From 136469793c9018decb7f0a127341007f5c384ae1 Mon Sep 17 00:00:00 2001 From: Andrey Date: Thu, 11 Sep 2025 00:09:19 +0300 Subject: [PATCH] Update Ansible playbook for server migration and configuration - Change SSH user to root for initial setup - Add tasks for updating SSH host keys and configuring UFW - Implement Docker Compose installation and service management - Enhance data migration process for telegram-helper-bot and AnonBot - Include checks for database sizes and permissions adjustments for voice_users - Clean up temporary files after migration --- infra/ansible/playbook.yml | 233 +++++++++++++++++++++++++++++++------ 1 file changed, 195 insertions(+), 38 deletions(-) diff --git a/infra/ansible/playbook.yml b/infra/ansible/playbook.yml index d5ecda6..86fcb95 100644 --- a/infra/ansible/playbook.yml +++ b/infra/ansible/playbook.yml @@ -16,6 +16,20 @@ recreate_project: false tasks: + - name: Обновить SSH host key для избежания ошибок при переустановке + known_hosts: + path: ~/.ssh/known_hosts + name: "{{ ansible_host }}" + key: "{{ lookup('pipe', 'ssh-keyscan -t rsa,ecdsa,ed25519 ' + ansible_host) }}" + state: present + delegate_to: localhost + run_once: true + ignore_errors: yes + + - name: Переключиться на root для начальной настройки + set_fact: + ansible_user: root + - name: Обновить кэш пакетов apt: update_cache: yes @@ -40,21 +54,33 @@ - ncdu state: present + - name: Обновить Docker Compose до последней версии + get_url: + url: "https://github.com/docker/compose/releases/latest/download/docker-compose-{{ ansible_system }}-{{ ansible_architecture }}" + dest: /usr/local/bin/docker-compose + mode: '0755' + become: yes + - name: Включить и запустить Docker systemd: name: docker enabled: yes state: started - - name: Настроить UFW (файрвол) + - name: Разрешить SSH (порт 22) перед включением UFW ufw: - state: enabled - policy: deny - direction: incoming rule: allow port: "22" proto: tcp - notify: restart ufw + + - name: Настроить политику UFW по умолчанию + ufw: + policy: deny + direction: incoming + + - name: Включить UFW (файрвол) + ufw: + state: enabled - name: Открыть порты для сервисов ufw: @@ -66,7 +92,6 @@ - "8081" # AnonBot - "9090" # Prometheus - "3000" # Grafana - notify: restart ufw - name: Проверить существование пользователя deploy getent: @@ -75,11 +100,14 @@ register: user_exists failed_when: false + - name: Переключиться на пользователя deploy + meta: reset_connection + - name: Создать группу deploy с GID 1001 group: name: "{{ deploy_user }}" gid: "{{ gid }}" - when: not user_exists.exists + when: user_exists.ansible_facts.getent_passwd is not defined - name: Создать пользователя deploy с UID 1001 (если не существует) user: @@ -91,13 +119,19 @@ system: no groups: docker append: yes - when: not user_exists.exists + when: user_exists.ansible_facts.getent_passwd is not defined - name: Установить zsh как оболочку по умолчанию для существующего пользователя deploy user: name: "{{ deploy_user }}" shell: /bin/zsh - when: user_exists.exists + when: user_exists.ansible_facts.getent_passwd is defined + + - name: Скопировать SSH ключ с локальной машины для пользователя deploy + authorized_key: + user: "{{ deploy_user }}" + key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" + state: present - name: Настроить безопасный SSH lineinfile: @@ -131,6 +165,15 @@ key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" state: present + - name: Скопировать приватный SSH ключ для Git + copy: + src: "~/.ssh/id_rsa" + dest: "/home/{{ deploy_user }}/.ssh/id_rsa" + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0600' + remote_src: no + - name: Настроить SSH config для GitHub lineinfile: path: "/home/{{ deploy_user }}/.ssh/config" @@ -167,48 +210,158 @@ become: yes become_user: "{{ deploy_user }}" + - name: Скопировать SSH ключ на старый сервер для копирования файлов + authorized_key: + user: root + key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" + state: present + delegate_to: "{{ old_server }}" + - name: Копировать .env для telegram-helper-bot со старого сервера - synchronize: - src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/.env" + fetch: + src: "/home/prod/bots/telegram-helper-bot/.env" + dest: "/tmp/telegram-helper-bot.env" + flat: yes + delegate_to: "{{ old_server }}" + + - name: Переместить .env для telegram-helper-bot на новое место + copy: + src: "/tmp/telegram-helper-bot.env" dest: "{{ project_root }}/bots/telegram-helper-bot/.env" - mode: pull - delegate_to: localhost + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0644' become: yes become_user: "{{ deploy_user }}" + - name: Проверить размер БД для telegram-helper-bot + stat: + path: "/home/prod/bots/telegram-helper-bot/database/tg-bot-database.db" + delegate_to: "{{ old_server }}" + register: db_size + + - name: Показать размер БД для telegram-helper-bot + debug: + msg: "Размер БД: {{ (db_size.stat.size / 1024 / 1024) | round(2) }} MB" + - name: Копировать БД для telegram-helper-bot - synchronize: - src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/database/tg-bot-database.db" - dest: "{{ project_root }}/bots/telegram-helper-bot/database/" - mode: pull - delegate_to: localhost + fetch: + src: "/home/prod/bots/telegram-helper-bot/database/tg-bot-database.db" + dest: "/tmp/tg-bot-database.db" + flat: yes + delegate_to: "{{ old_server }}" + + - name: Переместить БД для telegram-helper-bot на новое место + copy: + src: "/tmp/tg-bot-database.db" + dest: "{{ project_root }}/bots/telegram-helper-bot/database/tg-bot-database.db" + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0644' become: yes become_user: "{{ deploy_user }}" - - name: Копировать voice_users для telegram-helper-bot - synchronize: - src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/voice_users/" - dest: "{{ project_root }}/bots/telegram-helper-bot/voice_users/" - mode: pull - delegate_to: localhost + - name: Создать папку voice_users на новом сервере + file: + path: "{{ project_root }}/bots/telegram-helper-bot/voice_users" + state: directory + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0755' become: yes become_user: "{{ deploy_user }}" + - name: Создать временную папку для voice_users на локальной машине + file: + path: "/tmp/voice_users_migration" + state: directory + mode: '0755' + delegate_to: localhost + become: no + + - name: Копировать voice_users со старого сервера на локальную машину + command: > + rsync -avz --progress --stats --partial --verbose + root@77.223.98.129:/home/prod/bots/telegram-helper-bot/voice_users/ + /tmp/voice_users_migration/ + delegate_to: localhost + become: no + + - name: Копировать voice_users с локальной машины на новый сервер + synchronize: + src: "/tmp/voice_users_migration/" + dest: "{{ project_root }}/bots/telegram-helper-bot/voice_users/" + mode: push + rsync_opts: "--progress --stats --partial --verbose" + become: yes + become_user: "{{ deploy_user }}" + + - name: Очистить временную папку на локальной машине + file: + path: "/tmp/voice_users_migration" + state: absent + delegate_to: localhost + become: no + + - name: Копировать корневой .env файл + fetch: + src: "/home/prod/.env" + dest: "/tmp/root.env" + flat: yes + delegate_to: "{{ old_server }}" + + - name: Переместить корневой .env файл на новое место + copy: + src: "/tmp/root.env" + dest: "{{ project_root }}/.env" + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0644' + become: yes + become_user: "{{ deploy_user }}" + + - name: Копировать .env для AnonBot - synchronize: - src: "ssh://{{ old_server }}/home/prod/bots/AnonBot/.env" + fetch: + src: "/home/prod/bots/AnonBot/.env" + dest: "/tmp/anonbot.env" + flat: yes + delegate_to: "{{ old_server }}" + + - name: Переместить .env для AnonBot на новое место + copy: + src: "/tmp/anonbot.env" dest: "{{ project_root }}/bots/AnonBot/.env" - mode: pull - delegate_to: localhost + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0644' become: yes become_user: "{{ deploy_user }}" + - name: Проверить размер БД для AnonBot + stat: + path: "/home/prod/bots/AnonBot/database/anon_qna.db" + delegate_to: "{{ old_server }}" + register: anon_db_size + + - name: Показать размер БД для AnonBot + debug: + msg: "Размер БД AnonBot: {{ (anon_db_size.stat.size / 1024 / 1024) | round(2) }} MB" + - name: Копировать БД для AnonBot - synchronize: - src: "ssh://{{ old_server }}/home/prod/bots/AnonBot/database/anon_qna.db" - dest: "{{ project_root }}/bots/AnonBot/database/" - mode: pull - delegate_to: localhost + fetch: + src: "/home/prod/bots/AnonBot/database/anon_qna.db" + dest: "/tmp/anon_qna.db" + flat: yes + delegate_to: "{{ old_server }}" + + - name: Переместить БД для AnonBot на новое место + copy: + src: "/tmp/anon_qna.db" + dest: "{{ project_root }}/bots/AnonBot/database/anon_qna.db" + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0644' become: yes become_user: "{{ deploy_user }}" @@ -221,11 +374,19 @@ loop: - "{{ project_root }}/bots/telegram-helper-bot/.env" - "{{ project_root }}/bots/telegram-helper-bot/database/tg-bot-database.db" - - "{{ project_root }}/bots/telegram-helper-bot/voice_users" - "{{ project_root }}/bots/AnonBot/.env" - "{{ project_root }}/bots/AnonBot/database/anon_qna.db" become: yes + - name: Исправить права доступа для voice_users (рекурсивно) + file: + path: "{{ project_root }}/bots/telegram-helper-bot/voice_users" + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0755' + recurse: yes + become: yes + - name: Запустить ботов через make up command: make up args: @@ -244,7 +405,6 @@ host: "{{ ansible_host }}" timeout: 30 state: started - delegate_to: localhost - name: Проверить, что порт 8081 (AnonBot) открыт wait_for: @@ -252,7 +412,6 @@ host: "{{ ansible_host }}" timeout: 30 state: started - delegate_to: localhost - name: Проверить, что порт 9090 (Prometheus) открыт wait_for: @@ -260,7 +419,6 @@ host: "{{ ansible_host }}" timeout: 30 state: started - delegate_to: localhost - name: Проверить, что порт 3000 (Grafana) открыт wait_for: @@ -268,7 +426,6 @@ host: "{{ ansible_host }}" timeout: 30 state: started - delegate_to: localhost - name: Проверка запуска ботов завершена — всё работает 🟢 debug: