AWS Elastic Beanstalk 使用 PHP 和私有 Composer 存储库
在 PHP 环境中使用 Amazon AWS Elastic Beanstalk 进行部署时,如何利用私有 Composer 存储库?具体使用GitHub(问答式,答案如下)
How do I utilize private composer repositories when deploying with Amazon AWS Elastic Beanstalk in a PHP environment? Specifically using GitHub (Q & A style, answer following)
推荐答案
我们需要为通过 AWS 的 Elastic Beanstalk (EB) 部署的 PHP 项目之一使用私有库.这个私有库托管在 GitHub 上,尽管类似的 git 托管(您自己的服务器、BitBucket 等)可能具有类似的身份验证,并且可以使用此解决方案进行部署.
We needed to use a private library for one of our PHP projects we were deploying via AWS's Elastic Beanstalk (EB). This private library is hosted on GitHub, although similar git hosting (your own server, BitBucket, etc.) probably has similar authentication and could use this solution for deployment.
我们使用 SSH 凭据 来访问私有 git 存储库.由于我们使用的是 GitHub,因此我们使用了 GitHub 的 Deploy Keys (https:///help.github.com/articles/managing-deploy-keys#deploy-keys)这些密钥允许对特定存储库进行只读访问,这非常适合我们的需求.评估满足您需求的最佳解决方案,GitHub 列出了每种方法的优缺点.
We used SSH credentials to get at the private git repository. Since we are using GitHub, we used GitHub's Deploy Keys (https://help.github.com/articles/managing-deploy-keys#deploy-keys) These keys allow read only access to a specific repository, which is perfect for our needs. Evaluate the best solution for your needs, GitHub has great pros and cons listed for each method.
我们选择的解决方案将部署密钥嵌入到存储库中.这有点安全漏洞.我们正在使用(理想情况下)安全服务器处理所有私人存储库,但这仍然存在一些安全风险.
Our chosen solution embeds the deploy key in with the repository. This is a bit of a security hole. We are dealing with all private repos, with (ideally) secure servers, but this still is a bit of a security risk.
所有这一切最终都给使用 Elastic Beanstalk 部署 PHP 堆栈的方式带来了一些麻烦,composer.json 过早地自动运行,并且密钥事先没有到位.我们找到了解决方法.
All of this ended up being a bit of a hassle with the way the PHP stack is deployed with Elastic Beanstalk, composer.json was getting auto-run too early and the keys weren't in place beforehand. We found a workaround.
这假设您已经进行了部署设置,但只是停留在部署密钥上.我们使用 AWS 提供的 eb cli 工具(eb init、eb branch、eb start 等)来启动和运行,以及 git hooks、git aws.push 来部署.
This assumes you already have your deployment setup, but are just stuck at deploying keys. We used the eb cli tools provided by AWS (eb init, eb branch, eb start, etc.) to get things up and going, as well as the git hooks, git aws.push to deploy.
一旦我们有了部署密钥,我们就可以使用 SSH 地址将我们的库添加到我们的 composer.json 文件中:
Once we have our Deploy Keys, we can add our library to our composer.json file using the SSH address:
{
...
"require": {
"repository/project": ">=1.0.0"
},
...
"repositories": [
{
"type": "git",
"url": "git@github.com:repository/project.git"
}
]
}
配置您的 .gitignore,以便将 composer.lock 文件提交到您的存储库以及供应商文件夹中,但不包含它的内容:
Configure your .gitignore so the composer.lock file is committed and in your repository as well as the vendor folder without it's contents:
[remove composer.lock from file if it exists]
vendor/*
我们更喜欢将 composer.lock 文件保留在存储库中,因为它会锁定测试中使用的版本.当我们转移到生产环境时,我们确保应用程序使用我们测试过的相同库运行.需要供应商文件夹来欺骗 EB 使其不自动运行 composer.phar 安装过程.我们需要它等到 ssh 密钥到位.
We prefer keeping the composer.lock file in the repository anyway as it locks in the version used in testing. When we move to a production environment we ensure the application is running with the same libraries we tested against. The vendor folder is required to trick EB into not auto-running the composer.phar install process. We need it to wait until we have the ssh keys in place.
设置密钥:我找不到关联密钥并通过脚本接受 github.com 作为 known_host 的好方法.我最终通过 SSH 连接到一半部署了软件的 EB 托管服务器,将 id_rsa 和 id_rsa.pub 密钥文件添加到 ~root/.ssh/(记住 400 个权限!)然后尝试 ssh -T git@github.com
(如 github 建议的那样)这将提示接受主机并向 ~root/.ssh/known_hosts 文件添加一个条目.将此文件的内容复制到您正在处理项目的位置.
Setting up the keys: I couldn't find a good way to affiliate the key and accept github.com as a known_host via scripting. I ended up SSHing to the EB managed server with the software half deployed, added the id_rsa and id_rsa.pub key files to the ~root/.ssh/ (with 400 perms remember!) then trying ssh -T git@github.com
(as github recommends) This will prompt to accept the host and add an entry to the ~root/.ssh/known_hosts file. Copy the contents of this file to where you are working on the project.
我们正在 .ebextensions/ 文件夹中创建所有设置脚本,以配置 Linux 服务器以进行部署.在预部署阶段之后,此文件夹已从服务器中删除(据我所知).我们正在使用 PHP 5.5 64 位 Amazon AMI 解决方案.将 id_rsa 和 id_rsa.pub 键移动到新的 .ebextensions 文件夹中.还将一个名为 known_hosts 的文件添加到包含我们之前提供的 known_hosts 内容的文件夹中.现在我们已经有了我们需要的 3 个文件,我们需要创建一个最终部署指令文件:01-github-deploy-keys.config(随意命名文件)
We are creating all of the setup scripts in the .ebextensions/ folder to configure the Linux server for deployment. This folder is removed (from what I can tell) from the server after pre deployment stage. We are using the PHP 5.5 64bit Amazon AMI solution. Move the id_rsa and id_rsa.pub keys into the the new .ebextensions folder. Also add a file called known_hosts to the folder with the known_hosts contents we provided earlier. Now that we have the 3 files we need, we need to create a final deployment instruction file: 01-github-deploy-keys.config (name the file however you like)
container_commands:
11-move-priv-key:
command: "mv ~root/.ssh/id_rsa ~root/.ssh/id_rsa.bak; cp .ebextensions/id_rsa ~root/.ssh/id_rsa; chmod 400 ~root/.ssh/id_rsa;"
12-move-pub-key:
command: "mv ~root/.ssh/id_rsa.pub ~root/.ssh/id_rsa.pub.bak; cp .ebextensions/id_rsa.pub ~root/.ssh/id_rsa.pub; chmod 400 ~root/.ssh/id_rsa.pub;"
12-known-hosts:
command: "mv ~root/.ssh/known_hosts ~root/.ssh/known_hosts.bak; cp .ebextensions/known_hosts ~root/.ssh/known_hosts; chmod 644 ~root/.ssh/known_hosts;"
20-install-composer:
command: "./composer.phar install;"
记住 YAML 文件使用 4 个空格,而不是制表符!请参阅 AWS 文档了解这些 container_commands 如何工作:http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#customize-containers-format-commands 它们将在从存储库中提取文件后运行.container_commands"部分中的这些命令具有您项目的工作目录,因此首选本地路径.
Remember YAML files uses 4 spaces, not tabs! See the AWS documentation for how these container_commands work: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#customize-containers-format-commands They will run after the files are pulled from the repository. These commands in "container_commands" section have a working directory of your project, so local paths are preferred.
添加所有这些文件都需要添加并提交到存储库.运行 git aws.push 进行部署.
Add all of these files need to be added and committed to the repository. Run your git aws.push to deploy.
为了正确测试设置,您需要从 EB 解决方案堆栈中删除服务器并重新添加它.我只是进入 EC2 控制面板并找到该项目的托管服务器并终止它.EB 会自动为您创建一个新的,并在准备好后将其附加.仔细检查您的日志,特别是 /var/log/cfn-init.log 部分.此时最好通过安全组关闭对服务器的 SSH 访问.我相信 EB 将登录限制为通过 SSH 登录,但只是为了确保您可能希望通过防火墙/安全组一起禁用 SSH 访问.您不需要将 ssh 放入单独的框进行配置,因为它们应该被视为易变的.
In order to test the setup properly you will need to remove the server from the EB solution stack and re-add it. I just go into the EC2 control panel and find the managed server for this project and terminate it. EB will automatically create a new one for you and attach it once it is ready. Double check your logs, specifically the /var/log/cfn-init.log section. It is probably best to turn off SSH access to the servers via security group at this point. I believe EB restricts logins to root over SSH but just to be sure you may want to disable SSH access all together via firewall/security groups. You shouldn't need to ssh into individual boxes for configuration as they should be seen as volatile.
这是一个问答环节A 在 2014-02-20,请发表任何评论或修复.
This was written as a Q & A on 2014-02-20, please post any comments or fixes.
谢谢,- 赛斯
相关文章