Ba da dadewa ba na buƙaci rubuta littattafan wasan kwaikwayo da yawa masu yiwuwa don shirya uwar garken don ƙaddamar da aikace-aikacen Rails. Kuma, abin mamaki, ban sami jagorar mataki-by-steki mai sauƙi ba. Ba na so in kwafi littafin wasan kwaikwayo na wani ba tare da fahimtar abin da ke faruwa ba, kuma a ƙarshe dole in karanta takardun, tattara duk abin da kaina. Wataƙila zan iya taimaka wa wani ya hanzarta wannan tsari tare da taimakon wannan labarin.
Abu na farko da za ku fahimta shi ne cewa mai yiwuwa yana ba ku damar dubawa mai dacewa don aiwatar da jerin ayyuka da aka ƙayyade akan sabar (s) mai nisa ta hanyar SSH. Babu wani sihiri a nan, ba za ku iya shigar da plugin ɗin ba kuma ku sami raguwar lokacin aiki na aikace-aikacenku tare da docker, saka idanu da sauran abubuwan alheri daga cikin akwatin. Domin rubuta littafin wasan kwaikwayo, dole ne ku san ainihin abin da kuke son yi da yadda ake yi. Shi ya sa ban gamsu da shirye-shiryen littattafan wasan kwaikwayo daga GitHub ba, ko labarai kamar: "Kwafi da gudu, zai yi aiki."
Me muke bukata?
Kamar yadda na fada a baya, don rubuta littafin wasan kwaikwayo kuna buƙatar sanin abin da kuke son yi da yadda ake yi. Bari mu yanke shawarar abin da muke bukata. Don aikace-aikacen Rails za mu buƙaci fakitin tsarin da yawa: nginx, postgresql (redis, da sauransu). Bugu da ƙari, muna buƙatar takamaiman nau'in ruby. Zai fi kyau shigar da shi ta hanyar rbenv (rvm, asdf...). Gudun duk wannan a matsayin tushen mai amfani koyaushe mummunan ra'ayi ne, don haka kuna buƙatar ƙirƙirar mai amfani daban kuma saita haƙƙinsa. Bayan wannan, kuna buƙatar loda lambar mu zuwa uwar garken, kwafi abubuwan daidaitawa don nginx, postgres, da sauransu kuma fara duk waɗannan ayyukan.
Sakamakon haka, jerin ayyuka sune kamar haka:
- Shiga a matsayin tushen
- shigar da fakitin tsarin
- ƙirƙirar sabon mai amfani, saita haƙƙoƙin, maɓallin ssh
- saita fakitin tsarin (nginx da sauransu) kuma gudanar da su
- Mun ƙirƙiri mai amfani a cikin bayanan (zaku iya ƙirƙirar bayanai nan da nan)
- Shiga azaman sabon mai amfani
- Sanya rbenv da ruby
- Shigar da bundler
- Ana loda lambar aikace-aikacen
- Ana ƙaddamar da uwar garken Puma
Bugu da ƙari, ana iya yin matakai na ƙarshe ta amfani da capistrano, aƙalla daga cikin akwatin yana iya kwafin lamba zuwa cikin kundayen adireshi, canza sakin tare da alamar haɗin gwiwa kan ƙaddamar da nasara, kwafi saiti daga kundin adireshi, sake kunna puma, da sauransu. Ana iya yin wannan duka ta amfani da Mai yiwuwa, amma me yasa?
Tsarin fayil
Mai yiwuwa yana da tsauri don duk fayilolinku, don haka yana da kyau a ajiye su duka a cikin wani kundin adireshi daban. Bugu da ƙari, ba shi da mahimmanci ko zai kasance a cikin aikace-aikacen rails kanta, ko kuma daban. Kuna iya adana fayiloli a cikin ma'ajiyar git daban. Da kaina, na sami ya fi dacewa don ƙirƙirar kundin adireshi mai yiwuwa a cikin/daidaita adireshin aikace-aikacen dogo da adana komai a cikin ma'ajiya ɗaya.
Littafin Play Mai Sauƙi
Playbook fayil ne na yml wanda, ta amfani da syntax na musamman, yana bayyana abin da Mai yiwuwa ya kamata yayi da kuma yadda. Bari mu ƙirƙiri littafin wasan kwaikwayo na farko wanda ba ya yin komai:
---
- name: Simple playbook
hosts: allAnan kawai mu ce ana kiran littafin wasan mu Simple Playbook kuma abin da ke ciki ya kamata a aiwatar da shi ga duk runduna. Za mu iya ajiye shi a cikin / directory mai yiwuwa tare da sunan playbook.yml kuma gwada gudu:
ansible-playbook ./playbook.yml
PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matchedMai yiwuwa ya ce bai san kowane runduna da suka dace da duk jerin ba. Dole ne a jera su a cikin na musamman .
Bari mu ƙirƙira shi a cikin kundin adireshi guda ɗaya:
123.123.123.123Wannan shine yadda kawai muke ayyana mai watsa shiri (mafi dacewa mai watsa shiri na VPS don gwaji, ko zaku iya yin rijistar localhost) kuma adana shi a ƙarƙashin sunan inventory.
Kuna iya gwada aiki mai yiwuwa tare da fayil ɗin ƙira:
ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************
PLAY RECAP ************************************************************************************************************************************Idan kuna da damar ssh zuwa ƙayyadadden mai watsa shiri, to mai yiwuwa zai haɗa da tattara bayanai game da tsarin nesa. (Tsohowar Aiki [Gabarun Tattaunawa]) bayan haka zai ba da taƙaitaccen rahoto game da aiwatar da (PLAY RECAP).
Ta hanyar tsoho, haɗin yana amfani da sunan mai amfani wanda a ƙarƙashinsa kake shiga cikin tsarin. Wataƙila ba zai kasance akan mai watsa shiri ba. A cikin fayil ɗin playbook, zaku iya tantance mai amfani da zaku yi amfani da shi don haɗawa ta amfani da umarnin mai amfani da remote_user. Hakanan, bayanai game da tsarin nesa na iya zama ba makawa sau da yawa kuma bai kamata ka ɓata lokacin tattara shi ba. Hakanan za'a iya kashe wannan aikin:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: noGwada sake kunna littafin wasan kuma tabbatar cewa haɗin yana aiki. (Idan kun ayyana tushen mai amfani, to, kuna buƙatar ƙididdige zama: umarni na gaskiya don samun haƙƙoƙi masu girma. Kamar yadda aka rubuta a cikin takaddun: become set to ‘true’/’yes’ to activate privilege escalation. ko da yake ba a bayyana cikakken dalilin ba).
Wataƙila za ku sami kuskuren da ya haifar da gaskiyar cewa mai yiwuwa ba zai iya tantance fassarar Python ba, sannan zaku iya tantance shi da hannu:
ansible_python_interpreter: /usr/bin/python3 Kuna iya gano inda kuke da Python tare da umarnin whereis python.
Shigar da fakitin tsarin
Daidaitaccen rarrabawar Ansible ya haɗa da kayayyaki da yawa don aiki tare da fakitin tsarin daban-daban, don haka ba lallai ne mu rubuta rubutun bash ba saboda kowane dalili. Yanzu muna buƙatar ɗayan waɗannan samfuran don sabunta tsarin kuma shigar da fakitin tsarin. Ina da Ubuntu Linux akan VPS na, don haka don shigar da fakitin da nake amfani da su apt-get и . Idan kuna amfani da tsarin aiki daban, to kuna iya buƙatar wani nau'i daban (tuna, na ce a farkon cewa muna buƙatar sanin a gaba abin da kuma yadda za mu yi). Koyaya, ƙila za a yi kamanceceniya da juna.
Bari mu ƙara littafin wasanmu da ayyuka na farko:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: presentAiki shine ainihin aikin da Mai yiwuwa zai yi akan sabobin nesa. Muna ba aikin suna don mu iya bin diddigin aiwatar da shi a cikin log ɗin. Kuma mun bayyana, ta yin amfani da haɗin gwiwar wani takamaiman module, abin da yake buƙatar yin. A wannan yanayin apt: update_cache=yes - ya ce don sabunta fakitin tsarin ta amfani da tsarin da ya dace. Umarni na biyu ya ɗan fi rikitarwa. Mun wuce jerin fakiti zuwa tsarin da ya dace kuma mu ce suna state kamata ya zama present, wato, mun ce shigar da waɗannan fakitin. Hakazalika, za mu iya gaya musu su share su, ko sabunta su ta hanyar canza su kawai state. Lura cewa don layin dogo suyi aiki tare da postgresql muna buƙatar kunshin postgresql-contrib, wanda muke shigarwa yanzu. Har ila yau, kuna buƙatar sani kuma ku yi wannan; mai yiwuwa a kan kansa ba zai yi wannan ba.
Gwada sake kunna littafin wasan kuma duba cewa an shigar da fakitin.
Ƙirƙirar sababbin masu amfani.
Don aiki tare da masu amfani, Ansible kuma yana da module - mai amfani. Bari mu ƙara ɗawainiya ɗaya (Na ɓoye abubuwan da aka riga aka sani na littafin wasan bayan sharhin don kar in kwafa shi gaba ɗaya kowane lokaci):
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: my_user
shell: /bin/bash
password: "{{ 123qweasd | password_hash('sha512') }}"Mun ƙirƙiri sabon mai amfani, saita schell da kalmar sirri don shi. Sannan mun fuskanci matsaloli da dama. Menene idan sunayen masu amfani suna buƙatar bambanta ga runduna daban-daban? Kuma adana kalmar sirri a cikin bayyanannen rubutu a cikin littafin wasa mummunan tunani ne. Da farko, bari mu sanya sunan mai amfani da kalmar sirri a cikin masu canji, kuma zuwa ƙarshen labarin zan nuna yadda ake ɓoye kalmar sirri.
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"Ana saita sauye-sauye a cikin littattafan wasan kwaikwayo ta amfani da takalmin gyaran kafa mai lanƙwasa sau biyu.
Za mu nuna ƙimar masu canji a cikin fayil ɗin kaya:
123.123.123.123
[all:vars]
user=my_user
user_password=123qweasdDa fatan za a kula da umarnin [all:vars] - ya ce toshe na gaba na rubutu shine masu canji (vars) kuma sun dace da duk runduna (duk).
Tsarin kuma yana da ban sha'awa "{{ user_password | password_hash('sha512') }}". Abun shine cewa mai yiwuwa ba ya shigar da mai amfani ta hanyar user_add kamar za ku yi da hannu. Kuma yana adana duk bayanan kai tsaye, wanda shine dalilin da ya sa dole ne mu canza kalmar sirri zuwa zanta a gaba, abin da wannan umarni ke yi.
Bari mu ƙara mai amfani da mu zuwa rukunin sudo. Duk da haka, kafin wannan muna bukatar mu tabbatar da cewa akwai irin wannan rukuni domin babu wanda zai yi mana haka:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"Komai abu ne mai sauqi qwarai, muna kuma da tsarin rukuni don ƙirƙirar ƙungiyoyi, tare da ma'auni mai kama da dacewa. Sannan ya isa ayi rijistar wannan group ga mai amfani (groups: "sudo").
Hakanan yana da amfani don ƙara maɓallin ssh ga wannan mai amfani don mu iya shiga ta amfani da shi ba tare da kalmar sirri ba:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentA wannan yanayin, zane yana da ban sha'awa "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - yana kwafin abubuwan da ke cikin fayil id_rsa.pub (sunan ku na iya bambanta), wato, ɓangaren jama'a na maɓallin ssh kuma a loda shi zuwa jerin maɓallan izini na mai amfani akan sabar.
Matsayi
Dukkan ayyuka guda uku don ƙirƙirar amfani ana iya rarraba su cikin sauƙi zuwa rukuni ɗaya na ayyuka, kuma yana da kyau a adana wannan rukunin daban daga babban littafin wasan don kada ya girma da yawa. Don wannan dalili, Ansible yana da .
Dangane da tsarin fayil ɗin da aka nuna a farkon farkon, dole ne a sanya matsayi a cikin kundin tsarin ayyuka daban, ga kowane rawar akwai kundin adireshi daban tare da suna iri ɗaya, a cikin ayyukan, fayiloli, samfura, da sauransu.
Bari mu ƙirƙiri tsarin fayil: ./ansible/roles/user/tasks/main.yml (babban shine babban fayil ɗin da za a lodawa da aiwatar da shi lokacin da aka haɗa rawar da littafin wasan kwaikwayo; ana iya haɗa sauran fayilolin rawar da shi). Yanzu zaku iya canja wurin duk ayyukan da suka shafi mai amfani zuwa wannan fayil:
# Create user and add him to groups
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentA cikin babban littafin wasa, dole ne ka saka don amfani da rawar mai amfani:
---
- name: Simple playbook
hosts: all
remote_user: root
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: present
roles:
- userHakanan, yana iya zama ma'ana don sabunta tsarin kafin duk sauran ayyuka; don yin wannan, zaku iya sake suna toshe tasks wanda a ciki aka ayyana su pre_tasks.
Saita nginx
Ya kamata mu riga mun shigar da Nginx; muna buƙatar saita shi kuma mu gudanar da shi. Bari mu yi shi nan da nan a cikin rawar. Bari mu ƙirƙiri tsarin fayil:
- ansible
- roles
- nginx
- files
- tasks
- main.yml
- templatesYanzu muna buƙatar fayiloli da samfuri. Bambance-bambancen da ke tsakanin su shine mai yiwuwa kwafin fayilolin kai tsaye, kamar yadda yake. Kuma samfura dole ne su sami tsawo na j2 kuma za su iya amfani da ƙima mai mahimmanci ta amfani da takalmin gyaran kafa guda biyu iri ɗaya.
Bari mu kunna nginx in main.yml fayil. Don wannan muna da tsarin tsarin:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yesAnan ba kawai muna cewa dole ne a fara nginx ba (wato, mun ƙaddamar da shi), amma nan da nan muka ce dole ne a kunna shi.
Yanzu bari mu kwafi fayilolin sanyi:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'Muna ƙirƙirar babban fayil na nginx (zaka iya ɗauka kai tsaye daga uwar garken, ko rubuta shi da kanka). Hakanan kuma fayil ɗin daidaitawa don aikace-aikacen mu a cikin rukunin yanar gizo_available (wannan ba lallai bane amma yana da amfani). A cikin yanayin farko, muna amfani da tsarin kwafi don kwafin fayiloli (dole ne fayil ɗin ya kasance a ciki /ansible/roles/nginx/files/nginx.conf). A cikin na biyu, muna kwafi samfuri, musanya dabi'u na masu canji. Samfurin ya kamata ya kasance a ciki /ansible/roles/nginx/templates/my_app.j2). Kuma yana iya kama wani abu kamar haka:
upstream {{ app_name }} {
server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name {{ server_name }} {{ inventory_hostname }};
root {{ app_path }}/current/public;
try_files $uri/index.html $uri.html $uri @{{ app_name }};
....
}Kula da abubuwan da aka saka {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} - Waɗannan su ne duk masu canji waɗanda ƙimarsu mai yiwuwa za ta musanya su cikin samfuri kafin a kwafi. Wannan yana da amfani idan kuna amfani da littafin wasa don ƙungiyoyin runduna daban-daban. Misali, za mu iya ƙara fayil ɗin kayan mu:
[production]
123.123.123.123
[staging]
231.231.231.231
[all:vars]
user=my_user
user_password=123qweasd
[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app
[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_appIdan yanzu mun ƙaddamar da littafin wasan mu, zai yi ƙayyadaddun ayyuka ga runduna biyu. Amma a lokaci guda, don mai masaukin baki, masu canji za su bambanta da masu samarwa, kuma ba kawai a cikin matsayi da littattafan wasanni ba, har ma a cikin nginx configs. {{ inventory_hostname }} ba a buƙatar kayyade shi a cikin fayil ɗin kaya - wannan sannan ana adana mai masaukin da littafin wasan kwaikwayo ke gudana a yanzu a wurin.
Idan kuna son samun fayil ɗin kaya don runduna da yawa, amma kawai kuna gudu don rukuni ɗaya, ana iya yin wannan tare da umarni mai zuwa:
ansible-playbook -i inventory ./playbook.yml -l "staging"Wani zaɓi kuma shine a sami fayiloli daban-daban na kaya don ƙungiyoyi daban-daban. Ko kuma kuna iya haɗa hanyoyin biyu idan kuna da runduna daban-daban da yawa.
Bari mu koma kafa nginx. Bayan kwafin fayilolin sanyi, muna buƙatar ƙirƙirar alamar haɗin gwiwa a cikin sitest_enabled zuwa my_app.conf daga rukunin yanar gizo_available. Kuma sake kunna nginx.
... # old code in mail.yml
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restartedKomai abu ne mai sauƙi a nan - sake madaidaitan kayayyaki tare da daidaitaccen ma'auni. Amma akwai batu guda. Babu ma'ana a sake kunna nginx kowane lokaci. Shin kun lura cewa ba ma rubuta umarni kamar: “yi haka kamar haka”, ma’anar kalma tana kama da “wannan yakamata ya sami wannan yanayin”. Kuma mafi sau da yawa wannan shi ne daidai yadda m aiki. Idan ƙungiyar ta riga ta wanzu, ko kuma an riga an shigar da kunshin tsarin, to mai yiwuwa zai bincika wannan kuma ya tsallake aikin. Hakanan, fayiloli ba za a kwafi ba idan sun yi daidai da abin da ke kan sabar. Za mu iya amfani da wannan kuma sake kunna nginx kawai idan an canza fayilolin sanyi. Akwai umarnin rajista don wannan:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
register: restart_nginx
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'
register: restart_nginx
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restarted
when: restart_nginx.changedIdan ɗaya daga cikin fayilolin sanyi ya canza, za'a yi kwafi kuma za'a yi rajistar mai canjin restart_nginx. Kuma idan an yi rajistar wannan canjin kawai za a sake kunna sabis ɗin.
Kuma, ba shakka, kuna buƙatar ƙara rawar nginx zuwa babban littafin wasan kwaikwayo.
Saita postgresql
Muna buƙatar kunna postgresql ta amfani da systemd kamar yadda muka yi tare da nginx, sannan mu ƙirƙiri mai amfani da za mu yi amfani da shi don shiga cikin bayanan da kuma bayanan kanta.
Bari mu kirkiro rawar /ansible/roles/postgresql/tasks/main.yml:
# Create user in postgresql
- name: enable postgresql and start
systemd:
name: postgresql
state: started
enabled: yes
- name: Create database user
become_user: postgres
postgresql_user:
name: "{{ db_user }}"
password: "{{ db_password }}"
role_attr_flags: SUPERUSER
- name: Create database
become_user: postgres
postgresql_db:
name: "{{ db_name }}"
encoding: UTF-8
owner: "{{ db_user }}"Ba zan bayyana yadda ake ƙara masu canji a cikin ƙididdiga ba, an riga an yi wannan sau da yawa, da kuma ma'anar postgresql_db da postgresql_user modules. Ana iya samun ƙarin bayani a cikin takaddun. Umarni mafi ban sha'awa anan shine become_user: postgres. Gaskiyar ita ce ta hanyar tsoho, mai amfani da postgres kawai yana da damar zuwa bayanan postgresql kuma kawai a cikin gida. Wannan umarnin yana ba mu damar aiwatar da umarni a madadin wannan mai amfani (idan muna da dama, ba shakka).
Hakanan, ƙila za ku ƙara layi zuwa pg_hba.conf don ba da damar sabon mai amfani zuwa bayanan bayanai. Ana iya yin wannan ta hanya ɗaya kamar yadda muka canza tsarin nginx.
Kuma ba shakka, kuna buƙatar ƙara rawar postgresql zuwa babban littafin wasan kwaikwayo.
Shigar da ruby ta hanyar rbenv
Mai yiwuwa ba shi da kayayyaki don aiki tare da rbenv, amma an shigar dashi ta hanyar cloning repository git. Saboda haka, wannan matsala ta zama mafi yawan marasa daidaituwa. Mu kirkiro mata rawar /ansible/roles/ruby_rbenv/main.yml kuma mu fara cikewa:
# Install rbenv and ruby
- name: Install rbenv
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenvMuna sake yin amfani da umarnin zama_user don yin aiki a ƙarƙashin mai amfani da muka ƙirƙira don waɗannan dalilai. Tun da an shigar da rbenv a cikin kundin adireshinsa, kuma ba a duniya ba. Kuma muna amfani da tsarin git don rufe ma'ajiyar, ƙayyade repo da dest.
Na gaba, muna buƙatar yin rajistar rbenv init a cikin bashrc kuma mu ƙara rbenv zuwa PATH a can. Don wannan muna da tsarin lineinfile:
- name: Add rbenv to PATH
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'
- name: Add rbenv init to bashrc
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'eval "$(rbenv init -)"'Sannan kuna buƙatar shigar da ruby_build:
- name: Install ruby-build
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-buildKuma a karshe shigar da ruby. Ana yin wannan ta hanyar rbenv, wato, kawai tare da umarnin bash:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
rbenv install {{ ruby_version }}
args:
executable: /bin/bashMu ce wace umarnin aiwatarwa kuma da me. Koyaya, a nan mun ci karo da gaskiyar cewa mai yiwuwa ba ya gudanar da lambar da ke cikin bashrc kafin gudanar da umarni. Wannan yana nufin cewa dole ne a bayyana rbenv kai tsaye a cikin rubutun iri ɗaya.
