Kulesi sihloko, ngizokwabelana ngolwazi lwami lokusetha i-CI/CD usebenzisa i-Plesk Control Panel kanye ne-Github Actions. Namuhla sizofunda indlela yokusebenzisa iphrojekthi elula enegama elilula elithi "Helloworld". Ibhalwe kuhlaka lwe-Flask Python, enabasebenzi be-Celery kanye ne-Angular 8 frontend.

Izixhumanisi zamakhosombe: ingemuva, ingaphambili.

Engxenyeni yokuqala yalesi sihloko, sizobheka umsebenzi wethu nezingxenye zawo. Kweyesibili, sizobona ukuthi singasetha kanjani i-Plesk futhi sifake izandiso ezidingekayo kanye nezingxenye (DB, RabbitMQ, Redis, Docker, njll.).

Engxenyeni yesithathu, ekugcineni sizothola ukuthi singasetha kanjani ipayipi lokuthumela iphrojekthi yethu kuseva endaweni ye-dev ne-prod. Bese sizokwethula isayithi kuseva.

Futhi yebo, ngikhohlwe ukuzethula. Igama lami ngingu-Oleg Borzov, ngingunjiniyela we-fullstack eqenjini le-CRM labaphathi bezezindlu e-Domclick.

Uhlolojikelele lwephrojekthi

Okokuqala, ake sibheke izinqolobane zephrojekthi ezimbili - i-backend nengaphambili - bese sidlula ikhodi.

Ingemuva: Flask+Celery

Okwengxenye engemuva, ngithathe inqwaba edume kakhulu phakathi kwabathuthukisi bePython: uhlaka lweFlask (lwe-API) kanye noCelery (womugqa womsebenzi). I-SQLAchemy isetshenziswa njenge-ORM. I-Alembic isetshenziselwa ukufuduka. Okokuqinisekisa kwe-JSON kuzibambo - Marshmallow.

В izinqolobane kukhona ifayela le-Readme.md elinencazelo enemininingwane yesakhiwo nemiyalo yokusebenzisa iphrojekthi.

I-Web Part API ayinzima kakhulu, iqukethe amapeni ayi-6:

• /ping - ukuhlola ukutholakala;
• iphatha ukubhaliswa, ukugunyazwa, ukuhoxiswa nokuthola umsebenzisi ogunyaziwe;
• isibambo se-imeyili esibeka umsebenzi kulayini we-Celery.

Ingxenye yesilimo esidliwayo esinamagatsha anamanzi ngisho kulula, kunenkinga eyodwa kuphela send_mail_task.

Kufolda /conf kukhona amafolda amancane amabili:

• docker ngama-Dockerfiles amabili (base.dockerfile ukwakha isithombe esiyisisekelo esingavamile ukushintsha futhi Dockerfile yemihlangano emikhulu);
• .env_files - anamafayela anezimo eziguquguqukayo zezindawo ezihlukene.

Kunamafayela amane we-docker-compose kumsuka wephrojekthi:

• docker-compose.local.db.yml ukukhulisa idatha yendawo ukuze ithuthukiswe;
• docker-compose.local.workers.yml ukukhulisa isisebenzi endaweni, isizindalwazi, iRedis kanye neRabbitMQ;
• docker-compose.test.yml ukwenza izivivinyo ngesikhathi sokuthunyelwa;
• docker-compose.yml ukuthunyelwa.

Nefolda yokugcina esinentshisekelo kuyo - .ci-cd. Iqukethe imibhalo yegobolondo ukuze isetshenziswe:

• deploy.sh - ukwethulwa kokufuduka nokusatshalaliswa. Isebenza kuseva ngemva kokwakha nokusebenzisa izivivinyo kokuthi Izenzo ze-Github;
• rollback.sh - ukubuyisela emuva kweziqukathi kunguqulo yangaphambilini yomhlangano;
• curl_tg.sh - ukuthumela izaziso zokuthunyelwa kuTelegram.

Ingaphambili ku-Angular

Inqolobane enangaphambili ilula kakhulu kunekaBeck. Ingaphambili linamakhasi amathathu:

• Ikhasi eliyinhloko elinefomu lokuthumela i-imeyili kanye nenkinobho yokuphuma.
• Ikhasi lokungena.
• Ikhasi lokubhalisa.

Ikhasi eliyinhloko libukeka njenge-ascetic:

Kunamafayela amabili empandeni Dockerfile и docker-compose.yml, kanye nefolda ejwayelekile .ci-cd enemibhalo embalwa kancane kunenqolobane engemuva (izikripthi ezikhishiwe zokuqalisa ukuhlolwa).

Ukuqala iphrojekthi e-Plesk

Ake siqale ngokusetha i-Plesk futhi senze ukubhaliswa kwesayithi lethu.

Ifaka izandiso

E-Plesk, sidinga izandiso ezine:

• Docker ukuphatha nokubonisa ngokubukeka isimo seziqukathi kuphaneli yokuphatha ye-Plesk;
• Git ukulungisa isinyathelo sokuphakela kuseva;
• Let's Encrypt ukukhiqiza (nokuvuselela ngokuzenzakalela) izitifiketi zamahhala ze-TLS;
• Firewall ukuze ulungiselele ukuhlungwa kwethrafikhi engenayo.

Ungawafaka ngephaneli yomqondisi we-Plesk esigabeni Sezandiso:

Ngeke sicabangele izilungiselelo ezinemininingwane yezandiso, izilungiselelo ezizenzakalelayo zizokwenzela izinjongo zethu zedemo.

Dala ukubhalisa nesayithi

Okulandelayo, sidinga ukudala ukubhaliswa kwewebhusayithi yethu ye-helloworld.ru bese wengeza isizinda esingaphansi kwe-dev.helloworld.ru lapho.

1. Dala okubhaliselwe kwesizinda se-helloworld.ru bese ucacise igama-mfihlo lokungena lomsebenzisi wesistimu:

   
   Thikha ibhokisi elingezansi kwekhasi Vikela isizinda ngokuthi Masibetheleuma sifuna ukusetha i-HTTPS yesayithi:

   

2. Okulandelayo, kulokhu kubhaliswa, dala isizinda esingaphansi kwe-dev.helloworld.ru (ongakhipha kuso isitifiketi samahhala se-TLS):

   

Ifaka Izingxenye Zeseva

Sineseva nayo I-OS Debian Stretch 9.12 kanye nephaneli yokulawula efakiwe I-Plesk Obsidian 18.0.27.

Sidinga ukufaka futhi silungiselele iphrojekthi yethu:

• I-PostgreSQL (kithi, kuzoba neseva eyodwa enemininingwane emibili yezindawo ze-dev ne-prod).
• I-RabbitMQ (efanayo, isibonelo esifanayo esinama-vhosts ahlukene wezindawo).
• Izimo ezimbili ze-Redis (zezindawo ze-dev neze-prod).
• I-Docker Registry (yesitoreji sendawo sezithombe ze-Docker ezakhiwe).
• I-UI yokubhalisa kwe-Docker.

I-PostgreSQL

I-Plesk isivele iza ne-PostgreSQL DBMS, kodwa hhayi inguqulo yakamuva (ngesikhathi sokubhala i-Plesk Obsidian isekelwe Izinguqulo ze-Postgres 8.4–10.8). Sifuna inguqulo yakamuva yohlelo lwethu lokusebenza (12.3 ngesikhathi salokhu kubhala), ngakho-ke sizoyifaka mathupha.

Kunemiyalelo eminingi enemininingwane yokufaka i-Postgres ku-Debian enetheni (isibonelo), ngakho-ke ngeke ngibachaze ngokuningiliziwe, ngizovele nginikeze imiyalo:

wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'

sudo apt-get update
sudo apt-get install postgresql postgresql-contrib

Uma ucabanga ukuthi i-PostgreSQL inezilungiselelo ezizenzakalelayo ezimaphakathi, kuyadingeka ukulungisa ukucushwa. Lokhu kuzosisiza umshini wokubala: udinga ukushayela kumapharamitha weseva yakho bese ushintsha izilungiselelo kufayela /etc/postgresql/12/main/postgresql.confkulabo abanikelwe. Kufanele kuqashelwe lapha ukuthi izibali ezinjalo aziyona inhlamvu yomlingo, futhi isisekelo kufanele sishunwe ngokunembile, ngokusekelwe ku-hardware yakho, uhlelo lokusebenza, kanye nemibuzo eyinkimbinkimbi. Kodwa lokhu kwanele ukuqalisa.

Ngokungeziwe kuzilungiselelo ezihlongozwe yisibali, siphinde sishintshe ku postgresql.confichweba elizenzakalelayo 5432 liye kwelinye (esibonelweni sethu - 53983).

Ngemuva kokushintsha ifayela lokucushwa, qala kabusha i-postgresql-server ngomyalo:

service postgresql restart

Siyifakile futhi sayilungisa i-PostgreSQL. Manje ake sakhe isizindalwazi, abasebenzisi bezindawo ze-dev neze-prod, futhi sinikeze abasebenzisi amalungelo okuphatha isizindalwazi:

$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT

RabbitMQ

Masiqhubekele ekufakeni i-RabbitMQ, umthengisi wemilayezo ye-Celery. Ukuyifaka ku-Debian kulula kakhulu:

wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
sudo dpkg -i erlang-solutions_1.0_all.deb

sudo apt-get update
sudo apt-get install erlang erlang-nox

sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main'
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -

sudo apt-get update
sudo apt-get install rabbitmq-server

Ngemva kokufaka, sidinga ukudala ama-vhosts, abasebenzisi futhi unikeze amalungelo adingekayo:

sudo rabbitmqctl add_user hw_dev_amqp_user hw_dev_amqp_password 
sudo rabbitmqctl set_user_tags hw_dev_amqp_user administrator
sudo rabbitmqctl add_vhost hw_dev_vhost
sudo rabbitmqctl set_permissions -p hw_dev_vhost hw_dev_amqp_user ".*" ".*" ".*"

sudo rabbitmqctl add_user hw_prod_amqp_user hw_prod_amqp_password 
sudo rabbitmqctl set_user_tags hw_prod_amqp_user administrator
sudo rabbitmqctl add_vhost hw_prod_vhost
sudo rabbitmqctl set_permissions -p hw_prod_vhost hw_prod_amqp_user ".*" ".*" ".*"

Redis

Manje ake sifake futhi silungiselele ingxenye yokugcina yohlelo lwethu lokusebenza - i-Redis. Izosetshenziswa njenge-backend yokugcina imiphumela yemisebenzi ye-Celery.

Sizophakamisa iziqukathi ezimbili ze-Docker ezine-Redis zendawo ye-dev ne-prod sisebenzisa isandiso Docker ngoba Plesk.

1. Siya ku-Plesk, siye esigabeni Sezandiso, bheka isandiso se-Docker bese usifaka (sidinga inguqulo yamahhala):

   

2. Iya kusandiso esifakiwe, thola isithombe ngosesho redis bitnami bese ufaka inguqulo yakamuva:

   

3. Singena esitsheni esilandiwe futhi silungise ukucushwa: cacisa imbobo, ubukhulu besayizi ye-RAM eyabelwe, iphasiwedi eguquguqukayo endaweni, bese ufaka ivolumu:

   

4. Senza izinyathelo 2-3 zesitsha se-prod, kuzilungiselelo sishintsha kuphela imingcele: i-port, iphasiwedi, usayizi we-RAM nendlela eya kufolda yevolumu kuseva:

   

I-Docker Registry

Ngokungeziwe kumasevisi ayisisekelo, kungaba kuhle ukubeka eyakho inqolobane yesithombe se-Docker kuseva. Ngenhlanhla, indawo yeseva manje isishibhile impela (impela ishibhile kunokubhaliswa kwe-DockerHub), futhi inqubo yokumisa indawo yokugcina yangasese ilula kakhulu.

Sifuna ukuba:

• Inqolobane ye-Docker evikelwe ngephasiwedi efinyeleleka kusizinda esingaphansi kwesinye https://docker.helloworld.ru;
• I-UI yokubuka izithombe endaweni yokugcina, etholakala ku- https://docker-ui.helloworld.ru.

Ukwenza lokhu:

1. Masidale izizinda ezingaphansi ezimbili ku-Plesk ekubhaliseni kwethu: docker.helloworld.ru kanye ne-docker-ui.helloworld.ru, futhi silungiselele izitifiketi ze-Let's Bethela kuzo.
2. Engeza ifayela kufolda yesizinda esingaphansi kwe-docker.helloworld.ru docker-compose.yml ngokuqukethwe okufana nalokhu:

   version: "3"
   
   services:
     docker-registry:
       image: "registry:2"
       restart: always
       ports:
         - "53985:5000"
       environment:
         REGISTRY_AUTH: htpasswd
         REGISTRY_AUTH_HTPASSWD_REALM: basic-realm
         REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd
         REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
       volumes:
         - ./.docker-registry.htpasswd:/auth/.htpasswd
         - ./data:/data
   
     docker-registry-ui:
       image: konradkleine/docker-registry-frontend:v2
       restart: always
       ports:
         - "53986:80"
       environment:
         VIRTUAL_HOST: '*, https://*'
         ENV_DOCKER_REGISTRY_HOST: 'docker-registry'
         ENV_DOCKER_REGISTRY_PORT: 5000
       links:
         - 'docker-registry'
   

3. Ngaphansi kwe-SSH, sizokhiqiza ifayela le-.htpasswd lokugunyazwa Okuyisisekelo endaweni ye-Docker:

   htpasswd -bBc .htpasswd hw_docker_admin hw_docker_password

4. Qoqa futhi uphakamise iziqukathi:

   docker-compose up -d

5. Futhi sidinga ukuqondisa kabusha i-Nginx ezitsheni zethu. Lokhu kungenziwa nge-Plesk.

Izinyathelo ezilandelayo kumele zenziwe kusizindalwazi se-docker.helloworld.ru kanye ne-docker-ui.helloworld.ru:

Esigabeni Amathuluzi we-Dev isayithi lethu ukuya ku Imithetho ye-Docker Proxy:

Futhi engeza umthetho kuthrafikhi engenayo yommeleli esiqukathi sethu:

1. Sihlola ukuthi singangena yini esitsheni sethu sisuka emshinini wendawo:

   $ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password
   WARNING! Using --password via the CLI is insecure. Use --password-stdin.
   Login Succeeded

2. Ake sihlole nokusebenza kwesizinda esingaphansi kwe-docker-ui.helloworld.ru:

   
   Uma uchofoza kokuthi Phequlula amakhosombe, isiphequluli sizobonisa iwindi lokugunyazwa lapho uzodinga ukufaka igama lomsebenzisi nephasiwedi yendawo yokugcina. Ngemva kwalokho, sizodluliselwa ekhasini elinohlu lwamakhosombe (okwamanje, lizobe lingenalutho kuwena):

   

Ivula izimbobo ku-Plesk Firewall

Ngemuva kokufaka nokumisa izingxenye, sidinga ukuvula amachweba ukuze izingxenye zifinyeleleke kusuka ezitsheni ze-Docker kanye nenethiwekhi yangaphandle.

Ake sibone ukuthi singakwenza kanjani lokhu sisebenzisa isandiso se-Firewall se-Plesk esisifake ngaphambili.

1. Iya ku Amathuluzi Nezilungiselelo > Izilungiselelo > I-Firewall:
   
2. Iya ku Lungisa Imithetho Ye-Plesk Firewall > Engeza Umthetho Wangokwezifiso bese uvule izimbobo ezilandelayo ze-TCP ze-Docker subnet (172.0.0.0 / 8):
   RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
   Redis: 32785, 32786

   

3. Sizophinda sengeze umthetho ozovula amachweba we-PostgreSQL namaphaneli okuphatha we-RabbitMQ emhlabeni ongaphandle:

   

4. Sebenzisa imithetho usebenzisa inkinobho ethi Faka Izinguquko:

   

Ukusetha i-CI/CD ku-Github Actions

Ake sehlele engxenyeni ethakazelisa kakhulu - ukumisa ipayipi lokuhlanganisa eliqhubekayo nokuletha iphrojekthi yethu kuseva.

Leli payipi lizoba nezingxenye ezimbili:

• ukwakha isithombe kanye nokuhlolwa okusebenzayo (kwe-backend) - ohlangothini lwe-Github;
• ukufuduka okusebenzayo (kwe-backend) nokuthumela iziqukathi - kuseva.

Thumela ku-Plesk

Ake sibhekane nephuzu lesibili kuqala (ngoba elokuqala lincike kulo).

Sizomisa inqubo yokusebenzisa sisebenzisa isandiso se-Git se-Plesk.

Cabanga ngesibonelo ngendawo ye-Prod yendawo yokugcina i-Backend.

1. Siya ekubhaliseni kwewebhusayithi yethu ye-Helloworld bese siya esigatshaneni se-Git:

   

2. Faka isixhumanisi endaweni yethu yokugcina ye-Github kunkambu ethi "Remote Git repository" bese ushintsha ifolda ezenzakalelayo. httpdocs komunye (isb. /httpdocs/hw_back):

   

3. Kopisha ukhiye we-SSH Public kusukela esinyathelweni sangaphambilini futhi engeza ikuzilungiselelo ze-Github.
4. Chofoza okuthi KULUNGILE esikrinini esinyathelweni sesi-2, ngemuva kwalokho sizoqondiswa kabusha ekhasini eliyinqolobane e-Plesk. Manje sidinga ukulungisa indawo yokugcina ukuze ibuyekezwe ekuzinikeleni egatsheni eliyinhloko. Ukuze wenze lokhu, yiya ku Izilungiselelo Zendawo yokugcina futhi ulondoloze inani Webhook URL (sizoyidinga kamuva lapho sisetha Izenzo ze-Github):

   

5. Enkambini Yezenzo esikrinini esigabeni sangaphambilini, faka umbhalo ukuze uqalise ukusetshenziswa:

   cd {REPOSITORY_ABSOLUTE_PATH}
   .ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID} 

   lapho:

   {REPOSITORY_ABSOLUTE_PATH} - indlela eya kufolda ye-prod ye-backend repository kuseva;
   {ENV} - imvelo (dev / prod), kithi prod;
   {DOCKER_REGISTRY_HOST} - umsingathi wendawo yethu yokugcina idokhu
   {TG_BOT_TOKEN} - Ithokheni ye-Telegraph bot;
   {TG_CHAT_ID} - I-ID yengxoxo/ yesiteshi sokuthumela izaziso.

   Isibonelo sombhalo:

   cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/
   .ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890

6. Sengeza umsebenzisi osuka ekubhaliseni kwethu eqenjini le-Docker (ukuze akwazi ukuphatha iziqukathi):

   sudo usermod -aG docker helloworld_admin

Imvelo ye-dev yendawo yokugcina engemuva kanye nendawo engaphambili zisethwe ngendlela efanayo.

Ipayipi lokusatshalaliswa ku-Github Actions

Masiqhubekele phambili ekumiseni ingxenye yokuqala yepayipi lethu le-CI/CD ku-Github Actions.

Emuva emuva

Ipayipi lichazwe ku ifayela le-deploy.yml.

Kepha ngaphambi kokuyihlukanisa, ake sigcwalise okuguquguqukayo okuyimfihlo esikudingayo ku-Github. Ukuze wenze lokhu, yiya ku Izilungiselelo -> Izimfihlo:

• DOCKER_REGISTRY - umphathi wendawo yethu yokugcina i-Docker (docker.helloworld.ru);
• DOCKER_LOGIN - ngena endaweni yokugcina i-Docker;
• DOCKER_PASSWORD - iphasiwedi kuyo;
• DEPLOY_HOST - phatha lapho kutholakala khona iphaneli yokuphatha ye-Plesk (isibonelo: helloworld.ru:8443 noma 123.4.56.78:8443);
• DEPLOY_BACK_PROD_TOKEN - ithokheni yokuthunyelwa ku-prod-repository kuseva (siyithole kokuthi Ukuthunyelwa ku-Plesk p. 4);
• DEPLOY_BACK_DEV_TOKEN - ithokheni yokuthunyelwa endaweni yokugcina ye-dev kuseva.

Inqubo yokuthumela ilula futhi inezinyathelo ezintathu eziyinhloko:

• ukwakha nokushicilela isithombe endaweni yethu yokugcina;
• ukuqhuba izivivinyo esitsheni esisekelwe esithombeni esisanda kwakhiwa;
• ukuthunyelwa endaweni oyifunayo kuye ngegatsha (dev/master).

Frontend

Ifayela le-deploy.yml lekhosombe elingaphambili ihluke kancane kwekaBeck. Ayinasinyathelo esinokuhlolwa okusebenzayo futhi ishintsha amagama amathokheni ukuze asetshenziswe. Izimfihlo zenqolobane yangaphambili, ngendlela, zidinga ukugcwaliswa ngokwehlukana.

Ukusethwa kwesayithi

Ingenisa ithrafikhi nge-Nginx

Hhayi-ke, sesifike ekugcineni. Kusele kuphela ukulungisa ukufakwa kommeleli kwethrafikhi engenayo nephumayo esitsheni sethu nge-Nginx. Sesiyifakile le nqubo esinyathelweni sesi-5 sokusethwa kwe-Docker Registry. Okufanayo kufanele kuphindwe ezingxenyeni ezingemuva nangaphambili ezindaweni ze-dev ne-prod.

Ngizohlinzeka ngezithombe-skrini zezilungiselelo.

Emuva emuva

Frontend

Ukucaciswa okubalulekile. Wonke ama-URL azokwenziwa ummeleli esiqukathi esingaphambili, ngaphandle kwalawo aqala ngawo /api/ - zizofakwa kwisitsha esingemuva (ngakho esitsheni esingemuva, zonke izibambi kufanele ziqale ngazo /api/).

Imiphumela

Manje isayithi lethu kufanele litholakale ku-helloworld.ru naku-dev.helloworld.ru (prod- and dev-environments, ngokulandelana).

Sekukonke, sifunde ukulungisa uhlelo lokusebenza olulula ku-Flask ne-Angular futhi simise ipayipi ku-Github Actions ukuze siyikhiphele kuseva esebenzisa i-Plesk.

Ngizophinda izixhumanisi zamakhosombe ngekhodi: ingemuva, ingaphambili.

Source: www.habr.com