Maqaalkan, waxaan ku wadaagi doonaa waayo-aragnimadayda dejinta CI/CD anigoo isticmaalaya Plesk control panel iyo Github Actions. Maanta waxaan baran doonaa sida loo geeyo mashruuc fudud oo leh magaca fudud "Helloworld". Waxay ku qoran tahay qaabka Python Flask, oo leh shaqaale Selery iyo xaga hore ee xagal 8.

Xiriirinta meelaha kaydka ah: dhabarka dambe, dhamaadka hore.

Qaybta hore ee maqaalka waxaynu ku eegi doonaa mashruuceena iyo qaybihiisa. Marka labaad, waxaan ogaan doonaa sida loo dejiyo Plesk oo loo rakibo kordhinta lagama maarmaanka ah iyo qaybaha (DB, RabbitMQ, Redis, Docker, iwm.).

Qaybta saddexaad, waxaan ugu dambeyntii ogaan doonaa sida loo dejiyo dhuumaha daadinta mashruucayaga server-ka deegaanka dev iyo prod. Ka dibna waxaan ku furi doonaa goobta on server-ka.

Oo haa, waan ilaaway inaan is baro. Magacaygu waa Oleg Borzov, waxaan ahay horumariye buuxa oo ka tirsan kooxda CRM ee maamulayaasha amaahda amaahda guryaha ee Domklik.

Dulmarka mashruuca

Marka hore, aan eegno laba mashruuc oo kayd ah - dhabarka iyo hore - oo aan marno koodka.

Qaybta dambe: Flask+Selery

Dhamaadka-dhamaadka, waxaan qaatay isku-dar aad caan uga ah soosaarayaasha Python: qaab-dhismeedka Flask (ee API) iyo Celery (kuyuuga hawsha). SQLAchemy waxaa loo isticmaalaa sidii ORM. Alembic waxaa loo isticmaalaa socdaalka. Ansixinta JSON ee gacanta - Marshmallow.

В kayd Waxaa jira faylka Readme.md oo leh sharraxaad faahfaahsan oo ku saabsan qaabka iyo tilmaamaha bilowga mashruuca.

Qaybta Shabakadda API aad u fudud, wuxuu ka kooban yahay 6 gacan:

• /ping - si loo hubiyo in la heli karo;
• gacanta ku haya diiwaangelinta, oggolaanshaha, oggolaansho-la'aanta iyo helitaanka isticmaale idman;
• gacanta u diritaanka iimaylka dhigaya hawsha safka Celery.

Selery qayb Xitaa way ka sahlan tahay, waxaa jira hal dhibaato oo keliya send_mail_task.

Gal gal /conf waxaa jira laba fayl-hoosaadyo:

• docker oo leh laba Dockerfiles (base.dockerfile in la dhiso muuqaal sal ah oo dhif ah oo isbedela iyo Dockerfile ee shirarka waaweyn;
• .env_files - oo wata faylal leh doorsoomayaasha deegaanka ee deegaan kala duwan.

Waxa jira afar faylal oo ka kooban docker-ku-salaysan xididka mashruuca:

• docker-compose.local.db.yml si kor loogu qaado xogta deegaanka ee horumarinta;
• docker-compose.local.workers.yml korinta maxaliga ah ee shaqaale, xog ururin, Redis iyo RabbitMQ;
• docker-compose.test.yml Imtixaannada la wado inta lagu jiro hawlgalinta;
• docker-compose.yml si loo geeyo.

Galka ugu dambeeya ee danta noo ah waa .ci-cd. Waxay ka kooban tahay qoraallada qolofka ee la geynayo:

• deploy.sh - bilaabista socdaalka iyo hawlgelinta. Lagu bilaabay server-ka ka dib dhisitaanka iyo socodsiinta imtixaanada Github Actions;
• rollback.sh - weelasha dib loogu celiyo nuqulkii hore ee shirka;
• curl_tg.sh - u dirida ogeysiisyada geynta Telegram.

Frontend oo xagal ah

Kaydka hore oo leh aad uga fudud Bekov's. Dhinaca hore waxa uu ka kooban yahay saddex bog:

• Bogga hoyga oo wata foom lagu dirayo iimayl iyo badhanka ka bixida
• Boga galitaanka
• Bogga diiwaangelinta.

