I-National Environmental Satellite Data Information Service (NESDIS) yehlise izindleko zayo zokuphatha zeRed Hat Enterprise Linux (RHEL) ngo-35% ngokusuka ePuppet Enterprise ukuya e-Ansible Tower. Kule vidiyo "indlela esikwenze ngayo", unjiniyela wezinhlelo uMichael Rau uchaza udaba lwalokhu kufuduka, abelane ngamathiphu awusizo nezifundo ezitholwe ekusukeni ku-SCM eyodwa kuya kwenye.
Kule vidiyo uzofunda:
- ungakuthethelela kanjani ukuphatha ukuba nokwenzeka kokushintsha kusuka ku-Puppet Enterprise kuya ku-Ansible Tower;
- yimaphi amasu ongawasebenzisa ukwenza uguquko lube bushelelezi ngangokunokwenzeka;
- amathiphu okudlulisa amakhodi e-PE avela ku-Ansible Playbook;
- Izincomo zokufakwa okuphelele kwe-Ansible Tower.
Sanibonani nonke, igama lami ngingu-Michael Rau, nginguNjiniyela we-Senior Systems kwa-ActioNet, osebenzela isevisi ye-National Oceanic and Atmospheric Administration (NOAA) NESDIS. Namuhla sizokhuluma ngokusikwa kwezintambo - okuhlangenwe nakho kwami okusuka ku-Puppet Enterprise kuya e-Ansible Tower. Indikimba yalesi sethulo ithi “bheka izibazi zami” ezisele ngemuva kokwenza lolu shintsho ekuqaleni konyaka. Ngifuna ukwabelana ngalokho engikufundile ngale nqubo. Ngakho-ke uma wenza okuthile okufana nalokhu, usebenzisa ulwazi lwami, ungenza inguquko ngaphandle komsebenzi owengeziwe.
Ubona amaslayidi afana nalawa ekuqaleni kwawo wonke amaphrezentheshini e-Ansible Fest. Lesi silayidi sibonisa umlando wokuzenzakalela kwenkampani yami. Angimusha kulokhu ngoba bengisebenzisa i-Puppet/Puppet Enterprise kusukela ngo-2007. Ngaqala ukusebenza ne-Ansible ngo-2016, futhi njengabanye abasebenzisi abaningi balo mkhiqizo, ngakhangwa ukuthi kungenzeka "amaqhinga" usebenzisa umugqa womyalo kanye nemibhalo elula (izincwadi zokudlala). Ekupheleni kuka-2017, ngaya kubaphathi bami mayelana nezizathu eziqinile zokuthuthela e-Ansible Tower. Ngomzuzu nje ngizokutshela ngezizathu ezingenze ngathatha lesi sinyathelo. Ngemva kokuthola imvume yabaphathi, kwathatha ezinye izinyanga ezimbalwa ukuqeda lolu hlelo, futhi ngenza ushintsho ngo-January-February walonyaka. Ngakho-ke, simshiye ngokuphelele uPuppet sathanda u-Ansible, futhi kuyinto enhle kakhulu.
Okungikhanga kakhulu nge-Ansible yikhono lokubhala nokusebenzisa izindima nezincwadi zokudlala. Izindima zinhle kakhulu ekudaleni imisebenzi ehlukene kodwa ehlobene kanye nokubeka yonke idatha ehlobene naleyo misebenzi endaweni eyodwa. Ibhuku lokudlala liyi-syntax ye-YAML, ifayela lombhalo elichaza izenzo zosokhaya oyedwa noma ngaphezulu. Ngitshela abasebenzisi ngalezi zici, ikakhulukazi abathuthukisi be-software. I-Ansible Tower ikunikeza ikhono lokuthi, “cha, awunakho ukufinyelela kwegobolondo, kodwa ngikunikeza amandla okusebenzisa zonke izinqubo ze-Tower futhi uqale kabusha isevisi lapho uyidinga.” Ngizokutshela ngendawo yokusebenza kanye nempahla esiyisebenzisayo.
