Ebook Syafi
Koleksi
Admin
← Kembali ke Upgrade Kerjaya Dengan Homelab
Edit Bab
Tajuk Bab
Urutan
Jenis
Syarat & Amaran
Mukadimah
Bab/Chapter
Penutup
Kandungan HTML
<h1 id="bab-10-automasi-lanjutan-dan-cicd">Bab 10: Automasi Lanjutan dan CI/CD</h1> <p>Kalau anda dah sampai bab ni, tahniah — anda dah melepasi tahap beginner! Bab ini adalah untuk anda yang dah selesa dengan Ansible asas dan monitoring, dan nak naik satu level lagi.</p> <p>Kita akan belajar tentang CI/CD (Continuous Integration/Continuous Deployment), Ansible Roles yang lebih teratur, skrip penyelenggaraan automatik, dan cara buat dokumentasi yang generate sendiri. Ini bukan benda wajib untuk homelab, tapi percayalah — bila anda dah biasa, anda tak akan mahu balik ke cara lama.</p> <p><strong>Apa yang anda akan belajar:</strong></p> <ul> <li>Cara setup CI/CD dengan Gitea Actions dalam homelab</li> <li>Ansible Roles untuk pengurusan konfigurasi yang lebih kemas</li> <li>Skrip automasi penyelenggaraan mingguan</li> <li>Pemantauan lanjutan dengan Grafana</li> <li>Strategi pemberitahuan pintar supaya anda tak kena alert fatigue</li> </ul> <blockquote> <p><strong>Nota Beginner:</strong> Bab ini ialah upgrade kepada asas yang sudah stabil. Kalau anda masih baru dengan Docker atau Ansible, tak mengapa untuk tangguhkan bahagian ini dahulu. Balik bila anda dah selesa dengan bab-bab sebelumnya.</p> </blockquote> <h3 id="laluan-paling-mudah-untuk-beginner">Laluan Paling Mudah untuk Beginner</h3> <ul> <li>Bina satu Workflow deploy yang paling ringkas terlebih dahulu. Jangan terus buat pipeline 10 langkah.</li> <li>Pastikan proses manual anda stabil sebelum diubah menjadi CI/CD. Kalau buat manual pun masih gagal, automate pun akan gagal.</li> <li>Untuk beginner, objektif utama ialah <strong>kebolehulangan</strong> (repeatability), bukan pipeline yang canggih.</li> </ul> <h2 id="langkah-1-gitea-actions-cicd-dalam-homelab">Langkah 1: Gitea Actions — CI/CD dalam Homelab</h2> <p>Kalau anda pernah guna GitHub Actions, Gitea Actions akan terasa sangat familiar. Bezanya, semua berjalan dalam homelab anda sendiri. Tiada bergantung pada cloud, tiada limit minutes.</p> <p>Bayangkan: anda push code ke Gitea, dan secara automatik, code tu dibina, diuji, dan di-deploy ke server anda. Semua tanpa anda perlu SSH manual.</p> <figure><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 840 460" width="840" height="460"> <defs> <linearGradient id="cf-bg" x1="0%" y1="0%" x2="100%" y2="100%"> <stop offset="0%" style="stop-color:#f8fafc"/> <stop offset="100%" style="stop-color:#f0fdf4"/> </linearGradient> <filter id="cf-shadow"> <feDropShadow dx="0" dy="7" stdDeviation="9" flood-color="#0f172a" flood-opacity="0.12"/> </filter> </defs> <rect width="840" height="460" rx="18" fill="url(#cf-bg)"/> <text x="420" y="36" font-family="Arial, Helvetica, sans-serif" font-size="20" font-weight="bold" fill="#1e293b" text-anchor="middle">Aliran CI/CD dan Automasi Homelab</text> <text x="420" y="58" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#64748b" text-anchor="middle">Satu pipeline untuk deploy aplikasi, satu lagi untuk backup dan penyelenggaraan berkala</text> <g stroke="#94a3b8" stroke-width="3" stroke-linecap="round" fill="none"> <line x1="120" y1="155" x2="205" y2="155"/> <line x1="285" y1="155" x2="370" y2="155"/> <line x1="450" y1="155" x2="535" y2="155"/> <line x1="615" y1="155" x2="700" y2="155"/> <line x1="780" y1="155" x2="790" y2="155"/> <line x1="205" y1="320" x2="300" y2="320"/> <line x1="380" y1="320" x2="480" y2="320"/> <line x1="560" y1="320" x2="655" y2="320"/> <line x1="205" y1="180" x2="205" y2="290" stroke-dasharray="7,6"/> <line x1="700" y1="180" x2="700" y2="290" stroke-dasharray="7,6"/> </g> <g filter="url(#cf-shadow)"> <rect x="40" y="110" width="120" height="90" rx="16" fill="#2563eb"/> <text x="100" y="143" font-family="Arial, Helvetica, sans-serif" font-size="16" font-weight="bold" fill="#ffffff" text-anchor="middle">Developer</text> <text x="100" y="165" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#dbeafe" text-anchor="middle">Push ke branch</text> <text x="100" y="182" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#dbeafe" text-anchor="middle">`main`</text> </g> <g filter="url(#cf-shadow)"> <rect x="205" y="110" width="120" height="90" rx="16" fill="#0f766e"/> <text x="265" y="143" font-family="Arial, Helvetica, sans-serif" font-size="16" font-weight="bold" fill="#ffffff" text-anchor="middle">Gitea</text> <text x="265" y="165" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#ccfbf1" text-anchor="middle">Repo dan webhook</text> <text x="265" y="182" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#ccfbf1" text-anchor="middle">Actions trigger</text> </g> <g filter="url(#cf-shadow)"> <rect x="370" y="110" width="120" height="90" rx="16" fill="#7c3aed"/> <text x="430" y="143" font-family="Arial, Helvetica, sans-serif" font-size="16" font-weight="bold" fill="#ffffff" text-anchor="middle">Runner</text> <text x="430" y="165" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#ede9fe" text-anchor="middle">Build image</text> <text x="430" y="182" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#ede9fe" text-anchor="middle">Test dan lint</text> </g> <g filter="url(#cf-shadow)"> <rect x="535" y="110" width="120" height="90" rx="16" fill="#ea580c"/> <text x="595" y="143" font-family="Arial, Helvetica, sans-serif" font-size="16" font-weight="bold" fill="#ffffff" text-anchor="middle">Docker Host</text> <text x="595" y="165" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#ffedd5" text-anchor="middle">`docker compose up -d`</text> <text x="595" y="182" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#ffedd5" text-anchor="middle">Deploy aplikasi</text> </g> <g filter="url(#cf-shadow)"> <rect x="700" y="110" width="110" height="90" rx="16" fill="#334155"/> <text x="755" y="143" font-family="Arial, Helvetica, sans-serif" font-size="16" font-weight="bold" fill="#ffffff" text-anchor="middle">Ntfy + Grafana</text> <text x="755" y="165" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#cbd5e1" text-anchor="middle">Status deploy</text> <text x="755" y="182" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#cbd5e1" text-anchor="middle">Amaran dan anotasi</text> </g> <g filter="url(#cf-shadow)"> <rect x="205" y="280" width="120" height="82" rx="16" fill="#1d4ed8"/> <text x="265" y="310" font-family="Arial, Helvetica, sans-serif" font-size="15" font-weight="bold" fill="#ffffff" text-anchor="middle">Workflow Backup</text> <text x="265" y="330" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#dbeafe" text-anchor="middle">Jadual `cron` harian</text> <text x="265" y="347" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#dbeafe" text-anchor="middle">Dump DB + archive</text> </g> <g filter="url(#cf-shadow)"> <rect x="380" y="280" width="120" height="82" rx="16" fill="#059669"/> <text x="440" y="310" font-family="Arial, Helvetica, sans-serif" font-size="15" font-weight="bold" fill="#ffffff" text-anchor="middle">NAS / Backup</text> <text x="440" y="330" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#d1fae5" text-anchor="middle">rsync dan retention</text> <text x="440" y="347" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#d1fae5" text-anchor="middle">Repositori sandaran</text> </g> <g filter="url(#cf-shadow)"> <rect x="560" y="280" width="140" height="82" rx="16" fill="#a16207"/> <text x="630" y="310" font-family="Arial, Helvetica, sans-serif" font-size="15" font-weight="bold" fill="#ffffff" text-anchor="middle">Penyelenggaraan</text> <text x="630" y="330" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#fef3c7" text-anchor="middle">Update sistem, log,</text> <text x="630" y="347" font-family="Arial, Helvetica, sans-serif" font-size="11" fill="#fef3c7" text-anchor="middle">semak disk dan ZFS</text> </g> <text x="420" y="248" font-family="Arial, Helvetica, sans-serif" font-size="13" font-weight="bold" fill="#334155" text-anchor="middle">Laluan deploy berterusan</text> <text x="420" y="395" font-family="Arial, Helvetica, sans-serif" font-size="13" font-weight="bold" fill="#334155" text-anchor="middle">Laluan operasi berkala dan backup</text> </svg> <figcaption>Aliran CI/CD dan Automasi Homelab</figcaption></figure> <h3 id="menyediakan-gitea-runner">Menyediakan Gitea Runner</h3> <div class="sourceCode" id="cb1"><pre class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="co"># docker-compose.yml - Gitea dengan Runner</span></span> <span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a><span class="fu">services</span><span class="kw">:</span></span> <span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">gitea</span><span class="kw">:</span></span> <span id="cb1-4"><a href="#cb1-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">image</span><span class="kw">:</span><span class="at"> gitea/gitea:latest</span></span> <span id="cb1-5"><a href="#cb1-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">container_name</span><span