Isibikezelo
“Ubungani” bethu baqala eminyakeni emibili edlule. Ngifike endaweni entsha yokusebenza, lapho umphathi wangaphambili angishiyele khona le softhiwe njengefa. Angitholanga lutho ku-inthanethi ngaphandle kwemibhalo esemthethweni. Ngisho namanje, uma usebenzisa i-google "rudder", ku-99% yamacala izofika nayo: izigqoko zomkhumbi nama-quadcopter. Ngikwazile ukuthola indlela yokusondela kuye. Njengoba umphakathi wale software uyinto encane, nginqume ukwabelana ngolwazi lwami kanye ne-rake. Ngicabanga ukuthi lokhu kuzoba usizo kumuntu.
Ngakho Rudder
I-Rudder iwumthombo ovulekile wokuhlola nokuphatha isisetshenziswa esiza ukwenza ngokuzenzakalelayo ukucushwa kwesistimu. Isebenza ngomgomo wokufaka i-ejenti yomsebenzisi ngamunye wokugcina. Ngokusebenzelana okulula, singakwazi ukuqapha ukuthi ingqalasizinda yethu ithobelana kangakanani nazo zonke izinqubomgomo ezishiwo.
Sebenzisa
Ngezansi ngizoklelisa engiyisebenzisela i-Rudder.
-
Ukulawulwa kwamafayela nokulungiselelwa: ./ssh/authorized_keys ; /etc/hosts; iptables; (bese lapho umcabango wakho uholela khona)
-
Ukulawulwa kwamaphakheji afakiwe: zabbix.agent nanoma iyiphi enye isofthiwe
Ukufakwa kweseva
Muva nje ngibuyekeze kusuka kunguqulo 5 kuya ku-6.1, konke kuhambe kahle. Ngezansi kunemiyalo ye-Deban/Ubuntu kodwa kukhona nokusekelwa: и .
Ngizofihla ukufakwa kuma-spoilers ukuze ngingakuphazamisi.
spoiler
Ukuncika
I-rudder-server idinga i-Java RE okungenani inguqulo 8, ingafakwa endaweni yokugcina evamile:
Ihlola ukuthi ifakiwe yini
java -versionuma isiphetho
-bash: java: command not foundbese ufaka
apt install default-jreIseva
Ingenisa ukhiye
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -Nakhu ukuphrinta ngokwako
pub 4096R/474A19E8 2011-12-15 Rudder Project (release key) <[email protected]>
Key fingerprint = 7C16 9817 7904 212D D58C B4D1 9322 C330 474A 19E8Njengoba singenakho ukubhalisa okukhokhelwayo, sengeza ikhosombe elandelayo
echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.listBuyekeza uhlu lwamaqoqo futhi ufake iseva
apt update
apt install rudder-server-rootDala umphathi womsebenzisi
rudder server create-user -u admin -p "Ваш Пароль"Ngokuzayo singaphatha abasebenzisi ngokusebenzisa ukulungiselelwa
Yilokho kuphela, iseva isilungile.
Ukushuna Kweseva
Manje udinga ukungeza amakheli e-IP ama-ejenti noma yonke i-subnet kumenzeli we-rudder, sigxila kunqubomgomo yezokuphepha.
Izilungiselelo -> Okujwayelekile
Enkambini ethi “Engeza inethiwekhi”, faka ikheli nemaski ngefomethi xxxx/xx. Ukuze uvumele ukufinyelela kuwo wonke amakheli enethiwekhi yangaphakathi (Ngaphandle kwalapho lena kuyinethiwekhi yokuhlola futhi ungemuva kwe-NAT) faka: 0.0.0.0/0
Okubalulekile - ngemva kokungeza ikheli le-ip, ungakhohlwa ukuchofoza Gcina izinguquko, ngaphandle kwalokho akukho lutho oluzogcinwa.
Amaports
Vula izimbobo ezilandelayo kuseva
-
443 - tcp
-
5309 - tcp
-
514 - eqe
Silungise ukusethwa kweseva kokuqala.
Ukufakwa komenzeli
spoiler
Yengeza ukhiye
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | sudo apt-key add -Izigxivizo zeminwe ezingukhiye
pub 4096R/474A19E8 2011-12-15 Rudder Project (release key) <[email protected]>
Key fingerprint = 7C16 9817 7904 212D D58C B4D1 9322 C330 474A 19E8Ingeza inqolobane
echo "deb http://repository.rudder.io/apt/6.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.listIfaka i-ejenti
apt update
apt install rudder-agentUkusethwa komenzeli
Sikhombisa umenzeli ikheli le-IP leseva yenqubomgomo
rudder agent policy-server <rudder server ip or hostname> #Без скобок. Можно также использовать доменное имя Ngokusebenzisa umyalo olandelayo sizothumela isicelo sokwengeza i-ejenti entsha kuseva, emizuzwini embalwa izovela ohlwini lwama-ejenti amasha, ngizochaza indlela yokwengeza esigabeni esilandelayo.
rudder agent inventoryFuthi singaphoqa i-ejenti ukuthi iqale futhi izothumela isicelo ngokushesha
rudder agent runI-ejenti yethu isimisiwe, asiqhubeke.
Ukwengeza ama-ejenti
Ngena ngemvume
https://127.0.0.1/rudder/index.html
Umenzeli wakho uzovela esigabeni esithi “Yamukela izindawo ezintsha,” maka ibhokisi bese uchofoza okuthi Yamukela
Kufanele kuthathe isikhathi esincane kuze kube isistimu ihlola iseva ukuthi iyahambisana yini
Idala amaqembu eseva
Masidale iqembu (lokho kusewukuzijabulisa), singazi ukuthi kungani abathuthukisi benze ukwakheka kweqembu okubi kangaka, kodwa njengoba ngikuqonda, ayikho enye indlela. Iya ku-Node management -> Amaqembu isigaba bese uchofoza okuthi Dala, khetha iqembu elimile negama.
