kerrad/prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/KerradKerridi/prod

Browse Source
This commit is contained in:
Andrey
2025-09-16 18:52:24 +03:00
parent 2661b3865e 539c074e9f
commit 5b8833a67f
33 changed files with 515 additions and 4657 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
infra/ansible/playbook.yml
View File

@@ -54,6 +54,9 @@
- prometheus-node-exporter
- fail2ban
- tzdata
- nginx
- openssl
- apache2-utils
state: present
- name: Установить часовой пояс Europe/Moscow
@@ -257,6 +260,112 @@
- "80" # HTTP
- "443" # HTTPS
# --- НАСТРОЙКА NGINX ---
- name: Остановить nginx (если запущен)
systemd:
name: nginx
state: stopped
ignore_errors: yes
- name: Создать директории для nginx конфигураций
file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: '0755'
loop:
- "{{ project_root }}/infra/nginx"
- "{{ project_root }}/infra/nginx/ssl"
- "{{ project_root }}/infra/nginx/conf.d"
- name: Сгенерировать самоподписанный SSL сертификат
command: >
openssl req -x509 -newkey rsa:4096 -keyout {{ project_root }}/infra/nginx/ssl/key.pem
-out {{ project_root }}/infra/nginx/ssl/cert.pem -days 365 -nodes
-subj "/CN={{ ansible_host }}/O=Monitoring/C=RU"
args:
creates: "{{ project_root }}/infra/nginx/ssl/cert.pem"
- name: Установить права на SSL сертификаты
file:
path: "{{ item }}"
owner: root
group: root
mode: '0600'
loop:
- "{{ project_root }}/infra/nginx/ssl/cert.pem"
- "{{ project_root }}/infra/nginx/ssl/key.pem"
- name: Создать htpasswd файл для status page
htpasswd:
path: "{{ project_root }}/infra/nginx/.htpasswd"
name: "admin"
password: "{{ lookup('env', 'STATUS_PAGE_PASSWORD') | default('admin123') }}"
owner: root
group: root
mode: '0644'
- name: Скопировать основную конфигурацию nginx
copy:
src: "{{ project_root }}/infra/nginx/nginx.conf"
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Скопировать конфигурации nginx для сервисов
copy:
src: "{{ project_root }}/infra/nginx/conf.d/"
dest: /etc/nginx/conf.d/
owner: root
group: root
mode: '0644'
backup: yes
- name: Скопировать SSL сертификаты
copy:
src: "{{ project_root }}/infra/nginx/ssl/"
dest: /etc/nginx/ssl/
owner: root
group: root
mode: '0600'
backup: yes
- name: Скопировать htpasswd файл
copy:
src: "{{ project_root }}/infra/nginx/.htpasswd"
dest: /etc/nginx/.htpasswd
owner: root
group: root
mode: '0644'
backup: yes
- name: Проверить конфигурацию nginx
command: nginx -t
register: nginx_config_test
changed_when: false
- name: Показать результат проверки nginx
debug:
var: nginx_config_test.stdout_lines
- name: Включить и запустить nginx
systemd:
name: nginx
enabled: yes
state: started
- name: Проверить статус nginx
command: systemctl status nginx
register: nginx_status
changed_when: false
- name: Показать статус nginx
debug:
var: nginx_status.stdout_lines
- name: Проверить существование пользователя deploy
getent:
database: passwd
@@ -688,6 +797,49 @@
timeout: 30
state: started
- name: Проверить, что порт 80 (Nginx HTTP) открыт
wait_for:
port: 80
host: "{{ ansible_host }}"
timeout: 30
state: started
- name: Проверить, что порт 443 (Nginx HTTPS) открыт
wait_for:
port: 443
host: "{{ ansible_host }}"
timeout: 30
state: started
- name: Проверить доступность Nginx
uri:
url: "http://{{ ansible_host }}/nginx-health"
method: GET
status_code: 200
register: nginx_health
retries: 5
delay: 10
- name: Проверить доступность Grafana через Nginx
uri:
url: "https://{{ ansible_host }}/grafana/api/health"
method: GET
status_code: 200
validate_certs: no
register: grafana_nginx_health
retries: 5
delay: 10
- name: Проверить доступность Prometheus через Nginx
uri:
url: "https://{{ ansible_host }}/prometheus/-/healthy"
method: GET
status_code: 200
validate_certs: no
register: prometheus_nginx_health
retries: 5
delay: 10
- name: Проверить доступность Grafana API
uri:
url: "http://{{ ansible_host }}:3000/api/health"