ansible devops codestyle
Sawubona! Igama lami ngu Ngisebenza njengonjiniyela emnyangweni we-automation wenqubo yentuthuko. Nsuku zonke, ukwakhiwa kwezinhlelo zokusebenza ezintsha kwethulwa kumakhulu amaseva omkhankaso. Futhi kulesi sihloko, ngabelana ngolwazi lwami lokusebenzisa i-Ansible ngalezi zinhloso.
Lo mhlahlandlela unikeza indlela yokuhlela okuguquguqukayo ekusetshenzisweni. Lo mhlahlandlela uklanyelwe labo asebevele besebenzisa izindima ezincwadini zabo zokudlala futhi bafunde kodwa ukubhekana nezinkinga ezifanayo:
- Ngemva kokuthola okuguquguqukayo kukhodi, akunakwenzeka ukuqonda ngokushesha ukuthi yini enesibopho;
- Kunezindima eziningana, futhi okuguquguqukayo kudingeka kuhlotshaniswe nenani elilodwa, kodwa akusebenzi;
- Ukuba nobunzima bokuchazela abanye ukuthi indlela enengqondo yezinto eziguquguqukayo ezincwadini zakho zokudlala isebenza kanjani
Sihlangabezane nalezi zinkinga kumaphrojekthi enkampani yethu, ngenxa yalokho safika emithethweni yokufometha okuguquguqukayo ezincwadini zethu zokudlala, okuthe ngezinga elithile kwaxazulula lezi zinkinga.
Okuguquguqukayo ngezindima
Iqhaza Into Yesistimu Yokuthunyelwa ehlukile. Njenganoma iyiphi into yesistimu, kufanele ibe nesixhumi esibonakalayo ukuze ixhumane nayo yonke isistimu. Okuguquguqukayo kwendima kuyisixhumi esibonakalayo esinjalo.
Thatha, isibonelo, indima api, efaka uhlelo lwe-Java kuseva. Ikuphi okuguquguqukayo enakho?
Okuguquguqukayo kwendima kungahlukaniswa ngezinhlobo ezi-2 ngohlobo:
1. Свойства
a) независимые от среды
б) зависимые от среды
2. Связи
a) слушатели
б) запросы внутри системы
в) запросы в среду
Izakhiwo eziguquguqukayo kukhona okuguquguqukayo okuchaza ukuziphatha kwendima.
Imibuzo Eguquguqukayo kukhona okuguquguqukayo okusetshenziselwa ukuchaza izinsiza ezingaphandle endimeni.
Abalaleli abaguquguqukayo kukhona okuguquguqukayo okusetshenziselwa ukwakha okuguquguqukayo kombuzo.
Ngakolunye uhlangothi, u-1a, 2a, 2b yiziguquko ezingancikile endaweni (insimbi, izinsiza zangaphandle, njll.) futhi zingagcwaliswa ngamavelu azenzakalelayo endimeni yokuzenzakalelayo. Kodwa-ke, okuguquguqukayo okufana no-1.b no-2.c akukwazi ukugcwaliswa ngamavelu ngaphandle kokuthi 'isibonelo', njengoba azoshintsha ukusuka kokuma kuye kuye ngendawo.
isitayela sekhodi
- Igama lokuguquguquka kufanele liqale ngegama lendima. Lokhu kuzokwenza kube lula ukuthola esikhathini esizayo ukuthi ukuguquguquka kuvela kuyiphi indima nokuthi kunesibopho ngani.
- Uma usebenzisa okuguquguqukayo ezindimeni, kufanele uqiniseke ukuthi ulandela isimiso sokuhlanganisa nokusebenzisa okuguquguqukayo okuchazwe endimeni ngokwayo noma ezindimeni lapho okwamanje kuncike khona.
-
Gwema ukusebenzisa izichazamazwi eziguquguqukayo. I-Ansible ayikuvumeli ukuthi ukhiphe kalula amanani angawodwana kusichazamazwi.
