syoul/prestashop-test
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: Registrator + healthcheck Consul, suppression token Consul
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source 
- Ajout SERVICE_80_CHECK_HTTP=/ : Consul valide le service via GET /
  -> service healthy dans Consul -> Fabio route automatiquement le trafic
- SERVICE_80_TAGS sans guillemets + /* pour le glob matcher Fabio
- Suppression token Consul, enregistrement manuel et KV Fabio de la pipeline
  -> Registrator + Consul catalog suffisent (approche native sonic)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
syoul
2026-03-17 22:38:57 +01:00
parent becb1b4666
commit 7688e95964
2 changed files with 10 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
.woodpecker.yml
View File

@@ -32,12 +32,11 @@ steps:
- 'grep -q "^\.env$" .gitignore || (echo "ERREUR: .env manquant dans .gitignore" && exit 1)' - 'grep -q "^\.env$" .gitignore || (echo "ERREUR: .env manquant dans .gitignore" && exit 1)'
- echo "Verifications de securite OK" - echo "Verifications de securite OK"
# Etape 3a : Ecriture du .env et du token Consul depuis les secrets # Etape 3a : Ecriture du .env depuis les secrets
# NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep # NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep
- name: write-env - name: write-env
image: alpine:3.20 image: alpine:3.20
environment: environment:
TEST_STATIC: hello-world
PS_DOMAIN: PS_DOMAIN:
from_secret: ps_domain from_secret: ps_domain
PS_ADMIN_FOLDER: PS_ADMIN_FOLDER:
@@ -50,19 +49,14 @@ steps:
from_secret: db_root_password from_secret: db_root_password
DB_PASSWORD: DB_PASSWORD:
from_secret: db_password from_secret: db_password
CONSUL_TOKEN:
from_secret: consul_token
commands: commands:
- env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy - env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy
- echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)" - echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)"
- env | grep '^CONSUL_TOKEN=' | cut -d= -f2- > .consul_token
# Etape 3b : Deploiement sur sonic via Docker socket # Etape 3b : Deploiement sur sonic via Docker socket
# Le token Consul est lu depuis .consul_token (ecrit par write-env) car # Modele pipeline sonic : deploy Docker Compose + cert TLS (acme.sh)
# volumes + from_secret = secrets vides (bug Woodpecker next) # Registrator enregistre automatiquement le container dans Consul via les labels SERVICE_*
# # Consul valide le service via SERVICE_80_CHECK_HTTP -> Fabio route le trafic automatiquement
# Modele pipeline sonic : cette etape est generique pour tout service deploye sur sonic.
# Elle gere : deploy Docker Compose + cert TLS (acme.sh) + Consul + Fabio KV
- name: deploy - name: deploy
image: docker:27-cli image: docker:27-cli
volumes: volumes:
@@ -76,16 +70,13 @@ steps:
- cd /opt/prestashop && docker compose up -d --remove-orphans - cd /opt/prestashop && docker compose up -d --remove-orphans
- cd /opt/prestashop && docker compose ps - cd /opt/prestashop && docker compose ps
- | - |
CONTAINER_IP=$(docker inspect prestashop --format '{{.NetworkSettings.Networks.sonic.IPAddress}}')
DOMAIN=$(grep '^PS_DOMAIN=' /opt/prestashop/.env | cut -d= -f2) DOMAIN=$(grep '^PS_DOMAIN=' /opt/prestashop/.env | cut -d= -f2)
CTOK=$(cat $CI_WORKSPACE/.consul_token)
# --- Certificat TLS (acme.sh via sonic-acme-1) --- # --- Certificat TLS (acme.sh via sonic-acme-1) ---
# acme.sh est idempotent : skip si cert valide, renouvelle si proche expiration # acme.sh est idempotent : skip si cert valide, renouvelle si proche expiration
# Exit 0 = emis/renouvele, exit 2 = skip (domaine inchange), autres = erreur # Exit 0 = emis/renouvele, exit 2 = skip (domaine inchange), autres = erreur
# --home /etc/acme.sh = volume persistant sonic_acme (sinon /root/.acme.sh non persiste) # --home /etc/acme.sh = volume persistant sonic_acme (sinon /root/.acme.sh non persiste)
# ; ACME_EXIT=$? ne fonctionne pas avec set -e (shell quitte si exit != 0 avant la capture) # || ACME_EXIT=$? capture le code sans declencher set -e (contrairement a ; ACME_EXIT=$?)
# || ACME_EXIT=$? capture le code sans declencher set -e
ACME_EXIT=0 ACME_EXIT=0
docker exec sonic-acme-1 /app/acme.sh \ docker exec sonic-acme-1 /app/acme.sh \
--home /etc/acme.sh \ --home /etc/acme.sh \
@@ -101,17 +92,6 @@ steps:
docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/$DOMAIN.key /host/certs/$DOMAIN-key.pem docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/$DOMAIN.key /host/certs/$DOMAIN-key.pem
echo "Cert TLS: /host/certs/$DOMAIN-cert.pem OK (acme exit $ACME_EXIT)" echo "Cert TLS: /host/certs/$DOMAIN-cert.pem OK (acme exit $ACME_EXIT)"
# --- Enregistrement Consul ---
docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul services register \
-address "$CONTAINER_IP" -port 80 -name prestashop -tag "urlprefix-$DOMAIN/"
echo "Consul: prestashop -> $CONTAINER_IP:80 urlprefix-$DOMAIN/"
# --- Routes Fabio KV (HTTP + HTTPS) ---
# /* requis avec le glob matcher de Fabio : sans *, seul / exact matche (les sous-chemins tombent sur le catch-all nginx)
ROUTES=$(printf 'route add prestashop %s/* http://%s:80/\nroute add prestashop %s:443/* http://%s:80/' "$DOMAIN" "$CONTAINER_IP" "$DOMAIN" "$CONTAINER_IP")
docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul kv put fabio/config "$ROUTES"
echo "Fabio KV: routes HTTP+HTTPS $DOMAIN -> $CONTAINER_IP:80"
# Etape 4 : Configuration post-deploiement (SSL, cache) # Etape 4 : Configuration post-deploiement (SSL, cache)
# Attend la fin de l'installation PrestaShop (ps_configuration initialisee), # Attend la fin de l'installation PrestaShop (ps_configuration initialisee),
# puis active SSL dans la DB (PrestaShop genere des URLs https:// grace a X-Forwarded-Proto:https de Fabio) # puis active SSL dans la DB (PrestaShop genere des URLs https:// grace a X-Forwarded-Proto:https de Fabio)

