
Kulesi sihloko, ngizokwabelana ngolwazi lwami lokusetha i-CI/CD usebenzisa i-Plesk Control Panel kanye ne-Github Actions. Namuhla sizofunda indlela yokusebenzisa iphrojekthi elula enegama elilula elithi "Helloworld". Ibhalwe kuhlaka lwe-Flask Python, enabasebenzi be-Celery kanye ne-Angular 8 frontend.
Izixhumanisi zamakhosombe: , .
Engxenyeni yokuqala yalesi sihloko, sizobheka umsebenzi wethu nezingxenye zawo. Kweyesibili, sizobona ukuthi singasetha kanjani i-Plesk futhi sifake izandiso ezidingekayo kanye nezingxenye (DB, RabbitMQ, Redis, Docker, njll.).
Engxenyeni yesithathu, ekugcineni sizothola ukuthi singasetha kanjani ipayipi lokuthumela iphrojekthi yethu kuseva endaweni ye-dev ne-prod. Bese sizokwethula isayithi kuseva.
Futhi yebo, ngikhohlwe ukuzethula. Igama lami ngingu-Oleg Borzov, ngingunjiniyela we-fullstack eqenjini le-CRM labaphathi bezezindlu e-Domclick.
Uhlolojikelele lwephrojekthi
Okokuqala, ake sibheke izinqolobane zephrojekthi ezimbili - i-backend nengaphambili - bese sidlula ikhodi.
Ingemuva: Flask+Celery
Okwengxenye engemuva, ngithathe inqwaba edume kakhulu phakathi kwabathuthukisi bePython: uhlaka lweFlask (lwe-API) kanye noCelery (womugqa womsebenzi). I-SQLAchemy isetshenziswa njenge-ORM. I-Alembic isetshenziselwa ukufuduka. Okokuqinisekisa kwe-JSON kuzibambo - Marshmallow.
Π kukhona ifayela le-Readme.md elinencazelo enemininingwane yesakhiwo nemiyalo yokusebenzisa iphrojekthi.
ayinzima kakhulu, iqukethe amapeni ayi-6:
/ping- ukuhlola ukutholakala;- iphatha ukubhaliswa, ukugunyazwa, ukuhoxiswa nokuthola umsebenzisi ogunyaziwe;
- isibambo se-imeyili esibeka umsebenzi kulayini we-Celery.
ngisho kulula, kunenkinga eyodwa kuphela send_mail_task.
Kufolda kukhona amafolda amancane amabili:
dockerngama-Dockerfiles amabili (base.dockerfileukwakha isithombe esiyisisekelo esingavamile ukushintsha futhiDockerfileyemihlangano emikhulu);.env_files- anamafayela anezimo eziguquguqukayo zezindawo ezihlukene.
Kunamafayela amane we-docker-compose kumsuka wephrojekthi:
docker-compose.local.db.ymlukukhulisa idatha yendawo ukuze ithuthukiswe;docker-compose.local.workers.ymlukukhulisa isisebenzi endaweni, isizindalwazi, iRedis kanye neRabbitMQ;docker-compose.test.ymlukwenza izivivinyo ngesikhathi sokuthunyelwa;docker-compose.ymlukuthunyelwa.
Nefolda yokugcina esinentshisekelo kuyo - . Iqukethe imibhalo yegobolondo ukuze isetshenziswe:
deploy.sh- ukwethulwa kokufuduka nokusatshalaliswa. Isebenza kuseva ngemva kokwakha nokusebenzisa izivivinyo kokuthi Izenzo ze-Github;rollback.sh- ukubuyisela emuva kweziqukathi kunguqulo yangaphambilini yomhlangano;curl_tg.sh- ukuthumela izaziso zokuthunyelwa kuTelegram.
Ingaphambili ku-Angular
ilula kakhulu kunekaBeck. Ingaphambili linamakhasi amathathu:
- Ikhasi eliyinhloko elinefomu lokuthumela i-imeyili kanye nenkinobho yokuphuma.
- Ikhasi lokungena.
- Ikhasi lokubhalisa.
Ikhasi eliyinhloko libukeka njenge-ascetic:

Kunamafayela amabili empandeni Dockerfile ΠΈ docker-compose.yml, kanye nefolda ejwayelekile .ci-cd enemibhalo embalwa kancane kunenqolobane engemuva (izikripthi ezikhishiwe zokuqalisa ukuhlolwa).
Ukuqala iphrojekthi e-Plesk
Ake siqale ngokusetha i-Plesk futhi senze ukubhaliswa kwesayithi lethu.
Ifaka izandiso
E-Plesk, sidinga izandiso ezine:
Dockerukuphatha nokubonisa ngokubukeka isimo seziqukathi kuphaneli yokuphatha ye-Plesk;Gitukulungisa isinyathelo sokuphakela kuseva;Let's Encryptukukhiqiza (nokuvuselela ngokuzenzakalela) izitifiketi zamahhala ze-TLS;Firewallukuze ulungiselele ukuhlungwa kwethrafikhi engenayo.
Ungawafaka ngephaneli yomqondisi we-Plesk esigabeni Sezandiso:

Ngeke sicabangele izilungiselelo ezinemininingwane yezandiso, izilungiselelo ezizenzakalelayo zizokwenzela izinjongo zethu zedemo.
Dala ukubhalisa nesayithi
Okulandelayo, sidinga ukudala ukubhaliswa kwewebhusayithi yethu ye-helloworld.ru bese wengeza isizinda esingaphansi kwe-dev.helloworld.ru lapho.
- Dala okubhaliselwe kwesizinda se-helloworld.ru bese ucacise igama-mfihlo lokungena lomsebenzisi wesistimu:

Thikha ibhokisi elingezansi kwekhasi Vikela isizinda ngokuthi Masibetheleuma sifuna ukusetha i-HTTPS yesayithi:
- Okulandelayo, kulokhu kubhaliswa, dala isizinda esingaphansi kwe-dev.helloworld.ru (ongakhipha kuso isitifiketi samahhala se-TLS):

Ifaka Izingxenye Zeseva
Sineseva nayo OS Debian Yelula 9.12 kanye nephaneli yokulawula efakiwe I-Plesk Obsidian 18.0.27.
Sidinga ukufaka futhi silungiselele iphrojekthi yethu:
- I-PostgreSQL (kithi, kuzoba neseva eyodwa enemininingwane emibili yezindawo ze-dev ne-prod).
- I-RabbitMQ (efanayo, isibonelo esifanayo esinama-vhosts ahlukene wezindawo).
- Izimo ezimbili ze-Redis (zezindawo ze-dev neze-prod).
- I-Docker Registry (yesitoreji sendawo sezithombe ze-Docker ezakhiwe).
- I-UI yokubhalisa kwe-Docker.
I-PostgreSQL
I-Plesk isivele iza ne-PostgreSQL DBMS, kodwa hhayi inguqulo yakamuva (ngesikhathi sokubhala i-Plesk Obsidian Izinguqulo ze-Postgres 8.4β10.8). Sifuna inguqulo yakamuva yohlelo lwethu lokusebenza (12.3 ngesikhathi salokhu kubhala), ngakho-ke sizoyifaka mathupha.
Imiyalelo eningiliziwe yokufaka i-Postgres ku Debian Kuningi kakhulu ku-inthanethi (), ngakho-ke ngeke ngibachaze ngokuningiliziwe, ngizovele nginikeze imiyalo:
wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sudo apt-get update
sudo apt-get install postgresql postgresql-contrib
Uma ucabanga ukuthi i-PostgreSQL inezilungiselelo ezizenzakalelayo ezimaphakathi, kuyadingeka ukulungisa ukucushwa. Lokhu kuzosisiza : udinga ukushayela kumapharamitha weseva yakho bese ushintsha izilungiselelo kufayela /etc/postgresql/12/main/postgresql.confkulabo abanikelwe. Kufanele kuqashelwe lapha ukuthi izibali ezinjalo aziyona inhlamvu yomlingo, futhi isisekelo kufanele sishunwe ngokunembile, ngokusekelwe ku-hardware yakho, uhlelo lokusebenza, kanye nemibuzo eyinkimbinkimbi. Kodwa lokhu kwanele ukuqalisa.
Ngokungeziwe kuzilungiselelo ezihlongozwe yisibali, siphinde sishintshe ku postgresql.confichweba elizenzakalelayo 5432 liye kwelinye (esibonelweni sethu - 53983).
Ngemuva kokushintsha ifayela lokucushwa, qala kabusha i-postgresql-server ngomyalo:
service postgresql restart
Siyifakile futhi sayilungisa i-PostgreSQL. Manje ake sakhe isizindalwazi, abasebenzisi bezindawo ze-dev neze-prod, futhi sinikeze abasebenzisi amalungelo okuphatha isizindalwazi:
$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT
RabbitMQ
Ake siqhubekele phambili ekufakeni iRabbitMQ, umthengisi wemiyalezo weCelery. Ifakwe ku Debian Kulula kakhulu:
wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb
sudo apt-get update
sudo apt-get install erlang erlang-nox
sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install rabbitmq-server
Ngemva kokufaka, sidinga ukudala ama-vhosts, abasebenzisi futhi unikeze amalungelo adingekayo:
sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"
sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"
Redis
Manje ake sifake futhi silungiselele ingxenye yokugcina yohlelo lwethu lokusebenza - i-Redis. Izosetshenziswa njenge-backend yokugcina imiphumela yemisebenzi ye-Celery.
Sizophakamisa iziqukathi ezimbili ze-Docker ezine-Redis zendawo ye-dev ne-prod sisebenzisa isandiso Docker ngoba Plesk.
- Siya ku-Plesk, siye esigabeni Sezandiso, bheka isandiso se-Docker bese usifaka (sidinga inguqulo yamahhala):

- Iya kusandiso esifakiwe, thola isithombe ngosesho
redis bitnamibese ufaka inguqulo yakamuva:
- Singena esitsheni esilandiwe futhi silungise ukucushwa: cacisa imbobo, ubukhulu besayizi ye-RAM eyabelwe, iphasiwedi eguquguqukayo endaweni, bese ufaka ivolumu:

- Senza izinyathelo 2-3 zesitsha se-prod, kuzilungiselelo sishintsha kuphela imingcele: i-port, iphasiwedi, usayizi we-RAM nendlela eya kufolda yevolumu kuseva:

I-Docker Registry
Ngokungeziwe kumasevisi ayisisekelo, kungaba kuhle ukubeka eyakho inqolobane yesithombe se-Docker kuseva. Ngenhlanhla, indawo yeseva manje isishibhile impela (impela ishibhile kunokubhaliswa kwe-DockerHub), futhi inqubo yokumisa indawo yokugcina yangasese ilula kakhulu.
Sifuna ukuba:
- Inqolobane ye-Docker evikelwe ngephasiwedi efinyeleleka kusizinda esingaphansi kwesinye ;
- I-UI yokubuka izithombe endaweni yokugcina, etholakala ku- .
Ukwenza lokhu:
- Masidale izizinda ezingaphansi ezimbili ku-Plesk ekubhaliseni kwethu: docker.helloworld.ru kanye ne-docker-ui.helloworld.ru, futhi silungiselele izitifiketi ze-Let's Bethela kuzo.
- Engeza ifayela kufolda yesizinda esingaphansi kwe-docker.helloworld.ru
docker-compose.ymlngokuqukethwe okufana nalokhu:version: "3" services: docker-registry: image: "registry:2" restart: always ports: - "53985:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: basic-realm REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - ./.docker-registry.htpasswd:/auth/.htpasswd - ./data:/data docker-registry-ui: image: konradkleine/docker-registry-frontend:v2 restart: always ports: - "53986:80" environment: VIRTUAL_HOST: '*, https://*' ENV_DOCKER_REGISTRY_HOST: 'docker-registry' ENV_DOCKER_REGISTRY_PORT: 5000 links: - 'docker-registry' - Ngaphansi kwe-SSH, sizokhiqiza ifayela le-.htpasswd lokugunyazwa Okuyisisekelo endaweni ye-Docker:
htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password - Qoqa futhi uphakamise iziqukathi:
docker-compose up -d - Futhi sidinga ukuqondisa kabusha i-Nginx ezitsheni zethu. Lokhu kungenziwa nge-Plesk.
Izinyathelo ezilandelayo kumele zenziwe kusizindalwazi se-docker.helloworld.ru kanye ne-docker-ui.helloworld.ru:
Esigabeni Amathuluzi we-Dev isayithi lethu ukuya ku Imithetho ye-Docker Proxy:

Futhi engeza umthetho kuthrafikhi engenayo yommeleli esiqukathi sethu:

- Sihlola ukuthi singangena yini esitsheni sethu sisuka emshinini wendawo:
$ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded - Ake sihlole nokusebenza kwesizinda esingaphansi kwe-docker-ui.helloworld.ru:

Uma uchofoza kokuthi Phequlula amakhosombe, isiphequluli sizobonisa iwindi lokugunyazwa lapho uzodinga ukufaka igama lomsebenzisi nephasiwedi yendawo yokugcina. Ngemva kwalokho, sizodluliselwa ekhasini elinohlu lwamakhosombe (okwamanje, lizobe lingenalutho kuwena):
Ivula izimbobo ku-Plesk Firewall
Ngemuva kokufaka nokumisa izingxenye, sidinga ukuvula amachweba ukuze izingxenye zifinyeleleke kusuka ezitsheni ze-Docker kanye nenethiwekhi yangaphandle.
Ake sibone ukuthi singakwenza kanjani lokhu sisebenzisa isandiso se-Firewall se-Plesk esisifake ngaphambili.
- Iya ku Amathuluzi Nezilungiselelo > Izilungiselelo > I-Firewall:

- Iya ku Lungisa Imithetho Ye-Plesk Firewall > Engeza Umthetho Wangokwezifiso bese uvule izimbobo ezilandelayo ze-TCP ze-Docker subnet (172.0.0.0 / 8):
RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
Redis: 32785, 32786
- Sizophinda sengeze umthetho ozovula amachweba we-PostgreSQL namaphaneli okuphatha we-RabbitMQ emhlabeni ongaphandle:

- Sebenzisa imithetho usebenzisa inkinobho ethi Faka Izinguquko:

Ukusetha i-CI/CD ku-Github Actions
Ake sehlele engxenyeni ethakazelisa kakhulu - ukumisa ipayipi lokuhlanganisa eliqhubekayo nokuletha iphrojekthi yethu kuseva.
Leli payipi lizoba nezingxenye ezimbili:
- ukwakha isithombe kanye nokuhlolwa okusebenzayo (kwe-backend) - ohlangothini lwe-Github;
- ukufuduka okusebenzayo (kwe-backend) nokuthumela iziqukathi - kuseva.
Thumela ku-Plesk
Ake sibhekane nephuzu lesibili kuqala (ngoba elokuqala lincike kulo).
Sizomisa inqubo yokusebenzisa sisebenzisa isandiso se-Git se-Plesk.
Cabanga ngesibonelo ngendawo ye-Prod yendawo yokugcina i-Backend.
- Siya ekubhaliseni kwewebhusayithi yethu ye-Helloworld bese siya esigatshaneni se-Git:

- Faka isixhumanisi endaweni yethu yokugcina ye-Github kunkambu ethi "Remote Git repository" bese ushintsha ifolda ezenzakalelayo.
httpdocskomunye (isb./httpdocs/hw_back):
- Kopisha ukhiye we-SSH Public kusukela esinyathelweni sangaphambilini futhi ikuzilungiselelo ze-Github.
- Chofoza okuthi KULUNGILE esikrinini esinyathelweni sesi-2, ngemuva kwalokho sizoqondiswa kabusha ekhasini eliyinqolobane e-Plesk. Manje sidinga ukulungisa indawo yokugcina ukuze ibuyekezwe ekuzinikeleni egatsheni eliyinhloko. Ukuze wenze lokhu, yiya ku Izilungiselelo Zendawo yokugcina futhi ulondoloze inani
Webhook URL(sizoyidinga kamuva lapho sisetha Izenzo ze-Github):
- Enkambini Yezenzo esikrinini esigabeni sangaphambilini, faka umbhalo ukuze uqalise ukusetshenziswa:
cd {REPOSITORY_ABSOLUTE_PATH} .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID}lapho:
{REPOSITORY_ABSOLUTE_PATH}- indlela eya kufolda ye-prod ye-backend repository kuseva;
{ENV}- imvelo (dev / prod), kithiprod;
{DOCKER_REGISTRY_HOST}- umsingathi wendawo yethu yokugcina idokhu
{TG_BOT_TOKEN}- Ithokheni ye-Telegraph bot;
{TG_CHAT_ID}- I-ID yengxoxo/ yesiteshi sokuthumela izaziso.Isibonelo sombhalo:
cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/ .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890 - Sengeza umsebenzisi osuka ekubhaliseni kwethu eqenjini le-Docker (ukuze akwazi ukuphatha iziqukathi):
sudo usermod -aG docker helloworld_admin
Imvelo ye-dev yendawo yokugcina engemuva kanye nendawo engaphambili zisethwe ngendlela efanayo.
Ipayipi lokusatshalaliswa ku-Github Actions
Masiqhubekele phambili ekumiseni ingxenye yokuqala yepayipi lethu le-CI/CD ku-Github Actions.
Emuva emuva
Ipayipi lichazwe ku .
Kepha ngaphambi kokuyihlukanisa, ake sigcwalise okuguquguqukayo okuyimfihlo esikudingayo ku-Github. Ukuze wenze lokhu, yiya ku Izilungiselelo -> Izimfihlo:
DOCKER_REGISTRY- umphathi wendawo yethu yokugcina i-Docker (docker.helloworld.ru);DOCKER_LOGIN- ngena endaweni yokugcina i-Docker;DOCKER_PASSWORD- iphasiwedi kuyo;DEPLOY_HOST- phatha lapho kutholakala khona iphaneli yokuphatha ye-Plesk (isibonelo: :8443 noma :8443);DEPLOY_BACK_PROD_TOKEN- ithokheni yokuthunyelwa ku-prod-repository kuseva (siyithole kokuthi Ukuthunyelwa ku-Plesk p. 4);DEPLOY_BACK_DEV_TOKEN- ithokheni yokuthunyelwa endaweni yokugcina ye-dev kuseva.
Inqubo yokuthumela ilula futhi inezinyathelo ezintathu eziyinhloko:
- ukwakha nokushicilela isithombe endaweni yethu yokugcina;
- ukuqhuba izivivinyo esitsheni esisekelwe esithombeni esisanda kwakhiwa;
- ukuthunyelwa endaweni oyifunayo kuye ngegatsha (dev/master).
Frontend
ihluke kancane kwekaBeck. Ayinasinyathelo esinokuhlolwa okusebenzayo futhi ishintsha amagama amathokheni ukuze asetshenziswe. Izimfihlo zenqolobane yangaphambili, ngendlela, zidinga ukugcwaliswa ngokwehlukana.
Ukusethwa kwesayithi
Ingenisa ithrafikhi nge-Nginx
Hhayi-ke, sesifike ekugcineni. Kusele kuphela ukulungisa ukufakwa kommeleli kwethrafikhi engenayo nephumayo esitsheni sethu nge-Nginx. Sesiyifakile le nqubo esinyathelweni sesi-5 sokusethwa kwe-Docker Registry. Okufanayo kufanele kuphindwe ezingxenyeni ezingemuva nangaphambili ezindaweni ze-dev ne-prod.
Ngizohlinzeka ngezithombe-skrini zezilungiselelo.
Emuva emuva

Frontend

Ukucaciswa okubalulekile. Wonke ama-URL azokwenziwa ummeleli esiqukathi esingaphambili, ngaphandle kwalawo aqala ngawo /api/ - zizofakwa kwisitsha esingemuva (ngakho esitsheni esingemuva, zonke izibambi kufanele ziqale ngazo /api/).
Imiphumela
Manje isayithi lethu kufanele litholakale ku-helloworld.ru naku-dev.helloworld.ru (prod- and dev-environments, ngokulandelana).
Sekukonke, sifunde ukulungisa uhlelo lokusebenza olulula ku-Flask ne-Angular futhi simise ipayipi ku-Github Actions ukuze siyikhiphele kuseva esebenzisa i-Plesk.
Ngizophinda izixhumanisi zamakhosombe ngekhodi: , .
Source: www.habr.com
