Clever Geek Handbook

管理Github:通过Terraform到自定义Ansible解决方案

Github上有350多人和400多个存储库。每个萝卜可以有几个管理员,他们会做自己认为合适的事情-自然地,一个人不知道另一个人在做什么。当我们厌倦了在基础架构中查看其他人的痛苦并手动添加/删除人员时,我们决定改用集中管理,即“基础架构即代码”。



图片



我们选择了Terraform作为平台。



“我有字母为O,P,A的立方体...”



一切在纸上看起来都很顺利。Terraform很流行,找到知道它的人并不难。它具有状态,并且TF带来了匹配的资源-我们始终可以确保实际配置与描述的完全相同。而且无需再爬Web UI了-我查看了配置并看到了所有内容。



. TF , . 20 , — Github- API.



, :



  1. .
  2. .
  3. .
  4. .
  5. .
  6. .


.  , Terraform : 1 4. , 2 5. : TF , , .  — , .  , - -   PR, c . …



. . :



resource "github_membership" "membership_for_" {
    username = ""
    role     = "member"
}

resource "github_team" "team_" {
    name           = ""
    description    = ""
    privacy        = "closed"
    parent_team_id = "123456"
}

resource "github_team_membership" "team___membership" {
    team_id  = "${data.terraform_remote_state.teams.team__id}"
    username = ""
    role     = "member"
}

resource "github_repository" "" {
    name          = ""
    description   = ""
    homepage_url  = ""
    has_projects  = false
    has_wiki      = true
    has_issues    = true
    has_downloads = true
    private       = true
    archived      = false
    topics        = ["yii", "school", "mobile"]
}

resource "github_team_repository" "team__repo_" {
    team_id    = "${data.terraform_remote_state.teams.team__id}"
    repository = "${data.terraform_remote_state.repos.repo__name}"
    permission = "push"
}

resource "github_repository_collaborator" "__collaborator" {
    repository = ""
    username   = ""
    permission = "admin"
}


, , - , - .  — .  — . ...



, id.  — — , id .  .  . - .  — ?  .



« » .  — « ».  .  ?  ?  ?  .  , .  , — .



TF, , - . - , . Terraform !  , : TF, - TF.  ...



-, -!



图片



— API.  — . , Terraform , 800 , 801 - , , .



  • .
  • , .  resource, value 123456, , .
  • - — , --  .
  • / / — .


YAML





skyeng:
  name: Skyeng
  admin:
    - aleksandr.sergeich

  member:
    - andrey.vadimych
    - denis.andreich
    - mikhail.leonidych
    - vladimir.nickolaich




qa-team:
  privacy: secret

  maintainer:
    - denis.andreich

  member:
    - andrey.vadimych
    - mikhail.leonidych
    - vladimir.nickolaich




alerta:
  description: >-
    Alerta monitoring system
  homepage: https://alerta.io

  teams:
    admin:
      - admin-team

    push:
      - dev-team
      - qa-team

  collaborators:
    direct:
      - denis.andreich

    outside:
      - william.shakespeare


, —



, TF — , …  Ansible, .



: , — .  CI/CD.  - : , .  .  , .



:



ansible-playbook gitwand.yml
    -e github_repos__state=present
    -e github_repos__include=my_repo


- — :



ansible-playbook gitwand.yml
    -e github_teams__state=present
    -e github_teams__include=my_team


, github_teams__include.



.  LDAP, , , .  , , , - .  Github-.





.



More articles:


All Articles