Laipẹ sẹhin Mo nilo lati kọ ọpọlọpọ awọn iwe-iṣere Ansible lati mura olupin fun gbigbe ohun elo Rails kan. Ati pe, iyalẹnu, Emi ko rii ilana igbesẹ-nipasẹ-igbesẹ ti o rọrun. Emi ko fẹ lati daakọ iwe-iṣere ẹnikan laisi agbọye ohun ti n ṣẹlẹ, ati ni ipari Mo ni lati ka iwe naa, gbigba ohun gbogbo funrararẹ. Boya Mo le ṣe iranlọwọ fun ẹnikan ni iyara ilana yii pẹlu iranlọwọ ti nkan yii.
Ohun akọkọ lati ni oye ni pe o ṣeeṣe fun ọ ni wiwo irọrun lati ṣe atokọ ti a ti pinnu tẹlẹ ti awọn iṣe lori olupin(awọn) latọna jijin nipasẹ SSH. Ko si idan nibi, o ko le fi ohun itanna kan sori ẹrọ ki o gba imuṣiṣẹ akoko isinmi odo ti ohun elo rẹ pẹlu docker, ibojuwo ati awọn ire miiran jade kuro ninu apoti. Lati le kọ iwe-iṣere kan, o gbọdọ mọ kini gangan ti o fẹ ṣe ati bii o ṣe le ṣe. Ti o ni idi ti Emi ko ni itẹlọrun pẹlu awọn iwe-iṣere ti a ti ṣetan lati GitHub, tabi awọn nkan bii: “Daakọ ati ṣiṣẹ, yoo ṣiṣẹ.”
Kini a nilo?
Gẹgẹbi Mo ti sọ tẹlẹ, lati kọ iwe-iṣere kan o nilo lati mọ kini o fẹ ṣe ati bii o ṣe le ṣe. Jẹ ki a pinnu ohun ti a nilo. Fun ohun elo Rails a yoo nilo ọpọlọpọ awọn idii eto: nginx, postgresql (redis, ati bẹbẹ lọ). Ni afikun, a nilo ẹya kan pato ti Ruby. O dara julọ lati fi sii nipasẹ rbenv (rvm, asdf...). Nṣiṣẹ gbogbo eyi bi olumulo gbongbo nigbagbogbo jẹ imọran buburu, nitorinaa o nilo lati ṣẹda olumulo lọtọ ati tunto awọn ẹtọ rẹ. Lẹhin eyi, o nilo lati gbe koodu wa si olupin, daakọ awọn atunto fun nginx, postgres, ati bẹbẹ lọ ki o bẹrẹ gbogbo awọn iṣẹ wọnyi.
Bi abajade, lẹsẹsẹ awọn iṣe jẹ bi atẹle:
- Buwolu wọle bi root
- fi sori ẹrọ awọn idii eto
- ṣẹda olumulo tuntun, tunto awọn ẹtọ, bọtini ssh
- tunto awọn idii eto (nginx ati be be lo) ati ṣiṣe wọn
- A ṣẹda olumulo kan ninu ibi ipamọ data (o le ṣẹda data lẹsẹkẹsẹ)
- Buwolu wọle bi a titun olumulo
- Fi sori ẹrọ rbenv ati Ruby
- Fifi sori ẹrọ lapapo
- Ikojọpọ koodu ohun elo
- Ifilọlẹ olupin Puma
Pẹlupẹlu, awọn ipele ti o kẹhin le ṣee ṣe ni lilo capistrano, o kere ju lati inu apoti o le daakọ koodu sinu awọn ilana itusilẹ, yi itusilẹ pẹlu aami kan lori imuṣiṣẹ aṣeyọri, daakọ awọn atunto lati itọsọna pinpin, tun bẹrẹ puma, bbl Gbogbo eyi le ṣee ṣe ni lilo Ansible, ṣugbọn kilode?
Ilana faili
Ansible ni ti o muna fun gbogbo awọn faili rẹ, nitorinaa o dara julọ lati tọju gbogbo rẹ sinu itọsọna lọtọ. Pẹlupẹlu, kii ṣe pataki boya yoo wa ninu ohun elo awọn afowodimu funrararẹ, tabi lọtọ. O le fi awọn faili pamọ si ibi ipamọ git lọtọ. Tikalararẹ, Mo rii pe o rọrun julọ lati ṣẹda itọsọna aibikita ninu itọsọna / atunto ti ohun elo awọn iṣinipopada ati tọju ohun gbogbo ni ibi ipamọ kan.
Irọrun Playbook
Playbook jẹ faili yml ti, ni lilo sintasi pataki, ṣe apejuwe ohun ti Ansible yẹ ki o ṣe ati bii. Jẹ ki a ṣẹda iwe-iṣere akọkọ ti ko ṣe nkankan:
---
- name: Simple playbook
hosts: allNibi ti a nìkan so wipe wa playbook ni a npe ni Simple Playbook ati pe awọn akoonu inu rẹ yẹ ki o ṣiṣẹ fun gbogbo awọn ọmọ-ogun. A le fipamọ sinu iwe-ilana ti o ṣeeṣe pẹlu orukọ playbook.yml ati gbiyanju lati ṣiṣẹ:
ansible-playbook ./playbook.yml
PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matchedAnsible sọ pe ko mọ eyikeyi ogun ti o baamu gbogbo atokọ naa. Wọn gbọdọ wa ni akojọ ni pataki kan .
Jẹ ki a ṣẹda rẹ ni itọsọna ti o ṣeeṣe kanna:
123.123.123.123Eyi ni bii a ṣe sọ pato agbalejo naa (ni deede agbalejo ti VPS wa fun idanwo, tabi o le forukọsilẹ localhost) ati fipamọ labẹ orukọ inventory.
O le gbiyanju lati ṣiṣẹ ni agbara pẹlu faili akojoro kan:
ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************
PLAY RECAP ************************************************************************************************************************************Ti o ba ni iwọle si ssh si ogun ti a sọ pato, lẹhinna o ṣeeṣe yoo sopọ ati gba alaye nipa eto isakoṣo latọna jijin. (aiyipada awọn iṣẹ-ṣiṣe [Gathering Facts]) lẹhin eyi o yoo fun kukuru kan Iroyin lori ipaniyan (PLAY RECAP).
Nipa aiyipada, asopọ naa nlo orukọ olumulo labẹ eyiti o ti wọle sinu eto naa. O ṣeese kii yoo wa lori agbalejo naa. Ninu faili iwe-iṣere, o le pato olumulo wo ti yoo lo lati sopọ nipa lilo itọnisọna remote_user. Pẹlupẹlu, alaye nipa eto isakoṣo latọna jijin le ma jẹ dandan fun ọ nigbagbogbo ati pe o ko yẹ ki o padanu akoko gbigba rẹ. Iṣẹ yii tun le jẹ alaabo:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: noGbiyanju lati ṣiṣẹ iwe-iṣere lẹẹkansi ati rii daju pe asopọ n ṣiṣẹ. (Ti o ba ṣalaye olumulo gbongbo, lẹhinna o tun nilo lati pato di: itọsọna otitọ lati le ni awọn ẹtọ giga. Bi a ti kọ sinu iwe naa: become set to ‘true’/’yes’ to activate privilege escalation. biotilejepe o jẹ ko o šee igbọkanle idi).
Boya o yoo gba aṣiṣe ti o ṣẹlẹ nipasẹ otitọ pe aibikita ko le pinnu onitumọ Python, lẹhinna o le pato pẹlu ọwọ:
ansible_python_interpreter: /usr/bin/python3 O le wa ibi ti o ni Python pẹlu aṣẹ naa whereis python.
Fifi awọn idii eto
Pinpin boṣewa Ansible pẹlu ọpọlọpọ awọn modulu fun ṣiṣẹ pẹlu ọpọlọpọ awọn idii eto, nitorinaa a ko ni lati kọ awọn iwe afọwọkọ bash fun eyikeyi idi. Bayi a nilo ọkan ninu awọn modulu wọnyi lati ṣe imudojuiwọn eto ati fi awọn idii eto sori ẹrọ. Mo ni Ubuntu Linux lori VPS mi, nitorinaa lati fi sori ẹrọ awọn idii Mo lo apt-get и . Ti o ba nlo ẹrọ ṣiṣe ti o yatọ, lẹhinna o le nilo module ti o yatọ (ranti, Mo sọ ni ibẹrẹ pe a nilo lati mọ tẹlẹ kini ati bii a yoo ṣe). Sibẹsibẹ, awọn sintasi yoo seese jẹ iru.
Jẹ ki a ṣe afikun iwe-iṣere wa pẹlu awọn iṣẹ-ṣiṣe akọkọ:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: presentIṣẹ-ṣiṣe ni pato iṣẹ-ṣiṣe ti Ansible yoo ṣe lori awọn olupin latọna jijin. A fun iṣẹ naa ni orukọ ki a le tọpa ipaniyan rẹ ninu akọọlẹ. Ati pe a ṣe apejuwe, lilo sintasi ti module kan pato, ohun ti o nilo lati ṣe. Fun idi eyi apt: update_cache=yes - wi imudojuiwọn awọn idii eto nipa lilo awọn apt module. Awọn keji pipaṣẹ ni kekere kan diẹ idiju. A ṣe atokọ ti awọn idii si module apt ati sọ pe wọn jẹ state yẹ ki o di present, iyẹn ni, a sọ fi awọn idii wọnyi sori ẹrọ. Lọ́nà kan náà, a lè sọ fún wọn pé kí wọ́n pa wọ́n rẹ́, tàbí kí wọ́n ṣàtúnṣe nípa yíyí wọn padà state. Jọwọ ṣe akiyesi pe fun awọn irin-irin lati ṣiṣẹ pẹlu postgresql a nilo package postgresql-contrib, eyiti a nfi sii ni bayi. Lẹẹkansi, o nilo lati mọ ati ṣe eyi; ansible lori tirẹ kii yoo ṣe eyi.
Gbiyanju lati tun iwe-iṣere ṣiṣẹ lẹẹkansi ki o ṣayẹwo pe awọn idii ti fi sori ẹrọ.
Ṣiṣẹda titun awọn olumulo.
Lati ṣiṣẹ pẹlu awọn olumulo, Ansible tun ni module - olumulo. Jẹ ki a ṣafikun iṣẹ-ṣiṣe kan diẹ sii (Mo tọju awọn apakan ti a ti mọ tẹlẹ ti iwe-iṣere lẹhin awọn asọye ki a ma ṣe daakọ rẹ patapata ni gbogbo igba):
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: my_user
shell: /bin/bash
password: "{{ 123qweasd | password_hash('sha512') }}"A ṣẹda olumulo tuntun, ṣeto schell ati ọrọ igbaniwọle fun rẹ. Ati lẹhinna a ṣiṣe sinu awọn iṣoro pupọ. Kini ti awọn orukọ olumulo ba nilo lati yatọ fun awọn ogun oriṣiriṣi? Ati fifipamọ ọrọ igbaniwọle sinu ọrọ ti o han gbangba ninu iwe-iṣere jẹ imọran buburu pupọ. Lati bẹrẹ pẹlu, jẹ ki a fi orukọ olumulo ati ọrọ igbaniwọle sinu awọn oniyipada, ati si opin nkan naa Emi yoo ṣafihan bi o ṣe le encrypt ọrọ igbaniwọle.
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"Awọn oniyipada ti ṣeto ni awọn iwe-iṣere ni lilo awọn àmúró ilọpo meji.
A yoo tọkasi awọn iye ti awọn oniyipada ninu faili akojo oja:
123.123.123.123
[all:vars]
user=my_user
user_password=123qweasdJọwọ ṣakiyesi itọsọna naa [all:vars] - o sọ pe bulọọki atẹle ti ọrọ jẹ awọn oniyipada (vars) ati pe wọn wulo fun gbogbo awọn ọmọ-ogun (gbogbo).
Awọn oniru jẹ tun awon "{{ user_password | password_hash('sha512') }}". Ohun naa ni pe o ṣeeṣe ko fi olumulo sori ẹrọ nipasẹ user_add bi iwọ yoo ṣe pẹlu ọwọ. Ati pe o fipamọ gbogbo data taara, eyiti o jẹ idi ti a tun gbọdọ yi ọrọ igbaniwọle pada sinu hash ni ilosiwaju, eyiti o jẹ ohun ti aṣẹ yii ṣe.
Jẹ ki a ṣafikun olumulo wa si ẹgbẹ sudo. Sibẹsibẹ, ṣaaju eyi a nilo lati rii daju pe iru ẹgbẹ kan wa nitori ko si ẹnikan ti yoo ṣe eyi fun wa:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"Ohun gbogbo jẹ ohun rọrun, a tun ni module ẹgbẹ kan fun ṣiṣẹda awọn ẹgbẹ, pẹlu kan sintasi gidigidi iru si apt. Lẹhinna o to lati forukọsilẹ ẹgbẹ yii si olumulo (groups: "sudo").
O tun wulo lati ṣafikun bọtini ssh si olumulo yii ki a le wọle ni lilo laisi ọrọ igbaniwọle kan:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentNi idi eyi, awọn oniru jẹ awon "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - o daakọ awọn akoonu inu faili id_rsa.pub (orukọ rẹ le yatọ), iyẹn ni, apakan ti gbogbo eniyan ti bọtini ssh ati gbejade si atokọ ti awọn bọtini aṣẹ fun olumulo lori olupin naa.
Awọn ipa
Gbogbo awọn iṣẹ-ṣiṣe mẹta fun ṣiṣẹda lilo le ni irọrun ti pin si ẹgbẹ kan ti awọn iṣẹ ṣiṣe, ati pe yoo jẹ imọran ti o dara lati tọju ẹgbẹ yii lọtọ lati inu iwe-iṣere akọkọ ki o ma ba dagba ju. Fun idi eyi, Ansible ni .
Gẹgẹbi ọna kika faili ti o tọka ni ibẹrẹ akọkọ, awọn ipa gbọdọ wa ni gbe sinu itọsọna awọn ipa lọtọ, fun ipa kọọkan ni itọsọna lọtọ pẹlu orukọ kanna, inu awọn iṣẹ ṣiṣe, awọn faili, awọn awoṣe, ati bẹbẹ lọ.
Jẹ ki a ṣẹda eto faili kan: ./ansible/roles/user/tasks/main.yml (akọkọ ni faili akọkọ ti yoo kojọpọ ati ṣiṣe nigbati ipa kan ba sopọ mọ iwe-iṣere; awọn faili ipa miiran le sopọ mọ rẹ). Bayi o le gbe gbogbo awọn iṣẹ ṣiṣe ti o ni ibatan si olumulo si faili yii:
# Create user and add him to groups
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentNinu iwe ere akọkọ, o gbọdọ pato lati lo ipa olumulo:
---
- name: Simple playbook
hosts: all
remote_user: root
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: present
roles:
- userPaapaa, o le jẹ oye lati ṣe imudojuiwọn eto ṣaaju gbogbo awọn iṣẹ ṣiṣe miiran; lati ṣe eyi, o le tunrukọ bulọki naa tasks ninu eyi ti won ti wa ni telẹ ni pre_tasks.
Ṣiṣeto nginx
A yẹ ki o ti fi Nginx sori ẹrọ tẹlẹ; a nilo lati tunto rẹ ki o ṣiṣẹ. Jẹ ki a ṣe lẹsẹkẹsẹ ni ipa naa. Jẹ ki a ṣẹda eto faili kan:
- ansible
- roles
- nginx
- files
- tasks
- main.yml
- templatesBayi a nilo awọn faili ati awọn awoṣe. Iyatọ laarin wọn ni pe awọn adakọ awọn faili taara, bi o ṣe jẹ. Ati awọn awoṣe gbọdọ ni itẹsiwaju j2 ati pe wọn le lo awọn iye oniyipada ni lilo awọn àmúró ilọpo meji kanna.
Jẹ ki a mu nginx ṣiṣẹ main.yml faili. Fun eyi a ni module ti eto:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yesNibi a ko sọ nikan pe nginx gbọdọ bẹrẹ (iyẹn ni, a ṣe ifilọlẹ), ṣugbọn a sọ lẹsẹkẹsẹ pe o gbọdọ ṣiṣẹ.
Bayi jẹ ki a daakọ awọn faili iṣeto ni:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'A ṣẹda faili iṣeto nginx akọkọ (o le mu taara lati olupin, tabi kọ funrararẹ). Ati tun faili iṣeto ni fun ohun elo wa ninu awọn aaye_available liana (eyi ko wulo ṣugbọn wulo). Ninu ọran akọkọ, a lo module ẹda lati daakọ awọn faili (faili gbọdọ wa ninu /ansible/roles/nginx/files/nginx.conf). Ni keji, a daakọ awoṣe, rọpo awọn iye ti awọn oniyipada. Awoṣe yẹ ki o wa ninu /ansible/roles/nginx/templates/my_app.j2). Ati pe o le dabi iru eyi:
upstream {{ app_name }} {
server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name {{ server_name }} {{ inventory_hostname }};
root {{ app_path }}/current/public;
try_files $uri/index.html $uri.html $uri @{{ app_name }};
....
}San ifojusi si awọn ifibọ {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} - Iwọnyi jẹ gbogbo awọn oniyipada ti awọn iye wọn Ansible yoo rọpo sinu awoṣe ṣaaju didakọ. Eyi jẹ iwulo ti o ba lo iwe-iṣere fun oriṣiriṣi awọn ẹgbẹ ti ogun. Fun apẹẹrẹ, a le ṣafikun faili akojo oja wa:
[production]
123.123.123.123
[staging]
231.231.231.231
[all:vars]
user=my_user
user_password=123qweasd
[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app
[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_appTi a ba ṣe ifilọlẹ iwe-iṣere wa ni bayi, yoo ṣe awọn iṣẹ ṣiṣe ti a sọ fun awọn agbalejo mejeeji. Ṣugbọn ni akoko kanna, fun alejo gbigba, awọn oniyipada yoo yatọ si awọn iṣelọpọ, kii ṣe ni awọn ipa ati awọn iwe-iṣere nikan, ṣugbọn tun ni awọn atunto nginx. {{ inventory_hostname }} ko nilo lati wa ni pato ninu awọn oja faili - yi ati agbalejo eyiti iwe-iṣere n ṣiṣẹ lọwọlọwọ wa ni ipamọ nibẹ.
Ti o ba fẹ lati ni faili akojo oja fun ọpọlọpọ awọn ogun, ṣugbọn ṣiṣe fun ẹgbẹ kan nikan, eyi le ṣee ṣe pẹlu aṣẹ atẹle:
ansible-playbook -i inventory ./playbook.yml -l "staging"Aṣayan miiran ni lati ni awọn faili akojo oja lọtọ fun awọn ẹgbẹ oriṣiriṣi. Tabi o le darapọ awọn ọna meji ti o ba ni ọpọlọpọ awọn ogun oriṣiriṣi.
Jẹ ki a pada si eto nginx. Lẹhin didakọ awọn faili iṣeto ni, a nilo lati ṣẹda symlink ni sitest_enabled si my_app.conf lati sites_available. Ati tun bẹrẹ nginx.
... # old code in mail.yml
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restartedOhun gbogbo ni o rọrun nibi - lẹẹkansi ansible modulu pẹlu kan iṣẹtọ boṣewa sintasi. Ṣugbọn aaye kan wa. Ko si aaye ni tun bẹrẹ nginx ni gbogbo igba. Njẹ o ṣe akiyesi pe a ko kọ awọn aṣẹ bii: “Ṣe eyi bii eyi”, sintasi naa dabi “eyi yẹ ki o ni ipo yii”. Ati pupọ julọ eyi ni deede bi o ṣe le ṣiṣẹ. Ti ẹgbẹ ba wa tẹlẹ, tabi package eto ti fi sori ẹrọ tẹlẹ, lẹhinna ansible yoo ṣayẹwo fun eyi ki o foju iṣẹ naa. Pẹlupẹlu, awọn faili kii yoo ṣe daakọ ti wọn ba baamu patapata ohun ti o wa tẹlẹ lori olupin naa. A le lo anfani eyi ki o tun bẹrẹ nginx nikan ti awọn faili iṣeto ba ti yipada. Ilana iforukọsilẹ wa fun eyi:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
register: restart_nginx
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'
register: restart_nginx
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restarted
when: restart_nginx.changedTi ọkan ninu awọn faili iṣeto ba yipada, ẹda kan yoo ṣe ati pe oniyipada yoo forukọsilẹ restart_nginx. Ati pe ti oniyipada yii ba ti forukọsilẹ ni iṣẹ naa yoo tun bẹrẹ.
Ati pe, nitorinaa, o nilo lati ṣafikun ipa nginx si iwe-iṣere akọkọ.
Ṣiṣeto postgresql
A nilo lati mu postgresql ṣiṣẹ ni lilo systemd ni ọna kanna bi a ti ṣe pẹlu nginx, ati tun ṣẹda olumulo kan ti a yoo lo lati wọle si data data ati data funrararẹ.
Jẹ ki a ṣẹda ipa kan /ansible/roles/postgresql/tasks/main.yml:
# Create user in postgresql
- name: enable postgresql and start
systemd:
name: postgresql
state: started
enabled: yes
- name: Create database user
become_user: postgres
postgresql_user:
name: "{{ db_user }}"
password: "{{ db_password }}"
role_attr_flags: SUPERUSER
- name: Create database
become_user: postgres
postgresql_db:
name: "{{ db_name }}"
encoding: UTF-8
owner: "{{ db_user }}"Emi kii yoo ṣe apejuwe bi o ṣe le ṣafikun awọn oniyipada si akojo oja, eyi ti ṣe tẹlẹ ni ọpọlọpọ igba, bakanna bi sintasi ti postgresql_db ati awọn modulu postgresql_user. Alaye diẹ sii ni a le rii ninu iwe-ipamọ naa. Ilana ti o nifẹ julọ nibi ni become_user: postgres. Otitọ ni pe nipasẹ aiyipada, olumulo postgres nikan ni iwọle si ibi ipamọ data postgresql ati ni agbegbe nikan. Ilana yii gba wa laaye lati ṣiṣẹ awọn aṣẹ ni ipo olumulo yii (ti a ba ni iwọle, dajudaju).
Paapaa, o le ni lati ṣafikun laini kan si pg_hba.conf lati gba olumulo tuntun laaye si ibi ipamọ data. Eyi le ṣee ṣe ni ọna kanna bi a ṣe yipada atunto nginx.
Ati pe dajudaju, o nilo lati ṣafikun ipa postgresql si iwe-iṣere akọkọ.
Fifi ruby nipasẹ rbenv
Ansible ko ni awọn modulu fun ṣiṣẹ pẹlu rbenv, ṣugbọn o ti fi sori ẹrọ nipasẹ a cloning a git ibi ipamọ. Nitorinaa, iṣoro yii di ọkan ti kii ṣe deede julọ. Jẹ ki a ṣẹda ipa kan fun u /ansible/roles/ruby_rbenv/main.yml ati pe jẹ ki a bẹrẹ sii kun:
# Install rbenv and ruby
- name: Install rbenv
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenvA tun lo itọsọna di_user lati ṣiṣẹ labẹ olumulo ti a ṣẹda fun awọn idi wọnyi. Niwon rbenv ti fi sori ẹrọ ni awọn oniwe-ile liana, ati ki o ko agbaye. Ati pe a tun lo module git lati ṣe oniye ibi-ipamọ, ti n ṣalaye repo ati dest.
Nigbamii, a nilo lati forukọsilẹ rbenv init ni bashrc ati ṣafikun rbenv si PATH nibẹ. Fun eyi a ni module lineinfile:
- name: Add rbenv to PATH
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'
- name: Add rbenv init to bashrc
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'eval "$(rbenv init -)"'Lẹhinna o nilo lati fi sori ẹrọ ruby_build:
- name: Install ruby-build
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-buildAti nikẹhin fi sori ẹrọ Ruby. Eyi ni a ṣe nipasẹ rbenv, iyẹn ni, nìkan pẹlu aṣẹ bash:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
rbenv install {{ ruby_version }}
args:
executable: /bin/bashA sọ iru aṣẹ lati ṣiṣẹ ati pẹlu kini. Sibẹsibẹ, nibi a wa ni otitọ pe aibikita ko ṣiṣẹ koodu ti o wa ninu bashrc ṣaaju ṣiṣe awọn aṣẹ naa. Eyi tumọ si pe rbenv yoo ni lati ṣalaye taara ni iwe afọwọkọ kanna.
Iṣoro atẹle jẹ nitori otitọ pe aṣẹ ikarahun ko ni ipo lati oju wiwo ti o ṣeeṣe. Iyẹn ni, kii yoo si ṣayẹwo laifọwọyi boya ẹya ti ruby ti fi sii tabi rara. A le ṣe eyi funrararẹ:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
if ! rbenv versions | grep -q {{ ruby_version }}
then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
fi
args:
executable: /bin/bashGbogbo ohun ti o ku ni lati fi bundler sori ẹrọ:
- name: Install bundler
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
gem install bundlerAti lẹẹkansi, ṣafikun ipa wa ruby_rbenv si iwe-iṣere akọkọ.
Pipin awọn faili.
Ni gbogbogbo, iṣeto le pari nibi. Nigbamii, gbogbo ohun ti o ku ni lati ṣiṣẹ capistrano ati pe yoo daakọ koodu funrararẹ, ṣẹda awọn ilana pataki ati ṣe ifilọlẹ ohun elo naa (ti ohun gbogbo ba tunto ni deede). Sibẹsibẹ, capistrano nigbagbogbo nilo awọn faili iṣeto ni afikun, gẹgẹbi database.yml tabi .env Wọn le ṣe daakọ gẹgẹbi awọn faili ati awọn awoṣe fun nginx. arekereke kan ṣoṣo ni o wa. Ṣaaju didakọ awọn faili, o nilo lati ṣẹda ilana ilana fun wọn, nkan bii eyi:
# Copy shared files for deploy
- name: Ensure shared dir
become_user: "{{ user }}"
file:
path: "{{ app_path }}/shared/config"
state: directorya pato kan nikan liana ati ansible yoo laifọwọyi ṣẹda awọn obi ti o ba wulo.
Ifinkan Ansible
A ti wa kọja otitọ pe awọn oniyipada le ni data aṣiri ninu gẹgẹbi ọrọ igbaniwọle olumulo. Ti o ba ti ṣẹda .env faili fun ohun elo, ati database.yml lẹhinna o gbọdọ jẹ paapaa iru data pataki diẹ sii. Yoo dara lati fi wọn pamọ lati awọn oju prying. Fun idi eyi o ti lo .
Jẹ ki a ṣẹda faili kan fun awọn oniyipada /ansible/vars/all.yml (nibi o le ṣẹda awọn oriṣiriṣi awọn faili fun oriṣiriṣi awọn ẹgbẹ ti ogun, gẹgẹ bi ninu faili akojoro: production.yml, staging.yml, ati be be lo).
Gbogbo awọn oniyipada ti o gbọdọ jẹ fifi ẹnọ kọ nkan ni a gbọdọ gbe lọ si faili yii ni lilo sintasi yml boṣewa:
# System vars
user_password: 123qweasd
db_password: 123qweasd
# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_baseLẹhin eyi faili yii le jẹ fifipamọ pẹlu aṣẹ:
ansible-vault encrypt ./vars/all.ymlNipa ti, nigba fifi ẹnọ kọ nkan, iwọ yoo nilo lati ṣeto ọrọ igbaniwọle kan fun idinku. O le wo ohun ti yoo wa ninu faili lẹhin pipe aṣẹ yii.
Pẹlu iranlọwọ ansible-vault decrypt faili le ti wa ni decrypted, títúnṣe ati ki o si ti paroko lẹẹkansi.
O ko nilo lati ge faili naa lati ṣiṣẹ. O tọju rẹ ti paroko ati ṣiṣe iwe-iṣere pẹlu ariyanjiyan naa --ask-vault-pass. Ansible yoo beere fun ọrọigbaniwọle, gba awọn oniyipada pada, ati ṣiṣe awọn iṣẹ-ṣiṣe. Gbogbo data yoo wa ni ti paroko.
Aṣẹ pipe fun ọpọlọpọ awọn ẹgbẹ ti awọn ọmọ-ogun ati ifinkan agbara yoo dabi nkan bi eyi:
ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-passṢugbọn Emi kii yoo fun ọ ni kikun ọrọ ti awọn iwe-iṣere ati awọn ipa, kọ funrararẹ. Nitoripe o ṣeeṣe jẹ iru bẹ - ti o ko ba loye ohun ti o nilo lati ṣe, lẹhinna kii yoo ṣe fun ọ.
orisun: www.habr.com