Bogga ugu weyn wuxuu u muuqdaa mid aan fiicneyn:

Laba fayl ayaa ku jira xididka Dockerfile и docker-compose.yml, iyo sidoo kale galka la yaqaan .ci-cd oo leh tiro qoraallo ah oo waxyar ka yar marka loo eego kaydka dambe ( qoraallada imtixaannada socda waa la saaray).

Mashruuc laga bilaabayo Plesk

Aan ku bilowno samaynta Plesk iyo abuurista rukunka boggayaga.

Ku rakibida kordhinta

Plesk waxaan u baahanahay afar kordhin:

• Docker maaraynta iyo muujinta muuqaalka xaaladda weelasha ee guddiga maamulka Plesk;
• Git si loo habeeyo tallaabada geynta serverka;
• Let's Encrypt abuurista (iyo dib-u-cusboonaysiinta) shahaadooyinka TLS ee bilaashka ah;
• Firewall si loo habeeyo shaandhaynta taraafikada soo galaya.

Waxaad ku rakibi kartaa iyaga adoo adeegsanaya maamulka Plesk ee qaybta Kordhinta:

Ma tixgelin doono qaabeynta faahfaahsan ee kordhinta; ujeedooyinkayaga demo, goobaha caadiga ah ayaa ku haboonaan doona.

Abuuritaanka rukunka iyo mareegaha

Marka xigta, waxaan u baahanahay inaan u abuurno rukunsad shabakadeena helloworld.ru oo aan ku darno subdomain dev.helloworld.ru halkaas.

1. Waxaan u abuurnaa rukunsad helloworld.ru domain oo aan u sheegnaa erayga sirta ah ee isticmaalaha nidaamka:

   
   Calaamadee sanduuqa hoose ee bogga Ku xafid domainka Aynu Sirinno, haddii aan rabno in aan u habeyno HTTPS goobta:

   

2. Marka xigta, is-diiwaangelintan, waxaan ku abuureynaa dev.helloworld.ru-hoosaad (kaas oo aad sidoo kale bixin karto shahaadada TLS ee bilaashka ah):

   

Ku rakibida qaybaha server-ka

Waxaan leenahay server leh Bixinta OS Debian Stretch 9.12 oo lagu rakibay guddiga xakamaynta Plesk Obsidian 18.0.27.

Waxaan u baahanahay inaan rakibno oo aan u habeyno mashruucayaga:

• PostgreSQL (xaaladkeena waxaa jiri doona hal server oo leh laba kayd oo loogu talagalay deegaanka dev iyo prod).
• RabbitMQ (wax la mid ah, hal tusaale oo leh vhosts kala duwan ee deegaanka).
• Laba tusaale oo Redis ah (oo loogu talagalay deegaan dev iyo prod).
• Diiwaanka Docker (oo loogu talagalay kaydinta maxalliga ah ee sawirada Docker ee la soo ururiyey).
• Interface UI ee diiwaanka Docker.

PostgreSQL

Plesk waxay horey ula timid PostgreSQL DBMS, laakiin ma aha nuqulkii ugu dambeeyay (waqtiga qoraalka Plesk Obsidian taageeray Noocyada Postgres 8.4-10.8). Waxaan rabnaa nooca ugu dambeeyay ee codsigeena (12.3 waqtiga qorista), markaa waxaan ku rakibi doonaa gacanta.

Waxaa jira tilmaamo badan oo faahfaahsan oo ku saabsan ku rakibida Postgres Debian online (Tusaale), markaa si faahfaahsan uguma sifayn doono, kaliya waxaan ku siin doonaa amarada:

wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'

sudo apt-get update
sudo apt-get install postgresql postgresql-contrib

Iyadoo la tixgalinayo in PostgreSQL ay leedahay qaab-dhismeed dhexdhexaad ah oo dhexdhexaad ah, waa lagama maarmaan in la hagaajiyo qaabeynta. Tani way ina caawin doontaa xisaabiyaha: waxaad u baahan tahay inaad geliso xuduudaha server-kaaga oo aad bedesho goobaha faylka /etc/postgresql/12/main/postgresql.confkuwa la soo jeediyay. Halkan waa in la ogaadaa in xisaabiyeyaasha noocan oo kale ah aysan ahayn xabbad sixir ah, iyo saldhigga waa in si sax ah loo hagaajiyaa, iyada oo ku saleysan qalabkaaga, codsigaaga iyo kakanaanta weydiimaha. Laakiin tani waa ku filan tahay in la bilaabo.

