使用PHP和私人作曲库AWS弹性魔豆 [英] AWS Elastic Beanstalk using PHP with Private Composer Repositories

问题描述

如何与Amazon AWS弹性魔豆在PHP环境中部署时，我利用私人作曲库？特别是使用GitHub的（Q＆安培;一种风格，回答以下）

How do I utilize private composer repositories when deploying with Amazon AWS Elastic Beanstalk in a PHP environment? Specifically using GitHub (Q & A style, answer following)

推荐答案

我们需要使用一个私人图书馆为我们的PHP项目，我们通过AWS的弹性魔豆（EB）的部署之一。这家私人图书馆托管在GitHub上，虽然类似Git托管（你自己的服务器，BitBucket上，等等）可能也有类似的认证，可以使用此解决方案的部署。

We needed to use a private library for one of our PHP projects we were deploying via AWS's Elastic Beanstalk (EB). This private library is hosted on GitHub, although similar git hosting (your own server, BitBucket, etc.) probably has similar authentication and could use this solution for deployment.

我们用 SSH信用凭证，以获得在私人Git仓库。由于我们使用GitHub的，我们用的 GitHub的部署按键（ https://help.github.com/articles/managing-deploy-keys#deploy-keys ）这些键允许只读访问特定的资源库，这是完美的满足我们的需要。评估您的需求的最佳解决方案，GitHub上列出了每种方法极大的优点和缺点。

We used SSH credentials to get at the private git repository. Since we are using GitHub, we used GitHub's Deploy Keys (https://help.github.com/articles/managing-deploy-keys#deploy-keys) These keys allow read only access to a specific repository, which is perfect for our needs. Evaluate the best solution for your needs, GitHub has great pros and cons listed for each method.

我们的选择的解决方案中嵌入的部署重点与资源库中。这是一个有点安全漏洞。我们正在处理的所有私人回购协议，与（理想）的安全服务器，但是这仍然是一个有点安全隐患。

Our chosen solution embeds the deploy key in with the repository. This is a bit of a security hole. We are dealing with all private repos, with (ideally) secure servers, but this still is a bit of a security risk.

这一切都结束了，未免有PHP的堆栈部署弹性青苗的方式是件麻烦事，composer.json渐渐自动运行太早，按键不到位事前。我们找到了一个解决办法。

All of this ended up being a bit of a hassle with the way the PHP stack is deployed with Elastic Beanstalk, composer.json was getting auto-run too early and the keys weren't in place beforehand. We found a workaround.

此假设你已经展开安装，但只是停留在部署钥匙。我们使用的AWS（EB初始化，EB分公司，EB启动等）提供的EB CLI工具把事情和准备，以及git的钩子，混帐aws.push部署。

This assumes you already have your deployment setup, but are just stuck at deploying keys. We used the eb cli tools provided by AWS (eb init, eb branch, eb start, etc.) to get things up and going, as well as the git hooks, git aws.push to deploy.

一旦我们有我们的部署按键，我们可以将我们的库添加到我们的 composer.json 使用SSH地址文件：

Once we have our Deploy Keys, we can add our library to our composer.json file using the SSH address:

{
...
"require": {
        "repository/project": ">=1.0.0"
},
...
"repositories": [
    {
        "type": "git",
        "url":  "git@github.com:repository/project.git"
    }
]
}

配置您的的.gitignore 所以composer.lock文件承诺，并在你的仓库，以及供应商的文件夹没有它的内容：

Configure your .gitignore so the composer.lock file is committed and in your repository as well as the vendor folder without it's contents:

[remove composer.lock from file if it exists]
vendor/*

我们preFER保持composer.lock文件中的库呢，因为它在测试中使用的版本锁定。当我们转移到生产环境中，我们确保应用程序与我们测试过的同一个库运行。供应商的文件夹是必需的欺骗EB成不自动运行composer.phar安装过程。我们需要它，等到我们有SSH密钥的地方。

We prefer keeping the composer.lock file in the repository anyway as it locks in the version used in testing. When we move to a production environment we ensure the application is running with the same libraries we tested against. The vendor folder is required to trick EB into not auto-running the composer.phar install process. We need it to wait until we have the ssh keys in place.

设置键：我无法找到一个好办法，分支机构的关键，并接受github.com为通过脚本一个known_host。我结束了ssh方式连接到EB管理服务器软件部署的一半，增加了id_rsa和id_rsa.pub密钥文件的〜根/的.ssh /（400烫发切记！），然后尝试 SSH -T git@github.com （如GitHub的建议），这将促使接受主机和一个条目添加到〜根/的.ssh / known_hosts文件。这个文件的内容复制到您正在从事的项目。

Setting up the keys: I couldn't find a good way to affiliate the key and accept github.com as a known_host via scripting. I ended up SSHing to the EB managed server with the software half deployed, added the id_rsa and id_rsa.pub key files to the ~root/.ssh/ (with 400 perms remember!) then trying ssh -T git@github.com (as github recommends) This will prompt to accept the host and add an entry to the ~root/.ssh/known_hosts file. Copy the contents of this file to where you are working on the project.

我们正在创建所有安装脚本在 .ebextensions / 文件夹来配置Linux服务器进行部署。此文件夹（从我可以告诉）从后pre部署阶段服务器上删除。我们使用的是PHP 5.5的64位亚马逊的AMI解决方案。移动id_rsa和id_rsa.pub键进入新.ebextensions文件夹。还添加了一个名为的known_hosts 与我们先前所提供的known_hosts中内容的文件夹。现在，我们有3个文件，我们需要的，我们需要创建最终的部署说明文件：01-github上部署-keys.config（你喜欢的命名文件）

We are creating all of the setup scripts in the .ebextensions/ folder to configure the Linux server for deployment. This folder is removed (from what I can tell) from the server after pre deployment stage. We are using the PHP 5.5 64bit Amazon AMI solution. Move the id_rsa and id_rsa.pub keys into the the new .ebextensions folder. Also add a file called known_hosts to the folder with the known_hosts contents we provided earlier. Now that we have the 3 files we need, we need to create a final deployment instruction file: 01-github-deploy-keys.config (name the file however you like)

container_commands:
    11-move-priv-key:
        command: "mv ~root/.ssh/id_rsa ~root/.ssh/id_rsa.bak; cp .ebextensions/id_rsa ~root/.ssh/id_rsa; chmod 400 ~root/.ssh/id_rsa;"
    12-move-pub-key:
        command: "mv ~root/.ssh/id_rsa.pub ~root/.ssh/id_rsa.pub.bak; cp .ebextensions/id_rsa.pub ~root/.ssh/id_rsa.pub; chmod 400 ~root/.ssh/id_rsa.pub;"
    12-known-hosts:
        command: "mv ~root/.ssh/known_hosts ~root/.ssh/known_hosts.bak; cp .ebextensions/known_hosts ~root/.ssh/known_hosts; chmod 644 ~root/.ssh/known_hosts;"
    20-install-composer:
        command: "./composer.phar install;"

记住YAML文件，使用4个空格，没有标签！请参阅AWS文档这些container_commands是如何工作的：<一href="http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#customize-containers-format-commands" rel="nofollow">http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#customize-containers-format-commands他们将运行后的文件是从仓库拉。在container_commands部分这些命令你的项目的工作目录，因此本地路径是preferred。

Remember YAML files uses 4 spaces, not tabs! See the AWS documentation for how these container_commands work: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#customize-containers-format-commands They will run after the files are pulled from the repository. These commands in "container_commands" section have a working directory of your project, so local paths are preferred.

添加所有这些文件需要添加并提交到存储库。运行你自己的Git aws.push部署。

Add all of these files need to be added and committed to the repository. Run your git aws.push to deploy.

为了测试设置正确，你将需要从EB解决方案堆栈中删除服务器并重新添加它。我刚进入EC2控制面板，找到管理服务器这个项目，并终止它。 EB会自动创建一个新的给你，并附上一次它已准备就绪。仔细检查你的日志，特别是在 /var/log/cfn-init.log 部分。这可能是最好关闭SSH访问服务器通过安全组在这一点上。我相信EB限制登录为root通过SSH，但只是要确定你可能想通过防火墙/安全组禁用SSH访问都在一起。你不应该需要ssh到配置单独的箱子，因为他们应该被视为不稳定。

In order to test the setup properly you will need to remove the server from the EB solution stack and re-add it. I just go into the EC2 control panel and find the managed server for this project and terminate it. EB will automatically create a new one for you and attach it once it is ready. Double check your logs, specifically the /var/log/cfn-init.log section. It is probably best to turn off SSH access to the servers via security group at this point. I believe EB restricts logins to root over SSH but just to be sure you may want to disable SSH access all together via firewall/security groups. You shouldn't need to ssh into individual boxes for configuration as they should be seen as volatile.

这是写成问答集A对二〇一四年二月二十日，请发表任何意见或修正。

This was written as a Q & A on 2014-02-20, please post any comments or fixes.

谢谢， - 赛斯

这篇关于使用PHP和私人作曲库AWS弹性魔豆的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！