Kulesi sihloko, ngizokwabelana ngolwazi lwami lokusetha i-CI/CD usebenzisa i-Plesk Control Panel kanye ne-Github Actions. Namuhla sizofunda indlela yokusebenzisa iphrojekthi elula enegama elilula elithi "Helloworld". Ibhalwe kuhlaka lwe-Flask Python, enabasebenzi be-Celery kanye ne-Angular 8 frontend.
Izixhumanisi zamakhosombe:
Engxenyeni yokuqala yalesi sihloko, sizobheka umsebenzi wethu nezingxenye zawo. Kweyesibili, sizobona ukuthi singasetha kanjani i-Plesk futhi sifake izandiso ezidingekayo kanye nezingxenye (DB, RabbitMQ, Redis, Docker, njll.).
Engxenyeni yesithathu, ekugcineni sizothola ukuthi singasetha kanjani ipayipi lokuthumela iphrojekthi yethu kuseva endaweni ye-dev ne-prod. Bese sizokwethula isayithi kuseva.
Futhi yebo, ngikhohlwe ukuzethula. Igama lami ngingu-Oleg Borzov, ngingunjiniyela we-fullstack eqenjini le-CRM labaphathi bezezindlu e-Domclick.
Uhlolojikelele lwephrojekthi
Okokuqala, ake sibheke izinqolobane zephrojekthi ezimbili - i-backend nengaphambili - bese sidlula ikhodi.
Ingemuva: Flask+Celery
Okwengxenye engemuva, ngithathe inqwaba edume kakhulu phakathi kwabathuthukisi bePython: uhlaka lweFlask (lwe-API) kanye noCelery (womugqa womsebenzi). I-SQLAchemy isetshenziswa njenge-ORM. I-Alembic isetshenziselwa ukufuduka. Okokuqinisekisa kwe-JSON kuzibambo - Marshmallow.
Π
/ping
- ukuhlola ukutholakala;- iphatha ukubhaliswa, ukugunyazwa, ukuhoxiswa nokuthola umsebenzisi ogunyaziwe;
- isibambo se-imeyili esibeka umsebenzi kulayini we-Celery.
send_mail_task
.
Kufolda
docker
ngama-Dockerfiles amabili (base.dockerfile
ukwakha isithombe esiyisisekelo esingavamile ukushintsha futhiDockerfile
yemihlangano emikhulu);.env_files
- anamafayela anezimo eziguquguqukayo zezindawo ezihlukene.
Kunamafayela amane we-docker-compose kumsuka wephrojekthi:
docker-compose.local.db.yml
ukukhulisa idatha yendawo ukuze ithuthukiswe;docker-compose.local.workers.yml
ukukhulisa isisebenzi endaweni, isizindalwazi, iRedis kanye neRabbitMQ;docker-compose.test.yml
ukwenza izivivinyo ngesikhathi sokuthunyelwa;docker-compose.yml
ukuthunyelwa.
Nefolda yokugcina esinentshisekelo kuyo -
deploy.sh
- ukwethulwa kokufuduka nokusatshalaliswa. Isebenza kuseva ngemva kokwakha nokusebenzisa izivivinyo kokuthi Izenzo ze-Github;rollback.sh
- ukubuyisela emuva kweziqukathi kunguqulo yangaphambilini yomhlangano;curl_tg.sh
- ukuthumela izaziso zokuthunyelwa kuTelegram.
Ingaphambili ku-Angular
- Ikhasi eliyinhloko elinefomu lokuthumela i-imeyili kanye nenkinobho yokuphuma.
- Ikhasi lokungena.
- Ikhasi lokubhalisa.
Ikhasi eliyinhloko libukeka njenge-ascetic:
Kunamafayela amabili empandeni Dockerfile
ΠΈ docker-compose.yml
, kanye nefolda ejwayelekile .ci-cd
enemibhalo embalwa kancane kunenqolobane engemuva (izikripthi ezikhishiwe zokuqalisa ukuhlolwa).
Ukuqala iphrojekthi e-Plesk
Ake siqale ngokusetha i-Plesk futhi senze ukubhaliswa kwesayithi lethu.
Ifaka izandiso
E-Plesk, sidinga izandiso ezine:
Docker
ukuphatha nokubonisa ngokubukeka isimo seziqukathi kuphaneli yokuphatha ye-Plesk;Git
ukulungisa isinyathelo sokuphakela kuseva;Let's Encrypt
ukukhiqiza (nokuvuselela ngokuzenzakalela) izitifiketi zamahhala ze-TLS;Firewall
ukuze ulungiselele ukuhlungwa kwethrafikhi engenayo.
Ungawafaka ngephaneli yomqondisi we-Plesk esigabeni Sezandiso:
Ngeke sicabangele izilungiselelo ezinemininingwane yezandiso, izilungiselelo ezizenzakalelayo zizokwenzela izinjongo zethu zedemo.
Dala ukubhalisa nesayithi
Okulandelayo, sidinga ukudala ukubhaliswa kwewebhusayithi yethu ye-helloworld.ru bese wengeza isizinda esingaphansi kwe-dev.helloworld.ru lapho.
- Dala okubhaliselwe kwesizinda se-helloworld.ru bese ucacise igama-mfihlo lokungena lomsebenzisi wesistimu:
Thikha ibhokisi elingezansi kwekhasi Vikela isizinda ngokuthi Masibetheleuma sifuna ukusetha i-HTTPS yesayithi: - Okulandelayo, kulokhu kubhaliswa, dala isizinda esingaphansi kwe-dev.helloworld.ru (ongakhipha kuso isitifiketi samahhala se-TLS):
Ifaka Izingxenye Zeseva
Sineseva nayo I-OS Debian Stretch 9.12 kanye nephaneli yokulawula efakiwe I-Plesk Obsidian 18.0.27.
Sidinga ukufaka futhi silungiselele iphrojekthi yethu:
- I-PostgreSQL (kithi, kuzoba neseva eyodwa enemininingwane emibili yezindawo ze-dev ne-prod).
- I-RabbitMQ (efanayo, isibonelo esifanayo esinama-vhosts ahlukene wezindawo).
- Izimo ezimbili ze-Redis (zezindawo ze-dev neze-prod).
- I-Docker Registry (yesitoreji sendawo sezithombe ze-Docker ezakhiwe).
- I-UI yokubhalisa kwe-Docker.
I-PostgreSQL
I-Plesk isivele iza ne-PostgreSQL DBMS, kodwa hhayi inguqulo yakamuva (ngesikhathi sokubhala i-Plesk Obsidian
Kunemiyalelo eminingi enemininingwane yokufaka i-Postgres ku-Debian enetheni (
wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sudo apt-get update
sudo apt-get install postgresql postgresql-contrib
Uma ucabanga ukuthi i-PostgreSQL inezilungiselelo ezizenzakalelayo ezimaphakathi, kuyadingeka ukulungisa ukucushwa. Lokhu kuzosisiza /etc/postgresql/12/main/postgresql.conf
kulabo abanikelwe. Kufanele kuqashelwe lapha ukuthi izibali ezinjalo aziyona inhlamvu yomlingo, futhi isisekelo kufanele sishunwe ngokunembile, ngokusekelwe ku-hardware yakho, uhlelo lokusebenza, kanye nemibuzo eyinkimbinkimbi. Kodwa lokhu kwanele ukuqalisa.
Ngokungeziwe kuzilungiselelo ezihlongozwe yisibali, siphinde sishintshe ku postgresql.conf
ichweba elizenzakalelayo 5432 liye kwelinye (esibonelweni sethu - 53983).
Ngemuva kokushintsha ifayela lokucushwa, qala kabusha i-postgresql-server ngomyalo:
service postgresql restart
Siyifakile futhi sayilungisa i-PostgreSQL. Manje ake sakhe isizindalwazi, abasebenzisi bezindawo ze-dev neze-prod, futhi sinikeze abasebenzisi amalungelo okuphatha isizindalwazi:
$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT
RabbitMQ
Masiqhubekele ekufakeni i-RabbitMQ, umthengisi wemilayezo ye-Celery. Ukuyifaka ku-Debian kulula kakhulu:
wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb
sudo apt-get update
sudo apt-get install erlang erlang-nox
sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install rabbitmq-server
Ngemva kokufaka, sidinga ukudala ama-vhosts, abasebenzisi futhi unikeze amalungelo adingekayo:
sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"
sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"
Redis
Manje ake sifake futhi silungiselele ingxenye yokugcina yohlelo lwethu lokusebenza - i-Redis. Izosetshenziswa njenge-backend yokugcina imiphumela yemisebenzi ye-Celery.
Sizophakamisa iziqukathi ezimbili ze-Docker ezine-Redis zendawo ye-dev ne-prod sisebenzisa isandiso Docker
ngoba Plesk.
- Siya ku-Plesk, siye esigabeni Sezandiso, bheka isandiso se-Docker bese usifaka (sidinga inguqulo yamahhala):
- Iya kusandiso esifakiwe, thola isithombe ngosesho
redis bitnami
bese ufaka inguqulo yakamuva: - Singena esitsheni esilandiwe futhi silungise ukucushwa: cacisa imbobo, ubukhulu besayizi ye-RAM eyabelwe, iphasiwedi eguquguqukayo endaweni, bese ufaka ivolumu:
- Senza izinyathelo 2-3 zesitsha se-prod, kuzilungiselelo sishintsha kuphela imingcele: i-port, iphasiwedi, usayizi we-RAM nendlela eya kufolda yevolumu kuseva:
I-Docker Registry
Ngokungeziwe kumasevisi ayisisekelo, kungaba kuhle ukubeka eyakho inqolobane yesithombe se-Docker kuseva. Ngenhlanhla, indawo yeseva manje isishibhile impela (impela ishibhile kunokubhaliswa kwe-DockerHub), futhi inqubo yokumisa indawo yokugcina yangasese ilula kakhulu.
Sifuna ukuba:
- Inqolobane ye-Docker evikelwe ngephasiwedi efinyeleleka kusizinda esingaphansi kwesinye
https://docker.helloworld.ru ; - I-UI yokubuka izithombe endaweni yokugcina, etholakala ku-
https://docker-ui.helloworld.ru .
Ukwenza lokhu:
- Masidale izizinda ezingaphansi ezimbili ku-Plesk ekubhaliseni kwethu: docker.helloworld.ru kanye ne-docker-ui.helloworld.ru, futhi silungiselele izitifiketi ze-Let's Bethela kuzo.
- Engeza ifayela kufolda yesizinda esingaphansi kwe-docker.helloworld.ru
docker-compose.yml
ngokuqukethwe okufana nalokhu:version: "3" services: docker-registry: image: "registry:2" restart: always ports: - "53985:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: basic-realm REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - ./.docker-registry.htpasswd:/auth/.htpasswd - ./data:/data docker-registry-ui: image: konradkleine/docker-registry-frontend:v2 restart: always ports: - "53986:80" environment: VIRTUAL_HOST: '*, https://*' ENV_DOCKER_REGISTRY_HOST: 'docker-registry' ENV_DOCKER_REGISTRY_PORT: 5000 links: - 'docker-registry'
- Ngaphansi kwe-SSH, sizokhiqiza ifayela le-.htpasswd lokugunyazwa Okuyisisekelo endaweni ye-Docker:
htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password
- Qoqa futhi uphakamise iziqukathi:
docker-compose up -d
- Futhi sidinga ukuqondisa kabusha i-Nginx ezitsheni zethu. Lokhu kungenziwa nge-Plesk.
Izinyathelo ezilandelayo kumele zenziwe kusizindalwazi se-docker.helloworld.ru kanye ne-docker-ui.helloworld.ru:
Esigabeni Amathuluzi we-Dev isayithi lethu ukuya ku Imithetho ye-Docker Proxy:
Futhi engeza umthetho kuthrafikhi engenayo yommeleli esiqukathi sethu:
- Sihlola ukuthi singangena yini esitsheni sethu sisuka emshinini wendawo:
$ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded
- Ake sihlole nokusebenza kwesizinda esingaphansi kwe-docker-ui.helloworld.ru:
Uma uchofoza kokuthi Phequlula amakhosombe, isiphequluli sizobonisa iwindi lokugunyazwa lapho uzodinga ukufaka igama lomsebenzisi nephasiwedi yendawo yokugcina. Ngemva kwalokho, sizodluliselwa ekhasini elinohlu lwamakhosombe (okwamanje, lizobe lingenalutho kuwena):
Ivula izimbobo ku-Plesk Firewall
Ngemuva kokufaka nokumisa izingxenye, sidinga ukuvula amachweba ukuze izingxenye zifinyeleleke kusuka ezitsheni ze-Docker kanye nenethiwekhi yangaphandle.
Ake sibone ukuthi singakwenza kanjani lokhu sisebenzisa isandiso se-Firewall se-Plesk esisifake ngaphambili.
- Iya ku Amathuluzi Nezilungiselelo > Izilungiselelo > I-Firewall:
- Iya ku Lungisa Imithetho Ye-Plesk Firewall > Engeza Umthetho Wangokwezifiso bese uvule izimbobo ezilandelayo ze-TCP ze-Docker subnet (172.0.0.0 / 8):
RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
Redis: 32785, 32786 - Sizophinda sengeze umthetho ozovula amachweba we-PostgreSQL namaphaneli okuphatha we-RabbitMQ emhlabeni ongaphandle:
- Sebenzisa imithetho usebenzisa inkinobho ethi Faka Izinguquko:
Ukusetha i-CI/CD ku-Github Actions
Ake sehlele engxenyeni ethakazelisa kakhulu - ukumisa ipayipi lokuhlanganisa eliqhubekayo nokuletha iphrojekthi yethu kuseva.
Leli payipi lizoba nezingxenye ezimbili:
- ukwakha isithombe kanye nokuhlolwa okusebenzayo (kwe-backend) - ohlangothini lwe-Github;
- ukufuduka okusebenzayo (kwe-backend) nokuthumela iziqukathi - kuseva.
Thumela ku-Plesk
Ake sibhekane nephuzu lesibili kuqala (ngoba elokuqala lincike kulo).
Sizomisa inqubo yokusebenzisa sisebenzisa isandiso se-Git se-Plesk.
Cabanga ngesibonelo ngendawo ye-Prod yendawo yokugcina i-Backend.
- Siya ekubhaliseni kwewebhusayithi yethu ye-Helloworld bese siya esigatshaneni se-Git:
- Faka isixhumanisi endaweni yethu yokugcina ye-Github kunkambu ethi "Remote Git repository" bese ushintsha ifolda ezenzakalelayo.
httpdocs
komunye (isb./httpdocs/hw_back
): - Kopisha ukhiye we-SSH Public kusukela esinyathelweni sangaphambilini futhi
engeza ikuzilungiselelo ze-Github. - Chofoza okuthi KULUNGILE esikrinini esinyathelweni sesi-2, ngemuva kwalokho sizoqondiswa kabusha ekhasini eliyinqolobane e-Plesk. Manje sidinga ukulungisa indawo yokugcina ukuze ibuyekezwe ekuzinikeleni egatsheni eliyinhloko. Ukuze wenze lokhu, yiya ku Izilungiselelo Zendawo yokugcina futhi ulondoloze inani
Webhook URL
(sizoyidinga kamuva lapho sisetha Izenzo ze-Github): - Enkambini Yezenzo esikrinini esigabeni sangaphambilini, faka umbhalo ukuze uqalise ukusetshenziswa:
cd {REPOSITORY_ABSOLUTE_PATH} .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID}
lapho:
{REPOSITORY_ABSOLUTE_PATH}
- indlela eya kufolda ye-prod ye-backend repository kuseva;
{ENV}
- imvelo (dev / prod), kithiprod
;
{DOCKER_REGISTRY_HOST}
- umsingathi wendawo yethu yokugcina idokhu
{TG_BOT_TOKEN}
- Ithokheni ye-Telegraph bot;
{TG_CHAT_ID}
- I-ID yengxoxo/ yesiteshi sokuthumela izaziso.Isibonelo sombhalo:
cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/ .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890
- Sengeza umsebenzisi osuka ekubhaliseni kwethu eqenjini le-Docker (ukuze akwazi ukuphatha iziqukathi):
sudo usermod -aG docker helloworld_admin
Imvelo ye-dev yendawo yokugcina engemuva kanye nendawo engaphambili zisethwe ngendlela efanayo.
Ipayipi lokusatshalaliswa ku-Github Actions
Masiqhubekele phambili ekumiseni ingxenye yokuqala yepayipi lethu le-CI/CD ku-Github Actions.
Emuva emuva
Ipayipi lichazwe ku
Kepha ngaphambi kokuyihlukanisa, ake sigcwalise okuguquguqukayo okuyimfihlo esikudingayo ku-Github. Ukuze wenze lokhu, yiya ku Izilungiselelo -> Izimfihlo:
DOCKER_REGISTRY
- umphathi wendawo yethu yokugcina i-Docker (docker.helloworld.ru);DOCKER_LOGIN
- ngena endaweni yokugcina i-Docker;DOCKER_PASSWORD
- iphasiwedi kuyo;DEPLOY_HOST
- phatha lapho kutholakala khona iphaneli yokuphatha ye-Plesk (isibonelo:helloworld.ru :8443 noma123.4.56.78 :8443);DEPLOY_BACK_PROD_TOKEN
- ithokheni yokuthunyelwa ku-prod-repository kuseva (siyithole kokuthi Ukuthunyelwa ku-Plesk p. 4);DEPLOY_BACK_DEV_TOKEN
- ithokheni yokuthunyelwa endaweni yokugcina ye-dev kuseva.
Inqubo yokuthumela ilula futhi inezinyathelo ezintathu eziyinhloko:
- ukwakha nokushicilela isithombe endaweni yethu yokugcina;
- ukuqhuba izivivinyo esitsheni esisekelwe esithombeni esisanda kwakhiwa;
- ukuthunyelwa endaweni oyifunayo kuye ngegatsha (dev/master).
Frontend
Ukusethwa kwesayithi
Ingenisa ithrafikhi nge-Nginx
Hhayi-ke, sesifike ekugcineni. Kusele kuphela ukulungisa ukufakwa kommeleli kwethrafikhi engenayo nephumayo esitsheni sethu nge-Nginx. Sesiyifakile le nqubo esinyathelweni sesi-5 sokusethwa kwe-Docker Registry. Okufanayo kufanele kuphindwe ezingxenyeni ezingemuva nangaphambili ezindaweni ze-dev ne-prod.
Ngizohlinzeka ngezithombe-skrini zezilungiselelo.
Emuva emuva
Frontend
Ukucaciswa okubalulekile. Wonke ama-URL azokwenziwa ummeleli esiqukathi esingaphambili, ngaphandle kwalawo aqala ngawo /api/
- zizofakwa kwisitsha esingemuva (ngakho esitsheni esingemuva, zonke izibambi kufanele ziqale ngazo /api/
).
Imiphumela
Manje isayithi lethu kufanele litholakale ku-helloworld.ru naku-dev.helloworld.ru (prod- and dev-environments, ngokulandelana).
Sekukonke, sifunde ukulungisa uhlelo lokusebenza olulula ku-Flask ne-Angular futhi simise ipayipi ku-Github Actions ukuze siyikhiphele kuseva esebenzisa i-Plesk.
Ngizophinda izixhumanisi zamakhosombe ngekhodi:
Source: www.habr.com