From 4981ae8877b97f68f07a2e4b1f5f8238aa72e154 Mon Sep 17 00:00:00 2001 From: Andrey Date: Tue, 9 Sep 2025 22:22:31 +0300 Subject: [PATCH] Add Ansible playbook for bot migration to new server - Add inventory.ini with server configuration - Add playbook.yml with complete migration process - Configure user 'deploy' with UID/GID 1001:1001 - Add SSH key setup for GitHub access - Add Docker group membership for deploy user - Include data migration from old server - Add port validation for all services --- infra/ansible/inventory.ini | 5 + infra/ansible/playbook.yml | 247 ++++++++++++++++++++++++++++++++++++ 2 files changed, 252 insertions(+) create mode 100644 infra/ansible/inventory.ini create mode 100644 infra/ansible/playbook.yml diff --git a/infra/ansible/inventory.ini b/infra/ansible/inventory.ini new file mode 100644 index 0000000..5067f2d --- /dev/null +++ b/infra/ansible/inventory.ini @@ -0,0 +1,5 @@ +[new_server] +#your-new-server-ip ansible_user=deploy + +[all:vars] +ansible_python_interpreter=/usr/bin/python3 \ No newline at end of file diff --git a/infra/ansible/playbook.yml b/infra/ansible/playbook.yml new file mode 100644 index 0000000..789be02 --- /dev/null +++ b/infra/ansible/playbook.yml @@ -0,0 +1,247 @@ +--- +- name: Полная миграция ботов на новый сервер + hosts: new_server + become: yes + + vars: + # Основная директория проекта + project_root: "/home/prod" + # Пользователь и группа + deploy_user: "deploy" + uid: "1001" + gid: "1001" + # Старый сервер для копирования данных + old_server: "root@77.223.98.129" + # Опция: пересоздавать папку /home/prod (по умолчанию — нет) + recreate_project: false + + tasks: + - name: Обновить кэш пакетов + apt: + update_cache: yes + + - name: Установить необходимые пакеты + apt: + name: + - docker.io + - docker-compose + - make + - git + - python3-pip + - curl + - sshpass + - rsync + state: present + + - name: Включить и запустить Docker + systemd: + name: docker + enabled: yes + state: started + + - name: Проверить существование пользователя deploy + getent: + database: passwd + key: "{{ deploy_user }}" + register: user_exists + failed_when: false + + - name: Создать группу deploy с GID 1001 + group: + name: "{{ deploy_user }}" + gid: "{{ gid }}" + when: not user_exists.exists + + - name: Создать пользователя deploy с UID 1001 (если не существует) + user: + name: "{{ deploy_user }}" + uid: "{{ uid }}" + group: "{{ gid }}" + shell: /bin/bash + create_home: yes + system: no + groups: docker + append: yes + when: not user_exists.exists + + - name: Настроить безопасный SSH + lineinfile: + path: /etc/ssh/sshd_config + regexp: "^{{ item.regexp }}" + line: "{{ item.line }}" + backup: yes + loop: + - { regexp: "PermitRootLogin", line: "PermitRootLogin no" } + - { regexp: "PasswordAuthentication", line: "PasswordAuthentication no" } + - { regexp: "PubkeyAuthentication", line: "PubkeyAuthentication yes" } + notify: reload ssh + + - name: Удалить /home/prod, если требуется (чистое развертывание) + file: + path: "{{ project_root }}" + state: absent + when: recreate_project | bool + + - name: Создать директорию проекта /home/prod + file: + path: "{{ project_root }}" + state: directory + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0755' + + - name: Настроить SSH ключи для GitHub + authorized_key: + user: "{{ deploy_user }}" + key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" + state: present + + - name: Настроить SSH config для GitHub + lineinfile: + path: "/home/{{ deploy_user }}/.ssh/config" + line: "Host github.com\n StrictHostKeyChecking no\n UserKnownHostsFile /dev/null" + create: yes + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0600' + + - name: Клонировать основной репозиторий prod + git: + repo: git@github.com:KerradKerridi/prod.git + dest: "{{ project_root }}" + clone: yes + update: yes + become: yes + become_user: "{{ deploy_user }}" + + - name: Клонировать AnonBot + git: + repo: git@github.com:KerradKerridi/AnonBot.git + dest: "{{ project_root }}/bots/AnonBot" + clone: yes + update: yes + become: yes + become_user: "{{ deploy_user }}" + + - name: Клонировать telegram-helper-bot + git: + repo: git@github.com:KerradKerridi/telegram-helper-bot.git + dest: "{{ project_root }}/bots/telegram-helper-bot" + clone: yes + update: yes + become: yes + become_user: "{{ deploy_user }}" + + - name: Копировать .env для telegram-helper-bot со старого сервера + synchronize: + src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/.env" + dest: "{{ project_root }}/bots/telegram-helper-bot/.env" + mode: pull + delegate_to: localhost + become: yes + become_user: "{{ deploy_user }}" + + - name: Копировать БД для telegram-helper-bot + synchronize: + src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/database/tg-bot-database.db" + dest: "{{ project_root }}/bots/telegram-helper-bot/database/" + mode: pull + delegate_to: localhost + become: yes + become_user: "{{ deploy_user }}" + + - name: Копировать voice_users для telegram-helper-bot + synchronize: + src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/voice_users/" + dest: "{{ project_root }}/bots/telegram-helper-bot/voice_users/" + mode: pull + delegate_to: localhost + become: yes + become_user: "{{ deploy_user }}" + + - name: Копировать .env для AnonBot + synchronize: + src: "ssh://{{ old_server }}/home/prod/bots/AnonBot/.env" + dest: "{{ project_root }}/bots/AnonBot/.env" + mode: pull + delegate_to: localhost + become: yes + become_user: "{{ deploy_user }}" + + - name: Копировать БД для AnonBot + synchronize: + src: "ssh://{{ old_server }}/home/prod/bots/AnonBot/database/anon_qna.db" + dest: "{{ project_root }}/bots/AnonBot/database/" + mode: pull + delegate_to: localhost + become: yes + become_user: "{{ deploy_user }}" + + - name: Установить права на скопированные файлы + file: + path: "{{ item }}" + owner: "{{ deploy_user }}" + group: "{{ deploy_user }}" + mode: '0644' + loop: + - "{{ project_root }}/bots/telegram-helper-bot/.env" + - "{{ project_root }}/bots/telegram-helper-bot/database/tg-bot-database.db" + - "{{ project_root }}/bots/telegram-helper-bot/voice_users" + - "{{ project_root }}/bots/AnonBot/.env" + - "{{ project_root }}/bots/AnonBot/database/anon_qna.db" + become: yes + + - name: Запустить ботов через make up + command: make up + args: + chdir: "{{ project_root }}" + become: yes + become_user: "{{ deploy_user }}" + + # --- НОВОЕ: Проверка портов --- + - name: Пауза на 30 секунд — дать контейнерам запуститься + pause: + seconds: 30 + + - name: Проверить, что порт 8080 (Telegram Bot) открыт + wait_for: + port: 8080 + host: "{{ ansible_host }}" + timeout: 30 + state: started + delegate_to: localhost + + - name: Проверить, что порт 8081 (AnonBot) открыт + wait_for: + port: 8081 + host: "{{ ansible_host }}" + timeout: 30 + state: started + delegate_to: localhost + + - name: Проверить, что порт 9090 (Prometheus) открыт + wait_for: + port: 9090 + host: "{{ ansible_host }}" + timeout: 30 + state: started + delegate_to: localhost + + - name: Проверить, что порт 3000 (Grafana) открыт + wait_for: + port: 3000 + host: "{{ ansible_host }}" + timeout: 30 + state: started + delegate_to: localhost + + - name: Проверка запуска ботов завершена — всё работает 🟢 + debug: + msg: "Все сервисы запущены и слушают нужные порты." + + # handler для перезагрузки SSH + handlers: + - name: reload ssh + systemd: + name: ssh + state: reloaded \ No newline at end of file