Isibonelo sokuhluka okubi:
myrole_user: login: admin password: adminLapha, ukungena ngemvume kuwukuguquguquka kwe-median, futhi iphasiwedi ingukuhluka okuncikile. Kodwa
njengoba zihlanganiswe zibe isichazamazwi, kuzodingeka ukuthi ucacise ngokugcwele
Njalo. Okuyinto engalungile kakhulu. Kungcono ngale ndlela:myrole_user_login: admin myrole_user_password: admin
Okuguquguqukayo ezincwadini zokudlala zokusatshalaliswa
Lapho sihlanganisa ibhuku lokudlala lokusatshalaliswa (ngemuva kwalokhu elizobizwa ngokuthi ibhuku lokudlala), sithobela umthetho wokuthi kufanele libekwe endaweni yokugcina ehlukile. Njengezindima: ngayinye endaweni yayo yokugcina ye-git. Lokhu kukuvumela ukuthi uqaphele ukuthi izindima kanye nencwadi yokudlala kuyizinto ezihlukile ezizimele zesistimu yokuthunyelwa, futhi izinguquko entweni eyodwa akufanele zithinte ukusebenza kwenye. Lokhu kufezwa ngokushintsha amanani azenzakalelayo wezinto eziguquguqukayo.
Lapho uhlanganisa ibhuku lokudlala, ukufingqa, kuyenzeka ukuthi ubhale ngaphezulu amanani azenzakalelayo okuguquguquka kwendima ezindaweni ezimbili: eziguquguqukayo zebhuku lokudlala kanye neziguquguqukayo ze-inventory.
mydeploy # Каталог деплоя
├── deploy.yml # Плейбук деплоя
├── group_vars # Каталог переменных плейбука
│ ├── all.yml # Файл для переменных связи всей системы
│ └── myapi.yml # Файл переменных свойств группы myapi
└── inventories #
└── prod # Каталог окружения prod
├── prod.ini # Инвентори файл
└── group_vars # Каталог для переменных инвентори
└── myapi #
├── vars.yml # Средозависимые переменные группы myapi
└── vault.yml # Секреты (всегда средозависимы) ** -
Umehluko wukuthi okuguquguqukayo kwebhuku lokudlala kuhlala kusetshenziswa uma kubizwa izincwadi zokudlala ezisezingeni elifanayo nazo. Lokhu kusho ukuthi lezi ziguquguqukayo zinhle ekuguquleni amanani azenzakalelayo wezinto eziguquguqukayo ezingancikile endaweni. Ngokuphambene, okuguquguqukayo kwempahla kuzosetshenziswa kuphela endaweni ethile, elungele ukuguquguquka okuqondene nendawo ethile.
Kubalulekile ukuqaphela ukuthi ukwandulela okuguquguqukayo ngeke kukuvumele ukuthi uchaze kabusha okuguquguqukayo kuqala kokuguquguqukayo kwebhuku lokudlala bese ngokwehlukana ku-inventory efanayo.
Lokhu kusho ukuthi kakade kulesi sigaba udinga ukunquma ukuthi okuguquguqukayo kuncike endaweni noma cha futhi ukubeke endaweni efanele.
Isibonelo, kuphrojekthi eyodwa, okuhlukile okubophezelekile ukunika amandla i-SSL bekuncike endaweni isikhathi eside, njengoba asikwazanga ukunika amandla i-SSL ngezizathu ezingaphezu kwamandla ethu kwesinye sezitendi. Ngemuva kokuthi silungise le nkinga, yazimela ngokumaphakathi futhi yathuthela kokuhlukile kwebhuku lokudlala.
Izakhiwo Eziguquguqukayo Zamaqembu
Masinwebe imodeli yethu kuMfanekiso 1 ngokwengeza amaqembu angu-2 amaseva anohlelo oluhlukile lwe-Java, kodwa ngezilungiselelo ezihlukile.
Cabanga ukuthi i-playbook izobukeka kanjani kulesi simo:
- hosts: myapi
roles:
- api
- hosts: bbauth
roles:
- auth
- hosts: ghauth
roles:
- authSinamaqembu amathathu ebhukwini lokudlala, ngakho-ke kunconywa ukuthi udale amafayela eqembu amaningi kuma-group_vars okuguquguqukayo kwe-inventory kanye nokuguquguqukayo kwebhuku lokudlala ngesikhathi esisodwa. Ifayela elilodwa leqembu kuleli cala liyincazelo yengxenye eyodwa yohlelo lwakho lokusebenza kubhuku lokudlala. Uma uvula ifayela leqembu ezintweni eziguquguqukayo ze-playbook, ubona ngokushesha wonke umehluko kusukela ekuziphatheni okuzenzakalelayo kwezindima ezinikezwe iqembu. Eziguquguqukayo ze-inventory: umehluko ekuziphatheni kweqembu kusuka endaweni yokubeka kuya endaweni.
isitayela sekhodi
- Zama ukungasebenzisi okuguquguqukayo kwe-host_vars nhlobo, njengoba engachazi uhlelo, kodwa kuphela icala elikhethekile, okuzothi ngokuhamba kwesikhathi liholele emibuzweni: "Kungani lo msingathi ehluke kwabanye?", Impendulo yiyiphi ethi: akulula ngaso sonke isikhathi ukukuthola.
Xhuma okuguquguqukayo
Kodwa-ke, lokho kumayelana nokuguquguquka kwempahla, kodwa kuthiwani ngokuguquguquka kwesixhumanisi?
Umehluko wabo wukuthi kumele babe nenani elifanayo emaqenjini ahlukene.
Ekuqaleni kwakukhona sebenzisa ukwakhiwa okumangazayo kwefomu:
hostvars[groups['bbauth'][0]]['auth_bind_port'], kodwa yashiywa ngokushesha
ngoba inamaphutha. Okokuqala, ubukhulu. Okwesibili, ukuncika kumsingathi othile eqenjini. Okwesithathu, kuyadingeka ukuqoqa amaqiniso kubo bonke abasingathi ngaphambi kokuqala ukusetshenziswa, uma singafuni ukuthola iphutha eliguquguqukayo elingachazwanga.
Ngenxa yalokho, kunqunywe ukusebenzisa okuguquguqukayo kwesixhumanisi.
Xhuma okuguquguqukayo kukhona okuguquguqukayo okungokwencwadi yokudlala futhi kuyadingeka ukuze kuxhunywe izinto zesistimu.
Izixhumanisi eziguquguqukayo zigcwele eziguquguqukayo zesistimu evamile group_vars/all/vars futhi akhiwa ngokukhipha zonke iziguquguquko zabalaleli eqenjini ngalinye, futhi kwenezelwa igama leqembu umlaleli asuswe kulo ekuqaleni kokuguquguquka.
Ngakho, ukufana nokungahlangani kwamagama kuyaqinisekiswa.
Ake sizame ukuhlanganisa okuguquguqukayo esibonelweni esingenhla:
Cabanga ukuthi sinokuhlukahluka okuncike komunye nomunye:
# roles/api/defaults:
# Переменная запроса
api_auth1_address: "http://example.com:80"
api_auth2_address: "http://example2.com:80"
# roles/auth/defaults:
# Переменная слушатель
auth_bind_port: "20000"Ake sikubeke eziguquguqukayo ezifanayo group_vars/all/vars bonke abalaleli, bese wengeza igama leqembu egameni:
# group_vars/all/vars
bbauth_auth_bind_port: "20000"
ghauth_auth_bind_port: "30000"
# group_vars/bbauth/vars
auth_bind_port: "{{ bbauth_auth_bind_port }}"
# group_vars/ghauth/vars
auth_bind_port: "{{ ghauth_auth_bind_port }}"
# group_vars/myapi/vars
api_auth1_address: "http://{{ bbauth_auth_service_name }}:{{ bbauth_auth_bind_port }}"
api_auth2_address: "http://{{ ghauth_auth_service_name }}:{{ ghauth_auth_bind_port }}"Manje, ngokushintsha inani lesixhumi, sizoqiniseka ukuthi isicelo sizoya echwebeni elifanayo.
isitayela sekhodi
- Njengoba izindima namaqembu kuyizinto ezihlukene zesistimu, badinga ukuba namagama ahlukene ukuze izixhumanisi eziguquguqukayo zibonise ngokunembile ukuthi ziyingxenye yeqembu elithile leseva, hhayi indima ohlelweni.
Amafayela emvelo
Izindima zingasebenzisa amafayela ahluka ngokwendawo nendawo.
Izitifiketi ze-SSL ziyisibonelo samafayela anjalo. Zigcine njengombhalo
kokuguquguqukayo akulula kakhulu. Kodwa kulula ukugcina indlela eya kubo ngaphakathi kokuguquguquka.
Isibonelo, sisebenzisa i-variable api_ssl_key_file: "/path/to/file".
Njengoba kusobala ukuthi isitifiketi esiyinhloko sizoshintsha sisuka endaweni siye endaweni, lokhu kuwukuhlukahluka okuncike endaweni, okusho ukuthi kufanele kubekwe kufayela.
group_vars/myapi/vars uhlu lwezinto eziguquguqukayo, futhi aqukethe inani 'isibonelo'.
Indlela elula kunazo zonke kuleli cala ukufaka ifayela elingukhiye endaweni yokugcina yezincwadi zokudlala endleleni
files/prod/certs/myapi.key, khona-ke inani lokuguquguquka lizoba:
api_ssl_key_file: "prod/certs/myapi.key". Okwenza kube lula kusekutheni abantu abanomthwalo wemfanelo wokusatshalaliswa kwesistimu endaweni ethile nabo banendawo yabo ezinikele endaweni yokugcina amafayela abo. Ngesikhathi esifanayo, kuhlala kungenzeka ukucacisa indlela ephelele yesitifiketi kuseva, uma kwenzeka izitifiketi zinikezwa enye isistimu.
Izitendi eziningi endaweni eyodwa
Ngokuvamile kuba nesidingo sokuphakelwa kwezitendi ezimbalwa ezicishe zifane endaweni efanayo ezinomehluko omncane. Kulesi simo, sihlukanisa okuguquguqukayo okuncike endaweni kube yilezo ezingashintshi kule ndawo kanye nalezo ezishintshayo. Futhi sikhipha okwakamuva ngqo kumafayela e-inventory ngokwawo. Ngemuva kwalokhu kukhohlisa, kuba nokwenzeka ukudala enye i-inventory ngqo kuhla lwemibhalo lwendawo.
Izophinda isebenzise i-inventory ye-group_vars futhi iphinde ikwazi ukuchaza kabusha okunye okuguquguqukayo yona ngokwayo.
Uhlu lokugcina lwemibhalo yephrojekthi yokuphakelwa:
mydeploy # Каталог деплоя
├── deploy.yml # Плейбук деплоя
├── files # Каталог для файлов деплоя
│ ├── prod # Католог для средозависимых файлов стенда prod
│ │ └── certs #
│ │ └── myapi.key #
│ └── test1 # Каталог для средозависимых файлов стенда test1
├── group_vars # Каталог переменных плейбука
│ ├── all.yml # Файл для переменных связи всей системы
│ ├── myapi.yml # Файл переменных свойств группы myapi
│ ├── bbauth.yml #
│ └── ghauth.yml #
└── inventories #
├── prod # Каталог окружения prod
│ ├── group_vars # Каталог для переменных инвентори
│ │ ├── myapi #
│ │ │ ├── vars.yml # Средозависимые переменные группы myapi
│ │ │ └── vault.yml # Секреты (всегда средозависимы)
│ │ ├── bbauth #
│ │ │ ├── vars.yml #
│ │ │ └── vault.yml #
│ │ └── ghauth #
│ │ ├── vars.yml #
│ │ └── vault.yml #
│ └── prod.ini # Инвентори стенда prod
└── test # Каталог окружения test
├── group_vars #
│ ├── myapi #
│ │ ├── vars.yml #
│ │ └── vault.yml #
│ ├── bbauth #
│ │ ├── vars.yml #
│ │ └── vault.yml #
│ └── ghauth #
│ ├── vars.yml #
│ └── vault.yml #
├── test1.ini # Инвентори стенда test1 в среде test
└── test2.ini # Инвентори стенда test2 в среде testUkufingqa
Ngemva kokuhlela okuguquguqukayo ngokuhambisana ne-athikili: ifayela ngalinye elinezinto eziguquguqukayo linesibopho somsebenzi othile. Futhi njengoba ifayela linemisebenzi ethile, kwaba nokwenzeka ukwabela umuntu onesibopho sokunemba kwefayela ngalinye. Isibonelo, umthuthukisi wokusetshenziswa kwesistimu uba nesibopho sokugcwalisa okulungile okuguquguqukayo kwebhuku lokudlala, kuyilapho umlawuli, ukuma kwakhe okuchazwe ohlwini lwamagama, unesibopho esiqondile sokugcwalisa i-inventory yezinto eziguquguqukayo.
Izindima zaba iyunithi yokuthuthukisa ezimele ene-interface yazo, okuvumela umthuthukisi wendima ukuthi athuthukise izici esikhundleni sokuhlanganisa indima ukuze ilingane nesistimu. Lolu daba beluyiqiniso ikakhulukazi ezindimeni ezifanayo kuzo zonke izinhlelo zomkhankaso.
Abalawuli besistimu akusadingeki baqonde ikhodi yokusebenzisa. Okudingekayo kubo ukuze kusetshenziswe ngempumelelo ukugcwalisa amafayela okuguquguquka kwemvelo.
Izincwadi
umbhali
Kalyuzhny Denis Alexandrovich
Source: www.habr.com