它是拉模式的
它方便使用文本方式来配置,有利于配置版本化
插件太多了,想要监控什么,基本都会有现成的
以上三者,我基本都要重新学,我为什么不学一个 Google SRE 书上推荐的呢?
Prometheus Server 负责监控数据收集和存储
Prometheus Alert manager 负责根据告警规则进行告警,可集成很多告警通道
node-exporter[1] 的作用就是从机器读取指标,然后暴露一个 http 服务,Prometheus 就是从这个服务中收集监控指标。当然 Prometheus 官方还有各种各样的 exporter。
├── environments/ # Parent directory for our environment-specific directories
│ │
│ ├── dev/ # Contains all files specific to the dev environment
│ │ ├── group_vars/ # dev specific group_vars files
│ │ │ ├── all
│ │ │ ├── db
│ │ │ └── web
│ │ └── hosts # Contains only the hosts in the dev environment
│ │
│ ├── prod/ # Contains all files specific to the prod environment
│ │ ├── group_vars/ # prod specific group_vars files
│ │ │ ├── all
│ │ │ ├── db
│ │ │ └── web
│ │ └── hosts # Contains only the hosts in the prod environment
│ │
│ └── stage/ # Contains all files specific to the stage environment
│ ├── group_vars/ # stage specific group_vars files
│ │ ├── all
│ │ ├── db
│ │ └── web
│ └── hosts # Contains only the hosts in the stage environment
│
---
- hosts: all
vars:
jenkins_plugins:
- blueocean
- ghprb
- greenballs
- workflow-aggregator
jenkins_plugin_timeout: 120
pre_tasks:
- include_tasks: java-8.yml
roles:
- geerlingguy.java
- ansible-role-jenkins
界面上设置
使用 Jenkinsfile:类似于 Dockerfile 的一种文本文件,具体介绍:Using a Jenkinsfile[7]
pipeline {
agent any
stages {
stage('Build') {
steps {
sh './gradlew clean build'
archiveArtifacts artifacts: '**/target/*.jar', fingerprint: true
}
}
}
}
在 Jenkins 安装 Ansible 插件[8]
在 Jenkinsfile 中执行
withCredentials([sshUserPrivateKey(keyFileVariable:"deploy_private",credentialsId:"deploy"),file(credentialsId: 'vault_password', variable: 'vault_password')]) {
ansiblePlaybook vaultCredentialsId: 'vault_password', inventory: "environments/prod", playbook: "playbook.yaml",
extraVars:[
ansible_ssh_private_key_file: [value: "${deploy_private}", hidden: true],
build_number: [value: "${params.build_number}", hidden: false]
]
}
ansiblePlaybook 是 Jenkins ansible 插件提供的 pipeline 语法,类似手工执行:ansible-playbook 。
withCredentials 是 Credentials Binding[9] 插件的语法,用于引用一些敏感信息,比如执行 Ansible 时需要的 ssh key 及 Ansible Vault 密码。
一些敏感配置变量,我们使用 Ansible Vault[10] 技术加密。
上基础监控
上 Gitlab
上 Jenkins,并集成 Gitlab
使用 Jenkins 实现自动编译打包
使用 Jenkins 执行 Ansible
CMDB的建设:我们使用 ansible-cmdb[12] 根据 inventory 自动生成当前所有机器的情况
发布管理:Jenkins 上可以对发布的每个阶段进行定制。蓝绿发布等发布方式可以使用通过修改 Ansible 脚本和 Inventory 实现。
自动扩缩容:通过配置 Prometheus 告警规则,调用相应 webhook 就可以实现
ChatOps:ChatOps实战[13]
https://github.com/prometheus/node_exporter
https://github.com/ernestas-poskus/ansible-prometheus
https://github.com/timonwong/prometheus-webhook-dingtalk
https://www.digitalocean.com/community/tutorials/how-to-manage-multistage-environments-with-ansible
http://docs.ansible.com/ansible/latest/modules/consul_module.html
https://github.com/geerlingguy/ansible-role-jenkins
https://jenkins.io/doc/book/pipeline/jenkinsfile/
https://wiki.jenkins.io/display/JENKINS/Ansible+Plugin
https://jenkins.io/doc/pipeline/steps/credentials-binding/
http://docs.ansible.com/ansible/2.5/user_guide/vault.html
https://github.com/audreyr/cookiecutter
https://github.com/fboender/ansible-cmdb
https://showme.codes/2017-10-08/chatops-in-action/
Kubernetes入门与进阶实战培训