Muddo aan fogayn waxa aan u baahday in aan qoro buugaag-ciyaareed badan oo macquul ah si aan ugu diyaariyo server-ka si loo geeyo codsiga Rails. Iyo, la yaab leh, ma aanan helin buug-tallaabo-tallaabo fudud. Ma aanan rabin in aan nuqul ka sameeyo buug-ciyaareedka qof kale aniga oo aan fahmin waxa dhacaya, ugu dambeyntiina waa in aan akhriyo dukumentiga, aniga oo ururinaya wax walba. Waxaa laga yaabaa in aan qof ka caawin karo in uu dedejiyo hawshan iyadoo la kaashanayo maqaalkan.
Waxa ugu horreeya ee la fahmi karo ayaa ah in suurtogalka ah uu ku siinayo is-dhexgal ku habboon si aad u sameyso liis horay loo sii qeexay ee ficillada server-yada fog ee loo maro SSH. Ma jiro wax sixir ah halkan, ma rakibi kartid plugin oo ma heli kartid meelaynta wakhtiga dhimista ee codsigaaga oo leh docker, kormeer iyo waxyaabo kale oo wanaagsan oo ka baxsan sanduuqa. Si aad u qorto buug-ciyaareed, waa in aad taqaan waxa aad rabto in aad samayso iyo sida loo sameeyo. Taasi waa sababta aanan ugu qanacsanayn buugaag-ciyaaraha diyaarsan ee GitHub, ama maqaallada sida: "Koobi oo socodsii, way shaqayn doontaa."
Maxaan u baahanahay?
Sidaan horeyba u sheegay, si aad u qorto buug-ciyaareed waxaad u baahan tahay inaad ogaato waxaad rabto inaad sameyso iyo sida loo sameeyo. Aan go'aansanno waxa aan u baahanahay. Codsiga tareenada waxaan u baahan doonaa dhowr xirmooyin nidaamka: nginx, postgresql (redis, iwm). Intaa waxaa dheer, waxaan u baahannahay nooc gaar ah oo Ruby ah. Way fiicantahay in lagu rakibo iyada oo loo marayo rbenv (rvm, asdf...). Ku shaqeynta waxaas oo dhan sida isticmaalaha xididka had iyo jeer waa fikrad xun, markaa waxaad u baahan tahay inaad abuurto isticmaale gooni ah oo aad dejiso xuquuqdiisa. Taas ka dib, waxaad u baahan tahay inaad geliso koodkayaga server-ka, nuqul ka samee qaabeynta nginx, postgres, iwm oo aad bilowdo dhammaan adeegyadan.
Natiijo ahaan, isku xigxiga falalka waa sida soo socota:
- Soo gal sida xidid
- rakib xirmooyinka nidaamka
- samee isticmaale cusub, habee xuquuqaha, furaha ssh
- habee xirmooyinka nidaamka (nginx iwm) oo socodsii
- Waxa aanu ku abuurnay isticmaale kaydka xogta (waxaad isla markiiba samayn kartaa xog-ururin)
- Soo gal isticmaale cusub ahaan
- Ku rakib rbenv iyo ruby
- Ku rakibida xidhmada
- Soo dejinta koodka codsiga
- Daahfurka server-ka Puma
Waxaa intaa dheer, marxaladaha ugu dambeeya waxaa lagu samayn karaa iyadoo la isticmaalayo capistrano, ugu yaraan ka baxsan sanduuqa waxay koobi kartaa koodka tusaha sii daynta, u beddelo sii-deynta oo leh calaamad marka la geeyo meelaynta si guul leh, nuqul ka mid ah hagaha la wadaago, dib u bilaabo puma, iwm. Waxaas oo dhan waxaa lagu samayn karaa iyadoo la isticmaalayo macquul ah, laakiin sababta?
Qaab dhismeedka faylka
Aansible ayaa adag dhammaan faylalkaaga, markaa waxa fiican inaad dhammaan ku hayso hage gaar ah. Waxaa intaa dheer, aad muhiim uma aha haddii ay ku jiri doonto codsiga tareenada laftiisa, ama si gooni ah. Waxaad ku kaydin kartaa faylasha meel gooni ah oo git ah. Shakhsi ahaan, waxaan u arkay inay aad ugu habboon tahay in la abuuro hage macquul ah tusaha / habaynta ee codsiga tareenada oo wax walba ku kaydiso hal kayd.