class="kw">:</span><span class="at"> gitea</span></span> <span id="cb1-6"><a href="#cb1-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ports</span><span class="kw">:</span></span> <span id="cb1-7"><a href="#cb1-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="st">"3000:3000"</span></span> <span id="cb1-8"><a href="#cb1-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="st">"2222:22"</span></span> <span id="cb1-9"><a href="#cb1-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">environment</span><span class="kw">:</span></span> <span id="cb1-10"><a href="#cb1-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">USER_UID</span><span class="kw">:</span><span class="at"> </span><span class="dv">1000</span></span> <span id="cb1-11"><a href="#cb1-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">USER_GID</span><span class="kw">:</span><span class="at"> </span><span class="dv">1000</span></span> <span id="cb1-12"><a href="#cb1-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">GITEA__actions__ENABLED</span><span class="kw">:</span><span class="at"> </span><span class="st">"true"</span></span> <span id="cb1-13"><a href="#cb1-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">volumes</span><span class="kw">:</span></span> <span id="cb1-14"><a href="#cb1-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> ./gitea/data:/data</span></span> <span id="cb1-15"><a href="#cb1-15" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">restart</span><span class="kw">:</span><span class="at"> unless-stopped</span></span> <span id="cb1-16"><a href="#cb1-16" aria-hidden="true" tabindex="-1"></a></span> <span id="cb1-17"><a href="#cb1-17" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">gitea-runner</span><span class="kw">:</span></span> <span id="cb1-18"><a href="#cb1-18" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">image</span><span class="kw">:</span><span class="at"> gitea/act_runner:latest</span></span> <span id="cb1-19"><a href="#cb1-19" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">container_name</span><span class="kw">:</span><span class="at"> gitea-runner</span></span> <span id="cb1-20"><a href="#cb1-20" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">environment</span><span class="kw">:</span></span> <span id="cb1-21"><a href="#cb1-21" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">GITEA_INSTANCE_URL</span><span class="kw">:</span><span class="at"> </span><span class="st">"http://gitea:3000"</span></span> <span id="cb1-22"><a href="#cb1-22" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">GITEA_RUNNER_REGISTRATION_TOKEN</span><span class="kw">:</span><span class="at"> </span><span class="st">"token_pendaftaran_anda"</span></span> <span id="cb1-23"><a href="#cb1-23" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">GITEA_RUNNER_NAME</span><span class="kw">:</span><span class="at"> </span><span class="st">"homelab-runner"</span></span> <span id="cb1-24"><a href="#cb1-24" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">volumes</span><span class="kw">:</span></span> <span id="cb1-25"><a href="#cb1-25" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> /var/run/docker.sock:/var/run/docker.sock</span></span> <span id="cb1-26"><a href="#cb1-26" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> ./runner/data:/data</span></span> <span id="cb1-27"><a href="#cb1-27" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">depends_on</span><span class="kw">:</span></span> <span id="cb1-28"><a href="#cb1-28" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> gitea</span></span> <span id="cb1-29"><a href="#cb1-29" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">restart</span><span class="kw">:</span><span class="at"> unless-stopped</span></span></code></pre></div> <h3 id="contoh-workflow-deploy-automatik">Contoh Workflow — Deploy Automatik</h3> <p>Ini contoh workflow yang paling asas. Bila anda push ke branch <code>main</code>, ia akan build Docker image dan deploy:</p> <div class="sourceCode" id="cb2"><pre class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="co"># .gitea/workflows/deploy.yml</span></span> <span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a><span class="fu">name</span><span class="kw">:</span><span class="at"> Deploy ke Homelab</span></span> <span id="cb2-3"><a href="#cb2-3" aria-hidden="true" tabindex="-1"></a><span class="fu">on</span><span class="kw">:</span></span> <span id="cb2-4"><a href="#cb2-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">push</span><span class="kw">:</span></span> <span id="cb2-5"><a href="#cb2-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">branches</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">main</span><span class="kw">]</span></span> <span id="cb2-6"><a href="#cb2-6" aria-hidden="true" tabindex="-1"></a></span> <span id="cb2-7"><a href="#cb2-7" aria-hidden="true" tabindex="-1"></a><span class="fu">jobs</span><span class="kw">:</span></span> <span id="cb2-8"><a href="#cb2-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">deploy</span><span class="kw">:</span></span> <span id="cb2-9"><a href="#cb2-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">runs-on</span><span class="kw">:</span><span class="at"> ubuntu-latest</span></span> <span id="cb2-10"><a href="#cb2-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">steps</span><span class="kw">:</span></span> <span id="cb2-11"><a href="#cb2-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Checkout kod</span></span> <span id="cb2-12"><a href="#cb2-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">uses</span><span class="kw">:</span><span class="at"> actions/checkout@v4</span></span> <span id="cb2-13"><a href="#cb2-13" aria-hidden="true" tabindex="-1"></a></span> <span id="cb2-14"><a href="#cb2-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Bina imej Docker</span></span> <span id="cb2-15"><a href="#cb2-15" aria-hidden="true" tabindex="-1"></a><span class="fu"> run</span><span class="kw">: </span><span class="ch">|</span></span> <span id="cb2-16"><a href="#cb2-16" aria-hidden="true" tabindex="-1"></a> docker build -t app:latest .</span> <span id="cb2-17"><a href="#cb2-17" aria-hidden="true" tabindex="-1"></a></span> <span id="cb2-18"><a href="#cb2-18" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Deploy ke pelayan</span></span> <span id="cb2-19"><a href="#cb2-19" aria-hidden="true" tabindex="-1"></a><span class="fu"> run</span><span class="kw">: </span><span class="ch">|</span></span> <span id="cb2-20"><a href="#cb2-20" aria-hidden="true" tabindex="-1"></a> docker compose -f docker-compose.prod.yml up -d</span> <span id="cb2-21"><a href="#cb2-21" aria-hidden="true" tabindex="-1"></a></span> <span id="cb2-22"><a href="#cb2-22" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Pemberitahuan</span></span> <span id="cb2-23"><a href="#cb2-23" aria-hidden="true" tabindex="-1"></a><span class="fu"> run</span><span class="kw">: </span><span class="ch">|</span></span> <span id="cb2-24"><a href="#cb2-24" aria-hidden="true" tabindex="-1"></a> curl -d "Deploy berjaya: ${{ github.sha }}" \</span> <span id="cb2-25"><a href="#cb2-25" aria-hidden="true" tabindex="-1"></a> http://ntfy.lab.local/deployments</span></code></pre></div> <blockquote> <p><strong>Nota Beginner:</strong> Perhatikan step terakhir — ia hantar notification bila deploy berjaya. Ini amalan yang baik supaya anda sentiasa tahu apa yang berlaku dalam homelab.</p> </blockquote> <h3 id="workflow-backup-automatik">Workflow Backup Automatik</h3> <p>Ini contoh workflow yang lebih praktikal — backup harian yang berjalan secara automatik:</p> <div class="sourceCode" id="cb3"><pre class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="co"># .gitea/workflows/backup.yml</span></span> <span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="fu">name</span><span class="kw">:</span><span class="at"> Backup Harian</span></span> <span id="cb3-3"><a href="#cb3-3" aria-hidden="true" tabindex="-1"></a><span class="fu">on</span><span class="kw">:</span></span> <span id="cb3-4"><a href="#cb3-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">schedule</span><span class="kw">:</span></span> <span id="cb3-5"><a href="#cb3-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">cron</span><span class="kw">:</span><span class="at"> </span><span class="st">'0 3 * * *'</span><span class="co"> # Setiap hari jam 3 pagi</span></span> <span id="cb3-6"><a href="#cb3-6" aria-hidden="true" tabindex="-1"></a></span> <span id="cb3-7"><a href="#cb3-7" aria-hidden="true" tabindex="-1"></a><span class="fu">jobs</span><span class="kw">:</span></span> <span id="cb3-8"><a href="#cb3-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">backup</span><span class="kw">:</span></span> <span id="cb3-9"><a href="#cb3-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">runs-on</span><span class="kw">:</span><span class="at"> ubuntu-latest</span></span> <span