blockmine 1.24.0 → 1.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +32 -0
- package/README.en.md +427 -0
- package/README.md +40 -0
- package/backend/cli.js +1 -1
- package/backend/src/ai/plugin-assistant-system-prompt.md +664 -5
- package/backend/src/api/routes/bots.js +13 -0
- package/backend/src/api/routes/servers.js +14 -2
- package/backend/src/core/BotProcess.js +98 -2
- package/backend/src/core/PluginLoader.js +83 -3
- package/backend/src/core/PluginManager.js +75 -5
- package/backend/src/core/services/BotLifecycleService.js +186 -2
- package/backend/src/server.js +11 -1
- package/frontend/dist/assets/browser-ponyfill-DN7pwmHT.js +2 -0
- package/frontend/dist/assets/index-LSy71uwm.js +11261 -0
- package/frontend/dist/assets/index-SfhKxI4-.css +32 -0
- package/frontend/dist/flags/en.svg +32 -0
- package/frontend/dist/flags/ru.svg +5 -0
- package/frontend/dist/index.html +2 -2
- package/frontend/dist/locales/en/admin.json +100 -0
- package/frontend/dist/locales/en/api-keys.json +58 -0
- package/frontend/dist/locales/en/bots.json +110 -0
- package/frontend/dist/locales/en/common.json +47 -0
- package/frontend/dist/locales/en/configuration.json +22 -0
- package/frontend/dist/locales/en/console.json +10 -0
- package/frontend/dist/locales/en/dashboard.json +85 -0
- package/frontend/dist/locales/en/dialogs.json +70 -0
- package/frontend/dist/locales/en/event-graphs.json +50 -0
- package/frontend/dist/locales/en/graph-store.json +70 -0
- package/frontend/dist/locales/en/login.json +34 -0
- package/frontend/dist/locales/en/management.json +114 -0
- package/frontend/dist/locales/en/minecraft-viewer.json +27 -0
- package/frontend/dist/locales/en/nodes.json +1077 -0
- package/frontend/dist/locales/en/permissions.json +50 -0
- package/frontend/dist/locales/en/plugin-detail.json +49 -0
- package/frontend/dist/locales/en/plugins.json +110 -0
- package/frontend/dist/locales/en/proxies.json +81 -0
- package/frontend/dist/locales/en/servers.json +39 -0
- package/frontend/dist/locales/en/setup.json +17 -0
- package/frontend/dist/locales/en/sidebar.json +27 -0
- package/frontend/dist/locales/en/tasks.json +62 -0
- package/frontend/dist/locales/en/visual-editor.json +219 -0
- package/frontend/dist/locales/en/websocket.json +86 -0
- package/frontend/dist/locales/ru/admin.json +100 -0
- package/frontend/dist/locales/ru/api-keys.json +58 -0
- package/frontend/dist/locales/ru/bots.json +110 -0
- package/frontend/dist/locales/ru/common.json +49 -0
- package/frontend/dist/locales/ru/configuration.json +22 -0
- package/frontend/dist/locales/ru/console.json +10 -0
- package/frontend/dist/locales/ru/dashboard.json +85 -0
- package/frontend/dist/locales/ru/dialogs.json +70 -0
- package/frontend/dist/locales/ru/event-graphs.json +50 -0
- package/frontend/dist/locales/ru/graph-store.json +70 -0
- package/frontend/dist/locales/ru/login.json +34 -0
- package/frontend/dist/locales/ru/management.json +114 -0
- package/frontend/dist/locales/ru/minecraft-viewer.json +27 -0
- package/frontend/dist/locales/ru/nodes.json +1077 -0
- package/frontend/dist/locales/ru/permissions.json +50 -0
- package/frontend/dist/locales/ru/plugin-detail.json +49 -0
- package/frontend/dist/locales/ru/plugins.json +110 -0
- package/frontend/dist/locales/ru/proxies.json +81 -0
- package/frontend/dist/locales/ru/servers.json +39 -0
- package/frontend/dist/locales/ru/setup.json +17 -0
- package/frontend/dist/locales/ru/sidebar.json +27 -0
- package/frontend/dist/locales/ru/tasks.json +62 -0
- package/frontend/dist/locales/ru/visual-editor.json +221 -0
- package/frontend/dist/locales/ru/websocket.json +86 -0
- package/frontend/dist/monacoeditorwork/css.worker.bundle.js +7 -7
- package/frontend/dist/monacoeditorwork/html.worker.bundle.js +7 -7
- package/frontend/dist/monacoeditorwork/json.worker.bundle.js +7 -7
- package/frontend/dist/monacoeditorwork/ts.worker.bundle.js +3 -3
- package/frontend/package.json +4 -0
- package/package.json +1 -1
- package/screen/3dviewer.png +0 -0
- package/screen/console.png +0 -0
- package/screen/dashboard.png +0 -0
- package/screen/graph_collabe.png +0 -0
- package/screen/graph_live_debug.png +0 -0
- package/screen/language_selector.png +0 -0
- package/screen/management_command.png +0 -0
- package/screen/node_debug_trace.png +0 -0
- package/screen/plugin_/320/276/320/261/320/267/320/276/321/200.png +0 -0
- package/screen/websocket.png +0 -0
- package/screen//320/275/320/260/321/201/321/202/321/200/320/276/320/271/320/272/320/270_/320/276/321/202/320/264/320/265/320/273/321/214/320/275/321/213/321/205_/320/272/320/276/320/274/320/260/320/275/320/264_/320/272/320/260/320/266/320/264/321/203_/320/272/320/276/320/274/320/260/320/275/320/273/320/264/321/203_/320/274/320/276/320/266/320/275/320/276_/320/275/320/260/321/201/321/202/321/200/320/260/320/270/320/262/320/260/321/202/321/214.png +0 -0
- package/screen//320/277/320/273/320/260/320/275/320/270/321/200/320/276/320/262/321/211/320/270/320/272_/320/274/320/276/320/266/320/275/320/276_/320/267/320/260/320/264/320/260/320/262/320/260/321/202/321/214_/320/264/320/265/320/271/321/201/321/202/320/262/320/270/321/217_/320/277/320/276_/320/262/321/200/320/265/320/274/320/265/320/275/320/270.png +0 -0
- package/.claude/agents/README.md +0 -469
- package/.claude/agents/auth-route-debugger.md +0 -118
- package/.claude/agents/auth-route-tester.md +0 -93
- package/.claude/agents/auto-error-resolver.md +0 -97
- package/.claude/agents/build-optimizer.md +0 -236
- package/.claude/agents/code-architect.md +0 -34
- package/.claude/agents/code-architecture-reviewer.md +0 -83
- package/.claude/agents/code-explorer.md +0 -51
- package/.claude/agents/code-refactor-master.md +0 -94
- package/.claude/agents/code-reviewer.md +0 -46
- package/.claude/agents/cost-optimizer.md +0 -134
- package/.claude/agents/deployment-orchestrator.md +0 -113
- package/.claude/agents/documentation-architect.md +0 -82
- package/.claude/agents/frontend-error-fixer.md +0 -77
- package/.claude/agents/iac-code-generator.md +0 -71
- package/.claude/agents/incident-responder.md +0 -346
- package/.claude/agents/infrastructure-architect.md +0 -31
- package/.claude/agents/kubernetes-specialist.md +0 -56
- package/.claude/agents/migration-planner.md +0 -181
- package/.claude/agents/network-architect.md +0 -196
- package/.claude/agents/plan-reviewer.md +0 -52
- package/.claude/agents/refactor-planner.md +0 -63
- package/.claude/agents/security-scanner.md +0 -102
- package/.claude/agents/web-research-specialist.md +0 -78
- package/.claude/commands/cost-analysis.md +0 -315
- package/.claude/commands/dev-docs-update.md +0 -55
- package/.claude/commands/dev-docs.md +0 -51
- package/.claude/commands/feature-dev.md +0 -125
- package/.claude/commands/incident-debug.md +0 -247
- package/.claude/commands/infra-plan.md +0 -81
- package/.claude/commands/migration-plan.md +0 -478
- package/.claude/commands/route-research-for-testing.md +0 -37
- package/.claude/commands/security-review.md +0 -66
- package/.claude/hooks/CONFIG.md +0 -448
- package/.claude/hooks/README.md +0 -163
- package/.claude/hooks/SKILL_ACTIVATION_COMPLETE.md +0 -226
- package/.claude/hooks/WINDOWS_HOOKS_README.md +0 -151
- package/.claude/hooks/add-skill-activation-banners.ts +0 -132
- package/.claude/hooks/comprehensive-skill-test.ts +0 -1315
- package/.claude/hooks/error-handling-reminder.sh +0 -12
- package/.claude/hooks/error-handling-reminder.ts +0 -222
- package/.claude/hooks/k8s-manifest-validator.sh +0 -56
- package/.claude/hooks/package-lock.json +0 -556
- package/.claude/hooks/package.json +0 -16
- package/.claude/hooks/post-tool-use-tracker.ps1 +0 -174
- package/.claude/hooks/post-tool-use-tracker.sh +0 -183
- package/.claude/hooks/security-policy-check.sh +0 -247
- package/.claude/hooks/skill-activation-prompt.ps1 +0 -10
- package/.claude/hooks/skill-activation-prompt.sh +0 -10
- package/.claude/hooks/skill-activation-prompt.ts +0 -141
- package/.claude/hooks/stop-build-check-enhanced.sh +0 -130
- package/.claude/hooks/terraform-validator.sh +0 -53
- package/.claude/hooks/test-input.json +0 -7
- package/.claude/hooks/test-skill-activation.ts +0 -427
- package/.claude/hooks/trigger-build-resolver.sh +0 -79
- package/.claude/hooks/tsc-check.sh +0 -173
- package/.claude/hooks/tsconfig.json +0 -19
- package/.claude/settings.json +0 -59
