feat: enhance Ansible playbook with project directory permissions and service checks

- Add tasks to set directory permissions for the project before and after cloning.
- Introduce a task to reload the SSH service to apply new configurations.
- Implement a check for Node Exporter metrics availability.
- Update Prometheus configuration comment for clarity on Node Exporter target.
This commit is contained in:
2025-09-19 01:56:12 +03:00
parent 1db579797d
commit 14b19699c5
2 changed files with 36 additions and 1 deletions

View File

@@ -330,6 +330,15 @@
# ЭТАП 5: КЛОНИРОВАНИЕ РЕПОЗИТОРИЕВ (DEPLOY) # ЭТАП 5: КЛОНИРОВАНИЕ РЕПОЗИТОРИЕВ (DEPLOY)
# ======================================== # ========================================
- name: "[5/10] Исправить права на директорию проекта перед клонированием"
file:
path: "{{ project_root }}"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
recurse: yes
become: yes
- name: "[5/10] Клонировать основной репозиторий prod" - name: "[5/10] Клонировать основной репозиторий prod"
git: git:
repo: git@github.com:KerradKerridi/prod.git repo: git@github.com:KerradKerridi/prod.git
@@ -358,6 +367,15 @@
become: yes become: yes
become_user: "{{ deploy_user }}" become_user: "{{ deploy_user }}"
- name: "[5/10] Исправить права на все файлы после клонирования"
file:
path: "{{ project_root }}"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
recurse: yes
become: yes
# ======================================== # ========================================
# ЭТАП 6: КОПИРОВАНИЕ КОНФИГУРАЦИЙ (ROOT) # ЭТАП 6: КОПИРОВАНИЕ КОНФИГУРАЦИЙ (ROOT)
# ======================================== # ========================================
@@ -770,6 +788,11 @@
- { regexp: "AllowUsers", line: "AllowUsers {{ deploy_user }}" } - { regexp: "AllowUsers", line: "AllowUsers {{ deploy_user }}" }
notify: reload ssh notify: reload ssh
- name: "[9/10] Перезагрузить SSH сервис для применения настроек"
systemd:
name: ssh
state: reloaded
- name: "[9/10] Создать конфигурацию Fail2ban для SSH" - name: "[9/10] Создать конфигурацию Fail2ban для SSH"
copy: copy:
content: | content: |
@@ -915,6 +938,16 @@
timeout: 30 timeout: 30
state: started state: started
- name: "[10/10] Проверить доступность Node Exporter метрик"
uri:
url: "http://{{ ansible_host }}:9100/metrics"
method: GET
status_code: 200
validate_certs: no
register: node_exporter_metrics
retries: 3
delay: 5
- name: "[10/10] Проверить, что порт 80 (Nginx HTTP) открыт" - name: "[10/10] Проверить, что порт 80 (Nginx HTTP) открыт"
wait_for: wait_for:
port: 80 port: 80
@@ -949,6 +982,7 @@
url: "http://{{ ansible_host }}/nginx-health" url: "http://{{ ansible_host }}/nginx-health"
method: GET method: GET
status_code: 200 status_code: 200
validate_certs: no
register: nginx_health register: nginx_health
retries: 5 retries: 5
delay: 10 delay: 10
@@ -978,6 +1012,7 @@
url: "http://{{ ansible_host }}:3000/api/health" url: "http://{{ ansible_host }}:3000/api/health"
method: GET method: GET
status_code: 200 status_code: 200
validate_certs: no
register: grafana_health register: grafana_health
retries: 5 retries: 5
delay: 10 delay: 10

View File

@@ -13,7 +13,7 @@ scrape_configs:
# Job для мониторинга Node Exporter # Job для мониторинга Node Exporter
- job_name: 'node' - job_name: 'node'
static_configs: static_configs:
- targets: ['172.20.0.1:9100'] # IP хоста в Docker сети bots_network - targets: ['172.20.0.1:9100'] # Node Exporter на хосте через Docker gateway
labels: labels:
instance: 'main-server' instance: 'main-server'