I lenei tusiga, o le a ou faʻasoa atu loʻu poto masani i le faʻatulagaina o le CI / CD e faʻaaoga ai le Plesk Control Panel ma Github Actions. O le asō o le a tatou aʻoaʻoina pe faʻapefea ona faʻapipiʻi se galuega faigofie ma le igoa le lavelave "Helloworld". O loʻo tusia i le Flask Python framework, faʻatasi ai ma tagata faigaluega Seleri ma le Angular 8 pito i luma.

So'oga i fale teu oloa: pito i tua, pito i luma.

I le vaega muamua o le tusiga, o le a tatou tilotilo i la tatou poloketi ma ona vaega. I le lona lua, o le a tatou mafaufau pe faʻafefea ona seti Plesk ma faʻapipiʻi faʻaopoopoga manaʻomia ma vaega (DB, RabbitMQ, Redis, Docker, ma isi).

I le vaega lona tolu, o le a iu lava ina tatou iloa pe faʻafefea ona faʻatutuina se paipa mo le faʻapipiʻiina o la tatou poloketi i se 'auʻaunaga i totonu o se siosiomaga dev ma prod. Ona matou tatalaina lea o le saite i luga o le server.

Ma ioe, ua galo ia te au ona faailoa atu au lava. O loʻu igoa o Oleg Borzov, o aʻu o se tagata atiaʻe atoatoa i le vaega CRM mo pule mokesi i Domclick.

Vaaiga aoao aoao

Muamua, seʻi o tatou vaʻavaʻai i fale teu oloa e lua - tua ma luma - ma alu i luga o le code.

I tua: Flask + Seleli

Mo le pito i tua, na ou aveina se fusi e sili ona lauiloa i le au atinaʻe Python: o le Flask framework (mo le API) ma le Seleri (mo le faʻasologa o galuega). SQLAchemy e faʻaaogaina e pei ole ORM. Alembic e faʻaaogaina mo femalagaiga. Mo JSON faʻamaonia i au - Marshmallow.

В faleteuoloa o loʻo i ai se faila Readme.md ma faʻamatalaga auiliili o le fausaga ma faʻatonuga mo le faʻatinoina o le poloketi.

Vaega i luga ole laiga API e le lavelave, e aofia ai peni e 6:

• /ping - siaki avanoa;
• fa'atau mo le resitalaina, fa'atagaga, fa'ate'aina ma le mauaina o se tagata fa'atagaina;
• se au imeli e tu'u ai se galuega i le laina Seleri.

Vaega seleni e sili atu ona faigofie, e tasi lava le faafitauli send_mail_task.

I totonu o le faila /conf e lua subfolders:

• docker ma lua Dockerfiles (base.dockerfile e fausia se ata faavae seasea suia ma Dockerfile mo fono tetele);
• .env_files - faʻatasi ai ma faila faʻatasi ai ma fesuiaiga o siosiomaga mo siosiomaga eseese.

E fa faila faila i le a'a o le poloketi:

• docker-compose.local.db.yml ia si'i se fa'amaumauga fa'alotoifale mo atina'e;
• docker-compose.local.workers.yml mo le siitiaina o le tagata faigaluega, database, Redis ma RabbitMQ;
• docker-compose.test.yml e fa'atino su'ega i le taimi o le fa'atinoina;
• docker-compose.yml mo le fa'atulagaina.

Ma o le faila mulimuli matou te fiafia i ai - .ci-cd. O lo'o i ai fa'amatalaga atigi mo le fa'atinoina:

• deploy.sh - faʻalauiloaina o femalagaiga ma faʻapipiʻiina. Tamomoe i luga o le 'auʻaunaga pe a uma ona fausia ma faʻataʻitaʻiina suʻega i Github Actions;
• rollback.sh - toe fa'afo'i koneteina i le lomiga muamua o le fa'apotopotoga;
• curl_tg.sh - auina atu faʻasalalauga faʻasalalauga i Telegram.

pito i luma ile Angular

Faleteuoloa ma luma sili atu ona faigofie nai lo Beck. O le pito i luma e aofia ai itulau e tolu:

• Itulau autu ma se pepa mo le lafoina o imeli ma se faamau e alu ese ai.
• Itulau ulufale.
• Itulau resitala.

O le itulau autu e foliga faʻapitoa:

E lua faila i le aʻa Dockerfile и docker-compose.yml, faʻapea foʻi ma le faila masani .ci-cd fa'atasi ai ma ni fa'amaumauga e la'ititi nai lo le fa'amaumauga i tua (ave'esea fa'amaumauga mo su'ega fa'atino).

Amataina se poloketi i Plesk

Tatou amata i le setiina o Plesk ma fatuina se saofaga mo la tatou upega tafaʻilagi.

Fa'apipi'i fa'aopoopoga

I Plesk, matou te manaʻomia ni faʻaopoopoga se fa:

• Docker e pulea ma faʻaalia le tulaga o pusa i le Plesk admin panel;
• Git e fa'atulaga le laasaga fa'apipi'i i luga o le 'au'aunaga;
• Let's Encrypt fa'atupuina (ma fa'afou-autometi) tusi pasi TLS fua;
• Firewall e fa'atulaga le filiga o felauaiga o lo'o sau.

E mafai ona e faʻapipiʻiina i latou e ala i le Plesk admin panel i le vaega Extensions:

Matou te le mafaufau i faʻamatalaga auʻiliʻili mo faʻaopoopoga, o le faʻaogaina tulaga o le a faia mo matou faʻataʻitaʻiga.

Fausia se saofaga ma saite

O le isi, e manaʻomia le faia o se saofaga mo la matou upega tafaʻilagi helloworld.ru ma faʻaopoopo le dev.helloworld.ru subdomain iina.

1. Fausia se saofaga mo le helloworld.ru domain ma faʻamaonia le login-password mo le tagata faʻaoga faiga:

   
   Siaki le pusa i le pito i lalo o le itulau Saogalemu le itu i le Let's Encryptpe afai matou te mananaʻo e seti HTTPS mo le saite:

   

2. Le isi, i lenei saofaga, fatuina se subdomain dev.helloworld.ru (lea e mafai foi ona e tuʻuina atu se tusi faamaonia TLS e leai se totogi):

   

Fa'apipi'i vaega o le Server

E iai le matou 'au'aunaga ma OS Debian Fa'aloaloa 9.12 ma fa'apipi'i le vaega fa'atonutonu Plesk Obsidian 18.0.27.

Matou te manaʻomia faʻapipiʻi ma faʻapipiʻi mo la matou poloketi:

• PostgreSQL (i la matou tulaga, o le a tasi le 'auʻaunaga e lua faʻamaumauga mo dev ma prod siosiomaga).
• RabbitMQ (tutusa, faʻataʻitaʻiga tutusa ma vhosts eseese mo siosiomaga).
• Lua Redis faʻataʻitaʻiga (mo dev ma prod siosiomaga).
• Docker Registry (mo le teuina i le lotoifale o ata Docker ua fausia).
• UI mo Docker resitala.

PostgreSQL

Plesk ua uma ona sau ma PostgreSQL DBMS, ae le o le lomiga fou (i le taimi na tusia ai Plesk Obsidian lagolagoina Postgres versions 8.4–10.8). Matou te mananaʻo i le lomiga lata mai mo la matou talosaga (12.3 i le taimi o lenei tusitusiga), o lea matou te faʻapipiʻiina ma le lima.

Подробных инструкций по установке Postgres на Debian в сети полно (faataitaiga), o lea ou te le faʻamatalaina auʻiliʻili, o le a naʻo le tuʻuina atu o poloaiga:

wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'

sudo apt-get update
sudo apt-get install postgresql postgresql-contrib

Mafaufau i le PostgreSQL e sili atu le faʻaogaina o tulaga le lelei, e tatau ona faʻasaʻo le faʻatulagaga. O le a fesoasoani lea ia i tatou calculator: e te manaʻomia le taʻavale i totonu o lau 'auʻaunaga ma sui tulaga i le faila /etc/postgresql/12/main/postgresql.confia i latou na ofoina atu. E tatau ona maitauina iinei o ia calculators e le o se pulu faʻataulāitu, ma o le faavae e tatau ona sili atu ona saʻo, faʻavae i luga o au meafaigaluega, talosaga, ma le lavelave o fesili. Ae ua lava lea e amata ai.

I le faaopoopo atu i faatulagaga ua fuafuaina e le calculator, matou te suia foi i totonu postgresql.confle faʻaogaina o le port 5432 i le isi (i la matou faʻataʻitaʻiga - 53983).

A maeʻa ona suia le faila faila, toe amata le postgresql-server ma le faʻatonuga:

service postgresql restart

Ua matou faʻapipiʻiina ma faʻapipiʻi PostgreSQL. Se'i o tatou faia se fa'amaumauga, tagata fa'aoga mo atina'e ma fa'ata'atia-si'osi'omaga, ma tu'uina atu i tagata fa'aoga aia tatau e pulea ai le fa'amaumauga:

$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT

LapitiMQ

Перейдем к установке RabbitMQ — брокера сообщений для Celery. Ставится он на Debian достаточно просто:

wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb

sudo apt-get update
sudo apt-get install erlang erlang-nox

sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -

sudo apt-get update
sudo apt-get install rabbitmq-server

A maeʻa le faʻapipiʻiina, e tatau ona tatou fatuina vhosts, tagata fa'aoga ma tu'uina atu aiā tatau:

sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password 
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"

sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password 
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"

Redis

Ia tatou faʻapipiʻi ma faʻapipiʻi le vaega mulimuli mo la tatou talosaga - Redis. O le a faʻaaogaina e fai ma tua mo le teuina o taunuʻuga o galuega Seleri.

O le a matou siiina ni pusa Docker se lua ma Redis mo le atinaʻeina ma le faʻaogaina o siosiomaga e faʻaaoga ai le faʻaopoopoga Docker mo Plesk.

1. Matou te o atu i Plesk, alu i le Extensions vaega, vaavaai mo le Docker faʻaopoopoga ma faʻapipiʻi (matou te manaʻomia se kopi fua):

   

2. Alu i le faʻaopoopoga faʻapipiʻi, suʻe le ata e ala i le sailiga redis bitnami ma fa'apipi'i le lomiga fou:

   

3. Matou te o atu i totonu o le pusa na sii mai ma fetuutuunai le faʻatulagaga: faʻamaonia le taulaga, le maualuga o le RAM tuʻufaʻatasia, le upu faʻamaonia i suiga o le siosiomaga, ma faʻapipiʻi le voluma:

   

4. Matou te faia laʻasaga 2-3 mo le pusa faʻapipiʻi, i totonu o faʻatulagaga matou te suia ai na o faʻamaufaʻailoga: port, password, RAM tele ma le ala i le faila faila i luga o le server:

   

Docker Resitala

I le faʻaopoopoga i auaunaga faʻavae, e manaia le tuʻuina o lau lava fale teu oloa Docker i luga o le 'auʻaunaga. O le mea e lelei ai, ua taugofie le avanoa o le server (e mautinoa e sili atu le taugofie nai lo le DockerHub subscription), ma o le faagasologa o le faʻatulagaina o se fale teu oloa e matua faigofie lava.

Matou te fia maua:

• fale teu oloa Docker puipuia upu faataga e mafai ona maua i luga o se subdomain https://docker.helloworld.ru;
• UI mo le matamataina o ata i totonu o le fale teu oloa, avanoa ile https://docker-ui.helloworld.ru.

Le faia o lenei mea:

1. Sei o tatou faia ni subdomains se lua i Plesk i la tatou saofaga: docker.helloworld.ru ma docker-ui.helloworld.ru, ma fetuutuunai tusi Let's Encrypt mo i latou.
2. Fa'aopoopo le faila ile docker.helloworld.ru subdomain folder docker-compose.yml ma mea e pei o lenei:

   version: "3"
   
   services:
     docker-registry:
       image: "registry:2"
       restart: always
       ports:
         - "53985:5000"
       environment:
         REGISTRY_AUTH: htpasswd
         REGISTRY_AUTH_HTPASSWD_REALM: basic-realm
         REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd
         REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
       volumes:
         - ./.docker-registry.htpasswd:/auth/.htpasswd
         - ./data:/data
   
     docker-registry-ui:
       image: konradkleine/docker-registry-frontend:v2
       restart: always
       ports:
         - "53986:80"
       environment:
         VIRTUAL_HOST: '*, https://*'
         ENV_DOCKER_REGISTRY_HOST: 'docker-registry'
         ENV_DOCKER_REGISTRY_PORT: 5000
       links:
         - 'docker-registry'
   

3. I lalo o le SSH, matou te fa'atupuina le faila .htpasswd mo Fa'atagaga Autu i le fale teu oloa Docker:

   htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password

4. Aoina ma sii i luga pusa:

   docker-compose up -d

5. Ma e manaʻomia ona toe faʻafeiloaʻi Nginx i a matou koneteina. E mafai ona faia lenei mea e ala ile Plesk.

O laasaga nei e tatau ona faia mo le docker.helloworld.ru ma docker-ui.helloworld.ru subdomains:

o le fuaiupu Dev Mea alu i le matou saite Tulafono Fa'atonu Docker:

Ma fa'aopoopo se tulafono e sui ai felauaiga ulufale mai i la matou koneteina:

1. Matou te siakiina e mafai ona matou ulufale i totonu o la matou koneteina mai le masini i le lotoifale:

   $ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password
   WARNING! Using --password via the CLI is insecure. Use --password-stdin.
   Login Succeeded

2. Sei o tatou siaki foi le gaioiga o le docker-ui.helloworld.ru subdomain:

   
   A e kiliki ile Suʻesuʻe fale teu oloa, o le a faʻaalia e le browser se faʻamalama faʻatagaina e te manaʻomia e ulufale ai i le igoa ole igoa ma le upu faʻaulu mo le fale teu oloa. A maeʻa lena, o le a matou tuʻuina atu i se itulau ma se lisi o faleoloa (mo le taimi nei, o le a gaogao mo oe):

   

Tatala uafu i Plesk Firewall

A maeʻa ona faʻapipiʻi ma faʻapipiʻi vaega, matou te manaʻomia le tatalaina o ports ina ia mafai ona maua vaega mai pusa Docker ma le fesoʻotaʻiga i fafo.

Sei o tatou vaʻai pe faʻapefea ona fai lenei mea e faʻaaoga ai le faʻaopoopoga o le Firewall mo Plesk na matou faʻapipiʻiina muamua.

1. Alu i le Meafaigaluega & Fa'atonu > Fa'atonu > Pafi:
   
2. Alu i le Suia Plesk Firewall Tulafono > Fa'aopoopo Tulafono Fa'apitoa ma tatala ia TCP ports mo le Docker subnet (172.0.0.0 / 8):
   RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
   Toe fai: 32785, 32786

   

3. O le a matou faʻaopoopoina foi se tulafono e tatalaina ai PostgreSQL ports ma RabbitMQ pulega panels i le lalolagi i fafo:

   

4. Fa'aoga tulafono e fa'aaoga ai le Apply Changes button:

   

Seti CI/CD i Github Actions

Se'i o tatou i lalo i le vaega pito sili ona manaia - fa'atūina se paipa tu'ufa'atasi faifaipea ma tu'uina atu la tatou poloketi i le 'au'aunaga.

O lenei paipa e aofia ai vaega e lua:

• fausiaina o se ata ma suʻega suʻega (mo le pito i tua) - i le itu Github;
• fa'agasolo femalagaiga (mo le pito i tua) ma fa'apipi'i pusa - i luga o le 'au'aunaga.

Fa'asoa i Plesk

Sei o tatou taulimaina muamua le manatu lona lua (aua e faalagolago i ai le mea muamua).

O le a matou faʻatulagaina le faʻaogaina o le faʻaogaina o le faʻaopoopoga Git mo Plesk.

Mafaufau i se faʻataʻitaʻiga ma se siosiomaga Prod mo se fale teu oloa Backend.

1. Matou te o atu i le lesitala o la matou upega tafaʻilagi a Helloworld ma alu i le vaega o le Git:

   

2. Faʻapipiʻi se fesoʻotaʻiga i le matou Github repository i totonu o le "Remote Git repository" fanua ma sui le faila le lelei. httpdocs i le isi (eg. /httpdocs/hw_back):

   

3. Kopi le SSH Public key mai le laasaga muamua ma fa'aopoopo o loʻo i totonu o le Github settings.
4. Kiliki OK i luga o le lau i le laasaga 2, a maeʻa ona toe faʻafeiloaʻi i matou i le itulau teu oloa i Plesk. Ole taimi nei e manaʻomia le faʻatulagaina o le faleteuoloa e faʻafouina i luga o faʻatonuga i le paranesi matai. Ina ia faia lenei mea, alu i le Fa'atonuga Fa'amaumauga ma faasaoina le tau Webhook URL (o le a matou manaʻomia mulimuli ane pe a faʻatulagaina Github Actions):

   

5. I totonu o le Fa'asagaga fanua i luga o le lau mai le parakalafa muamua, ulufale i le tusitusiga e fa'alauiloa ai le fa'aogaina:

   cd {REPOSITORY_ABSOLUTE_PATH}
   .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID} 

   pe afai:

   {REPOSITORY_ABSOLUTE_PATH} - auala i le faʻailoga o le fale teu oloa pito i tua i luga o le 'auʻaunaga;
   {ENV} - siosiomaga (dev / prod), i la matou tulaga prod;
   {DOCKER_REGISTRY_HOST} - le 'au o le matou fale teu oloa
   {TG_BOT_TOKEN} - Telegram bot faailoga;
   {TG_CHAT_ID} - ID o le talatalanoaga / alalaupapa mo le auina atu o faʻamatalaga.

   Fa'ata'ita'iga o tusitusiga:

   cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/
   .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890

6. Faʻaopoopo se tagata faʻaoga mai la matou saofaga i le Docker group (ina ia mafai ona latou pulea pusa):

   sudo usermod -aG docker helloworld_admin

O le siosiomaga dev mo le fale teu oloa pito i tua ma le pito i luma o loʻo faʻatulagaina i le auala lava e tasi.

Fa'asoa paipa ile Github Actions

Sei o tatou agai i luma i le setiina o le vaega muamua o le matou CI/CD pipeline i Github Actions.

Backend

O le paipa o loʻo faʻamatalaina i deploy.yml faila.

Ae aʻo leʻi faʻavasegaina, seʻi o tatou faʻatumu le suiga lilo tatou te manaʻomia ile Github. Ina ia faia lenei mea, alu i le Fa'atonu -> Mea lilo:

• DOCKER_REGISTRY - le 'au o le matou fale teu oloa Docker (docker.helloworld.ru);
• DOCKER_LOGIN - saini i le fale teu oloa Docker;
• DOCKER_PASSWORD - upu faataga i ai;
• DEPLOY_HOST - talimalo i le mea e maua ai le Plesk admin panel (faʻataʻitaʻiga: talofaworld.com: 8443 poʻo 123.4.56.78:8443);
• DEPLOY_BACK_PROD_TOKEN - o se faʻailoga mo le faʻapipiʻiina i le faleoloa-faleoloa i luga o le 'auʻaunaga (na matou mauaina i le Deployment in Plesk p. 4);
• DEPLOY_BACK_DEV_TOKEN - faʻailoga mo le faʻapipiʻiina i le fale teu oloa i luga o le server.

Ole fa'agaioiga fa'apipi'i e faigofie ma e aofia ai ni laasaga autu se tolu:

• fausiaina ma lolomiina le ata i totonu o la matou fale teu oloa;
• su'ega su'ega i totonu o se atigipusa e fa'atatau i se ata fou na fausia;
• fa'apipi'i ile si'osi'omaga mana'omia e fa'atatau ile lala (dev/master).

Frontend

Le deploy.yml faila mo le fale teu oloa pito i luma e ese lava mai Beck. E leai se laʻasaga ma suʻega suʻega ma suia igoa o faʻailoga mo le faʻapipiʻiina. O mea lilo mo le fale teu oloa i luma, i le ala, e tatau ona faʻatumu ese.

Seti nofoaga

Faʻasalalau fefaʻatauaiga e ala i Nginx

Ia, ua tatou oo mai i le iuga. E tumau naʻo le faʻatulagaina o le sui o le ulufale mai ma le alu i fafo i la matou pusa e ala i Nginx. Ua uma ona matou ufiufi lenei faʻagasologa i le laasaga 5 o le seti Resitala Docker. O le mea lava e tasi e tatau ona toe fai mo le pito i tua ma pito i luma i totonu o siosiomaga dev ma prod.

O le a ou tuuina atu screenshots o tulaga.

Backend

Frontend

Fa'amalamalamaga taua. O URL uma o le a sui i le pusa pito i luma, sei vagana ai latou e amata i /api/ - o le a latou sui i le pusa pito i tua (so i totonu o le atigipusa pito i tua, e tatau ona amata uma tagata faʻatau /api/).

O taunuʻuga

Ole taimi nei e tatau ona maua la tatou saite ile helloworld.ru ma dev.helloworld.ru (prod- ma dev-environments, faasologa).

I le aotelega, na matou aʻoaʻoina pe faʻapefea ona saunia se talosaga faigofie i Flask ma Angular ma faʻatutuina se paipa i Github Actions e taʻavale ai i se server o loʻo faʻaogaina Plesk.

O le a ou faaluaina sootaga i fale teu oloa ma le code: pito i tua, pito i luma.

puna: www.habr.com