N'isiokwu a, m ga-ekekọrịta ahụmahụ m nke ịtọlite ​​​​CI/CD site na iji Plesk Control Panel na Github Actions. Taa, anyị ga-amụta otu esi ebuga ọrụ dị mfe na aha na-enweghị mgbagwoju anya "Helloworld". Edere ya na Frask Python framework, ya na ndị ọrụ Celery na ihu Angular 8.

Njikọ na ebe nchekwa: azụ azụ, ihu njedebe.

N'akụkụ mbụ nke isiokwu ahụ, anyị ga-eleba anya na ọrụ anyị na akụkụ ya. N'ime nke abụọ, anyị ga-achọpụta otu esi edozi Plesk ma wụnye ihe mgbakwunye na ihe ndị dị mkpa (DB, RabbitMQ, Redis, Docker, wdg).

N'akụkụ nke atọ, anyị ga-emesị chọpụta ka esi edozi pipeline maka ibuga ọrụ anyị na ihe nkesa na mpaghara dev na prod. Mgbe ahụ, anyị ga-amalite saịtị na ihe nkesa.

Ma ee, echefuru m iwebata onwe m. Aha m bụ Oleg Borzov, abụ m onye nrụpụta zuru oke na otu CRM maka ndị njikwa nnyefe na Domclick.

Nchịkọta oru ngo

Nke mbụ, ka anyị leba anya na ebe nchekwa ọrụ abụọ - azụ azụ na ihu - wee gafee koodu ahụ.

Azụ: Flask+Celery

Maka akụkụ azụ, ewerere m ụyọkọ na-ewu ewu nke ukwuu n'etiti ndị mmepe Python: Flask framework (maka API) na Celery (maka ọrụ kwụ n'ahịrị). A na-eji SQLAchemy dị ka ORM. A na-eji Alembic eme njem. Maka nkwado JSON na aka - Marshmallow.

В ebe nchekwa enwere faịlụ Readme.md nwere nkọwa zuru ezu nke nhazi na ntuziaka maka ịrụ ọrụ a.

Akụkụ Weebụ API dị nnọọ mfe, nwere 6 pensụl:

• /ping - ịlele ịdị adị;
• na-eji maka ndebanye aha, ikike, iwepụ ikike na ịnweta onye ọrụ ikike;
• aka email nke na-etinye ọrụ na Celery kwụ n'ahịrị.

Akụkụ Celery ọbụna mfe, e nwere nanị otu nsogbu send_mail_task.

Na nchekwa /conf enwere folda nchekwa abụọ:

• docker nwere Dockerfiles abụọ (base.dockerfile iji wuo ihe oyiyi isi na-adịghị agbanwe agbanwe na Dockerfile maka nnukwu mgbakọ;
• .env_files - na faịlụ nwere mgbanwe gburugburu ebe obibi maka gburugburu dị iche iche.

Enwere faịlụ docker anọ na mgbọrọgwụ nke ọrụ a:

• docker-compose.local.db.yml iji bulie nchekwa data mpaghara maka mmepe;
• docker-compose.local.workers.yml maka nzụlite mpaghara nke onye ọrụ, nchekwa data, Redis na RabbitMQ;
• docker-compose.test.yml iji mee ule n'oge ntinye;
• docker-compose.yml maka ntinye.

Na folda ikpeazụ anyị nwere mmasị na ya - .ci-cd. O nwere scripts shei maka ibuga:

• deploy.sh - mmalite nke Mbugharị na ntinye. Na-agba ọsọ na ihe nkesa mgbe ụlọ na-agba ọsọ ule na Github Actions;
• rollback.sh - nlọghachi nke arịa na ụdị mgbakọ gara aga;
• curl_tg.sh - izipu ọkwa mbugharị na Telegram.

Frontend na Angular

Repository na n'ihu dị mfe karịa nke Beck. Ihu nwere ibe atọ:

• Isi ibe nwere fọm maka izipu email na bọtịnụ ọpụpụ.
• Nbanye ibe.
• Ibe ndebanye aha.

Ibe isi na-ele anya ascetic:

Enwere faịlụ abụọ na mgbọrọgwụ Dockerfile и docker-compose.yml, yana folda a maara nke ọma .ci-cd nwere script dị ntakịrị karịa na ebe nchekwa azụ (edemede ewepụrụ maka ule na-agba ọsọ).

Ịmalite ọrụ na Plesk

Ka anyị bido site na ịtọlite ​​Plesk na ịmepụta ndenye aha maka saịtị anyị.

Ịwụnye ndọtị

Na Plesk, anyị chọrọ mgbatị anọ:

• Docker iji jikwaa na anya na-egosipụta ọnọdụ nke containers na Plesk admin panel;
• Git iji hazie nzọụkwụ ntinye na ihe nkesa;
• Let's Encrypt iji wepụta (na megharịa akpaaka) asambodo TLS efu;
• Firewall iji hazie nzacha okporo ụzọ na-abata.

Ị nwere ike iwunye ha site na Plesk admin panel na Extensions ngalaba:

Anyị agaghị atụle ntọala zuru ezu maka ndọtị, ntọala ndabara ga-eme maka ebumnuche ngosi anyị.

Mepụta ndenye aha na saịtị

Ọzọ, anyị kwesịrị ịmepụta ndenye aha maka webụsaịtị helloworld.ru anyị wee gbakwunye subdomain dev.helloworld.ru ebe ahụ.

1. Mepụta ndenye aha maka ngalaba helloworld.ru wee kọwapụta paswọọdụ nbanye maka onye ọrụ sistemụ:

   
   Lelee igbe dị n'okpuru ibe ahụ Chekwaa ngalaba ahụ na Ka anyị ezoro ezoọ bụrụ na anyị chọrọ ịtọ HTTPS maka saịtị:

   

2. Na-esote, na ndenye aha a, mepụta subdomain dev.helloworld.ru (nke ị nwekwara ike ịnye asambodo TLS efu):

   

Ịwụnye ihe nkesa

Anyị nwere ihe nkesa Os Debian Stretch 9.12 na arụnyere njikwa panel Plesk Obsidian 18.0.27.

Anyị kwesịrị ịwụnye na hazie maka ọrụ anyị:

• PostgreSQL (n'ọnọdụ anyị, a ga-enwe otu ihe nkesa nwere ọdụ data abụọ maka gburugburu dev na prod).
• RabbitMQ (otu ihe atụ na vhosts dị iche iche maka gburugburu).
• Ihe atụ abụọ Redis (maka gburugburu dev na prod).
• Ndebanye aha Docker (maka nchekwa mpaghara nke onyonyo Docker wuru).
• UI maka ndekọ Docker.

PostgreSQL

Plesk abịala na PostgreSQL DBMS, mana ọ bụghị ụdị kachasị ọhụrụ (n'oge edere Plesk Obsidian kwadoro Ụdị Postgres 8.4–10.8). Anyị chọrọ ụdị kachasị ọhụrụ maka ngwa anyị (12.3 n'oge ederede), yabụ anyị ga-eji aka tinye ya.

Enwere ọtụtụ ntụziaka zuru ezu maka ịwụnye Postgres na Debian na netwọk (ihe atụ), yabụ agaghị m akọwa ha n'ụzọ zuru ezu, naanị m ga-enye iwu:

wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'

sudo apt-get update
sudo apt-get install postgresql postgresql-contrib

N'iburu n'uche na PostgreSQL nwere ntọala ndabara dị obere, ọ dị mkpa iji dozie nhazi ahụ. Nke a ga-enyere anyị aka ihe mgbako: ịkwesịrị ịkwọ ụgbọala na paramita nke ihe nkesa gị ma dochie ntọala na faịlụ ahụ /etc/postgresql/12/main/postgresql.confnye ndị e nyere. Okwesiri iburu n'uche ebe a na ihe mgbako di otu a abughi mgbo anwansi, na a ga-edobe isi ya nke oma, dabere na ngwaike, ngwa, na njuju ajuju gi. Ma nke a zuru ezu ịmalite.

Na mgbakwunye na ntọala ndị mgbako tụrụ aro, anyị na-agbanwekwa postgresql.confọdụ ụgbọ mmiri ndabara 5432 gaa na nke ọzọ (na ihe atụ anyị - 53983).

Mgbe ịgbanwere faịlụ nhazi, malitegharịa postgresql-server na iwu:

service postgresql restart

Anyị etinyela ma hazie PostgreSQL. Ugbu a, ka anyị mepụta nchekwa data, ndị ọrụ maka gburugburu dev na prod, ma nye ndị ọrụ ikike ijikwa nchekwa data:

$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT

Oke oyibo

Ka anyị gaa n'ihu ịwụnye RabbitMQ, onye na-ere ahịa ozi maka Celery. Ịwụnye ya na Debian dị nnọọ mfe:

wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb

sudo apt-get update
sudo apt-get install erlang erlang-nox

sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -

sudo apt-get update
sudo apt-get install rabbitmq-server

Mgbe echichi, anyị kwesịrị ịmepụta vhosts, ndị ọrụ wee nye ikike ndị dị mkpa:

sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password 
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"

sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password 
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"

Redis

Ugbu a, ka anyị wụnye ma hazie akụkụ ikpeazụ maka ngwa anyị - Redis. A ga-eji ya dị ka ihe ndabere maka ịchekwa nsonaazụ nke ọrụ Celery.

Anyị ga-ebuli akpa Docker abụọ na Redis maka gburugburu dev na prod site na iji ndọtị ahụ Docker maka Plesk.

1. Anyị na-aga Plesk, gaa na ngalaba Extensions, chọọ ndọtị Docker wee wụnye ya (anyị chọrọ ụdị efu):

   

2. Gaa na ndọtị arụnyere, chọta onyonyo site na nchọta redis bitnami ma wụnye ụdị kachasị ọhụrụ:

   

3. Anyị na-abanye n'ime akpa ahụ ebudatara ma mezie nhazi ahụ: kọwaa ọdụ ụgbọ mmiri ahụ, oke RAM ekenyela, paswọọdụ na mgbanwe gburugburu ebe obibi, wee bulie olu:

   

4. Anyị na-eme usoro 2-3 maka akpa prod, na ntọala anyị na-agbanwe naanị paramita: ọdụ ụgbọ mmiri, paswọọdụ, nha RAM na ụzọ na folda olu na sava ahụ:

   

Docker ndekọ

Na mgbakwunye na ọrụ ndị bụ isi, ọ ga-adị mma itinye ebe nchekwa ihe onyonyo Docker nke gị na sava ahụ. Ọ dabara nke ọma, oghere ihe nkesa dị ugbu a dị ọnụ ala (n'ezie dị ọnụ ala karịa ndenye aha DockerHub), na usoro ịtọlite ​​​​ebe nchekwa nkeonwe dị nnọọ mfe.

Anyị chọrọ inwe:

• Ebe nchekwa Docker echedoro paswọọdụ enwere ike ịnweta na ngalaba ngalaba https://docker.helloworld.ru;
• UI maka ilele onyonyo na ebe nchekwa, dị na https://docker-ui.helloworld.ru.

Iji mee nke a:

1. Ka anyị mepụta subdomains abụọ na Plesk na ndenye aha anyị: docker.helloworld.ru na docker-ui.helloworld.ru, wee hazie ka anyị zoo asambodo maka ha.
2. Tinye faịlụ na nchekwa subdomain docker.helloworld.ru docker-compose.yml nwere ọdịnaya dị ka nke a:

   version: "3"
   
   services:
     docker-registry:
       image: "registry:2"
       restart: always
       ports:
         - "53985:5000"
       environment:
         REGISTRY_AUTH: htpasswd
         REGISTRY_AUTH_HTPASSWD_REALM: basic-realm
         REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd
         REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
       volumes:
         - ./.docker-registry.htpasswd:/auth/.htpasswd
         - ./data:/data
   
     docker-registry-ui:
       image: konradkleine/docker-registry-frontend:v2
       restart: always
       ports:
         - "53986:80"
       environment:
         VIRTUAL_HOST: '*, https://*'
         ENV_DOCKER_REGISTRY_HOST: 'docker-registry'
         ENV_DOCKER_REGISTRY_PORT: 5000
       links:
         - 'docker-registry'
   

3. N'okpuru SSH, anyị ga-ewepụta faịlụ .htpasswd maka ikike ikike na ebe nchekwa Docker:

   htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password

4. Chịkọta ma bulie akpa:

   docker-compose up -d

5. Ma anyị kwesịrị ibugharị Nginx na arịa anyị. Enwere ike ime nke a site na Plesk.

Ekwesịrị ime usoro ndị a maka docker.helloworld.ru na docker-ui.helloworld.ru subdomains:

ngalaba Ngwaọrụ Dev saịtị anyị gaa na Iwu Docker Proxy:

Ma tinye iwu na okporo ụzọ na-abata proxy na akpa anyị:

1. Anyị na-enyocha na anyị nwere ike isi na igwe mpaghara banye na akpa anyị:

   $ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password
   WARNING! Using --password via the CLI is insecure. Use --password-stdin.
   Login Succeeded

2. Ka anyị leleekwa ọrụ nke subdomain docker-ui.helloworld.ru:

   
   Mgbe ị pịrị na Chọgharịa ebe nchekwa, ihe nchọgharị ahụ ga-egosipụta windo ikike ebe ị ga-achọ itinye aha njirimara na paswọọdụ maka ebe nchekwa ahụ. Mgbe nke ahụ gasịrị, a ga-ebufe anyị na ibe nwere ndepụta ebe nchekwa (ugbu a, ọ ga-abụ ihe efu maka gị):

   

Imepe ọdụ ụgbọ mmiri na Plesk Firewall

Mgbe ị wụnyechara ma hazie ihe ndị ahụ, anyị kwesịrị imepe ọdụ ụgbọ mmiri ka ihe ndị ahụ wee nweta site na igbe Docker na netwọkụ mpụga.

Ka anyị hụ otu esi eme nke a site na iji ndọtị Firewall maka Plesk nke anyị rụnyere na mbụ.

1. Gaa na Ngwaọrụ & Ntọala> Ntọala> Firewall:
   
2. Gaa na Megharịa Plesk Firewall Iwu> Tinye iwu omenala ma mepee ọdụ ụgbọ mmiri TCP ndị a maka subnet Docker (172.0.0.0 / 8):
   RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
   Mgbanwe: 32785, 32786

   

3. Anyị ga-agbakwunye iwu nke ga-emepe ọdụ ụgbọ mmiri PostgreSQL na ogwe njikwa RabbitMQ na mpụga ụwa:

   

4. Tinye iwu site na iji bọtịnụ Tinye mgbanwe:

   

Ịtọlite ​​​​CI/CD na Github Actions

Ka anyị gbadaa na akụkụ kachasị mma - ịtọlite ​​​​pipe njikọ na-aga n'ihu na ibuga ọrụ anyị na sava ahụ.

Pipeline a ga-enwe akụkụ abụọ:

• na-ewu ihe oyiyi na ule na-agba ọsọ (maka azụ azụ) - n'akụkụ Github;
• migrations na-agba ọsọ (maka azụ azụ) ma na-ebuga arịa - na ihe nkesa.

Nyefee na Plesk

Ka anyị buru ụzọ leba anya n’isi ihe nke abụọ (n’ihi na nke mbụ dabere na ya).

Anyị ga-ahazi usoro ibunye ya site na iji ndọtị Git maka Plesk.

Tụlee ihe atụ nwere gburugburu Prod maka ebe nchekwa Backend.

1. Anyị na-aga na ndenye aha nke weebụsaịtị Helloworld wee gaa na ngalaba Git:

   

2. Fanye njikọ na ebe nchekwa Github anyị n'ime mpaghara "Remote Git repository" wee gbanwee folda ndabara. httpdocs nye onye ọzọ (dịka. /httpdocs/hw_back):

   

3. Detuo igodo Ọhaneze SSH site na nzọụkwụ gara aga na tinye Ọ dị na ntọala Github.
4. Pịa OK na ihuenyo na nzọụkwụ 2, mgbe nke a gasịrị, a ga-atụgharị anyị na ibe nchekwa na Plesk. Ugbu a, anyị kwesịrị ịhazi ebe nchekwa ahụ ka emelite ya na ntinye aka na ngalaba nna ukwu. Iji mee nke a, gaa na Ntọala nchekwa ma chekwaa uru ahụ Webhook URL (anyị ga-achọ ya ma emechaa mgbe ị na-ahazi Github Actions):

   

5. N'ime mpaghara omume dị na ihuenyo site na paragraf gara aga, tinye edemede ka ịmalite ntinye:

   cd {REPOSITORY_ABSOLUTE_PATH}
   .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID} 

   ebe:

   {REPOSITORY_ABSOLUTE_PATH} - ụzọ na prod nchekwa nke backend repository na ihe nkesa;
   {ENV} - gburugburu (dev / prod), n'ọnọdụ anyị prod;
   {DOCKER_REGISTRY_HOST} - onye ọbịa nke ebe nchekwa docker anyị
   {TG_BOT_TOKEN} - Telegram bot token;
   {TG_CHAT_ID} - NJ nke nkata / ọwa maka izipu ọkwa.

   Ọmụmaatụ script:

   cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/
   .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890

6. Tinye onye ọrụ site na ndenye aha anyị na otu Docker (ka ha nwee ike ijikwa arịa):

   sudo usermod -aG docker helloworld_admin

A na-edozi ebe dev maka ebe nchekwa azụ azụ na frontend n'otu ụzọ ahụ.

Pipeline na-ebunye na Github Actions

Ka anyị gaa n'ihu ịtọlite ​​akụkụ mbụ nke pipeline CI/CD na Github Actions.

Backend

A kọwara pipeline na deploy.yml faịlụ.

Mana tupu ịkọwa ya, ka anyị dejupụta mgbanwe nzuzo anyị chọrọ na Github. Iji mee nke a, gaa na Ntọala -> Nzuzo:

• DOCKER_REGISTRY - onye ọbịa nke ebe nchekwa Docker anyị (docker.helloworld.ru);
• DOCKER_LOGIN - banye na ebe nchekwa Docker;
• DOCKER_PASSWORD - paswọọdụ maka ya;
• DEPLOY_HOST - nnabata ebe Plesk admin panel dị (ihe atụ: helloworld.com: 8443 ma ọ bụ 123.4.56.78:8443);
• DEPLOY_BACK_PROD_TOKEN - akara ngosi maka ntinye na prod-repository na ihe nkesa (anyị nwetara ya na Deployment na Plesk p. 4);
• DEPLOY_BACK_DEV_TOKEN - token maka ibuga na ebe nchekwa dev na sava ahụ.

Usoro ntinye ya dị mfe ma nwere usoro atọ bụ isi:

• iwulite na ibipụta onyonyo na ebe nchekwa anyị;
• na-agba ọsọ ule n'ime akpa dabere na onyonyo ewuru ọhụrụ;
• ntinye na gburugburu ebe a chọrọ dabere na alaka ụlọ ọrụ (dev / master).

Ihu njedebe

Faịlụ deploy.yml maka ebe nchekwa n'ihu dịtụ iche na nke Beck. Ọ enweghị nzọụkwụ na-agba ọsọ ule na-agbanwe aha nke tokens maka nkenye. Ihe nzuzo maka ebe nchekwa n'ihu, n'ụzọ, ọ dị mkpa ka ejupụta ya iche.

Ntọlite ​​saịtị

Na-ebugharị okporo ụzọ site na Nginx

Ọfọn, anyị abịala na njedebe. Ọ ka dị naanị ịhazi proxying nke okporo ụzọ mbata na ọpụpụ na akpa anyị site na Nginx. Anyị ekpuchilarị usoro a na nzọụkwụ 5 nke nhazi ndekọ aha Docker. Ekwesịrị ikwugharị otu ihe ahụ maka akụkụ azụ na ihu na mpaghara dev na prod.

M ga-enye nseta ihuenyo nke ntọala.

Backend

Ihu njedebe

Nkọwa dị mkpa. URL niile ga-abụ proxied na akpa ihu, ewezuga ndị na-amalite /api/ - a ga-edobe ha na akpa azụ (ya mere n'ime akpa azụ, ndị ọrụ niile ga-ejirịrị malite /api/).

Nsonaazụ

Ugbu a saịtị anyị kwesịrị ịdị na helloworld.ru na dev.helloworld.ru (prod- na dev-environments, n'otu n'otu).

Na mkpokọta, anyị mụtara ka esi akwadebe ngwa dị mfe na Flask na Angular ma guzobe pipeline na Github Actions iji tụgharịa ya na ihe nkesa na-agba ọsọ Plesk.

M ga-eji koodu ahụ megharịa njikọ ndị ahụ na ebe nchekwa: azụ azụ, ihu njedebe.

isi: www.habr.com