Muchikamu chino, ini ndichagovera ruzivo rwangu rwekugadzirisa CI / CD uchishandisa Plesk Control Panel uye Github Actions. Nhasi tichadzidza nzira yekuendesa purojekiti iri nyore ine zita risina kuoma "Helloworld". Izvo zvakanyorwa muFlask Python framework, ine Celery vashandi uye Angular 8 kumberi.
Links kune repositories:
Muchikamu chekutanga chenyaya, tichatarisa chirongwa chedu nezvikamu zvaro. Mune yechipiri, isu tichaona nzira yekumisikidza Plesk uye nekuisa inodiwa ekuwedzera uye zvikamu (DB, RabbitMQ, Redis, Docker, nezvimwewo).
Muchikamu chechitatu, isu tichazopedzisira taona nzira yekumisikidza pombi yekuendesa purojekiti yedu kune server munzvimbo ye dev uye prod. Uye ipapo isu tichavhura saiti pane server.
Uye hongu, ndakanganwa kuzvisuma. Zita rangu ndinonzi Oleg Borzov, ndiri mugadziri akazara muCRM timu yemamaneja emba yemba kuDomclick.
Kuongorora kweprojekiti
Chekutanga, ngatitarisei maviri epurojekiti repositori - backend uye kumberi - uye tiende pamusoro pekodhi.
Kumashure: Flask + Celery
Kune chikamu chekumashure, ndakatora boka rinonyanya kufarirwa pakati pevagadziri vePython: iyo Flask framework (yeAPI) uye Celery (yemutsetse webasa). SQLAchemy inoshandiswa seORM. Alembic inoshandiswa pakutama. Yekusimbiswa kweJSON mumabati - Marshmallow.
Π
/ping
- kutarisa kuwanikwa;- inobata kunyoresa, mvumo, kubvisa-mvumo uye kuwana mushandisi ane mvumo;
- email mubato unoisa basa muCelery mutsara.
send_mail_task
.
Mune folda
docker
nemaDockerfiles maviri (base.dockerfile
kugadzira mufananidzo usingawanzo chinja uyeDockerfile
kumagungano makuru);.env_files
- ine mafaera ane nharaunda zvinosiyana kune akasiyana nharaunda.
Kune mana docker-nyora mafaera pamudzi weprojekiti:
docker-compose.local.db.yml
kusimudza dhatabhesi yenzvimbo yekusimudzira;docker-compose.local.workers.yml
yekusimudza kwemusha kwemushandi, dhatabhesi, Redis uye RabbitMQ;docker-compose.test.yml
kumhanyisa bvunzo panguva yekutumirwa;docker-compose.yml
yekutumirwa.
Uye iyo yekupedzisira folda yatiri kufarira -
deploy.sh
- kutanga kwekutama uye kutumira. Inomhanya pane sevha mushure mekuvaka uye kumhanya bvunzo muGithub Zviito;rollback.sh
- kudzoreredzwa kwemidziyo kune yakapfuura vhezheni yegungano;curl_tg.sh
- kutumira zviziviso zvekutumira kuTeregiramu.
Frontend paAngular
- Peji huru ine fomu rekutumira email uye bhatani rekubuda.
- Login peji.
- Registration peji.
Peji huru inoratidzika seyakanaka:
Pane mafaira maviri pamudzi Dockerfile
ΠΈ docker-compose.yml
, pamwe chete nefodhi yaizivikanwa .ci-cd
ine zvinyorwa zvishoma zvishoma pane zviri kumashure repository (akabviswa zvinyorwa zvekumhanya bvunzo).
Kutanga chirongwa muPlesk
Ngatitange nekumisikidza Plesk uye kugadzira kunyoreswa kwesaiti yedu.
Kuisa maedzero
MuPlesk, tinoda mana ekuwedzera:
Docker
kubata uye nekuona chimiro chemidziyo muPlesk admin panel;Git
kugadzirisa danho rekutumira pane server;Let's Encrypt
kugadzira (uye otomatiki-kuvandudza) emahara TLS zvitupa;Firewall
kugadzirisa kusefa kweinouya traffic.
Unogona kuvamisa kuburikidza nePlesk admin panhizha muchikamu cheExtensions:
Isu hatizotarise iyo yakadzama marongero ekuwedzera, iyo yakasarudzika marongero achaita nekuda kwedu demo zvinangwa.
