Kule nqaku, ndiya kubelana ngamava am okuseta i-CI / CD usebenzisa iPhaneli yokulawula yePlesk kunye neZenzo zeGithub. Namhlanje siza kufunda indlela yokuhambisa iprojekthi elula kunye negama elinzima elithi "Helloworld". Kubhaliwe kwisakhelo seFlask Python, kunye nabasebenzi beCelery kunye ne-Angular 8 frontend.
Unxulumano koovimba:
Kwinxalenye yokuqala yenqaku, siza kujonga iprojekthi yethu kunye neenxalenye zayo. Kweyesibini, siya kujonga indlela yokuseta iPlesk kunye nokufaka izandiso eziyimfuneko kunye namacandelo (DB, RabbitMQ, Redis, Docker, njl.).
Kwinxalenye yesithathu, ekugqibeleni siya kuqonda indlela yokuseta umbhobho wokuhambisa iprojekthi yethu kwiseva kwindawo ye-dev kunye nemveliso. Kwaye ke siya kuqalisa indawo kumncedisi.
Kwaye ewe, ndilibele ukuzazisa. Igama lam ndingu-Oleg Borzov, ndingumphuhlisi ogcweleyo kwiqela leCRM kubaphathi bezindlu zokuhlala eDomclick.
Isishwankathelo seprojekthi
Okokuqala, makhe sijonge kwiiprojekthi ezimbini zokugcina - i-backend nangaphambili - kwaye sidlule ikhowudi.
Umva: Flask+Celery
Kwicala elingasemva, ndithathe iqela elidume kakhulu phakathi kwabaphuhlisi bePython: isakhelo seFlask (ye-API) kunye neCelery (yemigca yomsebenzi). I-SQLAchemy isetyenziswa njenge-ORM. I-Alembic isetyenziselwa ukufuduka. Ukuqinisekiswa kwe-JSON kwiziphatho - Marshmallow.
Π
/ping
- ukujonga ukufumaneka;- izibambo zobhaliso, ugunyaziso, ukukhutshwa kwesigunyaziso kunye nokufumana umsebenzisi ogunyazisiweyo;
- isiphatho se-imeyile esibeka umsebenzi kumgca weCelery.
send_mail_task
.
Kwifolda
docker
ngeeDockerfiles ezimbini (base.dockerfile
ukwakha umfanekiso wesiseko ongafane utshintshe kwayeDockerfile
kwiindibano eziphambili);.env_files
- ngeefayile ezineenguqu zemo engqongileyo ezahlukeneyo.
Kukho iifayile ezine zokuqamba i-docker kwingcambu yeprojekthi:
docker-compose.local.db.yml
ukuphakamisa uvimba weenkcukacha wendawo ukwenzela uphuhliso;docker-compose.local.workers.yml
ukukhulisa umsebenzi wendawo, ugcino lwedatha, iRedis kunye neRabbitMQ;docker-compose.test.yml
ukuqhuba iimvavanyo ngexesha lokusasazwa;docker-compose.yml
ukusasazwa.
Kwaye ifolda yokugqibela esinomdla kuyo -
deploy.sh
- ukuqaliswa kokufuduka kunye nokusasazwa. Isebenza kumncedisi emva kokwakha kunye nokuqhuba iimvavanyo kwiZenzo zeGithub;rollback.sh
- ukubuyisela izikhongozeli kwinguqulelo yangaphambili yendibano;curl_tg.sh
-ukuthumela izaziso zokuthumela kwiTelegram.
Umphambili we-Angular
- Iphepha eliphambili elinefom yokuthumela i-imeyile kunye neqhosha lokuphuma.
- Iphepha lokungena.
- Iphepha lokubhalisa.
Iphepha eliphambili lijongeka njenge-ascetic:
Kukho iifayile ezimbini kwingcambu Dockerfile
ΠΈ docker-compose.yml
, kunye nefolda eqhelekileyo .ci-cd
ngezikripthi ezimbalwa kancinane kunendawo yokugcina yangasemva (izikripthi ezisusiweyo zokuqhuba iimvavanyo).
Ukuqala iprojekthi ePlesk
Masiqale ngokuseta iPlesk kwaye senze umrhumo kwindawo yethu.
Kuhlohlwa izandiso
KwiPlesk, sifuna izandiso ezine:
Docker
ukulawula nokubonisa ngokubonakalayo ubume bezikhongozeli kwiqela lolawulo lePlesk;Git
ukuqwalasela inyathelo lobeko kumncedisi;Let's Encrypt
ukuvelisa (kunye nokuhlaziya ngokuzenzekelayo) izatifikethi zasimahla ze-TLS;Firewall
ukuqwalasela ukucocwa kwetrafikhi engenayo.
Ungazifaka ngephaneli yolawulo yePlesk kwicandelo lezandiso:
Asiyi kuqwalasela iisetingi ezineenkcukacha zolwandiso, useto olungagqibekanga luyakwenza ngeenjongo zethu zedemo.
Yenza umrhumo kunye nesayithi
Emva koko, kufuneka senze umrhumo kwiwebhusayithi yethu ye-helloworld.ru kwaye ungeze i-dev.helloworld.ru i-subdomain apho.
- Yenza umrhumo kwi-domain ye-helloworld.ru kwaye uchaze igama-lokungena-password kumsebenzisi wenkqubo:
Khangela ibhokisi emazantsi ephepha Khusela idomeyini ngokuthi Masiyifihleukuba sifuna ukuseta i-HTTPS yesiza: - Okulandelayo, kolu rhumo, yenza i-subdomain dev.helloworld.ru (onokuthi ukhuphe nesiqinisekiso sasimahla seTLS):
Ukuhlohla i-Server Components
Sineseva ene Ukolula kwe-OS Debian 9.12 kunye nephaneli yokulawula efakiweyo Plesk Obsidian 18.0.27.
Kufuneka sifake kwaye silungiselele iprojekthi yethu:
- I-PostgreSQL (kwimeko yethu, kuya kubakho iseva enye ene-database ezimbini ze-dev kunye ne-prod environments).
- I-RabbitMQ (efanayo, umzekelo ofanayo kunye nee-vhosts ezahlukeneyo zommandla).
- Imizekelo emibini yeRedis (ye-dev kunye neemeko zemveliso).
- IRegistry yeDocker (yokugcinwa kwendawo yemifanekiso yeDocker eyakhelweyo).
- I-UI yobhaliso lweDocker.
PostgreSQL
IPlesk sele iza nePostgreSQL DBMS, kodwa hayi inguqulelo yamva nje (ngexesha lokubhalwa kwePlesk Obsidian
Kukho imiyalelo emininzi eneenkcukacha yokufaka iPostgres kwiDebian kumnatha (
wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sudo apt-get update
sudo apt-get install postgresql postgresql-contrib
Uthathela ingqalelo ukuba iPostgreSQL inoseto olungagqibekanga oluphakathi, kuyafuneka ukulungisa uqwalaselo. Oku kuya kusinceda /etc/postgresql/12/main/postgresql.conf
kwabo banikelwe. Kufuneka kuqatshelwe apha ukuba ezo khalityhuleyitha aziyombumbulu yomlingo, kwaye isiseko kufuneka silungiswe ngokuchanekileyo, ngokusekwe kwihardware yakho, isicelo, kunye nombuzo onzima. Kodwa oku kwanele ukuba uqalise.
Ukongeza kwimimiselo ecetywayo yikhaltyhuleyitha, siphinde sitshintshe postgresql.conf
izibuko elingagqibekanga 5432 kwelinye (kumzekelo wethu - 53983).
