Sehloohong sena, ke tla arolelana phihlelo ea ka ea ho theha CI / CD ho sebelisa Plesk Control Panel le Github Actions. Kajeno re tla ithuta ho sebelisa morero o bonolo ka lebitso le sa rarahanang "Helloworld". E ngotsoe ka har'a moralo oa Flask Python, e nang le basebetsi ba Celery le Angular 8 frontend.
Lihokelo tsa polokelo: , .
Karolong ea pele ea sehlooho sena, re tla sheba morero oa rōna le likarolo tsa oona. Ea bobeli, re tla fumana mokhoa oa ho theha Plesk le ho kenya lisebelisoa le likarolo tse hlokahalang (DB, RabbitMQ, Redis, Docker, joalo-joalo).
Karolong ea boraro, qetellong re tla fumana mokhoa oa ho theha phaephe bakeng sa ho tsamaisa morero oa rona ho seva sebakeng sa dev le prod. 'Me joale re tla qala sebaka sa marang-rang ho seva.
E, ke lebetse ho itsebisa. Lebitso la ka ke Oleg Borzov, ke moqapi ea felletseng sehlopheng sa CRM bakeng sa batsamaisi ba mekoloto ea matlo Domclick.
Kakaretso ea morero
Taba ea pele, a re shebeng lipolokelo tse peli tsa projeke - backend le front - 'me re fetele holim'a khoutu.
Ka morao: Flask+Celery
Bakeng sa karolo e ka morao, ke nkile sehlopha se tsebahalang haholo har'a baetsi ba Python: moralo oa Flask (bakeng sa API) le Celery (bakeng sa tatellano ea mosebetsi). SQLAchemy e sebelisoa joalo ka ORM. Alembic e sebelisoa bakeng sa ho falla. Bakeng sa netefatso ea JSON ho li-handle - Marshmallow.
В ho na le faele ea Readme.md e nang le tlhaloso e qaqileng ea sebopeho le litaelo tsa ho tsamaisa morero.
e bonolo haholo, e na le lipene tse 6:
/ping- ho hlahloba ho fumaneha;- e sebetsana le ho ngolisa, tumello, ho tlosa tumello le ho fumana mosebedisi ea nang le tumello;
- aterese ea lengolo-tsoibila e behang mosebetsi moleng oa Celery.
ho bonolo le ho feta, ho na le bothata bo le bong feela send_mail_task.
Ka foldareng ho na le li-subfolders tse peli:
dockerka li-Dockerfiles tse peli (base.dockerfileho aha setšoantšo sa motheo se sa fetoheng seoelo leDockerfilebakeng sa likopano tse kholo);.env_files- ka lifaele tse nang le maemo a fapaneng a tikoloho bakeng sa libaka tse fapaneng.
Ho na le lifaele tse 'ne tsa "docker-compose" motso oa morero:
docker-compose.local.db.ymlho phahamisa polokelongtshedimosetso ya lehae bakeng sa ntshetsopele;docker-compose.local.workers.ymlbakeng sa ho holisa basebetsi sebakeng sa heno, database, Redis le RabbitMQ;docker-compose.test.ymlho etsa liteko nakong ea ho tsamaisoa;docker-compose.ymlbakeng sa ho tsamaisoa.
Mme foldara ea ho qetela eo re e ratang - . E na le li-shell scripts bakeng sa ho romelloa:
deploy.sh- ho qala ho falla le ho romelloa. E matha ho seva ka mor'a ho haha le ho etsa liteko ho Github Actions;rollback.sh- ho khutlisa lijana ho mofuta o fetileng oa kopano;curl_tg.sh- ho romella litsebiso tsa thomello ho Telegraph.
Frontend ho Angular
e bonolo ho feta ea Beck. Karolo e ka pele e na le maqephe a mararo:
- Leqephe le ka sehloohong le nang le foromo ea ho romella lengolo-tsoibila le konopo ea ho tsoa.
- Leqephe la ho kena.
- Leqephe la ngodiso.
Leqephe la sehlooho le shebahala le le monate:
Ho na le lifaele tse peli motso Dockerfile и docker-compose.yml, hammoho le foldara e tloaelehileng .ci-cd ka mengolo e fokolang hanyane ho feta polokelong e ka morao (mengolo e tlositsoeng bakeng sa liteko tse sebetsang).
Ho qala morero Plesk
Ha re qale ka ho theha Plesk le ho theha ngoliso bakeng sa sebaka sa rona sa marang-rang.
Ho kenya lisebelisoa
Ho Plesk, re hloka likeketso tse 'ne:
Dockerho laola le ho bonts'a ka mahlo boemo ba lijana phanele ea tsamaiso ea Plesk;Githo lokisa mohato oa ho romela ho seva;Let's Encryptho hlahisa (le ho nchafatsa) litifikeiti tsa mahala tsa TLS;Firewallho lokisa tlhopho ya sephethephethe se kenang.
U ka li kenya ka phanele ea admin ea Plesk karolong ea Extensions:
Ha re na ho nahana ka litlhophiso tse qaqileng tsa likeketso, litlhophiso tsa kamehla li tla etsa molemong oa rona oa demo.
Etsa peeletso le sebaka
Ka mor'a moo, re hloka ho etsa peeletso bakeng sa sebaka sa rona sa marang-rang sa helloworld.ru mme re kenye subdomain dev.helloworld.ru moo.
- Theha ngoliso bakeng sa sebaka sa helloworld.ru 'me u hlalose lebitso la hau la ho kena bakeng sa mosebelisi oa sistimi:
Tšoaea lebokose le ka tlaase ho leqephe Sireletsa sebaka sa marang-rang ka Let's Encrypthaeba re batla ho theha HTTPS bakeng sa sebaka sa marang-rang: - E latelang, ngolisong ena, theha subdomain dev.helloworld.ru (eo u ka fanang ka eona le setifikeiti sa mahala sa TLS):
Ho kenya likarolo tsa seva
Re na le seva le OS Debian Stretch 9.12 le ho kenya control panel Plesk Obsidian 18.0.27.
Re hloka ho kenya le ho hlophisa morero oa rona:
- PostgreSQL (tabeng ea rona, ho tla ba le seva e le 'ngoe e nang le li-database tse peli bakeng sa libaka tsa dev le prod).
- RabbitMQ (e ts'oanang, mohlala o tšoanang o nang le li-vhost tse fapaneng bakeng sa tikoloho).
- Maemo a mabeli a Redis (bakeng sa libaka tsa dev le tsa prod).
- Registry ea Docker (bakeng sa polokelo ea lehae ea litšoantšo tsa Docker tse hahiloeng).
- UI bakeng sa ngoliso ea Docker.
PostgreSQL
Plesk e se e tla le PostgreSQL DBMS, empa eseng mofuta oa morao-rao (ka nako ea ho ngola Plesk Obsidian Liphetolelo tsa Postgres 8.4-10.8). Re batla mofuta oa morao-rao bakeng sa ts'ebeliso ea rona (12.3 nakong ea ho ngola sena), kahoo re tla e kenya ka letsoho.
Ho na le litaelo tse ngata tse qaqileng tsa ho kenya Postgres ho Debian ka letlooa (), kahoo nke ke ka li hlalosa ka botlalo, ke tla fana ka litaelo feela:
wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sudo apt-get update
sudo apt-get install postgresql postgresql-contrib
Ha re nahana hore PostgreSQL e na le li-setting tsa kamehla tsa mediocre, hoa hlokahala ho lokisa tlhophiso. Sena se tla re thusa : o hloka ho khanna ka har'a li-parameter tsa seva sa hau ebe o khutlisa litlhophiso tse faeleng /etc/postgresql/12/main/postgresql.confho tse fanoeng. Ho lokela ho hlokomeloa mona hore li-calculator tse joalo ha se bullet ea boselamose, 'me setsi se lokela ho hlophisoa ka nepo, ho ipapisitse le lisebelisoa tsa hau, ts'ebeliso, le ho rarahana ha lipotso. Empa sena se lekane ho qala.
Ntle le litlhophiso tse hlahisitsoeng ke calculator, re boetse re fetoha postgresql.confboema-kepe ba kamehla 5432 ho e 'ngoe (mohlala oa rona - 53983).
Kamora ho fetola faele ea tlhophiso, qala hape postgresql-server ka taelo:
service postgresql restart
Re kentse le ho lokisa PostgreSQL. Joale ha re theheng database, basebelisi ba tikoloho ea dev- le prod, 'me re fe basebedisi litokelo tsa ho laola database:
$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT
MmutlaMQ
Ha re tsoeleng pele ho kenya RabbitMQ, morekisi oa melaetsa oa Celery. Ho e kenya ho Debian ho bonolo haholo:
wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb
sudo apt-get update
sudo apt-get install erlang erlang-nox
sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install rabbitmq-server
Kamora ho kenya, re hloka ho theha mabotho, basebelisi le ho fana ka litokelo tse hlokahalang:
sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"
sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"
Redis
Joale ha re kenyeng le ho hlophisa karolo ea ho qetela bakeng sa ts'ebeliso ea rona - Redis. E tla sebelisoa e le mokokotlo oa ho boloka liphetho tsa mesebetsi ea Celery.
Re tla phahamisa lijana tse peli tsa Docker tse nang le Redis bakeng sa tikoloho ea dev le prod re sebelisa katoloso Docker bakeng sa Plesk.
- Re ea Plesk, e ea karolong ea Extensions, batla katoloso ea Docker ebe u e kenya (re hloka mofuta oa mahala):
- E-ea ho katoloso e kentsoeng, fumana setšoantšo ka ho batla
redis bitnamiebe u kenya mofuta oa morao-rao: - Re kena ka har'a sets'oants'o se jarollotsoeng ebe re lokisa tlhophiso: hlakisa boema-kepe, boholo ba RAM bo fanoeng, senotlolo sa maemo a tikoloho, 'me u phahamise molumo:
- Re etsa mehato ea 2-3 bakeng sa setshelo sa prod, ho li-setting re fetola liparamente feela: koung, password, boholo ba RAM le tsela ea foldara ea molumo ho seva:
Registry ea Docker
Ntle le lits'ebeletso tsa mantlha, ho ka ba monate ho beha polokelo ea hau ea setšoantšo sa Docker ho seva. Ka lehlohonolo, sebaka sa seva se se se theko e tlase haholo (ehlile se theko e tlase ho feta peeletso ea DockerHub), mme mokhoa oa ho theha polokelo ea poraefete o bonolo haholo.
Re batla ho ba le:
- polokelo ea Docker e sirelelitsoeng ka password e fumanehang ho subdomain ;
- UI ea ho shebella litšoantšo sebakeng sa polokelo, e fumanehang ho .
Ho etsa sena:
- Ha re theheng li-subdomain tse peli ho Plesk ho ngoliso ea rona: docker.helloworld.ru le docker-ui.helloworld.ru, 'me re hlophise litifikeiti tsa Let's Encrypt bakeng sa bona.
- Kenya faele ho foldara ea subdomain ea docker.helloworld.ru
docker-compose.ymlka litaba tse kang tsena:version: "3" services: docker-registry: image: "registry:2" restart: always ports: - "53985:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: basic-realm REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - ./.docker-registry.htpasswd:/auth/.htpasswd - ./data:/data docker-registry-ui: image: konradkleine/docker-registry-frontend:v2 restart: always ports: - "53986:80" environment: VIRTUAL_HOST: '*, https://*' ENV_DOCKER_REGISTRY_HOST: 'docker-registry' ENV_DOCKER_REGISTRY_PORT: 5000 links: - 'docker-registry' - Tlas'a SSH, re tla hlahisa faele ea .htpasswd bakeng sa tumello ea Motheo sebakeng sa polokelo ea Docker:
htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password - Bokella le ho phahamisa lijana:
docker-compose up -d - 'Me re hloka ho tsamaisa Nginx ho lijana tsa rona. Sena se ka etsoa ka Plesk.
Mehato e latelang e lokela ho etsoa bakeng sa li-domain tsa docker.helloworld.ru le docker-ui.helloworld.ru:
karolong Lisebelisoa tsa Dev webosaete ea rona e ea ho Melao ea Proxy ea Docker:
Mme o kenye molao ho proxy sephethephethe se kenang setshelong sa rona:
- Re hlahloba hore na re ka kena ka har'a setshelo sa rona ho tsoa mochining oa lehae:
$ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded - Ha re hlahlobeng ts'ebetso ea docker-ui.helloworld.ru subdomain:
Ha o tobetsa ho Browse repositories, sebatli se tla hlahisa fensetere ea tumello moo o tla hloka ho kenya lebitso la mosebelisi le password bakeng sa polokelo. Ka mor'a moo, re tla fetisetsoa leqepheng le nang le lethathamo la polokelo (hajoale, e tla be e se na letho bakeng sa hau):
Ho bula likou ho Plesk Firewall
Kamora ho kenya le ho hlophisa likarolo, re hloka ho bula likou e le hore likarolo li fihlellehe ho tsoa lijaneng tsa Docker le marang-rang a kantle.
Ha re boneng hore na re ka etsa sena joang re sebelisa katoloso ea Firewall bakeng sa Plesk eo re e kentseng pejana.
- Eya ho Lisebelisoa le Litlhophiso > Litlhophiso > Firewall:
- Eya ho Fetola Melao ea Plesk Firewall> Eketsa Molao oa Tloaelo ebe u bula likou tse latelang tsa TCP bakeng sa subnet ea Docker (172.0.0.0 / 8):
RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
Redis: 32785, 32786 - Hape re tla eketsa molao o tla bula likou tsa PostgreSQL le liphanele tsa taolo ea RabbitMQ lefatšeng le kantle:
- Sebelisa melaoana u sebelisa konopo ea Etsa Liphetoho:
Ho theha CI / CD ho Github Actions
Ha re theohele karolong e khahlisang ka ho fetesisa - ho theha phaephe ea ho kopanya e tsoelang pele le ho isa projeke ea rona ho seva.
Pipe ena e tla ba le likarolo tse peli:
- ho haha setšoantšo le ho etsa liteko (bakeng sa backend) - ka lehlakoreng la Github;
- ho falla (bakeng sa backend) le ho tsamaisa lijana - ho seva.
Fetisetsa ho Plesk
Ha re sebetsaneng le ntlha ea bobeli pele (hobane ea pele e itšetlehile ka eona).
Re tla hlophisa ts'ebetso ea phepelo re sebelisa katoloso ea Git bakeng sa Plesk.
Nahana ka mohlala o nang le tikoloho ea Prod bakeng sa polokelo ea Backend.
- Re ea ho ngoliso ea sebaka sa rona sa marang-rang sa Helloworld ebe re ea ho karoloana ea Git:
- Kenya sehokelo sebakeng sa rona sa polokelo ea Github tšimong ea "Remote Git repository" 'me u fetole foldara ea kamehla.
httpdocsho e mong (mohlala./httpdocs/hw_back): - Kopitsa konopo ea SSH Public ho tloha mohatong o fetileng le ho li-setting tsa Github.
- Tobetsa OK skrineng mohato oa 2, ka mor'a moo re tla fetisetsoa leqepheng la polokelo ho Plesk. Joale re hloka ho lokisa sebaka sa polokelo hore se nchafatsoe mabapi le boitlamo ho lekala le leholo. Ho etsa sena, e ea ho Litlhophiso tsa polokelo mme o boloke boleng
Webhook URL(re tla e hloka hamorao ha re theha Github Actions): - Lebaleng la Liketso skrineng ho tloha serapeng se fetileng, kenya script ho qala thomello:
cd {REPOSITORY_ABSOLUTE_PATH} .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID}moo:
{REPOSITORY_ABSOLUTE_PATH}- tsela e eang foldareng ea prod ea polokelo ea morao-rao ho seva;
{ENV}- tikoloho (dev / prod), molemong oa ronaprod;
{DOCKER_REGISTRY_HOST}- moamoheli oa polokelo ea rona ea li-docker
{TG_BOT_TOKEN}- Letšoao la bot la Telegraph;
{TG_CHAT_ID}- ID ea moqoqo / mocha oa ho romella litsebiso.Mohlala oa lengolo:
cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/ .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890 - Kenya mosebelisi ho tsoa peeletsong ea rona ho sehlopha sa Docker (e le hore ba tsebe ho laola lijana):
sudo usermod -aG docker helloworld_admin
Tikoloho ea dev bakeng sa polokelo ea backend le frontend li thehiloe ka tsela e ts'oanang.
Pepe ea ho kenya tšebetsong liketsong tsa Github
Ha re tsoeleng pele ho theha karolo ea pele ea lipeipi tsa rona tsa CI/CD ho Github Actions.
Khutlela morao
Pipeline e hlalositsoe ho .
Empa pele re e arola, a re tlatseng mefuta ea Lekunutu eo re e hlokang ho Github. Ho etsa sena, tobetsa konopo Litlhophiso -> Liphiri:
DOCKER_REGISTRY- moamoheli oa polokelo ea rona ea Docker (docker.helloworld.ru);DOCKER_LOGIN- kena sebakeng sa polokelo ea Docker;DOCKER_PASSWORD- password ho eona;DEPLOY_HOST- amohela moo phanele ea tsamaiso ea Plesk e fumanehang (mohlala: :8443 kapa :8443);DEPLOY_BACK_PROD_TOKEN- letšoao bakeng sa ho romelloa ho prod-repository ho seva (re e fumane ho Deployment ho Plesk p. 4);DEPLOY_BACK_DEV_TOKEN- token bakeng sa ho isoa sebakeng sa polokelo ea thepa ho seva.
Mokhoa oa ho tsamaisa o bonolo ebile o na le mehato e meraro ea mantlha:
- ho haha le ho phatlalatsa setšoantšo sebakeng sa rona sa polokelo;
- ho etsa liteko ka setshelo se thehiloeng setšoantšong se sa tsoa hahoa;
- ho isoa tikolohong e lakatsehang ho latela lekala (dev/master).
Qetellong ea bokapele
e fapane hanyane le ea Beck. Ha e na mohato oa ho etsa liteko mme e fetola mabitso a li-tokens bakeng sa ho tsamaisoa. Liphiri tsa polokelo ea ka pele, ka tsela, li hloka ho tlatsoa ka thoko.
Ho seta sebaka
Sephethephethe sa proxy ka Nginx
Be, re fihlile pheletsong. E sala feela ho hlophisa proxying ea sephethephethe se kenang le se tsoang ho sejana sa rona ka Nginx. Re se re koahetse ts'ebetso ena mohatong oa 5 oa setupo sa Registry ea Docker. E tšoanang e lokela ho phetoa bakeng sa likarolo tse ka morao le tse ka pele libakeng tsa dev le prod.
Ke tla fana ka li-screenshots tsa li-setting.
Khutlela morao
Qetellong ea bokapele
Tlhaloso ea bohlokoa. Li-URL tsohle li tla fetisetsoa ho sets'oants'o se ka pele, ntle le tse qalang /api/ - li tla fetisetsoa ka har'a setshelo se ka morao (kahoo ka setshelo se ka morao, bohle ba sebetsanang ba tlameha ho qala ka /api/).
Liphello
Hona joale sebaka sa rona se lokela ho ba teng helloworld.ru le dev.helloworld.ru (prod- and dev-environments, ka ho latellana).
Ka kakaretso, re ithutile ho lokisetsa kopo e bonolo ho Flask le Angular le ho theha pipeline ho Github Actions ho e fetisetsa ho seva se tsamaisang Plesk.
Ke tla qopitsa lihokelo tsa polokelo ka khoutu: , .
Source: www.habr.com