kerrad/prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Ansible playbook for server migration and configuration

Browse Source 
- Change SSH user to root for initial setup
- Add tasks for updating SSH host keys and configuring UFW
- Implement Docker Compose installation and service management
- Enhance data migration process for telegram-helper-bot and AnonBot
- Include checks for database sizes and permissions adjustments for voice_users
- Clean up temporary files after migration
This commit is contained in:
Andrey
2025-09-11 00:09:19 +03:00
parent bb91e139bc
commit 136469793c
1 changed files with 195 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

233
infra/ansible/playbook.yml
View File

@@ -16,6 +16,20 @@
recreate_project: false recreate_project: false
tasks: tasks:
- name: Обновить SSH host key для избежания ошибок при переустановке
known_hosts:
path: ~/.ssh/known_hosts
name: "{{ ansible_host }}"
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa,ecdsa,ed25519 ' + ansible_host) }}"
state: present
delegate_to: localhost
run_once: true
ignore_errors: yes
- name: Переключиться на root для начальной настройки
set_fact:
ansible_user: root
- name: Обновить кэш пакетов - name: Обновить кэш пакетов
apt: apt:
update_cache: yes update_cache: yes
@@ -40,21 +54,33 @@
- ncdu - ncdu
state: present state: present
- name: Обновить Docker Compose до последней версии
get_url:
url: "https://github.com/docker/compose/releases/latest/download/docker-compose-{{ ansible_system }}-{{ ansible_architecture }}"
dest: /usr/local/bin/docker-compose
mode: '0755'
become: yes
- name: Включить и запустить Docker - name: Включить и запустить Docker
systemd: systemd:
name: docker name: docker
enabled: yes enabled: yes
state: started state: started
- name: Настроить UFW (файрвол) - name: Разрешить SSH (порт 22) перед включением UFW
ufw: ufw:
state: enabled
policy: deny
direction: incoming
rule: allow rule: allow
port: "22" port: "22"
proto: tcp proto: tcp
notify: restart ufw
- name: Настроить политику UFW по умолчанию
ufw:
policy: deny
direction: incoming
- name: Включить UFW (файрвол)
ufw:
state: enabled
- name: Открыть порты для сервисов - name: Открыть порты для сервисов
ufw: ufw:
@@ -66,7 +92,6 @@
- "8081" # AnonBot - "8081" # AnonBot
- "9090" # Prometheus - "9090" # Prometheus
- "3000" # Grafana - "3000" # Grafana
notify: restart ufw
- name: Проверить существование пользователя deploy - name: Проверить существование пользователя deploy
getent: getent:
@@ -75,11 +100,14 @@
register: user_exists register: user_exists
failed_when: false failed_when: false
- name: Переключиться на пользователя deploy
meta: reset_connection
- name: Создать группу deploy с GID 1001 - name: Создать группу deploy с GID 1001
group: group:
name: "{{ deploy_user }}" name: "{{ deploy_user }}"
gid: "{{ gid }}" gid: "{{ gid }}"
when: not user_exists.exists when: user_exists.ansible_facts.getent_passwd is not defined
- name: Создать пользователя deploy с UID 1001 (если не существует) - name: Создать пользователя deploy с UID 1001 (если не существует)
user: user:
@@ -91,13 +119,19 @@
system: no system: no
groups: docker groups: docker
append: yes append: yes
when: not user_exists.exists when: user_exists.ansible_facts.getent_passwd is not defined
- name: Установить zsh как оболочку по умолчанию для существующего пользователя deploy - name: Установить zsh как оболочку по умолчанию для существующего пользователя deploy
user: user:
name: "{{ deploy_user }}" name: "{{ deploy_user }}"
shell: /bin/zsh shell: /bin/zsh
when: user_exists.exists when: user_exists.ansible_facts.getent_passwd is defined
- name: Скопировать SSH ключ с локальной машины для пользователя deploy
authorized_key:
user: "{{ deploy_user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: present
- name: Настроить безопасный SSH - name: Настроить безопасный SSH
lineinfile: lineinfile:
@@ -131,6 +165,15 @@
