Esikhathini esingeside esidlule bengidinga ukubhala izincwadi zokudlala ezimbalwa ze-Ansible ukuze ngilungiselele iseva ukuze kusetshenziswe uhlelo lwe-Rails. Futhi, ngokumangalisayo, angizange ngithole incwadi elula yesinyathelo ngesinyathelo. Ngangingafuni ukukopisha incwadi yokudlala yomunye umuntu ngaphandle kokuqonda ukuthi kwenzekani, futhi ekugcineni kwadingeka ngifunde imibhalo, ngiqoqe yonke into mina. Mhlawumbe ngingasiza othile ukusheshisa le nqubo ngosizo lwalesi sihloko.
Into yokuqala okufanele uyiqonde ukuthi i-ansible ikunikeza isixhumi esibonakalayo esikahle sokwenza uhlu oluchazwe ngaphambilini lwezenzo kumaseva akude nge-SSH. Awukho umlingo lapha, awukwazi ukufaka i-plugin futhi uthole ukukhishwa kwe-zero downtime kohlelo lwakho lokusebenza nge-docker, ukuqapha nezinye izinto ngaphandle kwebhokisi. Ukuze ubhale incwadi yokudlala, kufanele wazi ukuthi yini ngempela ofuna ukuyenza nokuthi uyenze kanjani. Kungakho ngingenelisekile ngezincwadi zokudlala ezenziwe ngomumo ezivela ku-GitHub, noma izindatshana ezifana nokuthi: “Kopisha bese uqalisa, zizosebenza.”
Yini esiyidingayo?
Njengoba ngike ngasho, ukuze ubhale incwadi yokudlala udinga ukwazi ukuthi yini ofuna ukuyenza nokuthi uyenze kanjani. Ake sinqume ukuthi yini esiyidingayo. Ngohlelo lwe-Rails sizodinga amaphakheji wesistimu amaningana: nginx, postgresql (redis, njll). Ngaphezu kwalokho, sidinga inguqulo ethile ye-ruby. Kungcono ukuyifaka nge-rbenv (rvm, asdf...). Ukusebenzisa konke lokhu njengomsebenzisi wempande kuhlala kuwumbono omubi, ngakho-ke udinga ukudala umsebenzisi ohlukile futhi ulungiselele amalungelo akhe. Ngemuva kwalokhu, udinga ukulayisha ikhodi yethu kuseva, ukopishe izilungiselelo ze-nginx, ama-postgres, njll bese uqala zonke lezi zinsizakalo.
Ngenxa yalokho, ukulandelana kwezenzo kungokulandelayo:
- Ngena ngemvume njengempande
- faka amaphakheji wesistimu
- dala umsebenzisi omusha, lungiselela amalungelo, ukhiye we-ssh
- lungisa amaphakheji wesistimu (nginx njll) futhi uwasebenzise
- Sakha umsebenzisi kusizindalwazi (ungakha ngokushesha isizindalwazi)
- Ngena ngemvume njengomsebenzisi omusha
- Faka i-rbenv ne-ruby
- Ifaka inqwaba
- Ilayisha ikhodi yohlelo lokusebenza
- Kwethulwa iseva yePuma
Ngaphezu kwalokho, izigaba zokugcina zingenziwa kusetshenziswa i-capistrano, okungenani ngaphandle kwebhokisi ingakopisha ikhodi ibe yimibhalo yokukhishwa, shintsha ukukhululwa nge-symlink lapho kuthunyelwa ngempumelelo, ukukopisha okulungiselelwe kusuka kumkhombandlela okwabiwe, qala kabusha i-puma, njll. Konke lokhu kungenziwa ngokusebenzisa i-Ansible, kodwa ngani?
Isakhiwo sefayela
I-Ansible iqinile kuwo wonke amafayela akho, ngakho-ke kungcono ukuwagcina ohlwini oluhlukile. Ngaphezu kwalokho, akubalulekile kangako ukuthi kuzoba ku-rails application ngokwayo, noma ngokwehlukana. Ungagcina amafayela endaweni ehlukile ye-git. Ngokwami, ngithole kulula kakhulu ukwenza uhla lwemibhalo olunengqondo ku-/config directory yohlelo lokusebenza lwe-rails futhi ngigcine yonke into endaweni eyodwa.
I-Playbook elula
I-Playbook iyifayela le-yml, kusetshenziswa i-syntax ekhethekile, echaza ukuthi yini okufanele yenziwe futhi kanjani. Masidale ibhuku lokudlala lokuqala elingenzi lutho:
---
- name: Simple playbook
hosts: allLapha simane sithi incwadi yethu yokudlala ibizwa Simple Playbook nokuthi okuqukethwe kuyo kufanele kwenziwe kubo bonke ababungazi. Singayigcina kuhla lwemibhalo/esifanele ngegama playbook.yml bese uzama ukugijima:
ansible-playbook ./playbook.yml
PLAY [Simple Playbook] ************************************************************************************************************************************
skipping: no hosts matchedU-Ansible uthi akazi noma ibaphi abasingathi abafana nohlu lonke. Kufanele zifakwe ohlwini olukhethekile .
Masiyidale kuhla lwemibhalo olufanayo:
123.123.123.123Yile ndlela esimane sicacise ngayo umsingathi (okungcono umsingathi we-VPS yethu ukuze ahlolwe, noma ungabhalisa umphathi wendawo) futhi uyigcine ngaphansi kwegama. inventory.
Ungazama ukusebenzisa i-ansible ngefayela le-invetory:
ansible-playbook ./playbook.yml -i inventory
PLAY [Simple Playbook] ************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************
PLAY RECAP ************************************************************************************************************************************Uma unokufinyelela kwe-ssh kumsingathi oshiwo, i-ansible izoxhuma futhi iqoqe ulwazi mayelana nesistimu yesilawuli kude. (UMSEBENZI ozenzakalelayo [Ukuqoqa Amaqiniso]) ngemva kwalokho izonikeza umbiko omfushane ngokusebenza (PLAY RECAP).
Ngokuzenzakalelayo, uxhumano lisebenzisa igama lomsebenzisi ongene ngalo ohlelweni. Cishe ngeke ibe kumsingathi. Efayelini le-playbook, ungacacisa ukuthi yimuphi umsebenzisi ongamsebenzisa ukuze uxhume usebenzisa i-remote_user Directive. Futhi, ulwazi olumayelana nesistimu ekude ngokuvamile lungase lungadingeki kuwe futhi akufanele uchithe isikhathi ngokuluqoqa. Lo msebenzi ungaphinda ukhutshazwe:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: noZama ukusebenzisa i-playbook futhi uqinisekise ukuthi uxhumano luyasebenza. (Uma ucacise umsebenzisi oyimpande, kuzomele futhi ucacise ukuthi iba: isiqondiso esiyiqiniso ukuze uthole amalungelo aphakeme. Njengoba kulotshiwe embhalweni: become set to ‘true’/’yes’ to activate privilege escalation. nakuba kungacaci kahle ukuthi kungani).
Mhlawumbe uzothola iphutha elibangelwa ukuthi i-ansible ayikwazi ukucacisa umhumushi we-Python, khona-ke ungayicacisa ngesandla:
ansible_python_interpreter: /usr/bin/python3 Ungathola lapho une-python ngomyalo whereis python.
Ifaka amaphakheji esistimu
Ukusabalalisa okujwayelekile kwe-Ansible kufaka phakathi amamojula amaningi okusebenza namaphakheji esistimu ahlukahlukene, ngakho-ke asikho isidingo sokuthi sibhale imibhalo ye-bash nganoma yisiphi isizathu. Manje sidinga eyodwa yalawa mamojula ukuze sibuyekeze isistimu futhi sifake amaphakheji esistimu. Ngino-Ubuntu Linux ku-VPS yami, ngakho-ke ukufaka amaphakheji engiwasebenzisayo apt-get и . Uma usebenzisa isistimu yokusebenza ehlukile, khona-ke ungase udinge imodyuli ehlukile (khumbula, ngishilo ekuqaleni ukuthi sidinga ukwazi kusengaphambili ukuthi sizokwenzani futhi kanjani). Nokho, i-syntax cishe izofana.
Ake sengeze incwadi yethu yokudlala ngemisebenzi yokuqala:
---
- name: Simple playbook
hosts: all
remote_user: root
become: true
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: presentUmsebenzi iwona kanye umsebenzi i-Ansible ezowenza kumaseva akude. Sinikeza umsebenzi igama ukuze sikwazi ukulandelela ukwenziwa kwawo kulogi. Futhi sichaza, sisebenzisa i-syntax yemojula ethile, lokho okudingeka ikwenze. Esimweni esinjalo apt: update_cache=yes - uthi ukuvuselela amaphakheji wesistimu usebenzisa i-apt module. Umyalo wesibili uyinkimbinkimbi kancane. Sidlulisela uhlu lwamaphakheji kumojula efanelekile futhi sithi anjalo state kufanele abe present, okungukuthi, sithi faka la maphakheji. Ngendlela efanayo, singabatshela ukuthi bazisuse, noma bazibuyekeze ngokumane bashintshe state. Sicela uqaphele ukuthi ukuze ama-rails asebenze ne-postgresql sidinga iphakheji ye-postgresql-contrib, esiyifaka manje. Futhi, udinga ukwazi futhi wenze lokhu; ukuzenzela ngokwakho ngeke kukwenze lokhu.
Zama ukusebenzisa i-playbook futhi uhlole ukuthi amaphakheji afakiwe.
Idala abasebenzisi abasha.
Ukuze usebenze nabasebenzisi, i-Ansible nayo inemojula - umsebenzisi. Ake sengeze omunye umsebenzi (ngifihle izingxenye ezaziwayo zebhuku lokudlala ngemuva kwamazwana ukuze ngingazikopishi ngokuphelele ngaso sonke isikhathi):
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: my_user
shell: /bin/bash
password: "{{ 123qweasd | password_hash('sha512') }}"Sakha umsebenzisi omusha, sisethela isheli nephasiwedi. Bese sibhekana nezinkinga eziningana. Kuthiwani uma amagama omsebenzisi edinga ukuhluka kubasingathi abahlukahlukene? Futhi ukugcina iphasiwedi embhalweni ocacile encwadini yokudlala kuwumbono omubi kakhulu. Okokuqala, ake sibeke igama lomsebenzisi nephasiwedi ezintweni eziguquguqukayo, futhi ngasekupheleni kwe-athikili ngizobonisa indlela yokubethela iphasiwedi.
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"Okuguquguqukayo kusethwe ezincwadini zokudlala kusetshenziswa izikaki ezigoqeke kabili.
Sizokhombisa amanani okuguquguqukayo kufayela lokusungula:
123.123.123.123
[all:vars]
user=my_user
user_password=123qweasdSicela uqaphele isiqondiso [all:vars] - ithi ibhulokhi elandelayo yombhalo iguquguqukayo (vars) futhi iyasebenza kubo bonke ababungazi (bonke).
Umklamo nawo uyathakazelisa "{{ user_password | password_hash('sha512') }}". Into ukuthi i-ansible ayifaki umsebenzisi nge user_add njengoba ubuzokwenza mathupha. Futhi igcina yonke idatha ngokuqondile, yingakho kufanele futhi siguqule iphasiwedi ibe i-hash kusengaphambili, yilokho okwenziwa yilo myalo.
Ake sengeze umsebenzisi wethu eqenjini le-sudo. Nokho, ngaphambi kwalokhu kudingeka siqinisekise ukuthi iqembu elinjalo likhona ngoba akekho ozosenzela lokhu:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"Yonke into ilula impela, futhi sinemojula yeqembu yokudala amaqembu, ene-syntax efana kakhulu ne-apt. Bese kwanele ukubhalisa leli qembu kumsebenzisi (groups: "sudo").
Kuyasiza futhi ukwengeza ukhiye we-ssh kulo msebenzisi ukuze sikwazi ukungena siwusebenzisa ngaphandle kwephasiwedi:
---
- name: Simple playbook
# ...
tasks:
# ...
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentKulokhu, ukuklama kuyathakazelisa "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" — ikopisha okuqukethwe kwefayela le-id_rsa.pub (igama lakho lingase lehluke), okungukuthi, ingxenye yomphakathi yokhiye we-ssh futhi iyilayishe ohlwini lokhiye abagunyaziwe bomsebenzisi kuseva.
Izindima
Yomithathu imisebenzi yokudala ukusetshenziswa ingahlukaniswa kalula ibe yiqembu elilodwa lemisebenzi, futhi kungaba umqondo omuhle ukugcina leli qembu lihlukene nebhuku lokudlala eliyinhloko ukuze lingakhuli libe likhulu kakhulu. Ngale njongo, i-Ansible ine .
Ngokwesakhiwo sefayela esikhonjiswe ekuqaleni, izindima kufanele zibekwe ohlwini lwezindima ezihlukene, indima ngayinye kunohlu lwemibhalo oluhlukile olunegama elifanayo, ngaphakathi kwemisebenzi, amafayela, izifanekiso, njll.
Masidale isakhiwo sefayela: ./ansible/roles/user/tasks/main.yml (okuyinhloko yifayela eliyinhloko elizolayishwa futhi lenziwe lapho indima ixhunywa encwadini yokudlala; amanye amafayela endima angaxhunywa kuyo). Manje usungakwazi ukudlulisela yonke imisebenzi ehlobene nomsebenzisi kuleli fayela:
# Create user and add him to groups
- name: Ensure a 'sudo' group
group:
name: sudo
state: present
- name: Add a new user
user:
name: "{{ user }}"
shell: /bin/bash
password: "{{ user_password | password_hash('sha512') }}"
groups: "sudo"
- name: Deploy SSH Key
authorized_key:
user: "{{ user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: presentEncwadini yokudlala eyinhloko, kufanele ucacise ukuze usebenzise indima yomsebenzisi:
---
- name: Simple playbook
hosts: all
remote_user: root
gather_facts: no
tasks:
- name: Update system
apt: update_cache=yes
- name: Install system dependencies
apt:
name: git,nginx,redis,postgresql,postgresql-contrib
state: present
roles:
- userFuthi, kungase kube nengqondo ukubuyekeza isistimu ngaphambi kwayo yonke eminye imisebenzi; ukwenza lokhu, ungaqamba kabusha ibhulokhi tasks lapho zichazwa khona pre_tasks.
Isetha i-nginx
Kufanele sesivele sine-Nginx efakiwe; sidinga ukuyilungisa futhi siyiqhube. Asikwenze ngokushesha endimeni. Masidale isakhiwo sefayela:
- ansible
- roles
- nginx
- files
- tasks
- main.yml
- templatesManje sidinga amafayela nezifanekiso. Umehluko phakathi kwabo ukuthi i-ansible ikopisha amafayela ngokuqondile, njengoba kunjalo. Futhi izifanekiso kufanele zibe nesandiso se-j2 futhi zingasebenzisa amanani aguquguqukayo zisebenzisa izikaki ezigoqekile ezimbili ezifanayo.
Masivule i-nginx main.yml ifayela. Kulokhu sinemojula ye-systemd:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yesLapha asisho nje ukuthi i-nginx kumele iqalwe (okungukuthi, siyethula), kodwa sisho ngokushesha ukuthi kufanele inikwe amandla.
Manje ake sikopishe amafayela okumisa:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'Sakha ifayela eliyinhloko lokucushwa kwe-nginx (ungalithatha ngokuqondile kuseva, noma uzibhalele ngokwakho). Futhi nefayela lokucushwa lohlelo lwethu lokusebenza ku-site_available directory (lokhu akudingekile kodwa kuwusizo). Esimweni sokuqala, sisebenzisa imojula yokukopisha ukukopisha amafayela (ifayela kufanele libe ngaphakathi /ansible/roles/nginx/files/nginx.conf). Kwesibili, sikopisha ithempulethi, sishintsha amanani wezinto eziguquguqukayo. Isifanekiso kufanele sibe phakathi /ansible/roles/nginx/templates/my_app.j2). Futhi kungase kubukeke kanje:
upstream {{ app_name }} {
server unix:{{ app_path }}/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name {{ server_name }} {{ inventory_hostname }};
root {{ app_path }}/current/public;
try_files $uri/index.html $uri.html $uri @{{ app_name }};
....
