Cleachdadh Blue-Green aig tuarastal as ìsle

Anns an artaigil seo bidh sinn a 'cleachdadh bash, ssh, docker и nginx Cuiridh sinn air dòigh cruth fuaigheil den tagradh lìn. Cleachdadh gorm-uaine na innleachd a leigeas leat tagradh ùrachadh sa bhad gun a bhith a’ diùltadh aon iarrtas. Is e seo aon de na ro-innleachdan cleachdadh ùine downt agus tha e nas freagarraiche airson tagraidhean le aon eisimpleir, ach an comas dàrna eisimpleir deiseil a luchdachadh faisg air làimh.

Canaidh sinn gu bheil tagradh lìn agad leis a bheil mòran de luchd-dèiligidh ag obair gu gnìomhach, agus chan eil dòigh sam bith ann dha laighe sìos airson diog no dhà. Agus feumaidh tu dha-rìribh ùrachadh leabharlainn, fuasgladh bug, no feart ùr fionnar a sgaoileadh. Ann an suidheachadh àbhaisteach, feumaidh tu stad a chuir air an tagradh, cuir na àite agus tòisich a-rithist e. A thaobh docker, faodaidh tu a chuir na àite an-toiseach, an uairsin ath-thòiseachadh, ach bidh ùine ann fhathast nuair nach tèid iarrtasan an tagraidh a phròiseasadh, oir mar as trice bheir an tagradh beagan ùine airson a luchdachadh an toiseach. Dè ma thòisicheas e, ach gu bheil e neo-obrachail? Is e seo an duilgheadas, leig dhuinn fuasgladh fhaighinn air le glè bheag de dhòighean agus cho eireachdail sa ghabhas.

ÀICHEADH: Tha a’ mhòr-chuid den artaigil air a thaisbeanadh ann an cruth deuchainneach - ann an cruth clàradh de sheisean tòcan. Tha sinn an dòchas nach bi seo ro dhoirbh a thuigsinn agus gun dèan an còd clàradh ceart gu leòr. Airson àile, smaoinich nach e dìreach criomagan còd a tha seo, ach pàipear bho teletype “iarainn”.

Tha dòighean inntinneach a tha doirbh do Google dìreach le bhith a 'leughadh a' chòd air am mìneachadh aig toiseach gach earrann. Ma tha dad eile neo-shoilleir, google e agus thoir sùil air. mìnichidh (Gu fortanach, bidh e ag obair a-rithist, air sgàth gun deach an teileagram a bhacadh). Mura h-urrainn dhut dad Google, faighnich anns na beachdan. Bidh mi toilichte a chur ris an earrainn iomchaidh “Inntinneach dòighean-obrach”.

Feuch an tòisich sinn.

$ mkdir blue-green-deployment && cd $_

seirbheis

Dèanamaid seirbheis deuchainneach agus cuiridh sinn e ann an soitheach.

Teicneòlasan inntinneach

• cat << EOF > file-name (An seo Sgrìobhainn + I/O Ath-stiùireadh) mar dhòigh air faidhle ioma-loidhne a chruthachadh le aon àithne. Bidh a h-uile dad bash a ’leughadh bho /dev/stdin às deidh na loidhne seo agus ron loidhne EOF thèid a chlàradh ann an file-name.
• wget -qO- URL (mìnichidh) - cuir a-mach sgrìobhainn a gheibhear tro HTTP gu /dev/stdout (analog curl URL).

Clò-bhuail

Bidh mi gu sònraichte a’ briseadh a’ chriomag gus leigeil le soilleireachadh airson Python. Aig a’ cheann thall bidh pìos eile mar seo ann. Thoir an aire gun deach am pàipear a ghearradh anns na h-àiteachan sin airson a chuir chun roinn àrdachaidh (far an deach an còd a dhath le làimh le solais), agus an uairsin chaidh na pìosan sin a ghleusadh air ais.

$ cat << EOF > uptimer.py

from http.server import BaseHTTPRequestHandler, HTTPServer
from time import monotonic

app_version = 1
app_name = f'Uptimer v{app_version}.0'
loading_seconds = 15 - app_version * 5

class Handler(BaseHTTPRequestHandler):
    def do_GET(self):
        if self.path == '/':
            try:
                t = monotonic() - server_start
                if t < loading_seconds:
                    self.send_error(503)
                else:
                    self.send_response(200)
                    self.send_header('Content-Type', 'text/html')
                    self.end_headers()
                    response = f'<h2>{app_name} is running for {t:3.1f} seconds.</h2>n'
                    self.wfile.write(response.encode('utf-8'))
            except Exception:
                self.send_error(500)
        else:
            self.send_error(404)

httpd = HTTPServer(('', 8080), Handler)
server_start = monotonic()
print(f'{app_name} (loads in {loading_seconds} sec.) started.')
httpd.serve_forever()

EOF

$ cat << EOF > Dockerfile
FROM python:alpine
EXPOSE 8080
COPY uptimer.py app.py
CMD [ "python", "-u", "./app.py" ]
EOF

$ docker build --tag uptimer .
Sending build context to Docker daemon  39.42kB
Step 1/4 : FROM python:alpine
 ---> 8ecf5a48c789
Step 2/4 : EXPOSE 8080
 ---> Using cache
 ---> cf92d174c9d3
Step 3/4 : COPY uptimer.py app.py
 ---> a7fbb33d6b7e
Step 4/4 : CMD [ "python", "-u", "./app.py" ]
 ---> Running in 1906b4bd9fdf
Removing intermediate container 1906b4bd9fdf
 ---> c1655b996fe8
Successfully built c1655b996fe8
Successfully tagged uptimer:latest

$ docker run --rm --detach --name uptimer --publish 8080:8080 uptimer
8f88c944b8bf78974a5727070a94c76aa0b9bb2b3ecf6324b784e782614b2fbf

$ docker ps
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                    NAMES
8f88c944b8bf        uptimer             "python -u ./app.py"   3 seconds ago       Up 5 seconds        0.0.0.0:8080->8080/tcp   uptimer

$ docker logs uptimer
Uptimer v1.0 (loads in 10 sec.) started.

$ wget -qSO- http://localhost:8080
  HTTP/1.0 503 Service Unavailable
  Server: BaseHTTP/0.6 Python/3.8.3
  Date: Sat, 22 Aug 2020 19:52:40 GMT
  Connection: close
  Content-Type: text/html;charset=utf-8
  Content-Length: 484

$ wget -qSO- http://localhost:8080
  HTTP/1.0 200 OK
  Server: BaseHTTP/0.6 Python/3.8.3
  Date: Sat, 22 Aug 2020 19:52:45 GMT
  Content-Type: text/html
<h2>Uptimer v1.0 is running for 15.4 seconds.</h2>

$ docker rm --force uptimer
uptimer

Proxy air ais

Gus am bi e comasach don tagradh againn atharrachadh gun mhothachadh, feumar eintiteas eile a bhith air a bheulaibh a chuireas am falach e. Dh’ fhaodadh gur e frithealaiche lìn a th’ ann nginx в modh proxy air ais. Tha neach-ionaid cùil air a stèidheachadh eadar an neach-dèiligidh agus an tagradh. Bidh e a’ gabhail ri iarrtasan bho luchd-dèiligidh agus gan cur air adhart chun tagradh agus a’ cur air adhart freagairtean an tagraidh chun luchd-dèiligidh.

Faodar an tagradh agus an neach-ionaid cùil a cheangal taobh a-staigh docker a ’cleachdadh lìonra docker. Mar sin, chan fheum an soitheach leis an tagradh eadhon port a chuir air adhart air an t-siostam aoigheachd; leigidh seo leis an tagradh a bhith air a sgaradh gu ìre mhòr bho chunnartan bhon taobh a-muigh.

Ma tha an neach-ionaid cùil a’ fuireach air òstair eile, feumaidh tu an lìonra docker a thrèigsinn agus an tagradh a cheangal ris an neach-ionaid cùil tron ​​​​lìonra aoigheachd, a’ cur air adhart am port apps paramadair --publish, mar aig a' chiad thoiseach agus mar a tha leis an neach-ionaid cùil.

Ruithidh sinn an neach-ionaid cùil air port 80, oir is e seo dìreach an eintiteas a bu chòir èisteachd ris an lìonra a-muigh. Ma tha port 80 trang air an aoigh deuchainn agad, atharraich am paramadair --publish 80:80 air --publish ANY_FREE_PORT:80.

Teicneòlasan inntinneach

• “Ann an lìonraidhean Docker a chruthaich luchd-cleachdaidh, faodaidh tu conaltradh le soithichean chan ann a-mhàin le seòladh IP. Tha ainm an t-soithich cuideachd air fhuasgladh a-steach don t-seòladh IP aige" (artaigil “Ag lìonradh le soithichean leotha fhèin”, pàirt “Cleachd lìonraidhean drochaid a tha air an comharrachadh leis an neach-cleachdaidh”, puing 5 den chòd docker).

Clò-bhuail

$ docker network create web-gateway
5dba128fb3b255b02ac012ded1906b7b4970b728fb7db3dbbeccc9a77a5dd7bd

$ docker run --detach --rm --name uptimer --network web-gateway uptimer
a1105f1b583dead9415e99864718cc807cc1db1c763870f40ea38bc026e2d67f

$ docker run --rm --network web-gateway alpine wget -qO- http://uptimer:8080
<h2>Uptimer v1.0 is running for 11.5 seconds.</h2>

$ docker run --detach --publish 80:80 --network web-gateway --name reverse-proxy nginx:alpine
80695a822c19051260c66bf60605dcb4ea66802c754037704968bc42527bf120

$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                NAMES
80695a822c19        nginx:alpine        "/docker-entrypoint.…"   27 seconds ago       Up 25 seconds       0.0.0.0:80->80/tcp   reverse-proxy
a1105f1b583d        uptimer             "python -u ./app.py"     About a minute ago   Up About a minute   8080/tcp             uptimer

$ cat << EOF > uptimer.conf
server {
    listen 80;
    location / {
        proxy_pass http://uptimer:8080;
    }
}
EOF

$ docker cp ./uptimer.conf reverse-proxy:/etc/nginx/conf.d/default.conf

$ docker exec reverse-proxy nginx -s reload
2020/06/23 20:51:03 [notice] 31#31: signal process started

$ wget -qSO- http://localhost
  HTTP/1.1 200 OK
  Server: nginx/1.19.0
  Date: Sat, 22 Aug 2020 19:56:24 GMT
  Content-Type: text/html
  Transfer-Encoding: chunked
  Connection: keep-alive
<h2>Uptimer v1.0 is running for 104.1 seconds.</h2>

Cleachdadh gun fhiosta

Feuch an cuir sinn a-mach dreach ùr den tagradh (le àrdachadh dèanadais tòiseachaidh dà-fhillte) agus feuchaidh sinn ri a chleachdadh gun fhiosta.

Teicneòlasan inntinneach

• echo 'my text' | docker exec -i my-container sh -c 'cat > /my-file.txt' - Sgrìobh teacsa my text a fhaidhleadh /my-file.txt taobh a-staigh an t-soithich my-container.
• cat > /my-file.txt - Sgrìobh susbaint cuir a-steach àbhaisteach gu faidhle /dev/stdin.

Clò-bhuail

$ sed -i "s/app_version = 1/app_version = 2/" uptimer.py

$ docker build --tag uptimer .
Sending build context to Docker daemon  39.94kB
Step 1/4 : FROM python:alpine
 ---> 8ecf5a48c789
Step 2/4 : EXPOSE 8080
 ---> Using cache
 ---> cf92d174c9d3
Step 3/4 : COPY uptimer.py app.py
 ---> 3eca6a51cb2d
Step 4/4 : CMD [ "python", "-u", "./app.py" ]
 ---> Running in 8f13c6d3d9e7
Removing intermediate container 8f13c6d3d9e7
 ---> 1d56897841ec
Successfully built 1d56897841ec
Successfully tagged uptimer:latest

$ docker run --detach --rm --name uptimer_BLUE --network web-gateway uptimer
96932d4ca97a25b1b42d1b5f0ede993b43f95fac3c064262c5c527e16c119e02

$ docker logs uptimer_BLUE
Uptimer v2.0 (loads in 5 sec.) started.

$ docker run --rm --network web-gateway alpine wget -qO- http://uptimer_BLUE:8080
<h2>Uptimer v2.0 is running for 23.9 seconds.</h2>

$ sed s/uptimer/uptimer_BLUE/ uptimer.conf | docker exec --interactive reverse-proxy sh -c 'cat > /etc/nginx/conf.d/default.conf'

$ docker exec reverse-proxy cat /etc/nginx/conf.d/default.conf
server {
    listen 80;
    location / {
        proxy_pass http://uptimer_BLUE:8080;
    }
}

$ docker exec reverse-proxy nginx -s reload
2020/06/25 21:22:23 [notice] 68#68: signal process started

$ wget -qO- http://localhost
<h2>Uptimer v2.0 is running for 63.4 seconds.</h2>

$ docker rm -f uptimer
uptimer

$ wget -qO- http://localhost
<h2>Uptimer v2.0 is running for 84.8 seconds.</h2>

$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                NAMES
96932d4ca97a        uptimer             "python -u ./app.py"     About a minute ago   Up About a minute   8080/tcp             uptimer_BLUE
80695a822c19        nginx:alpine        "/docker-entrypoint.…"   8 minutes ago        Up 8 minutes        0.0.0.0:80->80/tcp   reverse-proxy

Aig an ìre seo, tha an ìomhaigh air a thogail gu dìreach air an fhrithealaiche, a tha ag iarraidh gum bi na stòran tagraidh ann, agus cuideachd a 'luchdachadh an fhrithealaiche le obair neo-riatanach. Is e an ath cheum an co-chruinneachadh ìomhaigh a riarachadh gu inneal air leth (mar eisimpleir, gu siostam CI) agus an uairsin a ghluasad chun t-seirbheisiche.

A’ gluasad dhealbhan

Gu mì-fhortanach, chan eil e ciallach dealbhan a ghluasad bho localhost gu localhost, mar sin chan urrainnear an roinn seo a sgrùdadh ach ma tha dà aoigh agad le Docker ri làimh. Aig a 'char as lugha tha e a' coimhead rudeigin mar seo:

$ ssh production-server docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

$ docker image save uptimer | ssh production-server 'docker image load'
Loaded image: uptimer:latest

$ ssh production-server docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
uptimer             latest              1d56897841ec        5 minutes ago       78.9MB

sgioba docker save a’ sàbhaladh dàta na h-ìomhaigh ann an tasglann .tar, a’ ciallachadh gu bheil cuideam timcheall air 1.5 uair nas motha na bhiodh e ann an cruth teann. Mar sin crathadh sinn e ann an ainm sàbhaladh ùine agus trafaic:

$ docker image save uptimer | gzip | ssh production-server 'zcat | docker image load'
Loaded image: uptimer:latest

Faodaidh tu cuideachd sùil a chumail air a’ phròiseas luchdachadh sìos (ged a dh’ fheumas seo goireas treas-phàrtaidh):

$ docker image save uptimer | gzip | pv | ssh production-server 'zcat | docker image load'
25,7MiB 0:01:01 [ 425KiB/s] [                   <=>    ]
Loaded image: uptimer:latest

Gliocas: Ma tha feum agad air dòrlach de pharamadairean gus ceangal ri frithealaiche tro SSH, is dòcha nach eil thu a’ cleachdadh am faidhle ~/.ssh/config.

