sample

July 15, 2020

部署之前確認事項

  • 若是安裝 stage or uat 機器 請先安裝 stage (host-stage)
  • 請確認版本是否存在Build docker image
  • 若是新部署,請參考前置動作Pre-action
  • Ansible 本機安裝方式 – install and updateUsage example
  • Ansible for jenkins – install and updateJenkins

Pre-action

增加新機器,增加 ip 白名單

不同環境的 GCP

  • Production56379 gcp
  • UAT-env20080 gcp26379 gcp (only for uat)

如何大量新增機器連結如下

有關網宿機器

Inventory

網宿 (需要跳板機連線)

  • hosts

Mlytics

  • hosts-stage
  • hosts-uat

Jenkins

http://cmdb.mlytics.co:8083/job/waver

Build

http://cmdb.mlytics.co:8083/job/waver/job/build-waver-image

uat

http://cmdb.mlytics.co:8083/job/waver/job/uat-waver

stage

http://cmdb.mlytics.co:8083/job/waver/job/stage-waver

Build docker images

登入 jenkins 如下網址;

http://cmdb.mlytics.co:8083/job/waver/job/build-waver-image/

輸入 Build with Parameters → version v2.xx.xx

部署完會確認是否上傳成功

Usage example

Note:請注意指定 hosts 部分,若是網宿是屬於 hosts,是不用 -i 來指定 hosts,若是 mlytics 是屬於 hosts-stage and hosts-uat 是要用 -i 來指定 hosts-stage or hosts-uat

Mlytics

Install for stage

ansible-playbook -i hosts-stage deploy-install.yml -e "host=xxxxxx version=v2.11.27 env=prod"

Install for uat

ansible-playbook -i hosts-uat deploy-install.yml -e "host=xxxxxx version=v2.11.27 env=uat"

Note:全新安裝需要先裝 stage 再裝 uat

Update for stage

ansible-playbook -i hosts-stage deploy-update.yml -e "host=xxxxxx version=v2.11.27 env=prod"

Update for uat

ansible-playbook -i hosts-uat deploy-update.yml -e "host=xxxxxx version=v2.11.27 env=uat"

網宿

Install

ansible-playbook deploy-install.yml -e "host=xxxxxx version=v2.11.27 env=prod"

update

ansible-playbook deploy-update.yml -e "host=xxxxxx version=v2.11.27 env=prod"

Other

Webhook

只要編輯完 gitea 之後,會同步更新 139.224.15.200 下

  • /root/prod_waver

webhook 存放目徑

  • /opt/webhook_deploy
$ sudo docker ps 
CONTAINER ID        IMAGE                                           COMMAND                  CREATED             STATUS              PORTS                              NAMES
14f329f76519        webhook_deploy_app                              "docker-php-entrypoi…"   2 weeks ago         Up 2 weeks          9000/tcp, 0.0.0.0:8081->2015/tcp   webhook_deploy_app_1

設定相關設定如下: Webhook

Zabbix

zabbix hosts api

ansible-playbook deploy-zabbix-api.yml -e "host=xxxxxx"

Standalone

install task and roles

ansible-playbook deploy-tasks.yml -e "host=xxx"
ansible-playbook deploy-role.yml -e "host=xxx"

Ansible adhoc command example

Add root authority and check waver version for uat

ansible -i hosts-uat uat  -m shell -e ansible_become=yes -a 'sudo docker ps --filter name=waver'

Iptables rules command

show iptables number

iptables -L --line-numbers

Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     all  --  anywhere             anywhere
2    DROP       all  --  127.0.0.0/8          anywhere
3    DROP       all  --  anywhere             anywhere             state INVALID
4    DROP       tcp  --  anywhere             anywhere             tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
5    DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
6    DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN/FIN,SYN
7    DROP       tcp  --  anywhere             anywhere             tcp flags:SYN,RST/SYN,RST
8    DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,RST/FIN,RST
9    DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,ACK/FIN
10   DROP       tcp  --  anywhere             anywhere             tcp flags:ACK,URG/URG
11   DROP       tcp  --  anywhere             anywhere             tcp flags:PSH,ACK/PSH
12   DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
13   DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
14   DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
15   DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
16   ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
17   ACCEPT     icmp --  47.52.237.32         anywhere             icmp echo-request limit: avg 1/sec burst 5 state NEW
18   ACCEPT     tcp  --  47.52.237.32         anywhere             tcp dpt:20022 flags:FIN,SYN,RST,ACK/SYN state NEW
19   ACCEPT     tcp  --  47.52.237.32         anywhere             tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN state NEW
20   ACCEPT     tcp  --  ec2-54-169-156-33.ap-southeast-1.compute.amazonaws.com  anywhere             tcp dpt:20022 flags:FIN,SYN,RST,ACK/SYN state NEW
21   ACCEPT     tcp  --  47.52.237.32         anywhere             tcp dpt:zabbix-agent flags:FIN,SYN,RST,ACK/SYN state NEW
22   ACCEPT     icmp --  139.224.15.200       anywhere             icmp echo-request limit: avg 1/sec burst 5 state NEW
23   ACCEPT     tcp  --  139.224.15.200       anywhere             tcp dpt:20022 flags:FIN,SYN,RST,ACK/SYN state NEW
24   ACCEPT     tcp  --  139.224.15.200       anywhere             tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN state NEW

insert 21 rules

/sbin/iptables -I INPUT 20 -p tcp --dport 20022 -s 54.169.156.33 --syn -m state --state NEW -j ACCEPT