-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0e326bb
commit a881ea2
Showing
7 changed files
with
72 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,36 +4,56 @@ | |
- [X] Задание со * | ||
|
||
## В процессе сделано: | ||
- Созданы две ВМ. Одна с внутренним. Одна с внешним и внутренним IP - пограничный сервер. | ||
- Проработаны несколько вариантов подключения через proxy по SSH | ||
- Проработан метод создания алиасов для SSH. | ||
- Проработана подключение по SSH keys. | ||
- Развёрнут по инструкции OpenVPN с надстройкой pritunl. Настроено использование с let's encrypt и сервисом sslip.io. | ||
- Развёрнуто приложение на виртуальной машине в GCP. | ||
- Добавлено вручную правило для разрешения входящего трафика на сервера с определённым тегом. | ||
- Написаны скрипты для развёртывания приложения. | ||
- Скрипты объединены в один и приложение развёрнуто одним скриптом. | ||
- Скрипт добавлен в качестве файла в команду создание ВМ gcloud. | ||
- Скрипт добавлен в качестве ссылки на файл в бакете. Бакет сделан публичным. | ||
- Добавлено из консоли gcloud правило для разрешения входящего трафика на сервера с определённым тегом. | ||
|
||
## Подключение к someinternalhost в одну команду. Три способа. | ||
- ssh -o ProxyCommand="ssh -i ~/.ssh/appuser [email protected] nc %h %p" [email protected] | ||
- ssh -o ProxyCommand="ssh -W %h:%p -i ~/.ssh/appuser [email protected]" [email protected] | ||
- ssh -tt -i ~/.ssh/appuser -A [email protected] ssh -tt 10.156.0.2 | ||
## Команда для создания виртуальной машины с скриптом развёртывания приложения в виде локального файла. | ||
``` | ||
gcloud compute instances create reddit-app\ | ||
--boot-disk-size=10GB \ | ||
--image-family ubuntu-1604-lts \ | ||
--image-project=ubuntu-os-cloud \ | ||
--machine-type=g1-small \ | ||
--tags puma-server \ | ||
--restart-on-failure \ | ||
--metadata-from-file startup-script=startup_script.sh | ||
``` | ||
|
||
## Команда для создания виртуальной машины с скриптом развёртывания приложения в видессылки на файл в бакете. | ||
``` | ||
gcloud compute instances create reddit-app\ | ||
--boot-disk-size=10GB \ | ||
--image-family ubuntu-1604-lts \ | ||
--image-project=ubuntu-os-cloud \ | ||
--machine-type=g1-small \ | ||
--tags puma-server \ | ||
--restart-on-failure \ | ||
--metadata startup-script-url=https://storage.googleapis.com/reddit-app/startup_script.sh | ||
``` | ||
|
||
## Вариант решения для подключения командой ssh someinternalhost. | ||
Добавить Host в файл config в директории .ssh. | ||
## Команда для создания правила фаерволла из консоли gcloud | ||
``` | ||
Host someinternalhost | ||
HostName 10.156.0.2 | ||
User appuser | ||
IdentitiesOnly yes | ||
IdentityFile ~/.ssh/appuser | ||
ProxyCommand ssh -i ~/.ssh/appuser [email protected] nc %h %p | ||
gcloud compute firewall-rules create default-puma-server \ | ||
--action allow \ | ||
--direction ingress \ | ||
--rules tcp:9292 \ | ||
--source-ranges 0.0.0.0/0 \ | ||
--target-tags puma-server | ||
``` | ||
|
||
## Данные для подключения | ||
``` | ||
bastion_IP = 35.187.10.59 | ||
someinternalhost_IP = 10.156.0.2 | ||
testapp_IP = 35.205.139.96 | ||
testapp_port = 9292 | ||
``` | ||
|
||
## Как проверить работоспособность: | ||
- Перейти по ссылке https://35.187.10.59.sslip.io | ||
- Перейти по ссылке https://35.205.139.96:9292 | ||
|
||
## PR checklist | ||
- [X] Выставил label с номером домашнего задания | ||
|
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/bash | ||
git clone -b monolith https://github.com/express42/reddit.git | ||
cd reddit && bundle install | ||
puma -d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
#!/bin/bash | ||
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927 | ||
echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" | sudo tee -a /etc/apt/sources.list.d/mongodb-org-3.2.list | ||
sudo apt update | ||
sudo apt install -y mongodb-org | ||
sudo systemctl start mongod | ||
sudo systemctl enable mongod |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#!/bin/bash | ||
sudo apt update | ||
sudo apt install -y ruby-full ruby-bundler build-essential |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
#!/bin/bash | ||
|
||
#ruby | ||
sudo apt update | ||
sudo apt install -y ruby-full ruby-bundler build-essential | ||
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927 | ||
|
||
#mongo | ||
echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" | sudo tee -a /etc/apt/sources.list.d/mongodb-org-3.2.list | ||
sudo apt update | ||
sudo apt install -y mongodb-org | ||
sudo systemctl start mongod | ||
sudo systemctl enable mongod | ||
|
||
#app | ||
git clone -b monolith https://github.com/express42/reddit.git | ||
cd reddit && bundle install | ||
puma -d |