Tsis ntev tas los no kuv yuav tsum tau sau ob peb Ansible playbooks los npaj cov neeg rau zaub mov rau kev xa ib daim ntawv thov Rails. Thiab, xav tsis thoob, kuv tsis tau pom phau ntawv qhia ib kauj ruam yooj yim. Kuv tsis xav luam lwm tus phau ntawv ua si yam tsis nkag siab qhov tshwm sim, thiab thaum kawg kuv yuav tsum tau nyeem cov ntaub ntawv, sau txhua yam ntawm kuv tus kheej. Tej zaum kuv tuaj yeem pab ib tus neeg kom ceev cov txheej txheem no nrog kev pab ntawm kab lus no.
Thawj qhov uas yuav tsum nkag siab yog tias ansible muab rau koj nrog ib qho yooj yim interface los ua ib daim ntawv teev npe ua ntej ntawm kev ua haujlwm ntawm cov chaw taws teeb server (s) ntawm SSH. Tsis muaj khawv koob ntawm no, koj tsis tuaj yeem nruab ib lub plugin thiab tau txais xoom downtime xa tawm ntawm koj daim ntawv thov nrog docker, saib xyuas thiab lwm yam khoom zoo tawm ntawm lub thawv. Yuav kom sau ib phau ntawv ua si, koj yuav tsum paub tias koj xav ua dab tsi thiab yuav ua li cas. Tias yog vim li cas kuv tsis txaus siab rau cov ntawv npaj ua si los ntawm GitHub, lossis cov khoom xws li: "Daim ntawv theej thiab khiav, nws yuav ua haujlwm."
Peb xav tau dab tsi?
Raws li kuv twb tau hais lawm, txhawm rau sau phau ntawv ua si koj yuav tsum paub tias koj xav ua dab tsi thiab yuav ua li cas. Cia peb txiav txim siab seb peb xav tau dab tsi. Rau ib daim ntawv thov Rails peb yuav xav tau ntau pob kab ke: nginx, postgresql (redis, thiab lwm yam). Ntxiv mus, peb xav tau ib tug tshwj xeeb version ntawm ruby. Nws yog qhov zoo tshaj rau nruab nws ntawm rbenv (rvm, asdf ...). Khiav tag nrho cov no raws li tus neeg siv hauv paus yog ib lub tswv yim phem, yog li koj yuav tsum tau tsim ib tus neeg siv cais thiab teeb tsa nws txoj cai. Tom qab no, koj yuav tsum upload peb cov cai rau lub server, luam cov configs rau nginx, postgres, thiab lwm yam thiab pib tag nrho cov kev pab cuam.
Raws li qhov tshwm sim, qhov kev ua ntu zus yog raws li hauv qab no:
- Nkag mus li hauv paus
- nruab cov pob khoom
- tsim tus neeg siv tshiab, teeb tsa txoj cai, ssh key
- configure system pob (nginx thiab lwm yam) thiab khiav lawv
- Peb tsim ib tus neeg siv hauv cov ntaub ntawv (koj tuaj yeem tsim cov ntaub ntawv tam sim ntawd)
- Nkag mus ua tus neeg siv tshiab
- Nruab rbenv thiab ruby
- Txhim kho lub bundler
- Uploading daim ntawv thov code
- Tua tawm Puma server
Ntxiv mus, cov theem kawg tuaj yeem ua tiav siv capistrano, yam tsawg kawg ntawm lub npov nws tuaj yeem luam cov lej rau hauv cov ntawv tso tawm, hloov qhov kev tso tawm nrog lub symlink raws li kev xa mus ua tiav, luam cov configs los ntawm cov npe sib koom, rov pib puma, thiab lwm yam. Tag nrho cov no tuaj yeem ua tiav siv Ansible, tab sis vim li cas?
Cov ntaub ntawv qauv
Ansible muaj nruj rau tag nrho koj cov ntaub ntawv, yog li nws yog qhov zoo tshaj kom khaws nws tag nrho hauv ib phau ntawv cais. Ntxiv mus, nws tsis yog ib qho tseem ceeb heev seb nws yuav nyob rau hauv daim ntawv thov rails nws tus kheej, los yog nyias. Koj tuaj yeem khaws cov ntaub ntawv hauv git repository cais. Tus kheej, kuv pom tias nws yooj yim tshaj plaws los tsim ib qho kev sau npe nyob rau hauv / config directory ntawm daim ntawv thov rails thiab khaws txhua yam hauv ib lub chaw cia khoom.
Simple Playbook
Playbook yog cov ntaub ntawv yml uas, siv cov syntax tshwj xeeb, piav qhia tias Ansible yuav tsum ua li cas thiab yuav ua li cas. Cia peb tsim thawj phau ntawv ua si uas tsis muaj dab tsi:
---
- name: Simple playbook
hosts: allNtawm no peb tsuas hais tias peb phau ntawv ua si hu ua Simple Playbook thiab hais tias nws cov ntsiab lus yuav tsum raug tua rau txhua tus tswv. Peb tuaj yeem khaws nws hauv / ansible directory nrog lub npe playbook.yml thiab sim khiav:
ansible-playbook ./playbook.yml
PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matchedAnsible hais tias nws tsis paub ib tus tswv tsev uas phim tag nrho cov npe. Lawv yuav tsum tau teev nyob rau hauv ib qho tshwj xeeb .
Cia peb tsim nws hauv tib ansible directory:
123.123.123.123Qhov no yog li cas peb tsuas qhia tus tswv tsev (qhov tseeb yog tus tswv tsev ntawm peb VPS rau kev sim, lossis koj tuaj yeem sau npe hauv zos) thiab khaws cia hauv qab lub npe inventory.
Koj tuaj yeem sim khiav ansible nrog cov ntaub ntawv khaws cia:
ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************
PLAY RECAP ************************************************************************************************************************************Yog tias koj muaj ssh nkag mus rau tus tswv tsev, ces ansible yuav txuas thiab sau cov ntaub ntawv hais txog cov chaw taws teeb. (default TASK [Sau Qhov Tseeb]) tom qab ntawd nws yuav muab ib daim ntawv qhia luv luv ntawm kev ua tiav (PLAY RECAP).
Los ntawm lub neej ntawd, kev sib txuas siv tus username nyob rau hauv uas koj tau nkag mus rau hauv lub system. Nws feem ntau yuav tsis nyob ntawm tus tswv tsev. Hauv cov ntaub ntawv playbook, koj tuaj yeem hais qhia tus neeg siv twg los txuas siv cov lus qhia remote_user. Tsis tas li ntawd, cov ntaub ntawv hais txog lub kaw lus tej thaj chaw deb feem ntau yuav tsis tsim nyog rau koj thiab koj yuav tsum tsis txhob nkim sij hawm khaws nws. Txoj haujlwm no tseem tuaj yeem ua tsis taus:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: noSim khiav lub playbook dua thiab xyuas kom meej tias kev sib txuas ua haujlwm. (Yog tias koj tau teev tus neeg siv hauv paus, ces koj kuj yuav tsum tau qhia qhov ua tau: cov lus qhia tseeb kom tau txais cov cai nce siab. Raws li tau sau tseg hauv cov ntaub ntawv: become set to βtrueβ/βyesβ to activate privilege escalation. txawm hais tias nws tsis meej meej vim li cas).
Tej zaum koj yuav tau txais qhov yuam kev los ntawm qhov tseeb tias ansible tsis tuaj yeem txiav txim siab tus neeg txhais lus Python, tom qab ntawd koj tuaj yeem hais qhia nws tus kheej:
ansible_python_interpreter: /usr/bin/python3 Koj tuaj yeem pom qhov twg koj muaj python nrog cov lus txib whereis python.
Txhim kho cov pob khoom
Ansible tus qauv kev faib tawm suav nrog ntau cov qauv rau kev ua haujlwm nrog ntau lub kaw lus pob, yog li peb tsis tas yuav sau ntawv bash rau ib qho laj thawj. Tam sim no peb xav tau ib qho ntawm cov qauv no los hloov kho qhov system thiab nruab cov pob khoom. Kuv muaj Ubuntu Linux ntawm kuv VPS, yog li txhawm rau txhim kho pob khoom kuv siv apt-get ΠΈ . Yog tias koj siv cov kev khiav hauj lwm sib txawv, ces koj yuav xav tau ib qho kev sib txawv (nco ntsoov, kuv tau hais thaum pib tias peb yuav tsum paub ua ntej peb yuav ua li cas thiab peb yuav ua li cas). Txawm li cas los xij, cov syntax feem ntau yuav zoo sib xws.
Cia peb ntxiv peb phau ntawv ua si nrog thawj cov haujlwm:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: presentTask yog raws nraim txoj hauj lwm uas Ansible yuav ua ntawm tej thaj chaw deb servers. Peb muab lub npe ua haujlwm kom peb tuaj yeem taug qab nws qhov kev ua tiav hauv lub cav. Thiab peb piav qhia, siv cov syntax ntawm ib qho module tshwj xeeb, nws yuav tsum ua li cas. Hauv qhov no apt: update_cache=yes - hais kom hloov kho cov pob khoom siv lub apt module. Qhov lus txib thib ob yog qhov nyuaj me ntsis. Peb dhau ib daim ntawv teev cov pob khoom mus rau apt module thiab hais tias lawv yog state yuav tsum ua present, uas yog, peb hais tias nruab cov pob no. Ib yam li ntawd, peb tuaj yeem hais kom lawv rho tawm, lossis hloov kho lawv los ntawm kev hloov pauv yooj yim state. Thov nco ntsoov tias rau kev sib tw ua haujlwm nrog postgresql peb xav tau pob postgresql-contrib, uas peb tab tom txhim kho tam sim no. Ntxiv dua thiab, koj yuav tsum paub thiab ua qhov no; ansible ntawm nws tus kheej yuav tsis ua qhov no.
Sim khiav lub playbook dua thiab xyuas tias cov pob khoom tau nruab.
Tsim cov neeg siv tshiab.
Txhawm rau ua haujlwm nrog cov neeg siv, Ansible kuj muaj ib qho module - neeg siv. Cia peb ntxiv ib qho hauj lwm ntxiv (Kuv tau zais qhov uas twb paub lawm ntawm phau ntawv ua si tom qab cov lus kom tsis txhob luam nws tag nrho txhua zaus):
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: my_user
shell: /bin/bash
password: "{{ 123qweasd | password_hash('sha512') }}"Peb tsim tus neeg siv tshiab, teeb tsa lub phiaj xwm thiab lo lus zais rau nws. Thiab tom qab ntawd peb khiav mus rau ntau qhov teeb meem. Yuav ua li cas yog tias usernames yuav tsum sib txawv rau cov tswv tsev sib txawv? Thiab khaws tus password hauv cov ntawv ntshiab hauv phau ntawv ua si yog lub tswv yim phem heev. Yuav pib nrog, cia peb muab tus username thiab password rau hauv qhov sib txawv, thiab ntawm qhov kawg ntawm tsab xov xwm kuv yuav qhia yuav ua li cas rau encrypt tus password.
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"Cov kev hloov pauv tau teeb tsa hauv cov ntawv ua si uas siv ob npaug curly braces.
Peb yuav qhia txog qhov tseem ceeb ntawm cov kev hloov pauv hauv cov ntaub ntawv khaws tseg:
123.123.123.123
[all:vars]
user=my_user
user_password=123qweasdThov nco ntsoov cov lus qhia [all:vars] - nws hais tias cov ntawv thaiv tom ntej no yog qhov sib txawv (vars) thiab lawv siv tau rau txhua tus tswv (tag nrho).
Tus tsim kuj nthuav "{{ user_password | password_hash('sha512') }}". Qhov tshaj plaws yog tias ansible tsis nruab tus neeg siv ntawm user_add zoo li koj yuav ua nws manually. Thiab nws txuag tag nrho cov ntaub ntawv ncaj qha, uas yog vim li cas peb tseem yuav tsum hloov tus password rau hauv hash ua ntej, uas yog qhov lus txib no ua.
Cia peb ntxiv peb cov neeg siv rau pawg sudo. Txawm li cas los xij, ua ntej qhov no peb yuav tsum ua kom ntseeg tau tias cov pab pawg no tshwm sim vim tsis muaj leej twg yuav ua qhov no rau peb:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"Txhua yam yog yooj yim heev, peb kuj muaj ib pab pawg module tsim pab pawg, nrog rau cov syntax zoo ib yam li apt. Tom qab ntawd nws txaus los sau npe pab pawg no rau tus neeg siv (groups: "sudo").
Nws kuj tseem muaj txiaj ntsig los ntxiv tus yuam sij ssh rau tus neeg siv no kom peb tuaj yeem nkag mus siv nws yam tsis muaj tus password:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentNyob rau hauv cov ntaub ntawv no, tus tsim yog nthuav "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - nws luam cov ntsiab lus ntawm id_rsa.pub cov ntaub ntawv (koj lub npe yuav txawv), uas yog, pej xeem ib feem ntawm tus yuam sij ssh thiab uploads rau hauv daim ntawv tso cai yuam sij rau tus neeg siv ntawm lub server.
Cov luag hauj lwm
Tag nrho peb txoj haujlwm los tsim kev siv tau yooj yim muab faib ua ib pab pawg ua haujlwm, thiab nws yuav yog ib lub tswv yim zoo los khaws cov pab pawg no cais tawm ntawm phau ntawv tseem ceeb kom nws tsis loj hlob. Rau lub hom phiaj no, Ansible muaj .
Raws li cov qauv ntaub ntawv qhia thaum pib, cov luag haujlwm yuav tsum tau muab tso rau hauv ib lub luag haujlwm cais, rau txhua lub luag haujlwm muaj cov npe sib cais nrog tib lub npe, hauv cov haujlwm, cov ntaub ntawv, cov qauv, thiab lwm yam.
Cia peb tsim cov qauv ntaub ntawv: ./ansible/roles/user/tasks/main.yml (qhov tseem ceeb yog cov ntaub ntawv tseem ceeb uas yuav raug thauj thiab ua tiav thaum lub luag haujlwm txuas nrog rau phau ntawv ua si; ββlwm cov ntaub ntawv lub luag haujlwm tuaj yeem txuas nrog nws). Tam sim no koj tuaj yeem hloov tag nrho cov haujlwm ntsig txog tus neeg siv rau cov ntaub ntawv no:
# Create user and add him to groups
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentHauv phau ntawv tseem ceeb, koj yuav tsum qhia kom siv lub luag haujlwm ntawm tus neeg siv:
---
- name: Simple playbook
hosts: all
remote_user: root
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: present
roles:
- userTsis tas li ntawd, nws yuav ua rau muaj txiaj ntsig los hloov kho qhov system ua ntej tag nrho lwm yam haujlwm; ua qhov no, koj tuaj yeem hloov npe lub thaiv tasks nyob rau hauv uas lawv tau txhais nyob rau hauv pre_tasks.
Teeb tsa nginx
Peb yuav tsum tau muaj Nginx ntsia; peb yuav tsum teeb tsa nws thiab khiav nws. Cia peb ua tam sim ntawd hauv lub luag haujlwm. Cia peb tsim cov qauv ntaub ntawv:
- ansible
- roles
- nginx
- files
- tasks
- main.yml
- templatesTam sim no peb xav tau cov ntaub ntawv thiab cov qauv. Qhov txawv ntawm lawv yog tias ansible luam cov ntaub ntawv ncaj qha, zoo li yog. Thiab cov qauv yuav tsum muaj qhov txuas ntxiv j2 thiab lawv tuaj yeem siv cov txiaj ntsig sib txawv uas siv tib ob qhov curly braces.
Cia peb qhib nginx hauv main.yml ntaub ntawv. Rau qhov no peb muaj ib tug systemd module:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yesNtawm no peb tsis tsuas yog hais tias nginx yuav tsum tau pib (uas yog, peb tso nws), tab sis peb tam sim ntawd hais tias nws yuav tsum tau qhib.
Tam sim no cia peb luam cov ntaub ntawv teeb tsa:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'Peb tsim cov ntaub ntawv tseem ceeb nginx teeb tsa (koj tuaj yeem nqa nws ncaj qha los ntawm lub server, lossis sau koj tus kheej). Thiab tseem cov ntaub ntawv configuration rau peb daim ntawv thov nyob rau hauv sites_available directory (qhov no tsis tsim nyog tab sis muaj txiaj ntsig). Hauv thawj kis, peb siv cov qauv luam tawm los luam cov ntaub ntawv (cov ntaub ntawv yuav tsum nyob hauv /ansible/roles/nginx/files/nginx.conf). Hauv qhov thib ob, peb luam cov qauv, hloov cov txiaj ntsig ntawm qhov sib txawv. Lub template yuav tsum nyob rau hauv /ansible/roles/nginx/templates/my_app.j2). Thiab nws yuav zoo li no:
upstream {{ app_name }} {
server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name {{ server_name }} {{ inventory_hostname }};
root {{ app_path }}/current/public;
try_files $uri/index.html $uri.html $uri @{{ app_name }};
....
}Ua tib zoo mloog rau cov ntxig {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} - cov no yog tag nrho cov kev hloov pauv uas nws qhov txiaj ntsig Ansible yuav hloov pauv mus rau hauv tus qauv ua ntej luam tawm. Qhov no muaj txiaj ntsig yog tias koj siv phau ntawv ua si rau ntau pab pawg ntawm cov tswv. Piv txwv li, peb tuaj yeem ntxiv peb cov ntaub ntawv khaws cia:
[production]
123.123.123.123
[staging]
231.231.231.231
[all:vars]
user=my_user
user_password=123qweasd
[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app
[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_appYog tias peb tam sim no tso peb phau ntawv ua si, nws yuav ua cov haujlwm tshwj xeeb rau ob tus tswv. Tab sis tib lub sijhawm, rau tus tswv tsev staging, qhov sib txawv yuav txawv ntawm cov khoom tsim tawm, thiab tsis yog hauv cov luag haujlwm thiab cov ntawv ua si xwb, tab sis kuj hauv nginx configs. {{ inventory_hostname }} Tsis tas yuav tsum tau teev nyob rau hauv cov ntaub ntawv khaws tseg - qhov no thiab tus tswv tsev uas phau ntawv ua si tab tom khiav tam sim no tau muab khaws cia rau ntawd.
Yog tias koj xav kom muaj cov ntaub ntawv khaws cia rau ntau tus tswv, tab sis tsuas yog khiav rau ib pawg, qhov no tuaj yeem ua tiav nrog cov lus txib hauv qab no:
ansible-playbook -i inventory ./playbook.yml -l "staging"Lwm qhov kev xaiv yog kom muaj cov ntaub ntawv khaws tseg cais rau ntau pawg. Lossis koj tuaj yeem muab ob txoj hauv kev yog tias koj muaj ntau tus tswv tsev sib txawv.
Cia peb rov qab mus teeb tsa nginx. Tom qab luam cov ntaub ntawv teeb tsa, peb yuav tsum tsim ib qho kev sib txuas hauv sitest_enabled rau my_app.conf los ntawm sites_available. Thiab rov pib nginx.
... # old code in mail.yml
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restartedTxhua yam yog qhov yooj yim ntawm no - dua ansible modules nrog tus qauv zoo sib xws. Tab sis muaj ib lub ntsiab lus. Tsis muaj qhov taw tes rau kev rov pib nginx txhua lub sijhawm. Koj puas tau pom tias peb tsis sau cov lus txib zoo li: "ua qhov no zoo li no", cov syntax zoo li "qhov no yuav tsum muaj lub xeev no". Thiab feem ntau qhov no yog raws nraim li cas ansible ua haujlwm. Yog hais tias cov pab pawg twb muaj lawm, los yog lub system pob twb ntsia, ces ansible yuav xyuas qhov no thiab hla txoj hauj lwm. Tsis tas li ntawd, cov ntaub ntawv yuav tsis raug theej yog tias lawv tag nrho phim qhov uas twb muaj nyob hauv server. Peb tuaj yeem ua kom zoo dua qhov no thiab rov pib nginx tsuas yog tias cov ntaub ntawv teeb tsa tau hloov pauv. Muaj ib daim ntawv teev npe rau qhov no:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
register: restart_nginx
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'
register: restart_nginx
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restarted
when: restart_nginx.changedYog tias ib qho ntawm cov ntaub ntawv teeb tsa hloov pauv, ib daim qauv yuav raug ua thiab qhov sib txawv yuav raug sau npe restart_nginx. Thiab tsuas yog tias qhov hloov pauv no tau sau npe yuav qhov kev pabcuam rov pib dua.
Thiab, tau kawg, koj yuav tsum tau ntxiv lub luag haujlwm nginx rau hauv phau ntawv tseem ceeb.
Teeb tsa postgresql
Peb yuav tsum pab kom postgresql siv systemd ib yam li peb tau ua nrog nginx, thiab tseem tsim tus neeg siv uas peb yuav siv nkag mus rau hauv cov ntaub ntawv thiab cov ntaub ntawv nws tus kheej.
Cia peb tsim lub luag haujlwm /ansible/roles/postgresql/tasks/main.yml:
# Create user in postgresql
- name: enable postgresql and start
systemd:
name: postgresql
state: started
enabled: yes
- name: Create database user
become_user: postgres
postgresql_user:
name: "{{ db_user }}"
password: "{{ db_password }}"
role_attr_flags: SUPERUSER
- name: Create database
become_user: postgres
postgresql_db:
name: "{{ db_name }}"
encoding: UTF-8
owner: "{{ db_user }}"Kuv yuav tsis piav qhia txog yuav ua li cas ntxiv cov hloov pauv rau cov khoom muag, qhov no twb tau ua tiav ntau zaus, nrog rau cov syntax ntawm postgresql_db thiab postgresql_user modules. Xav paub ntau ntxiv tuaj yeem pom hauv cov ntaub ntawv. Qhov nthuav qhia tshaj plaws ntawm no yog become_user: postgres. Qhov tseeb yog los ntawm lub neej ntawd, tsuas yog tus neeg siv postgres tau nkag mus rau postgresql database thiab hauv zos xwb. Cov lus qhia no tso cai rau peb ua cov lus txib sawv cev ntawm tus neeg siv no (yog tias peb muaj kev nkag mus, tau kawg).
Tsis tas li ntawd, koj yuav tau ntxiv ib kab rau pg_hba.conf kom tso cai rau tus neeg siv tshiab nkag mus rau hauv cov ntaub ntawv. Qhov no tuaj yeem ua tau zoo ib yam li peb hloov nginx config.
Thiab ntawm chav kawm, koj yuav tsum tau ntxiv lub luag haujlwm postgresql rau lub ntsiab playbook.
Txhim kho ruby ββββntawm rbenv
Ansible tsis muaj modules rau kev ua hauj lwm nrog rbenv, tab sis nws yog ntsia los ntawm cloning git repository. Yog li ntawd, qhov teeb meem no dhau los ua qhov tsis zoo tshaj plaws. Cia peb tsim lub luag haujlwm rau nws /ansible/roles/ruby_rbenv/main.yml thiab cia peb pib sau nws tawm:
# Install rbenv and ruby
- name: Install rbenv
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenvPeb rov siv cov lus qhia dhau los_user los ua haujlwm raws li tus neeg siv peb tsim rau lub hom phiaj no. Txij li thaum rbenv tau teeb tsa hauv nws cov npe hauv tsev, thiab tsis yog thoob ntiaj teb. Thiab peb kuj siv git module los clone lub repository, qhia txog repo thiab dest.
Tom ntej no, peb yuav tsum sau npe rbenv init hauv bashrc thiab ntxiv rbenv rau PATH muaj. Rau qhov no peb muaj lineinfile module:
- name: Add rbenv to PATH
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'
- name: Add rbenv init to bashrc
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'eval "$(rbenv init -)"'Tom qab ntawd koj yuav tsum nruab ruby_build:
- name: Install ruby-build
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-buildThiab thaum kawg nruab ruby. Qhov no ua tiav los ntawm rbenv, uas yog, tsuas yog nrog cov lus txib bash:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
rbenv install {{ ruby_version }}
args:
executable: /bin/bashPeb hais cov lus txib kom ua thiab nrog dab tsi. Txawm li cas los xij, ntawm no peb tuaj hla qhov tseeb tias ansible tsis khiav cov cai muaj nyob hauv bashrc ua ntej khiav cov lus txib. Qhov no txhais tau hais tias rbenv yuav tsum tau txhais ncaj qha rau hauv tib tsab ntawv.
Qhov teeb meem tom ntej no yog vim qhov tseeb hais tias lub plhaub hais kom ua tsis muaj lub xeev los ntawm qhov pom ntawm qhov pom. Ntawd yog, yuav tsis muaj kev tshuaj xyuas tsis siv neeg seb qhov no version ntawm ruby ββββyog ntsia los yog tsis. Peb tuaj yeem ua qhov no peb tus kheej:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
if ! rbenv versions | grep -q {{ ruby_version }}
then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
fi
args:
executable: /bin/bashTxhua yam uas tseem tshuav yog rau nruab bundler:
- name: Install bundler
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
gem install bundlerThiab dua, ntxiv peb lub luag haujlwm ruby_rbenv rau hauv phau ntawv tseem ceeb.
Muab cov ntaub ntawv.
Feem ntau, kev teeb tsa tuaj yeem ua tiav ntawm no. Tom ntej no, txhua yam uas tseem tshuav yog khiav capistrano thiab nws yuav luam tus lej nws tus kheej, tsim cov npe tsim nyog thiab tso tawm daim ntawv thov (yog tias txhua yam teeb tsa raug). Txawm li cas los xij, capistrano feem ntau xav tau cov ntaub ntawv teeb tsa ntxiv, xws li database.yml los yog .env Lawv tuaj yeem luam tau ib yam li cov ntaub ntawv thiab cov qauv rau nginx. Tsuas muaj ib tug subtlety. Ua ntej luam cov ntaub ntawv, koj yuav tsum tsim ib daim ntawv teev cov qauv rau lawv, ib yam dab tsi zoo li no:
# Copy shared files for deploy
- name: Ensure shared dir
become_user: "{{ user }}"
file:
path: "{{ app_path }}/shared/config"
state: directorypeb qhia tsuas yog ib daim ntawv teev npe thiab ansible yuav cia li tsim cov niam txiv yog tias tsim nyog.
Ansible Vault
Peb twb tau tuaj hla qhov tseeb tias qhov sib txawv tuaj yeem muaj cov ntaub ntawv zais cia xws li tus neeg siv tus password. Yog koj tsim .env file rau daim ntawv thov, thiab database.yml tom qab ntawd yuav tsum muaj ntau cov ntaub ntawv tseem ceeb. Nws yuav zoo los nkaum lawv ntawm qhov muag prying. Rau lub hom phiaj no nws yog siv .
Cia peb tsim cov ntaub ntawv rau cov hloov pauv /ansible/vars/all.yml (ntawm no koj tuaj yeem tsim cov ntaub ntawv sib txawv rau cov pab pawg sib txawv, ib yam li hauv cov ntaub ntawv khaws cia: production.yml, staging.yml, thiab lwm yam).
Txhua qhov sib txawv uas yuav tsum tau encrypted yuav tsum raug xa mus rau cov ntaub ntawv no siv tus qauv yml syntax:
# System vars
user_password: 123qweasd
db_password: 123qweasd
# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_baseTom qab ntawd cov ntaub ntawv no tuaj yeem encrypted nrog cov lus txib:
ansible-vault encrypt ./vars/all.ymlLawm, thaum encrypting, koj yuav tau teem ib lo lus zais rau decryption. Koj tuaj yeem pom dab tsi yuav nyob hauv cov ntaub ntawv tom qab hu cov lus txib no.
Nrog kev pab los ntawm ansible-vault decrypt cov ntaub ntawv tuaj yeem decrypted, hloov kho thiab rov encrypted dua.
Koj tsis tas yuav decrypt cov ntaub ntawv los ua haujlwm. Koj khaws nws encrypted thiab khiav lub playbook nrog kev sib cav --ask-vault-pass. Ansible yuav nug tus password, rov qab cov hloov pauv, thiab ua tiav cov haujlwm. Tag nrho cov ntaub ntawv yuav nyob twj ywm encrypted.
Cov lus txib ua tiav rau ntau pab pawg ntawm cov tswv thiab ansible vault yuav zoo li no:
ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-passTab sis kuv yuav tsis muab tag nrho cov ntawv nyeem ntawm playbooks thiab lub luag hauj lwm, sau koj tus kheej. Vim tias ansible zoo li ntawd - yog tias koj tsis nkag siab tias yuav tsum ua dab tsi, ces nws yuav tsis ua rau koj.
Tau qhov twg los: www.hab.com