Sihlunga iseva esiyidingayo ngezici ezikhethekile, ngokwesibonelo, ngekheli lasesizindeni se-inthanethi, bese silondoloza
Iqembu limisiwe.
Ukusetha imithetho
Iya kokuthi Inqubomgomo yokucushwa → Imithetho bese udala umthetho omusha
Engeza iqembu elilungiselelwe ngaphambili (lokhu kungenziwa kamuva)
Futhi sakha isiqondiso esisha
Masidale isiqondiso sokwengeza okhiye basesidlangalaleni kokuthi .ssh/authorized_keys. Ngisebenzisa lokhu uma isisebenzi esisha sihamba, noma ukuze ngithole umshwalense kabusha, isibonelo, uma othile enqamula ukhiye wami ngephutha.
Iya kunqubomgomo yokucushwa → Iziqondiso kwesokunxele sibona “Ilabhulali yokuqondisa” Thola “Ukufinyelela okukude → okhiye abagunyaziwe be-SSH”, kwesokudla chofoza okuthi Dala Iziqondiso
Sifaka ulwazi mayelana nomsebenzisi bese sengeza ukhiye wakhe. Okulandelayo, khetha inqubomgomo yohlelo lokusebenza
-
Umhlaba jikelele - Inqubomgomo ezenzakalelayo
-
Phoqeleka - Sebenzisa kumaseva akhethiwe
-
Audit - Izokwenza ucwaningo futhi isho ukuthi yimaphi amaklayenti anokhiye
Qiniseka ukuthi ubonisa umthetho wethu
Bese ulondoloza futhi usuqedile.
Bheka
Ukhiye wengezwe ngempumelelo
Amabhanisi
I-ejenti inikeza ulwazi oluphelele mayelana neseva. Uhlu lwamaphakheji afakiwe, i-interface, izimbobo ezivulekile nokunye okuningi, ongakubona kusithombe-skrini esingezansi
Ungakwazi futhi ukufaka nokulawula isofthiwe hhayi ku-Linux kuphela kodwa naku-Windows, angizange ngihlole okwakamuva, besingekho isidingo.
Kusuka kumbhali
Ungase ubuze, kungani usungula kabusha isondo uma i-ansible kanye ne-puppet isivele yasungulwa kudala?
Ngiyaphendula: I-Ansible inezihibe ezithile, isibonelo, asiboni ukuthi lokhu kulungiselelwa kukusiphi isimo manje, noma isimo esijwayelekile lapho wethula indima noma incwadi yokudlala bese kuvela amaphutha okuphahlazeka, bese uqala ukukhuphukela kuseva bese ubona. iyiphi iphakheji ebuyekeziwe lapho. Futhi angizange ngisebenze nopopayi..
Ingabe kukhona okungalungile ku-Rudder? Kakhulu.. Kusukela eqinisweni lokuthi ama-ejenti ayawa futhi kufanele uwafake kabusha noma usebenzise umyalo wokusetha kabusha iphinikhodi. (kodwa-ke, angikakakuboni lokhu enguqulweni yesi-6), okuholela ekusetheni okuyinkimbinkimbi kakhulu kanye nesixhumi esibonakalayo esingenangqondo.
Ingabe zikhona izinzuzo? Futhi kukhona izinzuzo eziningi: Ngokungafani ne-Ansible eyaziwa kakhulu, sine-interface yewebhu lapho ungabona khona ukuthobelana esikusebenzisile. Isibonelo, ingabe izimbobo ziphumela emhlabeni, sinjani isimo sohlelo lokuvikela, ama-ejenti okuvikela afakiwe noma amanye amagajethi.
Le software iphelele emnyangweni wezokuphepha kolwazi, njengoba isimo sengqalasizinda sizohlala siphambi kwamehlo akho, futhi uma noma yimiphi imithetho ikhanya ngokubomvu, khona-ke lesi yisizathu sokuvakashela iseva. Njengoba ngishilo, sengineminyaka engu-2 ngisebenzisa iRudder, futhi uma uyibhema kancane, impilo iba ngcono. Into enzima kakhulu kwingqalasizinda enkulu ukuthi awukhumbuli ukuthi iseva ikusiphi isimo, kungakhathaliseki ukuthi uJuni uphuthelwe ukufaka ama-agent okuphepha noma ngabe ulungiselele ama-iptables ngendlela efanele, kodwa i-rudder izokusiza ukuthi uhlale wazi yonke imicimbi. Ukuqaphela kusho ahlomile! )
I-PS Kwaba okuningi kunalokho engangikuhlelile, ngeke ngichaze indlela yokufaka amaphakheji, uma kungazelelwe kunezicelo, ngizobhala ingxenye yesibili.
I-PSS Lesi sihloko senzelwe izinjongo zokwaziswa, nginqume ukwabelana ngaso njengoba kunolwazi oluncane kakhulu ku-Inthanethi. Mhlawumbe lokhu kuzothakazelisa othile. Nibe nosuku oluhle, bangane abathandekayo)
Emalungelo Wokukhangisa
Amaseva ama-Epic Ingabe noma iWindows enamaphrosesa omndeni we-AMD EPYC anamandla namadrayivu e-Intel NVMe ashesha kakhulu. Shesha uku-oda!
Source: www.habr.com