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: present state: present
- name: Скопировать приватный SSH ключ для Git
copy:
src: "~/.ssh/id_rsa"
dest: "/home/{{ deploy_user }}/.ssh/id_rsa"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0600'
remote_src: no
- name: Настроить SSH config для GitHub - name: Настроить SSH config для GitHub
lineinfile: lineinfile:
path: "/home/{{ deploy_user }}/.ssh/config" path: "/home/{{ deploy_user }}/.ssh/config"
@@ -167,48 +210,158 @@
become: yes become: yes
become_user: "{{ deploy_user }}" become_user: "{{ deploy_user }}"
- name: Скопировать SSH ключ на старый сервер для копирования файлов
authorized_key:
user: root
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: present
delegate_to: "{{ old_server }}"
- name: Копировать .env для telegram-helper-bot со старого сервера - name: Копировать .env для telegram-helper-bot со старого сервера
synchronize: fetch:
src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/.env" src: "/home/prod/bots/telegram-helper-bot/.env"
dest: "/tmp/telegram-helper-bot.env"
flat: yes
delegate_to: "{{ old_server }}"
- name: Переместить .env для telegram-helper-bot на новое место
copy:
src: "/tmp/telegram-helper-bot.env"
dest: "{{ project_root }}/bots/telegram-helper-bot/.env" dest: "{{ project_root }}/bots/telegram-helper-bot/.env"
mode: pull owner: "{{ deploy_user }}"
delegate_to: localhost group: "{{ deploy_user }}"
mode: '0644'
become: yes become: yes
become_user: "{{ deploy_user }}" become_user: "{{ deploy_user }}"
- name: Проверить размер БД для telegram-helper-bot
stat:
path: "/home/prod/bots/telegram-helper-bot/database/tg-bot-database.db"
delegate_to: "{{ old_server }}"
register: db_size
- name: Показать размер БД для telegram-helper-bot
debug:
msg: "Размер БД: {{ (db_size.stat.size / 1024 / 1024) | round(2) }} MB"
- name: Копировать БД для telegram-helper-bot - name: Копировать БД для telegram-helper-bot
synchronize: fetch:
src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/database/tg-bot-database.db" src: "/home/prod/bots/telegram-helper-bot/database/tg-bot-database.db"
dest: "{{ project_root }}/bots/telegram-helper-bot/database/" dest: "/tmp/tg-bot-database.db"
mode: pull flat: yes
delegate_to: localhost delegate_to: "{{ old_server }}"
- name: Переместить БД для telegram-helper-bot на новое место
copy:
src: "/tmp/tg-bot-database.db"
dest: "{{ project_root }}/bots/telegram-helper-bot/database/tg-bot-database.db"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
become: yes become: yes
become_user: "{{ deploy_user }}" become_user: "{{ deploy_user }}"
- name: Копировать voice_users для telegram-helper-bot - name: Создать папку voice_users на новом сервере
synchronize: file:
src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/voice_users/" path: "{{ project_root }}/bots/telegram-helper-bot/voice_users"
dest: "{{ project_root }}/bots/telegram-helper-bot/voice_users/" state: directory
mode: pull owner: "{{ deploy_user }}"
delegate_to: localhost group: "{{ deploy_user }}"
mode: '0755'
become: yes become: yes
become_user: "{{ deploy_user }}" become_user: "{{ deploy_user }}"
- name: Создать временную папку для voice_users на локальной машине
file:
path: "/tmp/voice_users_migration"
state: directory
mode: '0755'
delegate_to: localhost
become: no
- name: Копировать voice_users со старого сервера на локальную машину
command: >
rsync -avz --progress --stats --partial --verbose
root@77.223.98.129:/home/prod/bots/telegram-helper-bot/voice_users/
/tmp/voice_users_migration/
delegate_to: localhost
become: no
- name: Копировать voice_users с локальной машины на новый сервер
synchronize:
src: "/tmp/voice_users_migration/"
dest: "{{ project_root }}/bots/telegram-helper-bot/voice_users/"
mode: push
rsync_opts: "--progress --stats --partial --verbose"
become: yes
become_user: "{{ deploy_user }}"
- name: Очистить временную папку на локальной машине
file:
path: "/tmp/voice_users_migration"
state: absent