Marka lagu daro jaangooyooyinka uu soo jeediyay xisaabiyaha, waxaan sidoo kale bedelnaa postgresql.confdekedda caadiga ah 5432 waxaa loo qoondeeyey mid kale (tusaale ahaan - 53983).

Ka dib markii aad bedesho faylka qaabeynta, dib u bilow postgresql-server oo wata amarka:

service postgresql restart

Waxaan rakibnay oo aan habeynay PostgreSQL. Hadda aynu abuurno xog-ururin, isticmaaleyaasha deegaanka dev iyo prod, oo aynu siino isticmaalayaasha xuquuqaha ay ku maareeyaan xogta macluumaadka:

$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT

BakayleMQ

Aan u gudubno rakibidda RabbitMQ, oo ah dallaal fariin ah oo loogu talagalay Celery. Ku rakibida Debian waa wax fudud:

wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb

sudo apt-get update
sudo apt-get install erlang erlang-nox

sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -

sudo apt-get update
sudo apt-get install rabbitmq-server

Ka dib markii la rakibo waxaan u baahanahay inaan abuurno vhostsIsticmaalayaasha oo sii xuquuqda lagama maarmaanka ah:

sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password 
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"

sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password 
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"

Redis

Hadda aynu rakibno oo habeyno qaybta ugu dambeysa ee codsigeena - Redis. Waxaa loo isticmaali doonaa sidii dhabarka dambe si loo kaydiyo natiijooyinka hawlaha Selery.

Waxaan kor u qaadi doonaa laba weel oo Docker ah oo leh Redis oo loogu talagalay dev iyo bey'ada prod anagoo adeegsanayna kordhinta Docker ee Plesk.

1. Tag Plesk, aad qaybta Extensions, raadi kordhinta Docker oo ku rakib (waxaan u baahanahay nooca bilaashka ah):

   

2. Tag kordhinta rakiban, ka hel sawirka raadinta redis bitnami oo rakib nooca ugu dambeeyay:

   

3. Waxaan galeynaa weelka la soo dejiyey oo aan hagaajineynaa qaabeynta: sheeg dekedda, cabbirka RAM ee ugu badan ee loo qoondeeyey, erayga sirta ah ee doorsoomayaasha deegaanka, oo kor u qaad mugga:

   

4. Waxaan sameynaa tillaabooyinka 2-3 ee weelka prod, goobaha waxaan kaliya ka bedelnaa xuduudaha: dekeda, erayga sirta ah, cabbirka RAM iyo dariiqa galka mugga ee server-ka:

   

Diiwaanka Docker

Marka lagu daro adeegyada aasaasiga ah, way fiicnaan lahayd inaad ku rakibto kaydka sawirkaaga Docker ee server-ka. Nasiib wanaag, booska server-yada ayaa hadda aad u jaban (dhab ahaantii way ka jaban tahay rukunka DockerHub), iyo habka rakibidda kaydka gaarka ah waa mid aad u fudud.

Waxaan rabnaa inaan helno:

• Kaydka Docker ee erayga sirta ah lagu ilaaliyo ayaa laga heli karaa iyada oo loo marayo domain-hoosaad https://docker.helloworld.ru;
• Interface-ka UI ee daawashada sawirada kaydka, laga heli karo https://docker-ui.helloworld.ru.

Tani:

1. Aynu ku abuurno laba subdomain-hoosaadyada ku jira liiskayaga Plesk: docker.helloworld.ru iyo docker-ui.helloworld.ru, oo aynu u habaynno shahaadooyinka aan sireyno iyaga.
2. Kudar faylka docker.helloworld.ru gal-hoosaadyada docker-compose.yml oo xambaarsan nuxurka sida tan:

   version: "3"
   
   services:
     docker-registry:
       image: "registry:2"
       restart: always
       ports:
         - "53985:5000"
       environment:
         REGISTRY_AUTH: htpasswd
         REGISTRY_AUTH_HTPASSWD_REALM: basic-realm
         REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd
         REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
       volumes:
         - ./.docker-registry.htpasswd:/auth/.htpasswd
         - ./data:/data
   
     docker-registry-ui:
       image: konradkleine/docker-registry-frontend:v2
       restart: always
       ports:
         - "53986:80"
       environment:
         VIRTUAL_HOST: '*, https://*'
         ENV_DOCKER_REGISTRY_HOST: 'docker-registry'
         ENV_DOCKER_REGISTRY_PORT: 5000
       links:
         - 'docker-registry'
   

3. Hoosta SSH, waxaanu soo saari doonaa faylka .htpasswd ee oggolaanshaha aasaasiga ah ee kaydka Docker:

   htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password

4. Aan ururinno oo kor u qaadno weelasha:

   docker-compose up -d

5. Oo waxaan u baahanahay inaan Nginx u leexinno weelashayada. Tan waxaa lagu samayn karaa Plesk.

Tallaabooyinka soo socda ayaa loo baahan yahay in loo sameeyo docker.helloworld.ru iyo docker-ui.helloworld.ru subdomains:

qaybta Qalabka Dev websaydkayaga tag Xeerarka wakiillada Docker:

Oo ku dar xeer wakiil ka ah gaadiidka soo galaya weelkayaga:

1. Waxaan hubineynaa inaan ka soo gali karno weelkayaga mashiinka maxalliga ah:

   $ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password
   WARNING! Using --password via the CLI is insecure. Use --password-stdin.
   Login Succeeded

2. Aynu sidoo kale hubino shaqada docker-ui.helloworld.ru subdomain:

   
   Markaad gujiso Browse repositories, browserku wuxuu soo bandhigi doonaa daaqad ogolaansho halkaas oo aad u baahan doonto inaad geliso galitaanka iyo erayga sirta ah ee kaydka. Intaa ka dib waxa naloo wareejin doonaa bog leh liis kayd ah (hadda way madhnaan doontaa):

   

Furitaanka dekedaha ee Plesk Firewall

Ka dib marka la rakibo oo la habeeyo qaybaha, waxaan u baahanahay inaan furno dekedaha si qaybaha ay uga helaan weelasha Docker iyo shabakada dibadda.

Aynu aragno sida tan loo sameeyo anagoo adeegsanayna tusaalaha fidinta Firewall ee Plesk ee aan horay ugu rakibnay.

1. Tag Tools & Settings > Settings > Firewall:
   
2. Tag Wax ka beddel Plesk Xeerarka Dab-damiska> Ku dar Xeerka Gaarka ah oo u fur dekedaha TCP ee soo socda shabakada Docker (172.0.0.0 / 8):
   RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
   Redis: 32785, 32786

   

3. Waxaan sidoo kale ku dari doonaa sharci u furi doona dekedaha PostgreSQL iyo guddiga maamulka RabbitMQ ee adduunka ka baxsan:

   

4. Codso xeerarka adoo isticmaalaya badhanka Codso Isbedelka:

   

Dejinta CI/CD gudaha Github Actions

Aan gaadhno qaybta ugu xiisaha badan - dejinta dhuumaha isdhexgalka joogtada ah iyo gaarsiinta mashruuceena server-ka.

Dhuuntani waxay ka koobnaan doontaa laba qaybood:

• dhisidda sawirka iyo imtixaannada orodka (ee dhabarka dambe) - dhinaca Github;
• bilaabida guuritaanka (ee dhabarka dambe) iyo geynta weelasha serverka.

U dir Plesk

Aynu marka hore wax ka qabanno qodobka labaad (maadaama kan hore ku xidhan yahay).

Waxaan habayn doonaa habka dirista anagoo adeegsanayna fidinta Git ee Plesk.

Aynu eegno tusaale leh deegaanka Prod ee kaydka Backend.

1. Waxaan tagnaa isdiiwaangelinta degelkeena Helloworld oo aad tagtid qaybta Git:

   

2. Ku dheji xidhiidhka kaydkayaga Github galka "Remote Git repository" oo beddel galka caadiga ah httpdocs mid kale (tusaale ahaan, /httpdocs/hw_back):

   

3. Ka guuri furaha Dadweynaha SSH tallaabadii hore iyo ku dar waxa ku jira goobaha Github.
4. Guji OK shaashadda tallaabada 2, ka dib waxaa naloogudbiyey bogga kaydka ee Plesk. Hadda waxaan u baahanahay inaan habeyno kaydka si aan u cusboonaysiino marka aan ka go'aneyno laanta sayidkiisa. Si tan loo sameeyo, u tag Dejinta Kaydka oo badbaadi qiimaha Webhook URL (waxaan u baahan doonaa tan dambe marka la dejinayo Tallaabooyinka Github):

   

5. Goobta ficilada ee shaashadda ee cutubka hore, geli qoraalka si aad u bilowdo hawlgelinta:

   cd {REPOSITORY_ABSOLUTE_PATH}
   .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID} 

   meesha:

   {REPOSITORY_ABSOLUTE_PATH} - dariiqa loo maro galka kaydka dhabarka dambe ee server-ka;
   {ENV} - deegaanka (dev/prod), xaaladeena prod;
   {DOCKER_REGISTRY_HOST} - martigeliyaha kaydka docker our
   {TG_BOT_TOKEN} - Telegram bot token;
   {TG_CHAT_ID} - Aqoonsiga kanaalka/Chat si aad u dirto ogeysiisyada.

   Tusaale qoraalka:

   cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/
   .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890

6. Waxaan ku darnaa isticmaale ka mid noqoshadayada kooxda Docker (si uu u maareeyo weelasha):

   sudo usermod -aG docker helloworld_admin

Deegaanka Dev ee kaydka dambeedka iyo hore ee hore ayaa loo habeeyey si la mid ah.

Gelida Dhuumaha ee Tallaabooyinka Github

Aan u gudubno dejinta qaybta koowaad ee dhuumahayada CI/CD ee Github Actions.

Backend

Dhuumaha waxaa lagu sifeeyaa deploy.yml.

Laakin ka hor intaanan kala saarin, aan buuxino doorsoomayaasha sirta ah ee aan uga baahanahay Github. Si tan loo sameeyo, u tag Dejinta -> Sirta:

• DOCKER_REGISTRY - martigeliyaha kaydkayaga Docker (docker.helloworld.ru);
• DOCKER_LOGIN - gal bakhaarka Docker;
• DOCKER_PASSWORD - sirta ah ee;
• DEPLOY_HOST - martigeliyaha kaas oo ay diyaar ku yihiin guddiga maamulka Plesk (tusaale: helloworld.ru: 8443 ama 123.4.56.78:8443);
• DEPLOY_BACK_PROD_TOKEN - calaamad u ah geynta kaydka alaabta ee server-ka (waxaan ku helnay Deployment in Plesk, tallaabada 4);
• DEPLOY_BACK_DEV_TOKEN - calaamad u ah dirida kaydka dev ee serverka.

Habka diristu waa sahlan yahay wuxuuna ka kooban yahay saddex tillaabo oo waaweyn:

• dhismaha iyo daabacaadda sawirka ee kaydkayaga;
• Ku socodsiinta imtixaannada weel ku salaysan sawir cusub oo la soo ururiyey;
• geynta deegaanka la rabo iyadoo ku xiran laanta (dev/master).

frontend

Deploy.yml ee kaydinta hore wax badan kama duwana kan Bekov. Waxay seegaysaa tallaabada imtixaannada oo waxay beddeshaa magacyada calaamadaha hawlgelinta. Siraha kaydka hore, habka, waxay u baahan yihiin in si gaar ah loo buuxiyo.

Dejinta goobta

Ka wakiil ah taraafikada Nginx

Hagaag, waxaan gaadhnay dhamaadka. Waxa kaliya ee hadhay waa in la habeeyo wakiil ka ah taraafikada soo galaya iyo kuwa baxaya weelkayaga Nginx. Waxaan horey u soo daboolnay habkan tallaabada 5 ee dejinta Diiwaanka Docker. Wax la mid ah ayaa loo baahan yahay in lagu celiyo qaybaha dambe iyo hore ee deegaanka dev iyo prod.

Waxaan bixin doonaa shaashadaha goobaha

Backend

frontend

Ажное уточнение. Dhammaan URL-yada waxa lagu xidhi doonaa weelka hore, marka laga reebo kuwa ku bilaabmaya /api/ - waxay ku xidhnaan doonaan weelka dambe (sida ku jira weelka dambe dhammaan gacan-qabayaashu waa inay ku bilaabaan /api/).

Natiijooyinka

Hadda boggayagu waa in laga heli karaa helloworld.ru iyo dev.helloworld.ru (prod iyo dev environments, siday u kala horreeyaan).

Wadar ahaan, waxaan baranay sida loogu diyaariyo codsi fudud oo ku jira Flask iyo Angular waxaanan dejinay dhuumo gudaha Github Actions si loogu soo rogo server-ka ku shaqeeya Plesk.

Waxaan ku koobi doonaa isku xirka meelaha kaydka ah ee koodka: dhabarka dambe, dhamaadka hore.

Source: www.habr.com