Nguva pfupi yapfuura ndaida kunyora akati wandei Ansible playbooks kugadzirira sevha yekuisa a Rails application. Uye, zvinoshamisa, handina kuwana nyore nhanho-ne-nhanho bhuku. Ndakanga ndisingadi kukopa bhuku rekutamba romumwe munhu ndisinganzwisisi zvaiitika, uye pakupedzisira ndaifanira kuverenga zvinyorwa, ndichiunganidza zvose ini. Zvichida ndinogona kubatsira mumwe munhu kuti akurumidze kuita izvi nerubatsiro rwechinyorwa chino.
Chinhu chekutanga kunzwisisa ndechekuti zvinogoneka zvinokupa iwe yakanakira interface kuti uite yakafanotsanangurwa rondedzero yezviito pane iri kure server (s) kuburikidza neSSH. Iko hakuna mashiripiti pano, haugone kuisa plugin uye kuwana zero downtime deployment yechishandiso chako nedocker, yekutarisa uye zvimwe zvakanaka kunze kwebhokisi. Kuti unyore bhuku rekutamba, unofanirwa kuziva kuti chii chaizvo chaunoda kuita uye maitirwo azvo. Ndosaka ndisiri kugutsikana nemabhuku ekutamba akagadzirira kubva kuGitHub, kana zvinyorwa zvakaita sekuti: "Kopota uye mhanya, zvichashanda."
Chii chatinoda?
Sezvandambotaura, kuti unyore bhuku rekutamba unofanirwa kuziva zvaunoda kuita uye kuti unozviita sei. Ngatisarudzei zvatinoda. YeRails application isu tichada akati wandei system mapakeji: nginx, postgresql (redis, nezvimwewo). Mukuwedzera, tinoda imwe shanduro ye ruby. Zvakanakisa kuiisa kuburikidza nerbenv (rvm, asdf...). Kumhanya zvese izvi semudzi mushandisi inogara iri pfungwa yakaipa, saka iwe unofanirwa kugadzira yakaparadzana mushandisi uye kugadzirisa kodzero dzake. Mushure meizvi, iwe unofanirwa kurodha kodhi yedu kune sevha, kopira iyo configs ye nginx, postgres, nezvimwe uye tanga ese masevhisi aya.
Nekuda kweizvozvo, kutevedzana kwezviito kunotevera:
- Login semudzi
- isa system package
- gadzira mushandisi mutsva, gadzirisa kodzero, ssh kiyi
- gadzira masisitimu mapakeji (nginx etc) uye woamhanyisa
- Isu tinogadzira mushandisi mune dhatabhesi (iwe unogona nekukurumidza kugadzira dhatabhesi)
- Login semushandisi mutsva
- Isa rbenv uye ruby
- Kuisa bundler
- Kuisa kodhi yekushandisa
- Kutanga iyo Puma server
Uyezve, nhanho dzekupedzisira dzinogona kuitwa uchishandisa capistrano, zvirinani kunze kwebhokisi inogona kukopa kodhi mumadhairekitori ekuburitsa, chinja kuburitswa ne symlink pakubudirira kutumirwa, kopi configs kubva kune yakagovaniswa dhairekitori, tangazve puma, nezvimwe. Zvese izvi zvinogona kuitwa uchishandisa Ansible, asi nei?
Chimiro chefaira
Ansible ane strict kune ese mafaera ako, saka zvakanaka kuti uzvichengete zvese mudhairekitori rakasiyana. Uyezve, hazvina kukosha zvakanyanya kana zvichange zviri mune rails application pachayo, kana zvakasiyana. Unogona kuchengeta mafaera mune yakaparadzana git repository. Ini pachangu, ndakaona zviri nyore kugadzira dhairekitori mune / config dhairekitori renjanji application uye chengeta zvese mune imwe repository.
