ProHoster > Блог > Whakahaerenga > Te whakatu i tetahi tūmau ki te tuku tono Rails ma te whakamahi i te Ansible

Te whakatu i tetahi tūmau ki te tuku tono Rails ma te whakamahi i te Ansible

No mua tata nei i hiahia ahau ki te tuhi i etahi pukapuka takaro Ansible hei whakarite i te tūmau mo te tuku tono Rails. Na, he mea whakamiharo, kaore au i kitea he pukapuka-a-taahiraa ngawari. Kaore au i pai ki te kape i te pukapuka takaro a tetahi atu me te kore e mohio ki nga mea e tupu ana, a, i te mutunga me panui au i nga tuhinga, me te kohikohi i nga mea katoa. Ka taea pea e au te awhina i tetahi kia tere ake tenei mahi ma te awhina o tenei tuhinga.

Ko te mea tuatahi ki te mohio ko te ansible ka whakarato koe i tetahi atanga watea ki te mahi i tetahi rarangi mahi kua tautuhia ki runga i te (ng) tūmau mamao ma te SSH. Karekau he makutu i konei, kaore e taea e koe te whakauru i tetahi mono me te tango i te kore o te tukunga o to tono me te docker, te aroturuki me etahi atu mea pai i waho o te pouaka. Hei tuhi pukapuka takaro, me mohio koe he aha taau e hiahia ana me pehea te mahi. Koinei te take kaore au i te makona ki nga pukapuka takaro kua rite mai i GitHub, me nga tuhinga penei: "Topihia ka oma, ka mahi."

He aha ta tatou e hiahia ana?

Ka rite ki taku korero i mua ake nei, mo te tuhi pukapuka takaro me mohio koe ki taau e hiahia ana me pehea te mahi. Me whakatau he aha ta tatou e hiahia ai. Mo te tono Rails ka hiahia matou ki etahi kohinga punaha: nginx, postgresql (redis, etc). I tua atu, e hiahia ana matou he putanga motuhake o te rupi. He pai ake te whakauru ma te rbenv (rvm, asdf...). Ko te whakahaere i enei mea katoa hei kaiwhakamahi pakiaka he whakaaro kino tonu, na me hanga e koe he kaiwhakamahi motuhake me te whirihora i ona tika. I muri i tenei, me tuku e koe to maatau waehere ki te tūmau, kape nga whirihoranga mo te nginx, postgres, aha atu ka timata i enei ratonga katoa.

Ko te mutunga, ko te raupapa o nga mahi e whai ake nei:

  1. Takiuru hei pakiaka
  2. tāuta pōkai pūnaha
  3. hanga he kaiwhakamahi hou, whirihora tika, ssh key
  4. whirihora i nga kohinga punaha (nginx etc) ka whakahaere
  5. Ka waihangahia e matou he kaiwhakamahi i roto i te papaa raraunga (ka taea e koe te hanga i tetahi papaa raraunga)
  6. Takiuru hei kaiwhakamahi hou
  7. Tāutahia te rbenv me te rupi
  8. Te whakauru i te paihere
  9. Te tuku i te waehere tono
  10. Te whakarewa i te tūmau Puma

I tua atu, ko nga waahanga whakamutunga ka taea te whakamahi ma te whakamahi i te capistrano, i te iti rawa i waho o te pouaka ka taea e ia te kape i te waehere ki roto i nga raarangi tuku, ka huri i te tuku me te hono hono i runga i te tukunga angitu, te kape i nga whirihora mai i te raarangi tiritahi, te whakaara ano i te puma, me era atu. Ka taea enei mea katoa ma te whakamahi i te Ansible, engari he aha?

Hanganga kōnae

He pakari a Ansible hanganga kōnae mo o kōnae katoa, no reira he pai ki te pupuri i nga mea katoa ki tetahi raarangi motuhake. I tua atu, ehara i te mea nui mena ka uru ki roto i te tono reera ake, ka wehe ke ranei. Ka taea e koe te penapena i nga konae ki roto i tetahi putunga git motuhake. Ko ahau ake, i kitea e au he tino watea ki te hanga i tetahi raarangi tuuturu i roto i te raarangi / config o te tono reera me te penapena i nga mea katoa ki roto i te putunga kotahi.

Pukataka ngawari

Ko te pukapuka purei he kōnae yml, ma te whakamahi i te wetereo motuhake, e whakaatu ana i nga mahi a Ansible me pehea. Hangaia te pukapuka takaro tuatahi kaore he mahi:

---
- name: Simple playbook
  hosts: all

I konei ka kii noa matou ko ta matou pukapuka takaro ko te ingoa Simple Playbook a kia mahia nga mea o roto mo nga ope katoa. Ka taea e matou te tiaki i roto i te whaiaronga / ansible me te ingoa playbook.yml ka ngana ki te rere:

ansible-playbook ./playbook.yml

PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matched

E ai ki a Ansible karekau ia e mohio ki nga kaihautu e taurite ana ki nga rarangi katoa. Me whakarārangihia i roto i te motuhake kōnae rārangi.

Me hanga e tatou i roto i te whaiaronga ansible kotahi:

123.123.123.123

Ma tenei ka tohu noa i te kaihautu (ko te kaihautu o a maatau VPS mo te whakamatautau, ka taea ranei e koe te rehita localhost) ka penapena ki raro i te ingoa inventory.
Ka taea e koe te ngana ki te whakahaere ansible me te konae raarangi:

ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************

PLAY RECAP ************************************************************************************************************************************

Mena kei a koe te uru ssh ki te kaihautu kua tohua, ka hono a ansible me te kohikohi korero mo te punaha mamao. (TASK taunoa [Kohikohi Meka]) muri iho ka tukuna he purongo poto mo te mahi (PLAY RECAP).

Ma te taunoa, ka whakamahi te hononga i te ingoa kaiwhakamahi i uru ai koe ki te punaha. Kare pea i runga i te kaihautu. I roto i te konae pukapuka purei, ka taea e koe te tautuhi ko wai te kaiwhakamahi hei hono ma te whakamahi i te arata'i remote_user. Ano, ko nga korero e pa ana ki tetahi punaha mamao kaore pea e hiahiatia ki a koe, me kaua e moumou taima ki te kohi. Ka taea hoki te whakakore i tenei mahi:

---
- name: Simple playbook
  hosts: all
  remote_user: root
  become: true
  gather_facts: no

Ngana ki te whakahaere ano i te pukapuka takaro me te mohio kei te mahi te hononga. (Mēnā i tohua e koe te kaiwhakamahi pakiaka, me whakapūtā hoki koe i te riro: tino tohutohu kia whai mana teitei. Kua tuhia ki te tuhinga: become set to ‘true’/’yes’ to activate privilege escalation. ahakoa kaore i te tino marama he aha).

Tena pea ka whiwhi koe i tetahi hapa na te mea kaore e taea e ansible te whakatau i te kaiwhakamaori Python, katahi ka taea e koe te tohu ma te ringa:

ansible_python_interpreter: /usr/bin/python3

Ka kitea e koe kei hea koe i te python me te whakahau whereis python.

Te whakauru i nga kohinga punaha

Kei roto i te tohatoha paerewa a Ansible he maha nga waahanga mo te mahi me nga momo kete punaha, no reira kaore matou e tuhi i nga tuhinga bash mo etahi take. Inaianei kei te hiahia matou ki tetahi o enei waahanga hei whakahou i te punaha me te whakauru i nga kohinga punaha. Kei a au te Linux Ubuntu i runga i taku VPS, na ki te whakauru i nga kohinga ka whakamahia e au apt-get и kōwae mō reira. Mena kei te whakamahi koe i tetahi punaha whakahaere rereke, ka hiahia pea koe ki tetahi waahanga rereke (mahara, i kii ahau i te timatanga me mohio maatau me pehea te mahi). Heoi, ka rite tonu te wetereo.

Me taapiri i ta maatau pukapuka takaro me nga mahi tuatahi:

---
- name: Simple playbook
  hosts: all
  remote_user: root
  become: true
  gather_facts: no

  tasks:
    - name: Update system
      apt: update_cache=yes
    - name: Install system dependencies
      apt:
        name: git,nginx,redis,postgresql,postgresql-contrib
        state: present

Ko te mahi tonu te mahi ka mahia e Ansible i runga i nga tūmau mamao. Ka hoatu e matou he ingoa mo te mahi kia taea ai e matou te whai i tana mahi i roto i te raarangi. Ka whakaahuahia e matou, ma te whakamahi i te wetereo o tetahi waahanga motuhake, he aha te mahi. I tenei take apt: update_cache=yes - e kii ana ki te whakahou i nga kohinga punaha ma te whakamahi i te waahanga tika. Ko te whakahau tuarua he uaua ake. Ka tukuna e matou he rarangi o nga kohinga ki te waahanga tika me te kii ko ratou state me riro present, ara, e kii ana matou kia whakauruhia enei kete. Waihoki, ka taea e tatou te korero ki a raatau kia mukua, whakahou ranei ma te whakarereke noa state. Kia mahara mai mo te reera ki te mahi me te postgresql ka hiahia matou ki te kete postgresql-contrib, kei te whakauruhia e matou inaianei. Ano, me mohio koe me mahi i tenei; karekau e mahi i tenei.

Ngana ki te whakahaere ano i te pukapuka takaro ka tirohia kua whakauruhia nga kete.

Te hanga kaiwhakamahi hou.

Hei mahi tahi me nga kaiwhakamahi, kei a Ansible tetahi waahanga - kaiwhakamahi. Me tapiri tetahi atu mahi (I huna e ahau nga waahanga kua mohiotia o te pukapuka takaro ki muri i nga korero kia kore ai e kape katoa i nga wa katoa): 

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Add a new user
      user:
        name: my_user
        shell: /bin/bash
        password: "{{ 123qweasd | password_hash('sha512') }}"

Ka waihangahia e matou he kaiwhakamahi hou, ka whakatauhia he schell me te kupuhipa mo taua mea. Na ka rere tatou ki etahi raruraru. He aha mehemea me rereke nga ingoa ingoa mo nga kaihautu rereke? A ko te penapena i te kupuhipa i roto i nga tuhinga maamaa i roto i te pukapuka takaro he whakaaro kino. Hei timata, me whakauru te ingoa kaiwhakamahi me te kupuhipa ki nga taurangi, a ki te mutunga o te tuhinga ka whakaatu ahau me pehea te whakamuna i te kupuhipa.

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Add a new user
      user:
        name: "{{ user }}"
        shell: /bin/bash
        password: "{{ user_password | password_hash('sha512') }}"

Ka whakatakotohia nga taurangi ki roto i nga pukapuka takaro ma te whakamahi i nga taiapa korikori rua.

Ka tohuhia e matou nga uara o nga taurangi i roto i te konae pukapuka:

123.123.123.123

[all:vars]
user=my_user
user_password=123qweasd

Kia tupato ki te tohutohu [all:vars] - e kii ana he taurangi (vars) te poraka o te tuhinga e whai ake nei, ka tika ki nga kaihautu katoa (katoa).

He whakamere hoki te hoahoa "{{ user_password | password_hash('sha512') }}". Ko te mea kaore e whakauruhia e ansible te kaiwhakamahi ma user_add penei me mahi a ringa koe. A ka tiakina tika nga raraunga katoa, na reira me huri ano tatou i te kupuhipa ki roto i te hash i mua, koinei te mahi a tenei whakahau.

Me taapiri to tatou kaiwhakamahi ki te roopu sudo. Heoi, i mua i tenei me tino mohio kei te noho taua roopu na te mea kaore tetahi e mahi i tenei mo tatou:

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Ensure a 'sudo' group
      group:
        name: sudo
        state: present
    - name: Add a new user
      user:
        name: "{{ user }}"
        shell: /bin/bash
        password: "{{ user_password | password_hash('sha512') }}"
        groups: "sudo"

He maamaa noa nga mea katoa, kei a matou ano he roopu roopu mo te hanga roopu, me te wetereo e tino rite ana ki te apt. Na ka nui ki te rehita i tenei roopu ki te kaiwhakamahi (groups: "sudo").
He pai hoki ki te taapiri i tetahi taviri ssh ki tenei kaiwhakamahi kia taea ai e matou te whakauru ki te whakamahi me te kore he kupuhipa:

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Ensure a 'sudo' group
      group:
      name: sudo
        state: present
    - name: Add a new user
      user:
        name: "{{ user }}"
        shell: /bin/bash
        password: "{{ user_password | password_hash('sha512') }}"
        groups: "sudo"
    - name: Deploy SSH Key
      authorized_key:
        user: "{{ user }}"
        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
        state: present

I tenei take, he mea whakamere te hoahoa "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" — ka kape i nga ihirangi o te konae id_rsa.pub (he rereke pea to ingoa), ara, ko te waahanga whanui o te taviri ssh ka tukuna atu ki te rarangi o nga taviri whai mana mo te kaiwhakamahi i runga i te tūmau.

Ngā Rohe

Ko nga mahi e toru mo te hanga whakamahi ka ngawari ki te whakarōpūhia ki te roopu mahi kotahi, he pai ki te penapena wehe i tenei roopu mai i te pukapuka takaro matua kia kore ai e tipu rawa. Mo tenei kaupapa, kei a Ansible tūranga.
E ai ki te hanganga o te konae i tohuhia i te timatanga, me whakanoho nga mahi ki roto i te raarangi mahi motuhake, mo ia mahi he raarangi motuhake me te ingoa kotahi, kei roto i nga mahi, nga konae, nga tauira, me era atu raarangi.
Me hanga he hanganga kōnae: ./ansible/roles/user/tasks/main.yml (ko matua te konae matua ka utaina, ka mahia ina honoa he mahi ki te pukapuka takaro; ka taea te hono atu etahi atu konae mahi ki a ia). Inaianei ka taea e koe te whakawhiti i nga mahi katoa e pa ana ki te kaiwhakamahi ki tenei konae:

# Create user and add him to groups
- name: Ensure a 'sudo' group
  group:
    name: sudo
    state: present

- name: Add a new user
  user:
    name: "{{ user }}"
    shell: /bin/bash
    password: "{{ user_password | password_hash('sha512') }}"
    groups: "sudo"

- name: Deploy SSH Key
  authorized_key:
    user: "{{ user }}"
    key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    state: present

I roto i te pukapuka purei matua, me tohu koe ki te whakamahi i te mahi a te kaiwhakamahi:

---
- name: Simple playbook
  hosts: all
  remote_user: root
  gather_facts: no

  tasks:
    - name: Update system
      apt: update_cache=yes
    - name: Install system dependencies
      apt:
        name: git,nginx,redis,postgresql,postgresql-contrib
        state: present

  roles:
    - user

Ano, he mea tika ki te whakahou i te punaha i mua i era atu mahi katoa; ki te mahi i tenei, ka taea e koe te whakaingoa ano i te poraka tasks kei roto i a raatau e tautuhia ana pre_tasks.

Te whakatu nginx

Me whakauruhia a Nginx; me whirihora me te whakahaere. Me mahi tonu i roto i te mahi. Me hanga he hanganga kōnae:

- ansible
  - roles
    - nginx
      - files
      - tasks
        - main.yml
      - templates

Inaianei kei te hiahia matou i nga konae me nga tauira. Ko te rereketanga i waenga i a raatau ko te kape tika i nga konae, penei. Ko nga tauira me whai i te toronga j2 ka taea e raatau te whakamahi i nga uara rereke ma te whakamahi i nga taiapa riipene rua.

Kia whakahohea te nginx ki roto main.yml kōnae. Mo tenei kei a matou he kōwae systemd:

# Copy nginx configs and start it
- name: enable service nginx and start
  systemd:
    name: nginx
    state: started
    enabled: yes

I konei ehara i te kii anake me timata te nginx (ara, ka whakarewahia e matou), engari ka kii tonu me whakahoe.
Inaianei me kape nga konae whirihoranga:

# Copy nginx configs and start it
- name: enable service nginx and start
  systemd:
    name: nginx
    state: started
    enabled: yes

- name: Copy the nginx.conf
  copy:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes

- name: Copy template my_app.conf
  template:
    src: my_app_conf.j2
    dest: /etc/nginx/sites-available/my_app.conf
    owner: root
    group: root
    mode: '0644'

Ka hangaia e matou te konae whirihoranga nginx matua (ka taea e koe te tango tika mai i te tūmau, tuhia ranei e koe). Me te konae whirihoranga mo ta maatau tono kei roto i te raarangi waahi_e waatea ana (kaore tenei e tika engari he pai). I te keehi tuatahi, ka whakamahia e matou te waahanga kape hei kape i nga konae (me uru te konae /ansible/roles/nginx/files/nginx.conf). I te tuarua, ka kapehia e matou te tauira, ka whakakapi i nga uara o nga taurangi. Me uru te tauira ki roto /ansible/roles/nginx/templates/my_app.j2). A penei pea te ahua penei:

upstream {{ app_name }} {
  server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}

server {
  listen 80;
  server_name {{ server_name }} {{ inventory_hostname }};
  root {{ app_path }}/current/public;

  try_files $uri/index.html $uri.html $uri @{{ app_name }};
  ....
}

Kia tupato ki nga whakauru {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} — koinei nga taurangi katoa ka whakakapia e Ansible nga uara ki te tauira i mua i te kape. Ka whai hua tenei ki te whakamahi koe i tetahi pukapuka takaro mo nga roopu ope rereke. Hei tauira, ka taea e taatau te taapiri i ta maatau konae pukapuka:

[production]
123.123.123.123

[staging]
231.231.231.231

[all:vars]
user=my_user
user_password=123qweasd

[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app

[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_app

Mena ka whakarewahia ta maatau pukapuka takaro, ka mahia e ia nga mahi kua tohua mo nga kaihautu e rua. Engari i te wa ano, mo te kaihautu whakaari, ka rereke nga taurangi mai i nga mahi whakaputa, kaore i roto i nga mahi me nga pukapuka whakaari anake, engari i roto i nga whirihora nginx. {{ inventory_hostname }} e kore e tika kia tohua i roto i te konae pukapuka - tenei taurangi ansible motuhake a ko te kaihautu kei te whakahaeretia te pukapuka takaro i tenei wa ka rongoa ki reira.
Mena kei te pirangi koe ki te whai konae pukapuka mo nga kaihautu maha, engari ka whakahaere mo te roopu kotahi anake, ka taea tenei ma te whakahau e whai ake nei:

ansible-playbook -i inventory ./playbook.yml -l "staging"

Ko tetahi atu whiringa ko te wehe i nga konae raarangi mo nga roopu rereke. Ka taea ranei e koe te whakakotahi i nga huarahi e rua mena he maha nga kaihautu rereke.

Me hoki ano ki te whakarite nginx. Whai muri i te kape i nga konae whirihoranga, me hanga he hononga hono ki sitest_enabled ki my_app.conf mai i sites_available. Na ka timata ano te nginx.

... # old code in mail.yml

- name: Create symlink to sites-enabled
  file:
    src: /etc/nginx/sites-available/my_app.conf
    dest: /etc/nginx/sites-enabled/my_app.conf
    state: link

- name: restart nginx
  service:
    name: nginx
    state: restarted

He ngawari nga mea katoa i konei - ano nga waahanga e taea ana me te wetereo tino paerewa. Engari kotahi ano te waahi. Kaore he take ki te whakaara ano i te nginx i nga wa katoa. Kua kite koe kaore matou e tuhi i nga whakahau penei: "mahi penei", te ahua o te syntax "me penei te ahua". A ko te nuinga o nga wa ka penei te mahi a ansible. Mena kei te noho tonu te roopu, kua oti ke ranei te whakauru i te kete punaha, ka tirohia e ansible ka pekehia te mahi. Ano hoki, e kore e kapea nga konae mena ka rite tonu ki nga mea kei runga i te tūmau. Ka taea e taatau te whakamahi me te whakaara ano i te nginx mena kua hurihia nga konae whirihoranga. He tohutohu rehita mo tenei:

# Copy nginx configs and start it
- name: enable service nginx and start
  systemd:
    name: nginx
    state: started
    enabled: yes

- name: Copy the nginx.conf
  copy:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes
  register: restart_nginx

- name: Copy template my_app.conf
  template:
    src: my_app_conf.j2
    dest: /etc/nginx/sites-available/my_app.conf
    owner: root
    group: root
    mode: '0644'
  register: restart_nginx

- name: Create symlink to sites-enabled
  file:
    src: /etc/nginx/sites-available/my_app.conf
    dest: /etc/nginx/sites-enabled/my_app.conf
    state: link

- name: restart nginx
  service:
    name: nginx
    state: restarted
  when: restart_nginx.changed

Mena ka huri tetahi o nga konae whirihoranga, ka mahia he kape ka rehitatia te taurangi restart_nginx. Mena kua rehitatia tenei taurangi ka timata ano te ratonga.

A, ko te tikanga, me taapiri koe i te mahi nginx ki te pukapuka takaro matua.

Te whakatu postgresql

Me whakaahei tatou i te postgresql ma te whakamahi i te systemd kia rite ki ta maatau mahi ki te nginx, me te hanga ano i tetahi kaiwhakamahi ka whakamahia e maatau ki te uru atu ki te papaaarangi me te papaaarangi ake.
Me hanga he mahi /ansible/roles/postgresql/tasks/main.yml:

# Create user in postgresql
- name: enable postgresql and start
  systemd:
    name: postgresql
    state: started
    enabled: yes

- name: Create database user
  become_user: postgres
  postgresql_user:
    name: "{{ db_user }}"
    password: "{{ db_password }}"
    role_attr_flags: SUPERUSER

- name: Create database
  become_user: postgres
  postgresql_db:
    name: "{{ db_name }}"
    encoding: UTF-8
    owner: "{{ db_user }}"

Kaore au e whakaahua me pehea te taapiri i nga taurangi ki te raarangi, he maha nga wa kua mahia tenei, me te syntax o nga waahanga postgresql_db me postgresql_user. Ka kitea etahi atu korero i roto i nga tuhinga. Ko te tino tohutohu kei konei become_user: postgres. Ko te meka ko te mea na te taunoa, ko te kaiwhakamahi postgres anake te uru ki te paataka raraunga postgresql me te rohe anake. Ma tenei tohutohu ka taea e matou te whakahaere i nga whakahau mo tenei kaiwhakamahi (mehemea ka uru matou, o te akoranga).
Ano, me taapiri pea koe i tetahi raina ki pg_hba.conf kia taea ai e tetahi kaiwhakamahi hou te uru ki te papaunga raraunga. Ka taea te mahi penei me te whakarereke i te whirihora nginx.

Ae ra, me taapiri koe i te mahi postgresql ki te pukapuka takaro matua.

Te whakauru rupi ma rbenv

Karekau he tauira a Ansible mo te mahi tahi me rbenv, engari ka whakauruhia ma te kati i te putunga git. Na reira, ko tenei raruraru ka tino kore-paerewa. Me hanga he mahi mona /ansible/roles/ruby_rbenv/main.yml a kia timata tatou ki te whakaki:

# Install rbenv and ruby
- name: Install rbenv
  become_user: "{{ user }}"
  git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenv

Ka whakamahi ano matou i te arataunga riro_kaiwhakamahi ki te mahi i raro i te kaiwhakamahi i hanga e matou mo enei kaupapa. I te mea kua whakauruhia a rbenv ki tana raarangi kaainga, kaore i te ao. A ka whakamahi ano matou i te git module ki te kati i te putunga, me te tohu repo me te dest.

Muri iho, me rehita rbenv init i roto i te bashrc me te taapiri i te rbenv ki PATH ki reira. Mo tenei, kei a maatau te waahanga raina:

- name: Add rbenv to PATH
  become_user: "{{ user }}"
  lineinfile:
    path: ~/.bashrc
    state: present
    line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'

- name: Add rbenv init to bashrc
  become_user: "{{ user }}"
  lineinfile:
    path: ~/.bashrc
    state: present
    line: 'eval "$(rbenv init -)"'

Na me whakauru koe ruby_build:

- name: Install ruby-build
  become_user: "{{ user }}"
  git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-build

Ka mutu ka whakauruhia te rupi. Ka mahia tenei ma te rbenv, ara, me te whakahau bash:

- name: Install ruby
  become_user: "{{ user }}"
  shell: |
    export PATH="${HOME}/.rbenv/bin:${PATH}"
    eval "$(rbenv init -)"
    rbenv install {{ ruby_version }}
  args:
    executable: /bin/bash

E ki ana matou ko tehea whakahau hei whakahaere me te aha. Heoi, i konei ka kitea e maatau kaore e whakahaerehia e te ansible te waehere kei roto i te bashrc i mua i te whakahaere i nga whakahau. Ko te tikanga me tautuhi tika te rbenv ki te tuhinga kotahi.

Ko te raru e whai ake nei na te mea karekau he ahua o te whakahau anga mai i te tirohanga ansible. Arā, karekau he tirotiro aunoa mena kua whakauruhia tenei momo rupi, kaore ranei. Ka taea e taatau ake tenei:

- name: Install ruby
  become_user: "{{ user }}"
  shell: |
    export PATH="${HOME}/.rbenv/bin:${PATH}"
    eval "$(rbenv init -)"
    if ! rbenv versions | grep -q {{ ruby_version }}
      then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
    fi
  args:
    executable: /bin/bash

Ko nga mea e toe ana ko te whakauru i te paihere:

- name: Install bundler
  become_user: "{{ user }}"
  shell: |
    export PATH="${HOME}/.rbenv/bin:${PATH}"
    eval "$(rbenv init -)"
    gem install bundler

A ano, taapirihia ta maatau mahi ruby_rbenv ki te pukapuka takaro matua.

Kōnae tiritahi.

I te nuinga, ka taea te whakaoti i te tatūnga ki konei. I muri mai, ko nga mea katoa e toe ana ko te whakahaere i te capistrano ka kapehia e ia te waehere ake, ka waihangahia nga raarangi e tika ana me te whakarewa i te tono (mehemea kua whirihora tika nga mea katoa). Heoi, he maha nga wa e hiahia ana te capistrano i etahi atu konae whirihoranga, penei i database.yml ranei .env Ka taea te kape pera me nga konae me nga tauira mo te nginx. Kotahi noa te hianga. I mua i te kape i nga konae, me hanga e koe he hanganga whaiaronga mo ratou, penei:

# Copy shared files for deploy
- name: Ensure shared dir
  become_user: "{{ user }}"
  file:
    path: "{{ app_path }}/shared/config"
    state: directory

ka tohua e matou kia kotahi anake te raarangi ka hangaia e te ansible nga matua mena e tika ana.

Pouaka Taea

Kua tae mai ki a matou te meka ka taea e nga taurangi te whakauru i nga raraunga ngaro penei i te kupuhipa a te kaiwhakamahi. Mena kua hanga e koe .env kōnae mo te tono, a database.yml katahi ka nui noa atu nga raraunga whakahirahira. He pai ki te huna i a raatau mai i nga karu. Mo tenei kaupapa ka whakamahia whare herehere.

Me hanga he konae mo nga taurangi /ansible/vars/all.yml (i konei ka taea e koe te hanga i nga konae rereke mo nga roopu o nga kaihautu, pera ano i te konae rarangi ingoa: production.yml, staging.yml, etc).
Ko nga taurangi katoa me whakamuna me whakawhiti ki tenei konae ma te whakamahi i te wetereo yml paerewa:

# System vars
user_password: 123qweasd
db_password: 123qweasd

# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_base

Whai muri ka taea te whakamuna i tenei konae ki te whakahau:

ansible-vault encrypt ./vars/all.yml

Ko te tikanga, i te wa e whakamuna ana, ka hiahia koe ki te whakatakoto kupuhipa mo te wetemuna. Ka taea e koe te kite he aha kei roto i te konae i muri i te karanga i tenei whakahau.

Ma te awhina o ansible-vault decrypt ka taea te wetewete i te konae, te whakarereke me te whakamuna ano.

Kaore koe e hiahia ki te wetemuna i te konae kia mahi. Ka rokirokia e koe kua whakamunatia ka whakahaere i te pukapuka takaro me te tohenga --ask-vault-pass. Ka tono a Ansible mo te kupuhipa, ka tiki i nga taurangi, ka mahia nga mahi. Ka noho whakamunatia nga raraunga katoa.

Ko te whakahau katoa mo te maha o nga roopu o nga kaihautu me nga waahi ka taea te ahua penei:

ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-pass

Engari e kore ahau e hoatu ki a koe te katoa o nga pukapuka whakaari me nga mahi, tuhia e koe. No te mea he pera ano te ansible - ki te kore koe e mohio ki nga mea e tika ana kia mahia, kare e mahia maau.

Source: will.com

Tāpiri i te kōrero