N'oge na-adịbeghị anya, achọrọ m ide ọtụtụ akwụkwọ egwuregwu nwere ike ịkwado ihe nkesa maka ibuga ngwa Rails. Ma, ọ tụrụ m n'anya, ahụghị m akwụkwọ ntuziaka dị mfe site na nzọụkwụ. Achọghị m iṅomi akwụkwọ egwu onye ọzọ n'aghọtaghị ihe na-eme, na n'ikpeazụ m ga-agụ akwụkwọ ahụ, na-anakọta ihe niile n'onwe m. Ikekwe m nwere ike inyere mmadụ aka mee ka usoro a dị ngwa site n'enyemaka nke isiokwu a.
Ihe mbụ ị ga-aghọta bụ na ihe nwere ike ime na-enye gị interface dị mma iji mee ndepụta omume akọwapụtara nke ọma na sava (s) dịpụrụ adịpụ site na SSH. Enweghị anwansi ebe a, ịnweghị ike ịwụnye ngwa mgbakwunye wee nweta ntinye oge efu nke ngwa gị na docker, nlekota na ihe ọma ndị ọzọ na igbe ahụ. Iji dee akwụkwọ egwuregwu, ị ga-amarịrị ihe ịchọrọ ịme yana otu esi eme ya. Ọ bụ ya mere na enweghị m afọ ojuju maka akwụkwọ egwuregwu emere akwadoro sitere na GitHub, ma ọ bụ akụkọ ndị dị ka: "Detuo ma gbaa ọsọ, ọ ga-arụ ọrụ."
Kedu ihe anyị chọrọ?
Dị ka m kwuru na mbụ, iji dee akwụkwọ egwuregwu ị ga-ama ihe ịchọrọ ime na otu esi eme ya. Ka anyị kpebie ihe dị anyị mkpa. Maka ngwa Rails anyị ga-achọ ọtụtụ ngwugwu sistemụ: nginx, postgresql (redis, wdg). Na mgbakwunye, anyị chọrọ otu ụdị nke rubi. Ọ kacha mma ịwụnye ya site na rbenv (rvm, asdf...). Na-agba ọsọ ihe a niile dị ka onye ọrụ mgbọrọgwụ na-abụkarị echiche ọjọọ, yabụ ịkwesịrị ịmepụta onye ọrụ dị iche iche ma hazie ikike ya. Mgbe nke a gachara, ịkwesịrị bulite koodu anyị na sava ahụ, detuo configs maka nginx, postgres, wdg wee malite ọrụ ndị a niile.
N'ihi ya, usoro nke omume bụ ndị a:
- Nbanye dị ka mgbọrọgwụ
- wụnye ngwugwu usoro
- mepụta onye ọrụ ọhụrụ, hazie ikike, igodo ssh
- hazie ngwugwu sistemụ (nginx wdg) wee mee ha
- Anyị na-emepụta onye ọrụ na nchekwa data (ị nwere ike ịmepụta nchekwa data ozugbo)
- Nbanye dị ka onye ọrụ ọhụrụ
- Wụnye rbenv na ruby
- Ịwụnye ngwugwu
- Na-ebugote koodu ngwa
- Na-amalite ihe nkesa Puma
Ọzọkwa, enwere ike ịme usoro ikpeazụ site na iji capistrano, opekata mpe site na igbe ọ nwere ike detuo koodu n'ime akwụkwọ ndekọ aha ntọhapụ, gbanwee ntọhapụ ya na symlink n'elu mbugharị nke ọma, detuo nhazi site na ndekọ nkekọrịta, malitegharịa puma, wdg. Enwere ike ime ihe ndị a niile site na iji ike, mana gịnị kpatara ya?
Ọdịdị faịlụ
Ansible nwere nlezianya maka faịlụ gị niile, yabụ ọ kacha mma idowe ya niile na ndekọ aha dị iche. Ọzọkwa, ọ bụghị otú ahụ dị mkpa ma ọ ga-abụ na rails ngwa n'onwe ya, ma ọ bụ iche iche. Ị nwere ike ịchekwa faịlụ na ebe nchekwa git dị iche. Onwe m, achọpụtara m na ọ kachasị mma ịmepụta ndekọ nwere ike ime na / nhazi ndekọ nke ngwa rails ma chekwaa ihe niile n'otu ebe nchekwa.
Akwụkwọ egwu dị mfe
Playbook bụ faịlụ yml nke na-eji syntax pụrụ iche na-akọwa ihe ike kwesịrị ime yana otu. Ka anyị mepụta akwụkwọ egwuregwu nke mbụ na-emeghị ihe ọ bụla:
---
- name: Simple playbook
hosts: allN'ebe a, anyị na-ekwu naanị na a na-akpọ akwụkwọ egwuregwu anyị Simple Playbook na na ọdịnaya ya ga-emerịrị maka ndị agha niile. Anyị nwere ike ichekwa ya na / akwụkwọ ndekọ aha nwere ike iji aha playbook.yml ma gbalịa ịgba ọsọ:
ansible-playbook ./playbook.yml
PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matchedAnsible kwuru na ọ maghị ndị ọbịa ọ bụla dabara na ndepụta niile. A ga-edepụta ha n'ụdị pụrụ iche .
Ka anyị mepụta ya n'otu akwụkwọ ndekọ aha nwere ike ime:
123.123.123.123Nke a bụ otu anyị si ezipụta onye ọbịa (ọ bụ ezie na onye ọbịa nke VPS anyị maka nnwale, ma ọ bụ ị nwere ike ịdebanye aha localhost) wee chekwaa ya n'okpuru aha. inventory.
Ị nwere ike ịnwa iji faịlụ ngwa ahịa mee ihe nke ọma:
ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************
PLAY RECAP ************************************************************************************************************************************Ọ bụrụ na ị nwere ohere ssh na onye ọbịa a kapịrị ọnụ, mgbe ahụ enwere ike jikọọ ma nakọta ozi gbasara sistemụ dịpụrụ adịpụ. (AKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWỤKWASỊ") emesịa ọ ga-enye obere akụkọ gbasara igbu (PLAY RECAP).
Site na ndabara, njikọ ahụ na-eji aha njirimara nke ịbanye na sistemụ. O yikarịrị ka ọ gaghị adị na onye ọbịa. Na faịlụ playbook, ị nwere ike ezipụta onye ọrụ ị ga-eji jikọọ site na remote_user ntuziaka. Ọzọkwa, ozi gbasara sistemu dịpụrụ adịpụ nwere ike ghara ịdị gị mkpa na ị gaghị egbusi oge ịnakọta ya. Enwere ike gbanyụọ ọrụ a:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: noGbalịa ịmegharị akwụkwọ egwu ahụ ọzọ wee hụ na njikọ ahụ na-arụ ọrụ. (Ọ bụrụ na ị kọwapụtara onye ọrụ mgbọrọgwụ, yabụ ịkwesịrị ịkọwapụta ihe ga-abụ: ezi ntụziaka iji nweta ikike dị elu. Dị ka e dere n'akwụkwọ a: become set to ‘true’/’yes’ to activate privilege escalation. ọ bụ ezie na o dochaghị anya ihe kpatara ya).
Ikekwe ị ga-enweta njehie n'ihi eziokwu ahụ bụ na ọnweghị ike ikpebi onye ntụgharị Python, mgbe ahụ ị nwere ike iji aka kọwaa ya:
ansible_python_interpreter: /usr/bin/python3 Ị nwere ike ịchọpụta ebe ị nwere Python site na iji iwu ahụ whereis python.
Ịwụnye ngwugwu usoro
Nkesa ọkọlọtọ Ansible gụnyere ọtụtụ modul maka ịrụ ọrụ na ngwugwu sistemụ dị iche iche, yabụ na anyị agaghị ede scripts bash maka ihe ọ bụla. Ugbu a, anyị chọrọ otu n'ime modul ndị a iji melite usoro ma wụnye ngwugwu usoro. Enwere m Ubuntu Linux na VPS m, yabụ ịwụnye ngwugwu m na-eji apt-get и . Ọ bụrụ na ị na-eji usoro ọrụ dị iche iche, mgbe ahụ ị nwere ike ịchọrọ modul dị iche (cheta, m kwuru na mmalite na anyị kwesịrị ịmara tupu oge na ihe anyị ga-eme). Agbanyeghị, syntax ahụ ga-adị ka nke ahụ.
Ka anyị jiri ọrụ ndị mbụ gbakwụnye akwụkwọ egwuregwu anyị:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: presentỌrụ bụ kpọmkwem ọrụ nke Ansible ga-arụ na sava ndị dịpụrụ adịpụ. Anyị na-enye ọrụ ahụ aha ka anyị wee nwee ike soro ogbugbu ya na log. Na anyị na-akọwa, na-eji syntax nke kpọmkwem modul, ihe ọ kwesịrị ime. N'okwu a apt: update_cache=yes - na-ekwu ka imelite ngwugwu sistemụ site na iji modul dabara adaba. Iwu nke abụọ dị ntakịrị mgbagwoju anya. Anyị na-ebufe ndepụta ngwugwu na modul dabara adaba wee kwuo na ha dị state kwesịrị ịbụ present, ya bụ, anyị na-ekwu wụnye ngwugwu ndị a. N'otu aka ahụ, anyị nwere ike ịgwa ha ka ihichapụ ha, ma ọ bụ imelite ha site n'ịgbanwe naanị state. Biko mara na maka okporo ụzọ iji rụọ ọrụ na postgresql anyị chọrọ ngwugwu postgresql-contrib, nke anyị na-etinye ugbu a. Ọzọ, ịkwesịrị ịma ma mee nke a; onye nwere ike n'onwe ya agaghị eme nke a.
Gbalịa ịmegharị akwụkwọ egwu ahụ ọzọ wee lelee na etinyere ngwugwu ndị ahụ.
Ịmepụta ndị ọrụ ọhụrụ.
Iji soro ndị ọrụ rụọ ọrụ, Ansible nwekwara modul - onye ọrụ. Ka anyị tinye otu ọrụ ọzọ (Ezoro m akụkụ ndị ama ama nke akwụkwọ egwu n'azụ nkọwa ka m ghara iṅomi ya kpamkpam mgbe ọ bụla):
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: my_user
shell: /bin/bash
password: "{{ 123qweasd | password_hash('sha512') }}"Anyị na-emepụta onye ọrụ ọhụrụ, debe ya schell na paswọọdụ. Mgbe ahụ, anyị na-abanye n'ime ọtụtụ nsogbu. Gịnị ma ọ bụrụ na aha njirimara kwesịrị ịdị iche maka ndị ọbịa dị iche iche? Na ịchekwa okwuntughe na ederede doro anya na akwụkwọ egwuregwu bụ echiche jọgburu onwe ya. Iji malite, ka anyị tinye aha njirimara na paswọọdụ n'ime mgbanwe dị iche iche, na njedebe nke isiokwu a, m ga-egosi otu esi ezoro paswọọdụ.
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"A na-edobe mgbanwe n'ime akwụkwọ egwu egwu na-eji ihe nkwado nwere okpukpu abụọ.
Anyị ga-egosi ụkpụrụ nke mgbanwe dị na faịlụ ngwa ahịa:
123.123.123.123
[all:vars]
user=my_user
user_password=123qweasdBiko mara ntuziaka [all:vars] - ọ na-ekwu na ngọngọ ọzọ nke ederede bụ mgbanwe (vars) na ha na-emetụta ndị ọbịa niile (niile).
Nhazi ahụ dịkwa ụtọ "{{ user_password | password_hash('sha512') }}". Ihe bụ na ansible adịghị wụnye onye ọrụ site user_add dị ka ị ga-eji aka mee ya. Ọ na-echekwa data niile ozugbo, nke mere na anyị ga-agbanwekwa paswọọdụ ka ọ bụrụ hash tupu oge eruo, nke bụ ihe iwu a na-eme.
Ka anyị tinye onye ọrụ anyị na otu sudo. Otú ọ dị, tupu nke a, anyị kwesịrị ijide n'aka na otu dị otú ahụ dị n'ihi na ọ dịghị onye ga-emere anyị ihe a:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"Ihe niile dị nnọọ mfe, anyị nwekwara modul otu maka ịmepụta otu, yana syntax yiri nke dabara adaba. Mgbe ahụ, ọ ga-ezuru idebanye aha otu a na onye ọrụ (groups: "sudo").
Ọ bara uru ịgbakwunye onye ọrụ a igodo ssh ka anyị nwee ike iji ya banye na-enweghị paswọọdụ:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentN'okwu a, nhazi ahụ na-adọrọ mmasị "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - ọ na-eṅomi ọdịnaya nke faịlụ id_rsa.pub (aha gị nwere ike ịdị iche), ya bụ, akụkụ ọha nke igodo ssh wee bulite ya na ndepụta igodo ikike maka onye ọrụ na sava ahụ.
Ọrụ
Enwere ike kewaa ọrụ atọ niile maka ịmepụta ojiji n'ụzọ dị mfe n'ime otu ọrụ, ọ ga-adịkwa mma ịchekwa otu a iche na akwụkwọ egwu egwu ka ọ ghara ito oke. Maka ebumnuche a, Ansible nwere .
Dịka usoro faịlụ ahụ egosipụtara na mbido mbụ, a ga-etinyerịrị ọrụ na ndekọ ọrụ dị iche iche, maka ọrụ ọ bụla enwere ndekọ aha dị iche iche nwere otu aha, n'ime ọrụ, faịlụ, ndebiri, wdg.
Ka anyị mepụta nhazi faịlụ: ./ansible/roles/user/tasks/main.yml (isi bụ faịlụ bụ isi nke a ga-ebu ma gbuo mgbe ejikọrọ ọrụ na akwụkwọ egwuregwu; faịlụ ọrụ ndị ọzọ nwere ike jikọọ na ya). Ugbu a ị nwere ike nyefee ọrụ niile metụtara onye ọrụ na faịlụ a:
# Create user and add him to groups
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentN'ime akwụkwọ egwuregwu, ị ga-ezipụta iji ọrụ onye ọrụ:
---
- name: Simple playbook
hosts: all
remote_user: root
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: present
roles:
- userỌzọkwa, ọ nwere ike bụrụ ihe ezi uche dị na ya imelite usoro ahụ tupu ọrụ ndị ọzọ niile; iji mee nke a, ị nwere ike ịnyegharị ngọngọ ahụ tasks nke a kọwara ha na pre_tasks.
Ịtọlite nginx
Anyị kwesịrị itinyelarị Nginx; anyị kwesịrị ịhazi ya wee mee ya. Ka anyị mee ya ozugbo na ọrụ. Ka anyị mepụta nhazi faịlụ:
- ansible
- roles
- nginx
- files
- tasks
- main.yml
- templatesUgbu a, anyị chọrọ faịlụ na ndebiri. Ihe dị iche n'etiti ha bụ na enwere ike iṅomi faịlụ ndị ahụ ozugbo, dịka ọ dị. Na ndebiri ga-enwe mgbatị j2 na ha nwere ike iji ụkpụrụ agbanwe agbanwe na-eji otu ihe nkwado okpukpu abụọ.
Ka anyị mee ka nginx banye main.yml faịlụ. Maka nke a, anyị nwere modul sistemu:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yesN'ebe a, ọ bụghị nanị na anyị na-ekwu na nginx ga-amalite (ya bụ, anyị na-amalite ya), ma anyị na-ekwu ozugbo na ọ ga-emerịrị ya.
Ugbu a, ka anyị detuo faịlụ nhazi:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'Anyị na-emepụta faịlụ nhazi nginx isi (ị nwere ike were ya ozugbo na sava ahụ, ma ọ bụ dee ya n'onwe gị). Nakwa faịlụ nhazi maka ngwa anyị na saịtị saịtị_available ndekọ (nke a adịghị mkpa mana ọ bara uru). N'okwu nke mbụ, anyị na-eji modul oyiri iji detuo faịlụ (faịlụ ga-abanyerịrị /ansible/roles/nginx/files/nginx.conf). Na nke abụọ, anyị na-eṅomi template, dochie ụkpụrụ nke variables. Template kwesịrị ịdị na /ansible/roles/nginx/templates/my_app.j2). Ma ọ nwere ike ịdị ka nke a:
upstream {{ app_name }} {
server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name {{ server_name }} {{ inventory_hostname }};
root {{ app_path }}/current/public;
try_files $uri/index.html $uri.html $uri @{{ app_name }};
....
}Lezienụ anya na ntinye {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} - Ndị a bụ mgbanwe niile nke ụkpụrụ ha ga-agbanwe n'ime ndebiri tupu iṅomi. Nke a bara uru ma ọ bụrụ na ị na-eji akwụkwọ egwu egwu maka ndị ọbịa dị iche iche. Dịka ọmụmaatụ, anyị nwere ike itinye faịlụ ngwa ahịa anyị:
[production]
123.123.123.123
[staging]
231.231.231.231
[all:vars]
user=my_user
user_password=123qweasd
[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app
[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_appỌ bụrụ na anyị malite ugbu a akwụkwọ egwuregwu anyị, ọ ga-arụ ọrụ akọwapụtara maka ndị ọbịa abụọ ahụ. Ma n'otu oge ahụ, maka onye nhazi nhazi, mgbanwe ndị ahụ ga-adị iche na ndị na-emepụta ihe, ọ bụghị naanị na ọrụ na akwụkwọ egwu, kamakwa na nginx configs. {{ inventory_hostname }} ọ dịghị mkpa ka akọwapụta ya na faịlụ ngwa ahịa - nke a na onye ọbịa nke akwụkwọ egwuregwu na-agba ugbu a na-echekwa ebe ahụ.
Ọ bụrụ na ịchọrọ ịnwe faịlụ ngwa ahịa maka ọtụtụ ndị ọbịa, mana naanị na-agba ọsọ maka otu otu, enwere ike ime nke a site na iwu a:
ansible-playbook -i inventory ./playbook.yml -l "staging"Nhọrọ ọzọ bụ ịnweta faịlụ ngwa ahịa dị iche iche maka otu dị iche iche. Ma ọ bụ ị nwere ike ijikọta ụzọ abụọ ahụ ma ọ bụrụ na ị nwere ọtụtụ ndị ọbịa dị iche iche.
Ka anyị laghachi azụ n'ịhazi nginx. Mgbe emechara faịlụ nhazi ahụ, anyị kwesịrị ịmepụta symlink na sitest_enabled na my_app.conf site na saịtị_available. Ma malitegharịa nginx.
... # old code in mail.yml
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restartedIhe niile dị mfe ebe a - ọzọ modul nwere ike nwere syntax ọkọlọtọ. Ma e nwere otu isi ihe. Enweghị uru ịmalitegharị nginx oge ọ bụla. Ị chọpụtala na anyị anaghị ede iwu dị ka: "mee nke a dị ka nke a", syntax dị ka "nke a kwesịrị inwe ọnọdụ a". Na ọtụtụ mgbe, nke a bụ kpọmkwem otú ike na-arụ ọrụ. Ọ bụrụ na otu ahụ adịlarị, ma ọ bụ tinyelarị ngwugwu sistemụ, mgbe ahụ ọ ga-enyocha nke a wee hapụ ọrụ ahụ. Ọzọkwa, agaghị depụta faịlụ ma ọ bụrụ na ha dabara kpamkpam na ihe dị na sava ahụ. Anyị nwere ike iji nke a wee malite nginx naanị ma ọ bụrụ na agbanweela faịlụ nhazi. Enwere ntuziaka ndekọ maka nke a:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
register: restart_nginx
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'
register: restart_nginx
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restarted
when: restart_nginx.changedỌ bụrụ na otu n'ime faịlụ nhazi agbanweela, a ga-eme otu nnomi na agbanwe agbanwe ga-edebanye aha restart_nginx. Naanị ma ọ bụrụ na edebanyela mgbanwe a ka a ga-amalitegharị ọrụ ahụ.
Ma, n'ezie, ịkwesịrị ịgbakwunye ọrụ nginx na akwụkwọ egwuregwu.
Ịtọlite postgresql
Anyị kwesịrị ime ka postgresql jiri systemd n'otu ụzọ ahụ anyị mere nginx, ma mepụtakwa onye ọrụ anyị ga-eji nweta nchekwa data na nchekwa data n'onwe ya.
Ka anyị mepụta ọrụ /ansible/roles/postgresql/tasks/main.yml:
# Create user in postgresql
- name: enable postgresql and start
systemd:
name: postgresql
state: started
enabled: yes
- name: Create database user
become_user: postgres
postgresql_user:
name: "{{ db_user }}"
password: "{{ db_password }}"
role_attr_flags: SUPERUSER
- name: Create database
become_user: postgres
postgresql_db:
name: "{{ db_name }}"
encoding: UTF-8
owner: "{{ db_user }}"Agaghị m akọwa otu esi etinye mgbanwe na ngwa ahịa, nke a emelarị ọtụtụ oge, yana syntax nke postgresql_db na postgresql_user modul. Enwere ike ịchọta ozi ndị ọzọ na akwụkwọ ahụ. Ntuziaka kacha atọ ụtọ ebe a bụ become_user: postgres. Nke bụ eziokwu bụ na site na ndabara, naanị onye ọrụ postgres nwere ohere ịnweta nchekwa data postgresql yana naanị mpaghara. Ntuziaka a na-enye anyị ohere ịme iwu n'aha onye ọrụ a (ọ bụrụ na anyị nwere ohere, n'ezie).
Ọzọkwa, ị nwere ike itinye ahịrị na pg_hba.conf ka onye ọrụ ọhụrụ nweta nchekwa data. Enwere ike ime nke a n'otu ụzọ ahụ anyị gbanwere nginx config.
Ma n'ezie, ịkwesịrị ịgbakwunye ọrụ postgresql na akwụkwọ egwuregwu bụ isi.
Ịwụnye ruby site na rbenv
Ansible enweghị modul maka ịrụ ọrụ na rbenv, mana etinyere ya site na cloning repository git. Ya mere, nsogbu a na-aghọ nke na-abụghị ọkọlọtọ. Ka anyị mepụta ọrụ maka ya /ansible/roles/ruby_rbenv/main.yml ka anyị malite dejupụta ya:
# Install rbenv and ruby
- name: Install rbenv
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenvAnyị na-ejikwa ntuziaka become_user ọzọ ịrụ ọrụ n'okpuru onye ọrụ anyị mepụtara maka ebumnuche ndị a. Ebe ọ bụ na arụnyere rbenv na ndekọ ụlọ ya, ọ bụghị n'ụwa nile. Anyị na-ejikwa git modul mechie ebe nchekwa ahụ, na-akọwapụta repo na dest.
Ọzọ, anyị kwesịrị ịdebanye aha rbenv init na bashrc wee tinye rbenv na PATH ebe ahụ. Maka nke a, anyị nwere modul lineinfile:
- name: Add rbenv to PATH
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'
- name: Add rbenv init to bashrc
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'eval "$(rbenv init -)"'Mgbe ahụ ịkwesịrị ịwụnye ruby_build:
- name: Install ruby-build
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-buildMa n'ikpeazụ wụnye ruby. Emere nke a site na rbenv, ya bụ, naanị site na iwu bash:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
rbenv install {{ ruby_version }}
args:
executable: /bin/bashAnyị na-ekwu nke iwu na-eme na ihe. Otú ọ dị, ebe a anyị na-ahụ n'eziokwu ahụ bụ na ike anaghị agba ọsọ koodu dị na bashrc tupu ịme iwu. Nke a pụtara na a ga-akọwapụta rbenv ozugbo n'otu edemede ahụ.
Nsogbu na-esote bụ n'ihi na iwu shei enweghị steeti site n'echiche nwere ike. Ya bụ, a gaghị enwe nlele akpaka ma etinyere ụdị ruby a ma ọ bụ na etinyeghị ya. Anyị nwere ike ime nke a n'onwe anyị:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
if ! rbenv versions | grep -q {{ ruby_version }}
then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
fi
args:
executable: /bin/bashNaanị ihe fọdụrụ bụ ịwụnye ngwugwu:
- name: Install bundler
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
gem install bundlerỌzọ, tinye ọrụ anyị ruby_rbenv na akwụkwọ egwu egwu.
faịlụ ekekọrịtara.
N'ozuzu, enwere ike ịmechaa nhazi ahụ ebe a. Na-esote, ihe niile fọdụrụ bụ ịgba ọsọ capistrano na ọ ga-edepụta koodu ahụ n'onwe ya, mepụta akwụkwọ ndekọ aha dị mkpa ma malite ngwa ahụ (ọ bụrụ na ahaziri ihe niile nke ọma). Agbanyeghị, capistrano na-achọkarị faịlụ nhazi agbakwunyere, dịka database.yml ma ọ bụ .env Enwere ike iṅomi ha dị ka faịlụ na ndebiri maka nginx. Enwere naanị otu aghụghọ. Tupu iṅomi faịlụ, ịkwesịrị ịmepụtara ha usoro ndekọ aha, ihe dị ka nke a:
# Copy shared files for deploy
- name: Ensure shared dir
become_user: "{{ user }}"
file:
path: "{{ app_path }}/shared/config"
state: directoryanyị ezipụta naanị otu ndekọ na ike ga-akpaghị aka ike nne na nna ma ọ bụrụ na ọ dị mkpa.
Vault nwere ike ime
Anyị achọpụtala eziokwu ahụ na mgbanwe nwere ike ịnwe data nzuzo dị ka paswọọdụ onye ọrụ. Ọ bụrụ na ị kere .env faịlụ maka ngwa, na database.yml mgbe ahụ, a ga-enwerịrị data dị oke egwu karịa. Ọ ga-adị mma ka i zochie ha n'anya ndị na-egbu egbu. Maka nzube a, a na-eji ya .
Ka anyị mepụta faịlụ maka mgbanwe /ansible/vars/all.yml (ebe a ị nwere ike ịmepụta faịlụ dị iche iche maka otu dị iche iche nke ndị ọbịa, dị ka na faịlụ ngwa ahịa: production.yml, staging.yml, wdg).
A ga-ebufe mgbanwe niile ga-edobe ezoro ezo na faịlụ a site na iji syntax ọkọlọtọ yml:
# System vars
user_password: 123qweasd
db_password: 123qweasd
# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_baseMgbe nke ahụ gasịrị, enwere ike iji iwu a zoo faịlụ a:
ansible-vault encrypt ./vars/all.ymlDị ka o kwesịrị ịdị, mgbe ị na-ezoro ezo, ị ga-achọ ịtọ paswọọdụ maka nbipu. Ị nwere ike ịhụ ihe ga-adị n'ime faịlụ mgbe ịkpọchara iwu a.
Site n'enyemaka nke ansible-vault decrypt enwere ike mebie faịlụ ahụ, gbanwee wee zoo ya ọzọ.
Ịchọghị ibelata faịlụ ahụ ka ọ rụọ ọrụ. Ị na-echekwa ya na ezoro ezo wee were arụmụka were akwụkwọ egwu were were were were were were were were were were were were were were were were were were were were were were were tinye akwụkwọ egwuregwu ahụ --ask-vault-pass. Onye nwere ike ga-arịọ maka paswọọdụ, weghachite mgbanwe ndị ahụ, wee rụọ ọrụ ndị ahụ. A ga-edobe data niile ezoro ezo.
Iwu zuru oke maka ọtụtụ ndị ọbịa na vault ga-adị ka nke a:
ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-passMana agaghị m enye gị ederede zuru oke nke akwụkwọ egwuregwu na ọrụ, dee ya n'onwe gị. N'ihi na ihe nwere ike ime dị otú ahụ - ọ bụrụ na ị ghọtaghị ihe kwesịrị ime, mgbe ahụ ọ gaghị emere gị ya.
isi: www.habr.com