Nyore Playbook
Playbook i yml faira iyo, uchishandisa yakakosha syntax, inotsanangura izvo Ansible anofanira kuita uye sei. Ngatigadzire bhuku rekutanga rekutamba risingaiti chinhu:
---
- name: Simple playbook
hosts: allApa tinongoti bhuku redu rekutamba rinonzi Simple Playbook uye kuti zviri mukati maro zviitirwe mauto ese. Tinogona kuichengeta mu / inogoneka dhairekitori ine zita playbook.yml uye edza kumhanya:
ansible-playbook ./playbook.yml
PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matchedAnsible anoti haizive chero mauto anofanana nerunyorwa rwese. Dzinofanirwa kunyorwa mune yakakosha .
Ngatiigadzire mune imwechete inonzwisisika dhairekitori:
123.123.123.123Iyi ndiyo nzira yatinongotaura nayo muenzi (zvakanakira iyo VPS yedu yekuyedza, kana iwe unogona kunyoresa localhost) uye chengetedza pasi pezita. inventory.
Iwe unogona kuedza kumhanya zvinonzwisisika nefaira reinvetory:
ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************
PLAY RECAP ************************************************************************************************************************************Kana iwe uine ssh yekuwana kune yakatsanangurwa host, ipapo ansible ichabatanidza uye kuunganidza ruzivo nezve iri kure system. (default TASK [Kuunganidza Chokwadi]) mushure mezvo ichapa mushumo mupfupi pamusoro pekuurayiwa (PLAY RECAP).
Nekumisikidza, kubatana kunoshandisa zita rekushandisa pasi payo iwe wakapinda muhurongwa. Zvingangove zvisiri pamugamuchiri. Mufaira rebhuku rekutamba, unogona kudoma mushandisi wekushandisa kubatanidza uchishandisa remote_user rairo. Zvakare, ruzivo nezve iri kure system inogona kazhinji isingakodzeri kwauri uye haufanirwe kutambisa nguva kuiunganidza. Basa iri rinogona zvakare kuvharwa:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: noEdza kumhanyisa bhuku rekutamba zvakare uye ona kuti kubatana kuri kushanda. (Kana wadoma mudzi wemushandisi, saka unofanirawo kudoma kuva: true directive kuitira kuti uwane kodzero dzakakwirira. Sezvakanyorwa mugwaro: become set to ‘true’/’yes’ to activate privilege escalation. kunyangwe zvisiri pachena kuti nei).
Zvichida iwe uchagashira kukanganisa kunokonzerwa nenyaya yekuti zvinonzwisisika hazvigone kuona muturikiri wePython, saka unogona kuzvitsanangura nemawoko:
ansible_python_interpreter: /usr/bin/python3 Iwe unogona kuziva kwaunayo python nemurairo whereis python.
Kuisa masisitimu mapakeji
Kugovera kwakajairwa kwaAnsible kunosanganisira akawanda mamodule ekushanda akasiyana masisitimu mapakeji, saka isu hatifanirwe kunyora bash scripts chero chikonzero. Iye zvino isu tinoda imwe yemamodule aya kuti tigadzirise sisitimu uye nekuisa system mapakeji. Ndine Ubuntu Linux paVPS yangu, saka kuisa mapakeji andinoshandisa apt-get и . Kana iwe uri kushandisa imwe nzira yekushanda, saka iwe ungada imwe module (rangarira, ndakataura pakutanga kuti tinofanira kuziva pachine nguva kuti chii uye kuti tichaita sei). Nekudaro, iyo syntax ingangove yakafanana.
Ngatiwedzerei bhuku redu rekutamba nemabasa ekutanga:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: presentBasa ndiro chairo iro basa richaitwa naAnsible pamaseva ari kure. Isu tinopa basa racho zita kuitira kuti tigone kuteedzera kuitwa kwaro murogi. Uye isu tinotsanangura, tichishandisa syntax yeimwe module, zvazvinofanira kuita. Panyaya iyi apt: update_cache=yes - inoti kugadzirisa mapakeji ehurongwa uchishandisa apt module. Murairo wechipiri wakaoma zvishoma. Isu tinopfuudza rondedzero yemapakeji kune apt module uye totaura kuti ndizvo state anofanira kuva present, kureva kuti tinoti isa mapakeji aya. Nenzira yakafanana, tinogona kuvaudza kuti vadzime, kana kuti kuvandudza nekungochinja state. Ndokumbira utarise kuti njanji ishande ne postgresql tinoda iyo postgresql-contrib package, yatiri kuisa izvozvi. Zvekare, iwe unofanirwa kuziva uye kuita izvi; zvinonzwisisika pazviri hazvizoite izvi.
