{"id":34912,"date":"2024-08-23T10:09:02","date_gmt":"2024-08-23T03:09:02","guid":{"rendered":"http:\/\/jupitek.maudemo.vip\/index.php\/2024\/08\/23\/best-practices-for-ansible\/"},"modified":"2024-08-23T10:09:02","modified_gmt":"2024-08-23T03:09:02","slug":"best-practices-for-ansible","status":"publish","type":"post","link":"https:\/\/jupitek.maudemo.vip\/index.php\/2024\/08\/23\/best-practices-for-ansible\/","title":{"rendered":"C\u00e1c Best Practices trong Ansible"},"content":{"rendered":"<p><a href=\"https:\/\/www.linode.com\/docs\/guides\/applications\/configuration-management\/ansible\/\">Ansible<\/a>&nbsp;l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 v\u00e0 n\u1ec1n t\u1ea3ng t\u1ef1 \u0111\u1ed9ng h\u00f3a ngu\u1ed3n m\u1edf quan tr\u1ecdng. N\u00f3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 qu\u1ea3n l\u00fd c\u1ea5u h\u00ecnh, tri\u1ec3n khai \u1ee9ng d\u1ee5ng, t\u1ef1 \u0111\u1ed9ng h\u00f3a t\u00e1c v\u1ee5 v\u00e0&nbsp;<a href=\"https:\/\/www.databricks.com\/glossary\/orchestration\" target=\"_blank\" rel=\"noreferrer noopener\">\u0111i\u1ec1u ph\u1ed1i<\/a>&nbsp;c\u00e1c quy tr\u00ecnh l\u00e0m vi\u1ec7c ph\u1ee9c t\u1ea1p.<\/p>\n<p>Ansible \u0111\u00f3ng vai tr\u00f2 n\u1ed5i b\u1eadt trong DevOps. N\u00f3 cho ph\u00e9p c\u00e1c nh\u00e0 qu\u1ea3n tr\u1ecb v\u00e0 nh\u00e0 ph\u00e1t tri\u1ec3n C\u00f4ng ngh\u1ec7 th\u00f4ng tin (IT) t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1c t\u00e1c v\u1ee5 l\u1eb7p \u0111i l\u1eb7p l\u1ea1i v\u00e0 h\u1ee3p l\u00fd h\u00f3a vi\u1ec7c qu\u1ea3n l\u00fd v\u00e0 tri\u1ec3n khai c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng, \u1ee9ng d\u1ee5ng v\u00e0 d\u1ecbch v\u1ee5. C\u00e1c t\u00ednh n\u0103ng kinh doanh v\u00e0 chi\u1ebfn l\u01b0\u1ee3c c\u1ee7a Ansible bao g\u1ed3m:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.ansible.com\/hubfs\/pdfs\/Benefits-of-Agentless-WhitePaper.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Ki\u1ebfn tr\u00fac kh\u00f4ng c\u1ea7n t\u00e1c nh\u00e2n<\/strong><\/a>&nbsp;: Kh\u00f4ng y\u00eau c\u1ea7u c\u00e0i \u0111\u1eb7t t\u00e1c nh\u00e2n.<\/li>\n<li><a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/reference_appendices\/glossary.html#term-Idempotency\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>T\u00ednh b\u1ea5t bi\u1ebfn<\/strong><\/a>&nbsp;: Mang l\u1ea1i k\u1ebft qu\u1ea3 an to\u00e0n v\u00e0 \u0111\u00e1ng tin c\u1eady t\u1eeb c\u00e1c th\u00e0nh ph\u1ea7n kh\u00f4ng \u0111\u00e1ng tin c\u1eady.<\/li>\n<li><a href=\"https:\/\/www.ansible.com\/blog\/ansible-and-containers-why-and-how#:~:text=*%20Ansible%20playbooks%20are%20portable.&amp;text=If%20you%20build%20a%20container%20with%20an%20Ansible%20playbook%2C%20you,choice%2C%20or%20on%20bare%20metal.\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>T\u00ednh di \u0111\u1ed9ng<\/strong><\/a>&nbsp;: Ho\u1ea1t \u0111\u1ed9ng nh\u1ea5t qu\u00e1n tr\u00ean nhi\u1ec1u h\u1ec7 \u0111i\u1ec1u h\u00e0nh kh\u00e1c nhau v\u00e0 trong nhi\u1ec1u m\u00f4i tr\u01b0\u1eddng \u0111\u00e1m m\u00e2y kh\u00e1c nhau.<\/li>\n<\/ul>\n<p>C\u00e1c trung t\u00e2m d\u1eef li\u1ec7u th\u1ef1c s\u1ef1 c\u1ea7n Ansible ho\u1eb7c m\u1ed9t trong nh\u1eefng \u0111\u1ed1i th\u1ee7 c\u1ea1nh tranh c\u1ee7a n\u00f3. C\u00e1c doanh nghi\u1ec7p ho\u1ea1t \u0111\u1ed9ng \u1edf quy m\u00f4 trung t\u00e2m d\u1eef li\u1ec7u c\u00f3 c\u00e1c y\u00eau c\u1ea7u v\u1ec1 \u0111\u1ed9 tin c\u1eady, t\u00ednh kinh t\u1ebf, kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng v\u00e0 t\u00ednh linh ho\u1ea1t. \u0110\u00e2y ch\u00ednh x\u00e1c l\u00e0 nh\u1eefng l\u1ee3i th\u1ebf c\u1ee7a Ansible. N\u00f3 gi\u00fap c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a trung t\u00e2m d\u1eef li\u1ec7u ti\u1ebft ki\u1ec7m chi ph\u00ed h\u01a1n, c\u00f3 th\u1ec3 d\u1ef1 \u0111o\u00e1n, ph\u1ee5c h\u1ed3i v\u00e0 ph\u1ea3n h\u1ed3i nhanh h\u01a1n.<\/p>\n<h2 id=\"ansible-fundamentals\">C\u01a1 b\u1ea3n v\u1ec1 Ansible<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#ansible-fundamentals\"><\/a><\/h2>\n<p>Sau \u0111\u00e2y l\u00e0 danh s\u00e1ch c\u00e1c thu\u1eadt ng\u1eef ch\u00ednh bao g\u1ed3m&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/getting_started\/basic_concepts.html\" target=\"_blank\" rel=\"noreferrer noopener\">c\u00e1c th\u00e0nh ph\u1ea7n v\u00e0 kh\u00e1i ni\u1ec7m c\u01a1 b\u1ea3n li\u00ean quan \u0111\u1ebfn Ansible<\/a>&nbsp;:<\/p>\n<ul>\n<li><strong>Target State<\/strong>&nbsp;: Ansible l\u00e0 m\u1ed9t ng\u00f4n ng\u1eef&nbsp;<a href=\"http:\/\/www.it-automation.com\/2021\/06\/05\/is-ansible-declarative-or-imperative.html\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>khai b\u00e1o<\/strong><\/a>&nbsp;. N\u00f3 n\u00eau chi ti\u1ebft c\u00e1c tr\u1ea1ng th\u00e1i m\u1ee5c ti\u00eau cho c\u00e1c h\u1ec7 th\u1ed1ng m\u00e1y t\u00ednh v\u00e0 c\u00e1ch \u0111\u1ea1t \u0111\u01b0\u1ee3c c\u00e1c tr\u1ea1ng th\u00e1i \u0111\u00f3. Sau \u0111\u00f3, n\u00f3 ch\u1ecbu tr\u00e1ch nhi\u1ec7m \u0111\u1ea1t \u0111\u01b0\u1ee3c c\u00e1c tr\u1ea1ng th\u00e1i m\u1ee5c ti\u00eau. \u0110i\u1ec1u n\u00e0y t\u1ea1o ra m\u1ed9t lo\u1ea1i&nbsp;<a href=\"https:\/\/www.linkedin.com\/pulse\/delegating-goals-versus-tasks-karl-maier\" target=\"_blank\" rel=\"noreferrer noopener\">l\u00e0m vi\u1ec7c nh\u00f3m<\/a>&nbsp;gi\u1eefa ng\u01b0\u1eddi d\u00f9ng v\u00e0 Ansible, trong \u0111\u00f3 ng\u01b0\u1eddi d\u00f9ng d\u1eabn \u0111\u1ea7u trong vi\u1ec7c n\u00f3i nh\u1eefng g\u00ec h\u1ecd mu\u1ed1n v\u00e0 Ansible s\u1ebd \u0111\u01b0a ra chi ti\u1ebft v\u1ec1 c\u00e1ch th\u1ef1c hi\u1ec7n. \u0110i\u1ec1u n\u00e0y kh\u00e1c v\u1edbi c\u00e1c ki\u1ec3u&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/linux-system-administration-basics\/\">qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng<\/a>&nbsp;v\u00e0 c\u00f4ng c\u1ee5 qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng c\u0169.M\u1ed9t kh\u00eda c\u1ea1nh quan tr\u1ecdng c\u1ee7a tr\u1ea1ng th\u00e1i m\u1ee5c ti\u00eau l\u00e0 c\u00e1ch \u00e1p d\u1ee5ng. Nhi\u1ec1u h\u1ecdc vi\u00ean c\u00f3 kinh nghi\u1ec7m d\u00e0y d\u1eb7n v\u1ec1 vi\u1ec7c s\u1eed d\u1ee5ng Ansible trong vi\u1ec7c cung c\u1ea5p v\u00e0 tri\u1ec3n khai, nh\u01b0ng kh\u00f4ng nh\u1eadn ra r\u1eb1ng n\u00f3 c\u0169ng \u00e1p d\u1ee5ng