- package/.claude/settings.local.json +0 -67
- package/.claude/skills/README.md +0 -507
- package/.claude/skills/api-engineering/SKILL.md +0 -63
- package/.claude/skills/api-engineering/resources/api-versioning.md +0 -88
- package/.claude/skills/api-engineering/resources/graphql-patterns.md +0 -106
- package/.claude/skills/api-engineering/resources/rate-limiting.md +0 -118
- package/.claude/skills/api-engineering/resources/rest-api-design.md +0 -105
- package/.claude/skills/backend-dev-guidelines/SKILL.md +0 -306
- package/.claude/skills/backend-dev-guidelines/resources/architecture-overview.md +0 -451
- package/.claude/skills/backend-dev-guidelines/resources/async-and-errors.md +0 -307
- package/.claude/skills/backend-dev-guidelines/resources/complete-examples.md +0 -638
- package/.claude/skills/backend-dev-guidelines/resources/configuration.md +0 -275
- package/.claude/skills/backend-dev-guidelines/resources/database-patterns.md +0 -224
- package/.claude/skills/backend-dev-guidelines/resources/middleware-guide.md +0 -213
- package/.claude/skills/backend-dev-guidelines/resources/routing-and-controllers.md +0 -756
- package/.claude/skills/backend-dev-guidelines/resources/sentry-and-monitoring.md +0 -336
- package/.claude/skills/backend-dev-guidelines/resources/services-and-repositories.md +0 -789
- package/.claude/skills/backend-dev-guidelines/resources/testing-guide.md +0 -235
- package/.claude/skills/backend-dev-guidelines/resources/validation-patterns.md +0 -754
- package/.claude/skills/budget-and-cost-management/SKILL.md +0 -850
- package/.claude/skills/build-engineering/SKILL.md +0 -431
- package/.claude/skills/build-engineering/resources/artifact-repositories.md +0 -72
- package/.claude/skills/build-engineering/resources/build-caching.md +0 -96
- package/.claude/skills/build-engineering/resources/build-pipelines.md +0 -105
- package/.claude/skills/build-engineering/resources/build-security.md +0 -95
- package/.claude/skills/build-engineering/resources/build-systems.md +0 -389
- package/.claude/skills/build-engineering/resources/compilation-optimization.md +0 -201
- package/.claude/skills/build-engineering/resources/dependency-management.md +0 -73
- package/.claude/skills/build-engineering/resources/monorepo-builds.md +0 -110
- package/.claude/skills/build-engineering/resources/performance-optimization.md +0 -113
- package/.claude/skills/build-engineering/resources/reproducible-builds.md +0 -82
- package/.claude/skills/cloud-engineering/SKILL.md +0 -675
- package/.claude/skills/cloud-engineering/resources/aws-patterns.md +0 -742
- package/.claude/skills/cloud-engineering/resources/azure-patterns.md +0 -714
- package/.claude/skills/cloud-engineering/resources/cleared-cloud-environments.md +0 -987
- package/.claude/skills/cloud-engineering/resources/cloud-cost-optimization.md +0 -757
- package/.claude/skills/cloud-engineering/resources/cloud-networking.md +0 -1058
- package/.claude/skills/cloud-engineering/resources/cloud-security-tools.md +0 -1530
- package/.claude/skills/cloud-engineering/resources/cloud-security.md +0 -990
- package/.claude/skills/cloud-engineering/resources/gcp-patterns.md +0 -758
- package/.claude/skills/cloud-engineering/resources/migration-strategies.md +0 -820
- package/.claude/skills/cloud-engineering/resources/multi-cloud-strategies.md +0 -670
- package/.claude/skills/cloud-engineering/resources/oci-patterns.md +0 -1198
- package/.claude/skills/cloud-engineering/resources/serverless-patterns.md +0 -795
- package/.claude/skills/cloud-engineering/resources/well-architected-frameworks.md +0 -966
- package/.claude/skills/cybersecurity/SKILL.md +0 -409
- package/.claude/skills/cybersecurity/resources/security-architecture.md +0 -266
- package/.claude/skills/database-engineering/SKILL.md +0 -61
- package/.claude/skills/database-engineering/resources/backup-and-recovery.md +0 -72
- package/.claude/skills/database-engineering/resources/database-replication.md +0 -63
- package/.claude/skills/database-engineering/resources/postgresql-fundamentals.md +0 -70
- package/.claude/skills/database-engineering/resources/query-optimization.md +0 -68
- package/.claude/skills/devsecops/SKILL.md +0 -374
- package/.claude/skills/devsecops/resources/ci-cd-security.md +0 -204
- package/.claude/skills/devsecops/resources/compliance-automation.md +0 -530
- package/.claude/skills/devsecops/resources/compliance-frameworks.md +0 -2322
- package/.claude/skills/devsecops/resources/container-security.md +0 -915
- package/.claude/skills/devsecops/resources/cspm-integration.md +0 -1440
- package/.claude/skills/devsecops/resources/policy-enforcement.md +0 -619
- package/.claude/skills/devsecops/resources/secrets-management.md +0 -755
- package/.claude/skills/devsecops/resources/security-monitoring.md +0 -146
- package/.claude/skills/devsecops/resources/security-scanning.md +0 -887
- package/.claude/skills/devsecops/resources/security-testing.md +0 -203
- package/.claude/skills/devsecops/resources/supply-chain-security.md +0 -518
- package/.claude/skills/devsecops/resources/vulnerability-management.md +0 -481
- package/.claude/skills/devsecops/resources/zero-trust-architecture.md +0 -177
- package/.claude/skills/documentation-as-code/SKILL.md +0 -323
- package/.claude/skills/documentation-as-code/resources/api-documentation.md +0 -90
- package/.claude/skills/documentation-as-code/resources/changelog-management.md +0 -79
- package/.claude/skills/documentation-as-code/resources/diagram-generation.md +0 -44
- package/.claude/skills/documentation-as-code/resources/docs-as-code-workflow.md +0 -99
- package/.claude/skills/documentation-as-code/resources/documentation-automation.md +0 -68
- package/.claude/skills/documentation-as-code/resources/documentation-sites.md +0 -79
- package/.claude/skills/documentation-as-code/resources/markdown-best-practices.md +0 -162
- package/.claude/skills/documentation-as-code/resources/openapi-specification.md +0 -77
- package/.claude/skills/documentation-as-code/resources/readme-engineering.md +0 -60
- package/.claude/skills/documentation-as-code/resources/technical-writing-guide.md +0 -202
- package/.claude/skills/engineering-management/SKILL.md +0 -356
- package/.claude/skills/engineering-management/resources/career-ladders.md +0 -609
- package/.claude/skills/engineering-management/resources/hiring-and-assessment.md +0 -555
- package/.claude/skills/engineering-management/resources/one-on-one-guides.md +0 -609
- package/.claude/skills/engineering-management/resources/resource-planning.md +0 -557
- package/.claude/skills/engineering-management/resources/team-organization-patterns.md +0 -491
- package/.claude/skills/engineering-management/resources/technical-interviews.md +0 -474
- package/.claude/skills/engineering-operations-management/SKILL.md +0 -817
- package/.claude/skills/error-tracking/SKILL.md +0 -379
- package/.claude/skills/frontend-design/SKILL.md +0 -42
- package/.claude/skills/frontend-dev-guidelines/SKILL.md +0 -403
- package/.claude/skills/frontend-dev-guidelines/resources/common-patterns.md +0 -331
- package/.claude/skills/frontend-dev-guidelines/resources/complete-examples.md +0 -872
- package/.claude/skills/frontend-dev-guidelines/resources/component-patterns.md +0 -502
- package/.claude/skills/frontend-dev-guidelines/resources/data-fetching.md +0 -767
- package/.claude/skills/frontend-dev-guidelines/resources/file-organization.md +0 -502
- package/.claude/skills/frontend-dev-guidelines/resources/loading-and-error-states.md +0 -501
- package/.claude/skills/frontend-dev-guidelines/resources/performance.md +0 -406
- package/.claude/skills/frontend-dev-guidelines/resources/routing-guide.md +0 -364
- package/.claude/skills/frontend-dev-guidelines/resources/styling-guide.md +0 -428
- package/.claude/skills/frontend-dev-guidelines/resources/typescript-standards.md +0 -418
- package/.claude/skills/general-it-engineering/SKILL.md +0 -393
- package/.claude/skills/general-it-engineering/resources/asset-management.md +0 -712
- package/.claude/skills/general-it-engineering/resources/automation-orchestration.md +0 -817
- package/.claude/skills/general-it-engineering/resources/business-continuity.md +0 -786
- package/.claude/skills/general-it-engineering/resources/change-management.md +0 -715
- package/.claude/skills/general-it-engineering/resources/enterprise-monitoring.md +0 -729