A 'gluasad an dealbh tro docker image save/load - Is e seo an dòigh as ìsle, ach chan e an aon fhear. Tha feadhainn eile ann:

1. Clàradh Container (inbhe gnìomhachais).
2. Ceangail ri frithealaiche daemon docker bho òstair eile:
   1. caochladair àrainneachd DOCKER_HOST.
   2. Roghainn loidhne-àithne -H no --host inneal docker-compose.
   3. docker context

Tha an dàrna dòigh (le trì roghainnean airson a bhuileachadh) air a mhìneachadh gu math san artaigil Mar a chleachdas tu air luchd-aoigheachd Docker iomallach le docker-compose.

deploy.sh

A-nis cruinnichidh sinn a h-uile dad a rinn sinn le làimh ann an aon sgriobt. Feuch an tòisich sinn leis a’ ghnìomh àrd-ìre, agus an uairsin coimhead air an fheadhainn eile a thathas a’ cleachdadh ann.

Teicneòlasan inntinneach

• ${parameter?err_msg} - aon de na geasan draoidheachd bash (aka ionadachadh paramadair). Ma tha parameter neo-ainmichte, toradh err_msg agus falbh le còd 1.
• docker --log-driver journald - gu gnàthach, is e faidhle teacsa a th’ ann an draibhear logadh docker gun cuairteachadh sam bith. Leis an dòigh-obrach seo, bidh na logaichean gu sgiobalta a’ lìonadh an diosc gu lèir, agus mar sin airson àrainneachd cinneasachaidh feumar an draibhear atharrachadh gu bhith nas buige.

Sgriobt cleachdadh

deploy() {
    local usage_msg="Usage: ${FUNCNAME[0]} image_name"
    local image_name=${1?$usage_msg}

    ensure-reverse-proxy || return 2
    if get-active-slot $image_name
    then
        local OLD=${image_name}_BLUE
        local new_slot=GREEN
    else
        local OLD=${image_name}_GREEN
        local new_slot=BLUE
    fi
    local NEW=${image_name}_${new_slot}
    echo "Deploying '$NEW' in place of '$OLD'..."
    docker run 
        --detach 
        --restart always 
        --log-driver journald 
        --name $NEW 
        --network web-gateway 
        $image_name || return 3
    echo "Container started. Checking health..."
    for i in {1..20}
    do
        sleep 1
        if get-service-status $image_name $new_slot
        then
            echo "New '$NEW' service seems OK. Switching heads..."
            sleep 2  # Ensure service is ready
            set-active-slot $image_name $new_slot || return 4
            echo "'$NEW' service is live!"
            sleep 2  # Ensure all requests were processed
            echo "Killing '$OLD'..."
            docker rm -f $OLD
            docker image prune -f
            echo "Deployment successful!"
            return 0
        fi
        echo "New '$NEW' service is not ready yet. Waiting ($i)..."
    done
    echo "New '$NEW' service did not raise, killing it. Failed to deploy T_T"
    docker rm -f $NEW
    return 5
}

Feartan air an cleachdadh:

• ensure-reverse-proxy - Dèan cinnteach gu bheil an neach-ionaid cùil ag obair (feumail airson a’ chiad chleachdadh)
• get-active-slot service_name - Co-dhùnadh dè an slot a tha gnìomhach an-dràsta airson seirbheis sònraichte (BLUE no GREEN)
• get-service-status service_name deployment_slot - Co-dhùnadh a bheil an t-seirbheis deiseil gus dèiligeadh ri iarrtasan a tha a’ tighinn a-steach
• set-active-slot service_name deployment_slot - Ag atharrachadh an rèiteachadh nginx anns a’ bhogsa proxy cùil

Ann an òrdugh:

ensure-reverse-proxy() {
    is-container-up reverse-proxy && return 0
    echo "Deploying reverse-proxy..."
    docker network create web-gateway
    docker run 
        --detach 
        --restart always 
        --log-driver journald 
        --name reverse-proxy 
        --network web-gateway 
        --publish 80:80 
        nginx:alpine || return 1
    docker exec --interactive reverse-proxy sh -c "> /etc/nginx/conf.d/default.conf"
    docker exec reverse-proxy nginx -s reload
}

is-container-up() {
    local container=${1?"Usage: ${FUNCNAME[0]} container_name"}

    [ -n "$(docker ps -f name=${container} -q)" ]
    return $?
}

get-active-slot() {
    local service=${1?"Usage: ${FUNCNAME[0]} service_name"}

    if is-container-up ${service}_BLUE && is-container-up ${service}_GREEN; then
        echo "Collision detected! Stopping ${service}_GREEN..."
        docker rm -f ${service}_GREEN
        return 0  # BLUE
    fi
    if is-container-up ${service}_BLUE && ! is-container-up ${service}_GREEN; then
        return 0  # BLUE
    fi
    if ! is-container-up ${service}_BLUE; then
        return 1  # GREEN
    fi
}

get-service-status() {
    local usage_msg="Usage: ${FUNCNAME[0]} service_name deployment_slot"
    local service=${1?usage_msg}
    local slot=${2?$usage_msg}

    case $service in
        # Add specific healthcheck paths for your services here
        *) local health_check_port_path=":8080/" ;;
    esac
    local health_check_address="http://${service}_${slot}${health_check_port_path}"
    echo "Requesting '$health_check_address' within the 'web-gateway' docker network:"
    docker run --rm --network web-gateway alpine 
        wget --timeout=1 --quiet --server-response $health_check_address
    return $?
}

set-active-slot() {
    local usage_msg="Usage: ${FUNCNAME[0]} service_name deployment_slot"
    local service=${1?$usage_msg}
    local slot=${2?$usage_msg}
    [ "$slot" == BLUE ] || [ "$slot" == GREEN ] || return 1

    get-nginx-config $service $slot | docker exec --interactive reverse-proxy sh -c "cat > /etc/nginx/conf.d/$service.conf"
    docker exec reverse-proxy nginx -t || return 2
    docker exec reverse-proxy nginx -s reload
}

gnìomh get-active-slot feumach air beagan mìneachaidh:

Carson a thilleas e àireamh agus nach cuir e a-mach sreang?

Co-dhiù, anns a’ ghnìomh gairm bidh sinn a’ sgrùdadh toradh na h-obrach aige, agus tha e tòrr nas fhasa sgrùdadh a dhèanamh air còd fàgail a’ cleachdadh bash na bhith a’ sgrùdadh sreang. A bharrachd air an sin, tha e glè shìmplidh sreang fhaighinn bhuaithe:
get-active-slot service && echo BLUE || echo GREEN.

A bheil trì cumhaichean dha-rìribh gu leòr airson a h-uile stàit a chomharrachadh?

Bidh eadhon dhà gu leòr, tha am fear mu dheireadh an seo dìreach airson iomlanachd, gus nach sgrìobh thu else.

Chan eil ach an gnìomh a thilleas configs nginx fhathast neo-mhìnichte: get-nginx-config service_name deployment_slot. Le samhlachas le sgrùdadh slàinte, an seo faodaidh tu rèiteachadh sam bith a shuidheachadh airson seirbheis sam bith. De na rudan inntinneach - a-mhàin cat <<- EOF, a leigeas leat na tabaichean gu lèir a thoirt air falbh aig an toiseach. Fìor, tha prìs cruth math nan tabaichean measgaichte le àiteachan, a tha an-diugh air a mheas mar chruth fìor dhona. Ach feachdan bash tabaichean, agus bhiodh e math cuideachd cruth àbhaisteach a bhith agad ann an config nginx. Ann an ùine ghoirid, tha e coltach gur e measgachadh tabaichean le àiteachan an seo am fuasgladh as fheàrr a-mach às an fheadhainn as miosa. Ach, chan fhaic thu seo anns a’ chriomag gu h-ìosal, leis gu bheil Habr “ga dhèanamh gu math” le bhith ag atharrachadh a h-uile taba gu 4 àiteachan agus a’ dèanamh EOF neo-dhligheach. Agus an seo tha e follaiseach.

Gus nach èirich thu dà uair, innsidh mi dhut sa bhad mu dheidhinn cat << 'EOF', a thachras nas fhaide air adhart. Ma sgrìobhas tu gu sìmplidh cat << EOF, an uairsin taobh a-staigh heredoc tha an sreang air a h-eadar-shìneadh (tha caochladairean air an leudachadh ($foo), gairmean àithne ($(bar)) msaa), agus ma cheanglas tu deireadh na sgrìobhainn ann an luachan singilte, tha eadar-aghaidh ciorramach agus an samhla $ air a thaisbeanadh mar a tha. Na dh'fheumas tu airson sgriobt a chuir a-steach taobh a-staigh sgriobt eile.

get-nginx-config() {
    local usage_msg="Usage: ${FUNCNAME[0]} service_name deployment_slot"
    local service=${1?$usage_msg}
    local slot=${2?$usage_msg}
    [ "$slot" == BLUE ] || [ "$slot" == GREEN ] || return 1

    local container_name=${service}_${slot}
    case $service in
        # Add specific nginx configs for your services here
        *) nginx-config-simple-service $container_name:8080 ;;
    esac
}

nginx-config-simple-service() {
    local usage_msg="Usage: ${FUNCNAME[0]} proxy_pass"
    local proxy_pass=${1?$usage_msg}

cat << EOF
server {
    listen 80;
    location / {
        proxy_pass http://$proxy_pass;
    }
}
EOF
}

Is e seo an sgriobt gu lèir. Agus mar sin gnothuch leis an sgriobtur so airson luchdachadh sìos tro wget no curl.

A’ cur an gnìomh sgriobtaichean parameterized air frithealaiche iomallach

Tha an t-àm ann bualadh air an fhrithealaiche targaid. An turas seo localhost gu math freagarrach:

$ ssh-copy-id localhost
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
himura@localhost's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'localhost'"
and check to make sure that only the key(s) you wanted were added.

Tha sinn air sgriobt cleachdadh a sgrìobhadh a bhios a’ luchdachadh sìos ìomhaigh ro-thogte chun t-seirbheisiche targaid agus a’ dol an àite inneal na seirbheis gu sgiobalta, ach ciamar as urrainn dhuinn a chuir an gnìomh air inneal iomallach? Tha argamaidean aig an sgriobt, leis gu bheil e uile-choitcheann agus faodaidh e grunn sheirbheisean a chleachdadh aig an aon àm fo aon neach-ionaid cùil (faodaidh tu configs nginx a chleachdadh gus faighinn a-mach dè an url a bhios ann dè an t-seirbheis). Chan urrainnear an sgriobt a stòradh air an fhrithealaiche, oir sa chùis seo cha bhith e comasach dhuinn ùrachadh gu fèin-ghluasadach (airson fuasgladh bug agus seirbheisean ùra a chuir ris), agus san fharsaingeachd, stàite = olc.

Solution 1: Stèidhich an sgriobt fhathast air an fhrithealaiche, ach dèan lethbhreac dheth a h-uile turas troimhe scp. An uairsin ceangail tro ssh agus cuir an gnìomh an sgriobt leis na h-argamaidean riatanach.

Cons:

• Dà ghnìomh an àite aon
• Is dòcha nach bi àite ann far an dèan thu leth-bhreac, no dh’ fhaodadh nach bi cothrom ann air, no faodar an sgriobt a chuir gu bàs aig àm an neach-ionaid.
• Tha e ciallach glanadh às do dhèidh fhèin (cuir às don sgriobt).
• Mar-thà trì gnìomhan.