trong c\u00e1c ho\u1ea1t \u0111\u1ed9ng t\u1ef1 \u0111\u1ed9ng h\u00f3a kh\u00e1c. M\u1eb7c d\u00f9 n\u00f3 t\u1ed1t trong vi\u1ec7c &#8220;kh\u1edfi ch\u1ea1y&#8221; m\u1ed9t m\u00e1y ch\u1ee7 m\u1edbi ho\u1eb7c c\u1eadp nh\u1eadt m\u00e1y ch\u1ee7 hi\u1ec7n c\u00f3, nh\u01b0ng n\u00f3 c\u0169ng ti\u1ec7n d\u1ee5ng cho nhi\u1ec1u m\u1ee5c \u0111\u00edch s\u1eed d\u1ee5ng kh\u00e1c gi\u00fap c\u1ea3i thi\u1ec7n t\u00ecnh tr\u1ea1ng chung c\u1ee7a h\u1ec7 th\u1ed1ng. V\u00ed d\u1ee5, ki\u1ec3m tra h\u00e0ng ng\u00e0y v\u1ec1 ng\u00e0y h\u1ebft h\u1ea1n ch\u1ee9ng ch\u1ec9 ho\u1eb7c x\u00e1c nh\u1eadn h\u00e0ng gi\u1edd r\u1eb1ng h\u1ec7 th\u1ed1ng t\u1ec7p c\u00f3 \u00edt nh\u1ea5t 10% dung l\u01b0\u1ee3ng l\u01b0u tr\u1eef mi\u1ec5n ph\u00ed. Ch\u1ec9 c\u1ea7n m\u1ed9t v\u00e0i d\u00f2ng Ansible \u0111\u1ec3 tri\u1ec3n khai nh\u1eefng m\u1ee5c ti\u00eau n\u00e0y v\u00e0 nhi\u1ec1u m\u1ee5c ti\u00eau kh\u00e1c c\u0169ng nh\u01b0 x\u00e1c minh.<\/li>\n<li><strong>Playbooks<\/strong>&nbsp;: Ansible&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/playbook_guide\/playbooks_intro.html\" target=\"_blank\" rel=\"noreferrer noopener\">playbooks<\/a>&nbsp;\u0111\u01b0\u1ee3c vi\u1ebft b\u1eb1ng&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/yaml-reference\/\">YAML<\/a>&nbsp;v\u00e0 \u0111\u1ecbnh ngh\u0129a m\u1ed9t chu\u1ed7i c\u00e1c b\u01b0\u1edbc ho\u1eb7c &#8220;plays&#8221; \u0111\u1ec3 th\u1ef1c hi\u1ec7n tr\u00ean m\u1ed9t h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau ho\u1eb7c m\u1ed9t nh\u00f3m h\u1ec7 th\u1ed1ng. Playbooks th\u1ec3 hi\u1ec7n c\u00e1c tr\u1ea1ng th\u00e1i mong mu\u1ed1n cho c\u00e1c h\u1ec7 th\u1ed1ng v\u00e0 c\u00e1ch \u0111\u1ea1t \u0111\u01b0\u1ee3c c\u00e1c tr\u1ea1ng th\u00e1i \u0111\u00f3. Sau \u0111\u00f3, Ansible ch\u1ecbu tr\u00e1ch nhi\u1ec7m \u0111\u1ea1t \u0111\u01b0\u1ee3c c\u00e1c tr\u1ea1ng th\u00e1i \u0111\u00f3. \u0110\u1ed9ng l\u1ef1c \u0111\u00f3 l\u00e0 th\u00e0nh t\u1ef1u c\u01a1 b\u1ea3n c\u1ee7a Ansible.<\/li>\n<li><strong>Module<\/strong>&nbsp;:&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/dev_guide\/developing_modules_general.html\" target=\"_blank\" rel=\"noreferrer noopener\">Module<\/a>&nbsp;Ansible l\u00e0 c\u00e1c kh\u1ed1i x\u00e2y d\u1ef1ng c\u1ee7a playbook. Module l\u00e0 c\u00e1c \u0111\u01a1n v\u1ecb m\u00e3 ri\u00eang bi\u1ec7t th\u1ef1c hi\u1ec7n c\u00e1c t\u00e1c v\u1ee5 c\u1ee5 th\u1ec3 nh\u01b0 qu\u1ea3n l\u00fd g\u00f3i, c\u1ea5u h\u00ecnh t\u1ec7p ho\u1eb7c kh\u1edfi ch\u1ea1y d\u1ecbch v\u1ee5. M\u1ed9t trong nh\u1eefng t\u00e0i s\u1ea3n tuy\u1ec7t v\u1eddi c\u1ee7a Ansible l\u00e0 b\u1ed9 s\u01b0u t\u1eadp kh\u1ed5ng l\u1ed3 c\u00e1c module t\u00edch h\u1ee3p v\u00e0 kh\u1ea3 n\u0103ng cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng t\u1ea1o ra c\u00e1c module t\u00f9y ch\u1ec9nh.<\/li>\n<li><strong>Nhi\u1ec7m v\u1ee5 :&nbsp;<\/strong><a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/getting_started\/basic_concepts.html#tasks\" target=\"_blank\" rel=\"noreferrer noopener\">Nhi\u1ec7m v\u1ee5<\/a>&nbsp;Ansible&nbsp;l\u00e0 c\u00e1c \u0111\u01a1n v\u1ecb ri\u00eang l\u1ebb trong m\u1ed9t playbook g\u1ecdi c\u00e1c m\u00f4-\u0111un \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng c\u1ee5 th\u1ec3. Nhi\u1ec7m v\u1ee5 th\u1ef1c hi\u1ec7n tu\u1ea7n t\u1ef1 tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau \u0111\u1ec3 \u0111\u1ea1t \u0111\u01b0\u1ee3c tr\u1ea1ng th\u00e1i mong mu\u1ed1n.<\/li>\n<li><strong>Vai tr\u00f2 :&nbsp;<\/strong><a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/playbook_guide\/playbooks_reuse_roles.html\" target=\"_blank\" rel=\"noreferrer noopener\">Vai tr\u00f2<\/a>&nbsp;Ansible&nbsp;s\u1eafp x\u1ebfp v\u00e0 \u0111\u00f3ng g\u00f3i c\u00e1c playbook, bi\u1ebfn, t\u00e1c v\u1ee5 v\u00e0 c\u00e1c th\u00e0nh ph\u1ea7n kh\u00e1c li\u00ean quan th\u00e0nh c\u00e1c \u0111\u01a1n v\u1ecb c\u00f3 th\u1ec3 t\u00e1i s\u1eed d\u1ee5ng v\u00e0 chia s\u1ebb. Vi\u1ec7c m\u00f4-\u0111un h\u00f3a c\u1ea5u h\u00ecnh c\u1ee7a vai tr\u00f2 th\u00fac \u0111\u1ea9y kh\u1ea3 n\u0103ng t\u00e1i s\u1eed d\u1ee5ng tr\u00ean c\u00e1c playbook v\u00e0 d\u1ef1 \u00e1n.<\/li>\n<li><strong>Inventory<\/strong>&nbsp;: T\u1ec7p&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/getting_started\/basic_concepts.html#inventory\" target=\"_blank\" rel=\"noreferrer noopener\">inventory<\/a>&nbsp;x\u00e1c \u0111\u1ecbnh c\u00e1c m\u00e1y ch\u1ee7 v\u00e0 h\u1ec7 th\u1ed1ng \u0111ang \u0111\u01b0\u1ee3c xem x\u00e9t. Inventory c\u00f3 th\u1ec3 l\u00e0 t\u0129nh ho\u1eb7c \u0111\u1ed9ng. N\u00f3 th\u01b0\u1eddng bao g\u1ed3m c\u00e1c th\u00f4ng tin nh\u01b0 t\u00ean m\u00e1y ch\u1ee7, \u0111\u1ecba ch\u1ec9 IP, nh\u00f3m v\u00e0 bi\u1ebfn.<\/li>\n<li><strong>Bi\u1ebfn<\/strong>&nbsp;: Ansible cho ph\u00e9p s\u1eed d\u1ee5ng&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/playbook_guide\/playbooks_variables.html\" target=\"_blank\" rel=\"noreferrer noopener\">c\u00e1c bi\u1ebfn<\/a>&nbsp;gi\u00fap playbook n\u0103ng \u0111\u1ed9ng v\u00e0 linh ho\u1ea1t h\u01a1n. Ch\u00fang c\u0169ng c\u00f3 c\u00e1c ph\u1ea1m vi kh\u00e1c nhau, bao g\u1ed3m global, playbook, role v\u00e0 task.<\/li>\n<li><strong>Facts<\/strong>&nbsp;: Ansible thu th\u1eadp th\u00f4ng tin v\u1ec1 c\u00e1c h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau b\u1eb1ng c\u00e1c m\u00f4-\u0111un \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/playbook_guide\/playbooks_vars_facts.html\" target=\"_blank\" rel=\"noreferrer noopener\">facts<\/a>&nbsp;. V\u00ed d\u1ee5 v\u1ec1 th\u00f4ng tin \u0111\u01b0\u1ee3c thu th\u1eadp bao g\u1ed3m ph\u1ea7n c\u1ee9ng, h\u1ec7 \u0111i\u1ec1u h\u00e0nh v\u00e0 \u0111\u1ecba ch\u1ec9 internet. Playbook th\u00f4ng b\u00e1o c\u00e1c quy\u1ebft \u0111\u1ecbnh m\u00e0 h\u1ecd \u0111\u01b0a ra v\u1edbi c\u00e1c facts \u0111\u00f3.<\/li>\n<li><strong>Templates<\/strong>&nbsp;: Ansible&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/collections\/ansible\/builtin\/template_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">templates<\/a>&nbsp;l\u00e0 c\u00e1c file \u0111\u01b0\u1ee3c c\u1ea5u tr\u00fac theo&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/introduction-to-jinja-templates-for-salt\/\">c\u00fa ph\u00e1p Jinja2<\/a>&nbsp;v\u1edbi c\u00e1c placeholders. Playbook th\u1ef1c thi s\u1ebd t\u1ef1 \u0111\u1ed9ng \u0111i\u1ec1n c\u00e1c placeholders v\u1edbi c\u00e1c bi\u1ebfn. Templates c\u00f3 th\u1ec3 t\u1ea1o ra c\u00e1c file c\u1ea5u h\u00ecnh, t\u1eadp l\u1ec7nh v\u00e0 c\u00e1c hi\u1ec7n v\u1eadt Ansible kh\u00e1c.<\/li>\n<li><strong>Tr\u00ecnh x\u1eed l\u00fd<\/strong>&nbsp;: Nhi\u1ec1u s\u1ef1 ki\u1ec7n Ansible c\u1ee5 th\u1ec3 k\u00edch ho\u1ea1t&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/getting_started\/basic_concepts.html#handlers\" target=\"_blank\" rel=\"noreferrer noopener\">tr\u00ecnh x\u1eed l\u00fd<\/a>&nbsp;, th\u01b0\u1eddng l\u00e0 khi k\u1ebft th\u00fac qu\u00e1 tr\u00ecnh ch\u1ea1y playbook. Tr\u00e1ch nhi\u1ec7m chung c\u1ee7a tr\u00ecnh x\u1eed l\u00fd l\u00e0 kh\u1edfi \u0111\u1ed9ng l\u1ea1i d\u1ecbch v\u1ee5 sau khi thay \u0111\u1ed5i c\u1ea5u h\u00ecnh.<\/li>\n<li><strong>L\u1ec7nh Ad-hoc<\/strong>&nbsp;: L\u00e0 l\u1ec7nh khai b\u00e1o, Ansible \u0111\u1ee7 linh ho\u1ea1t \u0111\u1ec3 nh\u00fang m\u1ed9t s\u1ed1 c\u01a1 ch\u1ebf b\u1eaft bu\u1ed9c gi\u00fap h\u1ee3p l\u00fd h\u00f3a v\u00e0 \u0111\u01a1n gi\u1ea3n h\u00f3a c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u1ee5 th\u1ec3.&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/command_guide\/intro_adhoc.html\" target=\"_blank\" rel=\"noreferrer noopener\">C\u00e1c l\u1ec7nh ad-hoc<\/a>&nbsp;c\u1ee7a n\u00f3 l\u00e0 kh\u00f4ng th\u1ec3 thi\u1ebfu \u0111\u1ec3 ki\u1ec3m tra t\u00ecnh tr\u1ea1ng h\u1ec7 th\u1ed1ng nhanh ch\u00f3ng, kh\u1eafc ph\u1ee5c s\u1ef1 c\u1ed1 v\u00e0 c\u00e1c bi\u1ec7n ph\u00e1p kh\u1eafc ph\u1ee5c ri\u00eang bi\u1ec7t kh\u00e1c.<\/li>\n<\/ul>\n<h2 id=\"ansible-best-practices\">Th\u1ef1c h\u00e0nh t\u1ed1t nh\u1ea5t c\u1ee7a Ansible<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#ansible-best-practices\"><\/a><\/h2>\n<p>Trong khi c\u00e1c bi\u1ec7n ph\u00e1p th\u1ef1c h\u00e0nh t\u1ed1t nh\u1ea5t ch\u1eafc ch\u1eafn c\u1ea3i thi\u1ec7n hi\u1ec7u qu\u1ea3 th\u1eddi gian ch\u1ea1y, ch\u00fang c\u0169ng c\u1ea3i thi\u1ec7n hi\u1ec7u qu\u1ea3 t\u1ed5 ch\u1ee9c. Ch\u00fang c\u00f3 th\u1ec3 th\u00fac \u0111\u1ea9y l\u00e0m vi\u1ec7c nh\u00f3m, \u0111\u01b0a ra k\u1ebft qu\u1ea3 \u0111\u00e1ng tin c\u1eady v\u1edbi n\u1ed7 l\u1ef1c t\u1ed1i thi\u1ec3u, h\u1ed7 tr\u1ee3 t\u00edch h\u1ee3p, gi\u1ea3m g\u00e1nh n\u1eb7ng b\u1ea3o tr\u00ec v\u00e0 th\u1eadm ch\u00ed b\u1ea3o v\u1ec7 kh\u1ecfi tr\u00e1ch nhi\u1ec7m ph\u00e1p l\u00fd.<\/p>\n<p>Nh\u01b0 Abelson v\u00e0 Sussman \u0111\u00e3 vi\u1ebft: \u201c&nbsp;<a href=\"https:\/\/medium.com\/javarevisited\/epic-programmers-quotes-explained-aed933257b93#:~:text=The%20quote%20implies%20that%20writing,involves%20continuous%20updates%20and%20maintenance.\" target=\"_blank\" rel=\"noreferrer noopener\">C\u00e1c ch\u01b0\u01a1ng tr\u00ecnh ph\u1ea3i \u0111\u01b0\u1ee3c vi\u1ebft \u0111\u1ec3 m\u1ecdi ng\u01b0\u1eddi \u0111\u1ecdc v\u00e0 ch\u1ec9 t\u00ecnh c\u1edd \u0111\u1ec3 m\u00e1y m\u00f3c th\u1ef1c thi<\/a>&nbsp;\u201d. T\u01b0\u01a1ng t\u1ef1 nh\u01b0 v\u1eady, c\u00e1c s\u1ed5 tay h\u01b0\u1edbng d\u1eabn Ansible t\u1ed1t nh\u1ea5t l\u00e0 t\u00e0i s\u1ea3n li\u00ean t\u1ee5c cho&nbsp;<em>ng\u01b0\u1eddi<\/em>&nbsp;\u0111\u1ecdc.<\/p>\n<p>Nh\u1eadn ra r\u1eb1ng c\u00e1c playbook Ansible v\u00e0 c\u00e1c th\u00f4ng s\u1ed1 k\u1ef9 thu\u1eadt li\u00ean quan l\u00e0 ngu\u1ed3n ho\u1eb7c \u201c&nbsp;<a href=\"https:\/\/www.cloudbees.com\/blog\/configuration-as-code-everything-need-know#\" target=\"_blank\" rel=\"noreferrer noopener\">m\u00e3<\/a>&nbsp;\u201d. Gi\u1ed1ng nh\u01b0 t\u1ea5t c\u1ea3 c\u00e1c ngu\u1ed3n kh\u00e1c, ch\u00fang x\u1ee9ng \u0111\u00e1ng c\u00f3 m\u1ed9t&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/introduction-to-version-control\/\">h\u1ec7 th\u1ed1ng ki\u1ec3m so\u00e1t m\u00e3 ngu\u1ed3n \u0111\u01b0\u1ee3c ki\u1ec3m so\u00e1t theo phi\u00ean b\u1ea3n<\/a>&nbsp;\u0111\u1ec3 g\u1ecdi v\u1ec1 nh\u00e0. H\u00e3y coi \u0111\u00e2y l\u00e0 \u201cth\u1ef1c h\u00e0nh t\u1ed1t nh\u1ea5t s\u1ed1 kh\u00f4ng\u201d, tr\u01b0\u1edbc 12 th\u1ef1c h\u00e0nh t\u1ed1t nh\u1ea5t sau \u0111\u00e2y \u0111\u1ec3 s\u1eed d\u1ee5ng Ansible.<\/p>\n<h3 id=\"file-system-layout\">B\u1ed1 c\u1ee5c h\u1ec7 th\u1ed1ng t\u1eadp tin<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#file-system-layout\"><\/a><\/h3>\n<p>T\u1ed5 ch\u1ee9c c\u00e1c d\u1ef1 \u00e1n v\u1edbi b\u1ed1 c\u1ee5c h\u1ec7 th\u1ed1ng t\u1ec7p nh\u1ea5t qu\u00e1n. T\u00e1ch s\u1ed5 tay h\u01b0\u1edbng d\u1eabn kh\u1ecfi c\u00e1c vai tr\u00f2, trong c\u00e1c th\u01b0 m\u1ee5c c\u00f3 t\u00ean t\u01b0\u01a1ng \u1ee9ng&nbsp;<code>playbooks<\/code>v\u00e0&nbsp;<code>roles<\/code>. K\u1ebft qu\u1ea3 s\u1ebd tr\u00f4ng gi\u1ed1ng nh\u01b0 c\u1ea5u tr\u00fac th\u01b0 m\u1ee5c d\u1ef1 \u00e1n m\u1eabu sau:<\/p>\n<pre class=\"wp-block-code\"><code>project\/\n\u251c\u2500\u2500 playbooks\/\n\u2502   \u2514\u2500\u2500 example_playbook.yml\n\u251c\u2500\u2500 roles\/\n\u2502   \u2514\u2500\u2500 example_role\/\n\u2502       \u251c\u2500\u2500 tasks\/\n\u2502       \u251c\u2500\u2500 handlers\/\n\u2502       \u251c\u2500\u2500 templates\/\n\u2502       \u2514\u2500\u2500 \u2026\n\u2502\u2500\u2500 ...\n\u251c\u2500\u2500 group_vars\/\n\u2502   \u251c\u2500\u2500 all.yml\n\u2502   \u251c\u2500\u2500 production.yml\n\u2502   \u2514\u2500\u2500 development.yml\n\u2502\u2500\u2500 ...\n\u251c\u2500\u2500 inventory\/\n\u2502   \u251c\u2500\u2500 production_hosts\n\u2502   \u251c\u2500\u2500 staging_hosts\n\u2502   \u2514\u2500\u2500 development_hosts\n\u2502\u2500\u2500 ...\n\u251c\u2500\u2500 vault\/\n\u2502   \u251c\u2500\u2500 secret_file.yml\n\u2502   \u2514\u2500\u2500 \u2026\n\u2514\u2500\u2500 ...<\/code><\/pre>\n<p>Vi\u1ec7c \u0111\u00e1nh v\u1ea7n t\u00ean t\u1ec7p v\u00e0 c\u00e1c kh\u00eda c\u1ea1nh ch\u00ednh th\u1ee9c kh\u00e1c c\u1ee7a d\u1ef1 \u00e1n Ansible ch\u1ec9 mang t\u00ednh h\u00ecnh th\u1ee9c v\u00e0 kh\u00f4ng \u0111\u01b0\u1ee3c coi l\u00e0 l\u1eadp tr\u00ecnh Ansible th\u1ef1c s\u1ef1. C\u00e0ng c\u00f3 l\u00fd do \u0111\u1ec3 chu\u1ea9n h\u00f3a c\u00e1c th\u00f4ng l\u1ec7 chung m\u00e0 nh\u1eefng ng\u01b0\u1eddi kh\u00e1c \u0111\u00e3 x\u00e1c \u0111\u1ecbnh v\u00e0 d\u00e0nh s\u1ef1 ch\u00fa \u00fd c\u1ee7a nh\u00f3m b\u1ea1n cho c\u00e1c v\u1ea5n \u0111\u1ec1 s\u00e2u s\u1eafc h\u01a1n. Sau c\u00f9ng, CNTT l\u00e0 m\u1ed9t c\u00f4ng vi\u1ec7c h\u1ee3p t\u00e1c.<\/p>\n<p>M\u1ee5c \u0111\u00edch c\u1ee7a ph\u01b0\u01a1ng ph\u00e1p hay nh\u1ea5t n\u00e0y kh\u00f4ng ph\u1ea3i l\u00e0 v\u1ec1 \u0111\u1ee9c t\u00ednh hay t\u00ednh th\u1ea9m m\u1ef9 c\u1ee7a m\u1ed9t danh m\u1ee5c \u0111\u01b0\u1ee3c \u0111\u00e1nh v\u1ea7n&nbsp;<code>playbooks<\/code>m\u00e0 l\u00e0&nbsp;<code>playbook<\/code>v\u1ec1 l\u1ee3i \u00edch c\u1ee7a m\u1ed9t&nbsp;<a href=\"https:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC3575067\/#:~:text=A%20shared%2C%20common%20language%20provides%20a%20focus%20for%20all%20stakeholders.&amp;text=It%20is%20most%20effective%20when,help%20to%20decrease%20project%20costs.\" target=\"_blank\" rel=\"noreferrer noopener\">ng\u00f4n ng\u1eef chung cho to\u00e0n b\u1ed9 nh\u00f3m<\/a>&nbsp;. S\u1eed d\u1ee5ng c\u00e1c ph\u01b0\u01a1ng ph\u00e1p hay nh\u1ea5t n\u00e0y, c\u00e1c nh\u00f3m c\u00f3 th\u1ec3 chuy\u1ec3n s\u1ef1 ch\u00fa \u00fd c\u1ee7a m\u00ecnh t\u1eeb&nbsp;<a href=\"https:\/\/americanexpress.io\/yak-shaving\/\" target=\"_blank\" rel=\"noreferrer noopener\">vi\u1ec7c lo l\u1eafng v\u1ec1 c\u00e1c chi ti\u1ebft c\u1ee5 th\u1ec3<\/a>&nbsp;sang suy ngh\u0129 nhi\u1ec1u h\u01a1n v\u1ec1 c\u00e1ch l\u00e0m vi\u1ec7c c\u00f9ng nhau h\u01b0\u1edbng t\u1edbi c\u00e1c m\u1ee5c ti\u00eau kinh doanh l\u1edbn h\u01a1n.<\/p>\n<h3 id=\"ansible-configuration\">C\u1ea5u h\u00ecnh Ansible<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#ansible-configuration\"><\/a><\/h3>\n<p>S\u1eed d\u1ee5ng&nbsp;<code>ansible.cfg<\/code>cho c\u1ea5u h\u00ecnh to\u00e0n c\u1ea7u. X\u00e1c \u0111\u1ecbnh c\u00e1c m\u1eb7c \u0111\u1ecbnh h\u1ee3p l\u00fd cho c\u00e1c \u0111\u01b0\u1eddng d\u1eabn ki\u1ec3m k\u00ea v\u00e0 vai tr\u00f2. S\u1eed d\u1ee5ng ch\u00fa th\u00edch c\u00fa ph\u00e1p \u0111\u1ec3 ghi l\u1ea1i l\u00fd do \u0111\u1eb1ng sau c\u00e1c l\u1ef1a ch\u1ecdn \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n.<\/p>\n<p>\u0110\u01b0\u1ee3c thi\u1ebft l\u1eadp r\u00f5 r\u00e0ng&nbsp;<code>forks<\/code>\u0111\u1ec3 ki\u1ec3m so\u00e1t t\u00ednh song song. C\u1ea5u h\u00ecnh&nbsp;<code>pipelining<\/code>\u0111\u1ec3 gi\u1edbi h\u1ea1n&nbsp;<code>ssh<\/code>c\u00e1c ho\u1ea1t \u0111\u1ed9ng v\u00e0 t\u0103ng hi\u1ec7u su\u1ea5t. C\u1ea5u h\u00ecnh&nbsp;<code>ControlPath<\/code>\u0111\u1ec3 chia s\u1ebb&nbsp;<code>ssh<\/code>k\u1ebft n\u1ed1i. \u0110i\u1ec1u ch\u1ec9nh&nbsp;<code>timeout<\/code>v\u00e0&nbsp;<code>poll_interval<\/code>qu\u1ea3n l\u00fd th\u1eddi gian ch\u1edd c\u1ee7a c\u00e1c t\u00e1c v\u1ee5 ch\u1ea1y l\u00e2u.<\/p>\n<p>Ki\u1ec3m so\u00e1t m\u1ee9c \u0111\u1ed9 chi ti\u1ebft c\u1ee7a vi\u1ec7c ghi nh\u1eadt k\u00fd d\u1ef1a tr\u00ean kinh nghi\u1ec7m th\u1ef1c t\u1ebf v\u00e0 c\u00e1c ph\u00e9p \u0111o c\u1ee7a s\u1ed5 tay h\u01b0\u1edbng d\u1eabn c\u1ee5 th\u1ec3 \u0111ang s\u1eed d\u1ee5ng. Xem x\u00e9t \u0111\u1ecbnh k\u1ef3 c\u1ea5u h\u00ecnh \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o n\u00f3 ph\u00f9 h\u1ee3p v\u1edbi c\u00e1c ch\u00ednh s\u00e1ch v\u00e0 m\u1ee5c ti\u00eau \u0111\u00e3 thi\u1ebft l\u1eadp.<\/p>\n<h3 id=\"playbook-design-and-structure\">Thi\u1ebft k\u1ebf v\u00e0 c\u1ea5u tr\u00fac Playbook<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#playbook-design-and-structure\"><\/a><\/h3>\n<p>S\u1eed d\u1ee5ng Roles \u0111\u1ec3 m\u00f4-\u0111un h\u00f3a playbook. Tham kh\u1ea3o&nbsp;<a href=\"https:\/\/galaxy.ansible.com\/ui\/\" target=\"_blank\" rel=\"noreferrer noopener\">Ansible Galaxy<\/a>&nbsp;\u0111\u1ec3 l\u1ea5y c\u1ea3m h\u1ee9ng v\u1ec1 c\u00e1c \u0111\u1ecbnh ngh\u0129a h\u1eefu \u00edch c\u1ee7a Roles. X\u00e1c \u0111\u1ecbnh l\u1ef1a ch\u1ecdn c\u1ee7a ri\u00eang b\u1ea1n trong&nbsp;<code>requirements.yml<\/code>.<\/p>\n<p>H\u00e3y c\u00e2n nh\u1eafc vi\u1ec7c ph\u00e2n \u0111o\u1ea1n c\u00e1c playbook l\u1edbn v\u00e0 ph\u1ee9c t\u1ea1p th\u00e0nh nhi\u1ec1u playbook nh\u1ecf h\u01a1n, m\u1ed7i playbook t\u1eadp trung v\u00e0o m\u1ed9t th\u00e0nh ph\u1ea7n ho\u1eb7c ch\u1ee9c n\u0103ng c\u1ee5 th\u1ec3. G\u00f3i playbook k\u1ebft qu\u1ea3 c\u00f3 th\u1ec3 d\u1ec5 qu\u1ea3n l\u00fd h\u01a1n so v\u1edbi g\u00f3i playbook ho\u00e0n ch\u1ec9nh ban \u0111\u1ea7u. M\u1ed9t c\u00e1ch thay th\u1ebf \u0111\u1ec3 c\u1ea5u tr\u00fac playbook ph\u1ee9c t\u1ea1p l\u00e0 s\u1eed d\u1ee5ng&nbsp;<a href=\"https:\/\/galaxy.ansible.com\/ui\/\" target=\"_blank\" rel=\"noreferrer noopener\">th\u1ebb<\/a>&nbsp;. Th\u1ebb v\u00f4 hi\u1ec7u h\u00f3a ho\u1eb7c k\u00edch ho\u1ea1t hi\u1ec7u qu\u1ea3 c\u00e1c ph\u1ea7n c\u1ee7a playbook. V\u00ed d\u1ee5, \u0111\u00f4i khi c\u00f3 l\u1ee3i khi gi\u1eef nguy\u00ean m\u1ed9t playbook, trong khi ki\u1ec3m so\u00e1t c\u00e1c ph\u1ea7n ri\u00eang bi\u1ec7t trong \u0111\u00f3.<\/p>\n<p>Ph\u00e2n t\u00e1ch th\u00f4ng tin v\u1ec1 kho l\u01b0u tr\u1eef, c\u1ea5u h\u00ecnh v\u00e0 bi\u1ebfn th\u00e0nh c\u00e1c t\u1ec7p ri\u00eang bi\u1ec7t cho t\u1eebng m\u00f4i tr\u01b0\u1eddng.<\/p>\n<p>Duy tr\u00ec m\u1ed9t Vault cho&nbsp;<em>t\u1ea5t c\u1ea3<\/em>&nbsp;th\u00f4ng tin nh\u1ea1y c\u1ea3m ho\u1eb7c ri\u00eang t\u01b0. Bao g\u1ed3m m\u1eadt kh\u1ea9u, ch\u1ee9ng ch\u1ec9, m\u00e3 th\u00f4ng b\u00e1o, kh\u00f3a ho\u1eb7c b\u1ea5t k\u1ef3 th\u00f4ng tin chi ti\u1ebft n\u00e0o kh\u00e1c c\u1ee7a kh\u00e1ch h\u00e0ng m\u00e0 Ansible c\u1ea7n bi\u1ebft. H\u00e3y c\u00e2n nh\u1eafc ph\u01b0\u01a1ng \u00e1n l\u01b0u tr\u1eef d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m trong m\u1ed9t t\u1ec7p v\u00e0 tham chi\u1ebfu \u0111\u1ebfn t\u1ec7p \u0111\u00f3 thay v\u00ec m\u00e3 h\u00f3a d\u1eef li\u1ec7u \u0111\u00f3 v\u00e0o Ansible.<\/p>\n<p>Xem x\u00e9t v\u00e0 c\u1ea3i ti\u1ebfn c\u1ea5u tr\u00fac s\u1ed5 tay h\u01b0\u1edbng d\u1eabn theo \u0111\u1ecbnh k\u1ef3 \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh m\u1edbi m\u1ebb v\u00e0 ph\u00f9 h\u1ee3p v\u1edbi y\u00eau c\u1ea7u c\u1ee7a d\u1ef1 \u00e1n.<\/p>\n<h3 id=\"variable-names\">T\u00ean bi\u1ebfn<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#variable-names\"><\/a><\/h3>\n<p>Ch\u1ecdn t\u00ean bi\u1ebfn m\u00f4 t\u1ea3. V\u00ed d\u1ee5,&nbsp;<code>gateway<\/code>thay v\u00ec&nbsp;<code>gw<\/code>. Tuy nhi\u00ean, c\u0169ng n\u00ean ch\u1ecdn t\u00ean ng\u1eafn g\u1ecdn thay v\u00ec t\u00ean ph\u1ee9c t\u1ea1p.<\/p>\n<p>V\u00ed d\u1ee5,&nbsp;h\u00e3y s\u1eed d\u1ee5ng&nbsp;<a href=\"https:\/\/www.freecodecamp.org\/news\/snake-case-vs-camel-case-vs-pascal-case-vs-kebab-case-whats-the-difference\/#:~:text=Snake%20case%20separates%20each%20word,letters%20need%20to%20be%20lowercase.&amp;text=Snake%20case%20is%20used%20for%20creating%20variable%20and%20method%20names.\" target=\"_blank\" rel=\"noreferrer noopener\">snake case<\/a><code>database_account<\/code>&nbsp;thay v\u00ec&nbsp;<code>DatabaseAccount<\/code>ho\u1eb7c c\u00e1c bi\u1ebfn th\u1ec3 kh\u00e1c.<\/p>\n<p>Ghi l\u1ea1i m\u1ee5c \u0111\u00edch, c\u00e1ch s\u1eed d\u1ee5ng v\u00e0 ph\u1ea1m vi c\u1ee7a c\u00e1c bi\u1ebfn b\u1eb1ng c\u00e1c b\u00ecnh lu\u1eadn. V\u00ed d\u1ee5 v\u1ec1 c\u00e1c b\u00ecnh lu\u1eadn \u0111\u1eb7c bi\u1ec7t h\u1eefu \u00edch t\u1eadp trung v\u00e0o c\u00e1c bi\u1ebfn c\u1ee5 th\u1ec3 bao g\u1ed3m:<\/p>\n<pre class=\"wp-block-code\"><code># hostname is case-insensitive, so that 'server1' and 'SERVER1' behave identically\n# corpus_account must be qualified: 'name@domain.com' is OK, but 'name' is not<\/code><\/pre>\n<p>Nh\u00f3m c\u00e1c bi\u1ebfn theo th\u1ee9 b\u1eadc. \u0110i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn c\u00e1c t\u00ean nh\u01b0&nbsp;<code>database_account<\/code>,&nbsp;<code>database_host<\/code>,&nbsp;<code>database_password<\/code>, v\u00e0&nbsp;<code>database_priority<\/code>. C\u00e1c bi\u1ebfn c\u1ee5 th\u1ec3 theo m\u00f4i tr\u01b0\u1eddng x\u1ee9ng \u0111\u00e1ng c\u00f3 ti\u1ec1n t\u1ed1 c\u00f3 \u00fd ngh\u0129a nh\u01b0&nbsp;<code>prod_database_account<\/code>ho\u1eb7c&nbsp;<code>env_database_account<\/code>.<\/p>\n<p>Tr\u00e1nh l\u00e0m lu m\u1edd&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/reference_appendices\/playbooks_keywords.html\" target=\"_blank\" rel=\"noreferrer noopener\">c\u00e1c t\u1eeb kh\u00f3a \u0111\u01b0\u1ee3c d\u00e0nh ri\u00eang<\/a>&nbsp;. Thay v\u00ec&nbsp;<code>item<\/code>ho\u1eb7c&nbsp;<code>serial<\/code>, h\u00e3y ch\u1ecdn&nbsp;<code>server_item<\/code>ho\u1eb7c&nbsp;<code>hardware_serial_number<\/code>.<\/p>\n<p>\u0110\u1eebng ng\u1ea1i t\u1ea1o ra ngo\u1ea1i l\u1ec7 cho c\u00e1c quy t\u1eafc n\u00e0y khi th\u00edch h\u1ee3p. V\u00ed d\u1ee5, h\u00e3y r\u00fat g\u1ecdn&nbsp;<code>gateway<\/code>xu\u1ed1ng&nbsp;<code>gw<\/code>n\u1ebfu m\u1ed9t nh\u00f3m c\u1ee5 th\u1ec3 c\u00f3 th\u00f4ng l\u1ec7 l\u00e2u \u0111\u1eddi, \u0111\u01b0\u1ee3c hi\u1ec3u r\u00f5 v\u1ec1 vi\u1ec7c th\u1ef1c hi\u1ec7n nh\u01b0 v\u1eady trong c\u00e1c h\u1ec7 th\u1ed1ng v\u00e0 ng\u00f4n ng\u1eef kh\u00e1c ngo\u00e0i Ansible.<\/p>\n<p>Cu\u1ed1i c\u00f9ng nh\u01b0ng kh\u00f4ng k\u00e9m ph\u1ea7n quan tr\u1ecdng, h\u00e3y lu\u00f4n nh\u1ea5t qu\u00e1n trong c\u00e1c k\u1ebf ho\u1ea1ch v\u00e0 d\u1ef1 \u00e1n.<\/p>\n<h3 id=\"error-handling-in-ansible\">X\u1eed l\u00fd l\u1ed7i trong Ansible<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#error-handling-in-ansible\"><\/a><\/h3>\n<p>X\u1eed l\u00fd l\u1ed7i l\u00e0 c\u1ef1c k\u1ef3 quan tr\u1ecdng. H\u1ea7u h\u1ebft c\u00f4ng vi\u1ec7c \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n b\u1edfi c\u00e1c h\u1ec7 th\u1ed1ng m\u00e1y t\u00ednh \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n khi m\u1ecdi th\u1ee9 ho\u1ea1t \u0111\u1ed9ng nh\u01b0 mong \u0111\u1ee3i. Tuy nhi\u00ean, m\u1ed9t s\u1ed5 tay h\u01b0\u1edbng d\u1eabn t\u1ed1t c\u00f3 nhi\u1ec1u d\u00f2ng d\u00e0nh ri\u00eang cho vi\u1ec7c ph\u1ea3n h\u1ed3i l\u1ed7i h\u01a1n l\u00e0 nh\u1eefng g\u00ec x\u1ea3y ra khi m\u1ecdi th\u1ee9 di\u1ec5n ra \u0111\u00fang.<\/p>\n<p>\u201cX\u1eed l\u00fd\u201d bao g\u1ed3m m\u1ecdi th\u1ee9 t\u1eeb vi\u1ec7c b\u1ecf qua l\u1ed7i, \u0111\u1ebfn vi\u1ec7c ghi nh\u1eadt k\u00fd l\u1ed7i, th\u00f4ng b\u00e1o cho h\u1ec7 th\u1ed1ng gi\u00e1m s\u00e1t ho\u1eb7c kh\u1edfi ch\u1ea1y quy tr\u00ecnh ch\u1ea9n \u0111o\u00e1n. Th\u1ef1c h\u00e0nh t\u1ed1t nh\u1ea5t quan tr\u1ecdng nh\u1ea5t trong x\u1eed l\u00fd l\u1ed7i l\u00e0 s\u1eed d\u1ee5ng r\u00f5 r\u00e0ng&nbsp;<code>ignore_errors<\/code>v\u00e0&nbsp;<code>register<\/code>. Khi m\u1ed9t t\u00ecnh tr\u1ea1ng c\u1ee5 th\u1ec3 \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 l\u00e0 kh\u00f4ng nghi\u00eam tr\u1ecdng, h\u00e3y \u0111\u00e1nh d\u1ea5u n\u00f3 b\u1eb1ng&nbsp;<code>ignore_errors<\/code>, cho ph\u00e9p playbook ti\u1ebfp t\u1ee5c. Ngo\u00e0i ra, h\u00e3y \u0111\u00e1nh d\u1ea5u n\u00f3 b\u1eb1ng m\u1ed9t b\u00ecnh lu\u1eadn th\u00edch h\u1ee3p nh\u01b0&nbsp;<code># Error here is non-fatal because ...<\/code>. C\u0169ng x\u1eed l\u00fd c\u00e1c \u0111i\u1ec1u ki\u1ec7n l\u1ed7i c\u00f3 \u0111i\u1ec1u ki\u1ec7n b\u1eb1ng&nbsp;<code>when: task_result.failed<\/code>. M\u1ed9t c\u01a1 ch\u1ebf x\u1eed l\u00fd l\u1ed7i kh\u00e1c,&nbsp;<code>block-rescue-always<\/code>, c\u00f3 th\u1ec3 \u00e1p d\u1ee5ng cho vi\u1ec7c qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean v\u00e0 d\u1ecdn d\u1eb9p c\u00e1c tr\u1ea1ng th\u00e1i c\u00f3 v\u1ea5n \u0111\u1ec1. T\u1eadn d\u1ee5ng&nbsp;<code>assert<\/code>m\u00f4-\u0111un c\u1ee7a Ansible. \u0110\u1eebng cho r\u1eb1ng m\u1ed9t d\u1ecbch v\u1ee5 c\u1ee5 th\u1ec3 kh\u1ea3 d\u1ee5ng tr\u01b0\u1edbc khi b\u1eaft \u0111\u1ea7u s\u1eed d\u1ee5ng d\u1ecbch v\u1ee5 \u0111\u00f3. Thay v\u00e0o \u0111\u00f3, h\u00e3y cho r\u1eb1ng&nbsp;<code>assert<\/code>d\u1ecbch v\u1ee5 \u0111\u00f3 kh\u1ea3 d\u1ee5ng tr\u01b0\u1edbc.<\/p>\n<p>T\u00ecm hi\u1ec3u ch\u1ee9c n\u0103ng ghi nh\u1eadt k\u00fd, ki\u1ec3m tra, g\u1ee1 l\u1ed7i v\u00e0 tho\u00e1t m\u00e3 t\u00edch h\u1ee3p c\u1ee7a Ansible \u0111\u1ec3 x\u1eed l\u00fd l\u1ed7i hi\u1ec7u qu\u1ea3 nh\u1ea5t.<\/p>\n<h3 id=\"ansible-logging\">Ghi nh\u1eadt k\u00fd Ansible<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#ansible-logging\"><\/a><\/h3>\n<p>Ansible logging c\u00f3 m\u1ed9t s\u1ed1 vai tr\u00f2. T\u00ecm hi\u1ec3u nh\u1eefng \u0111i\u1ec1u c\u1ea7n thi\u1ebft b\u1eb1ng c\u00e1ch th\u1ef1c h\u00e0nh v\u1edbi c\u00e1c m\u00f4-\u0111un log v\u00e0 debug. \u1ede d\u1ea1ng \u0111\u01a1n gi\u1ea3n nh\u1ea5t, log c\u00f3 th\u1ec3 truy\u1ec1n t\u1ea3i th\u00f4ng \u0111i\u1ec7p trong qu\u00e1 tr\u00ecnh th\u1ef1c thi playbook th\u00f4ng qua m\u1ed9t th\u00f4ng s\u1ed1 k\u1ef9 thu\u1eadt nh\u01b0:<\/p>\n<pre class=\"wp-block-code\"><code>- name: Log a single diagnostic\n  log:\n    msg: \"This is the diagnostic logged at this point\"<\/code><\/pre>\n<p>Ti\u1ebfp theo, h\u00e3y t\u00ecm hi\u1ec3u c\u00e1ch c\u1ea5u h\u00ecnh&nbsp;<code>callback_whitelist<\/code>,&nbsp;<code>log_level<\/code>, v\u00e0&nbsp;<code>log_path<\/code>trong&nbsp;<code>ansible.cfg<\/code>. Th\u1eed nghi\u1ec7m v\u1edbi&nbsp;<code>log_level<\/code>\u0111\u1ec3 t\u00ecm hi\u1ec3u c\u00e1ch c\u00e1c danh m\u1ee5c&nbsp;<code>CRITICAL<\/code>,&nbsp;<code>DEBUG<\/code>,&nbsp;<code>ERROR<\/code>,&nbsp;<code>INFO<\/code>, v\u00e0&nbsp;<code>WARNING<\/code>\u00e1p d\u1ee5ng trong c\u00e1c d\u1ef1 \u00e1n c\u1ee7a b\u1ea1n. \u0110\u1eb7t ch\u00fang \u0111\u1ec3 \u0111\u00e1p \u1ee9ng nhu c\u1ea7u c\u1ee7a c\u00e1c \u1ee9ng d\u1ee5ng c\u1ee5 th\u1ec3 v\u00e0 s\u1edf th\u00edch c\u1ee7a ri\u00eang b\u1ea1n. M\u1ed9t s\u1ed1 qu\u1ea3n tr\u1ecb vi\u00ean th\u00edch ghi l\u1ea1i m\u1ecdi th\u1ee9 c\u00f3 th\u1ec3 h\u1eefu \u00edch, nh\u01b0ng ch\u1ec9 cho ph\u00e9p&nbsp;<code>CRITICAL<\/code>th\u1ef1c hi\u1ec7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng h\u00e0ng ng\u00e0y. Nh\u1eefng ng\u01b0\u1eddi kh\u00e1c ch\u1ec9 ghi l\u1ea1i ch\u1ea9n \u0111o\u00e1n \u0111\u01b0\u1ee3c \u0111\u1ea3m b\u1ea3o l\u00e0 y\u00eau c\u1ea7u ph\u1ea3n h\u1ed3i. B\u1ea5t k\u1ef3 c\u00e1ch ti\u1ebfp c\u1eadn n\u00e0o ho\u1eb7c nhi\u1ec1u ph\u01b0\u01a1ng \u00e1n thay th\u1ebf kh\u00e1c nhau gi\u1eefa ch\u00fang \u0111\u1ec1u c\u00f3 hi\u1ec7u qu\u1ea3. \u0110i\u1ec1u quan tr\u1ecdng h\u01a1n l\u00e0 ph\u1ea3i nh\u1ea5t qu\u00e1n v\u1ec1 phong c\u00e1ch b\u1ea1n ch\u1ecdn.<\/p>\n<p><a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/plugins\/callback.html\" target=\"_blank\" rel=\"noreferrer noopener\">C\u00e1c plugin g\u1ecdi l\u1ea1i c\u1ee7a Ansible<\/a>&nbsp;t\u1ef1 nhi\u00ean \u00e1p d\u1ee5ng cho nhi\u1ec1u t\u00ecnh hu\u1ed1ng ghi nh\u1eadt k\u00fd. V\u00ed d\u1ee5: khi b\u1ea1n mu\u1ed1n t\u00f9y ch\u1ec9nh \u0111\u1ecbnh d\u1ea1ng \u0111\u1ea7u ra, chuy\u1ec3n th\u00f4ng b\u00e1o \u0111\u1ebfn email, l\u1eadp h\u1ed3 s\u01a1 s\u1ed1 li\u1ec7u hi\u1ec7u su\u1ea5t trong m\u1ed9t s\u1ef1 c\u1ed1 ho\u1eb7c \u0111\u00e1p \u1ee9ng c\u00e1c y\u00eau c\u1ea7u ghi nh\u1eadt k\u00fd.<\/p>\n<p>\u0110\u00e1nh d\u1ea5u th\u1eddi gian cho c\u00e1c m\u1ee5c nh\u1eadp nh\u1eadt k\u00fd c\u1ee7a b\u1ea1n. Xoay v\u00f2ng nh\u1eadt k\u00fd \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o s\u1eed d\u1ee5ng hi\u1ec7u qu\u1ea3 b\u1ed9 nh\u1edb. L\u01b0u tr\u1eef nh\u1eadt k\u00fd \u0111\u1ec3 ki\u1ec3m tra v\u00e0 tu\u00e2n th\u1ee7. X\u1eed l\u00fd nh\u1eadt k\u00fd nh\u01b0 th\u00f4ng tin nh\u1ea1y c\u1ea3m c\u1ea7n \u0111\u01b0\u1ee3c ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt, do \u0111\u00f3 h\u00e3y c\u1ea5u h\u00ecnh quy\u1ec1n truy c\u1eadp ch\u1ec9 d\u00e0nh cho nh\u1eefng ng\u01b0\u1eddi d\u00f9ng c\u00f3 nhu c\u1ea7u xem ch\u00fang.<\/p>\n<p>V\u1edbi c\u00e1c ki\u1ebfn \u200b\u200bth\u1ee9c c\u01a1 b\u1ea3n v\u1ec1 ghi nh\u1eadt k\u00fd, h\u00e3y c\u00e2n nh\u1eafc qu\u1ea3n l\u00fd nh\u1eadt k\u00fd ph\u1ee9c t\u1ea1p h\u01a1n th\u00f4ng qua c\u00e1c tr\u00ecnh t\u1ed5ng h\u1ee3p nh\u01b0 Elasticsearch, Logstash, Kibana v\u00e0 Splunk. Nh\u1eefng c\u00f4ng c\u1ee5 n\u00e0y gi\u00fap m\u1edf r\u1ed9ng kh\u1ea3 n\u0103ng ph\u00e2n t\u00edch nh\u1eadt k\u00fd c\u1ee7a b\u1ea1n.<\/p>\n<p>Quy\u1ebft \u0111\u1ecbnh v\u1ec1 ch\u00ednh s\u00e1ch \u0111\u00e1nh gi\u00e1. Kh\u00f4ng c\u00f3 ph\u01b0\u01a1ng ph\u00e1p hay nh\u1ea5t n\u00e0o \u0111\u01b0\u1ee3c ch\u1ee9ng minh l\u00e0 c\u00f3 th\u1ec3 \u00e1p d\u1ee5ng chung cho c\u00e1ch th\u1ee9c v\u00e0 th\u1eddi \u0111i\u1ec3m \u0111\u00e1nh gi\u00e1 nh\u1eadt k\u00fd. T\u1ed1t nh\u1ea5t l\u00e0 ph\u1ea3i th\u1ef1c t\u1ebf. N\u1ebfu ng\u01b0\u1eddi ra quy\u1ebft \u0111\u1ecbnh tin r\u1eb1ng c\u1ea7n ph\u1ea3i \u0111\u1ecdc nh\u1eadt k\u00fd, h\u00e3y ph\u00e2n b\u1ed5 th\u1eddi gian \u0111\u1ec3 th\u1ef1c hi\u1ec7n nh\u01b0 m\u1ed9t ch\u00ednh s\u00e1ch r\u00f5 r\u00e0ng v\u00e0 theo d\u00f5i k\u1ebft qu\u1ea3.<\/p>\n<h3 id=\"inline-comments\">B\u00ecnh lu\u1eadn n\u1ed9i tuy\u1ebfn<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#inline-comments\"><\/a><\/h3>\n<p>B\u00ecnh lu\u1eadn r\u1ea5t quan tr\u1ecdng v\u00e0 b\u1ed5 \u00edch, m\u1eb7c d\u00f9 \u00edt \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong th\u1ef1c t\u1ebf. M\u1ed7i l\u1ea7n b\u1ea1n vi\u1ebft m\u1ed9t d\u00f2ng Ansible, h\u00e3y t\u1ef1 h\u1ecfi: \u0111i\u1ec1u g\u00ec s\u1ebd gi\u00fap t\u00f4i hi\u1ec3u \u0111\u01b0\u1ee3c m\u1ee5c \u0111\u00edch c\u1ee7a \u0111i\u1ec1u n\u00e0y n\u1ebfu t\u00f4i quay l\u1ea1i \u0111\u00e2y sau s\u00e1u th\u00e1ng n\u1eefa? L\u00fd t\u01b0\u1edfng nh\u1ea5t l\u00e0 s\u1ed5 tay h\u01b0\u1edbng d\u1eabn c\u1ee7a b\u1ea1n ph\u1ea3i \u0111\u01a1n gi\u1ea3n v\u00e0 d\u1ec5 hi\u1ec3u \u0111\u1ebfn m\u1ee9c ngu\u1ed3n c\u1ee7a ch\u00fang t\u1ef1 n\u00f3i l\u00ean \u0111i\u1ec1u \u0111\u00f3. \u0110i\u1ec1u t\u1ed1t nh\u1ea5t ti\u1ebfp theo sau t\u00ecnh hu\u1ed1ng l\u00fd t\u01b0\u1edfng \u0111\u00f3 l\u00e0 ngu\u1ed3n \u0111\u01b0\u1ee3c b\u00ecnh lu\u1eadn t\u1ed1t \u0111\u1ebfn m\u1ee9c n\u00f3 tr\u1ea3 l\u1eddi m\u1ecdi c\u00e2u h\u1ecfi t\u1ef1 nhi\u00ean n\u1ea3y sinh. Lu\u00f4n vi\u1ebft b\u00ecnh lu\u1eadn hay v\u00e0 nh\u1ea5n m\u1ea1nh r\u1eb1ng to\u00e0n b\u1ed9 nh\u00f3m c\u1ee7a b\u1ea1n c\u0169ng v\u1eady.<\/p>\n<h3 id=\"readmes\">README<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#readmes\"><\/a><\/h3>\n<p>Vi\u1ebft a&nbsp;<code>README<\/code>cho m\u1ed7i th\u01b0 m\u1ee5c v\u00e0 th\u01b0 m\u1ee5c con trong m\u1ed9t d\u1ef1 \u00e1n. N\u00f3 c\u00f3 th\u1ec3 ng\u1eafn g\u1ecdn nh\u01b0 sau:<\/p>\n<pre class=\"wp-block-code\"><code># Variables for the Staging environment\n\nThis specification details the Ansible variables which\nare specific to actions in the staging environment.<\/code><\/pre>\n<p>C\u00e1c t\u1ec7p kh\u00e1c&nbsp;<code>README<\/code>c\u00f3 th\u1ec3 d\u00e0i h\u00e0ng tr\u0103m t\u1eeb v\u1ec1 ki\u1ebfn \u200b\u200btr\u00fac v\u00e0 quy\u1ebft \u0111\u1ecbnh thi\u1ebft k\u1ebf m\u00e0 m\u1ed9t th\u01b0 m\u1ee5c c\u1ee5 th\u1ec3 \u0111\u1ea1i di\u1ec7n. Ba ph\u01b0\u01a1ng ph\u00e1p th\u1ef1c h\u00e0nh t\u1ed1t nh\u1ea5t t\u1ef1 nhi\u00ean \u00e1p d\u1ee5ng cho&nbsp;<code>README<\/code>c\u00e1c t\u1ec7p l\u00e0:<\/p>\n<ul>\n<li>T\u1ea1o ch\u00ednh x\u00e1c m\u1ed9t t\u1ec7p&nbsp;<code>README.md<\/code>cho m\u1ed7i th\u01b0 m\u1ee5c trong m\u1ed9t d\u1ef1 \u00e1n.<\/li>\n<li>\u0110\u1ecbnh d\u1ea1ng n\u1ed9i dung theo chu\u1ea9n&nbsp;<a href=\"https:\/\/www.markdownguide.org\/getting-started\/\" target=\"_blank\" rel=\"noreferrer noopener\">Markdown<\/a>&nbsp;.<\/li>\n<li>Cung c\u1ea5p \u201ctri\u1ebft l\u00fd\u201d v\u00e0 \u0111\u1ed9ng l\u1ef1c c\u1ea5p cao trong README. \u0110\u1ec3 l\u1ea1i c\u00e1c chi ti\u1ebft k\u1ef9 thu\u1eadt cho c\u00e1c b\u00ecnh lu\u1eadn ngu\u1ed3n. Gi\u1ea3m thi\u1ec3u vi\u1ec7c l\u1eb7p l\u1ea1i c\u00e1c b\u00ecnh lu\u1eadn ngu\u1ed3n v\u00e0 thay v\u00e0o \u0111\u00f3&nbsp;<strong>tham chi\u1ebfu<\/strong>&nbsp;ch\u00fang trong&nbsp;<code>README<\/code>c\u00e1c t\u1ec7p.<\/li>\n<\/ul>\n<h3 id=\"playbook-documentation\">T\u00e0i li\u1ec7u h\u01b0\u1edbng d\u1eabn<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#playbook-documentation\"><\/a><\/h3>\n<p>Chu\u1ea9n b\u1ecb m\u1ed9t c\u1ea5p \u0111\u1ed9 cao nh\u1ea5t&nbsp;<code>README.md<\/code>gi\u1ea3i th\u00edch m\u1ee5c \u0111\u00edch v\u00e0 c\u00e1ch s\u1eed d\u1ee5ng s\u1ed5 tay h\u01b0\u1edbng d\u1eabn. Cung c\u1ea5p cho ng\u01b0\u1eddi \u0111\u1ecdc \u00edt nh\u1ea5t m\u1ed9t c\u00e1ch \u0111\u1ec3 ki\u1ec3m tra s\u1ed5 tay h\u01b0\u1edbng d\u1eabn. N\u00f3i c\u00e1ch kh\u00e1c, gi\u1ea3i th\u00edch c\u00e1ch th\u1ef1c hi\u1ec7n m\u1ed9t vi\u1ec7c g\u00ec \u0111\u00f3 v\u00e0 k\u1ebft qu\u1ea3 s\u1ebd nh\u01b0 th\u1ebf n\u00e0o. Bao g\u1ed3m c\u00e1c v\u00ed d\u1ee5, tr\u01b0\u1eddng h\u1ee3p s\u1eed d\u1ee5ng v\u00e0 tham chi\u1ebfu \u0111\u1ebfn c\u00e1c t\u00e0i li\u1ec7u c\u00f3 li\u00ean quan. Cung c\u1ea5p li\u00ean k\u1ebft \u0111\u1ebfn ch\u00ednh s\u00e1ch c\u1ee7a b\u1ea1n v\u1ec1 ch\u1ee7 \u0111\u1ec1 n\u00e0y. N\u1ebfu m\u1ed9t kh\u00eda c\u1ea1nh n\u00e0o \u0111\u00f3 c\u1ee7a s\u1ed5 tay h\u01b0\u1edbng d\u1eabn kh\u00f3 gi\u1ea3i th\u00edch, th\u00ec vi\u1ec7c gi\u1ea3i th\u00edch n\u00f3 th\u1eadm ch\u00ed c\u00f2n quan tr\u1ecdng h\u01a1n. S\u1eed d\u1ee5ng s\u01a1 \u0111\u1ed3 lu\u1ed3ng d\u1eef li\u1ec7u, tr\u1ea1ng th\u00e1i ho\u1eb7c th\u1ef1c th\u1ec3, t\u00f9y theo tr\u01b0\u1eddng h\u1ee3p.<\/p>\n<p>Li\u1ec7t k\u00ea c\u00e1c phi\u00ean b\u1ea3n Ansible m\u00e0 playbook t\u01b0\u01a1ng th\u00edch. Bao g\u1ed3m th\u00f4ng b\u00e1o v\u1ec1 gi\u1ea5y ph\u00e9p v\u00e0 b\u1ea3n quy\u1ec1n trong&nbsp;<code>README.md<\/code>. Xem l\u1ea1i&nbsp;<code>README.md<\/code>\u0111\u1ecbnh k\u1ef3 \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o n\u00f3 ph\u00f9 h\u1ee3p v\u1edbi tr\u1ea1ng th\u00e1i hi\u1ec7n t\u1ea1i c\u1ee7a playbook. K\u1ebft qu\u1ea3 l\u00e0 m\u1ed9t playbook d\u1ec5 s\u1eed d\u1ee5ng v\u00e0 b\u1ea3o tr\u00ec \u0111\u00fang c\u00e1ch h\u01a1n, \u0111\u1eb7c bi\u1ec7t l\u00e0 \u0111\u1ed1i v\u1edbi nh\u1eefng ng\u01b0\u1eddi kh\u00f4ng tham gia v\u00e0o qu\u00e1 tr\u00ecnh t\u1ea1o ban \u0111\u1ea7u.<\/p>\n<h3 id=\"use-of-vaults-for-sensitive-data\">S\u1eed d\u1ee5ng Vaults cho d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#use-of-vaults-for-sensitive-data\"><\/a><\/h3>\n<p>M\u00e3 h\u00f3a d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m, bao g\u1ed3m c\u00e1c bi\u1ebfn, c\u1ea5u h\u00ecnh, n\u1ed9i dung t\u00e1c v\u1ee5 v\u00e0 to\u00e0n b\u1ed9 t\u1ec7p. Tuy nhi\u00ean, kh\u00f4ng&nbsp;<em>m\u00e3<\/em>&nbsp;h\u00f3a th\u00f4ng tin kh\u00f4ng nh\u1ea1y c\u1ea3m. L\u01b0u tr\u1eef c\u00e1c bi\u1ebfn nh\u1ea1y c\u1ea3m trong&nbsp;<code>vars\/secrets.yml<\/code>v\u00e0 m\u00e3 h\u00f3a t\u1ec7p. Tham chi\u1ebfu c\u00e1c bi\u1ebfn \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a trong s\u1ed5 tay h\u01b0\u1edbng d\u1eabn n\u1ebfu c\u1ea7n.<\/p>\n<p>Ki\u1ec3m so\u00e1t quy\u1ec1n truy c\u1eadp v\u00e0o Vault b\u1eb1ng c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t nh\u01b0 quy\u1ec1n h\u1ec7 th\u1ed1ng t\u1ec7p. Ch\u1ec9 cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng \u0111\u01b0\u1ee3c \u1ee7y quy\u1ec1n gi\u1ea3i m\u00e3 d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m v\u00e0 ch\u1ec9 v\u1edbi kh\u00f3a gi\u1ea3i m\u00e3 ph\u00f9 h\u1ee3p. Ch\u1ecdn m\u1eadt kh\u1ea9u m\u1ea1nh v\u00e0 kh\u00f3a m\u00e3 h\u00f3a. Vi\u1ebft ch\u00ednh s\u00e1ch r\u00f5 r\u00e0ng cho l\u1ecbch tr\u00ecnh lu\u00e2n phi\u00ean v\u00e0 th\u1ef1c h\u00e0nh lu\u00e2n phi\u00ean \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o r\u1eb1ng n\u00f3 \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n \u0111\u00fang.<\/p>\n<p>M\u1eadt kh\u1ea9u&nbsp;<em>kh\u00f4ng<\/em>&nbsp;\u0111\u01b0\u1ee3c xu\u1ea5t hi\u1ec7n trong s\u1ed5 tay h\u01b0\u1edbng d\u1eabn. S\u1eed d\u1ee5ng tr\u00ecnh qu\u1ea3n l\u00fd th\u00f4ng tin x\u00e1c th\u1ef1c ho\u1eb7c \u00edt nh\u1ea5t l\u00e0 nh\u1eafc nh\u1edf cung c\u1ea5p m\u1eadt kh\u1ea9u c\u1ea7n thi\u1ebft khi ch\u1ea1y.<\/p>\n<h3 id=\"secure-communication\">Giao ti\u1ebfp an to\u00e0n<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#secure-communication\"><\/a><\/h3>\n<p>C\u00e1c d\u1ef1 \u00e1n Ansible th\u01b0\u1eddng giao ti\u1ebfp th\u00f4ng qua&nbsp;<code>ssh<\/code>, v\u00e0&nbsp;<code>ssh<\/code>c\u00e1c bi\u1ec7n ph\u00e1p th\u1ef1c h\u00e0nh t\u1ed1t nh\u1ea5t bao g\u1ed3m:<\/p>\n<ul>\n<li>Ch\u1ecdn kh\u00f3a m\u1ea1nh<\/li>\n<li>Ch\u1ecdn m\u1eadt m\u00e3 m\u1ea1nh<\/li>\n<li>C\u1ea5u h\u00ecnh an to\u00e0n<\/li>\n<li>Ch\u1ecdn x\u00e1c th\u1ef1c d\u1ef1a tr\u00ean kh\u00f3a thay v\u00ec x\u00e1c th\u1ef1c b\u1eb1ng m\u1eadt kh\u1ea9u<\/li>\n<li>Ph\u00e2n ph\u1ed1i kh\u00f3a m\u1ed9t c\u00e1ch an to\u00e0n<\/li>\n<li>Gi\u1ea3m thi\u1ec3u chuy\u1ec3n ti\u1ebfp \u0111\u1ea1i l\u00fd<\/li>\n<li>X\u00e1c \u0111\u1ecbnh c\u00e1c ch\u00ednh s\u00e1ch ph\u00f9 h\u1ee3p, bao g\u1ed3m gi\u1edbi h\u1ea1n s\u1ed1 l\u1ea7n \u0111\u0103ng nh\u1eadp kh\u00f4ng th\u00e0nh c\u00f4ng v\u00e0 th\u1eddi gian ch\u1edd kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng.<\/li>\n<li>H\u00e3y c\u00e2n nh\u1eafc vi\u1ec7c c\u1ea5u h\u00ecnh ki\u1ec3m so\u00e1t truy c\u1eadp, h\u1ea1n ch\u1ebf ph\u01b0\u01a1ng ph\u00e1p x\u00e1c th\u1ef1c v\u00e0 danh s\u00e1ch ng\u01b0\u1eddi d\u00f9ng \u0111\u01b0\u1ee3c ph\u00e9p th\u00f4ng qua&nbsp;<code>sshd_config<\/code>.<\/li>\n<\/ul>\n<p>C\u1ea5u h\u00ecnh Ansible \u0111\u1ec3 s\u1eed d\u1ee5ng SSL cho giao ti\u1ebfp gi\u1eefa c\u00e1c n\u00fat \u0111i\u1ec1u khi\u1ec3n v\u00e0 m\u00e1y ch\u1ee7 \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd. Ki\u1ec3m so\u00e1t quy\u1ec1n truy c\u1eadp v\u00e0o n\u00fat \u0111i\u1ec1u khi\u1ec3n b\u1eb1ng t\u01b0\u1eddng l\u1eeda v\u00e0 h\u1ea1n ch\u1ebf m\u1ea1ng. V\u00e1 c\u00e1c th\u00e0nh ph\u1ea7n Ansible th\u01b0\u1eddng xuy\u00ean v\u00e0 b\u1eadt x\u00e1c th\u1ef1c hai y\u1ebfu t\u1ed1 (2FA).<\/p>\n<p>N\u1ebfu d\u1ef1 \u00e1n c\u1ee7a b\u1ea1n s\u1eed d\u1ee5ng&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/api\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">Ansible API<\/a>&nbsp;, h\u00e3y c\u1ea5u h\u00ecnh giao ti\u1ebfp cho TLS. N\u1ebfu d\u1ef1 \u00e1n c\u1ee7a b\u1ea1n s\u1eed d\u1ee5ng&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/reference_appendices\/tower.html\" target=\"_blank\" rel=\"noreferrer noopener\">Ansible Tower<\/a>&nbsp;ho\u1eb7c&nbsp;<a href=\"https:\/\/www.ansible.com\/products\/awx-project\/faq\" target=\"_blank\" rel=\"noreferrer noopener\">AWX<\/a>&nbsp;, h\u00e3y c\u1ea5u h\u00ecnh HTTPS.<\/p>\n<h3 id=\"privilege-escalation-and-sudo\">T\u0103ng \u0111\u1eb7c quy\u1ec1n v\u00e0 Sudo<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#privilege-escalation-and-sudo\"><\/a><\/h3>\n<p><a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/playbook_guide\/playbooks_privilege_escalation.html\" target=\"_blank\" rel=\"noreferrer noopener\"><code>become<\/code>T\u00ecm hi\u1ec3u t\u00ednh n\u0103ng<\/a>&nbsp;c\u1ee7a Ansible&nbsp;, \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf ri\u00eang cho vi\u1ec7c leo thang \u0111\u1eb7c quy\u1ec1n an to\u00e0n. \u00c1p d\u1ee5ng&nbsp;<code>become<\/code>ch\u00ednh x\u00e1c, cho m\u1ed9t l\u1ea7n ch\u01a1i duy nh\u1ea5t t\u1ea1i m\u1ed9t th\u1eddi \u0111i\u1ec3m, thay v\u00ec cho to\u00e0n b\u1ed9 s\u1ed5 tay h\u01b0\u1edbng d\u1eabn. S\u1eed d\u1ee5ng&nbsp;<code>become_user<\/code>nh\u01b0 m\u1ed9t c\u00e1ch b\u1ed5 sung \u0111\u1ec3 t\u0103ng \u0111\u1ed9 ch\u00ednh x\u00e1c c\u1ee7a vi\u1ec7c leo thang. Nghi\u00ean c\u1ee9u&nbsp;<code>become_method<\/code>\u0111\u1ec3 hi\u1ec3u kh\u1ea3 n\u0103ng \u00e1p d\u1ee5ng c\u1ee7a c\u00e1c ph\u01b0\u01a1ng ph\u00e1p leo thang kh\u00e1c nhau. V\u00ed d\u1ee5, while&nbsp;<code>sudo<\/code>l\u00e0 m\u1eb7c \u0111\u1ecbnh, m\u00f4i tr\u01b0\u1eddng \u0111\u01b0\u1ee3c trang b\u1ecb PowerBroker c\u1ea7n \u01b0u ti\u00ean&nbsp;<code>pbrun<\/code>. Xem l\u1ea1i vi\u1ec7c s\u1eed d\u1ee5ng leo thang theo \u0111\u1ecbnh k\u1ef3.<\/p>\n<h2 id=\"conclusion\">Ph\u1ea7n k\u1ebft lu\u1eadn<a href=\"https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/#conclusion\"><\/a><\/h2>\n<p>L\u1ee3i \u00edch l\u1edbn nh\u1ea5t li\u00ean quan \u0111\u1ebfn c\u00e1c bi\u1ec7n ph\u00e1p th\u1ef1c h\u00e0nh t\u1ed1t nh\u1ea5t c\u1ee7a Ansible \u0111\u1ebfn t\u1eeb th\u00f3i quen th\u01b0\u1eddng ng\u00e0y, kh\u00f4ng mang t\u00ednh k\u1ef9 thu\u1eadt. \u0110i\u1ec1u n\u00e0y bao g\u1ed3m duy tr\u00ec ki\u1ec3m so\u00e1t phi\u00ean b\u1ea3n playbook v\u00e0 t\u00e0i li\u1ec7u ch\u00ednh x\u00e1c, t\u00e1ch bi\u1ec7t b\u00ed m\u1eadt kh\u1ecfi th\u00f4ng tin c\u00f4ng khai, vai tr\u00f2 kh\u1ecfi h\u00e0nh \u0111\u1ed9ng v\u00e0 m\u1ee5c ti\u00eau kh\u1ecfi tri\u1ec3n khai. C\u1eadp nh\u1eadt phi\u00ean b\u1ea3n Ansible c\u1ee7a b\u1ea1n th\u00f4ng qua&nbsp;<a href=\"https:\/\/stackify.com\/what-is-sdlc\/\" target=\"_blank\" rel=\"noreferrer noopener\">v\u00f2ng \u0111\u1eddi ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m (SDLC)<\/a>&nbsp;\u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh r\u00f5 r\u00e0ng v\u00e0 s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 nh\u01b0&nbsp;<a href=\"https:\/\/ansible.readthedocs.io\/projects\/lint\/\" target=\"_blank\" rel=\"noreferrer noopener\">Ansible Lint<\/a>&nbsp;m\u1ed9t c\u00e1ch ph\u00f9 h\u1ee3p. \u0110\u1ea3m b\u1ea3o r\u1eb1ng m\u1ecdi d\u00f2ng m\u00e3 \u0111\u1ec1u t\u1ed3n t\u1ea1i v\u00ec m\u1ed9t l\u00fd do n\u00e0o \u0111\u00f3.<\/p>\n<p>M\u1eb7c d\u00f9 nh\u1eefng th\u00f3i quen n\u00e0y kh\u00f4ng qu\u00e1 s\u00e2u s\u1eafc v\u1ec1 m\u1eb7t k\u1ef9 thu\u1eadt, nh\u01b0ng khi \u00e1p d\u1ee5ng ch\u00fang trong to\u00e0n b\u1ed9 nh\u00f3m c\u1ee7a b\u1ea1n, c\u00e1c bi\u1ec7n ph\u00e1p th\u1ef1c h\u00e0nh t\u1ed1t nh\u1ea5t c\u1ee7a Ansible s\u1ebd mang l\u1ea1i hi\u1ec7u qu\u1ea3.<\/p>\n<p>Ngu\u1ed3n: https:\/\/www.linode.com\/docs\/guides\/front-line-best-practices-ansible\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ansible&nbsp;l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 v\u00e0 n\u1ec1n t\u1ea3ng t\u1ef1 \u0111\u1ed9ng h\u00f3a ngu\u1ed3n m\u1edf quan tr\u1ecdng. N\u00f3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 qu\u1ea3n l\u00fd c\u1ea5u h\u00ecnh, tri\u1ec3n khai \u1ee9ng d\u1ee5ng, t\u1ef1 \u0111\u1ed9ng h\u00f3a t\u00e1c v\u1ee5 v\u00e0&nbsp;\u0111i\u1ec1u ph\u1ed1i&nbsp;c\u00e1c quy tr\u00ecnh l\u00e0m vi\u1ec7c ph\u1ee9c t\u1ea1p. Ansible \u0111\u00f3ng vai tr\u00f2 n\u1ed5i b\u1eadt trong DevOps. N\u00f3 cho ph\u00e9p c\u00e1c nh\u00e0 qu\u1ea3n tr\u1ecb<\/p>\n","protected":false},"author":1,"featured_media":35674,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129],"tags":[],"class_list":["post-34912","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ansible"],"_links":{"self":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts\/34912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/comments?post=34912"}],"version-history":[{"count":0,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts\/34912\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/media\/35674"}],"wp:attachment":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/media?parent=34912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/categories?post=34912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/tags?post=34912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}