Muchikamu chino, ini ndichagovera ruzivo rwangu rwekugadzirisa CI / CD uchishandisa Plesk Control Panel uye Github Actions. Nhasi tichadzidza nzira yekuendesa purojekiti iri nyore ine zita risina kuoma "Helloworld". Izvo zvakanyorwa muFlask Python framework, ine Celery vashandi uye Angular 8 kumberi.

Links kune repositories: backend, frontend.

Muchikamu chekutanga chenyaya, tichatarisa chirongwa chedu nezvikamu zvaro. Mune yechipiri, isu tichaona nzira yekumisikidza Plesk uye nekuisa inodiwa ekuwedzera uye zvikamu (DB, RabbitMQ, Redis, Docker, nezvimwewo).

Muchikamu chechitatu, isu tichazopedzisira taona nzira yekumisikidza pombi yekuendesa purojekiti yedu kune server munzvimbo ye dev uye prod. Uye ipapo isu tichavhura saiti pane server.

Uye hongu, ndakanganwa kuzvisuma. Zita rangu ndinonzi Oleg Borzov, ndiri mugadziri akazara muCRM timu yemamaneja emba yemba kuDomclick.

Kuongorora kweprojekiti

Chekutanga, ngatitarisei maviri epurojekiti repositori - backend uye kumberi - uye tiende pamusoro pekodhi.

Kumashure: Flask + Celery

Kune chikamu chekumashure, ndakatora boka rinonyanya kufarirwa pakati pevagadziri vePython: iyo Flask framework (yeAPI) uye Celery (yemutsetse webasa). SQLAchemy inoshandiswa seORM. Alembic inoshandiswa pakutama. Yekusimbiswa kweJSON mumabati - Marshmallow.

В repositories pane Readme.md faira ine tsananguro yakadzama yechimiro uye mirairo yekumhanyisa chirongwa.

Purogiramu inonzi Web Part haina kuoma, ine 6 mapeni:

• /ping - kutarisa kuwanikwa;
• inobata kunyoresa, mvumo, kubvisa-mvumo uye kuwana mushandisi ane mvumo;
• email mubato unoisa basa muCelery mutsara.

Celery chikamu kunyange nyore, pane dambudziko rimwe chete send_mail_task.

Mune folda /conf kune ma subfolders maviri:

• docker nemaDockerfiles maviri (base.dockerfile kugadzira mufananidzo usingawanzo chinja uye Dockerfile kumagungano makuru);
• .env_files - ine mafaera ane nharaunda zvinosiyana kune akasiyana nharaunda.

Kune mana docker-nyora mafaera pamudzi weprojekiti:

• docker-compose.local.db.yml kusimudza dhatabhesi yenzvimbo yekusimudzira;
• docker-compose.local.workers.yml yekusimudza kwemusha kwemushandi, dhatabhesi, Redis uye RabbitMQ;
• docker-compose.test.yml kumhanyisa bvunzo panguva yekutumirwa;
• docker-compose.yml yekutumirwa.

Uye iyo yekupedzisira folda yatiri kufarira - .ci-cd. Iine shell zvinyorwa zvekutumira:

• deploy.sh - kutanga kwekutama uye kutumira. Inomhanya pane sevha mushure mekuvaka uye kumhanya bvunzo muGithub Zviito;
• rollback.sh - kudzoreredzwa kwemidziyo kune yakapfuura vhezheni yegungano;
• curl_tg.sh - kutumira zviziviso zvekutumira kuTeregiramu.

Frontend paAngular

Repository ine kumberi zviri nyore kupfuura Beck's. Kumberi kune mapeji matatu:

• Peji huru ine fomu rekutumira email uye bhatani rekubuda.
• Login peji.
• Registration peji.

Peji huru inoratidzika seyakanaka:

Pane mafaira maviri pamudzi Dockerfile и docker-compose.yml, pamwe chete nefodhi yaizivikanwa .ci-cd ine zvinyorwa zvishoma zvishoma pane zviri kumashure repository (akabviswa zvinyorwa zvekumhanya bvunzo).