Solution 2:

• Cùm dìreach mìneachaidhean gnìomh san sgriobt agus na ruith dad idir
• Le cuideachadh bho sed cuir gairm gnìomh gu deireadh
• Cuir a h-uile càil gu dìreach gu shh tro phìob (|)

Pros:

• Dìreach gun stàit
• Gun aonadan boilerplate
• A' faireachdainn fionnar

Dèanamaid dìreach e às aonais Ansible. Tha, tha a h-uile dad air a chruthachadh mar-thà. Seadh, baidhsagal. Seall cho sìmplidh, eireachdail agus as ìsle a tha am baidhc:

$ cat << 'EOF' > deploy.sh

#!/bin/bash

usage_msg="Usage: $0 ssh_address local_image_tag"
ssh_address=${1?$usage_msg}
image_name=${2?$usage_msg}

echo "Connecting to '$ssh_address' via ssh to seamlessly deploy '$image_name'..."
( sed "$a deploy $image_name" | ssh -T $ssh_address ) << 'END_OF_SCRIPT'
deploy() {
    echo "Yay! The '${FUNCNAME[0]}' function is executing on '$(hostname)' with argument '$1'"
}
END_OF_SCRIPT

EOF

$ chmod +x deploy.sh

$ ./deploy.sh localhost magic-porridge-pot
Connecting to localhost...
Yay! The 'deploy' function is executing on 'hut' with argument 'magic-porridge-pot'

Ach, chan urrainn dhuinn a bhith cinnteach gu bheil bash iomchaidh aig an aoigh iomallach, agus mar sin cuiridh sinn seic beag ris aig an toiseach (tha seo an àite sligean):

if [ "$SHELL" != "/bin/bash" ]
then
    echo "The '$SHELL' shell is not supported by 'deploy.sh'. Set a '/bin/bash' shell for '$USER@$HOSTNAME'."
    exit 1
fi

Agus a-nis tha e fìor:

$ docker exec reverse-proxy rm /etc/nginx/conf.d/default.conf

$ wget -qO deploy.sh https://git.io/JUURc

$ chmod +x deploy.sh

$ ./deploy.sh localhost uptimer
Sending gzipped image 'uptimer' to 'localhost' via ssh...
Loaded image: uptimer:latest
Connecting to 'localhost' via ssh to seamlessly deploy 'uptimer'...
Deploying 'uptimer_GREEN' in place of 'uptimer_BLUE'...
06f5bc70e9c4f930e7b1f826ae2ca2f536023cc01e82c2b97b2c84d68048b18a
Container started. Checking health...
Requesting 'http://uptimer_GREEN:8080/' within the 'web-gateway' docker network:
  HTTP/1.0 503 Service Unavailable
wget: server returned error: HTTP/1.0 503 Service Unavailable
New 'uptimer_GREEN' service is not ready yet. Waiting (1)...
Requesting 'http://uptimer_GREEN:8080/' within the 'web-gateway' docker network:
  HTTP/1.0 503 Service Unavailable
wget: server returned error: HTTP/1.0 503 Service Unavailable
New 'uptimer_GREEN' service is not ready yet. Waiting (2)...
Requesting 'http://uptimer_GREEN:8080/' within the 'web-gateway' docker network:
  HTTP/1.0 200 OK
  Server: BaseHTTP/0.6 Python/3.8.3
  Date: Sat, 22 Aug 2020 20:15:50 GMT
  Content-Type: text/html

New 'uptimer_GREEN' service seems OK. Switching heads...
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
2020/08/22 20:15:54 [notice] 97#97: signal process started
The 'uptimer_GREEN' service is live!
Killing 'uptimer_BLUE'...
uptimer_BLUE
Total reclaimed space: 0B
Deployment successful!

A-nis faodaidh tu fhosgladh http://localhost/ sa bhrobhsair, ruith an cleachdadh a-rithist agus dèan cinnteach gun ruith e gu sgiobalta le bhith ag ùrachadh na duilleige a rèir an CD rè an cruth.

Na dì-chuimhnich glanadh às deidh obair: 3

$ docker rm -f uptimer_GREEN reverse-proxy 
uptimer_GREEN
reverse-proxy

$ docker network rm web-gateway 
web-gateway

$ cd ..

$ rm -r blue-green-deployment

Source: www.habr.com