengiso

Iiseva ze-Epic - yi le VPS kwiLinux okanye iiWindows ezineeprosesa zeentsapho ze-AMD EPYC ezinamandla kunye ne-Intel NVMe ekhawulezayo. Khawuleza uyokwenza iodolo!

Ukufakwa kunye nokusebenza kweRudder

umthombo: www.habr.com

Yongeza izimvo