ansible(raw): add raw+scp playbooks and Makefile targets (no Python on target) [author: Сергей Антропов https://devops.org.ru]

2025-09-08 15:40:31 +03:00 · 2025-09-08 15:40:31 +03:00 · 3db64fe543
commit 3db64fe543
parent 576caf1fba
5 changed files with 182 additions and 0 deletions
--- a/20
+++ b/20
@ -115,6 +115,26 @@ delete-service:
 	# Остановка сервиса и очистка
 	docker run --rm -e ANSIBLE_HOST_KEY_CHECKING=False -v $$PWD:/workspace -v $$HOME/.ssh:/root/.ssh:ro -w /workspace cytopia/ansible:latest-tools \
 	ansible-playbook -i runner/inventory.ini runner/delete-service/playbook.yml -e ansible_ssh_private_key_file=/root/.ssh/id_rsa -e ansible_become=true -e ansible_become_method=sudo
+
+deploy-raw: build-linux collectors-linux
+	# Деплой без Python на целевом хосте (raw + scp)
+	docker run --rm -e ANSIBLE_HOST_KEY_CHECKING=False -v $$PWD:/workspace -v $$HOME/.ssh:/root/.ssh:ro -w /workspace cytopia/ansible:latest-tools \
+	ansible-playbook -i runner/inventory.ini runner/deploy-raw/playbook.yml -e LOCAL_BIN_DIR=/workspace/bin/agent -e ansible_ssh_private_key_file=/root/.ssh/id_rsa -e ansible_become=true -e ansible_become_method=sudo
+
+delete-raw:
+	# Удаление без Python на целевом хосте (raw)
+	docker run --rm -e ANSIBLE_HOST_KEY_CHECKING=False -v $$PWD:/workspace -v $$HOME/.ssh:/root/.ssh:ro -w /workspace cytopia/ansible:latest-tools \
+	ansible-playbook -i runner/inventory.ini runner/delete-raw/playbook.yml -e ansible_ssh_private_key_file=/root/.ssh/id_rsa -e ansible_become=true -e ansible_become_method=sudo
+
+deploy-service-raw: build-linux collectors-linux
+	# Деплой и запуск через systemd без Python на целевой стороне
+	docker run --rm -e ANSIBLE_HOST_KEY_CHECKING=False -v $$PWD:/workspace -v $$HOME/.ssh:/root/.ssh:ro -w /workspace cytopia/ansible:latest-tools \
+	ansible-playbook -i runner/inventory.ini runner/deploy-service-raw/playbook.yml -e LOCAL_BIN_DIR=/workspace/bin/agent -e ansible_ssh_private_key_file=/root/.ssh/id_rsa -e ansible_become=true -e ansible_become_method=sudo
+
+delete-service-raw:
+	# Остановка и очистка systemd-варианта без Python на целевой стороне
+	docker run --rm -e ANSIBLE_HOST_KEY_CHECKING=False -v $$PWD:/workspace -v $$HOME/.ssh:/root/.ssh:ro -w /workspace cytopia/ansible:latest-tools \
+	ansible-playbook -i runner/inventory.ini runner/delete-service-raw/playbook.yml -e ansible_ssh_private_key_file=/root/.ssh/id_rsa -e ansible_become=true -e ansible_become_method=sudo
 	# Очистка установленного агента на удаленном хосте
 	docker run --rm -e ANSIBLE_HOST_KEY_CHECKING=False -v $$PWD:/workspace -v $$HOME/.ssh:/root/.ssh:ro -w /workspace cytopia/ansible:latest-tools \
 	ansible-playbook -i runner/inventory.ini runner/delete/playbook.yml -e ansible_ssh_private_key_file=/root/.ssh/id_rsa -e ansible_become=true -e ansible_become_method=sudo
--- a/runner/delete-raw/playbook.yml
+++ b/runner/delete-raw/playbook.yml
@ -0,0 +1,22 @@
+---
+- hosts: all
+  gather_facts: no
+  become: true
+  become_user: root
+  become_method: sudo
+  vars:
+    remote_dir: /opt/sensusagent
+  tasks:
+    - name: Stop systemd service if exists
+      ansible.builtin.raw: "systemctl stop sensusagent 2>/dev/null || true"
+
+    - name: Disable systemd service if exists
+      ansible.builtin.raw: "systemctl disable sensusagent 2>/dev/null || true"
+
+    - name: Remove files
+      ansible.builtin.raw: "rm -rf {{ remote_dir }}"
+
+    - name: Remove unit file if exists
+      ansible.builtin.raw: "rm -f /etc/systemd/system/sensusagent.service && systemctl daemon-reload || true"
+
+
--- a/runner/delete-service-raw/playbook.yml
+++ b/runner/delete-service-raw/playbook.yml
@ -0,0 +1,19 @@
+---
+- hosts: all
+  gather_facts: no
+  become: true
+  become_user: root
+  become_method: sudo
+  vars:
+    remote_dir: /opt/sensusagent
+  tasks:
+    - name: Stop and disable service
+      ansible.builtin.raw: "systemctl disable --now sensusagent 2>/dev/null || true"
+
+    - name: Remove unit file
+      ansible.builtin.raw: "rm -f /etc/systemd/system/sensusagent.service && systemctl daemon-reload || true"
+
+    - name: Remove files
+      ansible.builtin.raw: "rm -rf {{ remote_dir }}"
+
+
--- a/runner/deploy-raw/playbook.yml
+++ b/runner/deploy-raw/playbook.yml
@ -0,0 +1,59 @@
+---
+- hosts: all
+  gather_facts: no
+  become: true
+  become_user: root
+  become_method: sudo
+  vars:
+    remote_dir: /opt/sensusagent
+    local_bin_dir: "{{ LOCAL_BIN_DIR | default('./bin/agent') }}"
+  tasks:
+    - name: Ensure remote dir exists
+      ansible.builtin.raw: "mkdir -p {{ remote_dir }} && chmod 0755 {{ remote_dir }}"
+
+    - name: Copy agent binary via scp (from controller)
