
Ninu nkan yii, Emi yoo pin iriri mi ti iṣeto CI/CD ni lilo Igbimọ Iṣakoso Plesk ati Awọn iṣe Github. Loni a yoo kọ ẹkọ bi a ṣe le fi iṣẹ akanṣe kan ranṣẹ pẹlu orukọ ti ko ni idiju “Helloworld”. O ti kọ sinu ilana Flask Python, pẹlu awọn oṣiṣẹ Seleri ati iwaju Angular 8 kan.
Awọn ọna asopọ si awọn ibi ipamọ: , .
Ni apakan akọkọ ti nkan naa, a yoo wo iṣẹ akanṣe wa ati awọn apakan rẹ. Ni awọn keji, a yoo ro ero bi o lati ṣeto soke Plesk ki o si fi awọn pataki amugbooro ati irinše (DB, RabbitMQ, Redis, Docker, ati be be lo).
Ni apakan kẹta, a yoo nipari ro bi a ṣe le ṣeto opo gigun ti epo fun gbigbe iṣẹ akanṣe wa si olupin ni agbegbe dev ati prod. Ati lẹhinna a yoo ṣe ifilọlẹ aaye naa lori olupin naa.
Ati bẹẹni, Mo gbagbe lati ṣafihan ara mi. Orukọ mi ni Oleg Borzov, Mo jẹ olupilẹṣẹ kikun ni ẹgbẹ CRM fun awọn alakoso ile gbigbe ni Domclick.
Project Akopọ
Ni akọkọ, jẹ ki a wo awọn ibi ipamọ iṣẹ akanṣe meji - ẹhin ati iwaju - ati lọ lori koodu naa.
Ẹhin: Flask+Selery
Fun apa ẹhin, Mo mu opo kan ti o jẹ olokiki pupọ laarin awọn olupilẹṣẹ Python: ilana Flask (fun API) ati Seleri (fun isinyi iṣẹ-ṣiṣe). SQLAchemy jẹ lilo bi ORM. A lo Alembic fun awọn migrations. Fun JSON afọwọsi ni awọn kapa - Marshmallow.
В Faili Readme.md wa pẹlu alaye alaye ti eto ati ilana fun ṣiṣe iṣẹ akanṣe naa.
o rọrun pupọ, ni awọn aaye 6:
/ping- lati ṣayẹwo wiwa;- mu fun ìforúkọsílẹ, ašẹ, de-aṣẹ ati ki o gba ohun aṣẹ olumulo;
- imudani imeeli ti o fi iṣẹ-ṣiṣe sinu isinyi Seleri.
ani rọrun, nibẹ jẹ nikan kan isoro send_mail_task.
Ninu folda awọn folda kekere meji wa:
dockerpẹlu awọn faili Docker meji (base.dockerfilelati kọ kan ṣọwọn iyipada mimọ image atiDockerfilefun awọn apejọ akọkọ);.env_files- pẹlu awọn faili pẹlu awọn oniyipada ayika fun awọn agbegbe oriṣiriṣi.
Awọn faili akojọpọ docker mẹrin wa ni ipilẹ ti iṣẹ akanṣe:
docker-compose.local.db.ymllati gbe data agbegbe kan fun idagbasoke;docker-compose.local.workers.ymlfun igbega agbegbe ti oṣiṣẹ, data data, Redis ati RabbitMQ;docker-compose.test.ymllati ṣiṣe awọn idanwo lakoko imuṣiṣẹ;docker-compose.ymlfun imuṣiṣẹ.
Ati folda ti o kẹhin ti a nifẹ si - . O ni awọn iwe afọwọkọ ikarahun fun imuṣiṣẹ:
deploy.sh- ifilọlẹ ti ijira ati imuṣiṣẹ. Ṣiṣe lori olupin lẹhin kikọ ati ṣiṣe awọn idanwo ni Github Actions;rollback.sh- yipo awọn apoti si ẹya iṣaaju ti apejọ;curl_tg.sh- fifiranṣẹ awọn iwifunni imuṣiṣẹ si Telegram.
Frontend on Angular
rọrun pupọ ju Beck's. Iwaju ni awọn oju-iwe mẹta:
- Oju-iwe akọkọ pẹlu fọọmu kan fun fifiranṣẹ imeeli ati bọtini ijade kan.
- Oju-iwe wiwọle.
- Oju-iwe iforukọsilẹ.
Oju-iwe akọkọ dabi ascetic:

Awọn faili meji wa ni gbongbo Dockerfile и docker-compose.yml, bakanna bi folda ti o mọ .ci-cd pẹlu awọn iwe afọwọkọ ti o dinku diẹ ju ninu ibi ipamọ ẹhin (awọn iwe afọwọkọ ti a yọ kuro fun awọn idanwo ṣiṣe).
Bibẹrẹ ise agbese kan ni Plesk
Jẹ ki a bẹrẹ nipa siseto Plesk ati ṣiṣẹda ṣiṣe alabapin fun aaye wa.
Fifi awọn amugbooro
Ni Plesk, a nilo awọn amugbooro mẹrin:
Dockerlati ṣakoso ati oju han ipo awọn apoti ni igbimọ abojuto Plesk;Gitlati tunto igbesẹ imuṣiṣẹ lori olupin naa;Let's Encryptlati ṣe ipilẹṣẹ (ati isọdọtun-laifọwọyi) awọn iwe-ẹri TLS ọfẹ;Firewalllati tunto sisẹ ti ijabọ ti nwọle.
O le fi wọn sii nipasẹ igbimọ abojuto Plesk ni apakan Awọn afikun:

A kii yoo gbero awọn eto alaye fun awọn amugbooro, awọn eto aiyipada yoo ṣe fun awọn idi demo wa.
Ṣẹda ṣiṣe alabapin ati aaye
Nigbamii, a nilo lati ṣẹda ṣiṣe alabapin kan fun oju opo wẹẹbu helloworld.ru wa ati ṣafikun dev.helloworld.ru subdomain nibẹ.
- Ṣẹda ṣiṣe alabapin fun agbegbe helloworld.ru ati pato ọrọ igbaniwọle iwọle fun olumulo eto naa:

Ṣayẹwo apoti ni isalẹ ti oju-iwe naa Ṣe aabo agbegbe naa pẹlu Jẹ ki a Encryptti a ba fẹ ṣeto HTTPS fun aaye naa:
- Nigbamii, ninu ṣiṣe alabapin yii, ṣẹda subdomain dev.helloworld.ru (fun eyiti o tun le fun iwe-ẹri TLS ọfẹ):

Fifi Server irinše
A ni olupin pẹlu OS Debian Na 9.12 ati ti fi sori ẹrọ Iṣakoso nronu Plesk Obsidian 18.0.27.
A nilo lati fi sori ẹrọ ati tunto fun iṣẹ akanṣe wa:
- PostgreSQL (ninu ọran wa, olupin kan yoo wa pẹlu data data meji fun awọn agbegbe dev ati prod).
- RabbitMQ (kanna, apẹẹrẹ kanna pẹlu awọn vhosts oriṣiriṣi fun awọn agbegbe).
- Awọn iṣẹlẹ Redis meji (fun awọn agbegbe dev ati prod).
- Iforukọsilẹ Docker (fun ibi ipamọ agbegbe ti awọn aworan Docker ti a ṣe).
- UI fun iforukọsilẹ Docker.
PostgreSQL
Plesk ti wa pẹlu PostgreSQL DBMS, ṣugbọn kii ṣe ẹya tuntun (ni akoko kikọ Plesk Obsidian Awọn ẹya Postgres 8.4–10.8). A fẹ ẹya tuntun fun ohun elo wa (12.3 ni akoko kikọ yii), nitorinaa a yoo fi sii pẹlu ọwọ.
Awọn ilana alaye lori fifi Postgres sori Debian Ọ̀pọ̀lọpọ̀ rẹ̀ ló wà lórí ìkànnì ayélujára (), nitorina Emi kii yoo ṣe apejuwe wọn ni awọn alaye, Emi yoo kan fun awọn aṣẹ:
wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sudo apt-get update
sudo apt-get install postgresql postgresql-contrib
Ṣiyesi pe PostgreSQL ni awọn eto aiyipada alabọde kuku, o jẹ dandan lati ṣatunṣe iṣeto naa. Eyi yoo ran wa lọwọ : o nilo lati wakọ ni awọn paramita ti olupin rẹ ki o rọpo awọn eto ninu faili naa /etc/postgresql/12/main/postgresql.confsi awon ti a nṣe. O yẹ ki o ṣe akiyesi nibi pe iru awọn iṣiro kii ṣe ọta ibọn idan, ati pe ipilẹ yẹ ki o wa ni aifwy diẹ sii, da lori ohun elo rẹ, ohun elo, ati idiju ibeere. Ṣugbọn eyi ti to lati bẹrẹ.
Ni afikun si awọn eto ti a dabaa nipasẹ ẹrọ iṣiro, a tun yipada ni postgresql.confibudo aiyipada 5432 si omiiran (ninu apẹẹrẹ wa - 53983).
Lẹhin iyipada faili iṣeto, tun bẹrẹ olupin postgresql pẹlu aṣẹ naa:
service postgresql restart
A ti fi sori ẹrọ ati tunto PostgreSQL. Bayi jẹ ki a ṣẹda data data kan, awọn olumulo fun awọn agbegbe dev ati prod, ati fun awọn olumulo ni ẹtọ lati ṣakoso data data:
$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT
EhoroMQ
Ẹ jẹ́ ká tẹ̀síwájú láti fi RabbitMQ, olùtajà ìránṣẹ́ fún Celery, sori ẹ̀rọ. Debian Ó rọrùn púpọ̀:
wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb
sudo apt-get update
sudo apt-get install erlang erlang-nox
sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install rabbitmq-server
Lẹhin fifi sori, a nilo lati ṣẹda vhosts, awọn olumulo ati fifun awọn ẹtọ to wulo:
sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"
sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"
Redis
Bayi jẹ ki a fi sori ẹrọ ati tunto paati ti o kẹhin fun ohun elo wa - Redis. O yoo ṣee lo bi ẹhin fun titoju awọn abajade ti awọn iṣẹ-ṣiṣe Seleri.
A yoo gbe awọn apoti Docker meji soke pẹlu Redis fun dev ati awọn agbegbe prod nipa lilo itẹsiwaju Docker fun Plesk.
- A lọ si Plesk, lọ si apakan Awọn afikun, wa fun itẹsiwaju Docker ki o fi sii (a nilo ẹya ọfẹ):

- Lọ si itẹsiwaju ti a fi sii, wa aworan nipasẹ wiwa
redis bitnamiki o si fi ẹya tuntun sori ẹrọ:
- A lọ sinu apoti ti o gba lati ayelujara ati ṣatunṣe iṣeto: pato ibudo, iwọn Ramu ti o pọju ti o pin, ọrọ igbaniwọle ni awọn oniyipada ayika, ati gbe iwọn didun soke:

- A ṣe awọn igbesẹ 2-3 fun eiyan prod, ninu awọn eto a yipada awọn paramita nikan: ibudo, ọrọ igbaniwọle, iwọn Ramu ati ọna si folda iwọn didun lori olupin naa:

Docker iforukọsilẹ
Ni afikun si awọn iṣẹ ipilẹ, yoo dara lati fi ibi ipamọ aworan Docker tirẹ sori olupin naa. Ni akoko, aaye olupin jẹ olowo poku (dajudaju din owo ju ṣiṣe alabapin DockerHub kan), ati ilana ti ṣeto ibi ipamọ ikọkọ jẹ irọrun pupọ.
A fẹ lati ni:
- Ibi ipamọ Docker ti o ni aabo ọrọ igbaniwọle ni iraye si lori subdomain kan ;
- UI fun wiwo awọn aworan ni ibi ipamọ, wa ni .
Fun eyi:
- Jẹ ki a ṣẹda awọn subdomains meji ni Plesk ninu ṣiṣe alabapin wa: docker.helloworld.ru ati docker-ui.helloworld.ru, ati tunto Jẹ ki a Encrypt awọn iwe-ẹri fun wọn.
- Ṣafikun faili naa si folda subdomain docker.helloworld.ru
docker-compose.ymlpẹlu akoonu bii eyi:version: "3" services: docker-registry: image: "registry:2" restart: always ports: - "53985:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: basic-realm REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - ./.docker-registry.htpasswd:/auth/.htpasswd - ./data:/data docker-registry-ui: image: konradkleine/docker-registry-frontend:v2 restart: always ports: - "53986:80" environment: VIRTUAL_HOST: '*, https://*' ENV_DOCKER_REGISTRY_HOST: 'docker-registry' ENV_DOCKER_REGISTRY_PORT: 5000 links: - 'docker-registry' - Labẹ SSH, a yoo ṣe ipilẹṣẹ faili .htpasswd fun aṣẹ Ipilẹ ni ibi ipamọ Docker:
htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password - Gba ati gbe awọn apoti soke:
docker-compose up -d - Ati pe a nilo lati ṣe atunṣe Nginx si awọn apoti wa. Eyi le ṣee ṣe nipasẹ Plesk.
Awọn igbesẹ wọnyi nilo lati ṣee ṣe fun docker.helloworld.ru ati docker-ui.helloworld.ru subdomains:
Ninu ori iwe Awọn irinṣẹ Dev aaye wa lọ si Awọn ofin aṣoju Docker:

Ati ṣafikun ofin kan si ijabọ ti nwọle aṣoju si apoti wa:

- A ṣayẹwo pe a le wọle si apoti wa lati ẹrọ agbegbe:
$ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded - Jẹ ki a tun ṣayẹwo iṣẹ ṣiṣe ti subdomain docker-ui.helloworld.ru:

Nigbati o ba tẹ lori Ṣawari awọn ibi ipamọ, ẹrọ aṣawakiri yoo ṣe afihan window aṣẹ kan nibiti iwọ yoo nilo lati tẹ orukọ olumulo ati ọrọ igbaniwọle sii fun ibi ipamọ naa. Lẹhin iyẹn, a yoo gbe wa si oju-iwe kan pẹlu atokọ ti awọn ibi ipamọ (fun ni bayi, yoo jẹ ofo fun ọ):
Nsii awọn ibudo ni Plesk Firewall
Lẹhin fifi sori ẹrọ ati tunto awọn paati, a nilo lati ṣii awọn ebute oko oju omi ki awọn paati wa lati awọn apoti Docker ati nẹtiwọọki ita.
Jẹ ki a wo bii o ṣe le ṣe eyi ni lilo itẹsiwaju ogiriina fun Plesk ti a fi sii tẹlẹ.
- Lọ si Awọn irinṣẹ & Eto> Eto> Ogiriina:

- Lọ si Ṣe atunṣe Awọn ofin ogiriina Plesk > Ṣafikun Ofin Aṣa ati ṣii awọn ebute oko oju omi TCP atẹle fun subnet Docker (172.0.0.0 / 8):
EhoroMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
Redis: 32785, 32786
- A yoo tun ṣafikun ofin kan ti yoo ṣii awọn ebute oko oju omi PostgreSQL ati awọn panẹli iṣakoso RabbitMQ si agbaye ita:

- Lo awọn ofin nipa lilo bọtini Awọn ayipada Waye:

Ṣiṣeto CI / CD ni Awọn iṣe Github
Jẹ ki a sọkalẹ lọ si apakan ti o nifẹ julọ - ṣiṣeto opo gigun ti isọpọ igbagbogbo ati jiṣẹ iṣẹ akanṣe wa si olupin naa.
Pipeline yii yoo ni awọn ẹya meji:
- kikọ aworan kan ati awọn idanwo ṣiṣe (fun ẹhin ẹhin) - ni ẹgbẹ Github;
- nṣiṣẹ migrations (fun backend) ati ki o ran awọn apoti - lori olupin.
Ran lọ si Plesk
Jẹ ki a koju aaye keji ni akọkọ (nitori pe akọkọ da lori rẹ).
A yoo tunto ilana imuṣiṣẹ ni lilo itẹsiwaju Git fun Plesk.
Wo apẹẹrẹ kan pẹlu agbegbe Prod fun ibi ipamọ Afẹyinti.
- A lọ si ṣiṣe alabapin ti oju opo wẹẹbu Helloworld ati lọ si apakan Git:

- Fi ọna asopọ kan sii si ibi ipamọ Github wa sinu aaye “Ibi ipamọ Git Latọna jijin” ki o yi folda aiyipada pada
httpdocssi miiran (fun apẹẹrẹ./httpdocs/hw_back):
- Da awọn SSH Public bọtini lati išaaju igbese ati ni awọn eto Github.
- Tẹ O DARA loju iboju ni igbese 2, lẹhin eyi a yoo darí wa si oju-iwe ibi ipamọ ni Plesk. Bayi a nilo lati tunto ibi-ipamọ lati wa ni imudojuiwọn lori awọn adehun si ẹka titunto si. Lati ṣe eyi, lọ si Eto ibi ipamọ ki o si fi iye
Webhook URL(a yoo nilo rẹ nigbamii nigbati o ba ṣeto Awọn iṣe Github):
- Ni aaye Awọn iṣe loju iboju lati paragira ti tẹlẹ, tẹ iwe afọwọkọ lati ṣe ifilọlẹ imuṣiṣẹ:
cd {REPOSITORY_ABSOLUTE_PATH} .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID}nibo ni:
{REPOSITORY_ABSOLUTE_PATH}- ọna si folda prod ti ibi ipamọ ẹhin lori olupin naa;
{ENV}- ayika (dev / prod), ninu ọran waprod;
{DOCKER_REGISTRY_HOST}- agbalejo ti ibi ipamọ docker wa
{TG_BOT_TOKEN}- Telegram bot àmi;
{TG_CHAT_ID}- ID ti iwiregbe / ikanni fun fifiranṣẹ awọn iwifunni.Apẹẹrẹ iwe afọwọkọ:
cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/ .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890 - Ṣafikun olumulo kan lati ṣiṣe alabapin wa si ẹgbẹ Docker (ki wọn le ṣakoso awọn apoti):
sudo usermod -aG docker helloworld_admin
Ayika dev fun ibi ipamọ ẹhin ati iwaju ti ṣeto ni ọna kanna.
Opopona imuṣiṣẹ ni Awọn iṣe Github
Jẹ ki a tẹsiwaju lati ṣeto apakan akọkọ ti opo gigun ti epo CI/CD ni Awọn iṣe Github.
Backend
Pipeline ti wa ni apejuwe ninu .
Ṣugbọn ṣaaju sisọ rẹ, jẹ ki a kun awọn oniyipada Aṣiri ti a nilo ni Github. Lati ṣe eyi, lọ si Eto -> Asiri:
DOCKER_REGISTRY- agbalejo ti ibi ipamọ Docker wa (docker.helloworld.ru);DOCKER_LOGIN- buwolu wọle si ibi ipamọ Docker;DOCKER_PASSWORD- ọrọigbaniwọle fun o;DEPLOY_HOST- gbalejo nibiti igbimọ abojuto Plesk wa (apẹẹrẹ: : 8443 tabi :8443);DEPLOY_BACK_PROD_TOKEN- aami kan fun imuṣiṣẹ si prod-ibi ipamọ lori olupin (a ni o ni Imuṣiṣẹ ni Plesk p. 4);DEPLOY_BACK_DEV_TOKEN- àmi fun imuṣiṣẹ si ibi ipamọ dev lori olupin naa.
Ilana imuṣiṣẹ jẹ rọrun ati pe o ni awọn igbesẹ akọkọ mẹta:
- kikọ ati titẹjade aworan ni ibi ipamọ wa;
- ṣiṣe awọn idanwo ni apoti kan ti o da lori aworan ti a ṣe tuntun;
- imuṣiṣẹ si agbegbe ti o fẹ da lori ẹka (dev / titunto si).
Software ti o pese atọkun si eto miiran
kekere yatọ lati Beck ká. O ko ni igbesẹ kan pẹlu awọn idanwo ṣiṣe ati yi awọn orukọ ti awọn ami-ami pada fun imuṣiṣẹ. Awọn asiri fun ibi ipamọ iwaju, nipasẹ ọna, nilo lati kun ni lọtọ.
Eto ojula
Aṣoju ijabọ nipasẹ Nginx
O dara, a ti de opin. O wa nikan lati tunto aṣoju ti nwọle ati ijabọ ti njade si apoti wa nipasẹ Nginx. A ti bo ilana yii tẹlẹ ni igbesẹ 5 ti iṣeto iforukọsilẹ Docker. Bakanna ni o yẹ ki o tun ṣe fun ẹhin ati awọn ẹya iwaju ni awọn agbegbe dev ati prod.
Emi yoo pese awọn sikirinisoti ti awọn eto.
Backend

Software ti o pese atọkun si eto miiran

Alaye pataki. Gbogbo awọn URL yoo jẹ isunmọ si apoti iwaju, ayafi awọn ti o bẹrẹ pẹlu /api/ - wọn yoo jẹ aṣoju si eiyan ẹhin (bẹẹ ni awọn pada eiyan, gbogbo handlers gbọdọ bẹrẹ pẹlu /api/).
Awọn esi
Bayi aaye wa yẹ ki o wa ni helloworld.ru ati dev.helloworld.ru (prod- ati dev-environments, lẹsẹsẹ).
Ni apapọ, a kọ ẹkọ bi o ṣe le mura ohun elo ti o rọrun ni Flask ati Angular ati ṣeto opo gigun ti epo ni Awọn iṣe Github lati yi jade si olupin ti n ṣiṣẹ Plesk.
Emi yoo ṣe ẹda awọn ọna asopọ si awọn ibi ipamọ pẹlu koodu naa: , .
orisun: www.habr.com
