fix(deploy-service): копирование через временную директорию с последующим переносом под sudo, исправление прав

2025-09-08 18:17:03 +03:00 · 2025-09-08 18:17:03 +03:00 · 927a30fd06
commit 927a30fd06
parent be7e3c3420
1 changed files with 18 additions and 10 deletions
--- a/runner/deploy-service-raw/playbook.yml
+++ b/runner/deploy-service-raw/playbook.yml
@ -7,33 +7,41 @@
  vars:
    remote_dir: /opt/sensusagent
    local_bin_dir: "{{ LOCAL_BIN_DIR | default('./bin/agent') }}"
+    tmp_dir: /tmp/sensusagent_upload
  tasks:
-    - name: Ensure remote dir exists
-      ansible.builtin.raw: "mkdir -p {{ remote_dir }} && chmod 0755 {{ remote_dir }}"
+    - name: Ensure temp and remote dirs exist
+      ansible.builtin.raw: |
+        mkdir -p {{ tmp_dir }} && chmod 0777 {{ tmp_dir }}
+        mkdir -p {{ remote_dir }} && chmod 0755 {{ remote_dir }}

-    - name: Copy agent binary via scp (from controller)
+    - name: Copy agent binary via scp to tmp (from controller)
      ansible.builtin.command: >
        scp -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
-        {{ local_bin_dir }}/agent {{ ansible_user }}@{{ ansible_host }}:{{ remote_dir }}/agent
+        {{ local_bin_dir }}/agent {{ ansible_user }}@{{ ansible_host }}:{{ tmp_dir }}/agent
      delegate_to: localhost

-    - name: Copy config via scp (from controller)
+    - name: Copy config via scp to tmp (from controller)
      ansible.builtin.command: >
        scp -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
-        {{ local_bin_dir }}/config.yaml {{ ansible_user }}@{{ ansible_host }}:{{ remote_dir }}/config.yaml
+        {{ local_bin_dir }}/config.yaml {{ ansible_user }}@{{ ansible_host }}:{{ tmp_dir }}/config.yaml
      delegate_to: localhost

-    - name: Copy collectors directory via scp -r (from controller)
+    - name: Copy collectors directory via scp -r to tmp (from controller)
      ansible.builtin.command: >
        scp -r -B -i {{ ansible_ssh_private_key_file | default('~/.ssh/id_rsa') }}
        -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
-        {{ local_bin_dir }}/collectors {{ ansible_user }}@{{ ansible_host }}:{{ remote_dir }}/
+        {{ local_bin_dir }}/collectors {{ ansible_user }}@{{ ansible_host }}:{{ tmp_dir }}/
      delegate_to: localhost

-    - name: Ensure collectors are executable
-      ansible.builtin.raw: "chmod -R 0755 {{ remote_dir }}/collectors 2>/dev/null || true"
+    - name: Move files into {{ remote_dir }} with root and fix permissions
+      ansible.builtin.raw: |
+        cp -f {{ tmp_dir }}/agent {{ remote_dir }}/agent && chmod 0755 {{ remote_dir }}/agent
+        cp -f {{ tmp_dir }}/config.yaml {{ remote_dir }}/config.yaml && chmod 0644 {{ remote_dir }}/config.yaml
+        rm -rf {{ remote_dir }}/collectors && mkdir -p {{ remote_dir }}/collectors && cp -r {{ tmp_dir }}/collectors/* {{ remote_dir }}/collectors/ || true
+        chmod -R 0755 {{ remote_dir }}/collectors 2>/dev/null || true
+        rm -rf {{ tmp_dir }}

    - name: Install/refresh systemd unit
      ansible.builtin.raw: |