Edza kumhanyisa playbook zvakare wotarisa kuti mapasuru akaiswa.
Kugadzira vashandisi vatsva.
Kushanda nevashandisi, Ansible zvakare ine module - mushandisi. Ngatiwedzerei rimwe basa (ndakaviga zvikamu zvagara zvichizivikanwa zvebhuku rekutamba kuseri kwezvirevo kuti ndirege kukopa zvachose nguva dzese):
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: my_user
shell: /bin/bash
password: "{{ 123qweasd | password_hash('sha512') }}"Isu tinogadzira mushandisi mutsva, isa schell uye password yayo. Uye ipapo tinosangana nematambudziko akawanda. Ko kana mazita ekushandisa achifanirwa kuve akasiyana kune akasiyana mauto? Uye kuchengetedza password mune yakajeka mavara mubhuku rekutamba ipfungwa yakaipa kwazvo. Kutanga, ngatiise zita rekushandisa uye password mune zvinosiyana, uye kumagumo echinyorwa ini ndicharatidza maitiro ekuvharisa password.
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"Mabhii akaiswa mumabhuku ekutamba achishandisa mbiri dzakamonana braces.
Isu ticharatidza kukosha kwezvakasiyana mufaira reinventory:
123.123.123.123
[all:vars]
user=my_user
user_password=123qweasdNdapota cherechedza chirevo [all:vars] - inotaura kuti chivharo chinotevera chemavara chinosiyana (vars) uye chinoshanda kune ese mauto (ese).
Iyo yakagadzirwa inonakidzawo "{{ user_password | password_hash('sha512') }}". Chinhu ndechekuti ansible haaisi mushandisi kuburikidza user_add sezvaungaita iwe pachako. Uye inochengetedza data rese zvakananga, ndosaka isu tichifanirawo kushandura password kuita hashi pamberi, izvo zvinoita murairo uyu.
Ngatiwedzerei mushandisi wedu kuboka re sudo. Nekudaro, izvi zvisati zvaitika isu tinofanirwa kuve nechokwadi chekuti boka rakadai riripo nekuti hapana achatiitira izvi:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"Zvese zviri nyore, isu zvakare tine boka module yekugadzira mapoka, ine syntax yakafanana neapt. Zvadaro zvakakwana kunyoresa boka iri kumushandisi (groups: "sudo").
Izvo zvinobatsirawo kuwedzera ssh kiyi kumushandisi uyu kuti tigone kupinda tichiishandisa pasina password:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentMuchiitiko ichi, kugadzirwa kunonakidza "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - inokopa zviri mukati me id_rsa.pub faira (zita rako ringave rakasiyana), kureva kuti, chikamu cheruzhinji che ssh kiyi uye inoisa kune rondedzero yemakiyi ane mvumo yemushandisi pane server.
Zvimiro
Mabasa ese ari matatu ekugadzira kushandiswa anogona nyore nyore kuiswa muboka rimwe remabasa, uye chingave chinhu chakanaka kuchengeta boka iri rakaparadzana nebhuku guru rekutamba kuitira kuti risakure zvakanyanya. Nechinangwa ichi, Ansible ane .
Zvinoenderana nechimiro chefaira chakaratidzwa pakutanga, mabasa anofanirwa kuiswa mune yakaparadzana mabasa dhairekitori, kune yega yega dhairekitori pane rakasiyana dhairekitori rine zita rimwechete, mukati memabasa, mafaera, matemplate, nezvimwe dhairekitori.
Ngatigadzirirei chimiro chefaira: ./ansible/roles/user/tasks/main.yml (main ndiyo huru faira ichatakurwa uye kuitwa kana basa rakabatana nebhuku rekutamba; mamwe mafaera ebasa anogona kubatanidzwa kwairi). Iye zvino unogona kutamisa mabasa ese ane chekuita nemushandisi kune iyi faira:
# Create user and add him to groups
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentMubhuku guru rekutamba, unofanira kutsanangura kushandisa basa remushandisi:
---
- name: Simple playbook
hosts: all
remote_user: root
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: present
roles:
- userZvakare, zvingave zvine musoro kugadzirisa sisitimu pamberi pemamwe mabasa ese; kuti uite izvi, unogona kupa zita rekuti block tasks umo vanotsanangurwa mazviri pre_tasks.
Kugadzika nginx
Isu tinofanirwa kunge tatove neNginx yakaiswa; isu tinofanirwa kuigadzirisa uye kuimhanyisa. Ngatizviite pakarepo mubasa. Ngatigadzirirei chimiro chefaira:
- ansible
- roles
- nginx
- files
- tasks
- main.yml
- templatesIye zvino tinoda mafaera uye matemplate. Musiyano uripo pakati pavo ndewekuti ansible anokopa mafaera zvakananga, sezvazviri. Uye ma templates anofanirwa kuve neiyo j2 yekuwedzera uye ivo vanogona kushandisa akasiyana siyana vachishandisa yakafanana kaviri curly braces.
Ngatigonese nginx mukati main.yml file. Kune izvi isu tine systemd module:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yesPano hatingotauri kuti nginx inofanira kutangwa (kureva kuti, tinoivhura), asi isu tinobva tati inofanira kugoneswa.
Zvino ngatikopei mafaera ekugadzirisa:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'Isu tinogadzira iyo huru nginx yekumisikidza faira (iwe unogona kuitora zvakananga kubva kune server, kana kunyora iwe pachako). Uye zvakare iyo faira yekumisikidza yekushandisa kwedu mumasaiti_available dhairekitori (izvi hazvidiwi asi zvinobatsira). Muchiitiko chekutanga, isu tinoshandisa iyo kopi module kukopa mafaera (iyo faira inofanirwa kunge iri mukati /ansible/roles/nginx/files/nginx.conf) Mune yechipiri, tinokopa template, tichitsiva kukosha kwezvakasiyana. Iyo template inofanira kunge iri mukati /ansible/roles/nginx/templates/my_app.j2) Uye zvinogona kutaridzika seizvi:
upstream {{ app_name }} {
server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name {{ server_name }} {{ inventory_hostname }};
root {{ app_path }}/current/public;
try_files $uri/index.html $uri.html $uri @{{ app_name }};
....
}Chenjerera kune zvinoiswa {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} -Aya ndiwo ese akasiyana ane hunhu Ansible anozotsiva mutemplate usati wakopa. Izvi zvinobatsira kana ukashandisa bhuku rekutamba remapoka akasiyana evaenzi. Semuenzaniso, isu tinogona kuwedzera yedu inventory faira:
[production]
123.123.123.123
[staging]
231.231.231.231
[all:vars]
user=my_user
user_password=123qweasd
[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app
[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_appKana isu tikatanga zvino bhuku redu rekutamba, rinozoita mabasa akatarwa kune ese ari maviri. Asi panguva imwecheteyo, kune dhizaini, zvinoshanduka zvichave zvakasiyana kubva kune zvekugadzira, uye kwete chete mumabasa uye mabhuku ekutamba, asiwo munginx configs. {{ inventory_hostname }} haifanirwe kutsanangurwa muinventory faira - iyi uye mugamuchiri ari kushandirwa nebhuku rekutamba anochengetwa ipapo.
Kana iwe uchida kuva nefaira rekutsvaga kune akati wandei, asi uchingomhanya kune rimwe boka, izvi zvinogona kuitwa nemurairo unotevera:
ansible-playbook -i inventory ./playbook.yml -l "staging"Imwe sarudzo ndeyekuva neakasiyana mafaera ezvinyorwa zvemapoka akasiyana. Kana iwe unogona kusanganisa nzira mbiri idzi kana uine akawanda akasiyana mauto.
Ngatidzokerei kumisikidza nginx. Mushure mekukopa mafaera ekugadzirisa, tinoda kugadzira symlink mu saiti_enabled kune my_app.conf kubva kumasaiti_available. Uye tangazve nginx.
... # old code in mail.yml
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restartedZvese zviri nyore pano - zvakare anonzwisisika mamodule ane yakajairwa syntax. Asi pane imwe pfungwa. Iko hakuna chikonzero mukutangazve nginx nguva dzese. Waona here kuti hatinyore mirairo senge: "ita izvi sezvizvi", iyo syntax inotaridzika senge "iyi inofanirwa kunge ine iyi mamiriro". Uye kazhinji izvi ndizvo chaizvo mashandiro anoita zvinonzwisisika. Kana boka racho ratovepo, kana kuti system package yakatoiswa, zvino ansible anoongorora izvi uye osvetuka basa racho. Zvakare, mafaera haafanirwe kukopwa kana akanyatsoenderana neatove pane server. Tinogona kutora mukana weizvi uye kutangazve nginx chete kana mafaera ekugadzirisa akachinjwa. Pane regisheni rairo reizvi:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
register: restart_nginx
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'
register: restart_nginx
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restarted
when: restart_nginx.changedKana imwe yemafaira ekugadzirisa akachinja, kopi ichaitwa uye shanduko ichanyoreswa restart_nginx. Uye chete kana shanduko iyi yakanyoreswa iyo sevhisi ichatangwazve.
Uye, hongu, iwe unofanirwa kuwedzera iyo nginx basa kune huru playbook.
Kugadzika postgresql
Isu tinofanirwa kugonesa postgresql kushandisa systemd nenzira imwechete sezvatakaita nenginx, uye zvakare kugadzira mushandisi watichashandisa kuwana dhatabhesi uye dhatabhesi pachayo.
Ngatigadzire basa /ansible/roles/postgresql/tasks/main.yml:
# Create user in postgresql
- name: enable postgresql and start
systemd:
name: postgresql
state: started
enabled: yes
- name: Create database user
become_user: postgres
postgresql_user:
name: "{{ db_user }}"
password: "{{ db_password }}"
role_attr_flags: SUPERUSER
- name: Create database
become_user: postgres
postgresql_db:
name: "{{ db_name }}"
encoding: UTF-8
owner: "{{ db_user }}"Ini handisi kuzotsanangura maitiro ekuwedzera mabhii kune hesiti, izvi zvakatoitwa kakawanda, pamwe neiyo syntax yepostgresql_db uye postgresql_user modules. Rumwe ruzivo runogona kuwanikwa mune zvinyorwa. Murairo unonyanya kunakidza pano ndewe become_user: postgres. Icho chokwadi ndechekuti nekusarudzika, mushandisi wepostgres chete ndiye anokwanisa kuwana iyo postgresql dhatabhesi uye chete munharaunda. Uyu murairo unotibvumira kuita mirairo panzvimbo yemushandisi uyu (kana tichikwanisa kuwana, hongu).
Zvakare, ungangoda kuwedzera mutsara ku pg_hba.conf kuti ubvumire mushandisi mutsva kupinda mudhatabhesi. Izvi zvinogona kuitwa nenzira imwechete sezvatakachinja nginx config.
Uye zvechokwadi, iwe unofanirwa kuwedzera iyo postgresql basa kune huru playbook.
Kuisa ruby kuburikidza nerbenv
Ansible haina ma module ekushanda ne rbenv, asi inoiswa ne cloning a git repository. Naizvozvo, dambudziko iri rinova iro risiri-standard. Ngatimugadzirirei basa /ansible/roles/ruby_rbenv/main.yml uye ngatitange kuizadza:
# Install rbenv and ruby
- name: Install rbenv
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenvIsu tinoshandisa zvakare iyo become_user dhairekitori kushanda pasi pemushandisi watakagadzira nekuda kweizvi. Sezvo rbenv yakaiswa mudhairekitori rayo remba, uye kwete pasi rose. Uye isu zvakare tinoshandisa iyo git module kubatanidza iyo repository, ichitsanangura repo uye dest.