Gadzira kunyoreswa uye saiti
Tevere, tinoda kugadzira kunyoreswa kune yedu helloworld.ru webhusaiti uye kuwedzera iyo dev.helloworld.ru subdomain ipapo.
- Gadzira kunyoreswa kweiyo helloworld.ru domain uye tsanangura iyo login-password yemushandisi wesystem:
Tarisa bhokisi riri pazasi pepeji Chengetedza iyo domain neLet Encryptkana tichida kuseta HTTPS yesaiti: - Tevere, mukunyoreswa uku, gadzira subdomain dev.helloworld.ru (yaunogona zvakare kuburitsa chemahara TLS chitupa):
Kuisa Server Zvikamu
Tine server ne OS Debian Stretch 9.12 uye yakaiswa control panel Plesk Obsidian 18.0.27.
Isu tinofanirwa kuisa uye kugadzirisa purojekiti yedu:
- PostgreSQL (munyaya yedu, pachave nesevha imwe ine dhatabhesi mbiri dzedev uye prod nharaunda).
- RabbitMQ (yakafanana, yakafanana, yakafanana nemavhosts akasiyana enzvimbo).
- Maitiro maviri eRedis (ye dev uye prod nharaunda).
- Docker Registry (yenzvimbo yekuchengetedza yeDocker mifananidzo yakavakirwa).
- UI yeDocker registry.
PostgreSQL
Plesk yatouya nePostgreSQL DBMS, asi kwete iyo yazvino vhezheni (panguva yekunyora Plesk Obsidian
Pane yakawanda yakadzama mirairo yekuisa Postgres paDebian pamambure (
wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sudo apt-get update
sudo apt-get install postgresql postgresql-contrib
Tichifunga kuti PostgreSQL ine zvimiro zvemediocre default zvigadziriso, zvinodikanwa kugadzirisa kurongeka. Izvi zvichatibatsira /etc/postgresql/12/main/postgresql.conf
kune avo vakapiwa. Izvo zvinofanirwa kucherechedzwa pano kuti macalculator akadaro haasi mashiripiti bara, uye hwaro hunofanirwa kurongeka zvakanyatsonaka, zvichibva pane yako Hardware, application, uye kuoma kwemubvunzo. Asi izvi zvakakwana kuti utange.
Pamusoro pezvirongwa zvinotsanangurwa nekarukureta, isu tinochinjawo mukati postgresql.conf
iyo default port 5432 kune imwe (mumuenzaniso wedu - 53983).
Mushure mekushandura faira yekumisikidza, tangazve postgresql-server nemurairo:
service postgresql restart
Isu takaisa uye takagadzirisa PostgreSQL. Zvino ngatigadzire dhatabhesi, vashandisi ve dev- uye prod-zvakatipoteredza, uye tipe vashandisi kodzero dzekutonga dhatabhesi:
$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT
TsuroMQ
Ngatienderere mberi nekuisa RabbitMQ, meseji broker yeCelery. Kuiisa paDebian kuri nyore:
wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb
sudo apt-get update
sudo apt-get install erlang erlang-nox
sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install rabbitmq-server
Mushure mekuisa, isu tinofanirwa kugadzira vhosts, vashandisi uye kupa kodzero dzinodiwa:
sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"
sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"
Redis
Zvino ngatiise uye tigadzirise chikamu chekupedzisira chekushandisa kwedu - Redis. Ichashandiswa senge backend yekuchengetedza mhedzisiro yeCelery mabasa.
Tichasimudza midziyo miviri yeDocker ine Redis yedev uye prod nharaunda tichishandisa kuwedzera Docker
zvePlesk.
- Isu tinoenda kuPlesk, enda kuchikamu cheExtensions, tsvaga iyo Docker yekuwedzera uye kuimisa (tinoda yemahara vhezheni):
- Enda kune yakasimwa yekuwedzera, tsvaga mufananidzo kuburikidza nekutsvaga
redis bitnami
uye isa yazvino vhezheni: - Isu tinopinda mumudziyo wakadhawunirodherwa uye gadzirisa zvigadziriso: tsanangura chiteshi, iyo yakakura yakagoverwa RAM saizi, password iri munzvimbo inosiyana, uye kukwidza vhoriyamu:
- Isu tinoita nhanho 2-3 yemudziyo weprod, mune zvigadziriso isu tinongoshandura ma paramita: port, password, RAM saizi uye nzira yevhoriyamu dhairekitori pane server:
Docker Registry
Pamusoro pemasevhisi ekutanga, zvingave zvakanaka kuisa yako Docker mufananidzo repository pane server. Neraki, sevha nzvimbo ikozvino yakachipa (zvechokwadi yakachipa kupfuura kunyoreswa kweDockerHub), uye maitiro ekumisikidza yakavanzika repository ari nyore.
Tinoda kuva:
- password-yakachengetedzwa Docker repository inowanikwa pane subdomain
https://docker.helloworld.ru ; - UI yekuona mifananidzo mune repository, inowanikwa pa
https://docker-ui.helloworld.ru .
Kuti uite izvi:
- Ngatigadzirei ma subdomain maviri muPlesk mukunyoreswa kwedu: docker.helloworld.ru uye docker-ui.helloworld.ru, uye tigadzirise Let's Encrypt zvitupa kwavari.
- Wedzera iyo faira kune docker.helloworld.ru subdomain folda
docker-compose.yml
nezvirimo sezvizvi:version: "3" services: docker-registry: image: "registry:2" restart: always ports: - "53985:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: basic-realm REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - ./.docker-registry.htpasswd:/auth/.htpasswd - ./data:/data docker-registry-ui: image: konradkleine/docker-registry-frontend:v2 restart: always ports: - "53986:80" environment: VIRTUAL_HOST: '*, https://*' ENV_DOCKER_REGISTRY_HOST: 'docker-registry' ENV_DOCKER_REGISTRY_PORT: 5000 links: - 'docker-registry'
- Pasi peSSH, tichagadzira iyo .htpasswd faira yeBasic mvumo muDocker repository:
htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password
- Unganidza uye simudza midziyo:
docker-compose up -d
- Uye isu tinofanirwa kutungamira Nginx kumidziyo yedu. Izvi zvinogona kuitwa kuburikidza nePlesk.
Matanho anotevera anofanira kuitirwa docker.helloworld.ru uye docker-ui.helloworld.ru subdomains:
chidimbu Zvishandiso Zvekushandisa saiti yedu kuenda Docker Proxy Mitemo:
Uye wedzera mutemo kune proxy inouya traffic kune yedu mudziyo:
- Isu tinotarisa kuti tinogona kupinda mumudziyo wedu kubva kumushini wemuno:
$ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded
- Ngatitarisei mashandiro eiyo docker-ui.helloworld.ru subdomain:
Paunodzvanya paBhurawuza repositori, bhurawuza rinoratidza hwindo remvumo kwauchazoda kuisa zita rekushandisa uye password kune repository. Mushure meizvozvo, isu tinozoendeswa kune peji ine runyorwa rwezvinyorwa (parizvino, ichave isina chinhu kwauri):
Kuvhura madoko muPlesk Firewall
Mushure mekuisa nekugadzirisa zvikamu, tinoda kuvhura madoko kuitira kuti zvikamu zviwanikwe kubva kuDocker midziyo uye netiweki yekunze.
Ngatione kuti tingazviita sei tichishandisa Firewall yekuwedzera yePlesk yatakaisa pakutanga.
- Enda ku Zvishandiso & Zvirongwa> Zvirongwa> Firewall:
- Enda ku Shandura Plesk Firewall Mitemo> Wedzera Tsika Rule uye vhura inotevera TCP ports yeDocker subnet (172.0.0.0 / 8):
RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
Redis: 32785, 32786 - Isu tichawedzerawo mutemo unozovhura PostgreSQL ports uye RabbitMQ manejimendi manejimendi kune yekunze nyika:
- Shandisa iyo mitemo uchishandisa bhatani reApply Shanduko:
Kumisikidza CI/CD muGithub Zviito
Ngatidzikei kune inonyanya kunakidza chikamu - kumisikidza inoenderera yekubatanidza pombi uye kuendesa purojekiti yedu kune server.
Iyi pombi ichave nezvikamu zviviri:
- kuvaka chifananidzo uye kumhanya bvunzo (yekumashure) - parutivi rweGithub;
- kumhanya kutama (kweiyo backend) uye kutumira midziyo - pane server.
Isa kuPlesk
Ngatitangei kubata nepfungwa yechipiri (nekuti yekutanga inotsamira pairi).
Isu tichagadzirisa maitiro ekutumira tichishandisa iyo Git yekuwedzera yePlesk.
Funga muenzaniso neProd nharaunda yeBackend repository.
- Isu tinoenda kune kunyoreswa kwe yedu Helloworld webhusaiti uye toenda kune iyo Git chikamu:
- Isa chinongedzo kune yedu Github repository mu "Remote Git repository" munda uye shandura iyo default folda.
httpdocs
kune mumwe (semuenzaniso./httpdocs/hw_back
): - Kopa iyo SSH Public kiyi kubva padanho rekutanga uye
wedzera zviri muzvirongwa zveGithub. - Isu tinodzvanya OK pachiratidziro mudanho 2, mushure mezvo isu tinoendeswa kune repository peji muPlesk. Ikozvino isu tinoda kugadzirisa iyo repository kuti igadziriswe pane inobatika kune master bazi. Kuti uite izvi, enda ku Repository Settings uye chengetedza kukosha
Webhook URL
(isu tichaida gare gare kana uchigadzira Github Zviito): - Muchikamu cheActions pachiratidziro kubva pandima yapfuura, isa script kuti utange kutumira:
cd {REPOSITORY_ABSOLUTE_PATH} .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID}
kupi:
{REPOSITORY_ABSOLUTE_PATH}
- nzira inoenda kune prod folda yeiyo backend repository pane server;
{ENV}
- nharaunda (dev / prod), mune yeduprod
;
{DOCKER_REGISTRY_HOST}
- iyo inomiririra yedu docker repository
{TG_BOT_TOKEN}
-Teregiramu bot chiratidzo;
{TG_CHAT_ID}
- ID yechat / chiteshi chekutumira zviziviso.Script muenzaniso:
cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/ .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890
- Wedzera mushandisi kubva pakunyorera kwedu kuboka reDocker (kuti vagone kubata midziyo):
sudo usermod -aG docker helloworld_admin
Iyo dev nharaunda yebackend repository uye yekumberi inomisikidzwa nenzira imwechete.
Kuendesa pombi muGithub Zviito
Ngatienderere mberi nekumisikidza chikamu chekutanga chepombi yedu yeCI/CD muGithub Zviito.
Dzorera
Iyo pombi inotsanangurwa mukati
Asi tisati tazvipatsanura, ngatizadzei Zvakavanzika zvakasiyana zvatinoda muGithub. Kuti uite izvi, enda ku Zvirongwa -> Zvakavanzika:
DOCKER_REGISTRY
- mukuru weDocker repository yedu (docker.helloworld.ru);DOCKER_LOGIN
- pinda kune iyo Docker repository;DOCKER_PASSWORD
- password kune iyo;DEPLOY_HOST
- tambira uko iyo Plesk admin pani inowanikwa (semuenzaniso:helloworld.ru : 8443 kana123.4.56.78 :8443);DEPLOY_BACK_PROD_TOKEN
- chiratidzo chekuendesa kune prod-repository pane sevha (takaiwana mu Deployment muPlesk p. 4);DEPLOY_BACK_DEV_TOKEN
- chiratidzo chekuendeswa kune dev repository pane server.
Maitiro ekutumira ari nyore uye ane matanho makuru matatu:
- kuvaka uye kutsikisa mufananidzo mudura redu;
- kumhanya bvunzo mumudziyo wakavakirwa pamufananidzo uchangobva kuvakwa;
- kuendesa kune inodiwa nharaunda zvichienderana nebazi (dev/master).
Frontend
Site setup
Proxying traffic kuburikidza neNginx
Zvakanaka, tasvika kumagumo. Izvo zvinongosara kugadzirisa iyo proxying yeinouya uye inobuda traffic kune yedu mudziyo kuburikidza neNginx. Isu takatovhara maitiro aya mudanho rechishanu reiyo Docker Registry setup. Izvo zvakafanana zvinofanirwa kudzokororwa kumashure uye kumberi zvikamu mune dev uye prod nharaunda.
Ini ndichapa zvidzitiro zvezvirongwa.
Dzorera
Frontend
Kujekeswa kwakakosha. Ma URL ese anozoiswa kune yekumberi mudziyo, kunze kweaya anotanga nawo /api/
- ivo vanozoiswa kune yekumashure mudziyo (saka mumudziyo wekumashure, vese vanobata vanofanira kutanga /api/
).
Migumisiro
Iye zvino saiti yedu inofanira kuwanikwa kuhelloworld.ru uye dev.helloworld.ru (prod- uye dev-environments, zvichiteerana).
Pakazara, takadzidza nzira yekugadzirira nyore application muFlask neAngular uye kumisikidza pombi muGithub Actions kuti ibudise kune server inomhanya Plesk.
Ini ndichadzokorora zvinongedzo kune repositori nekodhi:
Source: www.habr.com