将 Rails 应用程序部署到多个环境
我正准备部署到真正的生产环境。当我说 true 时,我的意思是我当前的生产环境现在将被暂存,因为服务器上还有其他垃圾,并且我正在为实际的生产机器创建一个新的更大的切片。
capistrano-ext gem 使得分离部署配方变得非常容易。然而,我遇到的一个问题是将我的代码从一个切片转移到另一个切片。我在我的暂存切片上设置了一个 git 存储库,我将用于生产。流程将是:
本地开发 本地测试 从本地推送到阶段 舞台测试 从舞台推向生产 ...
因此,我显然需要一种方法来在登台和生产之间建立安全连接。部署到生产环境时,我收到“权限被拒绝(公钥)”。错误,因为没有设置。我怎样才能建立这个连接?我是否需要在生产服务器上生成密钥并将公众放在我的临时服务器上?我如何知道生产服务器上的哪个用户正在尝试连接到我的登台服务器?
I am getting ready to deploy to a true production environment. When I say true I mean that my current production environment will now be staging because there is other crap on the server and I am creating a new larger slice for what will actually be my production machine.
The capistrano-ext gem has made separating the deploy recipes quite easy. However, one issue I run into is getting my code from one slice to another. I have a git repo set up on my staging slice that I will be using for production. The flow will be:
Develop locally
Test locally
Push from local to stage
Test on stage
Push from stage to production
...
Therefore I obviously need a way to establish a secure connection between staging and production. When deploying to production, I get a "Permission denied (publickey)." error because this is not set up. How can I establish this connection? Do I need to generate keys on my production server and put the public on my staging? How do I know what user on my production server is trying to connect to my staging server?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
Branches 和 capistrano multistage 是您的朋友。
要解决生产无法访问 git 存储库的问题,请尝试...
...这通过在本地签出并推送 tar 球来部署。
Branches and capistrano multistage are your friends.
To solve the production not having access to the git repo issue, try…
…this deploys by checking out locally, and pushing a tar ball.
我发现使用 Capistrano 时,分支或版本标记可以更好地区分暂存与生产。
例如,为您的应用程序设置“暂存”和“生产”分支,并使用源代码控制工具来管理从一个分支到下一个分支的迁移。在部署过程中,只需像平常一样进行部署,但使用特定分支而不是主分支。
没有必要直接从登台升级到生产,事实上,这可能被认为是一个坏主意,因为任何有权访问登台计算机的人都可能有权访问生产服务器。在大多数环境中,临时服务器的处理方式比生产站点要随意得多,因此安全配置文件通常有很大不同。
I find that branching or version tagging works much better for differentiating staging vs. production when using Capistrano.
For example, set up a 'staging' and 'production' branch for your application and use your source control tools to manage migrating changes from one to the next. During deployment simply deploy as you usually would, but with a particular branch instead of the main one.
It's not necessary to promote directly from staging to production, and in fact, this may be considered a bad idea since anyone with access to the staging machine potentially has access to the production server. In most environments a staging server is treated much more casually than the production site, so the security profile is usually quite different.
是的。
Productionuser 将是您连接的任何用户(请参阅:user)。 staginguser 将来自 git url(请参阅:repository)。
当您使用
(这是默认设置)时,实际上会发生两个 ssh 连接。第一个是从本地计算机到生产环境,它使用配方中配置的“用户”。
第二个 ssh 连接是由该用户在生产时与您的 git 源建立的。因此,如果 git origin 处于暂存状态,生产用户将尝试连接回暂存以从 git 提取代码。
试试这个:以用户身份 ssh 到生产环境。然后手动运行失败的命令。您会看到“权限被拒绝”,并且可能会提示输入密码。将临时服务器用户的公钥添加到生产框中,事情应该会更好。
Yes.
The productionuser will be whatever user you connect with (see :user). The staginguser will be from the git url (see :repository).
When you use
(which is the default), two ssh connections are actually occurring. The first one is from your local machine to production, and it uses the 'user' as configured in your recipe.
The second ssh connection is made by that user, on production, to your git origin. So if git origin is on staging, the production user is trying to connect back to staging to pull code from git.
Try this: ssh to production as the user. Then run the failing command by hand. You'll see the "permission denied" and maybe a prompt for a password. Add the public key of the staging server user to the production box and things should work better.
还有:
<代码>
设置:网关,'临时服务器 IP'
这应该允许您一路通过隧道到达您的防火墙生产盒。但是,如果您从暂存进行部署,则需要在暂存盒上设置密钥(如果您打算以这种方式进行操作)。
顺便说一句,能够从您的家庭盒子中完成整个过程非常重要,登台实际上不需要有 capistrano gem,希望您可以完成整个过程而无需实际登录服务器。这包括登录到您的临时服务器。 :)
如果两者之间存在数据推送问题,可以轻松地将其添加到生产配置中,以便它自动从暂存和 rsync 获取数据。
There's also:
set :gateway, 'staging server ip'
which should allow you to tunnel all the way through to your firewalled production box. But if you're deploying from staging you need to set up keys on the staging box if you're going to go through it that way.
On a side note, it's important to be able to do this whole process from your home box, staging really shouldn't need to have a capistrano gem, the hope is that you can do the whole process without ever having to actually log into a server. That includes logging in to your staging server. :)
If there's an issue of data pushing between the two this could easily be added onto just the production config so that it automatically takes data from staging and rsync's it over.