Tevere, isu tinofanirwa kunyoresa rbenv init mubashrc uye kuwedzera rbenv kuPATH ipapo. Kune izvi isu tine lineinfile module:
- name: Add rbenv to PATH
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'
- name: Add rbenv init to bashrc
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'eval "$(rbenv init -)"'Ipapo iwe unofanirwa kuisa ruby_build:
- name: Install ruby-build
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-buildUye pakupedzisira isa ruby. Izvi zvinoitwa kuburikidza ne rbenv, ndiko kuti, nekungoita ne bash command:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
rbenv install {{ ruby_version }}
args:
executable: /bin/bashTinoti murairo upi wekuita uye nei. Nekudaro, pano isu tinosangana nenyaya yekuti ansible haamhanye kodhi iri mubashrc isati yamhanyisa mirairo. Izvi zvinoreva kuti rbenv ichafanirwa kutsanangurwa zvakananga mune imwechete script.
Dambudziko rinotevera nderekuti iyo shell command haina nyika kubva pane inonzwisisika yemaonero. Ndokunge, hapazove ne otomatiki cheki kana iyi vhezheni yeruby yakaiswa kana kwete. Isu tinogona kuita izvi isu pachedu:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
if ! rbenv versions | grep -q {{ ruby_version }}
then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
fi
args:
executable: /bin/bashChasara kuisa bundler:
- name: Install bundler
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
gem install bundlerUye zvakare, wedzera basa redu ruby_rbenv kune huru playbook.
Mafaira akagoverwa.
Kazhinji, iyo setup inogona kupedzwa pano. Tevere, chasara kumhanyisa capistrano uye ichakopa iyo kodhi pachayo, kugadzira madhairekitori anodiwa uye kuvhura iyo application (kana zvese zvakagadziriswa nemazvo). Nekudaro, capistrano kazhinji inoda mamwe mafaera ekugadzirisa, senge database.yml kana .env Ivo vanogona kukopwa senge mafaera uye matemplate e nginx. Pane humwe hunyengeri. Usati wakopa mafaera, unofanirwa kuvagadzirira dhairekitori chimiro, chimwe chinhu chakadai:
# Copy shared files for deploy
- name: Ensure shared dir
become_user: "{{ user }}"
file:
path: "{{ app_path }}/shared/config"
state: directoryisu tinotsanangura dhairekitori rimwe chete uye zvinogoneka zvinogadzira otomatiki evabereki kana zvichidikanwa.
Ansible Vault
Isu takatosangana nenyaya yekuti zvinosiyana zvinogona kuve nedata rakavanzika senge password yemushandisi. Kana iwe wakagadzira .env faira rekushandisa, uye database.yml ipapo panofanira kunge paine mamwe data akakosha akadaro. Zvingave zvakanaka kuvanza kubva pakuona maziso. Nokuda kwechikonzero ichi inoshandiswa .
Ngatigadzirei faira yezvinoshanduka /ansible/vars/all.yml (pano unogona kugadzira mafaira akasiyana emapoka akasiyana-siyana evatenzi, sezvakangoita mufaira rekutsvaga: production.yml, staging.yml, nezvimwewo).
Zvese zvinosiyana zvinofanirwa kuvharirwa zvinofanirwa kuendeswa kune iyi faira uchishandisa yakajairwa yml syntax:
# System vars
user_password: 123qweasd
db_password: 123qweasd
# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_baseMushure meizvozvo iyi faira inogona kuvharirwa nemurairo:
ansible-vault encrypt ./vars/all.ymlNomuzvarirwo, kana uchinyorera, iwe unozofanirwa kuseta password ye decryption. Iwe unogona kuona zvichange zviri mukati mefaira mushure mekudana uyu murairo.
Nekubatsirwa kwe ansible-vault decrypt iyo faira inogona kucheneswa, kugadziridzwa uye yobva yavharirwa zvakare.
Iwe haufanire kudzima faira kuti ushande. Iwe unoichengeta yakavharidzirwa uye unomhanyisa bhuku rekutamba nenharo --ask-vault-pass. Ansible inobvunza iyo password, tora zvinosiyana, uye ita mabasa. Yese data icharamba yakavharidzirwa.
Murairo wakakwana wemapoka akati wandei evaenzi uye inonzwisisika vault ichaita seizvi:
ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-passAsi ini handisi kuzokupa zvizere zvinyorwa zvekutamba uye mabasa, zvinyore iwe pachako. Nekuti zvinonzwisisika ndizvo - kana iwe usinganzwisise izvo zvinofanirwa kuitwa, saka hazvikuitire iwe.
Source: www.habr.com