Emva kokutshintsha ifayile yoqwalaselo, qala kwakhona i-postgresql-server ngomyalelo:
service postgresql restart
Siyifakile kwaye siyilungiselele iPostgreSQL. Ngoku makhe isiseko sedatha, abasebenzisi be-dev kunye neemeko zemveliso, kwaye sinike abasebenzisi amalungelo okulawula isiseko sedatha:
$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT
UmvundlaMQ
Masiqhubele phambili ekufakeni iRabbitMQ, umthengisi womyalezo weCelery. Ukuyifaka kwi-Debian kulula kakhulu:
wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb
sudo apt-get update
sudo apt-get install erlang erlang-nox
sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install rabbitmq-server
Emva kokufakela, kufuneka sidale imikhosi, abasebenzisi kwaye unike amalungelo ayimfuneko:
sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"
sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"
Redis
Ngoku masifake kwaye siqwalasele icandelo lokugqibela lesicelo sethu - iRedis. Iya kusetyenziswa njenge-backend yokugcina iziphumo zemisebenzi yeCelery.
Siza kuphakamisa izikhongozeli ezibini ze-Docker kunye neRedis ye-dev kunye neendawo ze-prod zisebenzisa ulwandiso Docker
yePlesk.
- Siya kwiPlesk, yiya kwicandelo lezandiso, khangela ulwandiso lweDocker kwaye ulufake (sifuna inguqulelo yasimahla):
- Yiya kulwandiso olufakiweyo, fumana umfanekiso ngophendlo
redis bitnami
kwaye ufake inguqulelo yamva nje: - Singena kwisikhongozeli esikhutshelweyo kwaye sihlengahlengise uqwalaselo: khankanya izibuko, ubukhulu be-RAM obabelweyo, igama eliyimfihlo kwizinto eziguquguqukayo zemekobume, kwaye unyuse ivolumu:
- Senza amanyathelo 2-3 kwisikhongozeli seprod, kuseto sitshintsha kuphela iiparamitha: izibuko, igama eliyimfihlo, ubungakanani be-RAM kunye nendlela eya kwifolda yevolumu kumncedisi:
Irejista yeDocker
Ukongeza kwiinkonzo ezisisiseko, kuya kuba kuhle ukubeka eyakho indawo yokugcina umfanekiso weDocker kwiseva. Ngethamsanqa, indawo yeseva ngoku itshiphu kakhulu (ixabiso eliphantsi ngokuqinisekileyo kunobhaliso lwe-DockerHub), kwaye inkqubo yokuseta indawo yokugcina yabucala ilula kakhulu.
Sifuna ukuba:
- Ugcino lweDocker olukhuselweyo lufikeleleke kwisizinda esingaphantsi
https://docker.helloworld.ru ; - I-UI yokujonga imifanekiso kwindawo yokugcina, ekhoyo
https://docker-ui.helloworld.ru .
Ukwenza oku:
- Masenze ii-subdomains ezimbini kwi-Plesk kumrhumo wethu: docker.helloworld.ru kunye ne-docker-ui.helloworld.ru, kwaye siqwalasele i-Let Encrypt certificates kubo.
- Yongeza ifayile kwi-subdomain docker.helloworld.ru
docker-compose.yml
ngomxholo onje:version: "3" services: docker-registry: image: "registry:2" restart: always ports: - "53985:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: basic-realm REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - ./.docker-registry.htpasswd:/auth/.htpasswd - ./data:/data docker-registry-ui: image: konradkleine/docker-registry-frontend:v2 restart: always ports: - "53986:80" environment: VIRTUAL_HOST: '*, https://*' ENV_DOCKER_REGISTRY_HOST: 'docker-registry' ENV_DOCKER_REGISTRY_PORT: 5000 links: - 'docker-registry'
- Ngaphantsi kwe-SSH, siya kuvelisa ifayile ye-.htpasswd yogunyaziso oluSisiseko kwindawo yokugcina iDocker:
htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password
- Qokelela kwaye uphakamise izitya:
docker-compose up -d
- Kwaye kufuneka sibuyisele i-Nginx kwizikhongozeli zethu. Oku kunokwenziwa ngePlesk.
La manyathelo alandelayo kufuneka enzelwe i-docker.helloworld.ru kunye ne-docker-ui.helloworld.ru subdomains:
Kulo candelo Izixhobo ze-Dev indawo yethu ukuya Imithetho yoMmeli weDocker:
Kwaye yongeza umthetho kwi-traffic engenayo i-proxy kwisikhongozeli sethu:
- Sijonga ukuba sinokungena kwisikhongozeli sethu kumatshini wendawo:
$ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded
- Masijonge kwakhona ukusebenza kwe-docker-ui.helloworld.ru subdomain:
Xa ucofa kuKhangelo lweendawo zokugcina, umkhangeli zincwadi uya kubonisa iwindow yogunyaziso apho kuya kufuneka ufake igama lomsebenzisi kunye negama lokugqitha kwindawo yokugcina. Emva koko, siya kudluliselwa kwiphepha elinoluhlu lweendawo zokugcina (okwangoku, liya kuba lingenanto kuwe):
Ukuvula amazibuko kwiPlesk Firewall
Emva kokufaka kunye nokuqwalasela amacandelo, kufuneka sivule amachweba ukuze amacandelo afikeleleke kwi-Docker containers kunye nenethiwekhi yangaphandle.
Makhe sibone ukuba sikwenza njani oku kusetyenziswa ulwandiso lweFirewall lwePlesk ebesiyifakile ngaphambili.
- Yiya e Izixhobo & Useto > Useto > I-Firewall:
- Yiya e Guqula iMithetho yePlesk Firewall> Yongeza uMthetho oSiko kwaye uvule izibuko zeTCP ezilandelayo zeDocker subnet (172.0.0.0 / 8):
RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
Redis: 32785, 32786 - Siza kongeza umthetho oza kuvula izibuko zePostgreSQL kunye neepaneli zolawulo lweRabbitMQ kwihlabathi langaphandle:
- Sebenzisa imigaqo usebenzisa iqhosha elithi Faka iinguqu:
Ukuseta i-CI/CD kwiZenzo zeGithub
Masihle siye kweyona nxalenye inomdla - ukuseta umbhobho wokudibanisa oqhubekayo kunye nokuhambisa iprojekthi yethu kumncedisi.
Lo mbhobho uya kuba namacandelo amabini:
- ukwakha umfanekiso kunye neemvavanyo eziqhuba (kwi-backend) - kwicala leGithub;
- ukufuduka okusebenzayo (kwi-backend) kunye nokuthumela izikhongozeli - kumncedisi.
Thumela kwiPlesk
Masijongane nenqaku lesibini kuqala (kuba eyokuqala ixhomekeke kuyo).
Siza kumisela inkqubo yokusasazwa kusetyenziswa ulwandiso lweGit lwePlesk.
Cinga ngomzekelo ngendawo yeProd yendawo yokugcina i-Backend.
- Siya kubhaliso lwewebhusayithi yethu ye-Helloworld kwaye siye kwicandelwana le-Git:
- Faka ikhonkco kwindawo yethu yokugcina iGithub kwindawo ethi "Remote Git repository" kwaye utshintshe ifolda engagqibekanga.
httpdocs
komnye (umz./httpdocs/hw_back
): - Khuphela iqhosha likawonke-wonke le-SSH ukusuka kwinqanaba elidlulileyo kwaye
yongeza kwiseto zeGithub. - Cofa u-OK kwisikrini kwisinyathelo sesi-2, emva koko siya kuthunyelwa kwiphepha lokugcina ePlesk. Ngoku kufuneka siqwalasele indawo yokugcina ukuze ihlaziywe kwizibophelelo kwisebe elikhulu. Ukwenza oku, yiya ku Izicwangciso zokugcina kwaye ugcine ixabiso
Webhook URL
(siya kuyidinga kamva xa siseta iintshukumo zeGithub): - Kwindawo yeZenzo kwisikrini ukusuka kumhlathi odlulileyo, ngenisa iscript ukuqalisa ukusasazwa:
cd {REPOSITORY_ABSOLUTE_PATH} .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID}
apho:
{REPOSITORY_ABSOLUTE_PATH}
- indlela eya kwisilawuli semveliso sendawo yokugcina ngasemva kumncedisi;
{ENV}
- okusingqongileyo (dev / prod), kwimeko yethuprod
;
{DOCKER_REGISTRY_HOST}
-inginginya yendawo yethu yokugcina idokhi
{TG_BOT_TOKEN}
- uphawu lwebhot yeTelegram;
{TG_CHAT_ID}
β Isazisi sencoko/yetshaneli yokuthumela izaziso.Umzekelo weskripthi:
cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/ .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890
- Yongeza umsebenzisi osuka kumrhumo kwiqela leDocker (ukuze bakwazi ukulawula izikhongozeli):
sudo usermod -aG docker helloworld_admin
Ubume be-dev yendawo yokugcina umva kunye ne-frontend zisekwe ngendlela efanayo.
Umbhobho wokusasaza kwiZenzo zeGithub
Masiqhubele phambili ukuseta inxalenye yokuqala yombhobho wethu weCI/CD kwiZenzo zeGithub.
Umva
Umbhobho uchazwe kwi
Kodwa ngaphambi kokuba siyicazulule, masigcwalise iinguqu eziMfihlo esizifunayo kwiGithub. Ukwenza oku, yiya ku Izicwangciso -> Iimfihlo:
DOCKER_REGISTRY
- umphathi weDocker yethu yokugcina (docker.helloworld.ru);DOCKER_LOGIN
-ngena kwindawo yokugcina iDocker;DOCKER_PASSWORD
- igama lokugqitha kuyo;DEPLOY_HOST
-mamkeli apho indawo yolawulo yePlesk ifumaneka khona (umzekelo:helloworld.com : 8443 okanye123.4.56.78 :8443);DEPLOY_BACK_PROD_TOKEN
- ithokheni yokuthunyelwa kwiprod-repository kumncedisi (siyifumene kwi-Deployment kwi-Plesk p. 4);DEPLOY_BACK_DEV_TOKEN
- uphawu lokusasazwa kwindawo yokugcina i-dev kumncedisi.
Inkqubo yokusasazwa ilula kwaye inamanyathelo amathathu aphambili:
- ukwakha kunye nokupapasha umfanekiso kwindawo yethu yokugcina;
- ukuqhuba iimvavanyo kwisitya esekwe kumfanekiso osanda kwakhiwa;
- ukuthunyelwa kwindawo efunekayo ngokuxhomekeke kwisebe (dev/master).
frontend
Ukuseta indawo
Ukwenza ummeli wetrafikhi ngeNginx
Ewe, sifike esiphelweni. Kuhlala kuphela ukuqwalasela i-proxying ye-traffic engenayo nephumayo kwi-container yethu nge-Nginx. Sele siyigubungele le nkqubo kwinyathelo lesi-5 lokuseta iRegistry yeDocker. Okufanayo kufuneka kuphindwe kumacandelo angasemva nangaphambili kwindawo ye-dev kunye ne-prod.
Ndiza kubonelela ngesikrini seseto.
Umva
frontend
Ingcaciso ebalulekileyo. Zonke ii-URL ziya kuba ngummeli kwisikhongozeli esingaphambili, ngaphandle kwezo ziqala ngazo /api/
- baya kufakwa kwi-container yangasemva (ngoko kwisingxobo esingasemva, bonke abaphangi kufuneka baqale /api/
).
Iziphumo
Ngoku indawo yethu kufuneka ifumaneke kwi-helloworld.ru kunye ne-dev.helloworld.ru (iprod- kunye ne-dev-environments, ngokulandelanayo).
Lilonke, sifunde indlela yokulungiselela isicelo esilula kwiFlask kunye ne-Angular kwaye simise umbhobho kwi-Github Actions ukuyikhupha kwi-server eqhuba i-Plesk.
Ndiza kuphinda-phinda amakhonkco kwiindawo zokugcina ngekhowudi:
umthombo: www.habr.com