7
docker-compose.yml
View File

@@ -24,10 +24,13 @@ services:
- ps_data:/var/www/html - ps_data:/var/www/html
labels: labels:
# Registrator lit l'IP du conteneur depuis le reseau "sonic" (-useIpFromNetwork sonic) # Registrator lit l'IP du conteneur depuis le reseau "sonic" (-useIpFromNetwork sonic)
# et enregistre le service dans Consul -> Fabio route presta.syoul.fr vers cette IP # et enregistre le service dans Consul avec le tag urlprefix- -> Fabio route vers ce service
SERVICE_NAME: "prestashop" SERVICE_NAME: "prestashop"
SERVICE_80_NAME: "prestashop" SERVICE_80_NAME: "prestashop"
SERVICE_80_TAGS: "urlprefix-${PS_DOMAIN}/" SERVICE_80_TAGS: urlprefix-${PS_DOMAIN}/*
# Consul healthcheck HTTP : Consul requete GET / sur le port 80 du container
# Le service doit etre healthy dans Consul pour que Fabio accepte d'y router le trafic
SERVICE_80_CHECK_HTTP: /
# sonic-acme-1 (acme-companion) emet le cert TLS et le copie dans /host/certs/ # sonic-acme-1 (acme-companion) emet le cert TLS et le copie dans /host/certs/
# Fabio le detecte automatiquement par SNI pour HTTPS # Fabio le detecte automatiquement par SNI pour HTTPS
LETSENCRYPT_HOST: "${PS_DOMAIN}" LETSENCRYPT_HOST: "${PS_DOMAIN}"