Remove unnecessary Step
This commit is contained in:
parent
14b6eaeffa
commit
833448d4f5
1 changed files with 19 additions and 53 deletions
|
|
@ -739,41 +739,7 @@ exit
|
|||
- ✅ Unauthorized push is blocked
|
||||
- ✅ Web UI accessible at `https://YOUR_CI_CD_IP`
|
||||
|
||||
### Step 6: Set Up SSH for Production Communication
|
||||
|
||||
#### 6.1 Generate SSH Key Pair
|
||||
|
||||
**Important**: Run this command as the **CI_SERVICE_USER** (not root or CI_DEPLOY_USER). The CI_SERVICE_USER runs the CI pipeline and needs to SSH to the production server for automated deployments.
|
||||
|
||||
```bash
|
||||
ssh-keygen -t ed25519 -C "CI_SERVICE_USER" -f ~/.ssh/id_ed25519 -N ""
|
||||
```
|
||||
|
||||
**What this does**:
|
||||
- Creates an SSH key pair for secure communication between CI/CD and production servers
|
||||
- The CI_SERVICE_USER uses this key to SSH to the production server for automated deployments
|
||||
- The key is stored in the CI_SERVICE_USER's home directory for security
|
||||
|
||||
**Security Note**: The CI_SERVICE_USER runs the CI pipeline and performs deployments, so it needs direct SSH access to the production server. This provides a clean, direct execution path without user switching.
|
||||
|
||||
**Deployment Flow**: When the CI pipeline completes successfully, the CI_SERVICE_USER will automatically SSH to the production server (using this key) to pull the latest images from Harbor and deploy the application stack.
|
||||
|
||||
#### 6.2 Create SSH Config
|
||||
|
||||
```bash
|
||||
cat > ~/.ssh/config << 'EOF'
|
||||
Host production
|
||||
HostName YOUR_PRODUCTION_IP
|
||||
User PROD_SERVICE_USER
|
||||
IdentityFile ~/.ssh/id_ed25519
|
||||
StrictHostKeyChecking no
|
||||
UserKnownHostsFile /dev/null
|
||||
EOF
|
||||
|
||||
chmod 600 ~/.ssh/config
|
||||
```
|
||||
|
||||
### Step 7: Install Forgejo Actions Runner
|
||||
### Step 6: Install Forgejo Actions Runner
|
||||
|
||||
#### 7.1 Download Runner
|
||||
|
||||
|
|
@ -1012,7 +978,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
|
|||
- Check network: Ensure the runner can reach your Forgejo instance
|
||||
- Restart service: `sudo systemctl restart forgejo-runner.service`
|
||||
|
||||
### Step 8: Set Up Docker-in-Docker (DinD) for CI Operations
|
||||
### Step 7: Set Up Docker-in-Docker (DinD) for CI Operations
|
||||
|
||||
**Important**: This step sets up a Docker-in-Docker container that provides an isolated environment for CI/CD operations, eliminating resource contention with Harbor and simplifying cleanup.
|
||||
|
||||
|
|
@ -1180,7 +1146,7 @@ chmod +x scripts/monitor.sh
|
|||
|
||||
**Note**: The repository script is more comprehensive and includes proper error handling, colored output, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate monitoring information.
|
||||
|
||||
### Step 9: Configure Firewall
|
||||
### Step 8: Configure Firewall
|
||||
|
||||
```bash
|
||||
sudo ufw --force enable
|
||||
|
|
@ -1195,7 +1161,7 @@ sudo ufw allow 443/tcp # Harbor registry (public read access)
|
|||
- **SSH**: Restricted to your IP addresses
|
||||
- **All other ports**: Blocked
|
||||
|
||||
### Step 10: Test CI/CD Setup
|
||||
### Step 9: Test CI/CD Setup
|
||||
|
||||
#### 10.1 Test Docker Installation
|
||||
|
||||
|
|
@ -1233,7 +1199,7 @@ cat ~/.ssh/id_ed25519.pub
|
|||
|
||||
## Part 2: Production Linode Setup
|
||||
|
||||
### Step 11: Initial System Setup
|
||||
### Step 10: Initial System Setup
|
||||
|
||||
#### 11.1 Update the System
|
||||
|
||||
|
|
@ -1294,7 +1260,7 @@ sudo apt install -y \
|
|||
python3-certbot-nginx
|
||||
```
|
||||
|
||||
### Step 12: Create Users
|
||||
### Step 11: Create Users
|
||||
|
||||
#### 12.1 Create the PROD_SERVICE_USER User
|
||||
|
||||
|
|
@ -1330,7 +1296,7 @@ pwd
|
|||
exit
|
||||
```
|
||||
|
||||
