M'nkhaniyi, ndigawana zomwe ndakumana nazo pakukhazikitsa CI / CD pogwiritsa ntchito Plesk Control Panel ndi Github Actions. Lero tiphunzira momwe tingagwiritsire ntchito pulojekiti yosavuta ndi dzina losavuta "Helloworld". Zalembedwa mu Flask Python framework, ndi antchito a Selari ndi Angular 8 frontend.
Maulalo ku nkhokwe: , .
M’chigawo choyamba cha nkhaniyi, tiona ntchito yathu komanso mbali zake. Chachiwiri, tiwona momwe tingakhazikitsire Plesk ndikuyika zowonjezera ndi zigawo zofunika (DB, RabbitMQ, Redis, Docker, etc.).
Mu gawo lachitatu, tiwona momwe tingakhazikitsire payipi yotumizira pulojekiti yathu ku seva pamalo opangira ma prod. Kenako tidzakhazikitsa tsambalo pa seva.
Ndipo inde, ndinayiwala kudzidziwitsa ndekha. Dzina langa ndine Oleg Borzov, ndine wopanga zinthu zonse mu gulu la CRM la oyang'anira nyumba zanyumba ku Domclick.
Chidule cha polojekiti
Choyamba, tiyeni tiwone nkhokwe ziwiri za polojekiti - kumbuyo ndi kutsogolo - ndikudutsa pa code.
Kumbuyo: Botolo + Selari
Kumbuyo, ndinatenga gulu lomwe limadziwika kwambiri pakati pa opanga Python: Flask framework (ya API) ndi Selari (pamzere wantchito). SQLAchemy imagwiritsidwa ntchito ngati ORM. Alembic amagwiritsidwa ntchito kusamuka. Kwa kutsimikizika kwa JSON pamahatchi - Marshmallow.
В pali fayilo ya Readme.md yofotokoza mwatsatanetsatane kapangidwe kake ndi malangizo oyendetsera ntchitoyi.
zovuta kwambiri, zimakhala ndi zolembera 6:
/ping- kuyang'ana kupezeka;- amagwirizira kulembetsa, kuvomereza, kuchotsera chilolezo komanso kupeza wogwiritsa ntchito wovomerezeka;
- cholembera cha imelo chomwe chimayika ntchito pamzere wa Selari.
ngakhale zosavuta, pali vuto limodzi lokha send_mail_task.
Mu foda pali ma subfolders awiri:
dockerndi ma Dockerfiles awiri (base.dockerfilekupanga chithunzi chapansi chomwe sichisintha kawirikawiri ndiDockerfilepamisonkhano yayikulu);.env_files- ndi mafayilo okhala ndi zosintha zachilengedwe zamalo osiyanasiyana.
Pali mafayilo anayi a docker-compose pamizu ya polojekitiyi:
docker-compose.local.db.ymlkukweza nkhokwe yachitukuko mdera lanu;docker-compose.local.workers.ymlpakukwezera antchito, database, Redis ndi RabbitMQ;docker-compose.test.ymlkuyendetsa mayeso panthawi yotumiza;docker-compose.ymlza kutumiza.
Ndipo chikwatu chomaliza chomwe timakonda - . Ili ndi zolemba za shell kuti zitumizidwe:
deploy.sh- kukhazikitsidwa kwa kusamuka ndi kutumiza. Imathamanga pa seva mutatha kumanga ndi kuyesa mayesero mu Github Actions;rollback.sh- kubwezeretsanso zotengera ku mtundu wakale wa msonkhano;curl_tg.sh- kutumiza zidziwitso za kutumiza ku Telegraph.
Frontend pa Angular
zosavuta kwambiri kuposa Beck's. Kutsogolo kuli masamba atatu:
- Tsamba lalikulu lokhala ndi fomu yotumizira imelo ndi batani lotuluka.
- Tsamba lolowera.
- Tsamba lolembetsa.
Tsamba lalikulu likuwoneka ngati lopanda pake:
Pali mafayilo awiri pamizu Dockerfile и docker-compose.yml, komanso chikwatu chodziwika bwino .ci-cd yokhala ndi zolembera zocheperako kuposa zomwe zili kumbuyo (zolemba zochotsedwa zoyesa mayeso).
Kuyambitsa ntchito ku Plesk
Tiyeni tiyambe ndikukhazikitsa Plesk ndikupanga zolembetsa patsamba lathu.
Kuyika zowonjezera
Ku Plesk, tikufuna zowonjezera zinayi:
Dockerkuyang'anira ndikuwonetsa mawonekedwe a zotengera mu gulu la admin la Plesk;Gitkukonza sitepe yotumizira pa seva;Let's Encryptkupanga (ndi kukonzanso) ziphaso zaulere za TLS;Firewallkukonza kusefa kwa magalimoto omwe akubwera.
Mutha kuziyika kudzera pagulu la admin la Plesk mugawo la Zowonjezera:
Sitidzaganiziranso zatsatanetsatane pazowonjezera, zosintha zosasinthika zidzakwaniritsa zolinga zathu.
Pangani zolembetsa ndi tsamba
Kenako, tifunika kupanga zolembetsa patsamba lathu la helloworld.ru ndikuwonjezera dev.helloworld.ru subdomain pamenepo.
- Pangani zolembetsa za helloworld.ru ndikutchula dzina lachinsinsi la wogwiritsa ntchito:
Chongani bokosi pansi pa tsamba Tetezani domain ndi Let Encryptngati tikufuna kukhazikitsa HTTPS patsambali:
- Kenako, pakulembetsa uku, pangani subdomain dev.helloworld.ru (yomwe muthanso kutulutsa satifiketi yaulere ya TLS):
Kukhazikitsa Zida Zapa Server
Tili ndi seva OS Debian Stretch 9.12 ndi anaika control panel Plesk Obsidian 18.0.27.
Tiyenera kukhazikitsa ndikukonzekera polojekiti yathu:
- PostgreSQL (kwa ife, padzakhala seva imodzi yokhala ndi ma database awiri a dev ndi prod environments).
- RabbitMQ (yomweyi, chitsanzo chomwecho ndi ma vhosts osiyanasiyana madera).
- Zochitika ziwiri za Redis (za malo a dev ndi prod).
- Docker Registry (yosungirako komweko zithunzi za Docker).
- UI ya registry ya Docker.
PostgreSQL
Plesk amabwera kale ndi PostgreSQL DBMS, koma osati mtundu waposachedwa (panthawi yolemba Plesk Obsidian Mitundu ya Postgres 8.4-10.8). Tikufuna mtundu waposachedwa kwambiri wa pulogalamu yathu (12.3 panthawi yolemba), ndiye tiyiyika pamanja.
Подробных инструкций по установке Postgres на Debian в сети полно (), kotero sindiwafotokozera mwatsatanetsatane, ndingopereka malamulo:
wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sudo apt-get update
sudo apt-get install postgresql postgresql-contrib
Poganizira kuti PostgreSQL ili ndi makonda osasintha, ndikofunikira kukonza kasinthidwe. Izi zidzatithandiza : muyenera kuyendetsa mu magawo a seva yanu ndikusintha makonda mu fayilo /etc/postgresql/12/main/postgresql.confkwa omwe amaperekedwa. Zindikirani apa kuti zowerengera zotere sizinthu zamatsenga, ndipo maziko akuyenera kusinthidwa bwino kwambiri, kutengera zida zanu, kugwiritsa ntchito, komanso kuvutikira kwamafunso. Koma izi ndi zokwanira kuti tiyambe.
Kuphatikiza pa makonda omwe aperekedwa ndi chowerengera, timasinthanso postgresql.confdoko lokhazikika 5432 kupita ku lina (muchitsanzo chathu - 53983).
Mukasintha fayilo yosinthira, yambitsaninso postgresql-server ndi lamulo:
service postgresql restart
Takhazikitsa ndikusintha PostgreSQL. Tsopano tiyeni tipange nkhokwe, ogwiritsa ntchito ma dev ndi ma prod, ndikupatsa ogwiritsa ntchito ufulu woyang'anira nkhokwe:
$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT
KaluluMQ
Перейдем к установке RabbitMQ — брокера сообщений для Celery. Ставится он на Debian достаточно просто:
wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb
sudo apt-get update
sudo apt-get install erlang erlang-nox
sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install rabbitmq-server
Pambuyo unsembe, tiyenera kulenga mphamvu, ogwiritsa ntchito ndikupereka ufulu wofunikira:
sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"
sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"
Redis
Tsopano tiyeni tiyike ndikukonzekera gawo lomaliza la pulogalamu yathu - Redis. Idzagwiritsidwa ntchito ngati backend posungira zotsatira za ntchito za Selari.
Tidzakweza zotengera ziwiri za Docker zokhala ndi Redis za malo opangira ndi prod pogwiritsa ntchito kukulitsa Docker za Plesk.
- Timapita ku Plesk, pitani ku gawo la Extensions, yang'anani kukulitsa kwa Docker ndikuyiyika (tikufuna mtundu waulere):
- Pitani pazowonjezera zomwe zayikidwa, pezani chithunzicho posaka
redis bitnamindikukhazikitsa mtundu waposachedwa:
- Timalowa mu chidebe chotsitsidwa ndikusintha masinthidwe: tchulani doko, kukula kwa RAM komwe kumaperekedwa, mawu achinsinsi pamitundu yosiyanasiyana, ndikukweza voliyumu:
- Timachita masitepe 2-3 pachidebe cha prod, pazokonda timangosintha magawo: doko, mawu achinsinsi, kukula kwa RAM ndi njira yopita kufoda ya voliyumu pa seva:
Docker Registry
Kuphatikiza pa ntchito zoyambira, zingakhale bwino kuyika malo anu azithunzi za Docker pa seva. Mwamwayi, malo a seva tsopano ndi otsika mtengo (ndiotsika mtengo kwambiri kuposa kulembetsa kwa DockerHub), ndipo njira yokhazikitsira malo osungiramochinsinsi ndiyosavuta.
Tikufuna kukhala:
- Malo otetezedwa achinsinsi a Docker omwe amapezeka pa subdomain ;
- UI yowonera zithunzi munkhokwe, zomwe zikupezeka pa .
Kuti muchite izi:
- Tiyeni tipange ma subdomain awiri ku Plesk pakulembetsa kwathu: docker.helloworld.ru ndi docker-ui.helloworld.ru, ndikukonzekera Let's Encrypt satifiketi kwa iwo.
- Onjezani fayilo ku docker.helloworld.ru subdomain foda
docker-compose.ymlndi zinthu monga izi:version: "3" services: docker-registry: image: "registry:2" restart: always ports: - "53985:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: basic-realm REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - ./.docker-registry.htpasswd:/auth/.htpasswd - ./data:/data docker-registry-ui: image: konradkleine/docker-registry-frontend:v2 restart: always ports: - "53986:80" environment: VIRTUAL_HOST: '*, https://*' ENV_DOCKER_REGISTRY_HOST: 'docker-registry' ENV_DOCKER_REGISTRY_PORT: 5000 links: - 'docker-registry' - Pansi pa SSH, tidzapanga fayilo ya .htpasswd yovomerezeka Yoyambira munkhokwe ya Docker:
htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password - Sungani ndi kukweza zotengera:
docker-compose up -d - Ndipo tifunika kulondoleranso Nginx ku zotengera zathu. Izi zitha kuchitika kudzera ku Plesk.
Njira zotsatirazi ziyenera kuchitidwa pa docker.helloworld.ru ndi docker-ui.helloworld.ru subdomains:
gawo Zida Zida tsamba lathu kupita Malamulo a Proxy a Docker:
Ndipo onjezani lamulo pamayendedwe omwe akubwera ku chidebe chathu:
- Timayang'ana kuti titha kulowa mu chidebe chathu kuchokera pamakina akomweko:
$ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded - Tiyeni tiwonenso magwiridwe antchito a docker-ui.helloworld.ru subdomain:
Mukadina pa Sakatulani nkhokwe, msakatuli amawonetsa zenera lololeza pomwe muyenera kuyika dzina lolowera ndi mawu achinsinsi posungira. Pambuyo pake, tidzasamutsidwa kutsamba lomwe lili ndi mndandanda wazosungira (pakadali pano, sizikhala kwa inu):
Kutsegula madoko ku Plesk Firewall
Pambuyo kukhazikitsa ndi kukonza zigawozo, tiyenera kutsegula madoko kuti zigawozo zipezeke kuchokera ku zida za Docker ndi maukonde akunja.
Tiyeni tiwone momwe tingachitire izi pogwiritsa ntchito zowonjezera za Firewall za Plesk zomwe tidaziyika kale.
- Pitani ku Zida & Zikhazikiko> Zikhazikiko> Chiwombankhanga:
- Pitani ku Sinthani Malamulo a Plesk Firewall> Onjezani Lamulo Lachizolowezi ndikutsegula madoko otsatirawa a TCP a Docker subnet (172.0.0.0 / 8):
RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
Redis: 32785, 32786
- Tiwonjezeranso lamulo lomwe lidzatsegule madoko a PostgreSQL ndi mapanelo owongolera a RabbitMQ kudziko lakunja:
- Tsatirani malamulowo pogwiritsa ntchito batani la Ikani Zosintha:
Kukhazikitsa CI / CD mu Github Actions
Tiyeni titsike ku gawo losangalatsa kwambiri - kukhazikitsa payipi yophatikizira mosalekeza ndikupereka projekiti yathu ku seva.
Paipi iyi ikhala ndi magawo awiri:
- kumanga fano ndi kuyesa mayesero (kwa backend) - kumbali ya Github;
- kuthamanga kusuntha (kwa backend) ndikuyika zotengera - pa seva.
Pitani ku Plesk
Tiyeni tiyambe ndi mfundo yachiwiri (chifukwa yoyamba imadalira).
Tidzakonza njira yotumizira pogwiritsa ntchito kukulitsa kwa Git kwa Plesk.
Ganizirani zachitsanzo chokhala ndi malo a Prod posungirako Backend.
- Timapita pakulembetsa patsamba lathu la Helloworld ndikupita ku gawo la Git:
- Ikani ulalo kunkhokwe yathu ya Github mugawo la "Remote Git repository" ndikusintha chikwatu chosasinthika.
httpdocskwa wina (mwachitsanzo./httpdocs/hw_back):
- Lembani kiyi ya SSH Public kuchokera pagawo lapitalo ndi zake mu makonda a Github.
- Dinani Chabwino pawindo pa sitepe 2, pambuyo pake tidzatumizidwa ku tsamba losungirako ku Plesk. Tsopano tifunika kukonza zosungirako kuti zisinthidwe pazantchito ku nthambi ya master. Kuti muchite izi, pitani ku Zokonda Posungira ndi kusunga mtengo
Webhook URL(tidzazifuna pambuyo pake pokhazikitsa Github Actions):
- M'munda wa Zochita pa zenera kuchokera m'ndime yapitayi, lowetsani script kuti muyambe kutumiza:
cd {REPOSITORY_ABSOLUTE_PATH} .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID}kumene:
{REPOSITORY_ABSOLUTE_PATH}- njira yopita ku foda ya prod ya chosungira chakumbuyo pa seva;
{ENV}- chilengedwe (dev / prod), kwa ifeprod;
{DOCKER_REGISTRY_HOST}- gulu lathu losungiramo docker
{TG_BOT_TOKEN}- chizindikiro cha telegalamu;
{TG_CHAT_ID}- ID ya macheza/njira yotumizira zidziwitso.Script chitsanzo:
cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/ .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890 - Onjezani wogwiritsa ntchito kuchokera pakulembetsa kwathu ku gulu la Docker (kuti athe kuyang'anira zotengera):
sudo usermod -aG docker helloworld_admin
Dev chilengedwe cha backend repository ndi frontend amakhazikitsidwa chimodzimodzi.
Mapaipi otumizira mu Github Actions
Tiyeni tipitirire kukhazikitsa gawo loyamba la mapaipi athu a CI/CD mu Github Actions.
Bwererani
Njirayi ikufotokozedwa mu .
Koma tisanayiwerenge, tiyeni tidzaze Zosintha Zachinsinsi zomwe tikufuna mu Github. Kuti muchite izi, pitani ku Zokonda -> Zinsinsi:
DOCKER_REGISTRY- omwe ali ndi malo athu a Docker (docker.helloworld.ru);DOCKER_LOGIN- lowani kumalo osungirako a Docker;DOCKER_PASSWORD- password kwa izo;DEPLOY_HOST- khalani komwe gulu la admin la Plesk likupezeka (mwachitsanzo: :8443 pa :8443);DEPLOY_BACK_PROD_TOKEN- chizindikiro cha kutumizidwa ku prod-repository pa seva (tinachipeza mu Deployment in Plesk p. 4);DEPLOY_BACK_DEV_TOKEN- chizindikiro chotumizidwa kumalo osungira pa seva.
Njira yotumizira ndi yosavuta ndipo ili ndi njira zitatu zazikulu:
- kumanga ndi kusindikiza chithunzicho munkhokwe yathu;
- kuyesa mayeso mu chidebe chotengera chithunzi chomangidwa chatsopano;
- kutumizidwa kumalo omwe mukufuna kutengera nthambi (dev/master).
Frontend
zosiyana pang'ono ndi Beck's. Ilibe sitepe yokhala ndi mayeso othamanga ndikusintha mayina a ma tokeni kuti atumizidwe. Zinsinsi za malo akutsogolo, mwa njira, ziyenera kudzazidwa padera.
Kupanga tsamba
Kupititsa patsogolo magalimoto kudzera mu Nginx
Chabwino, ife tafika ku mapeto. Zimangotsala pang'ono kukonza mayendedwe obwera ndi otuluka ku chidebe chathu kudzera mu Nginx. Takambirana kale izi mu gawo 5 la kukhazikitsa kwa Docker Registry. Zomwezo ziyenera kubwerezedwanso kumbuyo ndi kutsogolo m'malo a dev ndi prod.
Ndikupatsani zowonera pazokonda.
Bwererani
Frontend
Kumveketsa bwino. Ma URL onse adzatumizidwa ku chidebe chakutsogolo, kupatula omwe akuyamba nawo /api/ - Adzalumikizidwa ku chidebe chakumbuyo (chotero mu chidebe chakumbuyo, onse ogwira ntchito ayenera kuyamba nawo /api/).
Zotsatira
Tsopano tsamba lathu liyenera kupezeka helloworld.ru ndi dev.helloworld.ru (prod- and dev-environments, motsatana).
Ponseponse, taphunzira momwe tingakonzekerere ntchito yosavuta mu Flask ndi Angular ndikukhazikitsa payipi mu Github Actions kuti titulutse ku seva yomwe ikuyenda Plesk.
Ndibwereza maulalo osungiramo ndi code: , .
Source: www.habr.com
