feat: enhance Ansible playbook with project directory permissions and service checks

- Add tasks to set directory permissions for the project before and after cloning. - Introduce a task to reload the SSH service to apply new configurations. - Implement a check for Node Exporter metrics availability. - Update Prometheus configuration comment for clarity on Node Exporter target.
2025-09-19 01:56:12 +03:00
parent 1db579797d
commit 14b19699c5
2 changed files with 36 additions and 1 deletions
--- a/infra/ansible/playbook.yml
+++ b/infra/ansible/playbook.yml
@@ -330,6 +330,15 @@
    # ЭТАП 5: КЛОНИРОВАНИЕ РЕПОЗИТОРИЕВ (DEPLOY)
    # ========================================

+    - name: "[5/10] Исправить права на директорию проекта перед клонированием"
+      file:
+        path: "{{ project_root }}"
+        owner: "{{ deploy_user }}"
+        group: "{{ deploy_user }}"
+        mode: '0755'
+        recurse: yes
+      become: yes
+
    - name: "[5/10] Клонировать основной репозиторий prod"
      git:
        repo: git@github.com:KerradKerridi/prod.git
@@ -358,6 +367,15 @@
      become: yes
      become_user: "{{ deploy_user }}"

+    - name: "[5/10] Исправить права на все файлы после клонирования"
+      file:
+        path: "{{ project_root }}"
+        owner: "{{ deploy_user }}"
+        group: "{{ deploy_user }}"
+        mode: '0755'
+        recurse: yes
+      become: yes
+
    # ========================================
    # ЭТАП 6: КОПИРОВАНИЕ КОНФИГУРАЦИЙ (ROOT)
    # ========================================
@@ -770,6 +788,11 @@
        - { regexp: "AllowUsers", line: "AllowUsers {{ deploy_user }}" }
      notify: reload ssh

+    - name: "[9/10] Перезагрузить SSH сервис для применения настроек"
+      systemd:
+        name: ssh
+        state: reloaded
+
    - name: "[9/10] Создать конфигурацию Fail2ban для SSH"
      copy:
        content: |
@@ -915,6 +938,16 @@
        timeout: 30
        state: started

+    - name: "[10/10] Проверить доступность Node Exporter метрик"
+      uri:
+        url: "http://{{ ansible_host }}:9100/metrics"
+        method: GET
+        status_code: 200
+        validate_certs: no
+      register: node_exporter_metrics
+      retries: 3
+      delay: 5
+
    - name: "[10/10] Проверить, что порт 80 (Nginx HTTP) открыт"
      wait_for:
        port: 80
@@ -949,6 +982,7 @@
        url: "http://{{ ansible_host }}/nginx-health"
        method: GET
        status_code: 200
+        validate_certs: no
      register: nginx_health
      retries: 5
      delay: 10
@@ -978,6 +1012,7 @@
        url: "http://{{ ansible_host }}:3000/api/health"
        method: GET
        status_code: 200
+        validate_certs: no
      register: grafana_health
      retries: 5
      delay: 10