Полная очистка при uninstall: VPS и output/<server>/

Скрипт --remove снимает только бинарник и systemd; Ansible дочищает конфиг,
пользователя, ufw, пакеты и всегда удаляет локальную папку экспорта.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Sergey Antropoff
2026-07-01 13:28:00 +03:00
parent 27ae65edc5
commit 45f0682d8b
4 changed files with 61 additions and 39 deletions
+10 -12
View File
@@ -84,7 +84,6 @@ make install LIMIT=vps-de
make update LIMIT=vps-nl
make export
make uninstall LIMIT=vps-de
make uninstall LIMIT=vps-de EXTRA_VARS='hysteria2_uninstall_remove_local_output=false'
make update EXTRA_VARS='hysteria2_force_export=true' # перевыпустить URL/QR для всех
make install EXTRA_VARS='hysteria2_open_browser=false'
make update EXTRA_VARS='hysteria2_wait_for_acme=false'
@@ -263,21 +262,21 @@ hysteria2_user_passwords:
## `make uninstall` — полная очистка
На **VPS** удаляется:
На **VPS** (официальный `install_server.sh --remove` + дочистка Ansible):
- сервис и бинарник Hysteria2 (`install_server.sh --remove`);
- `/etc/hysteria/` (конфиг и данные ACME);
- `/var/www/masq` (сайт-заглушка);
- пользователь `hysteria` и его home;
- правила ufw: `80/tcp`, `443/tcp`, `443/udp`;
- бинарник `/usr/local/bin/hysteria` и unit-файлы systemd;
- `/etc/hysteria/` (конфиг и ACME);
- `/var/lib/hysteria` и пользователь `hysteria`;
- `/var/www/masq` (сайт-заглушка, ветка **main**);
- symlink'и `multi-user.target.wants/hysteria-server*`;
- временные `/tmp/hysteria-client-*.yaml`;
- правила ufw, добавленные при install;
- пакеты `curl`, `micro`, `qrencode`.
На **control node**:
- папка `output/<server>/` (по умолчанию);
- пересборка общего `output/index.html` без удалённого сервера.
Сохранить локальный экспорт: `EXTRA_VARS='hysteria2_uninstall_remove_local_output=false'`.
- удаляется `output/<имя_сервера>/`;
- пересобирается общий `output/index.html`.
---
@@ -366,7 +365,6 @@ ASCII QR — `hysteria share --qr` → `user.qr.txt`.
| `hysteria2_generate_qr_png` | group | PNG QR через `qrencode` |
| `hysteria2_wait_for_acme` | group | Пауза при первом ACME (install) |
| `hysteria2_open_browser` | group | Открыть `output/index.html` после экспорта |
| `hysteria2_uninstall_remove_local_output` | group | Удалить `output/<server>/` при uninstall (`true`) |
| `hysteria2_uninstall_rebuild_global_index` | group | Пересобрать `output/index.html` после uninstall (`true`) |
| `vault_ssh_passwords` | vault | SSH-пароли root по имени хоста |
| `vault_hysteria2_user_passwords` | vault | VPN-пароли по серверам |
-5
View File
@@ -47,12 +47,7 @@ hysteria2_force_export: false
# --- uninstall (см. также defaults/uninstall.yml) ---
hysteria2_system_user: hysteria
hysteria2_uninstall_remove_config: true
hysteria2_uninstall_remove_masq: true
hysteria2_uninstall_remove_system_user: true
hysteria2_uninstall_remove_packages: true
hysteria2_uninstall_remove_firewall_rules: true
hysteria2_uninstall_remove_local_output: true
hysteria2_uninstall_rebuild_global_index: true
hysteria2_uninstall_ufw_rules:
- 80/tcp
+1 -5
View File
@@ -3,12 +3,8 @@
hysteria2_system_user: hysteria
# --- uninstall ---
hysteria2_uninstall_remove_config: true
# install_server.sh --remove: бинарник + systemd; остальное — задачи uninstall.yml
hysteria2_uninstall_remove_masq: true
hysteria2_uninstall_remove_system_user: true
hysteria2_uninstall_remove_packages: true
hysteria2_uninstall_remove_firewall_rules: true
hysteria2_uninstall_remove_local_output: true
hysteria2_uninstall_rebuild_global_index: true
hysteria2_uninstall_ufw_rules:
- 80/tcp
+50 -17
View File
@@ -1,12 +1,12 @@
---
- name: Stop and disable hysteria-server
- name: Stop and disable hysteria-server before removal
ansible.builtin.systemd:
name: "{{ hysteria2_service_name }}"
enabled: false
state: stopped
failed_when: false
- name: Copy Hysteria2 install script to server for removal
- name: Copy Hysteria2 install script to server
ansible.builtin.copy:
src: "{{ hysteria2_install_script_name }}"
dest: "{{ hysteria2_install_script_remote_path }}"
@@ -19,11 +19,18 @@
changed_when: _hysteria2_remove.rc == 0
failed_when: false
- name: Show official script removal output
ansible.builtin.debug:
msg: "{{ _hysteria2_remove.stdout_lines | default(['install_server.sh --remove: no output']) }}"
when: _hysteria2_remove.stdout_lines is defined
- name: Remove Hysteria2 configuration and ACME data
ansible.builtin.file:
path: "{{ hysteria2_config_path | dirname }}"
path: "{{ item }}"
state: absent
when: hysteria2_uninstall_remove_config | default(true) | bool
loop:
- "{{ hysteria2_config_path | dirname }}"
- "/var/lib/{{ hysteria2_system_user | default('hysteria') }}"
- name: Remove masquerade web directory
ansible.builtin.file:
@@ -31,12 +38,47 @@
state: absent
when: hysteria2_uninstall_remove_masq | default(true) | bool
- name: Remove enabled hysteria-server systemd symlink
ansible.builtin.file:
path: /etc/systemd/system/multi-user.target.wants/hysteria-server.service
state: absent
failed_when: false
- name: Find enabled hysteria-server@ systemd symlinks
ansible.builtin.find:
paths: /etc/systemd/system/multi-user.target.wants
patterns: hysteria-server@*.service
file_type: file
register: _hysteria2_systemd_instance_wants
failed_when: false
- name: Remove enabled hysteria-server@ systemd symlinks
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
loop: "{{ _hysteria2_systemd_instance_wants.files | default([]) }}"
failed_when: false
- name: Remove Hysteria system user and home directory
ansible.builtin.user:
name: "{{ hysteria2_system_user | default('hysteria') }}"
state: absent
remove: true
when: hysteria2_uninstall_remove_system_user | default(true) | bool
failed_when: false
- name: Find temporary Hysteria client configs on server
ansible.builtin.find:
paths: /tmp
patterns: hysteria-client-*.yaml
file_type: file
register: _hysteria2_tmp_client_configs
failed_when: false
- name: Remove temporary Hysteria client configs on server
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
loop: "{{ _hysteria2_tmp_client_configs.files | default([]) }}"
failed_when: false
- name: Check if ufw is available and active
@@ -44,7 +86,6 @@
register: _hysteria2_ufw_status
changed_when: false
failed_when: false
when: hysteria2_uninstall_remove_firewall_rules | default(true) | bool
- name: Remove firewall rules added during install
ansible.builtin.command: "ufw delete allow {{ item }}"
@@ -55,9 +96,7 @@
and 'Could not delete' not in (_hysteria2_ufw_delete.stdout | default(''))
and 'Could not find' not in (_hysteria2_ufw_delete.stderr | default(''))
failed_when: false
when:
- hysteria2_uninstall_remove_firewall_rules | default(true) | bool
- "'active' in (_hysteria2_ufw_status.stdout | default(''))"
when: "'active' in (_hysteria2_ufw_status.stdout | default(''))"
- name: Remove packages installed for Hysteria2
ansible.builtin.apt:
@@ -71,7 +110,6 @@
['curl', 'micro']
+ (['qrencode'] if hysteria2_generate_qr_png | default(true) | bool else [])
}}
when: hysteria2_uninstall_remove_packages | default(true) | bool
- name: Remove copied install script from server
ansible.builtin.file:
@@ -82,23 +120,18 @@
ansible.builtin.systemd:
daemon_reload: true
- name: Remove local exported client files
- name: Remove local output directory for this server
ansible.builtin.file:
path: "{{ hysteria2_output_dir }}/{{ hysteria2_output_name }}"
state: absent
delegate_to: localhost
become: false
when: hysteria2_uninstall_remove_local_output | default(true) | bool
- name: Show uninstall result
ansible.builtin.debug:
msg: >-
Hysteria2 полностью удалён с {{ inventory_hostname }}.
{% if hysteria2_uninstall_remove_local_output | default(true) | bool %}
Локальные URL/QR в {{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/ удалены.
Локальная папка {{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/ удалена.
{% if hysteria2_uninstall_rebuild_global_index | default(true) | bool %}
Глобальный {{ hysteria2_output_dir }}/index.html будет пересобран.
{% endif %}
{% else %}
Локальные URL/QR в {{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/ сохранены.
{% endif %}