Hauv tsab xov xwm no, kuv yuav qhia kuv qhov kev paub ntawm kev teeb tsa CI / CD siv Plesk Control Vaj Huam Sib Luag thiab Github Ua Haujlwm. Niaj hnub no peb yuav kawm yuav ua li cas xa ib qhov project yooj yim nrog lub npe tsis yooj yim "Helloworld". Nws tau sau rau hauv Flask Python lub moj khaum, nrog cov neeg ua haujlwm Celery thiab Angular 8 frontend.
Txuas mus rau repositories: , .
Hauv thawj ntu ntawm tsab xov xwm, peb yuav saib peb qhov project thiab nws qhov chaw. Hauv qhov thib ob, peb yuav txheeb xyuas yuav ua li cas teeb tsa Plesk thiab nruab qhov tsim nyog txuas ntxiv thiab cov khoom siv (DB, RabbitMQ, Redis, Docker, thiab lwm yam).
Hauv qhov thib peb, peb yuav thaum kawg txiav txim siab yuav ua li cas teeb tsa lub raj xa dej rau kev xa tawm peb qhov project mus rau lub server hauv ib puag ncig dev thiab cov khoom lag luam. Thiab tom qab ntawd peb yuav tso lub xaib ntawm lub server.
Thiab yog, kuv tsis nco qab qhia kuv tus kheej. Kuv lub npe yog Oleg Borzov, Kuv yog tus tsim tawm tag nrho hauv pab pawg CRM rau tus thawj tswj hwm tsev qiv nyiaj ntawm Domclick.
Cov ntsiab lus ntawm qhov project
Ua ntej, cia saib ob qhov project repositories - backend thiab pem hauv ntej - thiab mus hla cov cai.
Backend: Flask + Celery
Rau sab nraub qaum, kuv coj ib pawg uas nrov heev ntawm Python developers: Flask moj khaum (rau API) thiab Celery (rau txoj haujlwm queue). SQLAchemy yog siv los ua ORM. Alembic yog siv rau kev tsiv teb tsaws chaw. Rau JSON validation hauv tes - Marshmallow.
Π muaj cov ntaub ntawv Readme.md nrog cov lus piav qhia ntxaws txog cov qauv thiab cov lus qhia rau kev khiav qhov project.
heev uncomplicated, muaj 6 cwj mem:
/ping- txhawm rau txheeb xyuas qhov muaj;- ua haujlwm rau kev sau npe, kev tso cai, tshem tawm kev tso cai thiab tau txais tus neeg siv kev tso cai;
- ib tug email tuav uas tso ib tug hauj lwm nyob rau hauv lub Celery kab.
txawm yooj yim dua, tsuas muaj ib qho teeb meem xwb send_mail_task.
Hauv ntawv tais ceev tseg muaj ob subfolders:
dockernrog ob Dockerfiles (base.dockerfiletsim kom muaj ib tug tsis tshua hloov lub hauv paus duab thiabDockerfilerau cov rooj sib txoos loj);.env_files- nrog cov ntaub ntawv nrog ib puag ncig hloov pauv rau qhov chaw sib txawv.
Muaj plaub docker-compose cov ntaub ntawv ntawm lub hauv paus ntawm qhov project:
docker-compose.local.db.ymllos tsa ib lub zos database rau kev txhim kho;docker-compose.local.workers.ymlrau kev nce hauv zos ntawm cov neeg ua haujlwm, database, Redis thiab RabbitMQ;docker-compose.test.ymlkhiav cov kev xeem thaum lub sij hawm xa mus;docker-compose.ymlrau kev xa tawm.
Thiab qhov kawg folder peb xav nyob rau hauv - . Nws muaj lub plhaub scripts rau kev xa tawm:
deploy.sh- tso tawm kev tsiv teb tsaws thiab xa mus. Khiav ntawm tus neeg rau zaub mov tom qab tsim thiab ua haujlwm hauv Github Kev Ua Haujlwm;rollback.sh- rollback ntawm ntim rau yav dhau los version ntawm lub rooj sib txoos;curl_tg.sh- xa cov ntawv ceeb toom xa mus rau Telegram.
Frontend ntawm Angular
ntau yooj yim dua Beck's. Pem hauv ntej muaj peb nplooj ntawv:
- Nplooj ntawv tseem ceeb nrog daim foos xa email thiab lub pob tawm.
- ID nkag mus nplooj.
- nplooj ntawv sau npe.
Lub ntsiab nplooj zoo li ascetic:
Muaj ob cov ntaub ntawv ntawm lub hauv paus Dockerfile ΠΈ docker-compose.yml, raws li zoo raws li cov ntaub ntawv uas paub .ci-cd nrog me ntsis scripts dua nyob rau hauv lub rov qab repository (tshem tawm scripts rau khiav kev xeem).
Pib ib qhov project hauv Plesk
Cia peb pib los ntawm kev teeb tsa Plesk thiab tsim kev tso npe rau peb lub xaib.
Txhim kho extensions
Hauv Plesk, peb xav tau plaub qhov txuas ntxiv:
Dockertswj thiab pom cov xwm txheej ntawm cov thawv hauv Plesk admin vaj huam sib luag;Gittxhawm rau teeb tsa cov kauj ruam xa mus rau lub server;Let's Encrypttsim (thiab rov pib dua tshiab) dawb TLS daim ntawv pov thawj;Firewalltxhawm rau teeb tsa kev lim dej ntawm cov tsheb tuaj.
Koj tuaj yeem nruab lawv los ntawm Plesk admin vaj huam sib luag hauv ntu Extensions:
Peb yuav tsis xav txog cov ncauj lus kom ntxaws rau kev txuas ntxiv, qhov chaw pib yuav ua rau peb lub hom phiaj demo.
Tsim ib tug subscription thiab site
Tom ntej no, peb yuav tsum tsim ib qho kev tso npe rau peb lub vev xaib helloworld.ru thiab ntxiv rau dev.helloworld.ru subdomain muaj.
- Tsim ib tug subscription rau helloworld.ru sau thiab qhia tus ID nkag mus-password rau cov neeg siv system:
Kos lub thawv nyob hauv qab ntawm nplooj ntawv Ruaj ntseg lub npe nrog Let's EncryptYog tias peb xav teeb HTTPS rau lub xaib: - Tom ntej no, hauv qhov kev tso npe no, tsim subdomain dev.helloworld.ru (rau qhov koj tuaj yeem muab daim ntawv pov thawj TLS dawb):
Txhim kho Server Cheebtsam
Peb muaj server nrog OS Debian Stretch 9.12 thiab ntsia tswj vaj huam sib luag Plesk Obsidian 18.0.27.
Peb yuav tsum tau nruab thiab configure rau peb qhov project:
- PostgreSQL (hauv peb rooj plaub, yuav muaj ib lub server nrog ob lub databases rau dev thiab prod ib puag ncig).
- RabbitMQ (tib yam, tib yam piv txwv nrog vhosts sib txawv rau ib puag ncig).
- Ob qhov piv txwv Redis (rau dev thiab khoom ib puag ncig).
- Docker Registry (rau lub zos cia ntawm Docker dluab tsim).
- UI rau Docker npe.
PostgreSQL
Plesk twb los nrog PostgreSQL DBMS, tab sis tsis yog qhov tseeb version (thaum lub sijhawm sau ntawv Plesk Obsidian Postgres versions 8.4β10.8). Peb xav tau qhov tseeb version rau peb daim ntawv thov (12.3 ntawm lub sijhawm sau ntawv), yog li peb yuav nruab nws manually.
Muaj ntau cov lus qhia ntxaws ntxaws rau kev txhim kho Postgres ntawm Debian ntawm net (), yog li kuv yuav tsis piav qhia meej, Kuv tsuas yog muab cov lus txib:
wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sudo apt-get update
sudo apt-get install postgresql postgresql-contrib
Xav tias PostgreSQL muaj qhov teeb meem me me me me, nws yog qhov tsim nyog los kho qhov teeb tsa. Qhov no yuav pab tau peb : koj yuav tsum tsav nyob rau hauv qhov tsis muaj ntawm koj lub server thiab hloov cov chaw hauv cov ntaub ntawv /etc/postgresql/12/main/postgresql.confrau cov uas muaj. Nws yuav tsum tau muab sau tseg ntawm no hais tias xws li lub laij lej tsis yog ib tug khawv koob mos txwv, thiab lub hauv paus yuav tsum tau tuned ntau precisely, raws li koj hardware, daim ntawv thov, thiab cov lus nug complexity. Tab sis qhov no txaus los pib.
Ntxiv nrog rau qhov teeb tsa tau thov los ntawm lub laij lej, peb kuj hloov pauv hauv postgresql.confqhov chaw nres nkoj 5432 mus rau lwm qhov (hauv peb qhov piv txwv - 53983).
Tom qab hloov cov ntaub ntawv teeb tsa, rov pib dua postgresql-server nrog cov lus txib:
service postgresql restart
Peb tau nruab thiab teeb tsa PostgreSQL. Tam sim no cia peb tsim cov ntaub ntawv, cov neeg siv rau dev thiab cov khoom ib puag ncig, thiab muab cov neeg siv txoj cai los tswj cov ntaub ntawv:
$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT
RabbitMQ
Cia peb txav mus rau kev txhim kho RabbitMQ, cov lus sib tham rau Celery. Txhim kho nws ntawm Debian yog qhov yooj yim heev:
wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb
sudo apt-get update
sudo apt-get install erlang erlang-nox
sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install rabbitmq-server
Tom qab kev teeb tsa, peb yuav tsum tsim vhosts, cov neeg siv thiab muab cov cai tsim nyog:
sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"
sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"
Redis
Tam sim no cia peb nruab thiab teeb tsa cov khoom kawg rau peb daim ntawv thov - Redis. Nws yuav siv los ua ib qho backend rau khaws cov txiaj ntsig ntawm Celery cov haujlwm.
Peb yuav tsa ob lub thawv Docker nrog Redis rau dev thiab khoom ib puag ncig siv qhov txuas ntxiv Docker rau Plesk.
- Peb mus rau Plesk, mus rau ntu Extensions, nrhiav Docker txuas ntxiv thiab nruab nws (peb xav tau ib qho dawb version):
- Mus rau qhov txuas txuas ntxiv, nrhiav cov duab los ntawm kev tshawb nrhiav
redis bitnamithiab nruab qhov tseeb version: - Peb mus rau hauv lub thawv rub tawm thiab kho qhov teeb tsa: qhia qhov chaw nres nkoj, qhov siab tshaj plaws faib RAM loj, tus password hauv ib puag ncig hloov pauv, thiab mount lub ntim:
- Peb ua cov kauj ruam 2-3 rau lub thawv ntim khoom, hauv qhov chaw peb tsuas yog hloov qhov tsis muaj: chaw nres nkoj, lo lus zais, RAM loj thiab txoj hauv kev mus rau lub ntim ntim ntawm lub server:
Docker Registry
Ntxiv nrog rau cov kev pabcuam yooj yim, nws yuav zoo rau muab koj tus kheej Docker duab repository ntawm server. Hmoov zoo, qhov chaw neeg rau zaub mov tam sim no pheej yig heev (tseem pheej yig dua li DockerHub subscription), thiab cov txheej txheem ntawm kev teeb tsa lub chaw khaws khoom ntiag tug yog qhov yooj yim heev.
Peb xav kom muaj:
- password-tiv thaiv Docker repository nkag tau rau ntawm subdomain ;
- UI rau saib cov duab hauv qhov chaw cia khoom, muaj nyob ntawm .
Ua li no:
- Cia peb tsim ob lub subdomains hauv Plesk hauv peb qhov kev tso npe: docker.helloworld.ru thiab docker-ui.helloworld.ru, thiab teeb tsa Let's Encrypt daim ntawv pov thawj rau lawv.
- Ntxiv cov ntaub ntawv mus rau docker.helloworld.ru subdomain folder
docker-compose.ymlnrog cov ntsiab lus zoo li no:version: "3" services: docker-registry: image: "registry:2" restart: always ports: - "53985:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: basic-realm REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - ./.docker-registry.htpasswd:/auth/.htpasswd - ./data:/data docker-registry-ui: image: konradkleine/docker-registry-frontend:v2 restart: always ports: - "53986:80" environment: VIRTUAL_HOST: '*, https://*' ENV_DOCKER_REGISTRY_HOST: 'docker-registry' ENV_DOCKER_REGISTRY_PORT: 5000 links: - 'docker-registry' - Hauv qab SSH, peb yuav tsim cov ntaub ntawv .htpasswd rau Kev tso cai yooj yim hauv Docker repository:
htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password - Sau thiab nqa cov thawv:
docker-compose up -d - Thiab peb yuav tsum tau hloov Nginx rau peb cov thawv. Qhov no tuaj yeem ua tiav los ntawm Plesk.
Cov kauj ruam hauv qab no yuav tsum tau ua rau docker.helloworld.ru thiab docker-ui.helloworld.ru subdomains:
seem Dev Cuab Yeej peb qhov chaw mus rau Docker Proxy Cov Cai:
Thiab ntxiv ib txoj cai rau kev tso npe nkag mus rau peb lub thawv:
- Peb xyuas tias peb tuaj yeem nkag mus rau hauv peb lub thawv los ntawm lub tshuab hauv zos:
$ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded - Wb kuj tshawb xyuas cov haujlwm ntawm docker-ui.helloworld.ru subdomain:
Thaum koj nyem rau ntawm Browse repositories, qhov browser yuav tso tawm qhov tso cai qhov rai uas koj yuav tsum tau nkag mus rau tus username thiab password rau qhov chaw cia. Tom qab ntawd, peb yuav raug xa mus rau nplooj ntawv nrog cov npe ntawm cov chaw khaws khoom (rau tam sim no, nws yuav khoob rau koj):
Qhib cov chaw nres nkoj hauv Plesk Firewall
Tom qab txhim kho thiab teeb tsa cov khoom, peb yuav tsum qhib cov chaw nres nkoj kom cov khoom siv nkag tau los ntawm Docker ntim thiab sab nraud network.
Cia peb pom yuav ua li cas siv qhov txuas ntxiv Firewall rau Plesk uas peb tau teeb tsa ua ntej.
- Mus rau Cov cuab yeej & Chaw> Chaw> Firewall:
- Mus rau Hloov kho Plesk Firewall Txoj Cai> Ntxiv Txoj Cai Kev Cai thiab qhib TCP cov chaw nres nkoj hauv qab no rau Docker subnet (172.0.0.0 / 8):
RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
Ib: 32785, 32786 - Peb tseem yuav ntxiv txoj cai uas yuav qhib PostgreSQL cov chaw nres nkoj thiab RabbitMQ tswj vaj huam sib luag rau lub ntiaj teb sab nraud:
- Siv cov cai uas siv lub khawm Hloov Hloov:
Teeb tsa CI / CD hauv Github Ua Haujlwm
Cia peb nqis mus rau qhov nthuav tshaj plaws - teeb tsa kev sib txuas txuas txuas ntxiv thiab xa peb qhov project mus rau lub server.
Lub raj xa dej no yuav muaj ob ntu:
- tsim cov duab thiab khiav kev xeem (rau lub backend) - ntawm Github sab;
- khiav migrations (rau lub backend) thiab deploying ntim - ntawm lub server.
Xa mus rau Plesk
Cia peb tham txog qhov thib ob ua ntej (vim thawj tus nyob ntawm nws).
Peb yuav teeb tsa cov txheej txheem xa tawm siv Git txuas ntxiv rau Plesk.
Xav txog ib qho piv txwv nrog Prod ib puag ncig rau Backend repository.
- Peb mus rau qhov kev tso npe ntawm peb lub vev xaib Helloworld thiab mus rau Git ntu:
- Ntxig ib qhov txuas rau peb Github repository rau hauv "Remote Git repository" teb thiab hloov lub neej ntawd nplaub tshev
httpdocsmus rau lwm tus (eg./httpdocs/hw_back): - Luam theej SSH Public key los ntawm cov kauj ruam dhau los thiab nws hauv Github nqis.
- Nyem OK ntawm qhov screen hauv kauj ruam 2, tom qab ntawd peb yuav raug xa mus rau nplooj ntawv repository hauv Plesk. Tam sim no peb yuav tsum teeb tsa lub chaw khaws cia kom hloov kho ntawm kev cog lus rau tus tswv ceg. Txhawm rau ua qhov no, mus rau Repository Chaw thiab txuag tus nqi
Webhook URL(peb yuav xav tau tom qab thaum teeb tsa Github Actions): - Hauv cov haujlwm ua haujlwm ntawm qhov screen ntawm kab lus dhau los, nkag mus rau tsab ntawv txhawm rau xa tawm:
cd {REPOSITORY_ABSOLUTE_PATH} .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID}qhov twg:
{REPOSITORY_ABSOLUTE_PATH}- txoj hauv kev mus rau cov ntawv tais ceev tseg ntawm qhov chaw khaws cia backend ntawm lub server;
{ENV}- ib puag ncig (dev / prod), hauv peb rooj plaubprod;
{DOCKER_REGISTRY_HOST}- tus tswv tsev ntawm peb docker repository
{TG_BOT_TOKEN}- Telegram bot token;
{TG_CHAT_ID}- ID ntawm kev sib tham / channel rau xa cov ntawv ceeb toom.Script example:
cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/ .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890 - Ntxiv ib tus neeg siv los ntawm peb qhov kev tso npe rau Docker pawg (yog li lawv tuaj yeem tswj cov thawv):
sudo usermod -aG docker helloworld_admin
Cov dev ib puag ncig rau lub backend repository thiab frontend tau teeb tsa tib txoj kev.
Kev xa cov raj xa dej hauv Github Kev Ua Haujlwm
Cia peb txav mus los teeb tsa thawj ntu ntawm peb CI / CD cov kav dej hauv Github Actions.
backend
Lub raj xa dej tau piav qhia hauv .
Tab sis ua ntej parsing nws, cia peb sau rau hauv Secret variables peb xav tau nyob rau hauv Github. Txhawm rau ua qhov no, mus rau Chaw -> Secrets:
DOCKER_REGISTRY- tus tswv tsev ntawm peb Docker repository (docker.helloworld.ru);DOCKER_LOGIN- nkag mus rau Docker repository;DOCKER_PASSWORD- password rau nws;DEPLOY_HOST- tus tswv tsev nyob qhov twg Plesk admin vaj huam sib luag muaj (piv txwv: ib: 8443o 8443; ib.DEPLOY_BACK_PROD_TOKEN- ib lub cim rau kev xa mus rau qhov khoom-repository ntawm tus neeg rau zaub mov (peb tau txais nws hauv Kev xa tawm hauv Plesk p. 4);DEPLOY_BACK_DEV_TOKEN- token rau kev xa mus rau dev repository ntawm lub server.
Cov txheej txheem xa tawm yog yooj yim thiab muaj peb kauj ruam tseem ceeb:
- tsim thiab tshaj tawm cov duab hauv peb lub chaw cia khoom;
- khiav kev xeem nyob rau hauv ib lub thawv raws li ib tug tshiab tsim duab;
- xa mus rau qhov xav tau ib puag ncig nyob ntawm ceg (dev/master).
frontend
me ntsis txawv ntawm Beck's. Nws tsis muaj ib kauj ruam nrog kev sim khiav thiab hloov cov npe ntawm cov tokens rau kev xa tawm. Secrets rau pem hauv ntej repository, los ntawm txoj kev, yuav tsum tau muab sau cais.
Qhov chaw teeb tsa
Proxying tsheb khiav los ntawm Nginx
Zoo, peb twb los txog kawg. Nws tseem tsuas yog teeb tsa qhov kev tso cai ntawm kev nkag mus thiab tawm mus rau peb lub thawv los ntawm Nginx. Peb twb tau them cov txheej txheem no hauv kauj ruam 5 ntawm Docker Registry teeb. Tib yam yuav tsum tau rov ua dua rau sab nraub qaum thiab pem hauv ntej hauv dev thiab khoom ib puag ncig.
Kuv yuav muab screenshots ntawm cov chaw.
backend
frontend
Cov lus qhia tseem ceeb. Tag nrho cov URLs yuav raug xa mus rau lub thawv rau pem hauv ntej, tshwj tsis yog cov pib nrog /api/ - lawv yuav raug xa mus rau lub thawv tom qab (yog li nyob rau hauv lub thawv tom qab, tag nrho cov handlers yuav tsum pib nrog /api/).
Cov txiaj ntsim tau los
Tam sim no peb qhov chaw yuav tsum muaj nyob rau ntawm helloworld.ru thiab dev.helloworld.ru (prod- thiab dev-environments, feem).
Nyob rau hauv tag nrho, peb tau kawm yuav ua li cas los npaj ib daim ntawv thov yooj yim hauv Flask thiab Angular thiab teeb tsa lub raj xa dej hauv Github Actions los yob nws mus rau lub server khiav Plesk.
Kuv yuav duplicate cov kev txuas mus rau lub repositories nrog cov cai: , .
Tau qhov twg los: www.hab.com