docker-compose.test.yml Imtixaannada la wado inta lagu jiro hawlgalinta;
docker-compose.yml si loo geeyo.
Galka ugu dambeeya ee danta noo ah waa .ci-cd. Waxay ka kooban tahay qoraallada qolofka ee la geynayo:
deploy.sh - bilaabista socdaalka iyo hawlgelinta. Lagu bilaabay server-ka ka dib dhisitaanka iyo socodsiinta imtixaanada Github Actions;
rollback.sh - weelasha dib loogu celiyo nuqulkii hore ee shirka;
curl_tg.sh - u dirida ogeysiisyada geynta Telegram.
Frontend oo xagal ah
Kaydka hore oo leh aad uga fudud Bekov's. Dhinaca hore waxa uu ka kooban yahay saddex bog:
Bogga hoyga oo wata foom lagu dirayo iimayl iyo badhanka ka bixida
Boga galitaanka
Bogga diiwaangelinta.
Bogga ugu weyn wuxuu u muuqdaa mid aan fiicneyn:
Laba fayl ayaa ku jira xididka Dockerfile ΠΈ docker-compose.yml, iyo sidoo kale galka la yaqaan .ci-cd oo leh tiro qoraallo ah oo waxyar ka yar marka loo eego kaydka dambe ( qoraallada imtixaannada socda waa la saaray).
Mashruuc laga bilaabayo Plesk
Aan ku bilowno samaynta Plesk iyo abuurista rukunka boggayaga.
Let's Encrypt abuurista (iyo dib-u-cusboonaysiinta) shahaadooyinka TLS ee bilaashka ah;
Firewall si loo habeeyo shaandhaynta taraafikada soo galaya.
Waxaad ku rakibi kartaa iyaga adoo adeegsanaya maamulka Plesk ee qaybta Kordhinta:
Ma tixgelin doono qaabeynta faahfaahsan ee kordhinta; ujeedooyinkayaga demo, goobaha caadiga ah ayaa ku haboonaan doona.
Abuuritaanka rukunka iyo mareegaha
Marka xigta, waxaan u baahanahay inaan u abuurno rukunsad shabakadeena helloworld.ru oo aan ku darno subdomain dev.helloworld.ru halkaas.
Waxaan u abuurnaa rukunsad helloworld.ru domain oo aan u sheegnaa erayga sirta ah ee isticmaalaha nidaamka:
Calaamadee sanduuqa hoose ee bogga Ku xafid domainka Aynu Sirinno, haddii aan rabno in aan u habeyno HTTPS goobta:
Marka xigta, is-diiwaangelintan, waxaan ku abuureynaa dev.helloworld.ru-hoosaad (kaas oo aad sidoo kale bixin karto shahaadada TLS ee bilaashka ah):
Ku rakibida qaybaha server-ka
Waxaan leenahay server leh Bixinta OS Debian Stretch 9.12 oo lagu rakibay guddiga xakamaynta Plesk Obsidian 18.0.27.
Waxaan u baahanahay inaan rakibno oo aan u habeyno mashruucayaga:
PostgreSQL (xaaladkeena waxaa jiri doona hal server oo leh laba kayd oo loogu talagalay deegaanka dev iyo prod).
RabbitMQ (wax la mid ah, hal tusaale oo leh vhosts kala duwan ee deegaanka).
Laba tusaale oo Redis ah (oo loogu talagalay deegaan dev iyo prod).
Diiwaanka Docker (oo loogu talagalay kaydinta maxalliga ah ee sawirada Docker ee la soo ururiyey).
Interface UI ee diiwaanka Docker.
PostgreSQL
Plesk waxay horey ula timid PostgreSQL DBMS, laakiin ma aha nuqulkii ugu dambeeyay (waqtiga qoraalka Plesk Obsidian taageeray Noocyada Postgres 8.4-10.8). Waxaan rabnaa nooca ugu dambeeyay ee codsigeena (12.3 waqtiga qorista), markaa waxaan ku rakibi doonaa gacanta.
Waxaa jira tilmaamo badan oo faahfaahsan oo ku saabsan ku rakibida Postgres Debian online (Tusaale), markaa si faahfaahsan uguma sifayn doono, kaliya waxaan ku siin doonaa amarada:
Iyadoo la tixgalinayo in PostgreSQL ay leedahay qaab-dhismeed dhexdhexaad ah oo dhexdhexaad ah, waa lagama maarmaan in la hagaajiyo qaabeynta. Tani way ina caawin doontaa xisaabiyaha: waxaad u baahan tahay inaad geliso xuduudaha server-kaaga oo aad bedesho goobaha faylka /etc/postgresql/12/main/postgresql.confkuwa la soo jeediyay. Halkan waa in la ogaadaa in xisaabiyeyaasha noocan oo kale ah aysan ahayn xabbad sixir ah, iyo saldhigga waa in si sax ah loo hagaajiyaa, iyada oo ku saleysan qalabkaaga, codsigaaga iyo kakanaanta weydiimaha. Laakiin tani waa ku filan tahay in la bilaabo.
Marka lagu daro jaangooyooyinka uu soo jeediyay xisaabiyaha, waxaan sidoo kale bedelnaa postgresql.confdekedda caadiga ah 5432 waxaa loo qoondeeyey mid kale (tusaale ahaan - 53983).
Ka dib markii aad bedesho faylka qaabeynta, dib u bilow postgresql-server oo wata amarka:
service postgresql restart
Waxaan rakibnay oo aan habeynay PostgreSQL. Hadda aynu abuurno xog-ururin, isticmaaleyaasha deegaanka dev iyo prod, oo aynu siino isticmaalayaasha xuquuqaha ay ku maareeyaan xogta macluumaadka:
$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT
BakayleMQ
Aan u gudubno rakibidda RabbitMQ, oo ah dallaal fariin ah oo loogu talagalay Celery. Ku rakibida Debian waa wax fudud:
Hadda aynu rakibno oo habeyno qaybta ugu dambeysa ee codsigeena - Redis. Waxaa loo isticmaali doonaa sidii dhabarka dambe si loo kaydiyo natiijooyinka hawlaha Selery.
Waxaan kor u qaadi doonaa laba weel oo Docker ah oo leh Redis oo loogu talagalay dev iyo bey'ada prod anagoo adeegsanayna kordhinta Docker ee Plesk.
Tag Plesk, aad qaybta Extensions, raadi kordhinta Docker oo ku rakib (waxaan u baahanahay nooca bilaashka ah):
Tag kordhinta rakiban, ka hel sawirka raadinta redis bitnami oo rakib nooca ugu dambeeyay:
Waxaan galeynaa weelka la soo dejiyey oo aan hagaajineynaa qaabeynta: sheeg dekedda, cabbirka RAM ee ugu badan ee loo qoondeeyey, erayga sirta ah ee doorsoomayaasha deegaanka, oo kor u qaad mugga:
Waxaan sameynaa tillaabooyinka 2-3 ee weelka prod, goobaha waxaan kaliya ka bedelnaa xuduudaha: dekeda, erayga sirta ah, cabbirka RAM iyo dariiqa galka mugga ee server-ka:
Diiwaanka Docker
Marka lagu daro adeegyada aasaasiga ah, way fiicnaan lahayd inaad ku rakibto kaydka sawirkaaga Docker ee server-ka. Nasiib wanaag, booska server-yada ayaa hadda aad u jaban (dhab ahaantii way ka jaban tahay rukunka DockerHub), iyo habka rakibidda kaydka gaarka ah waa mid aad u fudud.
Waxaan rabnaa inaan helno:
Kaydka Docker ee erayga sirta ah lagu ilaaliyo ayaa laga heli karaa iyada oo loo marayo domain-hoosaad https://docker.helloworld.ru;
Aynu ku abuurno laba subdomain-hoosaadyada ku jira liiskayaga Plesk: docker.helloworld.ru iyo docker-ui.helloworld.ru, oo aynu u habaynno shahaadooyinka aan sireyno iyaga.
Oo waxaan u baahanahay inaan Nginx u leexinno weelashayada. Tan waxaa lagu samayn karaa Plesk.
Tallaabooyinka soo socda ayaa loo baahan yahay in loo sameeyo docker.helloworld.ru iyo docker-ui.helloworld.ru subdomains:
qaybta Qalabka Dev websaydkayaga tag Xeerarka wakiillada Docker:
Oo ku dar xeer wakiil ka ah gaadiidka soo galaya weelkayaga:
Waxaan hubineynaa inaan ka soo gali karno weelkayaga mashiinka maxalliga ah:
$ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
Aynu sidoo kale hubino shaqada docker-ui.helloworld.ru subdomain:
Markaad gujiso Browse repositories, browserku wuxuu soo bandhigi doonaa daaqad ogolaansho halkaas oo aad u baahan doonto inaad geliso galitaanka iyo erayga sirta ah ee kaydka. Intaa ka dib waxa naloo wareejin doonaa bog leh liis kayd ah (hadda way madhnaan doontaa):
Furitaanka dekedaha ee Plesk Firewall
Ka dib marka la rakibo oo la habeeyo qaybaha, waxaan u baahanahay inaan furno dekedaha si qaybaha ay uga helaan weelasha Docker iyo shabakada dibadda.
Aynu aragno sida tan loo sameeyo anagoo adeegsanayna tusaalaha fidinta Firewall ee Plesk ee aan horay ugu rakibnay.
Tag Tools & Settings > Settings > Firewall:
Tag Wax ka beddel Plesk Xeerarka Dab-damiska> Ku dar Xeerka Gaarka ah oo u fur dekedaha TCP ee soo socda shabakada Docker (172.0.0.0 / 8):
RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
Redis: 32785, 32786
Waxaan sidoo kale ku dari doonaa sharci u furi doona dekedaha PostgreSQL iyo guddiga maamulka RabbitMQ ee adduunka ka baxsan:
Ku dheji xidhiidhka kaydkayaga Github galka "Remote Git repository" oo beddel galka caadiga ah httpdocs mid kale (tusaale ahaan, /httpdocs/hw_back):
Ka guuri furaha Dadweynaha SSH tallaabadii hore iyo ku dar waxa ku jira goobaha Github.
Guji OK shaashadda tallaabada 2, ka dib waxaa naloogudbiyey bogga kaydka ee Plesk. Hadda waxaan u baahanahay inaan habeyno kaydka si aan u cusboonaysiino marka aan ka go'aneyno laanta sayidkiisa. Si tan loo sameeyo, u tag Dejinta Kaydka oo badbaadi qiimaha Webhook URL (waxaan u baahan doonaa tan dambe marka la dejinayo Tallaabooyinka Github):
Goobta ficilada ee shaashadda ee cutubka hore, geli qoraalka si aad u bilowdo hawlgelinta:
cd {REPOSITORY_ABSOLUTE_PATH}
.ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID}
meesha:
{REPOSITORY_ABSOLUTE_PATH} - dariiqa loo maro galka kaydka dhabarka dambe ee server-ka; {ENV} - deegaanka (dev/prod), xaaladeena prod; {DOCKER_REGISTRY_HOST} - martigeliyaha kaydka docker our {TG_BOT_TOKEN} - Telegram bot token; {TG_CHAT_ID} - Aqoonsiga kanaalka/Chat si aad u dirto ogeysiisyada.
Tusaale qoraalka:
cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/
.ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890
Waxaan ku darnaa isticmaale ka mid noqoshadayada kooxda Docker (si uu u maareeyo weelasha):
sudo usermod -aG docker helloworld_admin
Deegaanka Dev ee kaydka dambeedka iyo hore ee hore ayaa loo habeeyey si la mid ah.
Gelida Dhuumaha ee Tallaabooyinka Github
Aan u gudubno dejinta qaybta koowaad ee dhuumahayada CI/CD ee Github Actions.
Ku socodsiinta imtixaannada weel ku salaysan sawir cusub oo la soo ururiyey;
geynta deegaanka la rabo iyadoo ku xiran laanta (dev/master).
frontend
Deploy.yml ee kaydinta hore wax badan kama duwana kan Bekov. Waxay seegaysaa tallaabada imtixaannada oo waxay beddeshaa magacyada calaamadaha hawlgelinta. Siraha kaydka hore, habka, waxay u baahan yihiin in si gaar ah loo buuxiyo.
Dejinta goobta
Ka wakiil ah taraafikada Nginx
Hagaag, waxaan gaadhnay dhamaadka. Waxa kaliya ee hadhay waa in la habeeyo wakiil ka ah taraafikada soo galaya iyo kuwa baxaya weelkayaga Nginx. Waxaan horey u soo daboolnay habkan tallaabada 5 ee dejinta Diiwaanka Docker. Wax la mid ah ayaa loo baahan yahay in lagu celiyo qaybaha dambe iyo hore ee deegaanka dev iyo prod.
Waxaan bixin doonaa shaashadaha goobaha
Backend
frontend
ΠΠΆΠ½ΠΎΠ΅ ΡΡΠΎΡΠ½Π΅Π½ΠΈΠ΅. Dhammaan URL-yada waxa lagu xidhi doonaa weelka hore, marka laga reebo kuwa ku bilaabmaya /api/ - waxay ku xidhnaan doonaan weelka dambe (sida ku jira weelka dambe dhammaan gacan-qabayaashu waa inay ku bilaabaan /api/).
Natiijooyinka
Hadda boggayagu waa in laga heli karaa helloworld.ru iyo dev.helloworld.ru (prod iyo dev environments, siday u kala horreeyaan).
Wadar ahaan, waxaan baranay sida loogu diyaariyo codsi fudud oo ku jira Flask iyo Angular waxaanan dejinay dhuumo gudaha Github Actions si loogu soo rogo server-ka ku shaqeeya Plesk.