Полная очистка при uninstall: VPS и output/<server>/

Скрипт --remove снимает только бинарник и systemd; Ansible дочищает конфиг,
пользователя, ufw, пакеты и всегда удаляет локальную папку экспорта.
This commit is contained in:
Sergey Antropoff
2026-07-01 13:28:00 +03:00
parent bdc316efac
commit 4b5a1ef51f
4 changed files with 61 additions and 36 deletions
+9 -8
View File
@@ -83,7 +83,6 @@ make install LIMIT=vps-de
make update LIMIT=vps-nl
make export
make uninstall LIMIT=vps-de
make uninstall LIMIT=vps-de EXTRA_VARS='hysteria2_uninstall_remove_local_output=false'
make update EXTRA_VARS='hysteria2_force_export=true' # перевыпустить URL/QR для всех
make install EXTRA_VARS='hysteria2_open_browser=false'
make update EXTRA_VARS='hysteria2_wait_for_acme=false'
@@ -280,17 +279,20 @@ hysteria2_obfs_password: "{{ vault_hysteria2_obfs_passwords[inventory_hostname]
## `make uninstall` — полная очистка
На **VPS** удаляется:
На **VPS** (официальный `install_server.sh --remove` + дочистка Ansible):
- сервис и бинарник Hysteria2;
- бинарник `/usr/local/bin/hysteria` и unit-файлы systemd;
- `/etc/hysteria/` (конфиг и ACME);
- пользователь `hysteria` и его home;
- `/var/lib/hysteria` и пользователь `hysteria`;
- symlink'и `multi-user.target.wants/hysteria-server*`;
- временные `/tmp/hysteria-client-*.yaml`;
- правила ufw: `443/tcp`, `443/udp` (порт из `hysteria2_listen_port`);
- пакеты `curl`, `micro`, `qrencode`.
На **control node**: `output/<server>/` и пересборка `output/index.html`.
На **control node**:
Сохранить локальный экспорт: `EXTRA_VARS='hysteria2_uninstall_remove_local_output=false'`.
- удаляется `output/<имя_сервера>/`;
- пересобирается общий `output/index.html`.
---
@@ -383,8 +385,7 @@ ASCII QR — `hysteria share --qr` → `user.qr.txt`.
| `hysteria2_generate_qr_png` | group | PNG QR через `qrencode` |
| `hysteria2_wait_for_acme` | group | Пауза при первом ACME |
| `hysteria2_open_browser` | group | Открыть `output/index.html` после экспорта |
| `hysteria2_uninstall_remove_local_output` | group | Удалить `output/<server>/` при uninstall (`true`) |
| `hysteria2_uninstall_rebuild_global_index` | group | Пересобрать `output/index.html` (`true`) |
| `hysteria2_uninstall_rebuild_global_index` | group | Пересобрать `output/index.html` после uninstall (`true`) |
| `vault_ssh_passwords` | vault | SSH-пароли root |
| `vault_hysteria2_user_passwords` | vault | VPN-пароли по серверам |
| `vault_hysteria2_obfs_passwords` | vault | obfs-пароли по серверам |
-5
View File
@@ -48,12 +48,7 @@ hysteria2_force_export: false
# --- uninstall (см. также defaults/uninstall.yml) ---
hysteria2_system_user: hysteria
hysteria2_uninstall_remove_config: true
hysteria2_uninstall_remove_masq: false
hysteria2_uninstall_remove_system_user: true
hysteria2_uninstall_remove_packages: true
hysteria2_uninstall_remove_firewall_rules: true
hysteria2_uninstall_remove_local_output: true
hysteria2_uninstall_rebuild_global_index: true
hysteria2_uninstall_ufw_rules:
- "{{ hysteria2_listen_port }}/tcp"
+2 -6
View File
@@ -2,13 +2,9 @@
# Системный пользователь Hysteria (создаётся install_server.sh)
hysteria2_system_user: hysteria
# --- uninstall (Salamander: без masq, порты 443/tcp+udp) ---
hysteria2_uninstall_remove_config: true
# --- uninstall (Salamander: без masq, порты listen_port/tcp+udp) ---
# install_server.sh --remove: бинарник + systemd; остальное — задачи uninstall.yml
hysteria2_uninstall_remove_masq: false
hysteria2_uninstall_remove_system_user: true
hysteria2_uninstall_remove_packages: true
hysteria2_uninstall_remove_firewall_rules: true
hysteria2_uninstall_remove_local_output: true
hysteria2_uninstall_rebuild_global_index: true
hysteria2_uninstall_ufw_rules:
- "{{ hysteria2_listen_port }}/tcp"
+50 -17
View File
@@ -1,12 +1,12 @@
---
- name: Stop and disable hysteria-server
- name: Stop and disable hysteria-server before removal
ansible.builtin.systemd:
name: "{{ hysteria2_service_name }}"
enabled: false
state: stopped
failed_when: false
- name: Copy Hysteria2 install script to server for removal
- name: Copy Hysteria2 install script to server
ansible.builtin.copy:
src: "{{ hysteria2_install_script_name }}"
dest: "{{ hysteria2_install_script_remote_path }}"
@@ -19,18 +19,60 @@
changed_when: _hysteria2_remove.rc == 0
failed_when: false
- name: Show official script removal output
ansible.builtin.debug:
msg: "{{ _hysteria2_remove.stdout_lines | default(['install_server.sh --remove: no output']) }}"
when: _hysteria2_remove.stdout_lines is defined
- name: Remove Hysteria2 configuration and ACME data
ansible.builtin.file:
path: "{{ hysteria2_config_path | dirname }}"
path: "{{ item }}"
state: absent
when: hysteria2_uninstall_remove_config | default(true) | bool
loop:
- "{{ hysteria2_config_path | dirname }}"
- "/var/lib/{{ hysteria2_system_user | default('hysteria') }}"
- name: Remove enabled hysteria-server systemd symlink
ansible.builtin.file:
path: /etc/systemd/system/multi-user.target.wants/hysteria-server.service
state: absent
failed_when: false
- name: Find enabled hysteria-server@ systemd symlinks
ansible.builtin.find:
paths: /etc/systemd/system/multi-user.target.wants
patterns: hysteria-server@*.service
file_type: file
register: _hysteria2_systemd_instance_wants
failed_when: false
- name: Remove enabled hysteria-server@ systemd symlinks
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
loop: "{{ _hysteria2_systemd_instance_wants.files | default([]) }}"
failed_when: false
- name: Remove Hysteria system user and home directory
ansible.builtin.user:
name: "{{ hysteria2_system_user | default('hysteria') }}"
state: absent
remove: true
when: hysteria2_uninstall_remove_system_user | default(true) | bool
failed_when: false
- name: Find temporary Hysteria client configs on server
ansible.builtin.find:
paths: /tmp
patterns: hysteria-client-*.yaml
file_type: file
register: _hysteria2_tmp_client_configs
failed_when: false
- name: Remove temporary Hysteria client configs on server
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
loop: "{{ _hysteria2_tmp_client_configs.files | default([]) }}"
failed_when: false
- name: Check if ufw is available and active
@@ -38,7 +80,6 @@
register: _hysteria2_ufw_status
changed_when: false
failed_when: false
when: hysteria2_uninstall_remove_firewall_rules | default(true) | bool
- name: Remove firewall rules added during install
ansible.builtin.command: "ufw delete allow {{ item }}"
@@ -49,9 +90,7 @@
and 'Could not delete' not in (_hysteria2_ufw_delete.stdout | default(''))
and 'Could not find' not in (_hysteria2_ufw_delete.stderr | default(''))
failed_when: false
when:
- hysteria2_uninstall_remove_firewall_rules | default(true) | bool
- "'active' in (_hysteria2_ufw_status.stdout | default(''))"
when: "'active' in (_hysteria2_ufw_status.stdout | default(''))"
- name: Remove packages installed for Hysteria2
ansible.builtin.apt:
@@ -65,7 +104,6 @@
['curl', 'micro']
+ (['qrencode'] if hysteria2_generate_qr_png | default(true) | bool else [])
}}
when: hysteria2_uninstall_remove_packages | default(true) | bool
- name: Remove copied install script from server
ansible.builtin.file:
@@ -76,23 +114,18 @@
ansible.builtin.systemd:
daemon_reload: true
- name: Remove local exported client files
- name: Remove local output directory for this server
ansible.builtin.file:
path: "{{ hysteria2_output_dir }}/{{ hysteria2_output_name }}"
state: absent
delegate_to: localhost
become: false
when: hysteria2_uninstall_remove_local_output | default(true) | bool
- name: Show uninstall result
ansible.builtin.debug:
msg: >-
Hysteria2 (Salamander) полностью удалён с {{ inventory_hostname }}.
{% if hysteria2_uninstall_remove_local_output | default(true) | bool %}
Локальные URL/QR в {{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/ удалены.
Локальная папка {{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/ удалена.
{% if hysteria2_uninstall_rebuild_global_index | default(true) | bool %}
Глобальный {{ hysteria2_output_dir }}/index.html будет пересобран.
{% endif %}
{% else %}
Локальные URL/QR в {{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/ сохранены.
{% endif %}