Administration 1C for the smallest. Part One - Divide and Conquer

Disclaimer

This article expresses the personal opinion of the author, his vision of the world, his path, and all this does not claim to be absolute loyalty and objectivity. The author does not bear any responsibility for the consequences of using this information, he only hopes that this information will help to make life easier for someone.

Foreword

At first, I just wanted to write a short article about how we distributed databases by services, but during the deepening of this process we added all sorts of different things (monitoring services, then monitoring users inside 1C, then screwing in zabbiks, and finally came to CI / CD based on 1C). As a result, I understand that it will be too much to push this into one article - I decided to divide it into several. Well, the name is inspired by a cycle of articles "networks for the smallest," which brought me many pleasant minutes and to which I refer everyone who "wants to explore the networks." So, we proceed!

When you acknowledge the problem, it means that you’ve already half recovered (c) a friend psychiatrist

In this article I want to share my experience in administering a large number of 1C in the corporate sector. The bases are all different, there is development, there is a test, everything is like at all. But there are just enough of them. And everything was fine, but at a certain moment it was extremely difficult and risky to carry out some kind of admin work.

What were our difficulties:

1. Suspended base was restarting the service, which meant innocent people suffered (users of other bases)
2. It was hard to understand who today is the “hero of the day” - which base occupied all the resources
3. Updating releases - updating one pulled for an automatic update of all databases on this service
4. Manual connection of databases to users, manual change in case of moving
5. Monitoring
   
   And only now I understand that it was only the tip of the iceberg ...

Act one, action zero

A slight distraction to the basic postulates, the awareness of which was given a lot of blood and pain.

1. Older versions of 1C (up to 8.3.11+) have a performance drawdown when working in a virtualized environment. (Source - Gilev and own tests)
2. There is a cluster, but everything is not very easy with it. Perhaps it will be finalized later, but for now it is mainly for show. (source - own experience)
3. When choosing a processor, look only at the frequency . A processor of 6 cores at 3.4 GHz will tear the processor into 20 cores at 2 GHz. The problem is that 1C knows nothing about parallel computing at all. In fact, it works like this - we have a certain number of workers for each service, they are scattered around the processors, and if a user runs a heavy report in some worker, then only one processor core will be loaded in the system. This is the one on which the worker is running with the task running ... By the way, for the DB, the situation is exactly the opposite. (source - Gilev, own experience, experience of colleagues)
4. Do not use logs in the "new" format (write to SQLLite) - you will very quickly encounter the fact that the performance of this solution is even worse than the file version. (Source - own experience, experience of colleagues).
   
   At the prompts from the comments there is an option to make logs on a separate instance.
   
   At 8/3/12, the logs were promised to be normal!
5. 1C does not like IPv6. On all servers with 1C, it is better to immediately lower the priority of IPv6 to a minimum. (Source - Gilev, own experience)
6. Use virtual network cards E1000 for virtual servers. With the rest of the problem of performance (Source - Gilev, but on their own experience was not confirmed, although not specifically tested)
7. Database maintenance gives a good performance boost, especially periodic recalculation of totals, as well as SQL index maintenance (Source - own experience, Gilev)
8. The search for the causes of the fall of 1C is akin to eating unpeeled cactus. Find out something really can only be through pain, humiliation and suffering. (Source - own experience)
9. There is not a single official image under any hypervisor. About the docker, I generally keep quiet. (Source - site 1C)
10. A software license for a server is tied to — a surprise, a surprise — a processor serial number (and a huge number of server parameters). In an era of ubiquitous virtualization, the move is amazing. I explain - we activated the server, moved to another node, rebooted the machine - 1C will not start. Uncover a new activation code. (Source - own experience, talkative technical support 1C =))
11. 1C is an accounting system, not a reporting one. You want a lot of normal fat reports and quickly - move it beyond 1C. (Source - own experience)
12. In 1C there are two undeniable advantages, due to which it will flourish for a long time:
    
    
    • the cost of the product / developers
    • development speed
      
      and unfortunately for Russian business they are top priorities. And often the only things they even look at. (Source - sad reality)
13. Never use the file ball as a place for storage of 1C configurations. Only service. Otherwise, the mats on the part of the development of the fallen hell knows when the repository will become your constant companion in life. (Source - own experience, experience of colleagues)

Act one, act one

The first short scene from corporate life

On the stage - Admin (A), 1C programmer (P1C) and business representative (PB)

PB - The program is slow!

A - I'm fine in the system!

P1C - I wrote everything correctly, everything works fast on my computer!

PB (timidly and perplexedly) - but it’s a long time ...

A and P1C choir - we are fine, the problem is on your side!

Problems always happen at the wrong time (s) (5-year-old philosopher)

And one fine sunny morning (in fact, it was a deep winter night), we realized that tomorrow we need to launch a new base. Tomorrow came that wonderful day, which has already been described many times by thousands of authors and his name is legion! Ugh, sorry, skidded. The name of this day was the deadline. One o'clock at night, tomorrow a new database should start on 200 computers. "Yes, no problem, we have all the computers in the domain! Now we’ll quickly make a login script and it's in the bag!" you think. And you will be right - we also thought. And they did. Only, as it usually happens, you got burned on trifles - I registered in% logon script% filename%. bat and a colleague posted% filename%. cmd

Well, of course, in the morning Helpdesk ran to do everything with my hands, and I was very ashamed of such a stupid Fail. Apologized to the guys cake.

But the thought of automating this process in my head sat down very firmly and even the implementation plan began to emerge.

As a result, we come to the following ideology:

• Everything is distributed through AD - groups like 1cbases are created -% platform version% -% database name% and users who need a database are added by the help of the helpdesk.
  
  
  • one group - one base
  • 1cbases is the prefix for which it is convenient to search for groups
  • platform version 81, 82 and 83 (the release is not critical)
  • the name of the database corresponds to the file name with the settings
• the general file sphere is allocated where all the files with the database connection settings are laid out (one base is one file)
• when blocking the computer, a script is called that reads the user's groups and, on their basis, adds the necessary 1C databases to users

How we did it:

1. Through group policies, a new task is added to the scheduler (the task of the scheduler is to assign the user the path to the database connection file):
   
   
   • run as user
   • event - unlock computer
   • action - launch our script
2. We create the necessary groups in AD and fill them with users.
3. We create the necessary files to run 1C themselves. Here I will stop a little more in detail. Initially, we tormented the Internet for a long time with our queries and found a complete description of the structure of * .v8i files. But then there was a way easier and more ingenious.
   
   
   • run 1C
   • set up a connection to the database
   • check that everything works
   • right click on the name of the database and select the item - "Save link to file"

#     
if (Test-Path "$env:HOMEDRIVE\!script_report\add_1c_bases_report.txt")
    {
        Remove-Item "$env:HOMEDRIVE\!script_report\add_1c_bases_report.txt" -Force -ErrorAction SilentlyContinue;
    }
New-Item "$env:HOMEDRIVE\!script_report\add_1c_bases_report.txt" -ItemType file -Force -ErrorAction SilentlyContinue;
Add-Content -Value ("  : " + (Get-Date -Format F)) -Path "$env:HOMEDRIVE\!script_report\add_1c_bases_report.txt";

if ( (gwmi Win32_OperatingSystem | select Caption, CSDVersion) -notlike "*server*") #     
    {
        Add-Content -Value "    " -Path "C:\!script_report\add_1c_bases_report.txt";

        if (!(Test-Path "$env:APPDATA\1C\1CEstart\ibases.v8i")) #    1      8.1     8.2
            {
                New-Item "$env:APPDATA\1C\1CEstart\ibases.v8i" -ItemType file -Force; #      
                Add-Content -Value " $env:APPDATA\1C\1CEstart\ibases.v8i  ,  " -Path "C:\!script_report\add_1c_bases_report.txt";
            }
        if (Test-Path "$env:APPDATA\1C\1CEstart\1CEStart.cfg")
            {
                Remove-Item "$env:APPDATA\1C\1CEstart\1CEStart.cfg" -Force #-ErrorAction SilentlyContinue #     8.1
            }

        New-Item "$env:APPDATA\1C\1CEstart\1CEStart.cfg" -ItemType file -Force #     8.2

        $GroupList = ([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().Properties.memberof -replace '^CN=([^,]+).+$','$1' #    
        foreach ($Group in $GroupList) #        
            {
                if ($Group.Length -gt 6) #    
                    {
                        If ($Group.Substring(0,7) -eq "1cbases") #      1
                            {
                                Switch ($Group.Substring(8,2)) #   8.1  8.2
                                    {
                                        "81" {Add-Content "$env:APPDATA\1C\1Cv81\ibases.v8l" -Value ("\\gold585.int\TechFiles\CommonBases\" + $Group.Substring(11) +".v8i")} #          8.1
                                        "82" {Add-Content "$env:APPDATA\1C\1CEstart\1CEStart.cfg" -Value ("CommonInfoBases=\\gold585.int\TechFiles\CommonBases\" + $Group.Substring(11) +".v8i")} #          8.2
                                        "83" {Add-Content "$env:APPDATA\1C\1CEstart\1CEStart.cfg" -Value ("CommonInfoBases=\\gold585.int\TechFiles\CommonBases\" + $Group.Substring(11) +".v8i")} #          8.3
                                    }
                                Add-Content -Value ("   $Group") -Path "C:\!script_report\add_1c_bases_report.txt";
                                Add-Content -Value (" : CommonInfoBases=\\gold585.int\TechFiles\CommonBases\" + $Group.Substring(11) +".v8i") -Path "C:\!script_report\add_1c_bases_report.txt";
                            }
                    }
            }
    }
else
    {
        Add-Content -Value "    " -Path "C:\!script_report\add_1c_bases_report.txt";
    }

:

1. — , —
2. , ( — )

,

— (), 1 (1),

— 1 — $#%!!! !

1 — #$@! ! !

, , .

… () -

— , , , … , , ! — , %@!

— ?

— . % % , , . 3 . .

— !!!

— , ...

, , .

:

1. — —
2. - . — . , . , RBAC 1
3. ( () )
4. alias DNS , ip / dns ( , — , )
5. 500 ( )

( . ):

2. , " "
3. MS , MAK-
4. sqlncli — MS SQL Native Client. 2012
5. C:\Windows\SysWOW64\config\systemprofile\Desktop — Word/Excel
6. Windows 2016 1 8.1 dll ( C:\Program Files\Common Files\System\Ole DB sqloledb.dll sqloledb.rll )
7. ODBC , MySQL/PostgreSQL

:

1. 1CServer%basename% ( , )
2. ( , ), ( )

@echo off
chcp 1251
 
set base=%base_name%
      –    

set dsce=%base name%
      –   

set dscr=% %
    –   

set sver=8.3
  –     

set fver=1cv8\8.3.9.2170
       1
set port=8040
 
set regp=8041
 
set rnge=8060:8491
   

set name="1C:Enterprise %sver% Server Agent (x86-64) %dsce%"
  ( )    ,       

set bpth=\"C:\Program Files\%fver%\bin\ragent.exe\" -srvc -agent
      

set logs=D:\1C_Server_%base%
  

set user="%login%@%domain_name%"
      20 

     ,         ,         ;

set view="  1: %sver% (x86-64) %dscr%"
   

sc create %name% binPath= "%bpth% -regport %regp% -port %port% -range %rnge% -d \"%logs%\"" type= "own" start= "auto" error= "severe" depend= "Tcpip/Dnscache/lanmanworkstation/lanmanserver" obj= %user%DisplayName= %view%
:
type= "own" –  ,     
start= "auto" –  
error= "severe" –    ,        ErrorControl = 2
depend= "Tcpip/Dnscache/lanmanworkstation/lanmanserver" –  (   ,   )

sc description %name% %view%
   ,     

sc failure %name% reset= 0 actions= "restart/0"
    –    ,  0 ;    0 

    :

@echo off
chcp 1251
set base=%base_name%
set dsce=%base name%
set dscr=% %
set sver=8.3
set fver=1cv8\8.3.9.2170
set port=8040
set regp=8041
set rnge=8060:8491

set name="1C:Enterprise %sver% Server Agent (x86-64) %dsce%"
set bpth=\"C:\Program Files\%fver%\bin\ragent.exe\" -srvc -agent
set logs=D:\1C_Server_%base%
set user="%login%@domain.company"
set view="  1: %sver% (x86-64) %dscr%"

sc create %name% binPath= "%bpth% -regport %regp% -port %port% -range %rnge% -d \"%logs%\"" type= "own" start= "auto" error= "severe" depend= "Tcpip/Dnscache/lanmanworkstation/lanmanserver" obj= %user% DisplayName= %view%

sc description %name% %view%

sc failure %name% reset= 0 actions= "restart/0"

:

1. ,
   
   
   • cmd chcp 1251
   • ANSI
2. — !!!
3. , , — sc delete « name»
4. 1 firewall
5. —

:

1. ,
2. "" — ,

( ):

• MSSQL kerberos
• —
• 1 ,
• CI 1

UPD. -