From 015d96995ebd215e57ff41912557cabd3beab88f Mon Sep 17 00:00:00 2001 From: dima Date: Mon, 4 Nov 2024 19:58:01 +0300 Subject: [PATCH] govno --- Jenkinsfile | 65 +++++++++++++++++++++ id_ed25519_vault | 26 +++++++++ install_postgresql.yml | 125 +++++++++++++++++++++++++++++++++++++++++ inventory.yml | 6 ++ 4 files changed, 222 insertions(+) create mode 100644 Jenkinsfile create mode 100644 id_ed25519_vault create mode 100644 install_postgresql.yml create mode 100644 inventory.yml diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..005f009 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,65 @@ +pipeline { + agent any + tools { + ansible 'Ansible' + } + environment { + PSQL_PASSWORD = credentials('PSQL_pass') + VAULT_PASSWORD = credentials('ansible_vault_password') + } + parameters { + string(name: 'DB_USER', defaultValue: 'postgres', description: 'Имя пользователя базы данных') + string(name: 'DB_NAME', defaultValue: 'mydb', description: 'Имя базы данных') + string(name: 'BACKUP_DIR', defaultValue: '/var/backups/postgresql', description: 'Директория для бэкапа') + } + stages { + stage('Clone repository') { + steps { + git branch: 'dev', url: 'http://192.168.0.70:3000/coursework/courseworkrep.git' + } + } + stage('Decrypt SSH Key') { + steps { + script { + def tempDir = '/tmp/' + UUID.randomUUID().toString() + env.TEMP_DIR = tempDir + sh "mkdir -p ${tempDir}" + + def decryptedKeyFile = "${tempDir}/id_ed25519" + def vaultPassFile = "${tempDir}/vault_pass" + + writeFile file: vaultPassFile, text: VAULT_PASSWORD + + sh """ + ansible-vault decrypt ./id_ed25519_vault --vault-password-file=${vaultPassFile} --output=${decryptedKeyFile} + """ + env.DECRYPTED_KEY_FILE = decryptedKeyFile + } + } + } + stage('Install PostgreSQL') { + steps { + ansiblePlaybook( + playbook: 'install_postgresql.yml', + inventory: "inventory.yml", + extraVars: [ + postgres_user: params.DB_USER, + postgres_password: PSQL_PASSWORD, + postgres_db: params.DB_NAME, + backup_dir: params.BACKUP_DIR, + ansible_ssh_private_key_file: env.DECRYPTED_KEY_FILE + ] + ) + } + } + } + post { + always { + script { + if (env.TEMP_DIR) { + sh "rm -rf ${env.TEMP_DIR}" + } + } + } + } +} diff --git a/id_ed25519_vault b/id_ed25519_vault new file mode 100644 index 0000000..c88bd0b --- /dev/null +++ b/id_ed25519_vault @@ -0,0 +1,26 @@ +$ANSIBLE_VAULT;1.1;AES256 +65316433646437363338333233313530386265396432326633303334363130396438623632373733 +6234643334313336376439343564616333366632393666320a623066663130336665663763626337 +36353135383933386431643036336561653438356537363262333530663363333138663966336231 +3631333939653033370a643061336136313031336163346431393034653237646265653665316466 +63333966383038666635636462393361313731666239356139653466663761383531653063343733 +64396533303131666139323333653838323961396437326438353733653262393164343263643738 +37626464353762656532373739376363363935383065336637333161356331303230356163626533 +66363331616263383366303534376235663564313031343031323466333564646233393238336665 +62383138623137323761656163336631393861386436626338666662313739353338373563626335 +31663831366135396437643562373463613566333433666162313833653230396439353461633437 +31663937343437643363323137313331373839313032333830316135303734376264396539396339 +37613031376235316439303363326134613136616137623133353738313236383436386631636432 +64373861346631386234316234663134316231336666356230373862396237346565393434383039 +64323462653532636161333339623138663564396261363832626630393533323139616165363065 +66376166306131333531323966633036623762323037616261643930343733383165333939326537 +34636534343436313132383532633631363631356563336365393437616337333062323862336164 +66656463643761366335663331633733383065316530653935613134653837666332653262326266 +39396237616235383163386662363637346633366231373236323734383934383035623739333263 +65316364306462376134373165393661316561383837383438306365666437373365366461663439 +61336463636462333363313766363465313163373063323864613136303564396137333536373235 +33656135393732653230373031613663633866386537643164623138623663626663303331656631 +37666562663135643832386335373132643738393233656361663931306563386666613135303033 +32663633373439646564663036626561336338313239316634623838633534306530633739363831 +39306631356662363430633866653538623837303537343331363066326466646430346638623162 +6438 diff --git a/install_postgresql.yml b/install_postgresql.yml new file mode 100644 index 0000000..c490c4c --- /dev/null +++ b/install_postgresql.yml @@ -0,0 +1,125 @@ +- name: Install PostgreSQL and Backup + hosts: all + become: true + vars: + postgres_user: '{{ postgres_user }}' + postgres_password: '{{ postgres_password }}' + postgres_db: '{{ postgres_db }}' + backup_dir: '{{ backup_dir }}' + + tasks: + - name: Update zypper + command: zypper refresh + register: zypper_refresh + changed_when: "'Refreshing' in zypper_refresh.stdout" + + - name: Update System + zypper: + name: '*' + state: latest + when: zypper_refresh.changed + + - name: Update PostgreSQL package + zypper: + name: + - postgresql-server + - postgresql-contrib + state: present + + - name: PostgreSQL initdb + command: sudo -u postgres initdb -D /var/lib/pgsql/data + args: + creates: /var/lib/pgsql/data/PG_VERSION + + - name: Systemctl start and enable PostgreSQL + service: + name: postgresql + state: started + enabled: true + + - name: python3-psycopg2 install + zypper: + name: python3-psycopg2 + state: present + + - name: Change listen_addresses in postgresql.conf + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^#?listen_addresses\\s*=' + line: "listen_addresses = '*'" + notify: Restart PostgreSQL + + - name: Change pg_hba.conf + lineinfile: + path: /var/lib/pgsql/data/pg_hba.conf + regexp: '^host\\s+all\\s+all\\s+0\\.0\\.0\\.0/0\\s+md5' + line: 'host all all 0.0.0.0/0 md5' + notify: Restart PostgreSQL + + - name: Create User PostgreSQL + community.postgresql.postgresql_user: + name: '{{ postgres_user }}' + password: '{{ postgres_password }}' + state: present + + - name: Create Base PostgreSQL + community.postgresql.postgresql_db: + name: '{{ postgres_db }}' + owner: '{{ postgres_user }}' + encoding: UTF8 + state: present + + - name: Create a table + community.postgresql.postgresql_query: + db: '{{ postgres_db }}' + query: 'CREATE TABLE IF NOT EXISTS contacts (id SERIAL PRIMARY KEY, name VARCHAR(100), phone_number VARCHAR(15));' + login_user: '{{ postgres_user }}' + login_password: '{{ postgres_password }}' + + - name: Open firewall 5432 port + command: firewall-cmd --add-port=5432/tcp --permanent + become: true + + - name: Restart Firewall + command: firewall-cmd --reload + become: true + + - name: Create backup directory + file: + path: '{{ backup_dir }}' + state: directory + owner: postgres + group: postgres + mode: '0755' + + - name: PostgreSQL database backup + become_user: postgres + command: 'pg_dump -U {{ postgres_user }} -F c -f "{{ backup_dir }}/db_backup_{{ postgres_db }}_{{ ansible_date_time.iso8601 }}.sql" {{ postgres_db }}' + environment: + PGPASSWORD: '{{ postgres_password }}' + + - name: Create cron for daily full backup + cron: + name: 'PostgreSQL daily full backup' + user: postgres + minute: '0' + hour: '1' + job: 'pg_dump -U {{ postgres_user }} -F c {{ postgres_db }} > {{ backup_dir }}/full_db_backup_{{ postgres_db }}_$(date +\\\\%F-\\\\%H-%M).sql' + environment: + PGPASSWORD: '{{ postgres_password }}' + + - name: Create cron backup script + cron: + name: 'PostgreSQL hourly backup' + user: postgres + minute: '0' + hour: '*' + job: 'pg_dump -U {{ postgres_user }} -F c {{ postgres_db }} > {{ backup_dir }}/db_backup_{{ postgres_db }}_$(date +\\\\%F-\\\\%H-%M).sql' + environment: + PGPASSWORD: '{{ postgres_password }}' + + handlers: + - name: Restart PostgreSQL + service: + name: postgresql + state: restarted diff --git a/inventory.yml b/inventory.yml new file mode 100644 index 0000000..215250f --- /dev/null +++ b/inventory.yml @@ -0,0 +1,6 @@ +all: + children: + postgres_servers: + hosts: + 192.168.0.71: + ansible_user: ansible \ No newline at end of file