å°ãåãŸã§ãRails ã¢ããªã±ãŒã·ã§ã³ããããã€ããããã«ãµãŒããŒãæºåããããã«ãããã€ãã® Ansible Playbook ãäœæããå¿ èŠããããŸããã ãããŠé©ããããšã«ãç°¡åãªã¹ããããã€ã¹ãããã®ããã¥ã¢ã«ã¯èŠã€ãããŸããã§ããã äœãèµ·ãã£ãŠããã®ãç解ããã«ä»ã®äººã®ãã¬ã€ããã¯ãã³ããŒããããªãã£ãã®ã§ãæçµçã«ã¯ããã¥ã¡ã³ããèªãã§ãã¹ãŠãèªåã§åéããå¿ èŠããããŸããã ããããããã®èšäºã®å©ããåããŠã誰ãããã®ããã»ã¹ãã¹ããŒãã¢ããããã®ãå©ããããšãã§ããã§ãããã
ãŸãç解ãã¹ãããšã¯ãansible ã¯ãSSH çµç±ã§ãªã¢ãŒã ãµãŒããŒäžã§äºåå®çŸ©ãããã¢ã¯ã·ã§ã³ã®ãªã¹ããå®è¡ããããã®äŸ¿å©ãªã€ã³ã¿ãŒãã§ã€ã¹ãæäŸãããšããããšã§ãã ããã«ã¯éæ³ã¯ãããŸããããã©ã°ã€ã³ãã€ã³ã¹ããŒã«ããŠãDockerãã¢ãã¿ãªã³ã°ããã®ä»ã®ããã«äœ¿çšã§ããæ©èœã䜿çšããŠã¢ããªã±ãŒã·ã§ã³ãããŠã³ã¿ã€ã ãŒãã§ãããã€ããããšã¯ã§ããŸããã ãã¬ã€ããã¯ãäœæããã«ã¯ãæ£ç¢ºã«äœããããã®ãããããŠãããã©ã®ããã«è¡ãã®ããç¥ãå¿ èŠããããŸãã ã ãããããç§ã¯ GitHub ã®æ¢æã® Playbook ãããã³ããŒããŠå®è¡ããã°ããŸããããŸããã®ãããªèšäºã«ã¯æºè¶³ã§ããŸããã
ç§ãã¡ã¯äœãå¿ èŠãªã®ãïŒ
ãã§ã«è¿°ã¹ãããã«ããã¬ã€ããã¯ãäœæããã«ã¯ãäœããããã®ãããããŠãããã©ã®ããã«è¡ãã®ããç¥ãå¿ èŠããããŸãã äœãå¿ èŠãã決ããŸãããã Rails ã¢ããªã±ãŒã·ã§ã³ã®å Žåãnginxãpostgresql (redis ãªã©) ãªã©ã®ããã€ãã®ã·ã¹ãã ããã±ãŒãžãå¿ èŠã«ãªããŸãã ããã«ãç¹å®ã®ããŒãžã§ã³ã® Ruby ãå¿ èŠã§ãã rbenv (rvmãasdf...) çµç±ã§ã€ã³ã¹ããŒã«ããã®ãæåã§ãã ããããã¹ãŠã root ãŠãŒã¶ãŒãšããŠå®è¡ããã®ã¯åžžã«æªãèãã§ãããããå¥ã®ãŠãŒã¶ãŒãäœæããŠãã®æš©éãæ§æããå¿ èŠããããŸãã ãã®åŸãã³ãŒãããµãŒããŒã«ã¢ããããŒãããnginxãpostgres ãªã©ã®æ§æãã³ããŒãããããã®ãµãŒãã¹ããã¹ãŠéå§ããå¿ èŠããããŸãã
ãã®çµæãäžé£ã®ã¢ã¯ã·ã§ã³ã¯æ¬¡ã®ããã«ãªããŸãã
- rootãšããŠãã°ã€ã³
- ã·ã¹ãã ããã±ãŒãžãã€ã³ã¹ããŒã«ãã
- æ°ãããŠãŒã¶ãŒã®äœæãæš©éã®æ§æãSSH ããŒ
- ã·ã¹ãã ããã±ãŒãž (nginx ãªã©) ãæ§æããŠå®è¡ãã
- ããŒã¿ããŒã¹ã«ãŠãŒã¶ãŒãäœæããŸãïŒããŒã¿ããŒã¹ã¯ããã«äœæã§ããŸãïŒ
- æ°èŠãŠãŒã¶ãŒãšããŠãã°ã€ã³
- rbenv ãš Ruby ãã€ã³ã¹ããŒã«ãã
- ãã³ãã©ãŒã®ã€ã³ã¹ããŒã«
- ã¢ããªã±ãŒã·ã§ã³ã³ãŒãã®ã¢ããããŒã
- PumaãµãŒããŒã®èµ·å
ããã«ãæåŸã®æ®µé㯠capistrano ã䜿çšããŠå®è¡ã§ããå°ãªããšãããã«äœ¿çšã§ããã³ãŒãããªãªãŒã¹ ãã£ã¬ã¯ããªã«ã³ããŒãããããã€ã¡ã³ããæåãããšãã«ã·ã³ããªã㯠ãªã³ã¯ã䜿çšããŠãªãªãŒã¹ãåãæ¿ããå ±æãã£ã¬ã¯ããªããæ§æãã³ããŒããpuma ãåèµ·åããããšãã§ããŸãã ãããã¯ãã¹ãŠ Ansible ã䜿çšããŠå®è¡ã§ããŸããããªãã§ãããã?
ãã¡ã€ã«æ§é
Ansible ã«ã¯å³å¯ãªå¶éããããŸã
ã·ã³ãã«ãªãã¬ã€ããã¯
Playbook ã¯ãç¹å¥ãªæ§æã䜿çšããŠãAnsible ãäœãã©ã®ããã«è¡ãã¹ããã説æãã yml ãã¡ã€ã«ã§ãã äœãè¡ããªãæåã® Playbook ãäœæããŸãããã
---
- name: Simple playbook
hosts: all
ããã§ã¯ãåã«ãã¬ã€ããã¯ã®ååãèšãã ãã§ãã Simple Playbook
ãããŠãã®å
容ã¯ãã¹ãŠã®ãã¹ãã«å¯ŸããŠå®è¡ãããå¿
èŠããããŸãã /ansible ãã£ã¬ã¯ããªã«æ¬¡ã®ååã§ä¿åã§ããŸãã playbook.yml
ãããŠå®è¡ããŠã¿ãŠãã ãã:
ansible-playbook ./playbook.yml
PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matched
Ansible ã¯ããã¹ãŠã®ãªã¹ãã«äžèŽãããã¹ããèªèããŠããªããšèšããŸãã ãããã¯ç¹å¥ãªãªã¹ãã«èšèŒãããŠããå¿
èŠããããŸã
åã ansible ãã£ã¬ã¯ããªã«äœæããŸãããã
123.123.123.123
ããã¯ããã¹ã (çæ³çã«ã¯ãã¹ãçšã® VPS ã®ãã¹ãããŸã㯠localhost ãç»é²ããããšãã§ããŸã) ãæå®ããååã§ä¿åããæ¹æ³ã§ãã inventory
.
ã€ã³ãã³ã㪠ãã¡ã€ã«ã䜿çšã㊠ansible ãå®è¡ããŠã¿ãããšãã§ããŸãã
ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************
PLAY RECAP ************************************************************************************************************************************
æå®ãããã¹ãã« ssh ã¢ã¯ã»ã¹ã§ããå Žåãansible ã¯ãªã¢ãŒã ã·ã¹ãã ã«æ¥ç¶ããŠæ å ±ãåéããŸãã (ããã©ã«ãã®ã¿ã¹ã¯ [äºå®ã®åé]) ãã®åŸãå®è¡ã«é¢ããçãã¬ããŒããæäŸãããŸã (PLAY RECAP)ã
ããã©ã«ãã§ã¯ãæ¥ç¶ã§ã¯ã·ã¹ãã ã«ãã°ã€ã³ããŠãããŠãŒã¶ãŒåã䜿çšãããŸãã ãããããã¹ãäžã«ã¯ååšããªãã§ãããã Playbook ãã¡ã€ã«ã§ã¯ãremote_user ãã£ã¬ã¯ãã£ãã䜿çšããŠãæ¥ç¶ã«äœ¿çšãããŠãŒã¶ãŒãæå®ã§ããŸãã ãŸãããªã¢ãŒã ã·ã¹ãã ã«é¢ããæ å ±ã¯å€ãã®å ŽåäžèŠã§ãããããåéã«æéãç¡é§ã«ãã¹ãã§ã¯ãããŸããã ãã®ã¿ã¹ã¯ã¯ç¡å¹ã«ããããšãã§ããŸãã
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: no
ãã¬ã€ããã¯ãå床å®è¡ããŠãæ¥ç¶ãæ©èœããŠããããšã確èªããŠãã ããã (root ãŠãŒã¶ãŒãæå®ããå Žåã¯ãææ Œãããæš©éãååŸããããã« become: true ãã£ã¬ã¯ãã£ããæå®ããå¿
èŠããããŸããããã¥ã¡ã³ãã«èšèŒãããŠããããã«: become set to âtrueâ/âyesâ to activate privilege escalation.
ãã®çç±ã¯å®å
šã«ã¯æããã§ã¯ãããŸãããïŒã
ãããããansible ã Python ã€ã³ã¿ãŒããªã¿ãŒã決å®ã§ããªãããšãåå ã§ãšã©ãŒãçºçããå¯èœæ§ããããŸããããã®å Žåã¯æåã§æå®ã§ããŸãã
ansible_python_interpreter: /usr/bin/python3
ã³ãã³ãã䜿çšããŠPythonãã©ãã«ãããã確èªã§ããŸã whereis python
.
ã·ã¹ãã ããã±ãŒãžã®ã€ã³ã¹ããŒã«
Ansible ã®æšæºãã£ã¹ããªãã¥ãŒã·ã§ã³ã«ã¯ãããŸããŸãªã·ã¹ãã ããã±ãŒãžãæäœããããã®ã¢ãžã¥ãŒã«ãå€æ°å«ãŸããŠãããããäœããã®çç±ã§ bash ã¹ã¯ãªãããäœæããå¿
èŠã¯ãããŸããã ããã§ãã·ã¹ãã ãæŽæ°ããã·ã¹ãã ããã±ãŒãžãã€ã³ã¹ããŒã«ããã«ã¯ããããã®ã¢ãžã¥ãŒã«ã® XNUMX ã€ãå¿
èŠã§ãã VPS ã« Ubuntu Linux ãããã®ã§ãããã±ãŒãžãã€ã³ã¹ããŒã«ããããã«äœ¿çšããŸã apt-get
О
æåã®ã¿ã¹ã¯ã§ãã¬ã€ããã¯ãè£è¶³ããŸãããã
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: present
Task ã¯ããŸãã« Ansible ããªã¢ãŒããµãŒããŒäžã§å®è¡ããã¿ã¹ã¯ã§ãã ã¿ã¹ã¯ã®å®è¡ããã°ã§è¿œè·¡ã§ããããã«ãã¿ã¹ã¯ã«ååãä»ããŸãã ãããŠãç¹å®ã®ã¢ãžã¥ãŒã«ã®æ§æã䜿çšããŠããã®ã¢ãžã¥ãŒã«ãäœãè¡ãå¿
èŠããããã説æããŸãã ãã®å Žå apt: update_cache=yes
- apt ã¢ãžã¥ãŒã«ã䜿çšããŠã·ã¹ãã ããã±ãŒãžãæŽæ°ããããã«æ瀺ãããŠããŸãã XNUMX çªç®ã®ã³ãã³ãã¯å°ãè€éã§ãã ããã±ãŒãžã®ãªã¹ãã apt ã¢ãžã¥ãŒã«ã«æž¡ãããããã state
ãªãã¯ã present
ãã€ãŸãããããã®ããã±ãŒãžãã€ã³ã¹ããŒã«ãããšèšããŸãã åæ§ã®æ¹æ³ã§ãããããåé€ããããåã«å€æŽããã ãã§æŽæ°ããããã«æ瀺ã§ããŸãã state
ã Rails ã postgresql ã§åäœãããã«ã¯ãçŸåšã€ã³ã¹ããŒã«ããŠãã postgresql-contrib ããã±ãŒãžãå¿
èŠã§ããããšã«æ³šæããŠãã ããã ç¹°ãè¿ããŸããããããç¥ã£ãŠå®è¡ããå¿
èŠããããŸããansible ã ãã§ã¯ãããå®è¡ã§ããŸããã
Playbook ãå床å®è¡ããŠãããã±ãŒãžãã€ã³ã¹ããŒã«ãããŠããããšã確èªããŠãã ããã
æ°ãããŠãŒã¶ãŒã®äœæã
ãŠãŒã¶ãŒãšé£æºããããã«ãAnsible ã«ã¯ãŠãŒã¶ãŒãšããã¢ãžã¥ãŒã«ããããŸãã ãã XNUMX ã€ã¿ã¹ã¯ãè¿œå ããŸããã (æ¯åå®å šã«ã³ããŒããªãããã«ããã¬ã€ããã¯ã®æ¢ç¥ã®éšåãã³ã¡ã³ãã®åŸãã«é ããŸãã)ã
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: my_user
shell: /bin/bash
password: "{{ 123qweasd | password_hash('sha512') }}"
æ°ãããŠãŒã¶ãŒãäœæãããã®ãŠãŒã¶ãŒã®ã·ã§ã«ãšãã¹ã¯ãŒããèšå®ããŸãã ãããŠãããã€ãã®åé¡ã«ééããŸãã ãã¹ãããšã«ãŠãŒã¶ãŒåãå€ããå¿ èŠãããå Žåã¯ã©ãããã°ããã§ãããã? ãŸãããã¬ã€ããã¯ã«ãã¹ã¯ãŒããå¹³æã§ä¿åããã®ã¯éåžžã«æªãèãã§ãã ãŸãããŠãŒã¶ãŒåãšãã¹ã¯ãŒããå€æ°ã«å ¥ããŠãèšäºã®çµããã®æ¹ã§ãã¹ã¯ãŒããæå·åããæ¹æ³ã瀺ããŸãã
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
å€æ°ã¯äºéäžæ¬åŒ§ã䜿çšã㊠Playbook ã«èšå®ãããŸãã
ã€ã³ãã³ã㪠ãã¡ã€ã«å ã®å€æ°ã®å€ã瀺ããŸãã
123.123.123.123
[all:vars]
user=my_user
user_password=123qweasd
æ什ã«æ³šæããŠãã ãã [all:vars]
- ããã¹ãã®æ¬¡ã®ãããã¯ã¯å€æ° (vars) ã§ããããããã¯ãã¹ãŠã®ãã¹ã (all) ã«é©çšã§ãããšæžãããŠããŸãã
ãã¶ã€ã³ãé¢çœãã§ãã "{{ user_password | password_hash('sha512') }}"
ã åé¡ã¯ãansible ããŠãŒã¶ãŒãã€ã³ã¹ããŒã«ããªãããšã§ãã user_add
æåã§è¡ãã®ãšåãããã«ã ãŸãããã¹ãŠã®ããŒã¿ãçŽæ¥ä¿åãããããäºåã«ãã¹ã¯ãŒããããã·ã¥ã«å€æããå¿
èŠããããããããã®ã³ãã³ãã®ç®çã§ãã
ãŠãŒã¶ãŒã sudo ã°ã«ãŒãã«è¿œå ããŸãããã ãã ãããããè¡ãåã«ããã®ãããªã°ã«ãŒããååšããããšã確èªããå¿ èŠããããŸããããã¯ã誰ãç§ãã¡ã®ä»£ããã«ãã£ãŠãããããã§ã¯ãªãããã§ãã
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
ãã¹ãŠã¯éåžžã«åçŽã§ããapt ã«éåžžã«ãã䌌ãæ§æã䜿çšããŠãã°ã«ãŒããäœæããããã® group ã¢ãžã¥ãŒã«ããããŸãã ãã®åŸããã®ã°ã«ãŒãããŠãŒã¶ãŒã«ç»é²ããã ãã§ååã§ã (groups: "sudo"
).
ãã¹ã¯ãŒããªãã§ãã°ã€ã³ã§ããããã«ããã®ãŠãŒã¶ãŒã« ssh ããŒãè¿œå ãããšäŸ¿å©ã§ãã
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: present
ãã®å Žåããã¶ã€ã³ãé¢çœãã§ã "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
â id_rsa.pub ãã¡ã€ã« (ååã¯ç°ãªãå ŽåããããŸã) ã®å
容ãã€ãŸã ssh ããŒã®å
¬ééšåãã³ããŒãããµãŒããŒäžã®ãŠãŒã¶ãŒã®èš±å¯ãããããŒã®ãªã¹ãã«ã¢ããããŒãããŸãã
圹å²
䜿çšãäœæããããã® XNUMX ã€ã®ã¿ã¹ã¯ã¯ãã¹ãŠãXNUMX ã€ã®ã¿ã¹ã¯ ã°ã«ãŒãã«ç°¡åã«åé¡ã§ããŸãã倧ãããªããããªãããã«ããã®ã°ã«ãŒããã¡ã€ã³ã®ãã¬ã€ããã¯ãšã¯å¥ã«ä¿åããããšããå§ãããŸãã ãã®ç®çã®ããã«ãAnsible ã«ã¯
äžçªæåã«ç€ºãããã¡ã€ã«æ§é ã«åŸã£ãŠãããŒã«ã¯å¥ã®ããŒã« ãã£ã¬ã¯ããªã«é
眮ããå¿
èŠããããŸããããŒã«ããšã«ãã¿ã¹ã¯ããã¡ã€ã«ããã³ãã¬ãŒããªã©ã®ãã£ã¬ã¯ããªå
ã«åãååã®å¥ã®ãã£ã¬ã¯ããªããããŸãã
ãã¡ã€ã«æ§é ãäœæããŸãããã ./ansible/roles/user/tasks/main.yml
(main ã¯ãããŒã«ã Playbook ã«æ¥ç¶ããããšãã«ããŒããããŠå®è¡ãããã¡ã€ã³ ãã¡ã€ã«ã§ããä»ã®ããŒã« ãã¡ã€ã«ãããã«æ¥ç¶ã§ããŸã)ã ããã§ããŠãŒã¶ãŒã«é¢é£ãããã¹ãŠã®ã¿ã¹ã¯ããã®ãã¡ã€ã«ã«è»¢éã§ããããã«ãªããŸããã
# Create user and add him to groups
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: present
ã¡ã€ã³ ãã¬ã€ããã¯ã§ã¯ããŠãŒã¶ãŒ ããŒã«ã䜿çšããããã«æå®ããå¿ èŠããããŸãã
---
- name: Simple playbook
hosts: all
remote_user: root
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: present
roles:
- user
ãŸããä»ã®ãã¹ãŠã®ã¿ã¹ã¯ã®åã«ã·ã¹ãã ãæŽæ°ããããšãåççã§ããå ŽåããããŸãããããè¡ãã«ã¯ããããã¯ã®ååãå€æŽããŸãã tasks
ã§å®çŸ©ãããŠããŸã pre_tasks
.
nginxã®ã»ããã¢ãã
Nginx ã¯ãã§ã«ã€ã³ã¹ããŒã«ãããŠããã¯ããªã®ã§ããããæ§æããŠå®è¡ããå¿ èŠããããŸãã æ©é圹ã§ãã£ãŠã¿ãŸãããã ãã¡ã€ã«æ§é ãäœæããŸãããã
- ansible
- roles
- nginx
- files
- tasks
- main.yml
- templates
次ã«ããã¡ã€ã«ãšãã³ãã¬ãŒããå¿ èŠã§ãã ãããã®éãã¯ãansible ããã¡ã€ã«ããã®ãŸãŸçŽæ¥ã³ããŒããããšã§ãã ãŸãããã³ãã¬ãŒãã«ã¯ j2 æ¡åŒµåãå¿ èŠã§ãåãäºéäžæ¬åŒ§ã䜿çšããŠå€æ°å€ã䜿çšã§ããŸãã
nginxãæå¹ã«ããŠã¿ãŸããã main.yml
ãã¡ã€ã«ã ãã®ããã« systemd ã¢ãžã¥ãŒã«ããããŸãã
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
ããã§ã¯ãnginx ãéå§ããå¿
èŠããã (ã€ãŸããèµ·åãã) ã ãã§ãªããããã«æå¹ã«ããå¿
èŠããããšãè¿°ã¹ãŠããŸãã
次ã«ãæ§æãã¡ã€ã«ãã³ããŒããŸãããã
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'
ã¡ã€ã³ã® nginx æ§æãã¡ã€ã«ãäœæããŸã (ãµãŒããŒããçŽæ¥ååŸããããšããèªåã§äœæããããšãã§ããŸã)ã ãŸããã¢ããªã±ãŒã·ã§ã³ã®æ§æãã¡ã€ã«ã sites_available ãã£ã¬ã¯ããªã«ãããŸã (ããã¯å¿
é ã§ã¯ãããŸãããã䟿å©ã§ã)ã æåã®ã±ãŒã¹ã§ã¯ãcopy ã¢ãžã¥ãŒã«ã䜿çšããŠãã¡ã€ã«ãã³ããŒããŸã (ãã¡ã€ã«ã¯ /ansible/roles/nginx/files/nginx.conf
ïŒã XNUMX ã€ç®ã§ã¯ããã³ãã¬ãŒããã³ããŒããå€æ°ã®å€ã眮ãæããŸãã ãã³ãã¬ãŒãã¯æ¬¡ã®ãšããã§ã /ansible/roles/nginx/templates/my_app.j2
ïŒã ãããŠãããã¯æ¬¡ã®ããã«ãªããŸã:
upstream {{ app_name }} {
server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name {{ server_name }} {{ inventory_hostname }};
root {{ app_path }}/current/public;
try_files $uri/index.html $uri.html $uri @{{ app_name }};
....
}
ã€ã³ãµãŒãã«æ³šç® {{ app_name }}
, {{ app_path }}
, {{ server_name }}
, {{ inventory_hostname }}
â ãããã¯ãã¹ãŠãAnsible ãã³ããŒããåã«ãã®å€ããã³ãã¬ãŒãã«ä»£å
¥ããå€æ°ã§ãã ããã¯ããã¹ãã®ããŸããŸãªã°ã«ãŒãã« Playbook ã䜿çšããå Žåã«äŸ¿å©ã§ãã ããšãã°ãã€ã³ãã³ã㪠ãã¡ã€ã«ãè¿œå ã§ããŸãã
[production]
123.123.123.123
[staging]
231.231.231.231
[all:vars]
user=my_user
user_password=123qweasd
[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app
[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_app
ããã§ãã¬ã€ããã¯ãèµ·åãããšãäž¡æ¹ã®ãã¹ãã«å¯ŸããŠæå®ãããã¿ã¹ã¯ãå®è¡ãããŸãã ãããåæã«ãã¹ããŒãžã³ã° ãã¹ãã®å Žåãå€æ°ã¯æ¬çªç°å¢ã®å€æ°ãšã¯ç°ãªããããŒã«ããã¬ã€ããã¯ã ãã§ãªããnginx æ§æãç°ãªããŸãã {{ inventory_hostname }}
ã€ã³ãã³ããªãŒãã¡ã€ã«ã§æå®ããå¿
èŠã¯ãããŸãã - ãã
è€æ°ã®ãã¹ãã®ã€ã³ãã³ã㪠ãã¡ã€ã«ãå¿
èŠã§ãXNUMX ã€ã®ã°ã«ãŒãã«å¯ŸããŠã®ã¿å®è¡ãããå Žåã¯ã次ã®ã³ãã³ãã䜿çšããŠå®è¡ã§ããŸãã
ansible-playbook -i inventory ./playbook.yml -l "staging"
ãã XNUMX ã€ã®ãªãã·ã§ã³ã¯ãç°ãªãã°ã«ãŒãã«å¯ŸããŠåå¥ã®ã€ã³ãã³ã㪠ãã¡ã€ã«ãçšæããããšã§ãã ãŸãã¯ãç°ãªããã¹ããå€æ°ããå Žåã¯ãXNUMX ã€ã®ã¢ãããŒããçµã¿åãããããšãã§ããŸãã
nginxã®èšå®ã«æ»ããŸãããã æ§æãã¡ã€ã«ãã³ããŒããåŸãsitest_enabled ã« sites_available ãã my_app.conf ãžã®ã·ã³ããªãã¯ãªã³ã¯ãäœæããå¿ èŠããããŸãã ãããŠnginxãåèµ·åããŸãã
... # old code in mail.yml
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restarted
ããã§ã¯ãã¹ãŠãåçŽã§ãããã¯ããããªãæšæºçãªæ§æãæ〠ansible ã¢ãžã¥ãŒã«ã§ãã ãããããã€ã³ãã XNUMX ã€ãããŸãã æ¯ånginxãåèµ·åããã®ã¯æå³ããããŸããã ããããããããããšãããããªã³ãã³ããæžããŠããã®ã§ã¯ãªããæ§æã¯ãããã¯ãã®ç¶æ ã§ãªããã°ãªããªãããšãããããªãã®ã§ããããšã«æ°ã¥ããã§ããããã ãããŠã»ãšãã©ã®å ŽåãããããŸãã« ansible ã®ä»çµã¿ã§ãã ã°ã«ãŒãããã§ã«ååšããå ŽåããŸãã¯ã·ã¹ãã ããã±ãŒãžããã§ã«ã€ã³ã¹ããŒã«ãããŠããå Žåãansible ã¯ããã確èªããŠã¿ã¹ã¯ãã¹ãããããŸãã ãŸãããã¡ã€ã«ããµãŒããŒäžã«æ¢ã«ååšãããã®ãšå®å šã«äžèŽããå Žåããã¡ã€ã«ã¯ã³ããŒãããŸããã ãããå©çšããŠãæ§æãã¡ã€ã«ãå€æŽãããå Žåã«ã®ã¿ nginx ãåèµ·åã§ããŸãã ããã«ã¯ register ãã£ã¬ã¯ãã£ãããããŸãã
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
register: restart_nginx
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'
register: restart_nginx
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restarted
when: restart_nginx.changed
èšå®ãã¡ã€ã«ã®ãããããå€æŽããããšãã³ããŒãäœæãããå€æ°ãç»é²ãããŸãã restart_nginx
ã ãã®å€æ°ãç»é²ãããŠããå Žåã«ã®ã¿ããµãŒãã¹ãåèµ·åãããŸãã
ãããŠãã¡ãããnginx ããŒã«ãã¡ã€ã³ ãã¬ã€ããã¯ã«è¿œå ããå¿ èŠããããŸãã
postgresqlã®ã»ããã¢ãã
nginx ã®å Žåãšåãæ¹æ³ã§ systemd ã䜿çšã㊠postgresql ãæå¹ã«ããããŒã¿ããŒã¹ãšããŒã¿ããŒã¹èªäœãžã®ã¢ã¯ã»ã¹ã«äœ¿çšãããŠãŒã¶ãŒãäœæããå¿
èŠããããŸãã
ããŒã«ãäœæããŸããã /ansible/roles/postgresql/tasks/main.yml
:
# Create user in postgresql
- name: enable postgresql and start
systemd:
name: postgresql
state: started
enabled: yes
- name: Create database user
become_user: postgres
postgresql_user:
name: "{{ db_user }}"
password: "{{ db_password }}"
role_attr_flags: SUPERUSER
- name: Create database
become_user: postgres
postgresql_db:
name: "{{ db_name }}"
encoding: UTF-8
owner: "{{ db_user }}"
ã€ã³ãã³ããªãŒã«å€æ°ãè¿œå ããæ¹æ³ãããã³ postgresql_db ããã³ postgresql_user ã¢ãžã¥ãŒã«ã®æ§æã«ã€ããŠã¯ããã§ã«äœåºŠãå®è¡ãããŠãããã説æããŸããã 詳现ã«ã€ããŠã¯ãããã¥ã¡ã³ããåç
§ããŠãã ããã ããã§æãèå³æ·±ããã£ã¬ã¯ãã£ãã¯ã become_user: postgres
ã å®éã®ãšãããããã©ã«ãã§ã¯ãpostgres ãŠãŒã¶ãŒã®ã¿ã postgresql ããŒã¿ããŒã¹ã«ããŒã«ã«ã§ã®ã¿ã¢ã¯ã»ã¹ã§ããŸãã ãã®ãã£ã¬ã¯ãã£ãã«ããããã®ãŠãŒã¶ãŒã«ä»£ãã£ãŠã³ãã³ããå®è¡ã§ããããã«ãªããŸã (ãã¡ããã¢ã¯ã»ã¹æš©ãããå Žå)ã
ãŸããæ°ãããŠãŒã¶ãŒãããŒã¿ããŒã¹ã«ã¢ã¯ã»ã¹ã§ããããã«ããã«ã¯ãpg_hba.conf ã«è¡ãè¿œå ããå¿
èŠãããå ŽåããããŸãã ããã¯ãnginx æ§æãå€æŽããã®ãšåãæ¹æ³ã§è¡ãããšãã§ããŸãã
ãããŠãã¡ãããpostgresql ããŒã«ãã¡ã€ã³ ãã¬ã€ããã¯ã«è¿œå ããå¿ èŠããããŸãã
rbenvçµç±ã§rubyãã€ã³ã¹ããŒã«ãã
Ansible ã«ã¯ rbenv ãæäœããããã®ã¢ãžã¥ãŒã«ã¯ãããŸããããgit ãªããžããªã®ã¯ããŒã³ãäœæããããšã§ã€ã³ã¹ããŒã«ãããŸãã ãããã£ãŠããã®åé¡ã¯æãéæšæºçãªåé¡ã«ãªããŸãã 圌女ã®åœ¹å²ãäœæããŸããã /ansible/roles/ruby_rbenv/main.yml
èšå
¥ãå§ããŸããã:
# Install rbenv and ruby
- name: Install rbenv
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenv
ãããã®ç®çã®ããã«äœæãããŠãŒã¶ãŒã®äžã§äœæ¥ããããã«ãbecome_user ãã£ã¬ã¯ãã£ããå床䜿çšããŸãã rbenv ã¯ã°ããŒãã«ã§ã¯ãªãããŒã ãã£ã¬ã¯ããªã«ã€ã³ã¹ããŒã«ãããããã§ãã ãŸããgit ã¢ãžã¥ãŒã«ã䜿çšããŠãªããžããªã®ã¯ããŒã³ãäœæããrepo ãš dest ãæå®ããŸãã
次ã«ãrbenv init ã bashrc ã«ç»é²ããããã® PATH ã« rbenv ãè¿œå ããå¿ èŠããããŸãã ãã®ããã«ãlineinfile ã¢ãžã¥ãŒã«ããããŸãã
- name: Add rbenv to PATH
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'
- name: Add rbenv init to bashrc
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'eval "$(rbenv init -)"'
次ã«ãruby_build ãã€ã³ã¹ããŒã«ããå¿ èŠããããŸãã
- name: Install ruby-build
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-build
ãããŠæåŸã«rubyãã€ã³ã¹ããŒã«ããŸãã ãã㯠rbenv ãä»ããŠãã€ãŸãåã« bash ã³ãã³ãã§å®è¡ãããŸãã
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
rbenv install {{ ruby_version }}
args:
executable: /bin/bash
ã©ã®ã³ãã³ããäœã䜿ã£ãŠå®è¡ããããæå®ããŸãã ãã ããããã§ãansible ã¯ã³ãã³ããå®è¡ããåã« bashrc ã«å«ãŸããã³ãŒããå®è¡ããªããšããäºå®ã«ééããŸãã ããã¯ãrbenv ãåãã¹ã¯ãªããå ã§çŽæ¥å®çŸ©ããå¿ èŠãããããšãæå³ããŸãã
次ã®åé¡ã¯ãã·ã§ã« ã³ãã³ãã«ã¯ Ansible ã®èŠ³ç¹ããã¯ç¶æ ããªãããšãåå ã§ãã ã€ãŸãããã®ããŒãžã§ã³ã® Ruby ãã€ã³ã¹ããŒã«ãããŠãããã©ããã®èªåãã§ãã¯ã¯è¡ãããŸããã ããã¯èªåã§ãè¡ãããšãã§ããŸãã
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
if ! rbenv versions | grep -q {{ ruby_version }}
then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
fi
args:
executable: /bin/bash
æ®ã£ãŠããã®ã¯ãã³ãã©ãŒãã€ã³ã¹ããŒã«ããããšã ãã§ãã
- name: Install bundler
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
gem install bundler
ãããŠããäžåºŠãããŒã« Ruby_rbenv ãã¡ã€ã³ ãã¬ã€ããã¯ã«è¿œå ããŸãã
å ±æãã¡ã€ã«ã
éåžžãã»ããã¢ããã¯ããã§å®äºããŸãã 次ã«ãæ®ã£ãŠããã®ã¯ãcapistrano ãå®è¡ããããšã ãã§ããããã«ãããã³ãŒãèªäœãã³ããŒãããå¿
èŠãªãã£ã¬ã¯ããªãäœæãããã¢ããªã±ãŒã·ã§ã³ãèµ·åãããŸã (ãã¹ãŠãæ£ããæ§æãããŠããå Žå)ã ãã ããcapistrano ã§ã¯å€ãã®å Žåã次ã®ãããªè¿œå ã®æ§æãã¡ã€ã«ãå¿
èŠã«ãªããŸãã database.yml
ãŸã㯠.env
ãããã¯ãnginx ã®ãã¡ã€ã«ããã³ãã¬ãŒããšåãããã«ã³ããŒã§ããŸãã 埮åŠãªç¹ã XNUMX ã€ã ããããŸãã ãã¡ã€ã«ãã³ããŒããåã«ã次ã®ãããªãã£ã¬ã¯ããªæ§é ãäœæããå¿
èŠããããŸãã
# Copy shared files for deploy
- name: Ensure shared dir
become_user: "{{ user }}"
file:
path: "{{ app_path }}/shared/config"
state: directory
ãã£ã¬ã¯ããªã XNUMX ã€ã ãæå®ãããšãå¿ èŠã«å¿ã㊠Ansible ãèªåçã«èŠªãã£ã¬ã¯ããªãäœæããŸãã
ã¢ã³ã·ãã«ããŒã«ã
å€æ°ã«ã¯ãŠãŒã¶ãŒã®ãã¹ã¯ãŒããªã©ã®æ©å¯ããŒã¿ãå«ãŸããå¯èœæ§ããããšããäºå®ã¯ãã§ã«ããã£ãŠããŸãã äœæããå Žå .env
ã¢ããªã±ãŒã·ã§ã³çšã®ãã¡ã€ã«ãããã³ database.yml
ãããããšããã®ãããªéèŠãªããŒã¿ãããã«ååšããã¯ãã§ãã èŠãèŠããé ãã®ãè¯ãã§ãããã ãã®ç®çã®ããã«äœ¿çšãããŸã
å€æ°çšã®ãã¡ã€ã«ãäœæããŸããã /ansible/vars/all.yml
(ããã§ã¯ãã€ã³ãã³ã㪠ãã¡ã€ã«ãšåæ§ã«ããã¹ãã®ç°ãªãã°ã«ãŒãã«å¯ŸããŠç°ãªããã¡ã€ã«ãäœæã§ããŸã:production.ymlãstaging.yml ãªã©)ã
æå·åããå¿
èŠããããã¹ãŠã®å€æ°ã¯ãæšæºã® yml æ§æã䜿çšããŠãã®ãã¡ã€ã«ã«è»¢éããå¿
èŠããããŸãã
# System vars
user_password: 123qweasd
db_password: 123qweasd
# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_base
ãã®åŸããã®ãã¡ã€ã«ã¯æ¬¡ã®ã³ãã³ãã§æå·åã§ããŸãã
ansible-vault encrypt ./vars/all.yml
åœç¶ã§ãããæå·åããå Žåã«ã¯åŸ©å·åçšã®ãã¹ã¯ãŒããèšå®ããå¿ èŠããããŸãã ãã®ã³ãã³ããåŒã³åºããåŸããã¡ã€ã«ã®å 容ã確èªã§ããŸãã
çšã㊠ansible-vault decrypt
ãã¡ã€ã«ã埩å·åããŠå€æŽããå床æå·åããããšãã§ããŸãã
äœæ¥ããããã«ãã¡ã€ã«ã埩å·åããå¿
èŠã¯ãããŸããã æå·åããŠä¿åããåŒæ°ãæå®ããŠãã¬ã€ããã¯ãå®è¡ããŸãã --ask-vault-pass
ã Ansible ã¯ãã¹ã¯ãŒããèŠæ±ããå€æ°ãååŸããã¿ã¹ã¯ãå®è¡ããŸãã ãã¹ãŠã®ããŒã¿ã¯æå·åããããŸãŸã«ãªããŸãã
ãã¹ãã®ããã€ãã®ã°ã«ãŒããš Ansible Vault ã®å®å šãªã³ãã³ãã¯æ¬¡ã®ããã«ãªããŸãã
ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-pass
ãã ãããã¬ã€ããã¯ãšããŒã«ã®å šæã¯æäŸããŸãããèªåã§æžããŠãã ããã ansible ã¯ãã®ãããªãã®ã§ãããããäœãããå¿ èŠãããã®ãââç解ããŠããªããã°ããããè¡ãããšã¯ã§ããŸããã
åºæïŒ habr.com