id="cb3-10"><a href="#cb3-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">steps</span><span class="kw">:</span></span> <span id="cb3-11"><a href="#cb3-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Backup pangkalan data</span></span> <span id="cb3-12"><a href="#cb3-12" aria-hidden="true" tabindex="-1"></a><span class="fu"> run</span><span class="kw">: </span><span class="ch">|</span></span> <span id="cb3-13"><a href="#cb3-13" aria-hidden="true" tabindex="-1"></a> docker exec nextcloud-db mysqldump \</span> <span id="cb3-14"><a href="#cb3-14" aria-hidden="true" tabindex="-1"></a> -u root -p$DB_ROOT_PASS nextcloud \</span> <span id="cb3-15"><a href="#cb3-15" aria-hidden="true" tabindex="-1"></a> > /backup/nextcloud-db-$(date +%Y%m%d).sql</span> <span id="cb3-16"><a href="#cb3-16" aria-hidden="true" tabindex="-1"></a></span> <span id="cb3-17"><a href="#cb3-17" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Backup konfigurasi Docker</span></span> <span id="cb3-18"><a href="#cb3-18" aria-hidden="true" tabindex="-1"></a><span class="fu"> run</span><span class="kw">: </span><span class="ch">|</span></span> <span id="cb3-19"><a href="#cb3-19" aria-hidden="true" tabindex="-1"></a> tar czf /backup/docker-config-$(date +%Y%m%d).tar.gz \</span> <span id="cb3-20"><a href="#cb3-20" aria-hidden="true" tabindex="-1"></a> /opt/docker/</span> <span id="cb3-21"><a href="#cb3-21" aria-hidden="true" tabindex="-1"></a></span> <span id="cb3-22"><a href="#cb3-22" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Muat naik ke NAS</span></span> <span id="cb3-23"><a href="#cb3-23" aria-hidden="true" tabindex="-1"></a><span class="fu"> run</span><span class="kw">: </span><span class="ch">|</span></span> <span id="cb3-24"><a href="#cb3-24" aria-hidden="true" tabindex="-1"></a> rsync -av /backup/ nas:/mnt/pool/backups/gitea-runner/</span> <span id="cb3-25"><a href="#cb3-25" aria-hidden="true" tabindex="-1"></a></span> <span id="cb3-26"><a href="#cb3-26" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Bersihkan backup lama</span></span> <span id="cb3-27"><a href="#cb3-27" aria-hidden="true" tabindex="-1"></a><span class="fu"> run</span><span class="kw">: </span><span class="ch">|</span></span> <span id="cb3-28"><a href="#cb3-28" aria-hidden="true" tabindex="-1"></a> find /backup/ -name "*.sql" -mtime +7 -delete</span> <span id="cb3-29"><a href="#cb3-29" aria-hidden="true" tabindex="-1"></a> find /backup/ -name "*.tar.gz" -mtime +7 -delete</span></code></pre></div> <h2 id="langkah-2-ansible-roles-lanjutan">Langkah 2: Ansible Roles Lanjutan</h2> <p>Dalam bab sebelumnya, kita guna playbook biasa. Sekarang, kita naik taraf ke <strong>Roles</strong> — cara yang lebih teratur untuk susun Ansible code. Macam susun baju dalam almari berbanding campak semua dalam satu laci.</p> <h3 id="struktur-role">Struktur Role</h3> <pre><code>roles/ ├── common/ │ ├── tasks/ │ │ └── main.yml │ ├── handlers/ │ │ └── main.yml │ ├── templates/ │ │ └── sshd_config.j2 │ └── defaults/ │ └── main.yml ├── docker/ │ ├── tasks/ │ │ └── main.yml │ ├── handlers/ │ │ └── main.yml │ └── templates/ │ └── daemon.json.j2 └── monitoring/ ├── tasks/ │ └── main.yml └── templates/ └── prometheus.yml.j2</code></pre> <h3 id="role-docker">Role: Docker</h3> <p>Ini contoh role untuk install dan configure Docker. Tulis sekali, guna untuk semua server:</p> <div class="sourceCode" id="cb5"><pre class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true" tabindex="-1"></a><span class="co"># roles/docker/tasks/main.yml</span></span> <span id="cb5-2"><a href="#cb5-2" aria-hidden="true" tabindex="-1"></a><span class="pp">---</span></span> <span id="cb5-3"><a href="#cb5-3" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Pasang kebergantungan Docker</span></span> <span id="cb5-4"><a href="#cb5-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">apt</span><span class="kw">:</span></span> <span id="cb5-5"><a href="#cb5-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span></span> <span id="cb5-6"><a href="#cb5-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> ca-certificates</span></span> <span id="cb5-7"><a href="#cb5-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> curl</span></span> <span id="cb5-8"><a href="#cb5-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> gnupg</span></span> <span id="cb5-9"><a href="#cb5-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">state</span><span class="kw">:</span><span class="at"> present</span></span> <span id="cb5-10"><a href="#cb5-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">update_cache</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span> <span id="cb5-11"><a href="#cb5-11" aria-hidden="true" tabindex="-1"></a></span> <span id="cb5-12"><a href="#cb5-12" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Tambah kunci GPG Docker</span></span> <span id="cb5-13"><a href="#cb5-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">apt_key</span><span class="kw">:</span></span> <span id="cb5-14"><a href="#cb5-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">url</span><span class="kw">:</span><span class="at"> https://download.docker.com/linux/ubuntu/gpg</span></span> <span id="cb5-15"><a href="#cb5-15" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">state</span><span class="kw">:</span><span class="at"> present</span></span> <span id="cb5-16"><a href="#cb5-16" aria-hidden="true" tabindex="-1"></a></span> <span id="cb5-17"><a href="#cb5-17" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Tambah repositori Docker</span></span> <span id="cb5-18"><a href="#cb5-18" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">apt_repository</span><span class="kw">:</span></span> <span id="cb5-19"><a href="#cb5-19" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">repo</span><span class="kw">:</span><span class="at"> </span><span class="st">"deb https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"</span></span> <span id="cb5-20"><a href="#cb5-20" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">state</span><span class="kw">:</span><span class="at"> present</span></span> <span id="cb5-21"><a href="#cb5-21" aria-hidden="true" tabindex="-1"></a></span> <span id="cb5-22"><a href="#cb5-22" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Pasang Docker</span></span> <span id="cb5-23"><a href="#cb5-23" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">apt</span><span class="kw">:</span></span> <span id="cb5-24"><a href="#cb5-24" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span></span> <span id="cb5-25"><a href="#cb5-25" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> docker-ce</span></span> <span id="cb5-26"><a href="#cb5-26" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> docker-ce-cli</span></span> <span id="cb5-27"><a href="#cb5-27" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> containerd.io</span></span> <span id="cb5-28"><a href="#cb5-28" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> docker-compose-plugin</span></span> <span id="cb5-29"><a href="#cb5-29" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">state</span><span class="kw">:</span><span class="at"> present</span></span> <span id="cb5-30"><a href="#cb5-30" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">update_cache</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span> <span id="cb5-31"><a href="#cb5-31" aria-hidden="true" tabindex="-1"></a></span> <span id="cb5-32"><a href="#cb5-32" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Tambah pengguna ke kumpulan docker</span></span> <span id="cb5-33"><a href="#cb5-33" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">user</span><span class="kw">:</span></span> <span id="cb5-34"><a href="#cb5-34" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> </span><span class="st">"{{ ansible_user }}"</span></span> <span id="cb5-35"><a href="#cb5-35" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">groups</span><span class="kw">:</span><span class="at"> docker</span></span> <span id="cb5-36"><a href="#cb5-36" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">append</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span> <span id="cb5-37"><a href="#cb5-37" aria-hidden="true" tabindex="-1"></a></span> <span id="cb5-38"><a href="#cb5-38" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Konfigurasi Docker daemon</span></span> <span id="cb5-39"><a href="#cb5-39" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">template</span><span class="kw">:</span></span> <span id="cb5-40"><a href="#cb5-40" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">src</span><span class="kw">:</span><span class="at"> daemon.json.j2</span></span> <span id="cb5-41"><a href="#cb5-41" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dest</span><span class="kw">:</span><span class="at"> /etc/docker/daemon.json</span></span> <span id="cb5-42"><a href="#cb5-42" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">notify</span><span class="kw">:</span><span class="at"> restart docker</span></span> <span id="cb5-43"><a href="#cb5-43" aria-hidden="true" tabindex="-1"></a></span> <span id="cb5-44"><a href="#cb5-44" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Pastikan Docker berjalan</span></span> <span id="cb5-45"><a href="#cb5-45" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">service</span><span class="kw">:</span></span> <span id="cb5-46"><a href="#cb5-46" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> docker</span></span> <span id="cb5-47"><a href="#cb5-47" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">state</span><span class="kw">:</span><span class="at"> started</span></span> <span id="cb5-48"><a href="#cb5-48" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">enabled</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span></code></pre></div> <div class="sourceCode" id="cb6"><pre class="sourceCode json"><code class="sourceCode json"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true" tabindex="-1"></a><span class="er">//</span> <span class="er">roles/docker/templates/daemon.json.j2</span></span> <span id="cb6-2"><a href="#cb6-2" aria-hidden="true" tabindex="-1"></a><span class="fu">{</span></span> <span id="cb6-3"><a href="#cb6-3" aria-hidden="true" tabindex="-1"></a> <span class="dt">"log-driver"</span><span class="fu">:</span> <span class="st">"json-file"</span><span class="fu">,</span></span> <span id="cb6-4"><a href="#cb6-4" aria-hidden="true" tabindex="-1"></a> <span class="dt">"log-opts"</span><span class="fu">:</span> <span class="fu">{</span></span> <span id="cb6-5"><a href="#cb6-5" aria-hidden="true" tabindex="-1"></a> <span class="dt">"max-size"</span><span class="fu">:</span> <span class="st">"10m"</span><span class="fu">,</span></span> <span id="cb6-6"><a href="#cb6-6" aria-hidden="true" tabindex="-1"></a> <span class="dt">"max-file"</span><span class="fu">:</span> <span class="st">"3"</span></span> <span id="cb6-7"><a href="#cb6-7" aria-hidden="true" tabindex="-1"></a> <span class="fu">},</span></span> <span id="cb6-8"><a href="#cb6-8" aria-hidden="true" tabindex="-1"></a> <span class="dt">"default-address-pools"</span><span class="fu">:</span> <span class="ot">[</span></span> <span id="cb6-9"><a href="#cb6-9" aria-hidden="true" tabindex="-1"></a> <span class="fu">{</span></span> <span id="cb6-10"><a href="#cb6-10" aria-hidden="true" tabindex="-1"></a> <span class="dt">"base"</span><span class="fu">:</span> <span class="st">"172.17.0.0/12"</span><span class="fu">,</span></span> <span id="cb6-11"><a href="#cb6-11" aria-hidden="true" tabindex="-1"></a> <span class="dt">"size"</span><span class="fu">:</span> <span class="dv">24</span></span> <span id="cb6-12"><a href="#cb6-12" aria-hidden="true" tabindex="-1"></a> <span class="fu">}</span></span> <span id="cb6-13"><a href="#cb6-13" aria-hidden="true" tabindex="-1"></a> <span class="ot">]</span><span class="fu">,</span></span> <span id="cb6-14"><a href="#cb6-14" aria-hidden="true" tabindex="-1"></a> <span class="dt">"storage-driver"</span><span class="fu">:</span> <span class="st">"overlay2"</span><span class="fu">,</span></span> <span id="cb6-15"><a href="#cb6-15" aria-hidden="true" tabindex="-1"></a> <span class="dt">"live-restore"</span><span class="fu">:</span> <span class="kw">true</span></span> <span id="cb6-16"><a href="#cb6-16" aria-hidden="true" tabindex="-1"></a><span class="fu">}</span></span></code></pre></div> <div class="sourceCode" id="cb7"><pre class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="co"># roles/docker/handlers/main.yml</span></span> <span id="cb7-2"><a href="#cb7-2" aria-hidden="true" tabindex="-1"></a><span class="pp">---</span></span> <span id="cb7-3"><a href="#cb7-3" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> restart docker</span></span> <span id="cb7-4"><a href="#cb7-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">service</span><span class="kw">:</span></span> <span id="cb7-5"><a href="#cb7-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> docker</span></span> <span id="cb7-6"><a href="#cb7-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">state</span><span class="kw">:</span><span class="at"> restarted</span></span></code></pre></div> <blockquote> <p><strong>Nota Beginner:</strong> Perhatikan <code>notify: restart docker</code> dalam task konfigurasi. Ini bermakna Docker hanya akan restart kalau config memang berubah. Kalau config sama, ia tak restart — jimat downtime.</p> </blockquote> <h3 id="role-monitoring-node-exporter">Role: Monitoring (Node Exporter)</h3> <div class="sourceCode" id="cb8"><pre class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb8-1"><a href="#cb8-1" aria-hidden="true" tabindex="-1"></a><span class="co"># roles/monitoring/tasks/main.yml</span></span> <span id="cb8-2"><a href="#cb8-2" aria-hidden="true" tabindex="-1"></a><span class="pp">---</span></span> <span id="cb8-3"><a href="#cb8-3" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Cipta pengguna node_exporter</span></span> <span id="cb8-4"><a href="#cb8-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">user</span><span class="kw">:</span></span> <span id="cb8-5"><a href="#cb8-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> node_exporter</span></span> <span id="cb8-6"><a href="#cb8-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">shell</span><span class="kw">:</span><span class="at"> /bin/false</span></span> <span id="cb8-7"><a href="#cb8-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">system</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span> <span id="cb8-8"><a href="#cb8-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">create_home</span><span class="kw">:</span><span class="at"> </span><span class="ch">no</span></span> <span id="cb8-9"><a href="#cb8-9" aria-hidden="true" tabindex="-1"></a></span> <span id="cb8-10"><a href="#cb8-10" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Muat turun Node Exporter</span></span> <span id="cb8-11"><a href="#cb8-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">get_url</span><span class="kw">:</span></span> <span id="cb8-12"><a href="#cb8-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">url</span><span class="kw">:</span><span class="at"> </span><span class="st">"https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-amd64.tar.gz"</span></span> <span id="cb8-13"><a href="#cb8-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dest</span><span class="kw">:</span><span class="at"> /tmp/node_exporter.tar.gz</span></span> <span id="cb8-14"><a href="#cb8-14" aria-hidden="true" tabindex="-1"></a></span> <span id="cb8-15"><a href="#cb8-15" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Ekstrak Node Exporter</span></span> <span id="cb8-16"><a href="#cb8-16" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">unarchive</span><span class="kw">:</span></span> <span id="cb8-17"><a href="#cb8-17" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">src</span><span class="kw">:</span><span class="at"> /tmp/node_exporter.tar.gz</span></span> <span id="cb8-18"><a href="#cb8-18" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dest</span><span class="kw">:</span><span class="at"> /usr/local/bin/</span></span> <span id="cb8-19"><a href="#cb8-19" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">remote_src</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span> <span id="cb8-20"><a href="#cb8-20" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">extra_opts</span><span class="kw">:</span></span> <span id="cb8-21"><a href="#cb8-21" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> --strip-components=1</span></span> <span id="cb8-22"><a href="#cb8-22" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> --wildcards</span></span> <span id="cb8-23"><a href="#cb8-23" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="st">"*/node_exporter"</span></span> <span id="cb8-24"><a href="#cb8-24" aria-hidden="true" tabindex="-1"></a></span> <span id="cb8-25"><a href="#cb8-25" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Cipta perkhidmatan systemd</span></span> <span id="cb8-26"><a href="#cb8-26" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">copy</span><span class="kw">:</span></span> <span id="cb8-27"><a href="#cb8-27" aria-hidden="true" tabindex="-1"></a><span class="fu"> content</span><span class="kw">: </span><span class="ch">|</span></span> <span id="cb8-28"><a href="#cb8-28" aria-hidden="true" tabindex="-1"></a> [Unit]</span> <span id="cb8-29"><a href="#cb8-29" aria-hidden="true" tabindex="-1"></a> Description=Node Exporter</span> <span id="cb8-30"><a href="#cb8-30" aria-hidden="true" tabindex="-1"></a> After=network.target</span> <span id="cb8-31"><a href="#cb8-31" aria-hidden="true" tabindex="-1"></a></span> <span id="cb8-32"><a href="#cb8-32" aria-hidden="true" tabindex="-1"></a> [Service]</span> <span id="cb8-33"><a href="#cb8-33" aria-hidden="true" tabindex="-1"></a> User=node_exporter</span> <span id="cb8-34"><a href="#cb8-34" aria-hidden="true" tabindex="-1"></a> ExecStart=/usr/local/bin/node_exporter</span> <span id="cb8-35"><a href="#cb8-35" aria-hidden="true" tabindex="-1"></a> Restart=always</span> <span id="cb8-36"><a href="#cb8-36" aria-hidden="true" tabindex="-1"></a></span> <span id="cb8-37"><a href="#cb8-37" aria-hidden="true" tabindex="-1"></a> [Install]</span> <span id="cb8-38"><a href="#cb8-38" aria-hidden="true" tabindex="-1"></a> WantedBy=multi-user.target</span> <span id="cb8-39"><a href="#cb8-39" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dest</span><span class="kw">:</span><span class="at"> /etc/systemd/system/node_exporter.service</span></span> <span id="cb8-40"><a href="#cb8-40" aria-hidden="true" tabindex="-1"></a></span> <span id="cb8-41"><a href="#cb8-41" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Aktifkan dan mulakan Node Exporter</span></span> <span id="cb8-42"><a href="#cb8-42" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">systemd</span><span class="kw">:</span></span> <span id="cb8-43"><a href="#cb8-43" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> node_exporter</span></span> <span id="cb8-44"><a href="#cb8-44" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">state</span><span class="kw">:</span><span class="at"> started</span></span> <span id="cb8-45"><a href="#cb8-45" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">enabled</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span> <span id="cb8-46"><a href="#cb8-46" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">daemon_reload</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span></code></pre></div> <h3 id="playbook-utama">Playbook Utama</h3> <p>Semua role digabungkan dalam satu playbook utama. Satu command, semua server dikonfigurasikan:</p> <div class="sourceCode" id="cb9"><pre class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb9-1"><a href="#cb9-1" aria-hidden="true" tabindex="-1"></a><span class="co"># playbooks/site.yml - Playbook utama</span></span> <span id="cb9-2"><a href="#cb9-2" aria-hidden="true" tabindex="-1"></a><span class="pp">---</span></span> <span id="cb9-3"><a href="#cb9-3" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Konfigurasi semua pelayan</span></span> <span id="cb9-4"><a href="#cb9-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">hosts</span><span class="kw">:</span><span class="at"> all</span></span> <span id="cb9-5"><a href="#cb9-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">become</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span> <span id="cb9-6"><a href="#cb9-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">roles</span><span class="kw">:</span></span> <span id="cb9-7"><a href="#cb9-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> common</span></span> <span id="cb9-8"><a href="#cb9-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> monitoring</span></span> <span id="cb9-9"><a href="#cb9-9" aria-hidden="true" tabindex="-1"></a></span> <span id="cb9-10"><a href="#cb9-10" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Konfigurasi host Docker</span></span> <span id="cb9-11"><a href="#cb9-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">hosts</span><span class="kw">:</span><span class="at"> docker_hosts</span></span> <span id="cb9-12"><a href="#cb9-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">become</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span> <span id="cb9-13"><a href="#cb9-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">roles</span><span class="kw">:</span></span> <span id="cb9-14"><a href="#cb9-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> docker</span></span> <span id="cb9-15"><a href="#cb9-15" aria-hidden="true" tabindex="-1"></a></span> <span id="cb9-16"><a href="#cb9-16" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Deploy stack Docker</span></span> <span id="cb9-17"><a href="#cb9-17" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">hosts</span><span class="kw">:</span><span class="at"> docker_hosts</span></span> <span id="cb9-18"><a href="#cb9-18" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">become</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span> <span id="cb9-19"><a href="#cb9-19" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tasks</span><span class="kw">:</span></span> <span id="cb9-20"><a href="#cb9-20" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Salin docker-compose.yml</span></span> <span id="cb9-21"><a href="#cb9-21" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">copy</span><span class="kw">:</span></span> <span id="cb9-22"><a href="#cb9-22" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">src</span><span class="kw">:</span><span class="at"> ../docker/docker-compose.yml</span></span> <span id="cb9-23"><a href="#cb9-23" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dest</span><span class="kw">:</span><span class="at"> /opt/docker/docker-compose.yml</span></span> <span id="cb9-24"><a href="#cb9-24" aria-hidden="true" tabindex="-1"></a></span> <span id="cb9-25"><a href="#cb9-25" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Salin fail .env</span></span> <span id="cb9-26"><a href="#cb9-26" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">template</span><span class="kw">:</span></span> <span id="cb9-27"><a href="#cb9-27" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">src</span><span class="kw">:</span><span class="at"> ../docker/.env.j2</span></span> <span id="cb9-28"><a href="#cb9-28" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dest</span><span class="kw">:</span><span class="at"> /opt/docker/.env</span></span> <span id="cb9-29"><a href="#cb9-29" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mode</span><span class="kw">:</span><span class="at"> </span><span class="st">'0600'</span></span> <span id="cb9-30"><a href="#cb9-30" aria-hidden="true" tabindex="-1"></a></span> <span id="cb9-31"><a href="#cb9-31" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> Mulakan stack Docker</span></span> <span id="cb9-32"><a href="#cb9-32" aria-hidden="true" tabindex="-1"></a><span class="fu"> shell</span><span class="kw">: </span><span class="ch">|</span></span> <span id="cb9-33"><a href="#cb9-33" aria-hidden="true" tabindex="-1"></a> cd /opt/docker && docker compose pull && docker compose up -d</span></code></pre></div> <h2 id="langkah-3-automasi-penyelenggaraan">Langkah 3: Automasi Penyelenggaraan</h2> <h3 id="skrip-penyelenggaraan-mingguan">Skrip Penyelenggaraan Mingguan</h3> <p>Ini skrip “all-in-one” yang saya jalankan setiap minggu. Ia update sistem, bersihkan Docker, check disk health, dan hantar laporan. Set and forget:</p> <div class="sourceCode" id="cb10"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb10-1"><a href="#cb10-1" aria-hidden="true" tabindex="-1"></a><span class="co">#!/bin/bash</span></span> <span id="cb10-2"><a href="#cb10-2" aria-hidden="true" tabindex="-1"></a><span class="co"># /usr/local/bin/weekly-maintenance.sh</span></span> <span id="cb10-3"><a href="#cb10-3" aria-hidden="true" tabindex="-1"></a><span class="co"># Jalankan setiap Ahad jam 4 pagi</span></span> <span id="cb10-4"><a href="#cb10-4" aria-hidden="true" tabindex="-1"></a></span> <span id="cb10-5"><a href="#cb10-5" aria-hidden="true" tabindex="-1"></a><span class="va">LOG</span><span class="op">=</span><span class="st">"/var/log/maintenance.log"</span></span> <span id="cb10-6"><a href="#cb10-6" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"=== Penyelenggaraan Mingguan: </span><span class="va">$(</span><span class="fu">date</span><span class="va">)</span><span class="st"> ==="</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span></span> <span id="cb10-7"><a href="#cb10-7" aria-hidden="true" tabindex="-1"></a></span> <span id="cb10-8"><a href="#cb10-8" aria-hidden="true" tabindex="-1"></a><span class="co"># 1. Kemas kini sistem</span></span> <span id="cb10-9"><a href="#cb10-9" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"Mengemas kini sistem..."</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span></span> <span id="cb10-10"><a href="#cb10-10" aria-hidden="true" tabindex="-1"></a><span class="ex">apt</span> update <span class="kw">&&</span> <span class="ex">apt</span> upgrade <span class="at">-y</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span> <span class="dv">2</span><span class="op">>&</span><span class="dv">1</span></span> <span id="cb10-11"><a href="#cb10-11" aria-hidden="true" tabindex="-1"></a></span> <span id="cb10-12"><a href="#cb10-12" aria-hidden="true" tabindex="-1"></a><span class="co"># 2. Kemas kini kontena Docker</span></span> <span id="cb10-13"><a href="#cb10-13" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"Mengemas kini kontena Docker..."</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span></span> <span id="cb10-14"><a href="#cb10-14" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> /opt/docker</span> <span id="cb10-15"><a href="#cb10-15" aria-hidden="true" tabindex="-1"></a><span class="ex">docker</span> compose pull <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span> <span class="dv">2</span><span class="op">>&</span><span class="dv">1</span></span> <span id="cb10-16"><a href="#cb10-16" aria-hidden="true" tabindex="-1"></a><span class="ex">docker</span> compose up <span class="at">-d</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span> <span class="dv">2</span><span class="op">>&</span><span class="dv">1</span></span> <span id="cb10-17"><a href="#cb10-17" aria-hidden="true" tabindex="-1"></a></span> <span id="cb10-18"><a href="#cb10-18" aria-hidden="true" tabindex="-1"></a><span class="co"># 3. Bersihkan Docker</span></span> <span id="cb10-19"><a href="#cb10-19" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"Membersihkan Docker..."</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span></span> <span id="cb10-20"><a href="#cb10-20" aria-hidden="true" tabindex="-1"></a><span class="ex">docker</span> system prune <span class="at">-af</span> <span class="at">--volumes</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span> <span class="dv">2</span><span class="op">>&</span><span class="dv">1</span></span> <span id="cb10-21"><a href="#cb10-21" aria-hidden="true" tabindex="-1"></a></span> <span id="cb10-22"><a href="#cb10-22" aria-hidden="true" tabindex="-1"></a><span class="co"># 4. Bersihkan log lama</span></span> <span id="cb10-23"><a href="#cb10-23" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"Membersihkan log..."</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span></span> <span id="cb10-24"><a href="#cb10-24" aria-hidden="true" tabindex="-1"></a><span class="ex">journalctl</span> <span class="at">--vacuum-time</span><span class="op">=</span>30d <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span> <span class="dv">2</span><span class="op">>&</span><span class="dv">1</span></span> <span id="cb10-25"><a href="#cb10-25" aria-hidden="true" tabindex="-1"></a><span class="fu">find</span> /var/log <span class="at">-name</span> <span class="st">"*.gz"</span> <span class="at">-mtime</span> +30 <span class="at">-delete</span></span> <span id="cb10-26"><a href="#cb10-26" aria-hidden="true" tabindex="-1"></a></span> <span id="cb10-27"><a href="#cb10-27" aria-hidden="true" tabindex="-1"></a><span class="co"># 5. Periksa kesihatan cakera</span></span> <span id="cb10-28"><a href="#cb10-28" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"Memeriksa kesihatan cakera..."</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span></span> <span id="cb10-29"><a href="#cb10-29" aria-hidden="true" tabindex="-1"></a><span class="cf">for</span> disk <span class="kw">in</span> /dev/sd<span class="pp">?</span><span class="kw">;</span> <span class="cf">do</span></span> <span id="cb10-30"><a href="#cb10-30" aria-hidden="true" tabindex="-1"></a> <span class="ex">smartctl</span> <span class="at">-H</span> <span class="st">"</span><span class="va">$disk</span><span class="st">"</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span> <span class="dv">2</span><span class="op">>&</span><span class="dv">1</span></span> <span id="cb10-31"><a href="#cb10-31" aria-hidden="true" tabindex="-1"></a><span class="cf">done</span></span> <span id="cb10-32"><a href="#cb10-32" aria-hidden="true" tabindex="-1"></a></span> <span id="cb10-33"><a href="#cb10-33" aria-hidden="true" tabindex="-1"></a><span class="co"># 6. Periksa penggunaan storan</span></span> <span id="cb10-34"><a href="#cb10-34" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"Penggunaan storan:"</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span></span> <span id="cb10-35"><a href="#cb10-35" aria-hidden="true" tabindex="-1"></a><span class="fu">df</span> <span class="at">-h</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span> <span class="dv">2</span><span class="op">>&</span><span class="dv">1</span></span> <span id="cb10-36"><a href="#cb10-36" aria-hidden="true" tabindex="-1"></a></span> <span id="cb10-37"><a href="#cb10-37" aria-hidden="true" tabindex="-1"></a><span class="co"># 7. Periksa ZFS (jika ada)</span></span> <span id="cb10-38"><a href="#cb10-38" aria-hidden="true" tabindex="-1"></a><span class="cf">if</span> <span class="bu">command</span> <span class="at">-v</span> zpool <span class="op">&></span> /dev/null<span class="kw">;</span> <span class="cf">then</span></span> <span id="cb10-39"><a href="#cb10-39" aria-hidden="true" tabindex="-1"></a> <span class="bu">echo</span> <span class="st">"Status ZFS:"</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span></span> <span id="cb10-40"><a href="#cb10-40" aria-hidden="true" tabindex="-1"></a> <span class="ex">zpool</span> status <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span> <span class="dv">2</span><span class="op">>&</span><span class="dv">1</span></span> <span id="cb10-41"><a href="#cb10-41" aria-hidden="true" tabindex="-1"></a><span class="cf">fi</span></span> <span id="cb10-42"><a href="#cb10-42" aria-hidden="true" tabindex="-1"></a></span> <span id="cb10-43"><a href="#cb10-43" aria-hidden="true" tabindex="-1"></a><span class="co"># 8. Hantar laporan</span></span> <span id="cb10-44"><a href="#cb10-44" aria-hidden="true" tabindex="-1"></a><span class="va">SUMMARY</span><span class="op">=</span><span class="va">$(</span><span class="fu">tail</span> <span class="at">-50</span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span><span class="va">)</span></span> <span id="cb10-45"><a href="#cb10-45" aria-hidden="true" tabindex="-1"></a><span class="ex">curl</span> <span class="at">-d</span> <span class="st">"</span><span class="va">$SUMMARY</span><span class="st">"</span> http://ntfy.lab.local/maintenance</span> <span id="cb10-46"><a href="#cb10-46" aria-hidden="true" tabindex="-1"></a></span> <span id="cb10-47"><a href="#cb10-47" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"=== Penyelenggaraan selesai: </span><span class="va">$(</span><span class="fu">date</span><span class="va">)</span><span class="st"> ==="</span> <span class="op">>></span> <span class="st">"</span><span class="va">$LOG</span><span class="st">"</span></span></code></pre></div> <div class="sourceCode" id="cb11"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb11-1"><a href="#cb11-1" aria-hidden="true" tabindex="-1"></a><span class="co"># Tambah ke crontab</span></span> <span id="cb11-2"><a href="#cb11-2" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> crontab <span class="at">-e</span></span> <span id="cb11-3"><a href="#cb11-3" aria-hidden="true" tabindex="-1"></a><span class="ex">0</span> 4 <span class="pp">*</span> <span class="pp">*</span> 0 /usr/local/bin/weekly-maintenance.sh</span></code></pre></div> <blockquote> <p><strong>Nota Beginner:</strong> Perhatikan <code>docker system prune -af --volumes</code> dalam skrip tu. Ini akan padam semua image, container, dan volume yang tak digunakan. Bagus untuk jimat disk space, tapi pastikan semua container penting anda memang running sebelum jalankan skrip ni.</p> </blockquote> <h3 id="automasi-pembaharuan-sijil-ssl">Automasi Pembaharuan Sijil SSL</h3> <p>Ini skrip kecil tapi sangat berguna. Ia check semua sijil SSL anda dan alert kalau ada yang nak tamat:</p> <div class="sourceCode" id="cb12"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb12-1"><a href="#cb12-1" aria-hidden="true" tabindex="-1"></a><span class="co">#!/bin/bash</span></span> <span id="cb12-2"><a href="#cb12-2" aria-hidden="true" tabindex="-1"></a><span class="co"># /usr/local/bin/check-ssl-expiry.sh</span></span> <span id="cb12-3"><a href="#cb12-3" aria-hidden="true" tabindex="-1"></a></span> <span id="cb12-4"><a href="#cb12-4" aria-hidden="true" tabindex="-1"></a><span class="va">DOMAINS</span><span class="op">=</span><span class="va">(</span></span> <span id="cb12-5"><a href="#cb12-5" aria-hidden="true" tabindex="-1"></a> <span class="st">"cloud.lab.local"</span></span> <span id="cb12-6"><a href="#cb12-6" aria-hidden="true" tabindex="-1"></a> <span class="st">"git.lab.local"</span></span> <span id="cb12-7"><a href="#cb12-7" aria-hidden="true" tabindex="-1"></a> <span class="st">"vault.lab.local"</span></span> <span id="cb12-8"><a href="#cb12-8" aria-hidden="true" tabindex="-1"></a> <span class="st">"grafana.lab.local"</span></span> <span id="cb12-9"><a href="#cb12-9" aria-hidden="true" tabindex="-1"></a><span class="va">)</span></span> <span id="cb12-10"><a href="#cb12-10" aria-hidden="true" tabindex="-1"></a></span> <span id="cb12-11"><a href="#cb12-11" aria-hidden="true" tabindex="-1"></a><span class="cf">for</span> domain <span class="kw">in</span> <span class="st">"</span><span class="va">${DOMAINS</span><span class="op">[@]</span><span class="va">}</span><span class="st">"</span><span class="kw">;</span> <span class="cf">do</span></span> <span id="cb12-12"><a href="#cb12-12" aria-hidden="true" tabindex="-1"></a> <span class="va">EXPIRY</span><span class="op">=</span><span class="va">$(</span><span class="bu">echo</span> <span class="kw">|</span> <span class="ex">openssl</span> s_client <span class="at">-servername</span> <span class="st">"</span><span class="va">$domain</span><span class="st">"</span> <span class="dt">\</span></span> <span id="cb12-13"><a href="#cb12-13" aria-hidden="true" tabindex="-1"></a> <span class="at">-connect</span> <span class="st">"</span><span class="va">$domain</span><span class="st">:443"</span> <span class="dv">2</span><span class="op">></span>/dev/null <span class="kw">|</span> <span class="dt">\</span></span> <span id="cb12-14"><a href="#cb12-14" aria-hidden="true" tabindex="-1"></a> <span class="ex">openssl</span> x509 <span class="at">-noout</span> <span class="at">-enddate</span> <span class="dv">2</span><span class="op">></span>/dev/null <span class="kw">|</span> <span class="dt">\</span></span> <span id="cb12-15"><a href="#cb12-15" aria-hidden="true" tabindex="-1"></a> <span class="fu">cut</span> <span class="at">-d</span><span class="op">=</span> <span class="at">-f2</span><span class="va">)</span></span> <span id="cb12-16"><a href="#cb12-16" aria-hidden="true" tabindex="-1"></a></span> <span id="cb12-17"><a href="#cb12-17" aria-hidden="true" tabindex="-1"></a> <span class="cf">if</span> <span class="bu">[</span> <span class="ot">-n</span> <span class="st">"</span><span class="va">$EXPIRY</span><span class="st">"</span> <span class="bu">]</span><span class="kw">;</span> <span class="cf">then</span></span> <span id="cb12-18"><a href="#cb12-18" aria-hidden="true" tabindex="-1"></a> <span class="va">DAYS_LEFT</span><span class="op">=</span><span class="va">$((</span> (<span class="va">$(</span><span class="fu">date</span> <span class="at">-d</span> <span class="st">"</span><span class="va">$EXPIRY</span><span class="st">"</span> +%s<span class="va">)</span> <span class="op">-</span> <span class="va">$(</span><span class="fu">date</span> +%s<span class="va">)</span>) <span class="op">/</span> <span class="dv">86400</span> <span class="va">))</span></span> <span id="cb12-19"><a href="#cb12-19" aria-hidden="true" tabindex="-1"></a></span> <span id="cb12-20"><a href="#cb12-20" aria-hidden="true" tabindex="-1"></a> <span class="cf">if</span> <span class="bu">[</span> <span class="st">"</span><span class="va">$DAYS_LEFT</span><span class="st">"</span> <span class="ot">-lt</span> 30 <span class="bu">]</span><span class="kw">;</span> <span class="cf">then</span></span> <span id="cb12-21"><a href="#cb12-21" aria-hidden="true" tabindex="-1"></a> <span class="ex">curl</span> <span class="at">-d</span> <span class="st">"Amaran: Sijil SSL untuk </span><span class="va">$domain</span><span class="st"> tamat dalam </span><span class="va">$DAYS_LEFT</span><span class="st"> hari!"</span> <span class="dt">\</span></span> <span id="cb12-22"><a href="#cb12-22" aria-hidden="true" tabindex="-1"></a> http://ntfy.lab.local/ssl-alerts</span> <span id="cb12-23"><a href="#cb12-23" aria-hidden="true" tabindex="-1"></a> <span class="cf">fi</span></span> <span id="cb12-24"><a href="#cb12-24" aria-hidden="true" tabindex="-1"></a> <span class="cf">fi</span></span> <span id="cb12-25"><a href="#cb12-25" aria-hidden="true" tabindex="-1"></a><span class="cf">done</span></span></code></pre></div> <h2 id="langkah-4-pemantauan-lanjutan-dengan-grafana">Langkah 4: Pemantauan Lanjutan dengan Grafana</h2> <p>Sekarang anda dah ada Grafana dari bab sebelumnya, jom buat dashboard yang lebih power.</p> <h3 id="papan-pemuka-tersuai">Papan Pemuka Tersuai</h3> <p>Cipta papan pemuka Grafana yang menunjukkan keseluruhan homelab anda dalam satu pandangan:</p> <p><strong>Panel Disyorkan:</strong></p> <ol type="1"> <li><strong>Ringkasan Sistem:</strong> <ul> <li>Uptime semua pelayan</li> <li>Bilangan kontena aktif</li> <li>Penggunaan CPU keseluruhan</li> <li>Penggunaan RAM keseluruhan</li> </ul></li> <li><strong>Storan:</strong> <ul> <li>Penggunaan cakera setiap pelayan</li> <li>IOPS dan throughput</li> <li>Kesihatan ZFS/RAID</li> </ul></li> <li><strong>Rangkaian:</strong> <ul> <li>Trafik masuk/keluar</li> <li>Pertanyaan DNS (dari Pi-hole)</li> <li>Sambungan VPN aktif</li> </ul></li> <li><strong>Perkhidmatan:</strong> <ul> <li>Status kontena Docker</li> <li>Masa tindak balas perkhidmatan web</li> <li>Kadar ralat HTTP</li> </ul></li> <li><strong>Persekitaran:</strong> <ul> <li>Suhu CPU</li> <li>Status UPS (bateri, beban)</li> <li>Kelajuan kipas</li> </ul></li> </ol> <h3 id="grafana-dengan-variabel">Grafana dengan Variabel</h3> <p>Nak buat dashboard yang lebih interaktif? Guna variabel supaya anda boleh tukar antara server dengan satu klik:</p> <pre><code># Variabel 'host' Type: Query Data source: Prometheus Query: label_values(node_uname_info, instance) # Gunakan dalam panel: node_cpu_seconds_total{instance="$host"}</code></pre> <h3 id="anotasi">Anotasi</h3> <p>Tandakan peristiwa penting pada graf Grafana. Contohnya, bila deploy berlaku, anda boleh nampak tepat pada graf kalau ada kesan ke prestasi:</p> <div class="sourceCode" id="cb14"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb14-1"><a href="#cb14-1" aria-hidden="true" tabindex="-1"></a><span class="co"># Hantar anotasi apabila deploy berlaku</span></span> <span id="cb14-2"><a href="#cb14-2" aria-hidden="true" tabindex="-1"></a><span class="ex">curl</span> <span class="at">-X</span> POST http://grafana.lab.local/api/annotations <span class="dt">\</span></span> <span id="cb14-3"><a href="#cb14-3" aria-hidden="true" tabindex="-1"></a> <span class="at">-H</span> <span class="st">"Authorization: Bearer api-key-anda"</span> <span class="dt">\</span></span> <span id="cb14-4"><a href="#cb14-4" aria-hidden="true" tabindex="-1"></a> <span class="at">-H</span> <span class="st">"Content-Type: application/json"</span> <span class="dt">\</span></span> <span id="cb14-5"><a href="#cb14-5" aria-hidden="true" tabindex="-1"></a> <span class="at">-d</span> <span class="st">'{</span></span> <span id="cb14-6"><a href="#cb14-6" aria-hidden="true" tabindex="-1"></a><span class="st"> "text": "Deploy v1.2.3",</span></span> <span id="cb14-7"><a href="#cb14-7" aria-hidden="true" tabindex="-1"></a><span class="st"> "tags": ["deploy", "production"]</span></span> <span id="cb14-8"><a href="#cb14-8" aria-hidden="true" tabindex="-1"></a><span class="st"> }'</span></span></code></pre></div> <h2 id="langkah-5-pemberitahuan-pintar">Langkah 5: Pemberitahuan Pintar</h2> <h3 id="mengelakkan-alert-fatigue">Mengelakkan Alert Fatigue</h3> <p>Ini perkara yang saya belajar dengan cara yang susah. Mula-mula setup monitoring, saya alert SEMUA benda. CPU naik sikit — alert. Disk usage naik 1% — alert. Hasilnya? Saya abaikan semua notification sebab terlalu banyak.</p> <p>Jangan buat macam saya. Konfigurasi amaran dengan bijak:</p> <div class="sourceCode" id="cb15"><pre class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb15-1"><a href="#cb15-1" aria-hidden="true" tabindex="-1"></a><span class="co"># Tahap amaran:</span></span> <span id="cb15-2"><a href="#cb15-2" aria-hidden="true" tabindex="-1"></a><span class="co"># 1. Info — Log sahaja, tiada pemberitahuan</span></span> <span id="cb15-3"><a href="#cb15-3" aria-hidden="true" tabindex="-1"></a><span class="co"># 2. Warning — Pemberitahuan sekali, boleh ditunggu</span></span> <span id="cb15-4"><a href="#cb15-4" aria-hidden="true" tabindex="-1"></a><span class="co"># 3. Critical — Pemberitahuan segera, perlu tindakan</span></span> <span id="cb15-5"><a href="#cb15-5" aria-hidden="true" tabindex="-1"></a></span> <span id="cb15-6"><a href="#cb15-6" aria-hidden="true" tabindex="-1"></a><span class="co"># Contoh peraturan:</span></span> <span id="cb15-7"><a href="#cb15-7" aria-hidden="true" tabindex="-1"></a><span class="fu">rules</span><span class="kw">:</span></span> <span id="cb15-8"><a href="#cb15-8" aria-hidden="true" tabindex="-1"></a><span class="co"> # CRITICAL: Pelayan tidak boleh diakses</span></span> <span id="cb15-9"><a href="#cb15-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">alert</span><span class="kw">:</span><span class="at"> ServerDown</span></span> <span id="cb15-10"><a href="#cb15-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">expr</span><span class="kw">:</span><span class="at"> up == 0</span></span> <span id="cb15-11"><a href="#cb15-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">for</span><span class="kw">:</span><span class="at"> 2m</span></span> <span id="cb15-12"><a href="#cb15-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">severity</span><span class="kw">:</span><span class="at"> critical</span></span> <span id="cb15-13"><a href="#cb15-13" aria-hidden="true" tabindex="-1"></a></span> <span id="cb15-14"><a href="#cb15-14" aria-hidden="true" tabindex="-1"></a><span class="co"> # </span><span class="al">WARNING</span><span class="co">: CPU tinggi (mungkin beban sementara)</span></span> <span