- package/.claude/skills/general-it-engineering/resources/help-desk-operations.md +0 -738
- package/.claude/skills/general-it-engineering/resources/incident-service-management.md +0 -834
- package/.claude/skills/general-it-engineering/resources/it-governance.md +0 -753
- package/.claude/skills/general-it-engineering/resources/itil-framework.md +0 -503
- package/.claude/skills/general-it-engineering/resources/service-management.md +0 -669
- package/.claude/skills/infrastructure-architecture/SKILL.md +0 -328
- package/.claude/skills/infrastructure-architecture/resources/architecture-decision-records.md +0 -505
- package/.claude/skills/infrastructure-architecture/resources/architecture-patterns.md +0 -528
- package/.claude/skills/infrastructure-architecture/resources/capacity-planning.md +0 -453
- package/.claude/skills/infrastructure-architecture/resources/cleared-environment-architecture.md +0 -773
- package/.claude/skills/infrastructure-architecture/resources/cost-architecture.md +0 -499
- package/.claude/skills/infrastructure-architecture/resources/data-architecture.md +0 -501
- package/.claude/skills/infrastructure-architecture/resources/disaster-recovery.md +0 -535
- package/.claude/skills/infrastructure-architecture/resources/migration-architecture.md +0 -512
- package/.claude/skills/infrastructure-architecture/resources/multi-region-design.md +0 -608
- package/.claude/skills/infrastructure-architecture/resources/reference-architectures.md +0 -562
- package/.claude/skills/infrastructure-architecture/resources/security-architecture.md +0 -538
- package/.claude/skills/infrastructure-architecture/resources/system-design-principles.md +0 -489
- package/.claude/skills/infrastructure-architecture/resources/workload-classification.md +0 -1000
- package/.claude/skills/infrastructure-strategy/SKILL.md +0 -924
- package/.claude/skills/network-engineering/SKILL.md +0 -385
- package/.claude/skills/network-engineering/resources/dns-management.md +0 -738
- package/.claude/skills/network-engineering/resources/load-balancing.md +0 -820
- package/.claude/skills/network-engineering/resources/network-architecture.md +0 -546
- package/.claude/skills/network-engineering/resources/network-security.md +0 -921
- package/.claude/skills/network-engineering/resources/network-troubleshooting.md +0 -749
- package/.claude/skills/network-engineering/resources/routing-switching.md +0 -373
- package/.claude/skills/network-engineering/resources/sdn-networking.md +0 -695
- package/.claude/skills/network-engineering/resources/service-mesh-networking.md +0 -777
- package/.claude/skills/network-engineering/resources/tcp-ip-protocols.md +0 -444
- package/.claude/skills/network-engineering/resources/vpn-connectivity.md +0 -672
- package/.claude/skills/node-development/SKILL.md +0 -317
- package/.claude/skills/observability-engineering/SKILL.md +0 -101
- package/.claude/skills/observability-engineering/resources/apm-tools.md +0 -97
- package/.claude/skills/observability-engineering/resources/correlation-strategies.md +0 -87
- package/.claude/skills/observability-engineering/resources/distributed-tracing.md +0 -98
- package/.claude/skills/observability-engineering/resources/logs-aggregation.md +0 -118
- package/.claude/skills/observability-engineering/resources/observability-cost-optimization.md +0 -141
- package/.claude/skills/observability-engineering/resources/opentelemetry.md +0 -110
- package/.claude/skills/platform-engineering/SKILL.md +0 -555
- package/.claude/skills/platform-engineering/resources/architecture-overview.md +0 -600
- package/.claude/skills/platform-engineering/resources/container-orchestration.md +0 -916
- package/.claude/skills/platform-engineering/resources/cost-optimization.md +0 -634
- package/.claude/skills/platform-engineering/resources/developer-platforms.md +0 -670
- package/.claude/skills/platform-engineering/resources/gitops-automation.md +0 -650
- package/.claude/skills/platform-engineering/resources/infrastructure-as-code.md +0 -778
- package/.claude/skills/platform-engineering/resources/infrastructure-standards.md +0 -708
- package/.claude/skills/platform-engineering/resources/multi-tenancy.md +0 -602
- package/.claude/skills/platform-engineering/resources/platform-security.md +0 -711
- package/.claude/skills/platform-engineering/resources/resource-management.md +0 -592
- package/.claude/skills/platform-engineering/resources/service-mesh.md +0 -628
- package/.claude/skills/release-engineering/SKILL.md +0 -393
- package/.claude/skills/release-engineering/resources/artifact-management.md +0 -108
- package/.claude/skills/release-engineering/resources/build-optimization.md +0 -84
- package/.claude/skills/release-engineering/resources/ci-cd-pipelines.md +0 -411
- package/.claude/skills/release-engineering/resources/deployment-strategies.md +0 -197
- package/.claude/skills/release-engineering/resources/pipeline-security.md +0 -62
- package/.claude/skills/release-engineering/resources/progressive-delivery.md +0 -83
- package/.claude/skills/release-engineering/resources/release-automation.md +0 -68
- package/.claude/skills/release-engineering/resources/release-orchestration.md +0 -77
- package/.claude/skills/release-engineering/resources/rollback-strategies.md +0 -66
- package/.claude/skills/release-engineering/resources/versioning-strategies.md +0 -59
- package/.claude/skills/route-tester/SKILL.md +0 -392
- package/.claude/skills/skill-developer/ADVANCED.md +0 -197
- package/.claude/skills/skill-developer/HOOK_MECHANISMS.md +0 -306
- package/.claude/skills/skill-developer/PATTERNS_LIBRARY.md +0 -152
- package/.claude/skills/skill-developer/SKILL.md +0 -430
- package/.claude/skills/skill-developer/SKILL_RULES_REFERENCE.md +0 -315
- package/.claude/skills/skill-developer/TRIGGER_TYPES.md +0 -305
- package/.claude/skills/skill-developer/TROUBLESHOOTING.md +0 -514
- package/.claude/skills/skill-rules.json +0 -2989
- package/.claude/skills/sre/SKILL.md +0 -464
- package/.claude/skills/sre/resources/alerting-best-practices.md +0 -282
- package/.claude/skills/sre/resources/capacity-planning.md +0 -226
- package/.claude/skills/sre/resources/chaos-engineering.md +0 -193
- package/.claude/skills/sre/resources/disaster-recovery.md +0 -232
- package/.claude/skills/sre/resources/incident-management.md +0 -436
- package/.claude/skills/sre/resources/observability-stack.md +0 -240
- package/.claude/skills/sre/resources/on-call-runbooks.md +0 -167
- package/.claude/skills/sre/resources/performance-optimization.md +0 -108
- package/.claude/skills/sre/resources/reliability-patterns.md +0 -183
- package/.claude/skills/sre/resources/slo-sli-sla.md +0 -464
- package/.claude/skills/sre/resources/toil-reduction.md +0 -145
- package/.claude/skills/systems-engineering/SKILL.md +0 -648
- package/.claude/skills/systems-engineering/resources/automation-patterns.md +0 -771
- package/.claude/skills/systems-engineering/resources/configuration-management.md +0 -998
- package/.claude/skills/systems-engineering/resources/linux-administration.md +0 -672
- package/.claude/skills/systems-engineering/resources/networking-fundamentals.md +0 -982
- package/.claude/skills/systems-engineering/resources/performance-tuning.md +0 -871
- package/.claude/skills/systems-engineering/resources/powershell-scripting.md +0 -482
- package/.claude/skills/systems-engineering/resources/security-hardening.md +0 -739
- package/.claude/skills/systems-engineering/resources/shell-scripting.md +0 -915
- package/.claude/skills/systems-engineering/resources/storage-management.md +0 -628
- package/.claude/skills/systems-engineering/resources/system-monitoring.md +0 -787
- package/.claude/skills/systems-engineering/resources/troubleshooting-guide.md +0 -753
- package/.claude/skills/systems-engineering/resources/windows-administration.md +0 -738
- package/.claude/skills/technical-leadership/SKILL.md +0 -728
- package/backend/docs/SECRETS_DOCUMENTATION.md +0 -327
- package/frontend/dist/assets/index-BC-NbKXi.css +0 -32
- package/frontend/dist/assets/index-DqJXZMHY.js +0 -11266
|
@@ -1,998 +0,0 @@
|
|
|
1
|
-
# Configuration Management
|
|
2
|
-
|
|
3
|
-
Comprehensive guide to configuration management tools including Ansible, Chef, and Puppet with production-ready playbooks, cookbooks, and manifests for infrastructure automation.