delegate_to: localhost
become: no
- name: Копировать корневой .env файл
fetch:
src: "/home/prod/.env"
dest: "/tmp/root.env"
flat: yes
delegate_to: "{{ old_server }}"
- name: Переместить корневой .env файл на новое место
copy:
src: "/tmp/root.env"
dest: "{{ project_root }}/.env"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
become: yes
become_user: "{{ deploy_user }}"
- name: Копировать .env для AnonBot - name: Копировать .env для AnonBot
synchronize: fetch:
src: "ssh://{{ old_server }}/home/prod/bots/AnonBot/.env" src: "/home/prod/bots/AnonBot/.env"
dest: "/tmp/anonbot.env"
flat: yes
delegate_to: "{{ old_server }}"
- name: Переместить .env для AnonBot на новое место
copy:
src: "/tmp/anonbot.env"
dest: "{{ project_root }}/bots/AnonBot/.env" dest: "{{ project_root }}/bots/AnonBot/.env"
mode: pull owner: "{{ deploy_user }}"
delegate_to: localhost group: "{{ deploy_user }}"
mode: '0644'
become: yes become: yes
become_user: "{{ deploy_user }}" become_user: "{{ deploy_user }}"
- name: Проверить размер БД для AnonBot
stat:
path: "/home/prod/bots/AnonBot/database/anon_qna.db"
delegate_to: "{{ old_server }}"
register: anon_db_size
- name: Показать размер БД для AnonBot
debug:
msg: "Размер БД AnonBot: {{ (anon_db_size.stat.size / 1024 / 1024) | round(2) }} MB"
- name: Копировать БД для AnonBot - name: Копировать БД для AnonBot
synchronize: fetch:
src: "ssh://{{ old_server }}/home/prod/bots/AnonBot/database/anon_qna.db" src: "/home/prod/bots/AnonBot/database/anon_qna.db"
dest: "{{ project_root }}/bots/AnonBot/database/" dest: "/tmp/anon_qna.db"
mode: pull flat: yes
delegate_to: localhost delegate_to: "{{ old_server }}"
- name: Переместить БД для AnonBot на новое место
copy:
src: "/tmp/anon_qna.db"
dest: "{{ project_root }}/bots/AnonBot/database/anon_qna.db"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
become: yes become: yes
become_user: "{{ deploy_user }}" become_user: "{{ deploy_user }}"
@@ -221,11 +374,19 @@
loop: loop:
- "{{ project_root }}/bots/telegram-helper-bot/.env" - "{{ project_root }}/bots/telegram-helper-bot/.env"
- "{{ project_root }}/bots/telegram-helper-bot/database/tg-bot-database.db" - "{{ project_root }}/bots/telegram-helper-bot/database/tg-bot-database.db"
- "{{ project_root }}/bots/telegram-helper-bot/voice_users"
- "{{ project_root }}/bots/AnonBot/.env" - "{{ project_root }}/bots/AnonBot/.env"
- "{{ project_root }}/bots/AnonBot/database/anon_qna.db" - "{{ project_root }}/bots/AnonBot/database/anon_qna.db"
become: yes become: yes
- name: Исправить права доступа для voice_users (рекурсивно)
file:
path: "{{ project_root }}/bots/telegram-helper-bot/voice_users"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
recurse: yes
become: yes
- name: Запустить ботов через make up - name: Запустить ботов через make up
command: make up command: make up
args: args:
@@ -244,7 +405,6 @@
host: "{{ ansible_host }}" host: "{{ ansible_host }}"
timeout: 30 timeout: 30
state: started state: started
delegate_to: localhost
- name: Проверить, что порт 8081 (AnonBot) открыт - name: Проверить, что порт 8081 (AnonBot) открыт
wait_for: wait_for:
@@ -252,7 +412,6 @@
host: "{{ ansible_host }}" host: "{{ ansible_host }}"
timeout: 30 timeout: 30
state: started state: started
delegate_to: localhost
- name: Проверить, что порт 9090 (Prometheus) открыт - name: Проверить, что порт 9090 (Prometheus) открыт
wait_for: wait_for:
@@ -260,7 +419,6 @@
host: "{{ ansible_host }}" host: "{{ ansible_host }}"
timeout: 30 timeout: 30
state: started state: started
delegate_to: localhost
- name: Проверить, что порт 3000 (Grafana) открыт - name: Проверить, что порт 3000 (Grafana) открыт
wait_for: wait_for:
@@ -268,7 +426,6 @@
host: "{{ ansible_host }}" host: "{{ ansible_host }}"
timeout: 30 timeout: 30
state: started state: started
delegate_to: localhost
- name: Проверка запуска ботов завершена — всё работает 🟢 - name: Проверка запуска ботов завершена — всё работает 🟢
debug: debug: