E leʻi leva talu ai na ou manaʻomia ai le tusiaina o ni tusi taʻavale Ansible e saunia ai le 'auʻaunaga mo le faʻaogaina o se talosaga Rails. Ma, o le mea e ofo ai, ou te lei mauaina se tusi lesona faigofie i lea laasaga ma lea laasaga. Ou te leʻi manaʻo e kopi le tusi taʻavale a se isi tagata e aunoa ma le malamalama i le mea o loʻo tupu, ma i le faaiuga e tatau ona ou faitau i faʻamaumauga, aoina mea uma lava. Masalo e mafai ona ou fesoasoani i se tasi e faatelevaveina lenei faagasologa i le fesoasoani a lenei tusiga.
O le mea muamua e te malamalama i ai o le ansible e tuʻuina atu ia te oe se fesoʻotaʻiga talafeagai e faʻatino ai se lisi faʻatulagaina o gaioiga i luga o se server mamao (s) e ala i le SSH. E leai se togafiti fa'ataulāitu, e le mafai ona e fa'apipi'i se mea fa'apipi'i ma maua se fa'ato'aga e leai se taimi e tu'uina atu ai lau talosaga fa'atasi ma le docker, mata'ituina ma isi mea lelei mai le pusa. Ina ia tusia se tusi taʻaloga, e tatau ona e iloa le mea tonu e te manaʻo e fai ma pe faʻapefea ona fai. O le mafuaaga lena ou te le faamalieina ai i tusi taʻaloga saunia mai GitHub, poʻo tala e pei o: "Kopi ma tamoe, o le a aoga."
O a mea tatou te manaʻomia?
E pei ona ou fai atu, ina ia mafai ona tusia se tusi taʻalo e tatau ona e iloa le mea e te manaʻo e fai ma pe faʻapefea ona fai. Sei o tatou filifili po o le a le mea tatou te manaomia. Mo se talosaga Rails matou te manaʻomia ni pusa faʻapipiʻi: nginx, postgresql (redis, ma isi). E le gata i lea, matou te manaʻomia se faʻamatalaga patino o le ruby. E sili ona fa'apipi'i e ala i le rbenv (rvm, asdf...). O le faʻaaogaina o nei mea uma o se tagata faʻaoga aʻa e masani lava o se manatu leaga, o lea e tatau ai ona e fatuina se isi tagata faʻaoga ma faʻapipiʻi ana aia tatau. A maeʻa lenei mea, e tatau ona e tuʻuina atu la matou code i le 'auʻaunaga, kopi le configs mo nginx, postgres, ma isi ma amata uma nei auaunaga.
O le i'uga, o le fa'asologa o gaioiga e fa'apea:
- Ulufale e pei ole a'a
- fa'apipi'i pusa faiga
- fatuina se tagata fou, faʻatulagaina aia tatau, ssh key
- faʻapipiʻi pusa polokalama (nginx ma isi) ma faʻatautaia
- Matou te fatuina se tagata faʻaoga i totonu o le database (e mafai ona e faia vave se database)
- Ulufale o se tagata fou
- Faʻapipiʻi le rbenv ma le ruby
- Fa'apipi'i le fusi
- Tu'u i luga ole numera ole talosaga
- Tatalaina le Puma server
E le gata i lea, o laʻasaga mulimuli e mafai ona faia e faʻaaoga ai le capistrano, a itiiti ifo mai le atigipusa e mafai ona kopiina le code i faʻasalalauga faʻasalalau, fesuiaʻi le faʻamalolo ma se symlink i luga o le faʻaogaina manuia, kopi configs mai se lisi faʻasoa, toe amata puma, ma isi. O nei mea uma e mafai ona faia e faʻaaoga ai le Ansible, ae aisea?
Faiga faila
Ansible e fa'amaoni mo au faila uma, o lea e sili ai le teuina uma i se lisi e ese mai. E le gata i lea, e le taua tele pe o le a i totonu o le faʻaogaina o nofoaafi lava ia, pe vavae ese. E mafai ona e teuina faila i se isi faleoloa git. I le tagata lava ia, na ou iloa e sili atu ona faigofie le fatuina o se lisi e mafai ona maua i totonu o le / config directory o le faʻaaogaina o nofoaafi ma teu mea uma i totonu o le fale e tasi.
Tusita'alo Faigofie
Playbook o se faila yml lea, e faʻaaoga ai le syntax faʻapitoa, faʻamatalaina mea e tatau ona fai e Ansible ma pe faʻafefea. Sei o tatou faia le tusita'alo muamua e leai se mea e fai:
---
- name: Simple playbook
hosts: allO lea ua na ona tatou faapea atu ua ta'ua le tatou tusi ta'alo Simple Playbook ma o mea o i ai e tatau ona faia mo au uma. E mafai ona matou teuina i totonu / ansible directory ma le igoa playbook.yml ma taumafai e tamoe:
ansible-playbook ./playbook.yml
PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matchedFai mai Ansible na te le iloa ni 'au e fetaui ma lisi uma. E tatau ona lisiina i se tulaga faapitoa .
Se'i o tatou fatuina i totonu o le lisi lava lea e tasi:
123.123.123.123O le auala lea matou te faʻamaonia ai le talimalo (sili ona lelei le talimalo a matou VPS mo suʻega, pe mafai ona e lesitala localhost) ma faʻasaoina i lalo o le igoa inventory.
E mafai ona e taumafai e tamo'e ansible i se faila fa'amaumauga:
ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************
PLAY RECAP ************************************************************************************************************************************Afai e iai sau avanoa ssh i le talimalo faʻapitoa, ona faʻafesoʻotaʻi lea e ansible ma aoina faʻamatalaga e uiga i le mamao mamao. (Tagata fa'agaoioiga [Fa'apotopoto Fa'amatalaga]) a mae'a ona tu'uina atu lea o se lipoti pu'upu'u ile fa'atinoga (PLAY RECAP).
E ala i le le mafai, o le fesoʻotaʻiga e faʻaogaina le igoa ole igoa o loʻo e ulufale ai i totonu o le polokalama. E foliga mai o le a le i luga o le talimalo. I le faila faila, e mafai ona e faʻamaonia po o ai tagata e faʻaoga e faʻaoga e faʻaoga ai le remote_user directive. E le gata i lea, o faʻamatalaga e uiga i se masini mamao atonu e masani ona le manaʻomia mo oe ma e le tatau ona e faʻaumatia le taimi e aoina ai. E mafai fo'i ona fa'agata lenei galuega:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: noToe taumafai e fa'agasolo le tusita'alo ma ia mautinoa o lo'o galue le feso'ota'iga. (Afai e te faʻamaonia le aʻa faʻaoga, e tatau foi ona e faʻamaonia le avea: faʻatonuga moni ina ia maua ai aia tatau. E pei ona tusia i totonu o faʻamaumauga: become set to ‘true’/’yes’ to activate privilege escalation. e ui lava e le o manino atoatoa pe aisea).
Masalo o le ae mauaina se mea sese e mafua mai i le mea moni e le mafai e ansible ona iloa le faʻaliliuga Python, ona mafai lea ona e faʻamaonia ma le lima:
ansible_python_interpreter: /usr/bin/python3 E mafai ona e suʻeina le mea e iai sau python ma le faʻatonuga whereis python.
Fa'apipi'i pusa faiga
O le tufatufaina masani a Ansible e aofia ai le tele o modules mo le galulue faatasi ma pusa faiga eseese, o lea matou te le tau tusia ai ni tusitusiga bash mo soʻo se mafuaʻaga. Lenei matou te manaʻomia se tasi o nei modules e faʻafou ai le faiga ma faʻapipiʻi pusa polokalama. O loʻo ia te aʻu le Ubuntu Linux i laʻu VPS, ina ia faʻapipiʻi afifi ou te faʻaaogaina apt-get и . Afai o loʻo e faʻaaogaina se isi faiga faʻaogaina, atonu e te manaʻomia se isi module (manatua, na ou fai atu i le amataga e tatau ona tatou iloa muamua le mea ma le auala tatou te faia). Ae ui i lea, o le syntax o le a foliga tutusa.
Sei o tatou faaopoopo i la tatou tusitaalo i galuega muamua:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: presentO le galuega o le galuega tonu lea o le a faia e Ansible i luga o sapalai mamao. Matou te tuʻuina atu le galuega i se igoa ina ia mafai ona matou vaʻaia lona faʻatinoga i totonu o le ogalaau. Ma matou faʻamatalaina, faʻaaogaina le syntax o se module faʻapitoa, mea e manaʻomia ona fai. I lenei tulaga apt: update_cache=yes - fai mai e faʻafou pusa polokalama e faʻaaoga ai le apt module. O le poloaiga lona lua e fai si lavelave. Matou te pasi se lisi o afifi i le apt module ma fai mai o latou state e tatau ona avea present, o lona uiga, matou te fai atu faʻapipiʻi nei afifi. I se auala talitutusa, e mafai ona tatou taʻu atu ia i latou e tape, pe faʻafouina i latou i le na o le suia state. Faamolemole ia matau, mo nofoaafi e galulue ma postgresql matou te manaʻomia le postgresql-contrib package, lea matou te faʻapipiʻi nei. Ma toe, e tatau ona e iloa ma faia lenei mea;
Taumafai e toe fa'asolo le tusita'alo ma siaki po'o fa'apipi'i afifi.
Fausia tagata fa'aoga fou.
Ina ia galulue ma tagata fa'aoga, e iai fo'i le module - user a le Ansible. Seʻi o tatou faʻaopoopoina se isi galuega (Na ou natia vaega ua uma ona iloa o le tusi taʻavale i tua o faʻamatalaga ina ia aua neʻi kopiina atoa i taimi uma):
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: my_user
shell: /bin/bash
password: "{{ 123qweasd | password_hash('sha512') }}"Matou te fatuina se tagata fou, seti se schell ma upu faʻaulu mo ia. Ona tatou fetaia'i lea i ni nai faafitauli. Ae fa'afefea pe a mana'omia le ese'ese o igoa ole igoa mo 'au eseese? Ma o le teuina o le upu faataga i tusitusiga manino i totonu o le playbook o se manatu leaga tele. I le amataga, seʻi o tatou tuʻu le igoa ole igoa ma le upega tafaʻilagi i ni fesuiaiga, ma agai atu i le faaiuga o le tusiga o le a ou faʻaali atu le auala e faʻapipiʻi ai le upu faʻamaonia.
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"E fa'apipi'i suiga i tusi ta'aloga e fa'aogaina ai fa'a'au fa'a'umi lua.
O le a matou faʻaalia tau o fesuiaiga i le faila o suʻesuʻega:
123.123.123.123
[all:vars]
user=my_user
user_password=123qweasdFaamolemole matau le faatonuga [all:vars] - o loʻo fai mai o le isi poloka o tusitusiga e fesuisuiaʻi (vars) ma e faʻatatau i 'au uma (uma).
E manaia foi le mamanu "{{ user_password | password_hash('sha512') }}". O le mea e le mafai e ansible ona faʻapipiʻi le tagata faʻaoga e ala i user_add pei e te faia ma le lima. Ma e faʻasaoina saʻo uma faʻamatalaga, o le mea lea e tatau ai ona tatou faʻaliliuina le upu faʻaulu i totonu o se hash muamua, o le mea lea e fai e lenei poloaiga.
Sei o tatou faʻaopoopo le matou tagata faʻaoga i le vaega sudo. Ae ui i lea, aʻo leʻi faia lenei mea e manaʻomia ona tatou mautinoa o loʻo i ai sea vaega aua e leai se tasi na te faia lenei mea mo i tatou:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"E faigofie lava mea uma, o loʻo i ai foi a matou vaega vaega mo le fatuina o vaega, faʻatasi ai ma se syntax e tutusa lelei ma apt. Ona lava lea e lesitala lenei vaega i le tagata faʻaoga (groups: "sudo").
E aoga foi le faʻaopoopoina o se ssh ki i lenei tagata faʻaoga ina ia mafai ai ona matou ulufale i totonu e faʻaaoga e aunoa ma se faʻaupuga:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentI lenei tulaga, o le mamanu e manaia "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - e kopiina mea o loʻo i totonu o le faila id_rsa.pub (atonu e ese lou igoa), o lona uiga, o le vaega lautele o le ki ssh ma tuʻuina atu i le lisi o ki faʻatagaina mo le tagata faʻaoga i luga o le server.
Matafaioi
O galuega uma e tolu mo le faʻaaogaina e mafai ona faigofie ona faʻavasegaina i se tasi vaega o galuega, ma o se manatu lelei le teuina o lenei vaega e ese mai le tusi taʻaloga autu ina ia le tupu tele. Mo lenei fa'amoemoe, ua iai le Ansible .
E tusa ai ma le faʻatulagaina o faila o loʻo faʻaalia i le amataga, e tatau ona tuʻu matafaioi i se lisi o matafaioi eseese, mo matafaioi taʻitasi o loʻo i ai se lisi eseese ma le igoa tutusa, i totonu o galuega, faila, faʻataʻitaʻiga, ma isi faʻatonuga.
Sei o tatou faia se fausaga faila: ./ansible/roles/user/tasks/main.yml (autu o le faila autu lea o le a utaina ma faʻatinoina pe a fesoʻotaʻi se matafaioi i le tusi taʻavale; isi faila faila e mafai ona fesoʻotaʻi i ai). Ole taimi nei e mafai ona e faʻafeiloaʻi galuega uma e fesoʻotaʻi ma le tagata faʻaoga i lenei faila:
# Create user and add him to groups
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentI totonu o le tusi taʻaloga autu, e tatau ona e faʻamaonia e faʻaaoga le matafaioi a le tagata faʻaoga:
---
- name: Simple playbook
hosts: all
remote_user: root
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: present
roles:
- userE le gata i lea, atonu e talafeagai le faʻafouina o le faiga aʻo leʻi faia isi galuega uma, e mafai ona e toe faʻaigoaina le poloka; tasks lea e faauigaina ai i latou pre_tasks.
Faʻatulagaina nginx
E tatau ona faʻapipiʻi Nginx; matou te manaʻomia le faʻatulagaina ma faʻatautaia. Tatou fai loa i le matafaioi. Sei o tatou faia se fausaga faila:
- ansible
- roles
- nginx
- files
- tasks
- main.yml
- templatesO lea matou te manaʻomia faila ma faʻataʻitaʻiga. O le eseesega i le va oi latou e mafai ona kopi saʻo faila, pei o. Ma o faʻataʻitaʻiga e tatau ona i ai le faʻaopoopoga o le j2 ma e mafai ona latou faʻaogaina tau fesuiaʻi e faʻaaoga ai faʻamau faʻalua tutusa.
Sei o tatou faʻatagaina le nginx i totonu main.yml faila. Mo lenei mea ua i ai a matou systemd module:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yesO iinei e le gata ina matou fai atu e tatau ona amata le nginx (o lona uiga, matou te faʻalauiloaina), ae matou vave fai atu e tatau ona mafai.
Sei o tatou kopi le faila o le faatulagaga:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'Matou te fatuina le faila faila o le nginx autu (e mafai ona e ave saʻo mai le 'auʻaunaga, pe tusi oe lava). Ma faʻapea foʻi le faila faʻatulagaina mo la matou talosaga i le sites_available directory (e le manaʻomia ae aoga). I le tulaga muamua, matou te faʻaogaina le kopi kopi e kopi ai faila (e tatau ona i totonu le faila /ansible/roles/nginx/files/nginx.conf). I le lona lua, matou te kopiina le faʻataʻitaʻiga, sui i tau o fesuiaiga. O le mamanu e tatau ona i totonu /ansible/roles/nginx/templates/my_app.j2). Ma atonu e foliga pei o lenei:
upstream {{ app_name }} {
server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name {{ server_name }} {{ inventory_hostname }};
root {{ app_path }}/current/public;
try_files $uri/index.html $uri.html $uri @{{ app_name }};
....
}Fa'alogo lelei i mea fa'aofi {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} - o fesuiaiga uma nei o latou tau o le Ansible o le a sui i totonu o le mamanu aʻo leʻi kopiina. E aoga lea pe afai e te fa'aogaina se tusi ta'alo mo vaega eseese o 'au. Mo se faʻataʻitaʻiga, e mafai ona matou faʻaopoopoina a matou faila faʻamaumauga:
[production]
123.123.123.123
[staging]
231.231.231.231
[all:vars]
user=my_user
user_password=123qweasd
[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app
[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_appAfai tatou te faʻalauiloa nei la tatou tusi taʻaloga, o le a faʻatinoina galuega faʻapitoa mo 'au uma e lua. Ae i le taimi lava e tasi, mo se talimalo talimalo, o le a ese le fesuiaiga mai le gaosiga, ma e le gata i matafaioi ma tusi taʻaloga, ae faʻapea foi i le nginx configs. {{ inventory_hostname }} e le manaʻomia ona faʻamaonia i le faila o suʻesuʻega - lea ma o le fale talimalo o loʻo faʻaogaina nei le tusi taʻavale o loʻo teuina iina.
Afai e te manaʻo e fai se faila faila mo le tele o 'au, ae naʻo le taʻavale mo le tasi vaega, e mafai ona faia i le poloaiga lenei:
ansible-playbook -i inventory ./playbook.yml -l "staging"O le isi filifiliga o le tu'u ese'ese o faila su'esu'e mo vaega eseese. Pe e mafai foʻi ona tuʻufaʻatasia auala e lua pe afai e tele au talimalo eseese.
Tatou toe foʻi i le setiina o le nginx. A mae'a ona kopi faila fa'atulagaina, e mana'omia ona matou faia se symlink i sitest_enabled i my_app.conf mai sites_available. Ma toe amata le nginx.
... # old code in mail.yml
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restartedE faigofie mea uma iinei - toe faʻaogaina modules ma se syntax masani masani. Ae e tasi lava le itu. E leai se mea e toe amata ai le nginx i taimi uma. Ua e matauina matou te le tusia ni poloaiga e pei o: "faia lenei mea", o le syntax e foliga mai "e tatau ona i ai lenei setete". Ma o le tele o taimi o le auala tonu lea e galue ai le ansible. Afai o loʻo i ai le vaega, pe ua uma ona faʻapipiʻi le pusa faʻapipiʻi, ona siaki lea e ansible ma faʻamalo le galuega. E le gata i lea, o faila o le a le kopiina pe afai latou te fetaui lelei ma mea ua uma ona i luga o le server. E mafai ona tatou faʻaogaina lenei mea ma toe amata le nginx pe a fai ua suia faila faila. O loʻo i ai se faʻatonuga resitala mo lenei:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
register: restart_nginx
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'
register: restart_nginx
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restarted
when: restart_nginx.changedAfai e suia se tasi o faila faila, o le a faia se kopi ma o le a resitalaina le fesuiaiga restart_nginx. Ma se'i vagana ua uma ona resitaraina lenei fesuiaiga o le a toe amataina le auaunaga.
Ma, ioe, e te manaʻomia le faʻaopoopoina o le nginx matafaioi i le tusi taʻaloga autu.
Faʻatulagaina postgresql
Matou te manaʻomia le faʻaogaina o le postgresql i le faʻaogaina o le systemd i le auala lava e tasi e pei ona matou faia i le nginx, ma faia foi se tagata faʻaoga o le a matou faʻaogaina e maua ai le database ma le database lava ia.
Tatou faia se matafaioi /ansible/roles/postgresql/tasks/main.yml:
# Create user in postgresql
- name: enable postgresql and start
systemd:
name: postgresql
state: started
enabled: yes
- name: Create database user
become_user: postgres
postgresql_user:
name: "{{ db_user }}"
password: "{{ db_password }}"
role_attr_flags: SUPERUSER
- name: Create database
become_user: postgres
postgresql_db:
name: "{{ db_name }}"
encoding: UTF-8
owner: "{{ db_user }}"O le a ou le faʻamatalaina pe faʻafefea ona faʻaopoopo suiga i le suʻesuʻega, ua uma ona faia lenei mea i le tele o taimi, faʻapea foʻi ma le syntax o le postgresql_db ma postgresql_user modules. E mafai ona maua nisi fa'amatalaga i totonu o fa'amaumauga. O le faatonuga sili ona manaia iinei become_user: postgres. O le mea moni o le le mafai, naʻo le tagata faʻaoga postgres e mafai ona maua i le postgresql database ma naʻo le lotoifale. O lenei faʻatonuga e faʻatagaina ai i matou e faʻatino poloaiga e fai ma sui o lenei tagata faʻaoga (pe a matou maua, ioe).
E le gata i lea, atonu e te manaʻomia le faʻaopoopoina o se laina i le pg_hba.conf e faʻataga ai se tagata fou e ulufale i le database. E mafai ona faia lenei mea i le auala lava e tasi e pei ona matou suia le nginx config.
Ma o le mea moni, e te manaʻomia le faʻaopoopoina o le postgresql matafaioi i le tusi taʻaloga autu.
Faʻapipiʻi ruby e ala i le rbenv
Ansible e leai ni faʻaoga mo le galue ma rbenv, ae faʻapipiʻi e ala i le faʻapipiʻiina o se git repository. O le mea lea, o lenei faʻafitauli e sili ona le masani ai. Tatou faia se matafaioi mo ia /ansible/roles/ruby_rbenv/main.yml ma amata ona faatumu:
# Install rbenv and ruby
- name: Install rbenv
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenvMatou te toe faʻaaogaina le avea ma faʻatonuga e galue ai i lalo o le tagata faʻaoga na matou fatuina mo nei faʻamoemoega. Talu ai o le rbenv o loʻo faʻapipiʻiina i lona faletusi, ae le o le lalolagi atoa. Ma matou te faʻaogaina foi le git module e faʻapipiʻi ai le fale teu oloa, faʻamaonia le repo ma le dest.
Le isi, matou te manaʻomia le resitalaina o rbenv init i le bashrc ma faʻaopoopo le rbenv i le PATH iina. Mo lenei mea o loʻo ia i matou le lainainfile module:
- name: Add rbenv to PATH
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'
- name: Add rbenv init to bashrc
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'eval "$(rbenv init -)"'Ona e manaʻomia lea ona faʻapipiʻi ruby_build:
- name: Install ruby-build
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-buildMa mulimuli ane faʻapipiʻi le ruby. E faia lenei mea e ala i le rbenv, o lona uiga, naʻo le poloaiga bash:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
rbenv install {{ ruby_version }}
args:
executable: /bin/bashMatou te fai atu po o le a le poloaiga e faatino ma le a. Ae ui i lea, o iinei tatou te maua ai le mea moni e le mafai e le ansible ona faʻaogaina le code o loʻo i totonu o le bashrc aʻo leʻi faʻatonuina poloaiga. O lona uiga o le rbenv e tatau ona faʻamalamalamaina saʻo i le tusitusiga lava e tasi.