|
|
4
|
-
|
|
5
|
-
## Table of Contents
|
|
6
|
-
|
|
7
|
-
- [Configuration Management Overview](#configuration-management-overview)
|
|
8
|
-
- [Ansible](#ansible)
|
|
9
|
-
- [Chef](#chef)
|
|
10
|
-
- [Puppet](#puppet)
|
|
11
|
-
- [Idempotency Patterns](#idempotency-patterns)
|
|
12
|
-
- [Testing Infrastructure Code](#testing-infrastructure-code)
|
|
13
|
-
- [Version Control Strategies](#version-control-strategies)
|
|
14
|
-
- [Best Practices](#best-practices)
|
|
15
|
-
|
|
16
|
-
## Configuration Management Overview
|
|
17
|
-
|
|
18
|
-
### Why Configuration Management?
|
|
19
|
-
|
|
20
|
-
```
|
|
21
|
-
Benefits:
|
|
22
|
-
✓ Infrastructure as Code
|
|
23
|
-
✓ Reproducibility
|
|
24
|
-
✓ Version control
|
|
25
|
-
✓ Automated deployments
|
|
26
|
-
✓ Consistency across environments
|
|
27
|
-
✓ Disaster recovery
|
|
28
|
-
✓ Documentation (code is documentation)
|
|
29
|
-
```
|
|
30
|
-
|
|
31
|
-
### Tool Comparison
|
|
32
|
-
|
|
33
|
-
| Feature | Ansible | Chef | Puppet |
|
|
34
|
-
|---------|---------|------|--------|
|
|
35
|
-
| **Architecture** | Agentless (SSH) | Agent-based | Agent-based |
|
|
36
|
-
| **Language** | YAML | Ruby DSL | Declarative DSL |
|
|
37
|
-
| **Learning Curve** | Low | Medium | Medium-High |
|
|
38
|
-
| **Execution** | Push model | Pull model | Pull model |
|
|
39
|
-
| **Best For** | Quick automation | Large infrastructures | Compliance |
|
|
40
|
-
|
|
41
|
-
## Ansible
|
|
42
|
-
|
|
43
|
-
### Directory Structure
|
|
44
|
-
|
|
45
|
-
```
|
|
46
|
-
ansible/
|
|
47
|
-
├── ansible.cfg # Ansible configuration
|
|
48
|
-
├── inventory/
|
|
49
|
-
│ ├── production/
|
|
50
|
-
│ │ ├── hosts # Inventory file
|
|
51
|
-
│ │ └── group_vars/
|
|
52
|
-
│ │ ├── all.yml # Variables for all hosts
|
|
53
|
-
│ │ ├── webservers.yml # Web server vars
|
|
54
|
-
│ │ └── databases.yml # Database vars
|
|
55
|
-
│ └── staging/
|
|
56
|
-
│ ├── hosts
|
|
57
|
-
│ └── group_vars/
|
|
58
|
-
├── roles/
|
|
59
|
-
│ ├── common/ # Base configuration
|
|
60
|
-
│ │ ├── tasks/
|
|
61
|
-
│ │ │ └── main.yml
|
|
62
|
-
│ │ ├── handlers/
|
|
63
|
-
│ │ │ └── main.yml
|
|
64
|
-
│ │ ├── templates/
|
|
65
|
-
│ │ ├── files/
|
|
66
|
-
│ │ ├── vars/
|
|
67
|
-
│ │ │ └── main.yml
|
|
68
|
-
│ │ ├── defaults/
|
|
69
|
-
│ │ │ └── main.yml
|
|
70
|
-
│ │ └── meta/
|
|
71
|
-
│ │ └── main.yml
|
|
72
|
-
│ ├── nginx/
|
|
73
|
-
│ ├── postgresql/
|
|
74
|
-
│ └── application/
|
|
75
|
-
├── playbooks/
|
|
76
|
-
│ ├── site.yml # Master playbook
|
|
77
|
-
│ ├── webservers.yml
|
|
78
|
-
│ ├── databases.yml
|
|
79
|
-
│ └── deploy.yml
|
|
80
|
-
├── group_vars/
|
|
81
|
-
│ └── all.yml
|
|
82
|
-
└── host_vars/
|
|
83
|
-
└── server1.yml
|
|
84
|
-
```
|
|
85
|
-
|
|
86
|
-
### Ansible Configuration
|
|
87
|
-
|
|
88
|
-
```ini
|
|
89
|
-
# ansible.cfg
|
|
90
|
-
[defaults]
|
|
91
|
-
inventory = inventory/production/hosts
|
|
92
|
-
remote_user = ansible
|
|
93
|
-
host_key_checking = False
|
|
94
|
-
retry_files_enabled = False
|
|
95
|
-
gathering = smart
|
|
96
|
-
fact_caching = jsonfile
|
|
97
|
-
fact_caching_connection = /tmp/ansible_facts
|
|
98
|
-
fact_caching_timeout = 86400
|
|
99
|
-
|
|
100
|
-
# Logging
|
|
101
|
-
log_path = /var/log/ansible.log
|
|
102
|
-
|
|
103
|
-
# SSH
|
|
104
|
-
[ssh_connection]
|
|
105
|
-
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
|
|
106
|
-
pipelining = True
|
|
107
|
-
```
|
|
108
|
-
|
|
109
|
-
### Inventory File
|
|
110
|
-
|
|
111
|
-
```ini
|
|
112
|
-
# inventory/production/hosts
|
|
113
|
-
|
|
114
|
-
[webservers]
|
|
115
|
-
web1.example.com ansible_host=192.168.1.101
|
|
116
|
-
web2.example.com ansible_host=192.168.1.102
|
|
117
|
-
web3.example.com ansible_host=192.168.1.103
|
|
118
|
-
|
|
119
|
-
[databases]
|
|
120
|
-
db1.example.com ansible_host=192.168.1.111 postgresql_role=primary
|
|
121
|
-
db2.example.com ansible_host=192.168.1.112 postgresql_role=replica
|
|
122
|
-
|
|
123
|
-
[loadbalancers]
|
|
124
|
-
lb1.example.com ansible_host=192.168.1.201
|
|
125
|
-
|
|
126
|
-
[production:children]
|
|
127
|
-
webservers
|
|
128
|
-
databases
|
|
129
|
-
loadbalancers
|
|
130
|
-
|
|
131
|
-
[production:vars]
|
|
132
|
-
env=production
|
|
133
|
-
```
|
|
134
|
-
|
|
135
|
-
### Role: Common (Base Configuration)
|
|
136
|
-
|
|
137
|
-
```yaml
|
|
138
|
-
# roles/common/tasks/main.yml
|
|
139
|
-
---
|
|
140
|
-
- name: Update apt cache
|
|
141
|
-
apt:
|
|
142
|
-
update_cache: yes
|
|
143
|
-
cache_valid_time: 3600
|
|
144
|
-
when: ansible_os_family == "Debian"
|
|
145
|
-
|
|
146
|
-
- name: Install common packages
|
|
147
|
-
apt:
|
|
148
|
-
name:
|
|
149
|
-
- vim
|
|
150
|
-
- git
|
|
151
|
-
- htop
|
|
152
|
-
- curl
|
|
153
|
-
- wget
|
|
154
|
-
- unzip
|
|
155
|
-
- net-tools
|
|
156
|
-
state: present
|
|
157
|
-
|
|
158
|
-
- name: Configure timezone
|
|
159
|
-
timezone:
|
|
160
|
-
name: "{{ timezone | default('UTC') }}"
|
|
161
|
-
|
|
162
|
-
- name: Set hostname
|
|
163
|
-
hostname:
|
|
164
|
-
name: "{{ inventory_hostname }}"
|
|
165
|
-
|
|
166
|
-
- name: Configure NTP
|
|
167
|
-
include_tasks: ntp.yml
|
|
168
|
-
|
|
169
|
-
- name: Configure firewall
|
|
170
|
-
include_tasks: firewall.yml
|
|
171
|
-
|
|
172
|
-
- name: Create admin users
|
|
173
|
-
user:
|
|
174
|
-
name: "{{ item.username }}"
|
|
175
|
-
groups: "{{ item.groups }}"
|
|
176
|
-
shell: /bin/bash
|
|
177
|
-
create_home: yes
|
|
178
|
-
loop: "{{ admin_users }}"
|
|
179
|
-
|
|
180
|
-
- name: Add SSH keys for admin users
|
|
181
|
-
authorized_key:
|
|
182
|
-
user: "{{ item.username }}"
|
|
183
|
-
key: "{{ item.ssh_key }}"
|
|
184
|
-
state: present
|
|
185
|
-
loop: "{{ admin_users }}"
|
|
186
|
-
|
|
187
|
-
- name: Configure sudoers
|
|
188
|
-
template:
|
|
189
|
-
src: sudoers.j2
|
|
190
|
-
dest: /etc/sudoers.d/admins
|
|
191
|
-
mode: '0440'
|
|
192
|
-
validate: 'visudo -cf %s'
|
|
193
|
-
```
|
|
194
|
-
|
|
195
|
-
### Role: Nginx Web Server
|
|
196
|
-
|
|
197
|
-
```yaml
|
|
198
|
-
# roles/nginx/tasks/main.yml
|
|
199
|
-
---
|
|
200
|
-
- name: Install nginx
|
|
201
|
-
apt:
|
|
202
|
-
name: nginx
|
|
203
|
-
state: present
|
|
204
|
-
|
|
205
|
-
- name: Create nginx directories
|
|
206
|
-
file:
|
|
207
|
-
path: "{{ item }}"
|
|
208
|
-
state: directory
|
|
209
|
-
owner: www-data
|
|
210
|
-
group: www-data
|
|
211
|
-
mode: '0755'
|
|
212
|
-
loop:
|
|
213
|
-
- /var/www/{{ app_name }}
|
|
214
|
-
- /var/log/nginx/{{ app_name }}
|
|
215
|
-
|
|
216
|
-
- name: Configure nginx site
|
|
217
|
-
template:
|
|
218
|
-
src: nginx-site.conf.j2
|
|
219
|
-
dest: /etc/nginx/sites-available/{{ app_name }}
|
|
220
|
-
owner: root
|
|
221
|
-
group: root
|
|
222
|
-
mode: '0644'
|
|
223
|
-
notify: Reload nginx
|
|
224
|
-
|
|
225
|
-
- name: Enable nginx site
|
|
226
|
-
file:
|
|
227
|
-
src: /etc/nginx/sites-available/{{ app_name }}
|
|
228
|
-
dest: /etc/nginx/sites-enabled/{{ app_name }}
|
|
229
|
-
state: link
|
|
230
|
-
notify: Reload nginx
|
|
231
|
-
|
|
232
|
-
- name: Remove default nginx site
|
|
233
|
-
file:
|
|
234
|
-
path: /etc/nginx/sites-enabled/default
|
|
235
|
-
state: absent
|
|
236
|
-
notify: Reload nginx
|
|
237
|
-
|
|
238
|
-
- name: Configure nginx.conf
|
|
239
|
-
template:
|
|
240
|
-
src: nginx.conf.j2
|
|
241
|
-
dest: /etc/nginx/nginx.conf
|
|
242
|
-
owner: root
|
|
243
|
-
group: root
|
|
244
|
-
mode: '0644'
|
|
245
|
-
notify: Reload nginx
|
|
246
|
-
|
|
247
|
-
- name: Ensure nginx is started and enabled
|
|
248
|
-
systemd:
|
|
249
|
-
name: nginx
|
|
250
|
-
state: started
|
|
251
|
-
enabled: yes
|
|
252
|
-
|
|
253
|
-
- name: Configure log rotation
|
|
254
|
-
template:
|
|
255
|
-
src: logrotate.j2
|
|
256
|
-
dest: /etc/logrotate.d/nginx-{{ app_name }}
|
|
257
|
-
owner: root
|
|
258
|
-
group: root
|
|
259
|
-
mode: '0644'
|
|
260
|
-
```
|
|
261
|
-
|
|
262
|
-
```yaml
|
|
263
|
-
# roles/nginx/handlers/main.yml
|
|
264
|
-
---
|
|
265
|
-
- name: Reload nginx
|
|
266
|
-
systemd:
|
|
267
|
-
name: nginx
|
|
268
|
-
state: reloaded
|
|
269
|
-
|
|
270
|
-
- name: Restart nginx
|
|
271
|
-
systemd:
|
|
272
|
-
name: nginx
|
|
273
|
-
state: restarted
|
|
274
|
-
```
|
|
275
|
-
|
|
276
|
-
```jinja2
|
|
277
|
-
# roles/nginx/templates/nginx-site.conf.j2
|
|
278
|
-
upstream {{ app_name }}_backend {
|
|
279
|
-
{% for server in backend_servers %}
|
|
280
|
-
server {{ server.host }}:{{ server.port }} weight={{ server.weight | default(1) }};
|
|
281
|
-
{% endfor %}
|
|
282
|
-
}
|
|
283
|
-
|
|
284
|
-
server {
|
|
285
|
-
listen 80;
|
|
286
|
-
server_name {{ server_name }};
|
|
287
|
-
|
|
288
|
-
{% if ssl_enabled %}
|
|
289
|
-
listen 443 ssl http2;
|
|
290
|
-
ssl_certificate {{ ssl_cert_path }};
|
|
291
|
-
ssl_certificate_key {{ ssl_key_path }};
|
|
292
|
-
ssl_protocols TLSv1.2 TLSv1.3;
|
|
293
|
-
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
294
|
-
{% endif %}
|
|
295
|
-
|
|
296
|
-
access_log /var/log/nginx/{{ app_name }}/access.log;
|
|
297
|
-
error_log /var/log/nginx/{{ app_name }}/error.log;
|
|
298
|
-
|
|
299
|
-
location / {
|
|
300
|
-
proxy_pass http://{{ app_name }}_backend;
|
|
301
|
-
proxy_set_header Host $host;
|
|
302
|
-
proxy_set_header X-Real-IP $remote_addr;
|
|
303
|
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
304
|
-
proxy_set_header X-Forwarded-Proto $scheme;
|
|
305
|
-
|
|
306
|
-
proxy_connect_timeout 60s;
|
|
307
|
-
proxy_send_timeout 60s;
|
|
308
|
-
proxy_read_timeout 60s;
|
|
309
|
-
}
|
|
310
|
-
|
|
311
|
-
location /static {
|
|
312
|
-
alias /var/www/{{ app_name }}/static;
|
|
313
|
-
expires 30d;
|
|
314
|
-
add_header Cache-Control "public, immutable";
|
|
315
|
-
}
|
|
316
|
-
}
|
|
317
|
-
```
|
|
318
|
-
|
|
319
|
-
### Complete Playbook Example
|
|
320
|
-
|
|
321
|
-
```yaml
|
|
322
|
-
# playbooks/site.yml
|
|
323
|
-
---
|
|
324
|
-
- name: Configure all servers
|
|
325
|
-
hosts: all
|
|
326
|
-
become: yes
|
|
327
|
-
roles:
|
|
328
|
-
- common
|
|
329
|
-
|
|
330
|
-
- name: Configure web servers
|
|
331
|
-
hosts: webservers
|
|
332
|
-
become: yes
|
|
333
|
-
vars:
|
|
334
|
-
app_name: myapp
|
|
335
|
-
server_name: example.com
|
|
336
|
-
backend_servers:
|
|
337
|
-
- { host: '127.0.0.1', port: 3000, weight: 1 }
|
|
338
|
-
roles:
|
|
339
|
-
- nginx
|
|
340
|
-
- application
|
|
341
|
-
|
|
342
|
-
- name: Configure databases
|
|
343
|
-
hosts: databases
|
|
344
|
-
become: yes
|
|
345
|
-
roles:
|
|
346
|
-
- postgresql
|
|
347
|
-
|
|
348
|
-
- name: Configure load balancers
|
|
349
|
-
hosts: loadbalancers
|
|
350
|
-
become: yes
|
|
351
|
-
roles:
|
|
352
|
-
- haproxy
|
|
353
|
-
```
|
|
354
|
-
|
|
355
|
-
### Running Playbooks
|
|
356
|
-
|
|
357
|
-
```bash
|
|
358
|
-
# Syntax check
|
|
359
|
-
ansible-playbook playbooks/site.yml --syntax-check
|
|
360
|
-
|
|
361
|
-
# Dry run (check mode)
|
|
362
|
-
ansible-playbook playbooks/site.yml --check
|
|
363
|
-
|
|
364
|
-
# Run with diff output
|
|
365
|
-
ansible-playbook playbooks/site.yml --check --diff
|
|
366
|
-
|
|
367
|
-
# Run playbook
|
|
368
|
-
ansible-playbook playbooks/site.yml
|
|
369
|
-
|
|
370
|
-
# Run specific tags
|
|
371
|
-
ansible-playbook playbooks/site.yml --tags "nginx,application"
|
|
372
|
-
|
|
373
|
-
# Skip tags
|
|
374
|
-
ansible-playbook playbooks/site.yml --skip-tags "database"
|
|
375
|
-
|
|
376
|
-
# Limit to specific hosts
|
|
377
|
-
ansible-playbook playbooks/site.yml --limit webservers
|
|
378
|
-
|
|
379
|
-
# Verbose output
|
|
380
|
-
ansible-playbook playbooks/site.yml -v
|
|
381
|
-
ansible-playbook playbooks/site.yml -vvv # Very verbose
|
|
382
|
-
|
|
383
|
-
# Use different inventory
|
|
384
|
-
ansible-playbook -i inventory/staging/hosts playbooks/site.yml
|
|
385
|
-
```
|
|
386
|
-
|
|
387
|
-
## Chef
|
|
388
|
-
|
|
389
|
-
### Repository Structure
|
|
390
|
-
|
|
391
|
-
```
|
|
392
|
-
chef-repo/
|
|
393
|
-
├── .chef/
|
|
394
|
-
