ProHoster > Pūnaewele > Nā Administration > Hoʻonohonoho i kahi kikowaena no ka hoʻokau ʻana i kahi noi Rails me ka hoʻohana ʻana iā Ansible

Hoʻonohonoho i kahi kikowaena no ka hoʻokau ʻana i kahi noi Rails me ka hoʻohana ʻana iā Ansible

ʻAʻole i liʻuliʻu, pono wau e kākau i kekahi mau puke pāʻani Ansible e hoʻomākaukau i ke kikowaena no ka hoʻohana ʻana i kahi noi Rails. A he mea kupanaha, ʻaʻole i loaʻa iaʻu kahi manual step-by-step maʻalahi. ʻAʻole wau i makemake e kope i ka puke pāʻani a kekahi me ka ʻike ʻole i ka mea e hana nei, a i ka hopena, pono wau e heluhelu i nā palapala, e hōʻiliʻili i nā mea āpau iaʻu iho. Hiki paha iaʻu ke kōkua i kekahi e wikiwiki i kēia kaʻina hana me ke kōkua o kēia ʻatikala.

ʻO ka mea mua e hoʻomaopopo ai, ʻo ka ansible e hāʻawi iā ʻoe i kahi interface kūpono e hana i kahi papa inoa o nā hana i koho mua ʻia ma kahi kikowaena mamao ma o SSH. ʻAʻohe mea kilokilo ma ʻaneʻi, ʻaʻole hiki iā ʻoe ke hoʻokomo i kahi plugin a loaʻa i kahi zero downtime deployment o kāu noi me ka docker, ka nānā ʻana a me nā mea maikaʻi ʻē aʻe ma waho o ka pahu. No ke kākau ʻana i kahi puke pāʻani, pono ʻoe e ʻike i ka mea āu e makemake ai e hana a pehea e hana ai. ʻO ia ke kumu ʻaʻole au ʻoluʻolu i nā puke pāʻani mākaukau mai GitHub, a i ʻole nā ​​​​ʻatikala e like me: "Kopi a holo, e hana ia."

He aha mākou e pono ai?

E like me kaʻu i ʻōlelo ai, i mea e kākau ai i kahi puke pāʻani pono ʻoe e ʻike i kāu mea e makemake ai e hana a pehea e hana ai. E hoʻoholo kākou i nā mea e pono ai. No kahi noi Rails, pono mākou i nā ʻōnaehana ʻōnaehana: nginx, postgresql (redis, etc.). Eia hou, pono mākou i kahi mana kiko'ī o ruby. ʻOi aku ka maikaʻi e hoʻokomo iā ia ma o rbenv (rvm, asdf...). ʻO ka holo ʻana i kēia mau mea ma ke ʻano he mea hoʻohana kumu he manaʻo maikaʻi ʻole, no laila pono ʻoe e hana i kahi mea hoʻohana kaʻawale a hoʻonohonoho i kāna mau pono. Ma hope o kēia, pono ʻoe e hoʻouka i kā mākou code i ka kikowaena, kope i nā configs no nginx, postgres, etc a hoʻomaka i kēia mau lawelawe āpau.

ʻO ka hopena, ʻo ke kaʻina o nā hana penei:

  1. E komo ma ke ano he kumu
  2. hoʻokomo i nā pūʻolo ʻōnaehana
  3. hana i mea hoʻohana hou, hoʻonohonoho pono, kī ssh
  4. hoʻonohonoho i nā ʻōnaehana ʻōnaehana (nginx etc) a holo iā lākou
  5. Hana mākou i mea hoʻohana i ka waihona (hiki iā ʻoe ke hana koke i kahi waihona)
  6. E komo i mea hoʻohana hou
  7. E hoʻouka i ka rbenv a me ka ruby
  8. Ke hoʻouka nei i ka pūʻolo
  9. Ke hoʻouka nei i ke code noi
  10. Ke hoʻomaka nei i ka kikowaena Puma

Eia kekahi, hiki ke hana ʻia nā hana hope me ka hoʻohana ʻana i ka capistrano, ma ka liʻiliʻi ma waho o ka pahu hiki iā ia ke kope i ke code i loko o nā papa kuhikuhi hoʻokuʻu, hoʻololi i ka hoʻokuʻu ʻana me kahi symlink i ka holomua ʻana, kope configs mai kahi papa kuhikuhi, hoʻomaka hou i ka puma, etc. Hiki ke hana i kēia me ka hoʻohana ʻana iā Ansible, akā no ke aha?

Hoʻolālā waihona

He koʻikoʻi ko Ansible waihona waihona no kāu mau faila a pau, no laila ʻoi aku ka maikaʻi o ka mālama ʻana i nā mea āpau i kahi papa kuhikuhi kaʻawale. Eia kekahi, ʻaʻole ia he mea koʻikoʻi inā i loko o ka noi kaʻa ponoʻī, a ʻokoʻa paha. Hiki iā ʻoe ke mālama i nā faila i kahi waihona git ʻokoʻa. ʻO wau iho, ʻike wau he mea maʻalahi loa ka hana ʻana i kahi papa kuhikuhi i ka papa kuhikuhi / config o ka noi rails a mālama i nā mea āpau i hoʻokahi waihona.

Puke pāʻani maʻalahi

ʻO Playbook kahi faila yml, me ka hoʻohana ʻana i ka syntax kūikawā, e wehewehe i ka mea e hana ai ʻo Ansible a pehea. E hana kākou i ka puke pāʻani mua i hana ʻole:

---
- name: Simple playbook
  hosts: all

Eia mākou e ʻōlelo wale nei ua kapa ʻia kā mākou puke pāʻani Simple Playbook a e hoʻokō ʻia nā mea i loko no nā pūʻali āpau. Hiki iā mākou ke mālama iā ia ma / ansible directory me ka inoa playbook.yml a ho'āʻo e holo:

ansible-playbook ./playbook.yml

PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matched

Ua ʻōlelo ʻo Ansible ʻaʻole ʻike ʻo ia i nā mea hoʻokipa e kūlike i ka papa inoa āpau. Pono lākou e helu i kahi kūikawā waihona waihona.

E hana mākou i loko o ka papa kuhikuhi like:

123.123.123.123

ʻO kēia ke ʻano o kā mākou wehewehe ʻana i ka mea hoʻokipa (ʻo ka host o kā mākou VPS no ka hoʻāʻo ʻana, a i ʻole hiki iā ʻoe ke hoʻopaʻa inoa localhost) a mālama iā ia ma lalo o ka inoa. inventory.
Hiki iā ʻoe ke hoʻāʻo e holo ansible me kahi faila waihona:

ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************

PLAY RECAP ************************************************************************************************************************************

Inā loaʻa iā ʻoe ke komo ssh i ka host i kuhikuhi ʻia, a laila e hoʻopili ʻo ansible a hōʻiliʻili i ka ʻike e pili ana i ka ʻōnaehana mamao. (ʻo TASK paʻamau [Hōʻuluʻulu ʻIke]) a laila e hāʻawi i kahi hōʻike pōkole no ka hoʻokō (PLAY RECAP).

Ma ka maʻamau, hoʻohana ka pilina i ka inoa inoa āu i komo ai i loko o ka ʻōnaehana. ʻAʻole paha ia ma luna o ka mea hoʻokipa. Ma ka waihona puke pāʻani, hiki iā ʻoe ke kuhikuhi i ka mea hoʻohana e hoʻohana ai e hoʻopili me ka hoʻohana ʻana i ke kuhikuhi remote_user. Eia kekahi, ʻaʻole pono iā ʻoe ka ʻike e pili ana i kahi ʻōnaehana mamao a ʻaʻole pono ʻoe e hoʻopau manawa i ka hōʻiliʻili ʻana. Hiki ke hoʻopau ʻia kēia hana:

---
- name: Simple playbook
  hosts: all
  remote_user: root
  become: true
  gather_facts: no

E ho'āʻo e holo hou i ka puke pāʻani a e hōʻoia i ka hana ʻana o ka pilina. (Inā ʻoe i kuhikuhi i ka mea hoʻohana kumu, a laila pono ʻoe e kuhikuhi i ka lilo: ʻoiaʻiʻo kuhikuhi i mea e loaʻa ai nā kuleana kiʻekiʻe. E like me ka mea i kākau ʻia ma ka palapala: become set to ‘true’/’yes’ to activate privilege escalation. ʻoiai ʻaʻole maopopo loa ke kumu).

Malia paha e loaʻa iā ʻoe kahi hewa ma muli o ka hiki ʻole ke hoʻoholo i ka unuhi ʻōlelo Python, a laila hiki iā ʻoe ke kuhikuhi me ka lima:

ansible_python_interpreter: /usr/bin/python3

Hiki iā ʻoe ke ʻike i kahi āu i loaʻa ai ka python me ke kauoha whereis python.

Ke hoʻouka nei i nā pūʻolo ʻōnaehana

Loaʻa i ka hāʻawi maʻamau o Ansible nā ​​modula he nui no ka hana ʻana me nā pūʻulu ʻōnaehana like ʻole, no laila ʻaʻole pono mākou e kākau i nā palapala bash no kekahi kumu. I kēia manawa pono mākou i kekahi o kēia mau modula e hoʻohou i ka ʻōnaehana a hoʻokomo i nā pūʻulu ʻōnaehana. Loaʻa iaʻu ka Linux Ubuntu ma kaʻu VPS, no laila e hoʻokomo i nā pūʻolo aʻu e hoʻohana ai apt-get и module no ia mea. Inā ʻoe e hoʻohana nei i kahi ʻōnaehana hana ʻē aʻe, a laila pono paha ʻoe i kahi modula ʻē aʻe (e hoʻomanaʻo, ua ʻōlelo wau i ka hoʻomaka e pono mākou e ʻike ma mua i ka mea a pehea mākou e hana ai). Eia naʻe, e like paha ka syntax.

E hoʻonui kākou i kā mākou puke pāʻani me nā hana mua:

---
- name: Simple playbook
  hosts: all
  remote_user: root
  become: true
  gather_facts: no

  tasks:
    - name: Update system
      apt: update_cache=yes
    - name: Install system dependencies
      apt:
        name: git,nginx,redis,postgresql,postgresql-contrib
        state: present

ʻO Task ka hana a Ansible e hana ai ma nā kikowaena mamao. Hāʻawi mākou i ka inoa i ka hana i hiki iā mākou ke hahai i kāna hoʻokō ʻana ma ka log. A wehewehe mākou, me ka hoʻohana ʻana i ka syntax o kahi module kikoʻī, i ka mea e pono ai ke hana. Ma keia hihia apt: update_cache=yes - ʻōlelo e hoʻohou i nā ʻōnaehana ʻōnaehana me ka hoʻohana ʻana i ka module apt. ʻOi aku ka paʻakikī o ke kauoha ʻelua. Hāʻawi mākou i kahi papa inoa o nā pūʻolo i ka module apt a ʻōlelo mākou aia lākou state pono e lilo present, ʻo ia hoʻi, ke ʻōlelo nei mākou e hoʻokomo i kēia mau pūʻolo. Ma ke ʻano like, hiki iā mākou ke haʻi iā lākou e holoi iā lākou, a i ʻole e hoʻonui iā lākou ma ka hoʻololi wale ʻana state. E ʻoluʻolu e hoʻomaopopo no ka hana ʻana o nā ala me ka postgresql pono mākou i ka postgresql-contrib package, a mākou e kau nei i kēia manawa. Eia hou, pono ʻoe e ʻike a hana i kēia; ʻaʻole e hana ʻo ansible iā ia iho.

E ho'āʻo e holo hou i ka puke pāʻani a e nānā ua hoʻokomo ʻia nā pūʻolo.

Ke hana nei i nā mea hoʻohana hou.

No ka hana pū me nā mea hoʻohana, loaʻa iā Ansible kahi module - mea hoʻohana. E hoʻohui hou i hoʻokahi hana (Hūnā wau i nā ʻāpana i ʻike mua ʻia o ka puke pāʻani ma hope o nā manaʻo i ʻole e kope piha i kēlā me kēia manawa): 

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Add a new user
      user:
        name: my_user
        shell: /bin/bash
        password: "{{ 123qweasd | password_hash('sha512') }}"

Hana mākou i mea hoʻohana hou, hoʻonoho i kahi schell a me ka ʻōlelo huna no ia. A laila hele mākou i nā pilikia he nui. He aha inā ʻokoʻa nā inoa inoa no nā pūʻali like ʻole? A ʻo ka mālama ʻana i ka ʻōlelo huna ma kahi kikokikona ma ka puke pāʻani he manaʻo maikaʻi ʻole. I ka hoʻomaka ʻana, e hoʻokomo i ka inoa inoa a me ka ʻōlelo huna i loko o nā mea hoʻololi, a i ka hopena o ka ʻatikala e hōʻike wau pehea e hoʻopili ai i ka ʻōlelo huna.

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Add a new user
      user:
        name: "{{ user }}"
        shell: /bin/bash
        password: "{{ user_password | password_hash('sha512') }}"

Hoʻonohonoho ʻia nā ʻano like ʻole i loko o nā puke pāʻani me ka hoʻohana ʻana i nā pale pale ʻelua.

E hōʻike mākou i nā waiwai o nā mea hoʻololi i ka waihona waihona:

123.123.123.123

[all:vars]
user=my_user
user_password=123qweasd

E ʻoluʻolu e nānā i ke kuhikuhi [all:vars] - ʻōlelo ia he mau ʻano (vars) ka poloka o ka kikokikona a pili lākou i nā pūʻali āpau (a pau).

He hoihoi nō hoʻi ka hoʻolālā "{{ user_password | password_hash('sha512') }}". ʻO ka mea ʻaʻole hoʻokomo ʻo ansible i ka mea hoʻohana ma o user_add e like me kāu e hana lima ai. A mālama pono ia i nā ʻikepili āpau, ʻo ia ke kumu e pono ai mākou e hoʻololi i ka ʻōlelo huna i kahi hash ma mua, ʻo ia ka mea e hana ai kēia kauoha.

E hoʻohui i kā mākou mea hoʻohana i ka hui sudo. Eia naʻe, ma mua o kēia, pono mākou e hōʻoia i ka loaʻa ʻana o kahi hui no ka mea ʻaʻohe mea e hana i kēia no mākou:

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Ensure a 'sudo' group
      group:
        name: sudo
        state: present
    - name: Add a new user
      user:
        name: "{{ user }}"
        shell: /bin/bash
        password: "{{ user_password | password_hash('sha512') }}"
        groups: "sudo"

He mea maʻalahi loa nā mea a pau, loaʻa iā mākou kahi module hui no ka hana ʻana i nā hui, me kahi syntax e like me ka apt. A laila lawa ka hoʻopaʻa inoa ʻana i kēia pūʻulu i ka mea hoʻohana (groups: "sudo").
He mea maikaʻi nō hoʻi e hoʻohui i kahi kī ssh i kēia mea hoʻohana i hiki iā mākou ke komo i ka hoʻohana ʻana me ka ʻole o ka ʻōlelo huna:

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Ensure a 'sudo' group
      group:
      name: sudo
        state: present
    - name: Add a new user
      user:
        name: "{{ user }}"
        shell: /bin/bash
        password: "{{ user_password | password_hash('sha512') }}"
        groups: "sudo"
    - name: Deploy SSH Key
      authorized_key:
        user: "{{ user }}"
        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
        state: present

I kēia hihia, hoihoi ka hoʻolālā "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - kope ia i nā ʻike o ka faila id_rsa.pub (he ʻokoʻa paha kou inoa), ʻo ia hoʻi, ka ʻāpana ākea o ke kī ssh a hoʻouka iā ia i ka papa inoa o nā kī i ʻae ʻia no ka mea hoʻohana ma ka kikowaena.

Nā Wahi

Hiki ke hoʻokaʻawale ʻia nā hana ʻekolu no ka hoʻohana ʻana i hoʻokahi pūʻulu o nā hana, a he mea maikaʻi e mālama i kēia hui ma kahi kaʻawale mai ka puke pāʻani nui i ʻole e ulu nui. No kēia kumu, ua loaʻa iā Ansible kuleana.
E like me ke ʻano o ka faila i hōʻike ʻia ma ka hoʻomaka ʻana, pono e kau ʻia nā kuleana i kahi papa kuhikuhi kuleana ʻokoʻa, no kēlā me kēia kuleana aia kahi papa kuhikuhi kaʻawale me ka inoa like, i loko o nā hana, nā faila, nā templates, etc.
E hana kākou i kahi waihona waihona: ./ansible/roles/user/tasks/main.yml (ʻo ia ka faila nui e hoʻouka ʻia a hoʻokō ʻia ke hoʻopili ʻia kahi kuleana i ka puke pāʻani; hiki ke hoʻopili ʻia nā faila ʻē aʻe iā ia). I kēia manawa hiki iā ʻoe ke hoʻololi i nā hana āpau e pili ana i ka mea hoʻohana i kēia faila:

# Create user and add him to groups
- name: Ensure a 'sudo' group
  group:
    name: sudo
    state: present

- name: Add a new user
  user:
    name: "{{ user }}"
    shell: /bin/bash
    password: "{{ user_password | password_hash('sha512') }}"
    groups: "sudo"

- name: Deploy SSH Key
  authorized_key:
    user: "{{ user }}"
    key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    state: present

Ma ka puke pāʻani nui, pono ʻoe e kuhikuhi e hoʻohana i ke kuleana o ka mea hoʻohana:

---
- name: Simple playbook
  hosts: all
  remote_user: root
  gather_facts: no

  tasks:
    - name: Update system
      apt: update_cache=yes
    - name: Install system dependencies
      apt:
        name: git,nginx,redis,postgresql,postgresql-contrib
        state: present

  roles:
    - user

Eia kekahi, hiki ke hoʻololi i ka ʻōnaehana ma mua o nā hana ʻē aʻe a pau; no ka hana ʻana i kēia, hiki iā ʻoe ke kapa hou i ka poloka tasks kahi i wehewehe ʻia ai lākou ma pre_tasks.

Hoʻonohonoho i ka nginx

Pono mākou i hoʻokomo iā Nginx; pono mākou e hoʻonohonoho a holo. E hana koke kāua i ka hana. E hana kākou i kahi waihona waihona:

- ansible
  - roles
    - nginx
      - files
      - tasks
        - main.yml
      - templates

I kēia manawa pono mākou i nā faila a me nā template. ʻO ka ʻokoʻa ma waena o lākou ʻo ka hiki ke kope pololei i nā faila, e like me. A pono e loaʻa i nā templates ka hoʻonui j2 a hiki iā lākou ke hoʻohana i nā waiwai hoʻololi me ka hoʻohana ʻana i nā braces curly pālua.

E hiki iā mākou ke hoʻokomo i ka nginx main.yml waihona. No kēia, loaʻa iā mākou kahi module systemd:

# Copy nginx configs and start it
- name: enable service nginx and start
  systemd:
    name: nginx
    state: started
    enabled: yes

Maanei ʻaʻole mākou e ʻōlelo wale e hoʻomaka ka nginx (ʻo ia hoʻi, hoʻomaka mākou), akā ke ʻōlelo koke nei mākou pono e hoʻā.
I kēia manawa e kope mākou i nā faila hoʻonohonoho:

# Copy nginx configs and start it
- name: enable service nginx and start
  systemd:
    name: nginx
    state: started
    enabled: yes

- name: Copy the nginx.conf
  copy:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes

- name: Copy template my_app.conf
  template:
    src: my_app_conf.j2
    dest: /etc/nginx/sites-available/my_app.conf
    owner: root
    group: root
    mode: '0644'

Hana mākou i ka faila hoʻonohonoho nginx nui (hiki iā ʻoe ke lawe pololei mai ka kikowaena, a i ʻole e kākau iā ʻoe iho). A me ka faila hoʻonohonoho no kā mākou noi ma ka papa kuhikuhi sites_available (ʻaʻole pono kēia akā pono). I ka hihia mua, hoʻohana mākou i ka module kope e kope i nā faila (pono ka faila i loko /ansible/roles/nginx/files/nginx.conf). I ka lua, kope mākou i ka template, hoʻololi i nā waiwai o nā ʻano. Pono e komo i loko /ansible/roles/nginx/templates/my_app.j2). A e like paha me kēia:

upstream {{ app_name }} {
  server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}

server {
  listen 80;
  server_name {{ server_name }} {{ inventory_hostname }};
  root {{ app_path }}/current/public;

  try_files $uri/index.html $uri.html $uri @{{ app_name }};
  ....
}

E nānā pono i nā mea hoʻokomo {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} - ʻo kēia nā mea hoʻololi āpau e hoʻololi ʻia nā waiwai Ansible i ka template ma mua o ke kope ʻana. Pono kēia inā hoʻohana ʻoe i kahi puke pāʻani no nā hui like ʻole. No ka laʻana, hiki iā mākou ke hoʻohui i kā mākou waihona waihona:

[production]
123.123.123.123

[staging]
231.231.231.231

[all:vars]
user=my_user
user_password=123qweasd

[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app

[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_app

Inā hoʻomaka mākou i kā mākou puke pāʻani, e hana ia i nā hana i kuhikuhi ʻia no nā pūʻali ʻelua. Akā i ka manawa like, no ka mea hoʻokipa hoʻokūkū, e ʻokoʻa nā mea hoʻololi mai nā mea hana, ʻaʻole wale i nā kuleana a me nā puke pāʻani, akā i nā configs nginx. {{ inventory_hostname }} ʻAʻole pono e kuhikuhi ʻia i ka faila waihona - ʻo kēia hoʻololi ansible kūikawā a mālama ʻia ma laila ka mea hoʻokipa e holo nei ka puke pāʻani.
Inā makemake ʻoe e loaʻa kahi waihona waihona no nā pūʻali lehulehu, akā holo wale no kahi hui, hiki ke hana ʻia me kēia kauoha:

ansible-playbook -i inventory ./playbook.yml -l "staging"

ʻO kahi koho ʻē aʻe ka loaʻa ʻana o nā faila waihona no nā hui like ʻole. A i ʻole hiki iā ʻoe ke hoʻohui i nā ala ʻelua inā loaʻa iā ʻoe nā pūʻali like ʻole.

E hoʻi kāua i ka hoʻonohonoho ʻana i ka nginx. Ma hope o ke kope ʻana i nā faila hoʻonohonoho, pono mākou e hana i kahi symlink ma sitest_enabled i my_app.conf mai sites_available. A hoʻomaka hou i ka nginx.

... # old code in mail.yml

- name: Create symlink to sites-enabled
  file:
    src: /etc/nginx/sites-available/my_app.conf
    dest: /etc/nginx/sites-enabled/my_app.conf
    state: link

- name: restart nginx
  service:
    name: nginx
    state: restarted

Maʻalahi nā mea a pau ma aneʻi - nā modula ansible hou me kahi syntax maʻamau. Akā hoʻokahi wahi. ʻAʻohe mea e hoʻomaka hou i ka nginx i kēlā me kēia manawa. Ua ʻike paha ʻoe ʻaʻole mākou e kākau i nā kauoha e like me: "e hana i kēia e like me kēia", ʻoi aku ka like o ka syntax "e loaʻa kēia mokuʻāina". A ʻo ka pinepine, ʻo ia ka hana a ansible. Inā aia ka pūʻulu, a i ʻole ua hoʻokomo ʻia ka pūʻulu ʻōnaehana, a laila e nānā ʻo ansible i kēia a lele i ka hana. Eia kekahi, ʻaʻole e kope ʻia nā faila inā hoʻohālikelike lākou i nā mea i loaʻa ma ke kikowaena. Hiki iā mākou ke hoʻohana i kēia a hoʻomaka hou i ka nginx inā ua hoʻololi ʻia nā faila hoʻonohonoho. Aia kahi papa kuhikuhi no kēia:

# Copy nginx configs and start it
- name: enable service nginx and start
  systemd:
    name: nginx
    state: started
    enabled: yes

- name: Copy the nginx.conf
  copy:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes
  register: restart_nginx

- name: Copy template my_app.conf
  template:
    src: my_app_conf.j2
    dest: /etc/nginx/sites-available/my_app.conf
    owner: root
    group: root
    mode: '0644'
  register: restart_nginx

- name: Create symlink to sites-enabled
  file:
    src: /etc/nginx/sites-available/my_app.conf
    dest: /etc/nginx/sites-enabled/my_app.conf
    state: link

- name: restart nginx
  service:
    name: nginx
    state: restarted
  when: restart_nginx.changed

Inā hoʻololi kekahi o nā faila hoʻonohonoho, e hana ʻia kahi kope a hoʻopaʻa inoa ʻia ka loli restart_nginx. A inā i hoʻopaʻa inoa ʻia kēia ʻano, e hoʻomaka hou ka lawelawe.

A, ʻoiaʻiʻo, pono ʻoe e hoʻohui i ka hana nginx i ka papa pāʻani nui.

Hoʻonohonoho i ka postgresql

Pono mākou e hoʻohana i ka postgresql me ka hoʻohana ʻana i ka systemd e like me kā mākou i hana ai me ka nginx, a hana pū i kahi mea hoʻohana a mākou e hoʻohana ai e komo i ka waihona a me ka ʻikepili ponoʻī.
E hana kākou i kuleana /ansible/roles/postgresql/tasks/main.yml:

# Create user in postgresql
- name: enable postgresql and start
  systemd:
    name: postgresql
    state: started
    enabled: yes

- name: Create database user
  become_user: postgres
  postgresql_user:
    name: "{{ db_user }}"
    password: "{{ db_password }}"
    role_attr_flags: SUPERUSER

- name: Create database
  become_user: postgres
  postgresql_db:
    name: "{{ db_name }}"
    encoding: UTF-8
    owner: "{{ db_user }}"

ʻAʻole wau e wehewehe pehea e hoʻohui ai i nā mea hoʻololi i ka waihona, ua hana ʻia kēia i nā manawa he nui, a me ka syntax o ka postgresql_db a me postgresql_user modules. Hiki ke loaʻa nā ʻike hou aku ma ka palapala. ʻO ke kuhikuhi hoihoi loa ma ʻaneʻi become_user: postgres. ʻO ka mea ʻoiaʻiʻo ma ka maʻamau, hiki i ka mea hoʻohana postgres ke komo i ka waihona postgresql a ma ka ʻāina wale nō. ʻAe kēia kuhikuhi iā mākou e hoʻokō i nā kauoha ma ka inoa o kēia mea hoʻohana (inā loaʻa iā mākou ke komo, ʻoiaʻiʻo).
Eia kekahi, pono paha ʻoe e hoʻohui i kahi laina i pg_hba.conf e ʻae i kahi mea hoʻohana hou e komo i ka waihona. Hiki ke hana i kēia ma ke ʻano like me kā mākou hoʻololi i ka config nginx.

A ʻoiaʻiʻo, pono ʻoe e hoʻohui i ka hana postgresql i ka papa pāʻani nui.

Ke hoʻokomo nei i ka ruby ​​​​ma o rbenv

ʻAʻohe modula o Ansible no ka hana ʻana me rbenv, akā ua hoʻokomo ʻia ma ke kāʻei ʻana i kahi waihona git. No laila, lilo kēia pilikia i mea maʻamau ʻole. E hana kākou i kuleana nona /ansible/roles/ruby_rbenv/main.yml a e hoʻomaka kākou e hoʻopiha.

# Install rbenv and ruby
- name: Install rbenv
  become_user: "{{ user }}"
  git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenv

Hoʻohana hou mākou i ke alakaʻi become_user e hana ma lalo o ka mea hoʻohana a mākou i hana ai no kēia mau kumu. No ka mea ua hoʻokomo ʻia ʻo rbenv i kāna papa kuhikuhi home, ʻaʻole ma ka honua. A hoʻohana pū mākou i ka module git e clone i ka waihona, e kuhikuhi ana i ka repo a me ka dest.

A laila, pono mākou e hoʻopaʻa inoa rbenv init ma bashrc a hoʻohui i rbenv i PATH ma laila. No kēia, loaʻa iā mākou ka lineinfile module:

- name: Add rbenv to PATH
  become_user: "{{ user }}"
  lineinfile:
    path: ~/.bashrc
    state: present
    line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'

- name: Add rbenv init to bashrc
  become_user: "{{ user }}"
  lineinfile:
    path: ~/.bashrc
    state: present
    line: 'eval "$(rbenv init -)"'

A laila pono ʻoe e hoʻokomo iā ruby_build:

- name: Install ruby-build
  become_user: "{{ user }}"
  git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-build

A hope e hoʻokomo i ka ruby. Hana ʻia kēia ma o rbenv, ʻo ia hoʻi, me ke kauoha bash:

- name: Install ruby
  become_user: "{{ user }}"
  shell: |
    export PATH="${HOME}/.rbenv/bin:${PATH}"
    eval "$(rbenv init -)"
    rbenv install {{ ruby_version }}
  args:
    executable: /bin/bash

'Ōlelo mākou i ke kauoha e hoʻokō a me ke aha. Eia naʻe, ʻike mākou i ka ʻoiaʻiʻo ʻaʻole holo ka ansible i ke code i loko o ka bashrc ma mua o ka holo ʻana i nā kauoha. 'O ia ho'i, pono e wehewehe pololei 'ia ka rbenv ma ka palapala like.

ʻO ka pilikia aʻe ma muli o ka ʻoiaʻiʻo o ke kauoha shell ʻaʻohe mokuʻāina mai kahi manaʻo ansible. ʻO ia hoʻi, ʻaʻohe ʻike maʻalahi inā hoʻokomo ʻia kēia ʻano ruby ​​​​a i ʻole. Hiki iā mākou ke hana iā mākou iho:

- name: Install ruby
  become_user: "{{ user }}"
  shell: |
    export PATH="${HOME}/.rbenv/bin:${PATH}"
    eval "$(rbenv init -)"
    if ! rbenv versions | grep -q {{ ruby_version }}
      then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
    fi
  args:
    executable: /bin/bash

ʻO nā mea a pau i koe e hoʻokomo i ka pūpū:

- name: Install bundler
  become_user: "{{ user }}"
  shell: |
    export PATH="${HOME}/.rbenv/bin:${PATH}"
    eval "$(rbenv init -)"
    gem install bundler

A eia hou, hoʻohui i kā mākou kuleana ruby_rbenv i ka puke pāʻani nui.

Nā waihona like.

Ma ka laulā, hiki ke hoʻopau ʻia ka hoʻonohonoho ʻana ma aneʻi. ʻO ka mea aʻe, ʻo ka holo ʻana i ka capistrano a e kope ʻo ia i ke code ponoʻī, hana i nā papa kuhikuhi pono a hoʻomaka i ka noi (inā ua hoʻonohonoho pono ʻia nā mea āpau). Eia naʻe, koi pinepine ʻo capistrano i nā faila hoʻonohonoho hou, e like me database.yml ai ole ia, .env Hiki ke kope ʻia e like me nā faila a me nā templates no nginx. Hookahi wale no maalea. Ma mua o ke kope ʻana i nā faila, pono ʻoe e hana i kahi papa kuhikuhi no lākou, e like me kēia:

# Copy shared files for deploy
- name: Ensure shared dir
  become_user: "{{ user }}"
  file:
    path: "{{ app_path }}/shared/config"
    state: directory

Hoʻokahi wale nō papa kuhikuhi mākou a e hana ʻo ansible i nā mākua inā pono.

Ansible Vault

Ua ʻike mua mākou i ka ʻoiaʻiʻo e hiki ke loaʻa i nā ʻikepili huna e like me ka ʻōlelo huna a ka mea hoʻohana. Inā ua hana ʻoe .env waihona no ka palapala noi, a database.yml a laila pono e nui aʻe ka ʻikepili koʻikoʻi. He mea maikaʻi e hūnā iā lākou mai ka nānā ʻana i nā maka. No kēia kumu hoʻohana ʻia ansible vault.

E hana kākou i faila no nā ʻano hoʻololi /ansible/vars/all.yml (ma ʻaneʻi hiki iā ʻoe ke hana i nā faila like ʻole no nā hui like ʻole, e like me ka waihona waihona: production.yml, staging.yml, etc.).
Pono e hoʻoili ʻia i kēia faila me ka syntax yml maʻamau:

# System vars
user_password: 123qweasd
db_password: 123qweasd

# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_base

A laila hiki ke hoʻopili ʻia kēia faila me ke kauoha:

ansible-vault encrypt ./vars/all.yml

Ma keʻano maʻamau, i ka wā e hoʻopili ai, pono ʻoe e hoʻonohonoho i kahi ʻōlelo huna no ka decryption. Hiki iā ʻoe ke ʻike i ka mea i loko o ka faila ma hope o ke kāhea ʻana i kēia kauoha.

Me ke kōkuaʻana o ansible-vault decrypt hiki ke hoʻokaʻawale ʻia ka faila, hoʻololi a hoʻopili hou ʻia.

ʻAʻole pono ʻoe e wehe i ka faila e hana. Mālama ʻoe iā ia i hoʻopili ʻia a holo i ka playbook me ka hoʻopaʻapaʻa --ask-vault-pass. E noi ana ʻo Ansible i ka ʻōlelo huna, e kiʻi i nā ʻano like ʻole, a e hoʻokō i nā hana. E hoʻopili ʻia nā ʻikepili a pau.

ʻO ke kauoha holoʻokoʻa no nā pūʻulu o nā pūʻali a me ka vault e like me kēia:

ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-pass

Akā ʻaʻole wau e hāʻawi iā ʻoe i ka kikokikona piha o nā puke pāʻani a me nā kuleana, e kākau iā ʻoe iho. No ka mea e like me ka ansible - inā ʻaʻole ʻoe maopopo i ka mea e pono ai ke hana, a laila ʻaʻole ia e hana no ʻoe.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka