Andrey
4981ae8877
- Add inventory.ini with server configuration - Add playbook.yml with complete migration process - Configure user 'deploy' with UID/GID 1001:1001 - Add SSH key setup for GitHub access - Add Docker group membership for deploy user - Include data migration from old server - Add port validation for all services
247 lines
7.8 KiB
YAML
247 lines
7.8 KiB
YAML
---
|
||
- name: Полная миграция ботов на новый сервер
|
||
hosts: new_server
|
||
become: yes
|
||
|
||
vars:
|
||
# Основная директория проекта
|
||
project_root: "/home/prod"
|
||
# Пользователь и группа
|
||
deploy_user: "deploy"
|
||
uid: "1001"
|
||
gid: "1001"
|
||
# Старый сервер для копирования данных
|
||
old_server: "root@77.223.98.129"
|
||
# Опция: пересоздавать папку /home/prod (по умолчанию — нет)
|
||
recreate_project: false
|
||
|
||
tasks:
|
||
- name: Обновить кэш пакетов
|
||
apt:
|
||
update_cache: yes
|
||
|
||
- name: Установить необходимые пакеты
|
||
apt:
|
||
name:
|
||
- docker.io
|
||
- docker-compose
|
||
- make
|
||
- git
|
||
- python3-pip
|
||
- curl
|
||
- sshpass
|
||
- rsync
|
||
state: present
|
||
|
||
- name: Включить и запустить Docker
|
||
systemd:
|
||
name: docker
|
||
enabled: yes
|
||
state: started
|
||
|
||
- name: Проверить существование пользователя deploy
|
||
getent:
|
||
database: passwd
|
||
key: "{{ deploy_user }}"
|
||
register: user_exists
|
||
failed_when: false
|
||
|
||
- name: Создать группу deploy с GID 1001
|
||
group:
|
||
name: "{{ deploy_user }}"
|
||
gid: "{{ gid }}"
|
||
when: not user_exists.exists
|
||
|
||
- name: Создать пользователя deploy с UID 1001 (если не существует)
|
||
user:
|
||
name: "{{ deploy_user }}"
|
||
uid: "{{ uid }}"
|
||
group: "{{ gid }}"
|
||
shell: /bin/bash
|
||
create_home: yes
|
||
system: no
|
||
groups: docker
|
||
append: yes
|
||
when: not user_exists.exists
|
||
|
||
- name: Настроить безопасный SSH
|
||
lineinfile:
|
||
path: /etc/ssh/sshd_config
|
||
regexp: "^{{ item.regexp }}"
|
||
line: "{{ item.line }}"
|
||
backup: yes
|
||
loop:
|
||
- { regexp: "PermitRootLogin", line: "PermitRootLogin no" }
|
||
- { regexp: "PasswordAuthentication", line: "PasswordAuthentication no" }
|
||
- { regexp: "PubkeyAuthentication", line: "PubkeyAuthentication yes" }
|
||
notify: reload ssh
|
||
|
||
- name: Удалить /home/prod, если требуется (чистое развертывание)
|
||
file:
|
||
path: "{{ project_root }}"
|
||
state: absent
|
||
when: recreate_project | bool
|
||
|
||
- name: Создать директорию проекта /home/prod
|
||
file:
|
||
path: "{{ project_root }}"
|
||
state: directory
|
||
owner: "{{ deploy_user }}"
|
||
group: "{{ deploy_user }}"
|
||
mode: '0755'
|
||
|
||
- name: Настроить SSH ключи для GitHub
|
||
authorized_key:
|
||
user: "{{ deploy_user }}"
|
||
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
|
||
state: present
|
||
|
||
- name: Настроить SSH config для GitHub
|
||
lineinfile:
|
||
path: "/home/{{ deploy_user }}/.ssh/config"
|
||
line: "Host github.com\n StrictHostKeyChecking no\n UserKnownHostsFile /dev/null"
|
||
create: yes
|
||
owner: "{{ deploy_user }}"
|
||
group: "{{ deploy_user }}"
|
||
mode: '0600'
|
||
|
||
- name: Клонировать основной репозиторий prod
|
||
git:
|
||
repo: git@github.com:KerradKerridi/prod.git
|
||
dest: "{{ project_root }}"
|
||
clone: yes
|
||
update: yes
|
||
become: yes
|
||
become_user: "{{ deploy_user }}"
|
||
|
||
- name: Клонировать AnonBot
|
||
git:
|
||
repo: git@github.com:KerradKerridi/AnonBot.git
|
||
dest: "{{ project_root }}/bots/AnonBot"
|
||
clone: yes
|
||
update: yes
|
||
become: yes
|
||
become_user: "{{ deploy_user }}"
|
||
|
||
- name: Клонировать telegram-helper-bot
|
||
git:
|
||
repo: git@github.com:KerradKerridi/telegram-helper-bot.git
|
||
dest: "{{ project_root }}/bots/telegram-helper-bot"
|
||
clone: yes
|
||
update: yes
|
||
become: yes
|
||
become_user: "{{ deploy_user }}"
|
||
|
||
- name: Копировать .env для telegram-helper-bot со старого сервера
|
||
synchronize:
|
||
src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/.env"
|
||
dest: "{{ project_root }}/bots/telegram-helper-bot/.env"
|
||
mode: pull
|
||
delegate_to: localhost
|
||
become: yes
|
||
become_user: "{{ deploy_user }}"
|
||
|
||
- name: Копировать БД для telegram-helper-bot
|
||
synchronize:
|
||
src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/database/tg-bot-database.db"
|
||
dest: "{{ project_root }}/bots/telegram-helper-bot/database/"
|
||
mode: pull
|
||
delegate_to: localhost
|
||
become: yes
|
||
become_user: "{{ deploy_user }}"
|
||
|
||
- name: Копировать voice_users для telegram-helper-bot
|
||
synchronize:
|
||
src: "ssh://{{ old_server }}/home/prod/bots/telegram-helper-bot/voice_users/"
|
||
dest: "{{ project_root }}/bots/telegram-helper-bot/voice_users/"
|
||
mode: pull
|
||
delegate_to: localhost
|
||
become: yes
|
||
become_user: "{{ deploy_user }}"
|
||
|
||
- name: Копировать .env для AnonBot
|
||
synchronize:
|
||
src: "ssh://{{ old_server }}/home/prod/bots/AnonBot/.env"
|
||
dest: "{{ project_root }}/bots/AnonBot/.env"
|
||
mode: pull
|
||
delegate_to: localhost
|
||
become: yes
|
||
become_user: "{{ deploy_user }}"
|
||
|
||
- name: Копировать БД для AnonBot
|
||
synchronize:
|
||
src: "ssh://{{ old_server }}/home/prod/bots/AnonBot/database/anon_qna.db"
|
||
dest: "{{ project_root }}/bots/AnonBot/database/"
|
||
mode: pull
|
||
delegate_to: localhost
|
||
become: yes
|
||
become_user: "{{ deploy_user }}"
|
||
|
||
- name: Установить права на скопированные файлы
|
||
file:
|
||
path: "{{ item }}"
|
||
owner: "{{ deploy_user }}"
|
||
group: "{{ deploy_user }}"
|
||
mode: '0644'
|
||
loop:
|
||
- "{{ project_root }}/bots/telegram-helper-bot/.env"
|
||
- "{{ project_root }}/bots/telegram-helper-bot/database/tg-bot-database.db"
|
||
- "{{ project_root }}/bots/telegram-helper-bot/voice_users"
|
||
- "{{ project_root }}/bots/AnonBot/.env"
|
||
- "{{ project_root }}/bots/AnonBot/database/anon_qna.db"
|
||
become: yes
|
||
|
||
- name: Запустить ботов через make up
|
||
command: make up
|
||
args:
|
||
chdir: "{{ project_root }}"
|
||
become: yes
|
||
become_user: "{{ deploy_user }}"
|
||
|
||
# --- НОВОЕ: Проверка портов ---
|
||
- name: Пауза на 30 секунд — дать контейнерам запуститься
|
||
pause:
|
||
seconds: 30
|
||
|
||
- name: Проверить, что порт 8080 (Telegram Bot) открыт
|
||
wait_for:
|
||
port: 8080
|
||
host: "{{ ansible_host }}"
|
||
timeout: 30
|
||
state: started
|
||
delegate_to: localhost
|
||
|
||
- name: Проверить, что порт 8081 (AnonBot) открыт
|
||
wait_for:
|
||
port: 8081
|
||
host: "{{ ansible_host }}"
|
||
timeout: 30
|
||
state: started
|
||
delegate_to: localhost
|
||
|
||
- name: Проверить, что порт 9090 (Prometheus) открыт
|
||
wait_for:
|
||
port: 9090
|
||
host: "{{ ansible_host }}"
|
||
timeout: 30
|
||
state: started
|
||
delegate_to: localhost
|
||
|
||
- name: Проверить, что порт 3000 (Grafana) открыт
|
||
wait_for:
|
||
port: 3000
|
||
host: "{{ ansible_host }}"
|
||
timeout: 30
|
||
state: started
|
||
delegate_to: localhost
|
||
|
||
- name: Проверка запуска ботов завершена — всё работает 🟢
|
||
debug:
|
||
msg: "Все сервисы запущены и слушают нужные порты."
|
||
|
||
# handler для перезагрузки SSH
|
||
handlers:
|
||
- name: reload ssh
|
||
systemd:
|
||
name: ssh
|
||
state: reloaded |