Matsala ta gaba ta kasance saboda gaskiyar cewa umarnin harsashi ba shi da wata jiha ta mahangar ma'ana. Wato, ba za a yi bincike ta atomatik ba ko an shigar da wannan sigar ruby ko a'a. Za mu iya yin wannan da kanmu:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
if ! rbenv versions | grep -q {{ ruby_version }}
then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
fi
args:
executable: /bin/bashAbin da ya rage shi ne shigar da bundler:
- name: Install bundler
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
gem install bundlerKuma sake, ƙara aikin mu ruby_rbenv zuwa babban littafin wasan kwaikwayo.
Fayilolin da aka raba.
Gabaɗaya, ana iya kammala saitin anan. Na gaba, duk abin da ya rage shi ne gudanar da capistrano kuma zai kwafi lambar kanta, ƙirƙirar kundayen adireshi da kuma ƙaddamar da aikace-aikacen (idan an daidaita komai daidai). Koyaya, capistrano galibi yana buƙatar ƙarin fayilolin sanyi, kamar database.yml ko .env Ana iya kwafi su kamar fayiloli da samfura don nginx. Akwai kawai dabara. Kafin yin kwafin fayiloli, kuna buƙatar ƙirƙirar tsarin shugabanci don su, wani abu kamar haka:
# Copy shared files for deploy
- name: Ensure shared dir
become_user: "{{ user }}"
file:
path: "{{ app_path }}/shared/config"
state: directorymun ƙayyade kundin adireshi ɗaya kawai kuma mai yiwuwa zai ƙirƙiri iyaye ta atomatik idan ya cancanta.
Mai yiwuwa Vault
Mun riga mun ci karo da gaskiyar cewa masu canji na iya ƙunsar bayanan sirri kamar kalmar sirrin mai amfani. Idan kun halitta .env fayil don aikace-aikacen, kuma database.yml to dole ne a sami ƙarin irin waɗannan mahimman bayanai. Zai yi kyau a ɓoye su daga idanu masu zazzagewa. Don wannan dalili ana amfani dashi .
Bari mu ƙirƙiri fayil don masu canji /ansible/vars/all.yml (a nan zaku iya ƙirƙirar fayiloli daban-daban don ƙungiyoyin runduna daban-daban, kamar a cikin fayil ɗin ƙira: production.yml, staging.yml, da sauransu).
Duk masu canji waɗanda dole ne a rufaffen su dole ne a canza su zuwa wannan fayil ta amfani da madaidaicin yml syntax:
# System vars
user_password: 123qweasd
db_password: 123qweasd
# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_baseBayan haka ana iya ɓoye wannan fayil ɗin tare da umarnin:
ansible-vault encrypt ./vars/all.ymlA zahiri, lokacin ɓoyewa, kuna buƙatar saita kalmar sirri don yankewa. Kuna iya ganin abin da zai kasance a cikin fayil ɗin bayan kiran wannan umarni.
Tare da taimakon ansible-vault decrypt Ana iya ɓata fayil ɗin, gyara sannan kuma a sake rufaffen ɓoyayyen fayil ɗin.
Ba kwa buƙatar ɓata fayil ɗin don yin aiki. Kuna adana shi a ɓoye kuma ku gudanar da littafin wasan tare da hujja --ask-vault-pass. Mai yiwuwa zai nemi kalmar sirri, dawo da masu canji, kuma ya aiwatar da ayyuka. Duk bayanan za su kasance a rufaffen.
Cikakken umarnin don ƙungiyoyin runduna da yawa da vault mai yiwuwa zai yi kama da wani abu kamar haka:
ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-passAmma ba zan ba ku cikakken rubutun littattafan wasan kwaikwayo da rawar ba, rubuta da kanku. Domin mai yiwuwa haka ne - idan ba ku fahimci abin da ya kamata a yi ba, to ba zai yi muku ba.
source: www.habr.com