配置管理规范 配置管理计划_配置管理简介

配置管理规范 配置管理计划

介绍 (Introduction)

As a broader subject, configuration management (CM) refers to the process of systematically handling changes to a system in a way that it maintains integrity over time. Even though this process was not originated in the IT industry, the term is broadly used to refer to server configuration management.

作为更广泛的主题，配置管理(CM)指的是以系统随着时间的推移保持完整性的方式系统地处理系统更改的过程。 即使此过程并非起源于IT行业，但该术语仍广泛用于指服务器配置管理 。

Automation plays an essential role in server configuration management. It’s the mechanism used to make the server reach a desirable state, previously defined by provisioning scripts using a tool’s specific language and features. Automation is, in fact, the heart of configuration management for servers, and that’s why it’s common to also refer to configuration management tools as Automation Tools or IT Automation Tools.

自动化在服务器配置管理中起着至关重要的作用。 它是使服务器达到理想状态的机制，该机制先前是通过使用工具的特定语言和功能来配置脚本来定义的。 实际上，自动化是服务器配置管理的核心，这就是为什么通常将配置管理工具称为自动化工具或IT自动化工具的原因 。

Another common term used to describe the automation features implemented by configuration management tools is Server Orchestration or IT Orchestration, since these tools are typically capable of managing one to hundreds of servers from a central controller machine.

用于描述由配置管理工具实现的自动化功能的另一个通用术语是服务器编排或IT编排 ，因为这些工具通常能够从中央控制器计算机管理一到数百台服务器。

There are a number of configuration management tools available in the market. Puppet, Ansible, Chef and Salt are popular choices. Although each tool will have its own characteristics and work in slightly different ways, they are all driven by the same purpose: to make sure the system’s state matches the state described by your provisioning scripts.

市场上有许多配置管理工具。 木偶，Ansible，厨师和盐是受欢迎的选择。 尽管每种工具都有其自己的特性，并且工作方式略有不同，但它们都是出于相同的目的：确保系统状态与配置脚本描述的状态匹配。

服务器配置管理的好处 (Benefits of Configuration Management for Servers)

Although the use of configuration management typically requires more initial planning and effort than manual system administration, all but the simplest of server infrastructures will be improved by the benefits that it provides. To name a few:

尽管与手动系统管理相比，使用配置管理通常需要更多的初始计划和工作量，但它所提供的好处将改善除了最简单的服务器基础结构之外的所有基础结构。 仅举几例：

快速配置新服务器 (Quick Provisioning of New Servers)

Whenever a new server needs to be deployed, a configuration management tool can automate most, if not all, of the provisioning process for you. Automation makes provisioning much quicker and more efficient because it allows tedious tasks to be performed faster and more accurately than any human could. Even with proper and thorough documentation, manually deploying a web server, for instance, could take hours compared to a few minutes with configuration management/automation.

每当需要部署新服务器时，配置管理工具都可以为您自动执行大部分(如果不是全部)配置过程。 自动化使调配变得更快，更有效，因为它可以使繁琐的任务比任何人都能更快，更准确地执行。 即使有了适当而详尽的文档，例如，手动部署Web服务器也可能要花费数小时，而配置管理/自动化则要花费几分钟。

从重大事件中快速恢复 (Quick Recovery from Critical Events)

With quick provisioning comes another benefit: quick recovery from critical events. When a server goes offline due to unknown circumstances, it might take several hours to properly audit the system and find out what really happened. In scenarios like this, deploying a replacement server is usually the safest way to get your services back online while a detailed inspection is done on the affected server. With configuration management and automation, this can be done in a quick and reliable way.

快速配置带来了另一个好处：从关键事件中快速恢复。 当服务器由于未知情况而脱机时，可能需要花费几个小时才能正确审核系统并了解实际情况。 在这种情况下，部署备用服务器通常是使服务恢复在线状态的最安全方法，同时对受影响的服务器进行详细检查。 通过配置管理和自动化，可以快速可靠地完成此操作。

不再有雪花服务器 (No More Snowflake Servers)

At first glance, manual system administration may seem to be an easy way to deploy and quickly fix servers, but it often comes with a price. With time, it may become extremely difficult to know exactly what is installed on a server and which changes were made, when the process is not automated. Manual hotfixes, configuration tweaks, and software updates can turn servers into unique snowflakes, hard to manage and even harder to replicate. By using a configuration management tool, the procedure necessary for bringing up a new server or updating an existing one will be all documented in the provisioning scripts.

乍一看，手动系统管理似乎是部署和快速修复服务器的简便方法，但通常要付出代价。 随着时间的流逝，当过程不是自动化的时候，准确地知道服务器上安装了什么以及进行了哪些更改可能变得非常困难。 手动修复程序，配置调整和软件更新会将服务器变成独特的雪花 ，难以管理，甚至难以复制。 通过使用配置管理工具，调配脚本中将记录启动新服务器或更新现有服务器所需的过程。

服务器环境的版本控制 (Version Control for the Server Environment)

Once you have your server setup translated into a set of provisioning scripts, you will have the ability to apply to your server environment many of the tools and workflows you normally use for software source code.

将服务器设置转换为一组配置脚本后，便可以将通常用于软件源代码的许多工具和工作流程应用于服务器环境。

Version control tools, such as Git, can be used to keep track of changes made to the provisioning and to maintain separate branches for legacy versions of the scripts. You can also use version control to implement a code review policy for the provisioning scripts, where any changes should be submitted as a pull request and approved by a project lead before being accepted. This practice will add extra consistency to your infrastructure setup.

版本控制工具(例如Git)可用于跟踪对供应的更改，并为脚本的旧版维护单独的分支。 您还可以使用版本控制为配置脚本实施代码审查策略，其中任何更改都应作为请求请求提交，并在接受之前由项目负责人批准。 这种做法将为您的基础架构设置增加额外的一致性。

复制环境 (Replicated Environments)

Configuration management makes it trivial to replicate environments with the exact same software and configurations. This enables you to effectively build a multistage ecosystem, with production, development, and testing servers. You can even use local virtual machines for development, built with the same provisioning scripts. This practice will minimize problems caused by environment discrepancies that frequently occur when applications are deployed to production or shared between co-workers with different machine setups (different operating system, software versions and/or configurations).

配置管理使使用完全相同的软件和配置复制环境变得轻而易举。 这使您可以使用生产，开发和测试服务器有效地构建多阶段生态系统。 您甚至可以使用本地虚拟机进行开发，这些虚拟机是使用相同的配置脚本构建的。 当将应用程序部署到生产环境或在具有不同机器设置(不同的操作系统，软件版本和/或配置)的同事之间共享时，这种做法将使环境差异引起的问题最小化。

配置管理工具概述 (Overview of Configuration Management Tools)

Even though each CM tool has its own terms, philosophy and ecosystem, they typically share many characteristics and have similar concepts.

尽管每个CM工具都有其自己的术语，理念和生态系统，但它们通常具有许多特征并具有相似的概念。

Most configuration management tools use a controller/master and node/agent model. Essentially, the controller directs the configuration of the nodes, based on a series of instructions or tasks defined in your provisioning scripts.

大多数配置管理工具使用控制器/主节点和节点/代理模型。 本质上，控制器根据您的配置脚本中定义的一系列指令或任务来指导节点的配置。

Below you can find the most common features present in most configuration management tools for servers:

在下面，您可以找到大多数服务器配置管理工具中提供的最常见功能：

自动化框架 (Automation Framework)

Each CM tool provides a specific syntax and a set of features that you can use to write provisioning scripts. Most tools will have features that make their language similar to conventional programming languages, but in a simplified way. Variables, loops, and conditionals are common features provided to facilitate the creation of more versatile provisioning scripts.

每个CM工具都提供了一种特定的语法和一组功能，您可以使用这些功能来编写配置脚本。 大多数工具将具有使其语言类似于常规编程语言的功能，但具有简化的功能。 变量，循环和条件是提供的常见功能，可帮助创建更通用的配置脚本。

等幂行为 (Idempotent Behavior)

Configuration management tools keep track of the state of resources in order to avoid repeating tasks that were executed before. If a package was already installed, the tool won’t try to install it again. The objective is that after each provisioning run the system reaches (or keeps) the desired state, even if you run it multiple times. This is what characterizes these tools as having an idempotent behavior. This behavior is not necessarily enforced in all cases, though.

配置管理工具会跟踪资源状态，以避免重复执行之前执行的任务。 如果已经安装了软件包，则该工具不会尝试再次安装。 目的是，即使您多次运行，在每次配置运行之后，系统也会达到(或保持)所需的状态。 这就是这些工具具有幂等行为的特征 。 但是，不一定在所有情况下都强制执行此行为。

系统事实 (System Facts)

Configuration management tools usually provide detailed information about the system being provisioned. This data is available through global variables, known as facts. They include things like network interfaces, IP addresses, operating system, and distribution. Each tool will provide a different set of facts. They can be used to make provisioning scripts and templates more adaptive for multiple systems.

配置管理工具通常提供有关所配置系统的详细信息。 该数据可通过称为事实的全局变量获得。 它们包括网络接口，IP地址，操作系统和分发之类的内容。 每个工具都会提供不同的事实集。 它们可用于使配置脚本和模板更适合于多个系统。

模板系统 (Templating System)

Most CM tools will provide a built-in templating system that can be used to facilitate setting up configuration files and services. Templates usually support variables, loops, and conditionals that can be used to maximise versatility. For instance, you can use a template to easily set up a new virtual host within Apache, while reusing the same template for multiple server installations. Instead of having only hard-coded, static values, a template should contain placeholders for values that can change from host to host, such as NameServer and DocumentRoot.

大多数CM工具将提供一个内置的模板系统，可用于促进设置配置文件和服务。 模板通常支持变量，循环和条件，可用于最大程度地提高多功能性。 例如，您可以使用模板轻松地在Apache中设置新的虚拟主机，同时将同一模板重新用于多个服务器安装。 模板不仅应包含硬编码的静态值，还应包含可以在主机之间更改的值的占位符，例如NameServer和DocumentRoot 。

可扩展性 (Extensibility)

Even though provisioning scripts can be very specialized for the needs and demands of a particular server, there are many cases when you have similar server setups or parts of a setup that could be shared between multiple servers. Most provisioning tools will provide ways in which you can easily reuse and share smaller chunks of your provisioning setup as modules or plugins.

即使预配脚本可以针对特定服务器的需求进行非常专门的设置，但是在许多情况下，您拥有相似的服务器设置或部分设置可以在多个服务器之间共享。 大多数配置工具都会提供一些方式，您可以轻松地重用它们并将它们的较小块共享为模块或插件。

Third-party modules and plugins are often easy to find on the Internet, specially for common server setups like installing a PHP web server. CM tools tend to have a strong community built around them and users are encouraged to share their custom extensions. Using extensions provided by other users can save you a lot of time, while also serving as an excellent way of learning how other users solved common problems using your tool of choice.

第三方模块和插件通常可以在Internet上找到，特别是对于常见的服务器设置(例如安装PHP Web服务器)。 CM工具倾向于围绕它们建立强大的社区，鼓励用户共享其自定义扩展。 使用其他用户提供的扩展程序可以节省大量时间，同时也是学习其他用户如何使用您选择的工具解决常见问题的绝妙方式。

选择配置管理工具 (Choosing a Configuration Management Tool)

There are many CM tools available in the market, each one with a different set of features and different complexity levels. Popular choices include Chef, Ansible, and Puppet. The first challenge is to choose a tool that is a good fit for your needs.

市场上有许多CM工具，每种工具具有不同的功能集和不同的复杂度。 最受欢迎的选择包括Chef，Ansible和Puppet。 第一个挑战是选择一种适合您需求的工具。

There are a few things you should take into consideration before making a choice:

在做出选择之前，应注意以下几点：

基础设施复杂度 (Infrastructure Complexity)

Most configuration management tools require a minimum hierarchy consisting of a controller machine and a node that will be managed by it. Puppet, for example, requires an agent application to be installed on each node, and a master application to be installed on the controller machine. Ansible, on the other hand, has a decentralized structure that doesn’t require installation of additional software on the nodes, but relies on SSH to execute the provisioning tasks. For smaller projects, a simplified infrastructure might seem like a better fit, however it is important to take into consideration aspects like scalability and security, which may not be enforced by the tool.

大多数配置管理工具都需要一个最小的层次结构，该层次结构由控制器机器和将由其管理的节点组成。 例如，Puppet需要在每个节点上安装一个代理应用程序，并在控制器计算机上安装一个主应用程序。 另一方面，Ansible具有分散的结构，不需要在节点上安装其他软件，而是依靠SSH执行配置任务。 对于较小的项目，简化的基础结构似乎更合适，但是重要的是要考虑到可伸缩性和安全性等方面，而这些方面可能无法由工具强制实施。

Some tools can have more components and moving parts, which might increase the complexity of your infrastructure, impacting on the learning curve and possibly increasing the overall cost of implementation.

一些工具可能具有更多的组件和活动部件，这可能会增加基础架构的复杂性，影响学习曲线，并可能增加总体实施成本。

学习曲线 (Learning Curve)

As mentioned earlier in this article, CM tools provide a custom syntax, sometimes using a Domain Specific Language (DSL), and a set of features that comprise their framework for automation. As with conventional programming languages, some tools will demand a higher learning curve to be mastered. The infrastructure requirements might also influence the complexity of the tool and how quickly you will be able to see a return of investment.

如本文前面所述，CM工具提供了一种自定义语法(有时使用域特定语言(DSL))和一组功能，这些功能构成了它们的自动化框架。 与常规编程语言一样，某些工具将要求掌握更高的学习曲线。 基础架构要求也可能会影响工具的复杂性以及您能够多快地看到投资回报。

成本 (Cost)

Most CM tools offer free or open source versions, with paid subscriptions for advanced features and services. Some tools will have more limitations than others, so depending on your specific needs and how your infrastructure grows, you might end up having to pay for these services. You should also consider training as a potential extra cost, not only in monetary terms, but also regarding the time that will be necessary to get your team up to speed with the tool you end up choosing.

大多数CM工具提供免费或开源版本，并带有付费订阅的高级功能和服务。 有些工具比其他工具有更多的限制，因此，根据您的特定需求和基础架构的增长，您可能最终不得不为这些服务付费。 您还应该将培训视为潜在的额外成本，不仅在金钱上，而且在使您的团队适应最终选择的工具所需的时间方面。

进阶工具 (Advanced Tooling)

As mentioned before, most tools offer paid services that can include support, extensions, and advanced tooling. It’s important to analyse your specific needs, the size of your infrastructure and whether or not there is a need for using these services. Management panels, for instance, are a common service offered by these tools, and they can greatly facilitate the process of managing and monitoring all your servers from a central point. Even if you don’t need such services just yet, consider the options for a possible future necessity.

如前所述，大多数工具都提供付费服务，其中包括支持，扩展和高级工具。 分析您的特定需求，基础架构的大小以及是否需要使用这些服务，这一点很重要。 例如，管理面板是这些工具提供的常见服务，它们可以极大地简化从一个中心点管理和监视所有服务器的过程。 即使您现在还不需要此类服务，请考虑可能的将来选择。

社区与支持 (Community and Support)

A strong and welcoming community can be extremely resourceful for support and for documentation, since users are typically happy to share their knowledge and their extensions (modules, plugins, and provisioning scripts) with other users. This can be helpful to speed up your learning curve and avoid extra costs with paid support or training.

一个强大而热情的社区可以为支持和文档提供极为丰富的资源，因为用户通常很乐意与其他用户分享他们的知识及其扩展(模块，插件和配置脚本)。 这可以帮助您加快学习进度，并避免在付费支持或培训下产生额外费用。

流行工具概述 (Overview of Popular Tools)

The table below should give you a quick overview of the main differences between three of the most popular configuration management tools available in the market today: Ansible, Puppet, and Chef.

下表可以让您快速概述当今市场上三种最流行的配置管理工具之间的主要区别：Ansible，Puppet和Chef。

	Ansible	Puppet	Chef
Script Language	YAML	Custom DSL based on Ruby	Ruby
Infrastructure	Controller machine applies configuration on nodes via SSH	Puppet Master synchronizes configuration on Puppet Nodes	Chef Workstations push configuration to Chef Server, from which the Chef Nodes will be updated
Requires specialized software for nodes	No	Yes	Yes
Provides centralized point of control	No. Any computer can be a controller	Yes, via Puppet Master	Yes, via Chef Server
Script Terminology	Playbook / Roles	Manifests / Modules	Recipes / Cookbooks
Task Execution Order	Sequential	Non-Sequential	Sequential

	Ansible	木偶	厨师
脚本语言	YAML	基于Ruby的自定义DSL	Ruby
基础设施	控制器机器通过SSH在节点上应用配置	Puppet Master同步Puppet节点上的配置	Chef工作站将配置推送到Chef服务器，从该服务器将更新Chef节点
需要用于节点的专用软件	没有	是	是
提供集中控制点	否。任何计算机都可以作为控制器	是的，通过Puppet Master	是的，通过Chef Server
脚本术语	剧本/角色	清单/模块	食谱/食谱
任务执行顺序	顺序的	非顺序	顺序的

下一步 (Next Steps)

So far, we’ve seen how configuration management works for servers, and what to consider when choosing a tool for building your configuration management infrastructure. In subsequent guides in this series, we will have a hands-on experience with three popular configuration management tools: Ansible, Puppet and Chef.

到目前为止，我们已经了解了配置管理如何用于服务器，以及在选择用于构建配置管理基础结构的工具时应考虑的因素。 在本系列的后续指南中，我们将亲身体验三种流行的配置管理工具：Ansible，Puppet和Chef。

In order to give you a chance to compare these tools by yourself, we are going to use a simple example of server setup that should be fully automated by each tool. This setup consists of an Ubuntu 18.04 server running Apache to host a simple web page.

为了使您有机会自己比较这些工具，我们将使用一个简单的服务器设置示例，该示例应由每个工具完全自动化。 此设置包含一个运行Apache的Ubuntu 18.04服务器，以承载一个简单的网页。

结论 (Conclusion)

Configuration management can drastically improve the integrity of servers over time by providing a framework for automating processes and keeping track of changes made to the system environment. In the next guide in this series, we will see how to implement a configuration management strategy in practice using Ansible as tool.

配置管理可以通过提供用于自动化过程并跟踪对系统环境所做的更改的框架来随着时间的推移极大地改善服务器的完整性。 在本系列的下一个指南中，我们将看到如何在实际中使用Ansible作为工具来实现配置管理策略。

翻译自: https://www.digitalocean.com/community/tutorials/an-introduction-to-configuration-management

配置管理规范 配置管理计划