}Naka okufakwayo {{ app_name }}, {{ app_path }}, {{ server_name }}, {{ inventory_hostname }} - lezi zonke izinto eziguquguqukayo amanani azo okuthi Ansible azongena esikhundleni sesifanekiso ngaphambi kokukopisha. Lokhu kuyasiza uma usebenzisa ibhuku lokudlala lamaqembu ahlukene ababungazi. Isibonelo, singangeza ifayela lethu lokusungula:
[production]
123.123.123.123
[staging]
231.231.231.231
[all:vars]
user=my_user
user_password=123qweasd
[production:vars]
server_name=production
app_path=/home/www/my_app
app_name=my_app
[staging:vars]
server_name=staging
app_path=/home/www/my_stage
app_name=my_stage_appUma manje sethula incwadi yethu yokudlala, izokwenza imisebenzi eshiwo kubo bobabili abasingathi. Kodwa ngesikhathi esifanayo, kumsingathi wesiteji, okuguquguqukayo kuzohluka kulokho okukhiqizwayo, futhi hhayi kuphela ezindimeni nasezincwadini zokudlala, kodwa naku-nginx configs. {{ inventory_hostname }} akudingi ukucaciswa kufayela lokusungula - lokhu kanye nomsingathi ibhuku lokudlala elisebenzelayo okwamanje ligcinwa lapho.
Uma ufuna ukuba nefayela lokusungula lababungazi abambalwa, kodwa ugijimele iqembu elilodwa kuphela, lokhu kungenziwa ngomyalo olandelayo:
ansible-playbook -i inventory ./playbook.yml -l "staging"Enye inketho iwukuba namafayela e-inventory ahlukene amaqembu ahlukene. Noma ungahlanganisa lezi zindlela ezimbili uma unababungazi abaningi abahlukene.
Ake sibuyele emuva ekusetheni nginx. Ngemva kokukopisha amafayela okumisa, sidinga ukudala i-symlink ku-site_enabled to my_app.conf kusuka kumasayithi_available. Bese uqala kabusha i-nginx.
... # old code in mail.yml
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restartedKonke kulula lapha - futhi amamojula anengqondo ane-syntax ejwayelekile. Kodwa kukhona iphuzu elilodwa. Asikho iphuzu ekuqaliseni kabusha i-nginx ngaso sonke isikhathi. Uke waqaphela ukuthi asibhali imiyalo efana nokuthi: “yenza kanjena”, i-syntax ibukeka njengokuthi “lokhu kufanele kube nalesi simo”. Futhi ngokuvamile lokhu kuyindlela enengqondo esebenza ngayo. Uma iqembu selivele likhona, noma iphakheji yesistimu isivele ifakiwe, khona-ke i-ansible izohlola lokhu futhi yeqe umsebenzi. Futhi, amafayela ngeke akopishwe uma efanelana ngokuphelele nalokho osekuvele kuseva. Singasebenzisa leli thuba futhi siqale kabusha i-nginx kuphela uma amafayela okumisa eshintshiwe. Kukhona umyalelo werejista walokhu:
# Copy nginx configs and start it
- name: enable service nginx and start
systemd:
name: nginx
state: started
enabled: yes
- name: Copy the nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
register: restart_nginx
- name: Copy template my_app.conf
template:
src: my_app_conf.j2
dest: /etc/nginx/sites-available/my_app.conf
owner: root
group: root
mode: '0644'
register: restart_nginx
- name: Create symlink to sites-enabled
file:
src: /etc/nginx/sites-available/my_app.conf
dest: /etc/nginx/sites-enabled/my_app.conf
state: link
- name: restart nginx
service:
name: nginx
state: restarted
when: restart_nginx.changedUma ifayela elilodwa lokucushwa lishintsha, ikhophi izokwenziwa futhi okuguquguqukayo kuzobhaliswa restart_nginx. Futhi kuphela uma lokhu okuguquguqukayo kubhalisiwe lapho isevisi izoqalwa kabusha.
Futhi, kunjalo, udinga ukwengeza indima ye-nginx encwadini yokudlala eyinhloko.
Ukusetha i-postgresql
Sidinga ukunika amandla i-postgresql sisebenzisa i-systemd ngendlela efanayo njengoba senza nge-nginx, futhi siphinde sidale umsebenzisi esizomsebenzisa ukufinyelela kusizindalwazi kanye nesizindalwazi uqobo.
Ake sakhe indima /ansible/roles/postgresql/tasks/main.yml:
# Create user in postgresql
- name: enable postgresql and start
systemd:
name: postgresql
state: started
enabled: yes
- name: Create database user
become_user: postgres
postgresql_user:
name: "{{ db_user }}"
password: "{{ db_password }}"
role_attr_flags: SUPERUSER
- name: Create database
become_user: postgres
postgresql_db:
name: "{{ db_name }}"
encoding: UTF-8
owner: "{{ db_user }}"Ngeke ngichaze indlela yokwengeza okuguquguqukayo ku-inventory, lokhu sekuvele kwenziwa izikhathi eziningi, kanye ne-syntax yamamojula we-postgresql_db kanye ne-postgresql_user. Ulwazi olwengeziwe lungatholakala kumadokhumenti. Isiqondiso esithakazelisa kakhulu lapha sithi become_user: postgres. Iqiniso liwukuthi ngokuzenzakalelayo, umsebenzisi we-postgres kuphela onokufinyelela ku-postgresql database futhi endaweni kuphela. Lo myalelo usivumela ukuthi sikhiphe imiyalo egameni lalo msebenzisi (uma sinokufinyelela, kunjalo).
Futhi, kungase kudingeke wengeze umugqa kokuthi pg_hba.conf ukuze uvumele ukufinyelela komsebenzisi omusha kusizindalwazi. Lokhu kungenziwa ngendlela efanayo njengoba sishintshe ukucushwa kwe-nginx.
Futhi-ke, udinga ukwengeza indima ye-postgresql kubhuku lokudlala eliyinhloko.
Ukufaka i-ruby nge-rbenv
I-Ansible ayinawo amamojula okusebenza nge-rbenv, kodwa ifakwe ngokuhlanganisa inqolobane ye-git. Ngakho-ke, le nkinga iba ngengajwayelekile kakhulu. Asimakhele indima /ansible/roles/ruby_rbenv/main.yml futhi ake siqale ukuyigcwalisa:
# Install rbenv and ruby
- name: Install rbenv
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/rbenv.git dest=~/.rbenvSiphinde sisebenzisa i-be_user Directive ukuze sisebenze ngaphansi komsebenzisi esimdalele lezi zinhloso. Njengoba i-rbenv ifakwe ohlwini lwayo lwasekhaya, hhayi emhlabeni jikelele. Futhi sisebenzisa imojula ye-git ukuhlanganisa indawo yokugcina, ecacisa i-repo ne-dest.
Okulandelayo, sidinga ukubhalisa i-rbenv init ku-bashrc futhi sengeze i-rbenv ku-PATH lapho. Kulokhu sinemodule ye-lineinfile:
- name: Add rbenv to PATH
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'export PATH="${HOME}/.rbenv/bin:${PATH}"'
- name: Add rbenv init to bashrc
become_user: "{{ user }}"
lineinfile:
path: ~/.bashrc
state: present
line: 'eval "$(rbenv init -)"'Ngemuva kwalokho udinga ukufaka i-ruby_build:
- name: Install ruby-build
become_user: "{{ user }}"
git: repo=https://github.com/rbenv/ruby-build.git dest=~/.rbenv/plugins/ruby-buildFuthi ekugcineni ufake i-ruby. Lokhu kwenziwa nge-rbenv, okungukuthi, ngomyalo we-bash:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
rbenv install {{ ruby_version }}
args:
executable: /bin/bashSisho ukuthi yimuphi umyalo okufanele siwenze futhi ngani. Kodwa-ke, lapha sithola iqiniso lokuthi i-ansible ayisebenzisi ikhodi equkethwe ku-bashrc ngaphambi kokusebenzisa imiyalo. Lokhu kusho ukuthi i-rbenv kuzodingeka ichazwe ngokuqondile kuskripthi esifanayo.
Inkinga elandelayo ingenxa yokuthi umyalo wegobolondo awunaso isimo ngokubuka okunengqondo. Okusho ukuthi, ngeke kube khona ukuhlola okuzenzakalelayo ukuthi le nguqulo ye-ruby ifakiwe noma cha. Lokhu singakwenza ngokwethu:
- name: Install ruby
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
if ! rbenv versions | grep -q {{ ruby_version }}
then rbenv install {{ ruby_version }} && rbenv global {{ ruby_version }}
fi
args:
executable: /bin/bashOkusele nje ukufaka inqwaba:
- name: Install bundler
become_user: "{{ user }}"
shell: |
export PATH="${HOME}/.rbenv/bin:${PATH}"
eval "$(rbenv init -)"
gem install bundlerFuthi, engeza indima yethu i-ruby_rbenv encwadini yokudlala eyinhloko.
Amafayela abiwe.
Ngokuvamile, ukusetha kungase kuqedelwe lapha. Okulandelayo, konke okusele ukusebenzisa i-capistrano futhi izokopisha ikhodi ngokwayo, idale izinkomba ezidingekayo futhi iqalise uhlelo lokusebenza (uma konke kulungiselelwe kahle). Kodwa-ke, i-capistrano ivame ukudinga amafayela angeziwe wokumisa, njenge database.yml noma .env Angakopishwa njengamafayela nezifanekiso ze-nginx. Kunye kuphela ubuqili. Ngaphambi kokukopisha amafayela, udinga ukuwadalela uhlaka lwemibhalo, into efana nale:
# Copy shared files for deploy
- name: Ensure shared dir
become_user: "{{ user }}"
file:
path: "{{ app_path }}/shared/config"
state: directorysicacisa uhla lwemibhalo olulodwa kuphela futhi ansible azodala ngokuzenzakalela awomzali uma kunesidingo.
I-Ansible Vault
Sesivele sahlangana neqiniso lokuthi okuhlukile kungaqukatha idatha eyimfihlo njengephasiwedi yomsebenzisi. Uma udale .env ifayela lesicelo, kanye database.yml khona-ke kufanele kube nedatha ebaluleke kakhulu. Kungaba kuhle ukuwafihla emehlweni okubuka. Ngale njongo isetshenziswa .
Masidale ifayela lezinto eziguquguqukayo /ansible/vars/all.yml (lapha ungakha amafayela ahlukene wamaqembu ahlukene ababungazi, njengakufayela le-inventory: production.yml, staging.yml, njll).
Zonke izinto eziguquguqukayo okufanele zibethelwe kufanele zidluliselwe kuleli fayela kusetshenziswa i-syntax ye-yml evamile:
# System vars
user_password: 123qweasd
db_password: 123qweasd
# ENV vars
aws_access_key_id: xxxxx
aws_secret_access_key: xxxxxx
aws_bucket: bucket_name
rails_secret_key_base: very_secret_key_baseNgemva kwalokho leli fayela lingabethelwa ngomyalo:
ansible-vault encrypt ./vars/all.ymlNgokwemvelo, lapho ubhala ngekhodi, uzodinga ukusetha iphasiwedi ukuze ibhalwe phansi. Ungabona okuzoba ngaphakathi kwefayela ngemva kokubiza lo myalo.
Ngosizo luka ansible-vault decrypt ifayela lingasuswa ukubethela, lilungiswe bese libethelwa futhi.
Awudingi ukususa ukubethela kwefayela ukuze usebenze. Uyigcina ibethelwe bese uqhuba ibhuku lokudlala ngokuphikisana --ask-vault-pass. I-Ansible izocela iphasiwedi, ibuyise okuguquguqukayo, futhi yenze imisebenzi. Yonke idatha izohlala ibethelwe.
Umyalo ophelele wamaqembu amaningana wababungazi kanye ne-vault enengqondo uzobukeka kanjena:
ansible-playbook -i inventory ./playbook.yml -l "staging" --ask-vault-passKodwa ngeke ngikunike umbhalo ogcwele wezincwadi zokudlala nezindima, zibhale ngokwakho. Ngoba i-ansible injalo - uma ungaqondi ukuthi yini okufanele yenziwe, ngeke ikwenzele yona.
Source: www.habr.com