+      ansible.builtin.command: >
+        scp -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
+        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
+        {{ local_bin_dir }}/agent {{ ansible_user }}@{{ ansible_host }}:{{ remote_dir }}/agent
+      delegate_to: localhost
+
+    - name: Copy config via scp (from controller)
+      ansible.builtin.command: >
+        scp -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
+        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
+        {{ local_bin_dir }}/config.yaml {{ ansible_user }}@{{ ansible_host }}:{{ remote_dir }}/config.yaml
+      delegate_to: localhost
+
+    - name: Copy collectors directory via scp -r (from controller)
+      ansible.builtin.command: >
+        scp -r -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
+        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
+        {{ local_bin_dir }}/collectors {{ ansible_user }}@{{ ansible_host }}:{{ remote_dir }}/
+      delegate_to: localhost
+
+    - name: Ensure collectors are executable
+      ansible.builtin.raw: "chmod -R 0755 {{ remote_dir }}/collectors 2>/dev/null || true"
+
+    - name: Optional deps (Debian/Ubuntu) — ignore errors
+      ansible.builtin.raw: |
+        if [ -f /etc/debian_version ]; then \
+          apt-get update -o Acquire::AllowInsecureRepositories=true -o Acquire::https::Verify-Peer=false -o Acquire::https::Verify-Host=false || true; \
+          apt-get install -y --no-install-recommends sysstat iotop smartmontools nvme-cli mdadm lsscsi sg3-utils pciutils || true; \
+          systemctl enable --now sysstat || true; \
+        fi
+      ignore_errors: yes
+
+    - name: Optional deps (RHEL/CentOS) — ignore errors
+      ansible.builtin.raw: |
+        if [ -f /etc/redhat-release ]; then \
+          yum install -y sysstat iotop smartmontools nvme-cli mdadm lsscsi sg3_utils pciutils || true; \
+          systemctl enable --now sysstat || true; \
+        fi
+      ignore_errors: yes
+
+    - name: Show agent version (one-shot) — ignore errors
+      ansible.builtin.raw: "CONFIG_PATH={{ remote_dir }}/config.yaml {{ remote_dir }}/agent --once --mode stdout >/dev/null 2>&1 || true"
+      ignore_errors: yes
+
+
--- a/runner/deploy-service-raw/playbook.yml
+++ b/runner/deploy-service-raw/playbook.yml
@ -0,0 +1,62 @@
+---
+- hosts: all
+  gather_facts: no
+  become: true
+  become_user: root
+  become_method: sudo
+  vars:
+    remote_dir: /opt/sensusagent
+    local_bin_dir: "{{ LOCAL_BIN_DIR | default('./bin/agent') }}"
+  tasks:
+    - name: Ensure remote dir exists
+      ansible.builtin.raw: "mkdir -p {{ remote_dir }} && chmod 0755 {{ remote_dir }}"
+
+    - name: Copy agent binary via scp (from controller)
+      ansible.builtin.command: >
+        scp -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
+        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
+        {{ local_bin_dir }}/agent {{ ansible_user }}@{{ ansible_host }}:{{ remote_dir }}/agent
+      delegate_to: localhost
+
+    - name: Copy config via scp (from controller)
+      ansible.builtin.command: >
+        scp -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
+        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
+        {{ local_bin_dir }}/config.yaml {{ ansible_user }}@{{ ansible_host }}:{{ remote_dir }}/config.yaml
+      delegate_to: localhost
+
+    - name: Copy collectors directory via scp -r (from controller)
+      ansible.builtin.command: >
+        scp -r -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
+        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
+        {{ local_bin_dir }}/collectors {{ ansible_user }}@{{ ansible_host }}:{{ remote_dir }}/
+      delegate_to: localhost
+
+    - name: Ensure collectors are executable
+      ansible.builtin.raw: "chmod -R 0755 {{ remote_dir }}/collectors 2>/dev/null || true"
+
+    - name: Install/refresh systemd unit
+      ansible.builtin.raw: |
+        cat >/etc/systemd/system/sensusagent.service <<'UNIT'
+        [Unit]
+        Description=SensusAgent metrics collector
+        After=network.target
+        
+        [Service]
+        Type=simple
+        Environment=CONFIG_PATH={{ remote_dir }}/config.yaml
+        ExecStart={{ remote_dir }}/agent --mode stdout
+        Restart=on-failure
+        RestartSec=3
+        User=nobody
+        Group=nogroup
+        
+        [Install]
+        WantedBy=multi-user.target
+        UNIT
+        systemctl daemon-reload
+
+    - name: Enable and start service
+      ansible.builtin.raw: "systemctl enable --now sensusagent"
+
+