🥇Kukhazikitsa seva yotumizira pulogalamu ya Rails pogwiritsa ntchito Ansible

Osati kale kwambiri ndinafunika kulemba mabuku angapo a Ansible kuti ndikonzekere seva kuti igwiritse ntchito Rails application. Ndipo, chodabwitsa, sindinapeze buku losavuta latsatane-tsatane. Sindinkafuna kutengera buku lamasewera la munthu wina popanda kumvetsetsa zomwe zikuchitika, ndipo pamapeto pake ndimayenera kuwerenga zolembazo, ndikusonkhanitsa zonse ndekha. Mwina ndingathandize wina kufulumizitsa njirayi mothandizidwa ndi nkhaniyi.

Chinthu choyamba kumvetsetsa ndichakuti ansible amakupatsirani mawonekedwe osavuta kuti mupange mndandanda wodziwikiratu pa seva (ma) akutali kudzera pa SSH. Palibe zamatsenga pano, simungathe kukhazikitsa pulogalamu yowonjezera ndikupeza zero kutsitsa pulogalamu yanu ndi docker, kuyang'anira ndi zina zabwino m'bokosi. Kuti mulembe buku lamasewera, muyenera kudziwa zomwe mukufuna kuchita komanso momwe mungachitire. Ichi ndichifukwa chake sindikukhutira ndi mabuku osewerera opangidwa okonzeka ochokera ku GitHub, kapena zolemba monga: "Koperani ndikuyendetsa, zigwira ntchito."

Kodi tikufuna chiyani?

Monga ndanenera kale, kuti mulembe buku lamasewera muyenera kudziwa zomwe mukufuna kuchita komanso momwe mungachitire. Tiyeni tisankhe zomwe tikufuna. Pa ntchito ya Rails tidzafunika ma phukusi angapo: nginx, postgresql (redis, etc.). Kuphatikiza apo, timafunikira mtundu wina wa ruby. Ndibwino kuyiyika kudzera pa rbenv (rvm, asdf...). Kuthamanga zonsezi ngati wogwiritsa ntchito mizu nthawi zonse kumakhala kolakwika, kotero muyenera kupanga wogwiritsa ntchito payekha ndikukonza ufulu wake. Pambuyo pake, muyenera kukweza kachidindo yathu ku seva, kukopera ma configs a nginx, postgres, ndi zina zotero ndikuyamba ntchito zonsezi.

Chifukwa chake, kutsatizana kwa zochita kumakhala motere:

Lowani ngati mizu
kukhazikitsa phukusi phukusi
pangani wogwiritsa ntchito watsopano, sinthani maufulu, ssh key
sinthani phukusi ladongosolo (nginx etc) ndikuyendetsa
Timapanga wogwiritsa ntchito mu database (mutha kupanga database nthawi yomweyo)
Lowani ngati wosuta watsopano
Ikani rbenv ndi ruby
Kuyika bundler
Kukweza khodi ya pulogalamu
Kukhazikitsa seva ya Puma

Kuphatikiza apo, magawo omaliza atha kuchitidwa pogwiritsa ntchito capistrano, osachepera m'bokosi amatha kukopera kachidindo m'makalata omasulidwa, kusintha kumasulidwa ndi symlink pakutumiza bwino, kukopera ma configs kuchokera pagawo logawana, kuyambitsanso puma, ndi zina zambiri. Zonsezi zitha kuchitika pogwiritsa ntchito Ansible, koma chifukwa chiyani?

Mapangidwe a fayilo

Ansible ali okhwima kapangidwe ka fayilo pamafayilo anu onse, ndiye kuti ndibwino kuti zonse zisungidwe m'malo osiyanasiyana. Komanso, sikofunikira kwambiri ngati kudzakhala mu njanji ntchito palokha, kapena mosiyana. Mutha kusunga mafayilo m'malo osiyanasiyana a git. Inemwini, ndapeza kuti ndizosavuta kupanga chikwatu chovomerezeka mu / config chikwatu cha ntchito ya njanji ndikusunga zonse munkhokwe imodzi.

Playbook yosavuta

Playbook ndi fayilo ya yml yomwe, pogwiritsa ntchito mawu apadera, imalongosola zomwe Ansible ayenera kuchita ndi momwe. Tiyeni tipange buku loyamba lamasewera lomwe silimachita kalikonse:

---
- name: Simple playbook
  hosts: all

Apa timangonena kuti buku lathu lamasewera limatchedwa Simple Playbook ndi kuti zomwe zili mkati mwake ziyenera kuchitidwa kwa makamu onse. Titha kuzisunga mu / chikwatu choyenera ndi dzina playbook.yml ndikuyesera kuthamanga:

ansible-playbook ./playbook.yml

PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matched

Ansible akuti sakudziwa omwe ali nawo omwe amafanana ndi mndandanda wonse. Ayenera kulembedwa mwapadera fayilo ya inventory.

Tiyeni tipange mu chikwatu chomwechi:

123.123.123.123

Umu ndi momwe timangofotokozera wolandila (makamaka omwe ali ndi VPS yathu kuti ayesere, kapena mutha kulembetsa localhost) ndikusunga pansi pa dzina. inventory.
Mutha kuyesa kuyendetsa bwino ndi fayilo ya invetory:

ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************

PLAY RECAP ************************************************************************************************************************************

Ngati muli ndi mwayi wofikira kwa ssh kwa omwe adatchulidwa, ndiye kuti ansible adzalumikiza ndikusonkhanitsa zambiri zamtundu wakutali. (TASK yosasinthika [Kusonkhanitsa Zowona]) pambuyo pake ipereka lipoti lalifupi la kuphedwako (PLAY RECAP).

Mwachikhazikitso, kulumikizana kumagwiritsa ntchito dzina lolowera lomwe mwalowa mudongosolo. Mosakayika sizikhala pa wolandirayo. Mufayilo ya playbook, mutha kutchula wogwiritsa ntchito kuti mulumikizane ndi remote_user malangizo. Komanso, zambiri zokhudza makina akutali nthawi zambiri zimakhala zosafunikira kwa inu ndipo musataye nthawi kuzisonkhanitsa. Ntchitoyi imathanso kuyimitsidwa:

---
- name: Simple playbook
  hosts: all
  remote_user: root
  become: true
  gather_facts: no

Yesaninso kuyambitsanso playbook ndikuwonetsetsa kuti kulumikizana kukugwira ntchito. (Ngati mudatchula wogwiritsa ntchito, ndiye kuti muyeneranso kutchula kukhala: chowonadi kuti mupeze ufulu wapamwamba. Monga momwe zalembedwera muzolembazo: become set to ‘true’/’yes’ to activate privilege escalation. ngakhale sizikudziwikiratu chifukwa chake).

Mwina mudzalandira cholakwika chifukwa choti ansible sangathe kudziwa womasulira wa Python, ndiye mutha kufotokoza pamanja:

ansible_python_interpreter: /usr/bin/python3

Mutha kudziwa komwe muli ndi python ndi lamulo whereis python.

Kukhazikitsa phukusi ladongosolo

Kugawa kokhazikika kwa Ansible kumaphatikizapo ma module ambiri ogwirira ntchito ndi ma phukusi osiyanasiyana, chifukwa chake sitiyenera kulemba bash script pazifukwa zilizonse. Tsopano tikufunika imodzi mwama module awa kuti tisinthe dongosolo ndikuyika phukusi ladongosolo. Ndili ndi Ubuntu Linux pa VPS yanga, kotero kuti ndiike mapaketi omwe ndimagwiritsa ntchito apt-get и module kwa izo. Ngati mukugwiritsa ntchito machitidwe osiyanasiyana, ndiye kuti mungafunike gawo losiyana (kumbukirani, ndinanena pachiyambi kuti tiyenera kudziwa pasadakhale zomwe tingachite komanso momwe tingachitire). Komabe, mawuwo atha kukhala ofanana.

Tiyeni tiwonjezere buku lathu lamasewera ndi ntchito zoyamba:

---
- name: Simple playbook
  hosts: all
  remote_user: root
  become: true
  gather_facts: no

  tasks:
    - name: Update system
      apt: update_cache=yes
    - name: Install system dependencies
      apt:
        name: git,nginx,redis,postgresql,postgresql-contrib
        state: present

Ntchito ndi ntchito yomwe Ansible angachite pa ma seva akutali. Timapereka dzina la ntchitoyi kuti tithe kuyang'anira ntchito yake mu chipika. Ndipo timafotokozera, pogwiritsa ntchito mawu amtundu wina, zomwe ziyenera kuchita. Pamenepa apt: update_cache=yes - akuti kukonzanso phukusi ladongosolo pogwiritsa ntchito apt module. Lamulo lachiwiri ndi lovuta kwambiri. Timadutsa mndandanda wamapaketi ku apt module ndikuti ndi state ayenera kukhala present, ndiye kuti, timati ikani mapaketiwa. Mofananamo, tingawauze kuti awafufute, kapena asinthe mwa kungowasintha state. Chonde dziwani kuti kuti njanji zigwire ntchito ndi postgresql timafunikira phukusi la postgresql-contrib, lomwe tikukhazikitsa tsopano. Apanso, muyenera kudziwa ndikuchita izi; ozindikira paokha sangachite izi.

Yesaninso kuyambitsanso playbook ndikuwonetsetsa kuti phukusi lakhazikitsidwa.

Kupanga ogwiritsa ntchito atsopano.

Kuti mugwire ntchito ndi ogwiritsa ntchito, Ansible ilinso ndi gawo - wogwiritsa ntchito. Tiyeni tiwonjeze ntchito ina (ndinabisa mbali zodziwika kale za bukhu lamasewera kumbuyo kwa ndemanga kuti ndisazikopere nthawi zonse):

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Add a new user
      user:
        name: my_user
        shell: /bin/bash
        password: "{{ 123qweasd | password_hash('sha512') }}"

Timapanga wogwiritsa ntchito watsopano, timayika schell ndi mawu achinsinsi ake. Ndiyeno timakumana ndi mavuto angapo. Nanga bwanji ngati mayina olowera akuyenera kukhala osiyana kwa olandila osiyanasiyana? Ndipo kusunga mawu achinsinsi m'malemba omveka bwino m'buku lamasewera ndi lingaliro loipa kwambiri. Poyamba, tiyeni tiyike dzina lolowera ndi mawu achinsinsi m'mitundu yosiyanasiyana, ndipo kumapeto kwa nkhaniyi ndikuwonetsa momwe mungasinthire mawu achinsinsi.

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Add a new user
      user:
        name: "{{ user }}"
        shell: /bin/bash
        password: "{{ user_password | password_hash('sha512') }}"

Zosintha zimayikidwa m'mabuku osewerera pogwiritsa ntchito zingwe zopindika pawiri.

Tidzawonetsa kufunikira kwa zosinthika mufayilo yazinthu:

123.123.123.123

[all:vars]
user=my_user
user_password=123qweasd

Samalani ndi malangizo [all:vars] - imanena kuti chipika chotsatira cha malemba ndi zosinthika (vars) ndipo zimagwira ntchito kwa onse omwe ali nawo (onse).

Mapangidwewo ndi osangalatsa "{{ user_password | password_hash('sha512') }}". Chowonadi ndi chakuti ansible sayika wosuta kudzera user_add monga mungachitire pamanja. Ndipo imapulumutsa deta yonse mwachindunji, chifukwa chake tiyeneranso kutembenuza mawu achinsinsi kukhala hashi pasadakhale, zomwe ndi zomwe lamuloli limachita.

Tiyeni tiwonjezere wogwiritsa ntchito pagulu la sudo. Komabe, izi zisanachitike tiyenera kuonetsetsa kuti gulu lotere lilipo chifukwa palibe amene angatichitire izi:

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Ensure a 'sudo' group
      group:
        name: sudo
        state: present
    - name: Add a new user
      user:
        name: "{{ user }}"
        shell: /bin/bash
        password: "{{ user_password | password_hash('sha512') }}"
        groups: "sudo"

Chilichonse ndichosavuta, tilinso ndi gawo lamagulu lopanga magulu, okhala ndi mawu ofanana kwambiri ndi apt. Ndiye ndikwanira kulembetsa gulu ili kwa wogwiritsa ntchito (groups: "sudo").
Ndizothandizanso kuwonjezera kiyi ya ssh kwa wogwiritsa ntchitoyu kuti titha kulowamo kugwiritsa ntchito popanda mawu achinsinsi:

---
- name: Simple playbook
  # ...
  tasks:
    # ...
    - name: Ensure a 'sudo' group
      group:
      name: sudo
        state: present
    - name: Add a new user
      user:
        name: "{{ user }}"
        shell: /bin/bash
        password: "{{ user_password | password_hash('sha512') }}"
        groups: "sudo"
    - name: Deploy SSH Key
      authorized_key:
        user: "{{ user }}"
        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
        state: present

Pankhaniyi, mapangidwewo ndi osangalatsa "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - imakopera zomwe zili mu fayilo ya id_rsa.pub (dzina lanu likhoza kukhala losiyana), ndiko kuti, gawo lachinsinsi la ssh ndikuyiyika pamndandanda wa makiyi ovomerezeka kwa wogwiritsa ntchito pa seva.

Ntchito

Ntchito zonse zitatu zopangira ntchito zitha kugawidwa mosavuta m'gulu limodzi la ntchito, ndipo lingakhale lingaliro labwino kusunga gululi mosiyana ndi buku lalikulu lamasewera kuti lisakule kwambiri. Pachifukwa ichi, Ansible ali maudindo.
Malinga ndi mawonekedwe a fayilo omwe asonyezedwa koyambirira, maudindo ayenera kuikidwa m'ndandanda ya maudindo osiyana, pa gawo lililonse pali chikwatu chosiyana ndi dzina lomwelo, mkati mwa ntchito, mafayilo, ma templates, ndi zina.
Tiyeni tipange fayilo: ./ansible/roles/user/tasks/main.yml (chachikulu ndi fayilo yayikulu yomwe idzakwezedwa ndikuchitidwa gawo likalumikizidwa ndi buku lamasewera; mafayilo ena atha kulumikizidwa nawo). Tsopano mutha kusamutsa ntchito zonse zokhudzana ndi wogwiritsa ntchito ku fayilo iyi:

# Create user and add him to groups
- name: Ensure a 'sudo' group
  group:
    name: sudo
    state: present

- name: Add a new user
  user:
    name: "{{ user }}"
    shell: /bin/bash
    password: "{{ user_password | password_hash('sha512') }}"
    groups: "sudo"

- name: Deploy SSH Key
  authorized_key:
    user: "{{ user }}"
    key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    state: present

M'buku lalikulu lamasewera, muyenera kufotokoza kuti mugwiritse ntchito ntchito:

---
- name: Simple playbook
  hosts: all
  remote_user: root
  gather_facts: no

  tasks:
    - name: Update system
      apt: update_cache=yes
    - name: Install system dependencies
      apt:
        name: git,nginx,redis,postgresql,postgresql-contrib
        state: present

  roles:
    - user

Komanso, zitha kukhala zomveka kusinthira dongosolo musanayambe ntchito zina zonse; kuti muchite izi, mutha kutchulanso chipikacho tasks m'mene iwo akufotokozedwa mu pre_tasks.

Kupanga nginx

Tiyenera kukhala ndi Nginx kale; tiyenera kuyikonza ndikuyiyendetsa. Tiyeni tichite izo nthawi yomweyo mu udindo. Tiyeni tipange fayilo:

- ansible
  - roles
    - nginx
      - files
      - tasks
        - main.yml
      - templates

Tsopano tikufuna mafayilo ndi ma tempuleti. Kusiyana pakati pawo ndikuti ansible amakopera mafayilo mwachindunji, monga momwe zilili. Ndipo ma templates ayenera kukhala ndi j2 yowonjezera ndipo amatha kugwiritsa ntchito zinthu zosinthika pogwiritsa ntchito zingwe zopindika ziwiri.

Tiyeni tilowetse nginx mkati main.yml wapamwamba. Kwa ichi tili ndi systemd module:

# Copy nginx configs and start it
- name: enable service nginx and start
  systemd:
    name: nginx
    state: started
    enabled: yes

Apa sitikunena kuti nginx iyenera kuyambitsidwa (ndiko kuti, timayiyambitsa), koma timanena nthawi yomweyo kuti iyenera kuyatsidwa.
Tsopano tiyeni tikopere mafayilo osinthira:

# Copy nginx configs and start it
- name: enable service nginx and start
  systemd:
    name: nginx
    state: started
    enabled: yes

- name: Copy the nginx.conf
  copy:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes

- name: Copy template my_app.conf
  template:
    src: my_app_conf.j2
    dest: /etc/nginx/sites-available/my_app.conf
    owner: root
    group: root
    mode: '0644'

Timapanga fayilo yayikulu yosinthira nginx (mutha kuitenga mwachindunji kuchokera pa seva, kapena lembani nokha). Komanso fayilo yosinthira kuti tigwiritse ntchito patsamba_lomwe likupezeka (izi sizofunikira koma zothandiza). Poyamba, timagwiritsa ntchito gawo la kukopera kukopera mafayilo (fayilo iyenera kukhala mkati /ansible/roles/nginx/files/nginx.conf). Chachiwiri, timatengera template, m'malo mwazosintha. Template iyenera kukhala mkati /ansible/roles/nginx/templates/my_app.j2). Ndipo zitha kuwoneka motere:

upstream {{ app_name }} {
  server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}

server {
  listen 80;
  server_name {{ server_name }} {{ inventory_hostname }};
  root {{ app_path }}/current/public;

  try_files $uri/index.html $uri.html $uri @{{ app_name }};
  ....
}

Samalani zoyikapo {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} - awa ndi mitundu yonse yomwe mfundo zake Ansible zidzalowa m'malo mwa template musanakopere. Izi ndizothandiza ngati mugwiritsa ntchito buku lamasewera lamagulu osiyanasiyana olandila. Mwachitsanzo, titha kuwonjezera fayilo yathu yazinthu:

[production]
123.123.123.123

[staging]
231.231.231.231

[all:vars]
user=my_user
user_password=123qweasd

[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app

[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_app

Ngati tsopano tiyambitsa playbook yathu, idzachita ntchito zomwe zatchulidwa onse omwe ali nawo. Koma panthawi imodzimodziyo, kwa wolandira masitepe, zosinthika zidzakhala zosiyana ndi zomwe zimapanga, osati mu maudindo ndi mabuku amasewera, komanso mu nginx configs. {{ inventory_hostname }} siziyenera kufotokozedwa mu fayilo yazinthu - izi kusintha kwapadera koyenera ndipo wolandira amene buku lamasewera likugwiritsidwa ntchito pano amasungidwa pamenepo.
Ngati mukufuna kukhala ndi fayilo yokhala ndi makamu angapo, koma kungothamangira gulu limodzi, izi zitha kuchitika ndi lamulo ili:

ansible-playbook -i inventory ./playbook.yml -l "staging"

Njira ina ndikukhala ndi mafayilo osiyana amagulu osiyanasiyana. Kapena mutha kuphatikiza njira ziwirizo ngati muli ndi makamu ambiri osiyanasiyana.

Tiyeni tibwererenso kukhazikitsa nginx. Pambuyo kukopera mafayilo osinthidwira, tifunika kupanga symlink mu sitest_enabled to my_app.conf kuchokera kumasamba_available. Ndipo yambitsaninso nginx.

... # old code in mail.yml

- name: Create symlink to sites-enabled
  file:
    src: /etc/nginx/sites-available/my_app.conf
    dest: /etc/nginx/sites-enabled/my_app.conf
    state: link

- name: restart nginx
  service:
    name: nginx
    state: restarted

Chilichonse ndi chophweka apa - ma modules omveka omwe ali ndi syntax yokhazikika. Koma pali mfundo imodzi. Palibe chifukwa choyambitsanso nginx nthawi zonse. Kodi mwawona kuti sitimalemba malamulo monga: "chitani chonchi", mawuwa amawoneka ngati "izi ziyenera kukhala ndi chikhalidwe ichi". Ndipo nthawi zambiri izi ndi momwe zimagwirira ntchito. Ngati gululo lilipo kale, kapena phukusi ladongosolo lakhazikitsidwa kale, ndiye kuti ansible adzayang'ana izi ndikudumpha ntchitoyo. Komanso, mafayilo sangakopedwe ngati akugwirizana kwathunthu ndi zomwe zili kale pa seva. Titha kugwiritsa ntchito izi ndikuyambitsanso nginx pokhapokha ngati mafayilo osinthika asinthidwa. Pali lamulo lolembetsa la izi:

# Copy nginx configs and start it
- name: enable service nginx and start
  systemd:
    name: nginx
    state: started
    enabled: yes

- name: Copy the nginx.conf
  copy:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes
  register: restart_nginx

- name: Copy template my_app.conf
  template:
    src: my_app_conf.j2
    dest: /etc/nginx/sites-available/my_app.conf
    owner: root
    group: root
    mode: '0644'
  register: restart_nginx

- name: Create symlink to sites-enabled
  file:
    src: /etc/nginx/sites-available/my_app.conf
    dest: /etc/nginx/sites-enabled/my_app.conf
    state: link

- name: restart nginx
  service:
    name: nginx
    state: restarted
  when: restart_nginx.changed

Ngati imodzi mwa mafayilo osinthika asintha, kopi idzapangidwa ndipo kusinthako kudzalembedwa restart_nginx. Ndipo pokhapokha ngati kusinthaku kwalembetsedwa pomwe ntchitoyo idzayambiranso.

Ndipo, zowona, muyenera kuwonjezera gawo la nginx ku buku lalikulu lamasewera.

Kupanga postgresql

Tiyenera kuthandizira postgresql kugwiritsa ntchito systemd mofanana ndi momwe tinachitira ndi nginx, ndikupanganso wogwiritsa ntchito yemwe tidzamugwiritse ntchito kuti apeze database ndi database yokha.
Tiyeni tipange gawo /ansible/roles/postgresql/tasks/main.yml:

# Create user in postgresql
- name: enable postgresql and start
  systemd:
    name: postgresql
    state: started
    enabled: yes

- name: Create database user
  become_user: postgres
  postgresql_user:
    name: "{{ db_user }}"
    password: "{{ db_password }}"
    role_attr_flags: SUPERUSER

- name: Create database
  become_user: postgres
  postgresql_db:
    name: "{{ db_name }}"
    encoding: UTF-8
    owner: "{{ db_user }}"

Sindidzafotokozera momwe mungawonjezere zosinthika kuzinthu, izi zachitika kale nthawi zambiri, komanso ma syntax a postgresql_db ndi postgresql_user modules. Zambiri zitha kupezeka muzolemba. Lamulo losangalatsa kwambiri apa ndi become_user: postgres. Chowonadi ndi chakuti mwachisawawa, wogwiritsa ntchito postgres yekha ndi amene amatha kupeza database ya postgresql komanso kwanuko. Lamuloli likutilola kuti tizitsatira malamulo m'malo mwa wogwiritsa ntchitoyo (ngati tili ndi mwayi, inde).
Komanso, mungafunike kuwonjezera mzere ku pg_hba.conf kuti wogwiritsa ntchito watsopano alowe munkhokwe. Izi zitha kuchitika chimodzimodzi monga tidasinthira nginx config.

Ndipo zowonadi, muyenera kuwonjezera gawo la postgresql ku buku lalikulu lamasewera.

Kuyika ruby kudzera rbenv

Ansible ilibe ma module ogwirira ntchito ndi rbenv, koma imayikidwa popanga git repository. Chifukwa chake, vutoli limakhala losavomerezeka kwambiri. Tiyeni timupangire udindo /ansible/roles/ruby_rbenv/main.yml ndipo tiyambe kudzaza:

# Install rbenv and ruby
- name: Install rbenv
  become_user: "{{ user }}"
  git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenv

Timagwiritsanso ntchito kukhala_user malangizo kuti tigwire ntchito ndi wogwiritsa ntchito omwe tidawapangira izi. Popeza rbenv imayikidwa m'ndandanda wake wakunyumba, osati padziko lonse lapansi. Ndipo timagwiritsanso ntchito gawo la git kugwirizanitsa chosungira, kufotokoza repo ndi dest.

Kenako, tiyenera kulembetsa rbenv init mu bashrc ndikuwonjezera rbenv ku PATH pamenepo. Pachifukwa ichi tili ndi lineinfile module:

- name: Add rbenv to PATH
  become_user: "{{ user }}"
  lineinfile:
    path: ~/.bashrc
    state: present
    line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'

- name: Add rbenv init to bashrc
  become_user: "{{ user }}"
  lineinfile:
    path: ~/.bashrc
    state: present
    line: 'eval "$(rbenv init -)"'

Kenako muyenera kukhazikitsa ruby_build:

- name: Install ruby-build
  become_user: "{{ user }}"
  git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-build

Ndipo potsiriza kukhazikitsa ruby. Izi zimachitika kudzera mu rbenv, ndiye kuti, ndi lamulo la bash:

- name: Install ruby
  become_user: "{{ user }}"
  shell: |
    export PATH="${HOME}/.rbenv/bin:${PATH}"
    eval "$(rbenv init -)"
    rbenv install {{ ruby_version }}
  args:
    executable: /bin/bash

Timanena lamulo loti tigwire komanso ndi chiyani. Komabe, apa tikukumana ndi mfundo yakuti ansible samayendetsa kachidindo kamene kali mu bashrc musanayambe kulamulira. Izi zikutanthauza kuti rbenv iyenera kufotokozedwa mwachindunji muzolemba zomwezo.

Vuto lotsatira ndi chifukwa chakuti lamulo la chipolopolo liribe boma kuchokera kumalo ovomerezeka. Ndiye kuti, sipadzakhala cheke chodziwikiratu ngati mtundu uwu wa ruby wayikidwa kapena ayi. Titha kuchita izi tokha:

- name: Install ruby
  become_user: "{{ user }}"
  shell: |
    export PATH="${HOME}/.rbenv/bin:${PATH}"
    eval "$(rbenv init -)"
    if ! rbenv versions | grep -q {{ ruby_version }}
      then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
    fi
  args:
    executable: /bin/bash

Zomwe zatsala ndikuyika bundler:

- name: Install bundler
  become_user: "{{ user }}"
  shell: |
    export PATH="${HOME}/.rbenv/bin:${PATH}"
    eval "$(rbenv init -)"
    gem install bundler

Ndipo kachiwiri, onjezani gawo lathu ruby_rbenv ku playbook yayikulu.

Mafayilo ogawana.

Mwambiri, kukhazikitsa kutha kumalizidwa apa. Chotsatira, zonse zomwe zatsala ndikuyendetsa capistrano ndipo itengera kachidindo komweko, kupanga zolembera zofunika ndikuyambitsa pulogalamuyo (ngati zonse zakonzedwa bwino). Komabe, capistrano nthawi zambiri imafuna mafayilo owonjezera, monga database.yml kapena .env Atha kukopera ngati mafayilo ndi ma tempulo a nginx. Pali chinyengo chimodzi chokha. Musanayambe kukopera mafayilo, muyenera kuwapangira chikwatu, chonga ichi:

# Copy shared files for deploy
- name: Ensure shared dir
  become_user: "{{ user }}"
  file:
    path: "{{ app_path }}/shared/config"
    state: directory

timatchula chikwatu chimodzi chokha ndipo ansible adzapanga okha makolo ngati pakufunika.

Ansible Vault

Tapeza kale kuti zosintha zimatha kukhala ndi data yachinsinsi monga mawu achinsinsi a wogwiritsa ntchito. Ngati mwapanga .env fayilo yofunsira, ndi database.yml ndiye payenera kukhala zambiri zofunika kwambiri. Zingakhale bwino kuzibisa kuti zisamawoneke. Pachifukwa ichi amagwiritsidwa ntchito chipinda chogona.

Tiyeni tipange fayilo yamitundu yosiyanasiyana /ansible/vars/all.yml (apa mutha kupanga mafayilo osiyanasiyana amagulu osiyanasiyana a makamu, monga momwe ziliri mu fayilo yosungira: production.yml, staging.yml, ndi zina).
Zosintha zonse zomwe ziyenera kubisidwa ziyenera kusamutsidwa ku fayiloyi pogwiritsa ntchito syntax ya yml:

# System vars
user_password: 123qweasd
db_password: 123qweasd

# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_base

Pambuyo pake fayiloyi ikhoza kusungidwa ndi lamulo:

ansible-vault encrypt ./vars/all.yml

Mwachilengedwe, mukabisala, muyenera kukhazikitsa mawu achinsinsi kuti mutsitse. Mutha kuwona zomwe zidzakhale mkati mwa fayilo mutayimba lamulo ili.

Ndi chithandizo cha ansible-vault decrypt Fayilo imatha kusinthidwa, kusinthidwa ndikusinthidwanso.

Simufunikanso kutsitsa fayilo kuti mugwire ntchito. Mumasunga mobisa ndikuyendetsa buku lamasewera ndi mkangano --ask-vault-pass. Ansible adzafunsa achinsinsi, kupeza zosinthika, ndi kuchita ntchito. Zonse zizikhala zobisika.

Lamulo lathunthu lamagulu angapo a makamu ndi vault yowoneka bwino idzawoneka motere:

ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-pass

Koma sindikupatsani zolemba zonse zamasewera ndi maudindo, lembani nokha. Chifukwa ansible ali choncho - ngati simukumvetsa zomwe zikuyenera kuchitika, ndiye kuti sizikuchitirani inu.

Source: www.habr.com

Kukhazikitsa seva kuti igwiritse ntchito Rails pogwiritsa ntchito Ansible

Kodi tikufuna chiyani?

Mapangidwe a fayilo

Playbook yosavuta

Kukhazikitsa phukusi ladongosolo

Kupanga ogwiritsa ntchito atsopano.

Ntchito

Kupanga nginx

Kupanga postgresql

Kuyika ruby kudzera rbenv

Mafayilo ogawana.

Ansible Vault

Kuwonjezera ndemanga kuletsa reply

Kukhazikitsa seva kuti igwiritse ntchito Rails pogwiritsa ntchito Ansible

Kodi tikufuna chiyani?

Mapangidwe a fayilo

Playbook yosavuta

Kukhazikitsa phukusi ladongosolo

Kupanga ogwiritsa ntchito atsopano.

Ntchito

Kupanga nginx

Kupanga postgresql

Kuyika ruby ​​​​kudzera rbenv

Mafayilo ogawana.

Ansible Vault

Kuwonjezera ndemanga kuletsa reply

Kuyika ruby kudzera rbenv