Buuga Ciyaarta Fudud
Playbook waa fayl yml ah oo isticmaalaya syntax gaar ah, qeexaya waxa macquulka ah waa in uu sameeyo iyo sida. Aynu abuurno buug-ciyaareedka ugu horreeya ee aan waxba qaban:
---
- name: Simple playbook
hosts: allHalkan waxaan si fudud u nidhaahnaa buug-ciyaareedkayaga ayaa la yidhaahdaa Simple Playbook iyo in waxa ku jira loo fuliyo dhammaan martida loo yahay. Waxaan ku kaydin karnaa /tusaha macquulka ah ee magaca leh playbook.yml isku day inaad orod:
ansible-playbook ./playbook.yml
PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matchedAansible ayaa sheegay in aanay garanayn martigeliyayaal ku habboon liiska oo dhan. Waa in lagu qoraa liis gaar ah .
Aan ku abuurno isla hagaha macquulka ah:
123.123.123.123Tani waa sida aan si fudud u qeexno martida loo yahay (sida ugu habboon martigeliyaha VPS ee tijaabinta, ama waxaad iska diiwaan gelin kartaa localhost) oo ku keydi magaca hoostiisa inventory.
Waxaad isku dayi kartaa inaad si macquul ah ugu socodsiiso faylka alaabada:
ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************
PLAY RECAP ************************************************************************************************************************************Haddii aad haysato ssh gelitaanka martigeliyaha la cayimay, markaa macquul ayaa isku xiri doonta oo ururin doonta macluumaadka ku saabsan nidaamka fog. (Hawsha caadiga ah [Xaqiiqooyinka Ururinta]) ka dib waxay bixin doontaa warbixin gaaban oo ku saabsan fulinta (PLAY RECAP).
Sida caadiga ah, xiriirku wuxuu isticmaalaa magaca isticmaalaha kaas oo aad ka hoos gasho nidaamka. Waxay u badan tahay inaysan joogi doonin martida loo yahay. Faylka buugga-ciyaaraha, waxaad ku qeexi kartaa isticmaaleha aad isticmaalayso si uu isugu xidho addoo isticmaalaya dardaaranka remote_user. Sidoo kale, macluumaadka ku saabsan habka fog-fog ayaa laga yaabaa in inta badan aan loo baahnayn adiga oo waa inaadan wakhti ku lumin ururinta. Hawshan sidoo kale waa la joojin karaa:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: noIsku day inaad mar kale socodsiiso buuga-ciyaaraha oo hubi in xidhiidhku shaqaynayo. (Haddii aad qeexday xididka isticmaalaha, markaa waxaad sidoo kale u baahan tahay inaad qeexdo noqoshada: dardaaranka runta ah si aad u hesho xuquuq sare. Sida ku qoran dukumeentiga: become set to βtrueβ/βyesβ to activate privilege escalation. inkastoo aan si buuxda loo caddayn sababta).
Waxaa laga yaabaa inaad hesho qalad ay sababtay xaqiiqda ah in aan macquul ahayn ma go'aamin karo turjumaanka Python, ka dib waxaad ku qeexi kartaa gacanta:
ansible_python_interpreter: /usr/bin/python3 Waxaad ku ogaan kartaa meesha aad ku leedahay Python amarka whereis python.
Ku rakibida xirmooyinka nidaamka
Qaybinta caadiga ah ee Ansible waxaa ku jira qaybo badan oo loogu talagalay la shaqeynta xirmooyinka nidaamka kala duwan, markaa uma baahnid inaan qorno qoraallada bash sabab kasta ha noqotee. Hadda waxaan u baahanahay mid ka mid ah cutubyadan si aan u cusboonaysiino nidaamka oo aan u rakibno xirmooyinka nidaamka. Waxaan ku hayaa Ubuntu Linux VPS-kayga, si aan u rakibo baakadaha aan isticmaalo apt-get ΠΈ . Haddii aad isticmaalayso nidaam hawlgal oo kala duwan, markaa waxaa laga yaabaa inaad u baahato module kale (xusuusnow, waxaan idhi bilawgii inaan u baahanahay inaan horay u sii ogaano waxa iyo sida aan samayn doono). Si kastaba ha ahaatee, syntax waxay u badan tahay inay la mid noqoto.
Aynu ku kabayno buug-yarahayada hawlaha ugu horreeya:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: presentHawshu waa hawsha uu ku qaban karo adeegayaasha fogfog. Hawsha waxaan siinaa magac si aan ula socono fulinteeda logga. Oo waxaan ku qeexnaa, isticmaalaya syntax ee module gaar ah, waxa ay u baahan tahay in la sameeyo. Kiiskan apt: update_cache=yes - ayaa sheegay in la cusboonaysiiyo baakadaha nidaamka adoo isticmaalaya moduleka ku habboon. Amarka labaad waa ka yara adag yahay. Waxaan u gudbinaa liiska xirmooyinka moduleka ku habboon waxaanan niraahnaa waa ay jiraan state waa inay noqotaa present, taas oo ah, waxaan dhahnaa ku rakib xirmooyinkan. Si la mid ah, waxaan u sheegi karnaa inay tirtiraan, ama cusbooneysiiyaan iyaga oo si fudud u beddelaya state. Fadlan ogow in tareenada si ay ugu shaqeeyaan postgresql waxaan u baahanahay xirmada postgresql-contrib, kaas oo aan hadda rakibeyno. Mar labaad, waxaad u baahan tahay inaad ogaato oo tan sameyso; mid macquul ah keligiis ma sameyn doono tan.
Isku day inaad mar kale socodsiiso buug-ciyaaraha oo hubi in baakooyinka la rakibay.
Abuuritaanka isticmaalayaasha cusub.
Si aad ula shaqeyso isticmaalayaasha, Ansible wuxuu kaloo leeyahay module - isticmaale. Aan ku darno hal hawl oo kale (waxaan ka qariyay qaybaha hore loo yaqaan ee buug-ciyaaraha gadaasha faallooyinka si aanan u koobiyayn gabi ahaanba mar kasta):
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: my_user
shell: /bin/bash
password: "{{ 123qweasd | password_hash('sha512') }}"Waxaan abuurnaa isticmaale cusub, waxaan u dejinay schell iyo erayga sirta ah. Ka dibna waxaan la kulannaa dhibaatooyin dhowr ah. Maxaa dhacaya haddii isticmaalayaashu ay u baahan yihiin inay ka duwanaadaan kuwa martida loo yahay? Oo ku kaydinta erayga sirta ah qoraal cad oo ku jira buugga ciyaarta waa fikrad aad u xun. Si aan ku bilowno, aan dhigno isticmaale-magaca iyo furaha sirta ah doorsoomayaasha, iyo dhammaadka maqaalka waxaan tusi doonaa sida loo xafido erayga sirta ah.
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"Kala duwanaanshuhu waxa lagu dejiyey buugaagta ciyaarta iyadoo la isticmaalayo labajibbaaro laablaaban.
Waxaan ku tusi doonaa qiyamka doorsoomayaasha faylka alaabada:
123.123.123.123
[all:vars]
user=my_user
user_password=123qweasdFadlan la soco dardaaranka [all:vars] - waxay sheegaysaa in qoraalka xiga ee xiga uu yahay doorsoomayaasha (vars) waxayna khuseeyaan dhammaan martigeliyaha (dhammaan).
Naqshadaynta sidoo kale waa mid xiiso leh "{{ user_password | password_hash('sha512') }}". Shaydu waa in aan macquul ahayn ma rakibi user via user_add sida aad gacanta ugu samayn lahayd. Waxayna si toos ah u keydineysaa dhammaan xogta, waana sababta ay tahay in aan sidoo kale u beddelno furaha sirta ah ka hor xashiish, taas oo ah waxa amarkani sameeyo.
Aan kudarno isticmaaleyahayaga kooxda sudo Si kastaba ha ahaatee, tan ka hor waxaan u baahannahay inaan hubinno in kooxdan oo kale ay jiraan sababtoo ah qofna sidan naguma sameyn doono:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"Wax walba waa sahlan yihiin, waxaan sidoo kale haysanaa koox kooxeed abuurista kooxo, oo leh syntax aad ula mid ah ku habboon. Markaa waa ku filan inaad iska diiwaan geliso kooxdan isticmaalaha (groups: "sudo").
Waxa kale oo faa'iido leh in lagu daro furaha ssh isticmaalahan si aan u galno annaga oo adeegsanayna furaha sirta ah:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentXaaladdan oo kale, naqshaduhu waa mid xiiso leh "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - waxay koobiyaysaa waxa ku jira faylka id_rsa.pub (magacaagu wuu ka duwanaan karaa), yacni, qaybta dadwaynaha ee furaha ssh oo ay galiyaan liiska furayaasha idman ee isticmaalaha serverka.
Doorarka
Dhammaan saddexda hawlood ee abuurista isticmaal si fudud ayaa loo kala saari karaa hal koox oo hawlo ah, waxaana fiicnaan lahayd in kooxdan loo kaydiyo si gooni ah buug-ciyaareedka ugu weyn si aanay u koraan. Ujeedadan awgeed, Ansible ayaa leh .
Marka loo eego qaab dhismeedka faylka lagu tilmaamay bilowga hore, doorarka waa in lagu meeleeyaa buug door gaar ah, door kasta waxaa jira hage gaar ah oo isku magac ah, gudaha hawlaha, faylasha, qaab-dhismeedka, iwm.
Aan abuurno qaab dhismeedka faylka: ./ansible/roles/user/tasks/main.yml (ugu weyni waa faylka ugu weyn ee la rari doono oo la fulin doono marka doorka lagu xiro buug-ciyaareedka; faylasha kale ee doorka ayaa lagu xiri karaa). Hadda waxaad ku wareejin kartaa dhammaan hawlaha la xidhiidha isticmaalaha faylkan:
# Create user and add him to groups
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentBuugga-ciyaaraha ugu weyn, waa inaad ku qeexdaa si aad u isticmaasho doorka isticmaalaha:
---
- name: Simple playbook
hosts: all
remote_user: root
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: present
roles:
- userSidoo kale, waxay macno samayn kartaa in la cusboonaysiiyo nidaamka ka hor dhammaan hawlaha kale; si tan loo sameeyo, waxaad dib u magacaabi kartaa block tasks kuwaas oo ay ku qeexan yihiin pre_tasks.
Dejinta nginx
Waa inaan horay u haysanaa Nginx; waxaan u baahanahay inaan habeyno oo aan wadno. Aynu isla markiiba samayno doorka. Aan abuurno qaab dhismeedka faylka:
- ansible
- roles
- nginx
- files
- tasks
- main.yml
- templatesHadda waxaan u baahanahay faylal iyo qaabab. Farqiga u dhexeeya iyaga ayaa ah in nuqullo macquul ah si toos ah loo koobi karo, sidoo kale. Qaababyaduna waa inay lahaadaan fidinta j2 waxayna isticmaali karaan qiyamka doorsooma iyagoo isticmaalaya isku-xidhka laablaaban ee isku midka ah.
Aynu awoodno nginx gudaha main.yml fayl. Tan waxaan u haynaa module habaysan:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yesHalkan kaliya kuma nidhaahno nginx waa in la bilaabo (taasi waa, waanu furaynaa), laakiin waxaanu isla markiiba nidhaahnaa waa in la dhaqaajiyaa.
