使用PHP与Private Composer存储库的AWS Elastic Beanstalk [英] AWS Elastic Beanstalk using PHP with Private Composer Repositories

问题描述

如何在PHP环境中使用Amazon AWS Elastic Beanstalk部署时使用私人编辑器存储库？具体使用GitHub（Q& A style，answer following）

How do I utilize private composer repositories when deploying with Amazon AWS Elastic Beanstalk in a PHP environment? Specifically using GitHub (Q & A style, answer following)

推荐答案

我们需要使用私有库我们通过AWS的Elastic Beanstalk（EB）部署的项目。这个私人库托管在GitHub上，虽然类似的git托管（你自己的服务器，BitBucket等）可能有类似的身份验证，可以使用这个解决方案进行部署。

We needed to use a private library for one of our PHP projects we were deploying via AWS's Elastic Beanstalk (EB). This private library is hosted on GitHub, although similar git hosting (your own server, BitBucket, etc.) probably has similar authentication and could use this solution for deployment.

我们使用 SSH凭据访问私人git存储库。由于我们使用的是GitHub，因此我们使用 GitHub的部署密钥（ https：/ /help.github.com/articles/managing-deploy-keys#deploy-keys ）这些密钥允许只读访问特定的存储库，这对我们的需求是完美的。根据您的需求评估最佳解决方案，GitHub为每种方法列出了很好的优点和缺点。

We used SSH credentials to get at the private git repository. Since we are using GitHub, we used GitHub's Deploy Keys (https://help.github.com/articles/managing-deploy-keys#deploy-keys) These keys allow read only access to a specific repository, which is perfect for our needs. Evaluate the best solution for your needs, GitHub has great pros and cons listed for each method.

我们选择的解决方案将部署密钥嵌入到存储库中。这是一个安全漏洞。我们正在处理所有的私有回购，安装（理想情况下）安全的服务器，但这仍然是一个安全风险。

Our chosen solution embeds the deploy key in with the repository. This is a bit of a security hole. We are dealing with all private repos, with (ideally) secure servers, but this still is a bit of a security risk.

所有这一切都是一点点使用Elastic Beanstalk部署PHP堆栈的方式的麻烦，composer.json得到自动运行太早，并且密钥没有预先就位。我们找到了一个解决方法。

All of this ended up being a bit of a hassle with the way the PHP stack is deployed with Elastic Beanstalk, composer.json was getting auto-run too early and the keys weren't in place beforehand. We found a workaround.

这假设您已经部署了部署设置，但只是部署密钥。我们使用AWS提供的eb cli工具（eb init，eb branch，eb start等）来完成和运行Git钩子，git aws.push来部署。

This assumes you already have your deployment setup, but are just stuck at deploying keys. We used the eb cli tools provided by AWS (eb init, eb branch, eb start, etc.) to get things up and going, as well as the git hooks, git aws.push to deploy.

一旦我们使用了部署密钥，我们就可以使用SSH地址将我们的库添加到 composer.json 文件中：

Once we have our Deploy Keys, we can add our library to our composer.json file using the SSH address:

{
...
"require": {
        "repository/project": ">=1.0.0"
},
...
"repositories": [
    {
        "type": "git",
        "url":  "git@github.com:repository/project.git"
    }
]
}

配置 .gitignore ，以便提交composer.lock文件，并在您的存储库以及没有其内容的供应商文件夹中：

Configure your .gitignore so the composer.lock file is committed and in your repository as well as the vendor folder without it's contents:

[remove composer.lock from file if it exists]
vendor/*

我们更喜欢保持composer.lock文件在仓库中，因为它锁定在测试中使用的版本。当我们转移到生产环境时，我们确保应用程序正在使用我们测试的相同库来运行。需要vendor文件夹来使EB进入不自动运行composer.phar安装过程。我们需要等待，直到我们有ssh键到位。

We prefer keeping the composer.lock file in the repository anyway as it locks in the version used in testing. When we move to a production environment we ensure the application is running with the same libraries we tested against. The vendor folder is required to trick EB into not auto-running the composer.phar install process. We need it to wait until we have the ssh keys in place.

设置键：我找不到一个好的方法来联盟键和接受github。 com作为known_host通过脚本。我结束了SSH部署到EB管理服务器与软件一半部署，添加了id_rsa和id_rsa.pub密钥文件到〜root / .ssh /（400永久记住！）然后尝试 ssh -T git@github.com （作为github recommends）这将提示接受主机并向〜root / .ssh / known_hosts文件添加一个条目。

Setting up the keys: I couldn't find a good way to affiliate the key and accept github.com as a known_host via scripting. I ended up SSHing to the EB managed server with the software half deployed, added the id_rsa and id_rsa.pub key files to the ~root/.ssh/ (with 400 perms remember!) then trying ssh -T git@github.com (as github recommends) This will prompt to accept the host and add an entry to the ~root/.ssh/known_hosts file. Copy the contents of this file to where you are working on the project.

我们正在 .ebextensions / 中创建所有设置脚本，文件夹以配置Linux服务器进行部署。在预部署阶段后，该文件夹从服务器中删除（从我可以告诉）。我们使用PHP 5.5 64位Amazon AMI解决方案。将id_rsa和id_rsa.pub键移动到新的.ebextensions文件夹中。还要将一个名为 known_hosts 的文件添加到我们之前提供的known_hosts内容的文件夹中。现在我们有了我们需要的3个文件，我们需要创建最终部署指令文件：01-github-deploy-keys.config（根据您的喜好命名文件）

We are creating all of the setup scripts in the .ebextensions/ folder to configure the Linux server for deployment. This folder is removed (from what I can tell) from the server after pre deployment stage. We are using the PHP 5.5 64bit Amazon AMI solution. Move the id_rsa and id_rsa.pub keys into the the new .ebextensions folder. Also add a file called known_hosts to the folder with the known_hosts contents we provided earlier. Now that we have the 3 files we need, we need to create a final deployment instruction file: 01-github-deploy-keys.config (name the file however you like)

container_commands:
    11-move-priv-key:
        command: "mv ~root/.ssh/id_rsa ~root/.ssh/id_rsa.bak; cp .ebextensions/id_rsa ~root/.ssh/id_rsa; chmod 400 ~root/.ssh/id_rsa;"
    12-move-pub-key:
        command: "mv ~root/.ssh/id_rsa.pub ~root/.ssh/id_rsa.pub.bak; cp .ebextensions/id_rsa.pub ~root/.ssh/id_rsa.pub; chmod 400 ~root/.ssh/id_rsa.pub;"
    12-known-hosts:
        command: "mv ~root/.ssh/known_hosts ~root/.ssh/known_hosts.bak; cp .ebextensions/known_hosts ~root/.ssh/known_hosts; chmod 644 ~root/.ssh/known_hosts;"
    20-install-composer:
        command: "./composer.phar install;"

记住YAML文件使用4个空格，有关这些container_commands如何工作，请参阅AWS文档： http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#customize-containers-format-commands 它们将在从存储库中提取文件后运行。

Remember YAML files uses 4 spaces, not tabs! See the AWS documentation for how these container_commands work: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#customize-containers-format-commands They will run after the files are pulled from the repository. These commands in "container_commands" section have a working directory of your project, so local paths are preferred.

添加所有这些文件需要被添加并提交到版本库中，这些命令在container_commands部分中有一个工作目录。运行您的git aws.push进行部署。

Add all of these files need to be added and committed to the repository. Run your git aws.push to deploy.

为了正确测试设置，您需要从EB解决方案堆栈中删除服务器并重新添加。我只是进入EC2控制面板，找到此项目的受管服务器并终止它。 EB将自动为您创建一个新的，并在准备好后将其附加。请仔细检查您的日志，特别是 /var/log/cfn-init.log 部分。此时最好关闭通过安全组对服务器的SSH访问。我相信EB通过SSH限制登录root，只是为了确保您可能想要通过防火墙/安全组禁用SSH访问。你不应该需要ssh到单个的配置盒，因为它们应该被视为挥发性。

In order to test the setup properly you will need to remove the server from the EB solution stack and re-add it. I just go into the EC2 control panel and find the managed server for this project and terminate it. EB will automatically create a new one for you and attach it once it is ready. Double check your logs, specifically the /var/log/cfn-init.log section. It is probably best to turn off SSH access to the servers via security group at this point. I believe EB restricts logins to root over SSH but just to be sure you may want to disable SSH access all together via firewall/security groups. You shouldn't need to ssh into individual boxes for configuration as they should be seen as volatile.

这是写为Q& A在2014-02-20，请发表任何意见或修复。

This was written as a Q & A on 2014-02-20, please post any comments or fixes.

谢谢， - Seth

Thanks, - Seth

这篇关于使用PHP与Private Composer存储库的AWS Elastic Beanstalk的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！