O le isi faʻafitauli e mafua mai i le mea moni o le shell command e leai se setete mai se vaaiga faʻapitoa. O lona uiga, o le a leai se siaki otometi pe faʻapipiʻi lenei version of ruby pe leai. E mafai ona tatou faia i tatou lava:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
if ! rbenv versions | grep -q {{ ruby_version }}
then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
fi
args:
executable: /bin/bashPau lava le mea o loʻo totoe o le faʻapipiʻiina lea o le bundler:
- name: Install bundler
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
gem install bundlerMa le isi, fa'aopoopo la matou matafaioi ruby_rbenv i le tusi ta'aloga autu.
Fa'asoa faila.
I se tulaga lautele, o le seti e mafai ona maeʻa iinei. Ma le isi, o mea uma o loʻo totoe o le taʻavale capistrano ma o le a kopiina le code lava ia, fatuina faʻamaumauga talafeagai ma faʻalauiloa le talosaga (pe a saʻo mea uma). Ae ui i lea, e masani ona manaʻomia e le capistrano isi faila faʻaopoopo, pei ole database.yml poʻo .env E mafai ona kopiina pei o faila ma faʻataʻitaʻiga mo nginx. E tasi lava le poto. Aʻo leʻi kopiina faila, e tatau ona e fatuina se fausaga faʻatonu mo latou, e pei o lenei:
# Copy shared files for deploy
- name: Ensure shared dir
become_user: "{{ user }}"
file:
path: "{{ app_path }}/shared/config"
state: directorymatou te faʻamaonia naʻo le tasi le lisi ma o le a otometi lava ona fatuina matua pe a manaʻomia.
Ansible Vault
Ua uma ona matou oʻo i le mea moni e mafai e fesuiaiga ona aofia ai faʻamatalaga faalilolilo e pei o le password a le tagata faʻaoga. Afai na e fatuina .env faila mo le talosaga, ma database.yml e tatau la ona i ai nisi fa'amatalaga taua. E lelei pe a natia i latou mai le va'ai mata. Mo lenei faʻamoemoe e faʻaaogaina .
Tatou fai se faila mo fesuiaiga /ansible/vars/all.yml (iinei e mafai ona e fatuina faila eseese mo vaega eseese o 'au, e pei lava o le faila faila: production.yml, staging.yml, ma isi).
O fesuiaiga uma e tatau ona faʻailoga e tatau ona faʻafeiloaʻi i lenei faila e faʻaaoga ai le yml syntax masani:
# System vars
user_password: 123qweasd
db_password: 123qweasd
# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_baseA maeʻa ona mafai ona faʻailogaina lenei faila i le poloaiga:
ansible-vault encrypt ./vars/all.ymlE masani lava, pe a faʻailoga, e te manaʻomia le setiina o se faʻaupuga mo le decryption. E mafai ona e vaʻai i mea o le a i totonu o le faila pe a uma ona valaʻau lenei poloaiga.
Faatasi ai ma le fesoasoani a ansible-vault decrypt e mafai ona decrypted le faila, suia ma toe faʻailoga.
E te le mana'omia le decrypted o le faila e galue ai. E te teuina faʻailoga ma faʻatautaia le tusi taʻavale ma le finauga --ask-vault-pass. O le a fesiligia e Ansible le upu fa'aulu, toe aumai suiga, ma fa'atino galuega. O fa'amatalaga uma o le a tumau fa'ailoga.
O le faʻatonuga atoa mo le tele o vaega o 'au ma vault e mafai ona foliga faʻapea:
ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-passAe ou te le tuuina atu ia te oe le tusiga atoa o tusi taʻaloga ma matafaioi, tusi oe lava ia. Aua o le ansible e faapena - afai e te le malamalama i mea e tatau ona fai, o lona uiga o le a le faia mo oe.
puna: www.habr.com