Kutanga chirongwa muPlesk

Ngatitange nekumisikidza Plesk uye kugadzira kunyoreswa kwesaiti yedu.

Kuisa maedzero

MuPlesk, tinoda mana ekuwedzera:

• Docker kubata uye nekuona chimiro chemidziyo muPlesk admin panel;
• Git kugadzirisa danho rekutumira pane server;
• Let's Encrypt kugadzira (uye otomatiki-kuvandudza) emahara TLS zvitupa;
• Firewall kugadzirisa kusefa kweinouya traffic.

Unogona kuvamisa kuburikidza nePlesk admin panhizha muchikamu cheExtensions:

Isu hatizotarise iyo yakadzama marongero ekuwedzera, iyo yakasarudzika marongero achaita nekuda kwedu demo zvinangwa.

Gadzira kunyoreswa uye saiti

Tevere, tinoda kugadzira kunyoreswa kune yedu helloworld.ru webhusaiti uye kuwedzera iyo dev.helloworld.ru subdomain ipapo.

1. Gadzira kunyoreswa kweiyo helloworld.ru domain uye tsanangura iyo login-password yemushandisi wesystem:

   
   Tarisa bhokisi riri pazasi pepeji Chengetedza iyo domain neLet Encryptkana tichida kuseta HTTPS yesaiti:

   

2. Tevere, mukunyoreswa uku, gadzira subdomain dev.helloworld.ru (yaunogona zvakare kuburitsa chemahara TLS chitupa):

   

Kuisa Server Zvikamu

Tine server ne OS Debian Stretch 9.12 uye yakaiswa control panel Plesk Obsidian 18.0.27.

Isu tinofanirwa kuisa uye kugadzirisa purojekiti yedu:

• PostgreSQL (munyaya yedu, pachave nesevha imwe ine dhatabhesi mbiri dzedev uye prod nharaunda).
• RabbitMQ (yakafanana, yakafanana, yakafanana nemavhosts akasiyana enzvimbo).
• Maitiro maviri eRedis (ye dev uye prod nharaunda).
• Docker Registry (yenzvimbo yekuchengetedza yeDocker mifananidzo yakavakirwa).
• UI yeDocker registry.

PostgreSQL

Plesk yatouya nePostgreSQL DBMS, asi kwete iyo yazvino vhezheni (panguva yekunyora Plesk Obsidian inotsigirwa Postgres shanduro 8.4–10.8). Tinoda yazvino vhezheni yechishandiso chedu (12.3 panguva yekunyora uku), saka tichaiisa nemaoko.

Подробных инструкций по установке Postgres на Debian в сети полно (muenzaniso), saka handisi kuzovatsanangura zvakadzama, ndinongopa mirairo:

wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'

sudo apt-get update
sudo apt-get install postgresql postgresql-contrib

Tichifunga kuti PostgreSQL ine zvimiro zvemediocre default zvigadziriso, zvinodikanwa kugadzirisa kurongeka. Izvi zvichatibatsira calculator: iwe unofanirwa kutyaira mune ma parameter e server yako uye kutsiva marongero mufaira /etc/postgresql/12/main/postgresql.confkune avo vakapiwa. Izvo zvinofanirwa kucherechedzwa pano kuti macalculator akadaro haasi mashiripiti bara, uye hwaro hunofanirwa kurongeka zvakanyatsonaka, zvichibva pane yako Hardware, application, uye kuoma kwemubvunzo. Asi izvi zvakakwana kuti utange.

Pamusoro pezvirongwa zvinotsanangurwa nekarukureta, isu tinochinjawo mukati postgresql.confiyo default port 5432 kune imwe (mumuenzaniso wedu - 53983).

Mushure mekushandura faira yekumisikidza, tangazve postgresql-server nemurairo:

service postgresql restart

Isu takaisa uye takagadzirisa PostgreSQL. Zvino ngatigadzire dhatabhesi, vashandisi ve dev- uye prod-zvakatipoteredza, uye tipe vashandisi kodzero dzekutonga dhatabhesi:

$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT

TsuroMQ

Перейдем к установке RabbitMQ — брокера сообщений для Celery. Ставится он на Debian достаточно просто:

wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb

sudo apt-get update
sudo apt-get install erlang erlang-nox

sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -

sudo apt-get update
sudo apt-get install rabbitmq-server

Mushure mekuisa, isu tinofanirwa kugadzira vhosts, vashandisi uye kupa kodzero dzinodiwa:

sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password 
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"

sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password 
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"

Redis

Zvino ngatiise uye tigadzirise chikamu chekupedzisira chekushandisa kwedu - Redis. Ichashandiswa senge backend yekuchengetedza mhedzisiro yeCelery mabasa.

Tichasimudza midziyo miviri yeDocker ine Redis yedev uye prod nharaunda tichishandisa kuwedzera Docker zvePlesk.

1. Isu tinoenda kuPlesk, enda kuchikamu cheExtensions, tsvaga iyo Docker yekuwedzera uye kuimisa (tinoda yemahara vhezheni):

   

2. Enda kune yakasimwa yekuwedzera, tsvaga mufananidzo kuburikidza nekutsvaga redis bitnami uye isa yazvino vhezheni:

   

3. Isu tinopinda mumudziyo wakadhawunirodherwa uye gadzirisa zvigadziriso: tsanangura chiteshi, iyo yakakura yakagoverwa RAM saizi, password iri munzvimbo inosiyana, uye kukwidza vhoriyamu:

   

4. Isu tinoita nhanho 2-3 yemudziyo weprod, mune zvigadziriso isu tinongoshandura ma paramita: port, password, RAM saizi uye nzira yevhoriyamu dhairekitori pane server:

   

Docker Registry

Pamusoro pemasevhisi ekutanga, zvingave zvakanaka kuisa yako Docker mufananidzo repository pane server. Neraki, sevha nzvimbo ikozvino yakachipa (zvechokwadi yakachipa kupfuura kunyoreswa kweDockerHub), uye maitiro ekumisikidza yakavanzika repository ari nyore.

Tinoda kuva:

• password-yakachengetedzwa Docker repository inowanikwa pane subdomain https://docker.helloworld.ru;
• UI yekuona mifananidzo mune repository, inowanikwa pa https://docker-ui.helloworld.ru.

Kuti uite izvi:

1. Ngatigadzirei ma subdomain maviri muPlesk mukunyoreswa kwedu: docker.helloworld.ru uye docker-ui.helloworld.ru, uye tigadzirise Let's Encrypt zvitupa kwavari.
2. Wedzera iyo faira kune docker.helloworld.ru subdomain folda docker-compose.yml nezvirimo sezvizvi:

   version: "3"
   
   services:
     docker-registry:
       image: "registry:2"
       restart: always
       ports:
         - "53985:5000"
       environment:
         REGISTRY_AUTH: htpasswd
         REGISTRY_AUTH_HTPASSWD_REALM: basic-realm
         REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd
         REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
       volumes:
         - ./.docker-registry.htpasswd:/auth/.htpasswd
         - ./data:/data
   
     docker-registry-ui:
       image: konradkleine/docker-registry-frontend:v2
       restart: always
       ports:
         - "53986:80"
       environment:
         VIRTUAL_HOST: '*, https://*'
         ENV_DOCKER_REGISTRY_HOST: 'docker-registry'
         ENV_DOCKER_REGISTRY_PORT: 5000
       links:
         - 'docker-registry'
   

3. Pasi peSSH, tichagadzira iyo .htpasswd faira yeBasic mvumo muDocker repository:

   htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password

4. Unganidza uye simudza midziyo:

   docker-compose up -d

5. Uye isu tinofanirwa kutungamira Nginx kumidziyo yedu. Izvi zvinogona kuitwa kuburikidza nePlesk.

Matanho anotevera anofanira kuitirwa docker.helloworld.ru uye docker-ui.helloworld.ru subdomains:

chidimbu Zvishandiso Zvekushandisa saiti yedu kuenda Docker Proxy Mitemo:

Uye wedzera mutemo kune proxy inouya traffic kune yedu mudziyo:

1. Isu tinotarisa kuti tinogona kupinda mumudziyo wedu kubva kumushini wemuno:

   $ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password
   WARNING! Using --password via the CLI is insecure. Use --password-stdin.
   Login Succeeded

2. Ngatitarisei mashandiro eiyo docker-ui.helloworld.ru subdomain:

   
   Paunodzvanya paBhurawuza repositori, bhurawuza rinoratidza hwindo remvumo kwauchazoda kuisa zita rekushandisa uye password kune repository. Mushure meizvozvo, isu tinozoendeswa kune peji ine runyorwa rwezvinyorwa (parizvino, ichave isina chinhu kwauri):

   

Kuvhura madoko muPlesk Firewall

Mushure mekuisa nekugadzirisa zvikamu, tinoda kuvhura madoko kuitira kuti zvikamu zviwanikwe kubva kuDocker midziyo uye netiweki yekunze.

Ngatione kuti tingazviita sei tichishandisa Firewall yekuwedzera yePlesk yatakaisa pakutanga.

1. Enda ku Zvishandiso & Zvirongwa> Zvirongwa> Firewall:
   
2. Enda ku Shandura Plesk Firewall Mitemo> Wedzera Tsika Rule uye vhura inotevera TCP ports yeDocker subnet (172.0.0.0 / 8):
   RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
   Redis: 32785, 32786

   

3. Isu tichawedzerawo mutemo unozovhura PostgreSQL ports uye RabbitMQ manejimendi manejimendi kune yekunze nyika:

   

4. Shandisa iyo mitemo uchishandisa bhatani reApply Shanduko:

   

Kumisikidza CI/CD muGithub Zviito

Ngatidzikei kune inonyanya kunakidza chikamu - kumisikidza inoenderera yekubatanidza pombi uye kuendesa purojekiti yedu kune server.

Iyi pombi ichave nezvikamu zviviri:

• kuvaka chifananidzo uye kumhanya bvunzo (yekumashure) - parutivi rweGithub;
• kumhanya kutama (kweiyo backend) uye kutumira midziyo - pane server.

Isa kuPlesk

Ngatitangei kubata nepfungwa yechipiri (nekuti yekutanga inotsamira pairi).

Isu tichagadzirisa maitiro ekutumira tichishandisa iyo Git yekuwedzera yePlesk.

Funga muenzaniso neProd nharaunda yeBackend repository.

1. Isu tinoenda kune kunyoreswa kwe yedu Helloworld webhusaiti uye toenda kune iyo Git chikamu:

   

2. Isa chinongedzo kune yedu Github repository mu "Remote Git repository" munda uye shandura iyo default folda. httpdocs kune mumwe (semuenzaniso. /httpdocs/hw_back):

   

3. Kopa iyo SSH Public kiyi kubva padanho rekutanga uye wedzera zviri muzvirongwa zveGithub.
4. Isu tinodzvanya OK pachiratidziro mudanho 2, mushure mezvo isu tinoendeswa kune repository peji muPlesk. Ikozvino isu tinoda kugadzirisa iyo repository kuti igadziriswe pane inobatika kune master bazi. Kuti uite izvi, enda ku Repository Settings uye chengetedza kukosha Webhook URL (isu tichaida gare gare kana uchigadzira Github Zviito):

   

5. Muchikamu cheActions pachiratidziro kubva pandima yapfuura, isa script kuti utange kutumira:

   cd {REPOSITORY_ABSOLUTE_PATH}
   .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID} 

   kupi:

   {REPOSITORY_ABSOLUTE_PATH} - nzira inoenda kune prod folda yeiyo backend repository pane server;
   {ENV} - nharaunda (dev / prod), mune yedu prod;
   {DOCKER_REGISTRY_HOST} - iyo inomiririra yedu docker repository
   {TG_BOT_TOKEN} -Teregiramu bot chiratidzo;
   {TG_CHAT_ID} - ID yechat / chiteshi chekutumira zviziviso.

   Script muenzaniso:

   cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/
   .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890

6. Wedzera mushandisi kubva pakunyorera kwedu kuboka reDocker (kuti vagone kubata midziyo):

   sudo usermod -aG docker helloworld_admin

Iyo dev nharaunda yebackend repository uye yekumberi inomisikidzwa nenzira imwechete.

Kuendesa pombi muGithub Zviito

Ngatienderere mberi nekumisikidza chikamu chekutanga chepombi yedu yeCI/CD muGithub Zviito.

Dzorera

Iyo pombi inotsanangurwa mukati deploy.yml file.

Asi tisati tazvipatsanura, ngatizadzei Zvakavanzika zvakasiyana zvatinoda muGithub. Kuti uite izvi, enda ku Zvirongwa -> Zvakavanzika:

• DOCKER_REGISTRY - mukuru weDocker repository yedu (docker.helloworld.ru);
• DOCKER_LOGIN - pinda kune iyo Docker repository;
• DOCKER_PASSWORD - password kune iyo;
• DEPLOY_HOST - tambira uko iyo Plesk admin pani inowanikwa (semuenzaniso: helloworld.ru: 8443 kana 123.4.56.78:8443);
• DEPLOY_BACK_PROD_TOKEN - chiratidzo chekuendesa kune prod-repository pane sevha (takaiwana mu Deployment muPlesk p. 4);
• DEPLOY_BACK_DEV_TOKEN - chiratidzo chekuendeswa kune dev repository pane server.

Maitiro ekutumira ari nyore uye ane matanho makuru matatu:

• kuvaka uye kutsikisa mufananidzo mudura redu;
• kumhanya bvunzo mumudziyo wakavakirwa pamufananidzo uchangobva kuvakwa;
• kuendesa kune inodiwa nharaunda zvichienderana nebazi (dev/master).

Frontend

Iyo deploy.yml faira rekumberi repository zvishoma zvakasiyana kubva kuna Beck. Iyo inoshaya nhanho nekumhanya bvunzo uye inoshandura mazita ematokens ekutumirwa. Zvakavanzika zvemberi repository, nenzira, zvinoda kuzadzwa zvakasiyana.

Site setup

Proxying traffic kuburikidza neNginx

Zvakanaka, tasvika kumagumo. Izvo zvinongosara kugadzirisa iyo proxying yeinouya uye inobuda traffic kune yedu mudziyo kuburikidza neNginx. Isu takatovhara maitiro aya mudanho rechishanu reiyo Docker Registry setup. Izvo zvakafanana zvinofanirwa kudzokororwa kumashure uye kumberi zvikamu mune dev uye prod nharaunda.

Ini ndichapa zvidzitiro zvezvirongwa.

Dzorera

Frontend

Kujekeswa kwakakosha. Ma URL ese anozoiswa kune yekumberi mudziyo, kunze kweaya anotanga nawo /api/ - ivo vanozoiswa kune yekumashure mudziyo (saka mumudziyo wekumashure, vese vanobata vanofanira kutanga /api/).

Migumisiro

Iye zvino saiti yedu inofanira kuwanikwa kuhelloworld.ru uye dev.helloworld.ru (prod- uye dev-environments, zvichiteerana).

Pakazara, takadzidza nzira yekugadzirira nyore application muFlask neAngular uye kumisikidza pombi muGithub Actions kuti ibudise kune server inomhanya Plesk.

Ini ndichadzokorora zvinongedzo kune repositori nekodhi: backend, frontend.

Source: www.habr.com