Hadda aynu nuqul ka samayno faylasha qaabaynta:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'Waxaan abuurnaa faylka qaabeynta nginx ee ugu weyn (waxaad si toos ah uga qaadan kartaa server-ka, ama adigu qor naftaada). Iyo sidoo kale faylka qaabeynta ee codsigeena ku yaal boggaga_tusaha la heli karo (tani lagama maarmaan maaha laakiin faa'iido leh). Xaaladda koowaad, waxaan isticmaalnaa moduleka nuqulka si aan u koobiyeyno faylasha (faylka waa inuu ku jiraa /ansible/roles/nginx/files/nginx.conf). Marka labaad, waxaan nuqul ka samaynaa template, beddelo qiimaha doorsoomayaasha. Template-ku waa inuu ku jiraa /ansible/roles/nginx/templates/my_app.j2). Waxayna u ekaan kartaa wax sidan oo kale ah:
upstream {{ app_name }} {
server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name {{ server_name }} {{ inventory_hostname }};
root {{ app_path }}/current/public;
try_files $uri/index.html $uri.html $uri @{{ app_name }};
....
}Fiiro gaar ah u yeelo geliyaasha {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} - kuwani waa dhammaan doorsoomayaasha kuwaas oo qiyamkooda la awoodi karo lagu beddeli doono template ka hor inta aan la koobiynayn. Tani waa faa'iido haddii aad u isticmaasho buug-ciyaareed kooxaha kala duwan ee martida loo yahay. Tusaale ahaan, waxaan ku dari karnaa faylka alaabadayada:
[production]
123.123.123.123
[staging]
231.231.231.231
[all:vars]
user=my_user
user_password=123qweasd
[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app
[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_appHaddii aan hadda bilowno buug-ciyaareedkayaga, waxay qaban doontaa hawlaha la cayimay ee labada martigeliyaha. Laakiin isla mar ahaantaana, loogu talagalay martigeliyaha, doorsoomayaashu waxay ka duwanaan doonaan kuwa wax soo saarka, oo ma aha oo kaliya doorarka iyo buugaagta ciyaarta, laakiin sidoo kale qaababka nginx. {{ inventory_hostname }} Looma baahna in lagu qeexo faylka alaabada - kan waxaana halkaa ku kaydsan martigaliyaha uu buuggu hadda ku shaqaynayo.
Haddii aad rabto inaad haysato faylka alaabada ee dhowr martigaliyayaasha, laakiin u orda kaliya hal koox, tan waxaa lagu samayn karaa amarka soo socda:
ansible-playbook -i inventory ./playbook.yml -l "staging"Ikhtiyaar kale ayaa ah in la haysto faylal alaab oo kala duwan oo kooxo kala duwan ah. Ama waxaad isku dari kartaa labada hab haddii aad leedahay marti-geliyayaal badan oo kala duwan.
Aan ku laabano dejinta nginx. Ka dib koobiynta faylalka qaabeynta, waxaan u baahanahay inaan ku abuurno symlink sitest_enabled to my_app.conf ka sites_available. Oo dib u bilow nginx.
... # old code in mail.yml
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restartedWax walba waa ku fudud yihiin halkan - mar labaad modules macquul ah oo leh syntax caadi ah. Laakiin waxaa jira hal dhibic. Ma jirto wax macno ah in dib loo bilaabo nginx mar kasta. Miyaad dareentay inaannan u qorin amarrada sida: "sidan u samee", syntax waxay u egtahay "tani waa inay lahaataa xaaladdan". Inta badanna tani waa sida saxda ah ee ay u shaqeyso. Haddii kooxdu ay hore u jirtay, ama xirmada nidaamka mar hore ayaa la rakibay, ka dibna macquul ayaa hubin doona tan oo ka booda hawsha. Sidoo kale, faylasha lama koobiyn doono haddii ay si buuxda u dhigmaan wixii horeba ugu jiray serfarka. Waxaan ka faa'iideysan karnaa tan oo dib u bilaabi karnaa nginx kaliya haddii faylasha qaabeynta la bedelay. Waxaa jira dardaaranka diiwaanka tan:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
register: restart_nginx
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'
register: restart_nginx
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restarted
when: restart_nginx.changedHaddii mid ka mid ah faylalka qaabaynta uu isbedelo, koobi ayaa la samayn doonaa oo doorsoomuhu waa la diwaangelinayaa restart_nginx. Oo keliya haddii doorsoomahan la diiwaan geliyay ayaa adeegga dib loo bilaabayaa.
Iyo, dabcan, waxaad u baahan tahay inaad ku darto doorka nginx buug-ciyaaraha ugu weyn.
Dejinta postgresql
Waxaan u baahanahay inaan awoodno postgresql iyadoo la adeegsanayo systemd si la mid ah sidii aan ku samaynay nginx, oo aan sidoo kale abuurno isticmaale aan u adeegsan doono si aan u galno xogta iyo xogta lafteeda.
Aan abuurno door /ansible/roles/postgresql/tasks/main.yml:
# Create user in postgresql
- name: enable postgresql and start
systemd:
name: postgresql
state: started
enabled: yes
- name: Create database user
become_user: postgres
postgresql_user:
name: "{{ db_user }}"
password: "{{ db_password }}"
role_attr_flags: SUPERUSER
- name: Create database
become_user: postgres
postgresql_db:
name: "{{ db_name }}"
encoding: UTF-8
owner: "{{ db_user }}"Ma qeexi doono sida loogu daro doorsoomayaasha alaabada, tani mar hore ayaa la sameeyay marar badan, iyo sidoo kale syntax ee postgresql_db iyo postgresql_user modules. Macluumaad dheeraad ah ayaa laga heli karaa dukumeentiyada. Dardaaranka ugu xiisaha badan halkan waa become_user: postgres. Xaqiiqdu waxay tahay in sida caadiga ah, kaliya isticmaalaha postgres uu heli karo xogta postgresql oo kaliya gudaha. Dardaarankani waxa uu noo ogolaanayaa in aanu fulino amarada annagoo ku hadlaya magaca isticmaalaha (haddii aanu galno, dabcan).
Sidoo kale, waxaa laga yaabaa inaad ku darto xariiq pg_hba.conf si aad ugu ogolaato isticmaale cusub inuu galo xogta xogta. Tan waxaa loo samayn karaa si la mid ah sidii aan u bedelnay qaabka nginx.
Dabcan, waxaad u baahan tahay inaad ku darto doorka postgresql buug-ciyaaraha ugu weyn.
Ku rakibida ruby ββiyada oo loo marayo rbenv
Aansible ma laha modules la shaqaynta rbenv, laakiin waxaa lagu rakibay by cloning a git repository ah. Sidaa darteed, dhibaatadani waxay noqotaa midda ugu badan ee aan caadiga ahayn. Aynu door u abuurno /ansible/roles/ruby_rbenv/main.yml oo aan bilowno buuxinta:
# Install rbenv and ruby
- name: Install rbenv
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenvWaxaan mar labaad u isticmaalnaa dardaaranka become_user si aan uga hoos shaqeyno isticmaaleha aan u abuurnay ujeedooyinkan. Maadaama rbenv lagu rakibay tusaha gurigeeda, oo aan caalami ahayn. Waxaan sidoo kale u isticmaalnaa moduleka git si aan u xirno kaydka, annagoo tilmaamayno repo iyo dest.
Marka xigta, waxaan u baahanahay inaan iska diiwaan geliyo rbenv init gudaha bashrc oo aan ku darno rbenv PATH halkaas. Tan waxaan u haynaa moduleka lineinfile:
- name: Add rbenv to PATH
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'
- name: Add rbenv init to bashrc
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'eval "$(rbenv init -)"'Markaa waxaad u baahan tahay inaad rakibto ruby_build:
- name: Install ruby-build
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-buildOo ugu dambeyntii rakib Ruby. Tan waxaa lagu sameeyaa iyada oo loo marayo rbenv, taas oo ah, si fudud amarka bash:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
rbenv install {{ ruby_version }}
args:
executable: /bin/bashWaxaan leenahay amarka la fulinayo iyo waxa. Si kastaba ha ahaatee, halkan waxaan ku soo aragnay xaqiiqda ah in aan macquul ahayn ma socodsiiyo koodka ku jira bashrc ka hor inta aan la socon amarrada. Tani waxay ka dhigan tahay in rbenv ay tahay in si toos ah loogu qeexo isla qoraalka.
Dhibaatada soo socota waxaa sabab u ah xaqiiqda ah in taliska qolofku aanu lahayn dawlad marka laga eego aragtida macquulka ah. Taasi waa, ma jiri doonto hubin toos ah in nooca ruby ββββlagu rakibay iyo in kale. Waxaan samayn karnaa tan nafteena:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
if ! rbenv versions | grep -q {{ ruby_version }}
then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
fi
args:
executable: /bin/bashWaxa hadhay waa in lagu rakibo xidhmo:
- name: Install bundler
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
gem install bundlerMar labaad, ku dar doorkayaga ruby_rbenv buugga-ciyaaraha ugu weyn.
Faylasha la wadaago
Guud ahaan, habaynta ayaa lagu dhammayn karaa halkan. Marka xigta, waxa hadhay oo dhan waa in la ordo capistrano oo waxay koobi doontaa koodhka laftiisa, abuurtaa tusaha lagama maarmaanka ah oo bilaw codsiga (haddii wax walba si sax ah loo habeeyo). Si kastaba ha noqotee, capistrano wuxuu inta badan u baahan yahay faylal qaabeyn oo dheeri ah, sida database.yml ama .env Waxaa loo koobiyn karaa sida faylalka iyo qaab-dhismeedka nginx. Waxaa jira hal qarsoodi oo kaliya. Kahor intaadan koobiyaynin faylasha, waxaad u baahan tahay inaad u abuurto qaab-dhismeedka hagaha, wax sidan oo kale ah:
# Copy shared files for deploy
- name: Ensure shared dir
become_user: "{{ user }}"
file:
path: "{{ app_path }}/shared/config"
state: directorywaxaanu cayimay hal buug oo kaliya oo macquul ah ayaa si toos ah u abuuri doona kuwa waalidka haddii loo baahdo.
Khasnadda macquulka ah
Waxaan mar hore la kulannay xaqiiqda ah in doorsoomayaashu ay ku jiri karaan xog sir ah sida erayga sirta ah ee isticmaalaha. Haddaad abuurtay .env faylka codsiga, iyo database.yml markaas waa inay jiraan xog aad u muhiim ah oo intaas ka sii badan. Way fiicnaan lahayd in laga qariyo indhaha soo jiidaya. Ujeedadaas awgeed ayaa loo isticmaalaa .
Aan u abuurno fayl doorsoomayaasha /ansible/vars/all.yml (halkan waxaad u abuuri kartaa faylal kala duwan kooxaha kala duwan ee martida loo yahay, sida faylka alaabada: production.yml, staging.yml, iwm).
Dhammaan doorsoomayaasha ay tahay in la sireeyo waa in lagu wareejiyaa faylkan iyadoo la adeegsanayo syntax yml caadiga ah:
# System vars
user_password: 123qweasd
db_password: 123qweasd
# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_baseTaas ka dib faylkan waxaa lagu qarin karaa amarka:
ansible-vault encrypt ./vars/all.ymlDabiici ahaan, marka aad sir gelinayso, waxaad u baahan doontaa inaad dejiso furaha sirta ah si aad u furto. Waxaad arki kartaa waxa ku jira faylka dhexdiisa kadib markaad wacdo amarkan.
Iyada oo gargaar ah ansible-vault decrypt faylka waa la furfuri karaa, wax laga beddeli karaa ka dibna mar kale waa la qarin karaa.
Uma baahnid inaad furto faylka si uu u shaqeeyo. Waxaad kaydisaa si qarsoodi ah oo waxaad ku socodsiisaa buugga ciyaarta doodda --ask-vault-pass. Macquulku wuxuu waydiin doonaa erayga sirta ah, wuxuu soo ceshan doonaa doorsoomayaasha, oo fulin doona hawlaha. Dhammaan xogta waxay ahaan doontaa mid sir ah
Amarka dhamaystiran ee dhowr kooxood oo martigeliyayaal ah iyo khasnadaha la heli karo waxay u ekaan doonaan sidan:
ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-passLaakiin ku siin maayo qoraalka buuxa ee buugaagta ciyaarta iyo doorarka, adigu qor. Sababtoo ah macquulka ah waa sidaas oo kale - haddii aadan fahmin waxa loo baahan yahay in la sameeyo, markaa kuma samayn doonto adiga.
Source: www.habr.com