│ ├── config.rb
|
|
395
|
-
│ └── credentials
|
|
396
|
-
├── cookbooks/
|
|
397
|
-
│ ├── myapp/
|
|
398
|
-
│ │ ├── attributes/
|
|
399
|
-
│ │ │ └── default.rb
|
|
400
|
-
│ │ ├── recipes/
|
|
401
|
-
│ │ │ ├── default.rb
|
|
402
|
-
│ │ │ └── nginx.rb
|
|
403
|
-
│ │ ├── templates/
|
|
404
|
-
│ │ │ └── default/
|
|
405
|
-
│ │ │ └── nginx.conf.erb
|
|
406
|
-
│ │ ├── files/
|
|
407
|
-
│ │ │ └── default/
|
|
408
|
-
│ │ ├── spec/
|
|
409
|
-
│ │ │ └── unit/
|
|
410
|
-
│ │ ├── test/
|
|
411
|
-
│ │ │ └── integration/
|
|
412
|
-
│ │ └── metadata.rb
|
|
413
|
-
├── roles/
|
|
414
|
-
│ ├── webserver.rb
|
|
415
|
-
│ └── database.rb
|
|
416
|
-
├── environments/
|
|
417
|
-
│ ├── production.rb
|
|
418
|
-
│ └── staging.rb
|
|
419
|
-
├── data_bags/
|
|
420
|
-
│ ├── users/
|
|
421
|
-
│ └── secrets/
|
|
422
|
-
└── Policyfile.rb
|
|
423
|
-
```
|
|
424
|
-
|
|
425
|
-
### Cookbook: Nginx
|
|
426
|
-
|
|
427
|
-
```ruby
|
|
428
|
-
# cookbooks/myapp/metadata.rb
|
|
429
|
-
name 'myapp'
|
|
430
|
-
maintainer 'Your Team'
|
|
431
|
-
maintainer_email 'team@example.com'
|
|
432
|
-
license 'Apache-2.0'
|
|
433
|
-
description 'Installs and configures myapp'
|
|
434
|
-
version '1.0.0'
|
|
435
|
-
|
|
436
|
-
depends 'nginx', '~> 10.0'
|
|
437
|
-
```
|
|
438
|
-
|
|
439
|
-
```ruby
|
|
440
|
-
# cookbooks/myapp/attributes/default.rb
|
|
441
|
-
default['myapp']['version'] = '1.0.0'
|
|
442
|
-
default['myapp']['port'] = 3000
|
|
443
|
-
default['myapp']['user'] = 'myapp'
|
|
444
|
-
default['myapp']['group'] = 'myapp'
|
|
445
|
-
default['myapp']['install_path'] = '/opt/myapp'
|
|
446
|
-
|
|
447
|
-
# Nginx configuration
|
|
448
|
-
default['myapp']['nginx']['server_name'] = 'example.com'
|
|
449
|
-
default['myapp']['nginx']['listen_port'] = 80
|
|
450
|
-
default['myapp']['nginx']['ssl_enabled'] = false
|
|
451
|
-
```
|
|
452
|
-
|
|
453
|
-
```ruby
|
|
454
|
-
# cookbooks/myapp/recipes/default.rb
|
|
455
|
-
|
|
456
|
-
# Create application user
|
|
457
|
-
user node['myapp']['user'] do
|
|
458
|
-
system true
|
|
459
|
-
shell '/bin/bash'
|
|
460
|
-
home node['myapp']['install_path']
|
|
461
|
-
action :create
|
|
462
|
-
end
|
|
463
|
-
|
|
464
|
-
# Create application directory
|
|
465
|
-
directory node['myapp']['install_path'] do
|
|
466
|
-
owner node['myapp']['user']
|
|
467
|
-
group node['myapp']['group']
|
|
468
|
-
mode '0755'
|
|
469
|
-
recursive true
|
|
470
|
-
action :create
|
|
471
|
-
end
|
|
472
|
-
|
|
473
|
-
# Install application dependencies
|
|
474
|
-
package %w(git curl build-essential) do
|
|
475
|
-
action :install
|
|
476
|
-
end
|
|
477
|
-
|
|
478
|
-
# Deploy application
|
|
479
|
-
git node['myapp']['install_path'] do
|
|
480
|
-
repository node['myapp']['git_repo']
|
|
481
|
-
revision node['myapp']['version']
|
|
482
|
-
user node['myapp']['user']
|
|
483
|
-
group node['myapp']['group']
|
|
484
|
-
action :sync
|
|
485
|
-
notifies :restart, 'systemd_unit[myapp.service]'
|
|
486
|
-
end
|
|
487
|
-
|
|
488
|
-
# Create systemd service
|
|
489
|
-
template '/etc/systemd/system/myapp.service' do
|
|
490
|
-
source 'myapp.service.erb'
|
|
491
|
-
owner 'root'
|
|
492
|
-
group 'root'
|
|
493
|
-
mode '0644'
|
|
494
|
-
notifies :run, 'execute[systemctl-daemon-reload]', :immediately
|
|
495
|
-
end
|
|
496
|
-
|
|
497
|
-
execute 'systemctl-daemon-reload' do
|
|
498
|
-
command 'systemctl daemon-reload'
|
|
499
|
-
action :nothing
|
|
500
|
-
end
|
|
501
|
-
|
|
502
|
-
# Start and enable service
|
|
503
|
-
systemd_unit 'myapp.service' do
|
|
504
|
-
action [:enable, :start]
|
|
505
|
-
end
|
|
506
|
-
|
|
507
|
-
# Include nginx recipe
|
|
508
|
-
include_recipe 'myapp::nginx'
|
|
509
|
-
```
|
|
510
|
-
|
|
511
|
-
```ruby
|
|
512
|
-
# cookbooks/myapp/recipes/nginx.rb
|
|
513
|
-
|
|
514
|
-
include_recipe 'nginx::default'
|
|
515
|
-
|
|
516
|
-
# Configure nginx site
|
|
517
|
-
template '/etc/nginx/sites-available/myapp' do
|
|
518
|
-
source 'nginx.conf.erb'
|
|
519
|
-
owner 'root'
|
|
520
|
-
group 'root'
|
|
521
|
-
mode '0644'
|
|
522
|
-
variables(
|
|
523
|
-
server_name: node['myapp']['nginx']['server_name'],
|
|
524
|
-
port: node['myapp']['port'],
|
|
525
|
-
app_path: node['myapp']['install_path']
|
|
526
|
-
)
|
|
527
|
-
notifies :reload, 'service[nginx]'
|
|
528
|
-
end
|
|
529
|
-
|
|
530
|
-
# Enable site
|
|
531
|
-
link '/etc/nginx/sites-enabled/myapp' do
|
|
532
|
-
to '/etc/nginx/sites-available/myapp'
|
|
533
|
-
notifies :reload, 'service[nginx]'
|
|
534
|
-
end
|
|
535
|
-
|
|
536
|
-
# Disable default site
|
|
537
|
-
file '/etc/nginx/sites-enabled/default' do
|
|
538
|
-
action :delete
|
|
539
|
-
notifies :reload, 'service[nginx]'
|
|
540
|
-
end
|
|
541
|
-
|
|
542
|
-
service 'nginx' do
|
|
543
|
-
action [:enable, :start]
|
|
544
|
-
end
|
|
545
|
-
```
|
|
546
|
-
|
|
547
|
-
### Role Definition
|
|
548
|
-
|
|
549
|
-
```ruby
|
|
550
|
-
# roles/webserver.rb
|
|
551
|
-
name 'webserver'
|
|
552
|
-
description 'Web server role'
|
|
553
|
-
|
|
554
|
-
run_list(
|
|
555
|
-
'recipe[myapp::default]',
|
|
556
|
-
'recipe[myapp::nginx]'
|
|
557
|
-
)
|
|
558
|
-
|
|
559
|
-
default_attributes(
|
|
560
|
-
'myapp' => {
|
|
561
|
-
'version' => '1.0.0',
|
|
562
|
-
'port' => 3000
|
|
563
|
-
}
|
|
564
|
-
)
|
|
565
|
-
|
|
566
|
-
override_attributes(
|
|
567
|
-
'nginx' => {
|
|
568
|
-
'worker_processes' => 4
|
|
569
|
-
}
|
|
570
|
-
)
|
|
571
|
-
```
|
|
572
|
-
|
|
573
|
-
### Bootstrap and Run
|
|
574
|
-
|
|
575
|
-
```bash
|
|
576
|
-
# Bootstrap node
|
|
577
|
-
knife bootstrap 192.168.1.101 \
|
|
578
|
-
--ssh-user ubuntu \
|
|
579
|
-
--sudo \
|
|
580
|
-
--node-name web1 \
|
|
581
|
-
--run-list 'role[webserver]'
|
|
582
|
-
|
|
583
|
-
# Upload cookbook
|
|
584
|
-
knife cookbook upload myapp
|
|
585
|
-
|
|
586
|
-
# Upload role
|
|
587
|
-
knife role from file roles/webserver.rb
|
|
588
|
-
|
|
589
|
-
# Run chef-client on node
|
|
590
|
-
knife ssh 'role:webserver' 'sudo chef-client' -x ubuntu
|
|
591
|
-
```
|
|
592
|
-
|
|
593
|
-
## Puppet
|
|
594
|
-
|
|
595
|
-
### Module Structure
|
|
596
|
-
|
|
597
|
-
```
|
|
598
|
-
modules/
|
|
599
|
-
└── myapp/
|
|
600
|
-
├── manifests/
|
|
601
|
-
│ ├── init.pp
|
|
602
|
-
│ ├── install.pp
|
|
603
|
-
│ ├── config.pp
|
|
604
|
-
│ └── service.pp
|
|
605
|
-
├── templates/
|
|
606
|
-
│ ├── nginx.conf.erb
|
|
607
|
-
│ └── myapp.service.erb
|
|
608
|
-
├── files/
|
|
609
|
-
├── spec/
|
|
610
|
-
│ └── classes/
|
|
611
|
-
│ └── init_spec.rb
|
|
612
|
-
└── metadata.json
|
|
613
|
-
```
|
|
614
|
-
|
|
615
|
-
### Puppet Manifest
|
|
616
|
-
|
|
617
|
-
```puppet
|
|
618
|
-
# modules/myapp/manifests/init.pp
|
|
619
|
-
class myapp (
|
|
620
|
-
String $version = '1.0.0',
|
|
621
|
-
Integer $port = 3000,
|
|
622
|
-
String $user = 'myapp',
|
|
623
|
-
String $group = 'myapp',
|
|
624
|
-
String $install_path = '/opt/myapp',
|
|
625
|
-
String $git_repo = 'https://github.com/example/myapp.git',
|
|
626
|
-
) {
|
|
627
|
-
contain myapp::install
|
|
628
|
-
contain myapp::config
|
|
629
|
-
contain myapp::service
|
|
630
|
-
|
|
631
|
-
Class['myapp::install']
|
|
632
|
-
-> Class['myapp::config']
|
|
633
|
-
~> Class['myapp::service']
|
|
634
|
-
}
|
|
635
|
-
```
|
|
636
|
-
|
|
637
|
-
```puppet
|
|
638
|
-
# modules/myapp/manifests/install.pp
|
|
639
|
-
class myapp::install {
|
|
640
|
-
# Create user
|
|
641
|
-
user { $myapp::user:
|
|
642
|
-
ensure => present,
|
|
643
|
-
system => true,
|
|
644
|
-
shell => '/bin/bash',
|
|
645
|
-
home => $myapp::install_path,
|
|
646
|
-
managehome => true,
|
|
647
|
-
}
|
|
648
|
-
|
|
649
|
-
# Install packages
|
|
650
|
-
package { ['git', 'curl', 'build-essential']:
|
|
651
|
-
ensure => installed,
|
|
652
|
-
}
|
|
653
|
-
|
|
654
|
-
# Clone repository
|
|
655
|
-
vcsrepo { $myapp::install_path:
|
|
656
|
-
ensure => present,
|
|
657
|
-
provider => git,
|
|
658
|
-
source => $myapp::git_repo,
|
|
659
|
-
revision => $myapp::version,
|
|
660
|
-
user => $myapp::user,
|
|
661
|
-
require => User[$myapp::user],
|
|
662
|
-
}
|
|
663
|
-
}
|
|
664
|
-
```
|
|
665
|
-
|
|
666
|
-
```puppet
|
|
667
|
-
# modules/myapp/manifests/config.pp
|
|
668
|
-
class myapp::config {
|
|
669
|
-
# Application configuration
|
|
670
|
-
file { "${myapp::install_path}/config":
|
|
671
|
-
ensure => directory,
|
|
672
|
-
owner => $myapp::user,
|
|
673
|
-
group => $myapp::group,
|
|
674
|
-
mode => '0755',
|
|
675
|
-
}
|
|
676
|
-
|
|
677
|
-
# Systemd service
|
|
678
|
-
file { '/etc/systemd/system/myapp.service':
|
|
679
|
-
ensure => file,
|
|
680
|
-
owner => 'root',
|
|
681
|
-
group => 'root',
|
|
682
|
-
mode => '0644',
|
|
683
|
-
content => template('myapp/myapp.service.erb'),
|
|
684
|
-
notify => Exec['systemctl-daemon-reload'],
|
|
685
|
-
}
|
|
686
|
-
|
|
687
|
-
exec { 'systemctl-daemon-reload':
|
|
688
|
-
command => '/bin/systemctl daemon-reload',
|
|
689
|
-
refreshonly => true,
|
|
690
|
-
}
|
|
691
|
-
}
|
|
692
|
-
```
|
|
693
|
-
|
|
694
|
-
```puppet
|
|
695
|
-
# modules/myapp/manifests/service.pp
|
|
696
|
-
class myapp::service {
|
|
697
|
-
service { 'myapp':
|
|
698
|
-
ensure => running,
|
|
699
|
-
enable => true,
|
|
700
|
-
hasrestart => true,
|
|
701
|
-
hasstatus => true,
|
|
702
|
-
require => File['/etc/systemd/system/myapp.service'],
|
|
703
|
-
}
|
|
704
|
-
}
|
|
705
|
-
```
|
|
706
|
-
|
|
707
|
-
### Site Manifest
|
|
708
|
-
|
|
709
|
-
```puppet
|
|
710
|
-
# manifests/site.pp
|
|
711
|
-
|
|
712
|
-
# Default node configuration
|
|
713
|
-
node default {
|
|
714
|
-
include common
|
|
715
|
-
}
|
|
716
|
-
|
|
717
|
-
# Web servers
|
|
718
|
-
node /^web\d+\.example\.com$/ {
|
|
719
|
-
include common
|
|
720
|
-
include myapp
|
|
721
|
-
include nginx
|
|
722
|
-
}
|
|
723
|
-
|
|
724
|
-
# Database servers
|
|
725
|
-
node /^db\d+\.example\.com$/ {
|
|
726
|
-
include common
|
|
727
|
-
include postgresql
|
|
728
|
-
}
|
|
729
|
-
```
|
|
730
|
-
|
|
731
|
-
### Hiera Configuration
|
|
732
|
-
|
|
733
|
-
```yaml
|
|
734
|
-
# hiera.yaml
|
|
735
|
-
---
|
|
736
|
-
version: 5
|
|
737
|
-
defaults:
|
|
738
|
-
datadir: data
|
|
739
|
-
data_hash: yaml_data
|
|
740
|
-
|
|
741
|
-
hierarchy:
|
|
742
|
-
- name: "Per-node data"
|
|
743
|
-
path: "nodes/%{trusted.certname}.yaml"
|
|
744
|
-
|
|
745
|
-
- name: "Per-environment data"
|
|
746
|
-
path: "environments/%{environment}.yaml"
|
|
747
|
-
|
|
748
|
-
- name: "Common data"
|
|
749
|
-
path: "common.yaml"
|
|
750
|
-
```
|
|
751
|
-
|
|
752
|
-
```yaml
|
|
753
|
-
# data/common.yaml
|
|
754
|
-
---
|
|
755
|
-
myapp::version: '1.0.0'
|
|
756
|
-
myapp::port: 3000
|
|
757
|
-
myapp::git_repo: 'https://github.com/example/myapp.git'
|
|
758
|
-
```
|
|
759
|
-
|
|
760
|
-
## Idempotency Patterns
|
|
761
|
-
|
|
762
|
-
### Ansible Idempotency
|
|
763
|
-
|
|
764
|
-
```yaml
|
|
765
|
-
# BAD - Not idempotent
|
|
766
|
-
- name: Add line to file
|
|
767
|
-
shell: echo "new line" >> /etc/myconfig
|
|
768
|
-
|
|
769
|
-
# GOOD - Idempotent
|
|
770
|
-
- name: Add line to file
|
|
771
|
-
lineinfile:
|
|
772
|
-
path: /etc/myconfig
|
|
773
|
-
line: "new line"
|
|
774
|
-
state: present
|
|
775
|
-
|
|
776
|
-
# BAD - Creates multiple cron entries
|
|
777
|
-
- name: Add cron job
|
|
778
|
-
shell: echo "0 2 * * * /backup.sh" | crontab
|
|
779
|
-
|
|
780
|
-
# GOOD - Idempotent cron
|
|
781
|
-
- name: Add backup cron job
|
|
782
|
-
cron:
|
|
783
|
-
name: "Daily backup"
|
|
784
|
-
hour: "2"
|
|
785
|
-
minute: "0"
|
|
786
|
-
job: "/backup.sh"
|
|
787
|
-
```
|
|
788
|
-
|
|
789
|
-
### Check Before Change Pattern
|
|
790
|
-
|
|
791
|
-
```yaml
|
|
792
|
-
# Ansible
|
|
793
|
-
- name: Check if service exists
|
|
794
|
-
stat:
|
|
795
|
-
path: /etc/systemd/system/myapp.service
|
|
796
|
-
register: service_file
|
|
797
|
-
|
|
798
|
-
- name: Configure service
|
|
799
|
-
template:
|
|
800
|
-
src: myapp.service.j2
|
|
801
|
-
dest: /etc/systemd/system/myapp.service
|
|
802
|
-
when: not service_file.stat.exists or force_update
|
|
803
|
-
```
|
|
804
|
-
|
|
805
|
-
```ruby
|
|
806
|
-
# Chef
|
|
807
|
-
file '/etc/myapp/config.yml' do
|
|
808
|
-
content lazy { generate_config }
|
|
809
|
-
action :create
|
|
810
|
-
not_if { ::File.exist?('/etc/myapp/config.yml') && !node['myapp']['force_update'] }
|
|
811
|
-
end
|
|
812
|
-
```
|
|
813
|
-
|
|
814
|
-
## Testing Infrastructure Code
|
|
815
|
-
|
|
816
|
-
### Ansible Testing
|
|
817
|
-
|
|
818
|
-
```bash
|
|
819
|
-
# Install testing tools
|
|
820
|
-
pip install ansible-lint molecule molecule-docker
|
|
821
|
-
|
|
822
|
-
# Lint playbook
|
|
823
|
-
ansible-lint playbooks/site.yml
|
|
824
|
-
|
|
825
|
-
# Syntax check
|
|
826
|
-
ansible-playbook playbooks/site.yml --syntax-check
|
|
827
|
-
|
|
828
|
-
# Molecule testing
|
|
829
|
-
cd roles/myapp
|
|
830
|
-
molecule init scenario
|
|
831
|
-
molecule test
|
|
832
|
-
```
|
|
833
|
-
|
|
834
|
-
```yaml
|
|
835
|
-
# molecule/default/molecule.yml
|
|
836
|
-
---
|
|
837
|
-
dependency:
|
|
838
|
-
name: galaxy
|
|
839
|
-
driver:
|
|
840
|
-
name: docker
|
|
841
|
-
platforms:
|
|
842
|
-
- name: instance
|
|
843
|
-
image: ubuntu:22.04
|
|
844
|
-
pre_build_image: true
|
|
845
|
-
provisioner:
|
|
846
|
-
name: ansible
|
|
847
|
-
verifier:
|
|
848
|
-
name: ansible
|
|
849
|
-
```
|
|
850
|
-
|
|
851
|
-
### Chef Testing (Test Kitchen)
|
|
852
|
-
|
|
853
|
-
```yaml
|
|
854
|
-
# .kitchen.yml
|
|
855
|
-
---
|
|
856
|
-
driver:
|
|
857
|
-
name: docker
|
|
858
|
-
|
|
859
|
-
provisioner:
|
|
860
|
-
name: chef_zero
|
|
861
|
-
|
|
862
|
-
platforms:
|
|
863
|
-
- name: ubuntu-22.04
|
|
864
|
-
|
|
865
|
-
suites:
|
|
866
|
-
- name: default
|
|
867
|
-
run_list:
|
|
868
|
-
- recipe[myapp::default]
|
|
869
|
-
attributes:
|
|
870
|
-
```
|
|
871
|
-
|
|
872
|
-
```bash
|
|
873
|
-
# Run tests
|
|
874
|
-
kitchen test
|
|
875
|
-
|
|
876
|
-
# Create instance
|
|
877
|
-
kitchen create
|
|
878
|
-
|
|
879
|
-
# Converge (apply cookbook)
|
|
880
|
-
kitchen converge
|
|
881
|
-
|
|
882
|
-
# Verify
|
|
883
|
-
kitchen verify
|
|
884
|
-
|
|
885
|
-
# Destroy
|
|
886
|
-
kitchen destroy
|
|
887
|
-
```
|
|
888
|
-
|
|
889
|
-
### Puppet Testing (rspec-puppet)
|
|
890
|
-
|
|
891
|
-
```ruby
|
|
892
|
-
# spec/classes/init_spec.rb
|
|
893
|
-
require 'spec_helper'
|
|
894
|
-
|
|
895
|
-
describe 'myapp' do
|
|
896
|
-
on_supported_os.each do |os, facts|
|
|
897
|
-
context "on #{os}" do
|
|
898
|
-
let(:facts) { facts }
|
|
899
|
-
|
|
900
|
-
it { is_expected.to compile.with_all_deps }
|
|
901
|
-
it { is_expected.to contain_class('myapp::install') }
|
|
902
|
-
it { is_expected.to contain_class('myapp::config') }
|
|
903
|
-
it { is_expected.to contain_class('myapp::service') }
|
|
904
|
-
|
|
905
|
-
it do
|
|
906
|
-
is_expected.to contain_service('myapp')
|
|
907
|
-
.with_ensure('running')
|
|
908
|
-
.with_enable(true)
|
|
909
|
-
end
|
|
910
|
-
end
|
|
911
|
-
end
|
|
912
|
-
end
|
|
913
|
-
```
|
|
914
|
-
|
|
915
|
-
```bash
|
|
916
|
-
# Run tests
|
|
917
|
-
bundle exec rake spec
|
|
918
|
-
```
|
|
919
|
-
|
|
920
|
-
## Version Control Strategies
|
|
921
|
-
|
|
922
|
-
### Git Workflow
|
|
923
|
-
|
|
924
|
-
```bash
|
|
925
|
-
# Repository structure
|
|
926
|
-
git-repo/
|
|
927
|
-
├── main (production)
|
|
928
|
-
├── staging
|
|
929
|
-
└── development
|
|
930
|
-
|
|
931
|
-
# Feature workflow
|
|
932
|
-
git checkout -b feature/new-role development
|
|
933
|
-
# Make changes
|
|
934
|
-
git add .
|
|
935
|
-
git commit -m "Add new role for application deployment"
|
|
936
|
-
git push origin feature/new-role
|
|
937
|
-
# Create pull request
|
|
938
|
-
# After review, merge to development
|
|
939
|
-
# Test in dev environment
|
|
940
|
-
# Merge to staging for QA
|
|
941
|
-
# Finally merge to main for production
|
|
942
|
-
```
|
|
943
|
-
|
|
944
|
-
### Environment Branches
|
|
945
|
-
|
|
946
|
-
```bash
|
|
947
|
-
# Ansible
|
|
948
|
-
ansible-playbook -i inventory/dev playbooks/site.yml
|
|
949
|
-
ansible-playbook -i inventory/staging playbooks/site.yml
|
|
950
|
-
ansible-playbook -i inventory/prod playbooks/site.yml
|
|
951
|
-
|
|
952
|
-
# Use environment-specific variables
|
|
953
|
-
group_vars/
|
|
954
|
-
├── dev/
|
|
955
|
-
│ └── all.yml
|
|
956
|
-
├── staging/
|
|
957
|
-
│ └── all.yml
|
|
958
|
-
└── prod/
|
|
959
|
-
└── all.yml
|
|
960
|
-
```
|
|
961
|
-
|
|
962
|
-
## Best Practices
|
|
963
|
-
|
|
964
|
-
1. **Use Version Control:**
|
|
965
|
-
- All configuration in Git
|
|
966
|
-
- Tag releases
|
|
967
|
-
- Document changes in commits
|
|
968
|
-
- Use pull requests for review
|
|
969
|
-
|
|
970
|
-
2. **Test Before Production:**
|
|
971
|
-
- Use linters (ansible-lint, foodcritic, puppet-lint)
|
|
972
|
-
- Run in staging first
|
|
973
|
-
- Automated testing (Molecule, Test Kitchen, rspec-puppet)
|
|
974
|
-
- Dry run before applying
|
|
975
|
-
|
|
976
|
-
3. **Make Idempotent:**
|
|
977
|
-
- Code should be safe to run multiple times
|
|
978
|
-
- Check state before making changes
|
|
979
|
-
- Use proper modules (not shell/exec)
|
|
980
|
-
|
|
981
|
-
4. **Security:**
|
|
982
|
-
- Encrypt secrets (Ansible Vault, Chef encrypted data bags)
|
|
983
|
-
- Don't commit credentials
|
|
984
|
-
- Use SSH keys, not passwords
|
|
985
|
-
- Audit changes
|
|
986
|
-
|
|
987
|
-
5. **Documentation:**
|
|
988
|
-
- README for each role/cookbook
|
|
989
|
-
- Variable documentation
|
|
990
|
-
- Usage examples
|
|
991
|
-
- Runbooks for operations
|
|
992
|
-
|
|
993
|
-
---
|
|
994
|
-
|
|
995
|
-
**Related Topics:**
|
|
996
|
-
- See [automation-patterns.md](automation-patterns.md) for automation best practices
|
|
997
|
-
- See [shell-scripting.md](shell-scripting.md) for scripting patterns
|
|
998
|
-
- See [linux-administration.md](linux-administration.md) for system management
|