id="cb15-15"><a href="#cb15-15" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">alert</span><span class="kw">:</span><span class="at"> HighCPU</span></span> <span id="cb15-16"><a href="#cb15-16" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">expr</span><span class="kw">:</span><span class="at"> cpu_usage > 90</span></span> <span id="cb15-17"><a href="#cb15-17" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">for</span><span class="kw">:</span><span class="at"> 15m</span><span class="co"> # Tunggu 15 minit sebelum amaran</span></span> <span id="cb15-18"><a href="#cb15-18" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">severity</span><span class="kw">:</span><span class="at"> warning</span></span> <span id="cb15-19"><a href="#cb15-19" aria-hidden="true" tabindex="-1"></a></span> <span id="cb15-20"><a href="#cb15-20" aria-hidden="true" tabindex="-1"></a><span class="co"> # INFO: Cakera hampir penuh (masih ada masa)</span></span> <span id="cb15-21"><a href="#cb15-21" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">alert</span><span class="kw">:</span><span class="at"> DiskAlmostFull</span></span> <span id="cb15-22"><a href="#cb15-22" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">expr</span><span class="kw">:</span><span class="at"> disk_usage > 80</span></span> <span id="cb15-23"><a href="#cb15-23" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">for</span><span class="kw">:</span><span class="at"> 1h</span></span> <span id="cb15-24"><a href="#cb15-24" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">severity</span><span class="kw">:</span><span class="at"> info</span></span></code></pre></div> <h3 id="saluran-pemberitahuan">Saluran Pemberitahuan</h3> <p>Setup saluran pemberitahuan mengikut keutamaan. Tak semua alert perlu bunyi telefon anda:</p> <pre><code>Kritikal → Telegram + Ntfy (push notification) Amaran → Telegram sahaja Info → Log ke Grafana sahaja Jadual: Waktu kerja (8am-10pm): Semua pemberitahuan Malam (10pm-8am): Kritikal sahaja</code></pre> <blockquote> <p><strong>Nota Beginner:</strong> Rule of thumb saya — kalau alert tu tak memerlukan tindakan segera, ia sepatutnya warning atau info, bukan critical. Critical bermakna “bangun tidur sekarang dan fix.”</p> </blockquote> <h2 id="langkah-6-dokumentasi-automatik">Langkah 6: Dokumentasi Automatik</h2> <h3 id="ansible-cmdb">Ansible CMDB</h3> <p>Pernah tak seseorang tanya “server tu spec apa?” dan anda kena SSH satu-satu untuk check? Ansible CMDB selesaikan masalah tu:</p> <div class="sourceCode" id="cb17"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb17-1"><a href="#cb17-1" aria-hidden="true" tabindex="-1"></a><span class="co"># Pasang ansible-cmdb</span></span> <span id="cb17-2"><a href="#cb17-2" aria-hidden="true" tabindex="-1"></a><span class="ex">pip</span> install ansible-cmdb</span> <span id="cb17-3"><a href="#cb17-3" aria-hidden="true" tabindex="-1"></a></span> <span id="cb17-4"><a href="#cb17-4" aria-hidden="true" tabindex="-1"></a><span class="co"># Kumpul fakta dari semua host</span></span> <span id="cb17-5"><a href="#cb17-5" aria-hidden="true" tabindex="-1"></a><span class="ex">ansible</span> <span class="at">-i</span> inventory/hosts.yml all <span class="at">-m</span> setup <span class="at">--tree</span> /tmp/facts</span> <span id="cb17-6"><a href="#cb17-6" aria-hidden="true" tabindex="-1"></a></span> <span id="cb17-7"><a href="#cb17-7" aria-hidden="true" tabindex="-1"></a><span class="co"># Jana laporan HTML</span></span> <span id="cb17-8"><a href="#cb17-8" aria-hidden="true" tabindex="-1"></a><span class="ex">ansible-cmdb</span> /tmp/facts <span class="op">></span> homelab-inventory.html</span></code></pre></div> <p>Laporan ini mengandungi: - Senarai semua pelayan dengan spesifikasi - Versi OS dan kernel - Alamat IP dan MAC - Saiz RAM dan storan - Perisian yang dipasang</p> <h3 id="dokumentasi-rangkaian-automatik">Dokumentasi Rangkaian Automatik</h3> <p>Skrip ni scan rangkaian anda dan generate dokumen secara automatik. Jalankan sebulan sekali dan anda sentiasa ada dokumentasi terkini:</p> <div class="sourceCode" id="cb18"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb18-1"><a href="#cb18-1" aria-hidden="true" tabindex="-1"></a><span class="co">#!/bin/bash</span></span> <span id="cb18-2"><a href="#cb18-2" aria-hidden="true" tabindex="-1"></a><span class="co"># generate-network-doc.sh</span></span> <span id="cb18-3"><a href="#cb18-3" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"# Dokumentasi Rangkaian Homelab"</span> <span class="op">></span> network-doc.md</span> <span id="cb18-4"><a href="#cb18-4" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"Dijana: </span><span class="va">$(</span><span class="fu">date</span><span class="va">)</span><span class="st">"</span> <span class="op">>></span> network-doc.md</span> <span id="cb18-5"><a href="#cb18-5" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">""</span> <span class="op">>></span> network-doc.md</span> <span id="cb18-6"><a href="#cb18-6" aria-hidden="true" tabindex="-1"></a></span> <span id="cb18-7"><a href="#cb18-7" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"## Peranti Aktif"</span> <span class="op">>></span> network-doc.md</span> <span id="cb18-8"><a href="#cb18-8" aria-hidden="true" tabindex="-1"></a><span class="fu">nmap</span> <span class="at">-sn</span> 10.0.0.0/24 <span class="kw">|</span> <span class="fu">grep</span> <span class="st">"report\|MAC"</span> <span class="op">>></span> network-doc.md</span> <span id="cb18-9"><a href="#cb18-9" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">""</span> <span class="op">>></span> network-doc.md</span> <span id="cb18-10"><a href="#cb18-10" aria-hidden="true" tabindex="-1"></a></span> <span id="cb18-11"><a href="#cb18-11" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"## Port Terbuka (Pelayan Utama)"</span> <span class="op">>></span> network-doc.md</span> <span id="cb18-12"><a href="#cb18-12" aria-hidden="true" tabindex="-1"></a><span class="fu">nmap</span> <span class="at">-sV</span> 10.0.20.20 <span class="op">>></span> network-doc.md</span> <span id="cb18-13"><a href="#cb18-13" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">""</span> <span class="op">>></span> network-doc.md</span> <span id="cb18-14"><a href="#cb18-14" aria-hidden="true" tabindex="-1"></a></span> <span id="cb18-15"><a href="#cb18-15" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"## Rekod DNS"</span> <span class="op">>></span> network-doc.md</span> <span id="cb18-16"><a href="#cb18-16" aria-hidden="true" tabindex="-1"></a><span class="ex">dig</span> axfr lab.local @10.0.0.2 <span class="op">>></span> network-doc.md <span class="dv">2</span><span class="op">></span>/dev/null</span> <span id="cb18-17"><a href="#cb18-17" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">""</span> <span class="op">>></span> network-doc.md</span> <span id="cb18-18"><a href="#cb18-18" aria-hidden="true" tabindex="-1"></a></span> <span id="cb18-19"><a href="#cb18-19" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"## Kontena Docker"</span> <span class="op">>></span> network-doc.md</span> <span id="cb18-20"><a href="#cb18-20" aria-hidden="true" tabindex="-1"></a><span class="fu">ssh</span> admin@10.0.20.20 <span class="st">"docker ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}'"</span> <span class="op">>></span> network-doc.md</span></code></pre></div> <h3 id="checklist-siap-bab-ini">Checklist Siap Bab Ini</h3> <ul class="task-list"> <li><label><input type="checkbox" />Saya tahu satu proses yang sesuai dijadikan Workflow automatik.</label></li> <li><label><input type="checkbox" />Saya tahu keperluan rollback untuk automasi itu.</label></li> <li><label><input type="checkbox" />Saya tahu bagaimana hendak audit hasil automasi melalui log atau notifikasi.</label></li> </ul> <h2 id="ringkasan">Ringkasan</h2> <p>Wah, bab yang panjang! Tapi anda dah sampai penghujung. Jom recap apa yang kita dah cover:</p> <ul> <li><strong>CI/CD dengan Gitea Actions</strong> — push code, auto deploy. Macam magic, tapi anda yang buat.</li> <li><strong>Ansible Roles</strong> — pengurusan konfigurasi yang lebih teratur dan boleh diguna semula</li> <li><strong>Skrip automasi penyelenggaraan</strong> — update, bersihkan, check health, semua automatik</li> <li><strong>Papan pemuka Grafana lanjutan</strong> — variabel, anotasi, panel tersuai</li> <li><strong>Strategi pemberitahuan pintar</strong> — alert yang berguna, bukan yang menyusahkan</li> <li><strong>Dokumentasi automatik</strong> — tak perlu update manual lagi</li> </ul> <p>Automasi yang baik membebaskan masa anda untuk belajar perkara baru dan menambah projek baru ke homelab. Daripada habiskan masa buat kerja berulang, anda boleh fokus pada eksperimen dan pembelajaran.</p> <p>Percayalah, bila anda dah rasa nikmat automasi yang berjalan lancar, anda takkan mahu balik ke cara manual lagi. Selamat mengautomasikan!</p>
💾 Kemaskini
Batal