Lena i-LAN yombuso, amasayithi aphathekayo angu-7 axhunywe nge-MPLS yamafu, amaseva angu-140 e-RHEL, ama-99% awo angokoqobo (vSphere), i-SuperMicro hardware, isitoreji senethiwekhi ye-NexentaStore, isethi yokushintsha kwe-Cisco, i-Arista ne-Cumulus kanye nokuphathwa kosongo okuhlanganisiwe kwe-Fortinet UTM. amathuluzi kusayithi ngalinye.
Inethiwekhi yombuso isho ukuthi kufanele ngisebenzise zonke izinyathelo zokuphepha zolwazi ezinikezwe ngumthetho. Kufanele ukhumbule ukuthi i-Puppet Enterprise ayisekeli ihadiwe eningi esiyisebenzisayo. Siyaphoqeleka ukuthi sisebenzise i-hardware yesabelomali ngoba izikhungo zikahulumeni zinezinkinga zokuxhasa le nto yezindleko. Yingakho sithenga i-SuperMicro hardware futhi sihlanganise imishini yethu ezingxenyeni ngazinye, ukugcinwa kwayo okuqinisekisiwe yizinkontileka zikahulumeni. Sisebenzisa i-Linux futhi lesi ngesinye sezizathu ezibalulekile zokushintshela ku-Ansible.
Umlando wethu noPuppet umi kanje.
Ngo-2007, saba nenethiwekhi encane yama-node angu-20-25, lapho safaka khona i-Puppet. Ngokuyisisekelo, lawa ma-node ayemane nje “amabhokisi” e-RedHat. Ngo-2010, saqala ukusebenzisa i-Puppet Dashboard web interface kumanodi angama-45. Njengoba inethiwekhi iqhubeka nokukhula, sathuthela ku-PE 2014 ngo-3.3, senza inguquko ephelele ngokubhala kabusha kwe-manifest kumanodi angu-75. Lokhu bekumele kwenziwe ngoba uPuppet uthanda ukushintsha imithetho yomdlalo, kanti kulokhu baluguqule ngokuphelele ulimi. Ngemva konyaka, lapho kuphela ukusekelwa kwenguqulo yesi-3 ye-Puppet Enterprise, saphoqeleka ukuthi sithuthele ku-PE 2015.2. Kwadingeka ukuthi sibhale kabusha i-manifest futhi kumaseva amasha futhi sithenge ilayisensi enendawo egciniwe yama-node angu-100, nakuba ngaleso sikhathi sasinama-node angu-85 kuphela.
Sekudlule iminyaka emi-2 kuphela, futhi kwadingeka senze umsebenzi omningi futhi ukuze sithuthele enguqulweni entsha ye-PE 2016.4. Sithenge ilayisense yama-node angu-300, anangu-130 kuphela. Kwadingeka futhi senze izinguquko ezinkulu ku-manifest ngoba inguqulo entsha yolimi yayinohlelo oluhlukile kunolimi lwenguqulo ka-2015. Ngenxa yalokho, i-SCM yethu yashintsha isuka kulawulo lwenguqulo ye-SVN yaya ku-Bitbucket (Git). Lobu “kwakuwubudlelwane” bethu noPuppet.
Ngakho-ke, kwadingeka ngichazele abaphathi ukuthi kungani sidinga ukuthuthela ku-SCM ehlukile sisebenzisa lezi zimpikiswano ezilandelayo. Esokuqala inani eliphezulu lenkonzo. Ngikhulume nabafana e-RedHat futhi bathi izindleko zokusebenzisa inethiwekhi ye-node engu-300 ne-Ansible Tower iyingxenye yezindleko zePuppet Enterprise. Uma futhi uthenga i-Ansible Engine, izindleko zizofana, kodwa uzothola izici eziningi kune-PE. Njengoba siyinkampani kahulumeni exhaswe ngezimali kwisabelomali sombuso, lena impikiswano enamandla kakhulu.
Impikiswano yesibili iwukuguquguquka. I-Puppet isekela ihadiwe eline-ejenti ye-Puppet kuphela. Lokhu kusho ukuthi i-ejenti kufanele ifakwe kuwo wonke amaswishi, futhi kufanele kube inguqulo yakamuva. Futhi uma amanye amaswishi akho esekela inguqulo eyodwa, futhi amanye esekela enye, uzodinga ukufaka inguqulo entsha ye-ejenti ye-PE kuwo ukuze wonke asebenze ohlelweni olufanayo lwe-SCM.
Uhlelo lwe-Ansible Tower lusebenza ngendlela ehlukile ngoba alunawo ama-ejenti, kodwa lunamamojula asekela ukushintshwa kwe-Cisco nawo wonke amanye amaswishi. Le SCM isekela i-Qubes OS, Linux kanye ne-4.NET UTM. I-Ansible Tower iphinde isekele izilawuli zesitoreji senethiwekhi ye-NexentaStore ngokusekelwe ku-Illumos kernel, isistimu yokusebenza esekelwe kumthombo ovulekile we-Unix. Lokhu ukwesekwa okuncane kakhulu, kodwa i-Ansible Tower iyakwenza noma kunjalo.
Ingxabano yesithathu, ebaluleke kakhulu kimi nakubaphathi bethu, kulula ukuyisebenzisa. Ngichithe iminyaka engu-10 ngifunda kahle amamojula we-Puppet kanye nekhodi ye-manifest, kodwa ngafunda i-Ansible phakathi nesonto ngoba le SCM kulula kakhulu ukusebenza nayo. Uma usebenzisa amafayela asebenzisekayo, yebo, ngaphandle uma wenza kanjalo ngokungadingekile, khona-ke abaphathi abahlakaniphile nabasabelayo basebenza nawo. Izincwadi zokudlala ezisuselwe ku-YAML zifundeka kalula futhi ziyashesha ukuzisebenzisa. Labo abangakaze bezwe nge-YAML ngaphambilini bangakwazi ukufunda imibhalo futhi baqonde kalula ukuthi isebenza kanjani.
Uma sikhuluma iqiniso, uPuppet wenza umsebenzi wakho njengonjiniyela ube nzima kakhulu ngoba usekelwe ekusebenziseni iPuppet Master. Iwona kuphela umshini ovunyelwe ukuxhumana nama-Puppet agents. Uma wenze noma yiziphi izinguquko ku-manifest futhi ufuna ukuhlola ikhodi yakho, kufanele ubhale kabusha ikhodi ye-Puppet Master, okungukuthi, ulungise ifayela lePuppet Master /etc/hosts ukuze uxhume wonke amakhasimende futhi uqale isevisi ye-Puppet Server. Kuphela ngemva kwalokhu uzokwazi ukuhlola ukusebenza kwemishini yenethiwekhi kumsingathi oyedwa. Lena inqubo ebuhlungu kakhulu.
Konke kulula kakhulu ku-Ansible. Odinga ukukwenza nje ukwakha ikhodi yomshini ongaxhumana nge-SSH nomsingathi ovivinywayo. Lokhu kulula kakhulu ukusebenza ngakho.
Inzuzo enkulu elandelayo ye-Ansible Tower yikhono lokusebenzisa isistimu yakho yosekelo ekhona nokugcina ukucushwa kwakho kwehadiwe okukhona kakade. Le SCM isebenzisa lonke ulwazi olutholakalayo mayelana nengqalasizinda yakho nehardware, imishini ebonakalayo, amaseva, njll. ngaphandle kwezinyathelo ezengeziwe. Ingakhuluma neziphakeli zakho ze-RH Satellite, uma unayo, futhi ikunikeze ukuhlanganiswa ongeke ukuthole ngePuppet.
Enye into ebalulekile ukulawula okuningiliziwe. Uyazi ukuthi i-Puppet iyisistimu ye-modular, iwuhlelo lokusebenza lweseva yeklayenti, ngakho-ke kufanele uchaze izici ezikhona zayo yonke imishini yakho ku-manifest eyodwa ende. Kulokhu, isimo sesici ngasinye sohlelo kufanele sihlolwe njalo ngesigamu sehora - lesi yisikhathi esimisiwe. Le yindlela iPuppet esebenza ngayo.
Umbhoshongo uyakusindisa kulokho. Ungasebenzisa izinqubo ezihlukahlukene kumishini ehlukahlukene ngaphandle kwemikhawulo; ungenza umsebenzi oyisisekelo, uqhube ezinye izinqubo ezibalulekile, umise isistimu yokuphepha, futhi usebenze ngezizindalwazi. Ungenza konke okunzima ku-Puppet Enterprise. Ngakho-ke, uma uyilungiselele kumsingathi oyedwa, kuzothatha isikhathi ukuthi izinguquko zisebenze kubasingathi abasele. Ku-Ansible, zonke izinguquko zisebenza ngesikhathi esisodwa.
Ekugcineni, ake sibheke imojuli yezokuphepha. I-Ansible Tower iyisebenzisa ngokumangalisayo, ngokunemba okukhulu nangokucophelela. Unganikeza abasebenzisi ukufinyelela kumasevisi athile noma kubabungazi abathile. Ngenza lokhu nabasebenzi bami abajwayele ukusebenza ku-Windows, ngikhawulela ukufinyelela kwabo kugobolondo le-Linux. Ngiyaqinisekisa ukuthi bayakwazi ukufinyelela ku-Tower ukuze bakwazi ukwenza umsebenzi kuphela futhi baqhube izinkonzo ezihambisana nabo kuphela.
Ake sibheke izinto okudingeka uzenze kusenesikhathi ukuze wenze ukushintshela kwakho ku-Ansible Tower kube lula. Okokuqala, udinga ukulungisa imishini yakho. Uma ezinye izici zengqalasizinda yakho zingekho kusizindalwazi, udinga ukuzingeza lapho. Kukhona amasistimu angazishintshi izici zawo ngakho-ke awekho ku-database ye-Puppet, kodwa uma ungawengezi lapho ngaphambi kokuthuthela ku-Tower, uzolahlekelwa izinzuzo eziningi. Lokhu kungase kube "ingcolile", isizindalwazi sokuqala, kodwa kufanele siqukathe ulwazi mayelana nazo zonke izinto zokusebenza onazo. Ngakho-ke, kufanele ubhale iskripthi sehadiwe esiguqukayo esizophusha ngokuzenzakalelayo zonke izinguquko zengqalasizinda kusizindalwazi, bese u-Ansible azi ukuthi yibaphi ababungazi okufanele babe khona ohlelweni olusha. Ngeke udinge ukutshela le SCM ukuthi yibaphi abasingathi obangezile nokuthi yibaphi abasingathi abangasekho, ngoba izokwazi konke lokhu ngokuzenzakalelayo. Uma kunedatha eyengeziwe kusizindalwazi, i-Ansible izoba wusizo kakhulu futhi iguquguquke. Isebenza njengokungathi ifunda ibhakhodi yesimo sehadiwe kusuka kusizindalwazi.
Chitha isikhathi ujwayelene nomugqa womyalo ku-Ansible. Qalisa eminye imiyalo yangokwezifiso ukuze uhlole umbhalo wezingxenyekazi zekhompuyutha, ubhale futhi usebenzise imibhalo yencwadi yokudlala elula kodwa ewusizo, sebenzisa izifanekiso ze-Jinja2 lapho kufanele khona. Zama ukubhala indima nesikripthi senqubo eyinkimbinkimbi, enezinyathelo eziningi usebenzisa ukulungiselelwa kwehadiwe okuvamile, okuvame ukuhlangana nakho. Dlala ngalezi zinto, hlola ukuthi kusebenza kanjani. Ngale ndlela uzofunda ukusebenzisa amathuluzi okudala umtapo asetshenziswa ku-Tower. Sengike ngasho ukuthi kungithathe cishe izinyanga ezi-3 ukulungiselela inguquko. Ngicabanga ukuthi ngokusekelwe kokuhlangenwe nakho kwami, uzokwazi ukwenza lokhu ngokushesha. Ungacabangi ukuthi lesi sikhathi simoshekile, ngoba kamuva uzothola zonke izinzuzo zomsebenzi owenziwe.
Okulandelayo, udinga ukunquma ukuthi yini oyilindele ku-Ansible Tower, ukuthi yini le nqubo okufanele ikwenzele yona.
Ingabe udinga ukusebenzisa isistimu ku-hardware engenalutho, emishinini ebonakalayo engenalutho? Noma ufuna ukugcina izimo zokusebenza zangempela nezilungiselelo zemishini ekhona? Lesi isici esibaluleke kakhulu ezinkampanini zomphakathi, ngakho-ke udinga ukuqiniseka ukuthi uzokwazi ukufuduka futhi usebenzise i-Ansible ekucushweni kwakho okukhona. Khomba izinqubo zokuphatha ezijwayelekile ofuna ukuzenza ngokuzenzakalelayo. Thola ukuthi ingabe udinga ukufaka izinhlelo zokusebenza ezithile namasevisi ohlelweni olusha. Yenza uhlu lwalokho ofuna ukukwenza futhi ukubeke phambili.
Bese uqala ukubhala ikhodi yeskripthi nezindima ezizonika amandla imisebenzi ohlela ukuyiqeda. Zihlanganise zibe Amaphrojekthi, iqoqo elinengqondo lezincwadi zokudlala ezifanele. Iphrojekthi ngayinye izoba ngeyekhosombe elihlukile le-Git noma inqolobane ehlukile kuye ngokuthi iyiphi umphathi wekhodi oyisebenzisayo. Ungaphatha imibhalo yezincwadi zokudlala nezinhla zemibhalo yezincwadi zokudlala ngokuzifaka mathupha ku-Project Base Path kuseva ye-Tower, noma ngokubeka i-playbook kunoma iyiphi isistimu yokuphatha ikhodi yomthombo (SCM) esekelwa i-Tower, okuhlanganisa i-Git, i-Subversion, i-Mercurial, ne-Red Hat. Ukuqonda. Ngaphakathi Kwephrojekthi eyodwa ungabeka imibhalo eminingi ngokuthanda kwakho. Isibonelo, ngidale Iphrojekthi eyodwa eyisisekelo lapho ngibeke khona iskripthi sezinto eziyinhloko ze-RedHat, iskripthi se-Linux core, nemibhalo yazo zonke ezinye izisekelo. Ngakho-ke, kuphrojekthi eyodwa kwakukhona izindima ezihlukahlukene nezimo ezaziphathwa endaweni eyodwa ye-Git.
Ukusebenzisa zonke lezi zinto ngomugqa womyalo kuyindlela enhle yokuhlola ukusebenza kwazo. Lokhu kuzokulungiselela ukufakwa kombhoshongo.
Ake sikhulume kancane mayelana nokudlulisa i-Puppet manifest, ngoba ngichithe isikhathi esiningi kulokhu ngaze ngaqonda ukuthi yini ngempela okudingeka yenziwe.
Njengoba ngishilo ngaphambilini, iPuppet igcina zonke izilungiselelo nezinketho zehadiwe ku-manifest eyodwa ende, futhi le-manifest igcina yonke into okufanele yenziwe yile SCM. Lapho wenza inguquko, awudingi ukuhlanganisa yonke imisebenzi yakho ohlwini olulodwa; kunalokho, cabanga ngesakhiwo sohlelo olusha: izindima, imibhalo, omaka, amaqembu kanye nalokho okufanele kuye lapho. Ezinye zezinto zenethiwekhi ezizimele kufanele ziqoqwe ngamaqembu okungadalelwa imibhalo yawo. Izakhi zengqalasizinda eziyinkimbinkimbi ezibandakanya inani elikhulu lezinsiza, okuhlanganisa amakilasi azimele, zingahlanganiswa zibe izindima. Ngaphambi kokufuduka, udinga ukunquma ngalokhu. Uma udala izindima ezinkulu noma izimo ezingalingani esikrinini esisodwa, kufanele usebenzise omaka ukuze ukwazi ukuthwebula izingxenye ezithile zengqalasizinda.
18:00
Ezinye izikhangiso 🙂
Siyabonga ngokuhlala nathi. Uyazithanda izindatshana zethu? Ufuna ukubona okuqukethwe okuthakaselayo okwengeziwe? Sisekele ngokufaka i-oda noma ngokuncoma kubangani, , i-analogue ehlukile yamaseva ezinga lokungena, esungulwe yithi ngenxa yakho: (itholakala nge-RAID1 kanye ne-RAID10, kufika kuma-cores angu-24 kuze kufike ku-40GB DDR4).
I-Dell R730xd 2x ishibhile esikhungweni sedatha se-Equinix Tier IV e-Amsterdam? Lapha kuphela eNetherlands! I-Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - isuka ku-$99! Funda mayelana
Source: www.habr.com