O
O
okkkman2020-11-12 15:27:11
PHP
okkkman, 2020-11-12 15:27:11

How to properly deploy?

Good afternoon.

Interested in a few questions regarding the correct deployment.

I have a Yii2 project raised and developed locally on Docker.
At the same time, all changes are pushed to the repository on GitLab.
It's time to publish it on the server, but synchronize the code with def. a branch on GitLab with the launch of console commands for migrations.

Before setting up .gitlab-ci.yml, you need to prepare the environment:

1. Docker : I only have docker-compose for dev development so far, I need to understand what it should be like for prod:

  • Need to be removed from prod volumes? Including for composer cache?
  • What network should be in prod?
  • Environments migrate from .env file? Or even store secret keys in GitLab?
  • restart: always for each container? Or can there be problems when setting up a seamless deployment?


2. Database
  • Does the database need a separate server with a VPN tunnel setup so that access to it is only for the deployment server and def. IP?
  • If so, is it possible to raise the database in Docker? Too lazy to configure MySQL manually. Or will there be problems with the VPN tunnel due to the Docker layer?


3. Other
  • What is the best way to deploy? Raise GitLab runner on a deploy server or copy via SSH?
  • Are there any nuances in setting up nginx configs for prod?


Any advice on preparing the project for deployment would be very helpful! I want to do everything right

. Thank you in advance!

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Arthur K., 2020-11-19
@okkkman

Hi.
Let's go out of order.
The first is the database
Why is it placed on a separate server? This is done, as a rule, when the original server does not pull due to a large number of requests to the database. Are you in this situation now? Yes - move to a separate server. No - leave the servers alone.
VPN - also leave alone. If you need to move the database to a separate server, then sometimes it makes sense to close the external server and leave only the VPN.
Docker - docker on sale? Do you have such a serious resource that you need to raise several VDS per day and you need a docker? When you can still understand the docker on the local - convenience and without garbage. But on sale? Or do you have extra money/resources?
It seems that docker should also be left only on the local and alone.
Secret keys - this should never be stored in a repository at all. Sometimes you can use a compromise - encrypted files. But here you can not be at rest and you should check everything several times.
a minute of entertaining theory:
How does deployment work? (example from life in very general terms for understanding the concept)
The developer sends a push to the git. After that, git throws a notification to the CI&CD service.
The CI&CD service starts its process according to the protocol described in the started thread (service config).
Usually, the order of actions in the CI&CD service is as follows:
- the container with the OS is raised
- the repo is deployed in the container
- all dependencies are pulled up, the environment is configured, the base with seeds is raised.
– migrations are rolled in
– tests are run
Next, the deployment script is launched:
– the repo is uploaded to the server, for example, using rsync or another tool (in this place we use encrypted private keys to access the destination server)
– the update routine is started on the server (for example, roll migrations, update configs, restart services)
At the end, a notification about the status comes. For example, in slack.
Everyone is happy, the developer celebrates the success (or eliminates the results of unsuccessful tests).
PS If you're having these questions, then it looks like you're not a DevOps'or before.
And this is not a subject for resentment or insult, but, on the contrary, a subject for reflection on the complexity of decisions. Now it seems that you want to shoot yourself in the knee, and with a shotgun.

V
Vladimir Dementiev, 2020-11-19
@SayMAN83

1. > What network should be in prod?
Working on support in one bank (TOP10), each environment (test / preprod / PROD) was in different subnets isolated from each other. The environment implied a connected circuit - front-bus-backend-DB in the same subnet.
Other banks did not bother with subnets. Also, in a large company where I now work, there is also no isolation between systems.
2.1 Why do you need a VPN and all this crap?
2.2 DB in docker... In my opinion, so-so solution. Though looking at that for a DB and what on it loading. We have a product database in general as a separate infrastructure and RAM overdocher servers there.
3. For "deploy", consider the option with artifacts in gitlab. At least that's what I did on my project. I build on one server, and deploy on another. Thus it is not necessary to be engaged in an onanism with copying between servers.

X
xiaklizrum, 2020-11-20
@xiaklizrum

Deployment option from PHP author: https://codeascraft.com/2013/07/01/atomic-deploys-...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question