### Step 13: Install Docker
|
||||
### Step 12: Install Docker
|
||||
|
||||
#### 13.1 Add Docker Repository
|
||||
|
||||
|
|
@ -1352,14 +1318,14 @@ sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
|||
sudo usermod -aG docker PROD_SERVICE_USER
|
||||
```
|
||||
|
||||
### Step 14: Install Docker Compose
|
||||
### Step 13: Install Docker Compose
|
||||
|
||||
```bash
|
||||
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
||||
sudo chmod +x /usr/local/bin/docker-compose
|
||||
```
|
||||
|
||||
### Step 15: Configure Security
|
||||
### Step 14: Configure Security
|
||||
|
||||
#### 15.1 Configure Firewall
|
||||
|
||||
|
|
@ -1381,7 +1347,7 @@ sudo systemctl enable fail2ban
|
|||
sudo systemctl start fail2ban
|
||||
```
|
||||
|
||||
### Step 16: Create Application Directory
|
||||
### Step 15: Create Application Directory
|
||||
|
||||
#### 16.1 Create Directory Structure
|
||||
|
||||
|
|
@ -1399,7 +1365,7 @@ sudo mkdir -p /opt/APP_NAME/nginx/ssl
|
|||
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl
|
||||
```
|
||||
|
||||
### Step 17: Clone Repository and Set Up Application Files
|
||||
### Step 16: Clone Repository and Set Up Application Files
|
||||
|
||||
#### 17.1 Switch to PROD_SERVICE_USER User
|
||||
|
||||
|
|
@ -1463,7 +1429,7 @@ sudo systemctl restart docker
|
|||
|
||||
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
|
||||
|
||||
### Step 18: Set Up SSH Key Authentication
|
||||
### Step 17: Set Up SSH Key Authentication
|
||||
|
||||
#### 18.1 Add CI/CD Public Key
|
||||
|
||||
|
|
@ -1489,7 +1455,7 @@ ssh production
|
|||
|
||||
**Expected output**: You should be able to SSH to the production server without a password prompt.
|
||||
|
||||
### Step 19: Set Up Forgejo Runner for Production Deployment
|
||||
### Step 18: Set Up Forgejo Runner for Production Deployment
|
||||
|
||||
**Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`.
|
||||
|
||||
|
|
@ -1635,7 +1601,7 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
|
|||
4. Waits for all services to be healthy
|
||||
5. Verifies the deployment was successful
|
||||
|
||||
### Step 20: Test Production Setup
|
||||
### Step 19: Test Production Setup
|
||||
|
||||
#### 20.1 Test Docker Installation
|
||||
|
||||
|
|
@ -1677,7 +1643,7 @@ curl http://localhost:3001/health
|
|||
|
||||
## Part 3: Final Configuration and Testing
|
||||
|
||||
### Step 21: Configure Forgejo Repository Secrets
|
||||
### Step 20: Configure Forgejo Repository Secrets
|
||||
|
||||
Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**:
|
||||
|
||||
|
|
@ -1695,7 +1661,7 @@ Go to your Forgejo repository and add these secrets in **Settings → Secrets an
|
|||
- `DOMAIN`: Your domain name (e.g., `example.com`)
|
||||
- `EMAIL`: Your email for SSL certificate notifications
|
||||
|
||||
### Step 22: Test Complete Pipeline
|
||||
### Step 21: Test Complete Pipeline
|
||||
|
||||
#### 22.1 Trigger a Test Build
|
||||
|
||||
|
|
@ -1755,7 +1721,7 @@ docker compose logs frontend
|
|||
3. **Database**: Verify database connections
|
||||
4. **Logs**: Check for any errors in application logs
|
||||
|
||||
### Step 23: Set Up SSL/TLS (Optional - Domain Users)
|
||||
### Step 22: Set Up SSL/TLS (Optional - Domain Users)
|
||||
|
||||
#### 23.1 Install SSL Certificate
|
||||
|
||||
|
|
@ -1781,7 +1747,7 @@ sudo crontab -e
|
|||
# 0 12 * * * /usr/bin/certbot renew --quiet
|
||||
```
|
||||
|
||||
### Step 24: Final Verification
|
||||
### Step 23: Final Verification
|
||||
|
||||
#### 24.1 Security Check
|
||||
|
||||
|
|
@ -1820,7 +1786,7 @@ cd /opt/APP_NAME
|
|||
./scripts/backup.sh
|
||||
```
|
||||
|
||||
### Step 25: Documentation and Maintenance
|
||||
### Step 24: Documentation and Maintenance
|
||||
|
||||
#### 25.1 Update Documentation
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue