michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Fix discovery system critical issues

Browse Source 
Resolved multiple critical discovery system issues:

## Discovery System Fixes
- Fixed console commands not being discovered on first run
- Implemented fallback discovery for empty caches
- Added context-aware caching with separate cache keys
- Fixed object serialization preventing __PHP_Incomplete_Class

## Cache System Improvements
- Smart caching that only caches meaningful results
- Separate caches for different execution contexts (console, web, test)
- Proper array serialization/deserialization for cache compatibility
- Cache hit logging for debugging and monitoring

## Object Serialization Fixes
- Fixed DiscoveredAttribute serialization with proper string conversion
- Sanitized additional data to prevent object reference issues
- Added fallback for corrupted cache entries

## Performance & Reliability
- All 69 console commands properly discovered and cached
- 534 total discovery items successfully cached and restored
- No more __PHP_Incomplete_Class cache corruption
- Improved error handling and graceful fallbacks

## Testing & Quality
- Fixed code style issues across discovery components
- Enhanced logging for better debugging capabilities
- Improved cache validation and error recovery

Ready for production deployment with stable discovery system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Michael Schiemer
2025-08-13 12:04:17 +02:00
parent 66f7efdcfc
commit 9b74ade5b0
494 changed files with 764014 additions and 1127382 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
.deployment-backup/x_ansible/README.md Normal file
View File

@@ -0,0 +1,146 @@
# Ansible-Setup für michaelschiemer.de
Dieses Verzeichnis enthält die Ansible-Konfiguration für das Deployment der Website.
## Verzeichnisstruktur
```
ansible/
├── ansible.cfg # Ansible-Konfigurationsdatei
├── check_yaml.sh # Skript zur Überprüfung der YAML-Syntax
├── deploy.sh # Deployment-Skript
├── docker/ # Docker-Konfigurationsdateien
├── group_vars/ # Variablen für Gruppen
├── inventory/ # Inventar-Dateien
│ ├── hosts.ini # Hauptinventar
│ ├── development # Entwicklungsumgebung
│ ├── staging # Staging-Umgebung
│ └── production # Produktionsumgebung
├── playbooks/ # Playbooks für verschiedene Aufgaben
├── roles/ # Rollen für verschiedene Komponenten
├── docker-compose.yml # Standard-Docker-Compose-Datei
├── setup.sh # Setup-Skript
└── setup.yml # Basis-Setup-Playbook
```
## Erste Schritte
Bevor Sie die Skripte verwenden können, müssen Sie diese ausführbar machen:
```bash
chmod +x ansible/setup.sh ansible/deploy.sh ansible/check_yaml.sh
```
## YAML-Syntax prüfen
Bevor Sie ein Deployment starten, sollten Sie die YAML-Syntax überprüfen:
```bash
./ansible/check_yaml.sh
```
Dieses Skript findet und korrigiert die häufigsten YAML-Syntaxprobleme.
## Verwendung
### Einfache Verwendung mit dem Setup-Skript
```bash
# Server-Setup durchführen
./ansible/setup.sh setup staging
# Deployment durchführen
./ansible/setup.sh deploy staging
```
### Deployment mit dem einfachen Deploy-Skript
```bash
# Deployment für die Staging-Umgebung
./ansible/deploy.sh staging
# Deployment für die Produktionsumgebung
./ansible/deploy.sh production
```
### Manuelle Verwendung
```bash
# Wechsle ins Ansible-Verzeichnis
cd ansible
# Server-Setup durchführen
ansible-playbook -i inventory/hosts.ini setup.yml --limit staging
# Deployment durchführen
ansible-playbook -i inventory/hosts.ini playbooks/deploy.yml --limit staging
```
### Mit Tags
```bash
# Nur bestimmte Teile ausführen
ansible-playbook -i inventory/hosts.ini playbooks/deploy.yml --limit staging --tags="deploy,check"
```
## Umgebungsvariablen
Die Konfiguration für die verschiedenen Umgebungen wird in den entsprechenden Dateien unter `group_vars/` definiert:
- `all.yml`: Variablen für alle Umgebungen
- `common.yml`: Gemeinsame Variablen
- `staging.yml`: Variablen für die Staging-Umgebung
- `production.yml`: Variablen für die Produktionsumgebung
Folgende Hauptvariablen werden verwendet:
- `deploy_root`: Zielverzeichnis für das Deployment (/var/www/michaelschiemer)
- `app_domain`: Domain für die Anwendung
- `deploy_user`: Benutzer für das Deployment (deploy)
## Fehlerbehandlung
Wenn Sie auf Fehler stoßen, prüfen Sie folgende Punkte:
1. **YAML-Syntax-Fehler**:
- Führen Sie `./ansible/check_yaml.sh` aus, um Probleme zu identifizieren
- Stellen Sie sicher, dass jede YAML-Datei nur ein Dokument enthält (nur ein `---` am Anfang)
- Achten Sie auf korrekte Einrückung und Leerzeichen
2. **Berechtigungen**:
- Stellen Sie sicher, dass die Scripts ausführbar sind: `chmod +x ansible/*.sh`
- Überprüfen Sie, ob der Benutzer die nötigen Berechtigungen auf dem Server hat
3. **Arbeitsverzeichnis**:
- Führen Sie die Skripte vom Hauptverzeichnis des Projekts aus: `./ansible/deploy.sh`
- Bei manueller Ausführung: Wechseln Sie ins Ansible-Verzeichnis
4. **SSH-Schlüssel**:
- Prüfen Sie, ob der SSH-Schlüssel für den Zugriff auf den Server korrekt eingerichtet ist
- Testen Sie die SSH-Verbindung manuell: `ssh deploy@94.16.110.151`
5. **Abhängigkeiten**:
- Stellen Sie sicher, dass Ansible installiert ist: `ansible --version`
- Bei Bedarf: `pip install ansible`
## Troubleshooting häufiger Fehler
### "We were unable to read either as JSON nor YAML"
Dieser Fehler tritt auf, wenn mehrere YAML-Dokumente in einer Datei vorhanden sind. Lösung:
1. Führen Sie `./ansible/check_yaml.sh` aus, um problematische Dateien zu identifizieren
2. Entfernen Sie alle `---` außer dem ersten in jeder Datei
3. Stellen Sie sicher, dass keine leeren Zeilen vor dem ersten `---` stehen
### "No hosts matched"
Dieser Fehler tritt auf, wenn die Host-Gruppe nicht im Inventory gefunden wurde:
1. Überprüfen Sie die Datei `inventory/hosts.ini`
2. Stellen Sie sicher, dass die angegebene Gruppe existiert
3. Überprüfen Sie die `--limit` Option und den Host-Namen
## Weitere Informationen
Diese Konfiguration verwendet Docker und Docker Compose für die Containerisierung der Anwendung. Die Deployment-Strategie basiert auf der Synchronisierung von Dateien vom Entwicklungsrechner zum Zielserver und dem Starten der Container über Docker Compose.

34
.deployment-backup/x_ansible/ansible.cfg Normal file
View File

@@ -0,0 +1,34 @@
[defaults]
inventory = inventory/hosts.ini
host_key_checking = False
remote_user = deploy
roles_path = roles
allow_world_readable_tmpfiles = True
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes
pipelining = True
[defaults]
inventory = inventory/hosts.ini
host_key_checking = False
deprecation_warnings = False
command_warnings = False
interpreter_python = auto_silent
force_color = True
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no
pipelining = True
transfer_method = smart
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False

75
.deployment-backup/x_ansible/check_yaml.sh Executable file
View File

@@ -0,0 +1,75 @@
#!/bin/bash
# Skript zur Überprüfung der YAML-Syntax in Ansible-Dateien
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Farbdefinitionen
GREEN="\033[0;32m"
YELLOW="\033[1;33m"
RED="\033[0;31m"
NC="\033[0m" # No Color
echo -e "${GREEN}=== Überprüfe YAML-Syntax in Ansible-Dateien ===${NC}\n"
# Fehler-Zähler
errors=0
# Prüfe alle .yml-Dateien im Ansible-Verzeichnis
find "$SCRIPT_DIR" -name "*.yml" | sort | while read -r file; do
# Überspringe bestimmte Verzeichnisse
if [[ "$file" == *"/templates/"* ]]; then
continue
fi
echo -e "Prüfe: ${YELLOW}$(basename "$file")${NC} (${file})"
# Prüfe ob die Datei leer ist
if [ ! -s "$file" ]; then
echo -e " ${YELLOW}Warnung: Datei ist leer${NC}"
continue
fi
# Überprüfung mit ansible-playbook syntax-check
if grep -q "^---" "$file"; then
ansible-playbook --syntax-check "$file" &>/dev/null
if [ $? -ne 0 ]; then
echo -e " ${RED}Fehler: Syntax-Fehler in der Datei${NC}"
echo -e " Detaillierte Prüfung:"
ansible-playbook --syntax-check "$file"
errors=$((errors+1))
continue
fi
fi
# Überprüfung mit yamllint
if command -v yamllint &>/dev/null; then
yamllint -d relaxed "$file" &>/dev/null
if [ $? -ne 0 ]; then
echo -e " ${YELLOW}Warnung: yamllint hat Probleme gefunden${NC}"
yamllint -d relaxed "$file"
fi
fi
# Überprüfung auf mehrere YAML-Dokumente
doc_count=$(grep -c "^---" "$file")
if [ "$doc_count" -gt 1 ]; then
echo -e " ${RED}Fehler: Mehrere YAML-Dokumente in einer Datei (${doc_count} Dokumente)${NC}"
echo -e " Betroffene Zeilen:"
grep -n "^---" "$file"
errors=$((errors+1))
fi
# Wenn alles ok ist
if [ "$errors" -eq 0 ]; then
echo -e " ${GREEN}✓ OK${NC}"
fi
done
if [ "$errors" -gt 0 ]; then
echo -e "\n${RED}Fehler gefunden! $errors Dateien haben Probleme.${NC}"
echo -e "Bitte korrigieren Sie die YAML-Syntax-Fehler, bevor Sie fortfahren."
exit 1
else
echo -e "\n${GREEN}Alle YAML-Dateien haben die Syntax-Prüfung bestanden!${NC}"
exit 0
fi

10
.deployment-backup/x_ansible/client-configs/michael.conf Normal file
View File

@@ -0,0 +1,10 @@
[Interface]
PrivateKey = +DcT11ipmMwPXpzEqmCPGwy7cSmseG1YzZWk+tTtM30=
Address = 10.8.0.2/32
DNS = 1.1.1.1
[Peer]
PublicKey = 3qFEUREx6VfqrKoGVtzHt2ojgaly7LvwxjPQPNsFyxM=
Endpoint = 94.16.110.151:51820
AllowedIPs = 10.8.0.0/24, 94.16.110.151/32
PersistentKeepalive = 25

19
.deployment-backup/x_ansible/deploy.sh Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/bash
# Einfaches Deployment-Script für michaelschiemer.de
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Standardumgebung ist staging
ENVIRONMENT=${1:-staging}
echo "=== Deployment für $ENVIRONMENT-Umgebung ==="
# Führe Deployment aus
cd "$SCRIPT_DIR"
ansible-playbook -i "$SCRIPT_DIR/inventory/hosts.ini" "$SCRIPT_DIR/playbooks/deploy.yml" --limit $ENVIRONMENT -v
if [ $? -eq 0 ]; then
echo "\n✅ Deployment erfolgreich abgeschlossen!"
else
echo "\n❌ Deployment fehlgeschlagen!"
fi

74
.deployment-backup/x_ansible/docker-compose.yml Normal file
View File

@@ -0,0 +1,74 @@
version: '3.8'
version: '3.8'
services:
php:
build:
context: ./docker/php
dockerfile: Dockerfile-simple
volumes:
- ./src:/var/www/html/src:rw
- ./public:/var/www/html/public:rw
networks:
- backend
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./public:/var/www/html/public:ro
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
depends_on:
- php
networks:
- frontend
- backend
redis:
image: redis:alpine
networks:
- cache
networks:
frontend:
backend:
cache:
services:
php:
build:
context: ./docker/php
dockerfile: Dockerfile
volumes:
- ${DEPLOY_ROOT:-/var/www/michaelschiemer}/src:/var/www/html/src:rw
- ${DEPLOY_ROOT:-/var/www/michaelschiemer}/public:/var/www/html/public:rw
networks:
- backend
nginx:
build:
context: ./docker/nginx
dockerfile: Dockerfile
ports:
- "80:80"
- "443:443"
volumes:
- ${DEPLOY_ROOT:-/var/www/michaelschiemer}/public:/var/www/html/public:ro
- ${DEPLOY_ROOT:-/var/www/michaelschiemer}/ssl:/etc/nginx/ssl:ro
depends_on:
- php
networks:
- frontend
- backend
redis:
image: redis:alpine
networks:
- cache
networks:
frontend:
backend:
cache:

11
.deployment-backup/x_ansible/docker/nginx/Dockerfile Normal file
View File

@@ -0,0 +1,11 @@
FROM nginx:alpine
# Standardkonfigurationen kopieren
COPY nginx.conf /etc/nginx/nginx.conf
COPY default.conf /etc/nginx/conf.d/default.conf
# Erstelle Verzeichnis für SSL-Zertifikate
RUN mkdir -p /etc/nginx/ssl
# Starte Nginx im Vordergrund
CMD ["nginx", "-g", "daemon off;"]

65
.deployment-backup/x_ansible/docker/nginx/default.conf Normal file
View File

@@ -0,0 +1,65 @@
server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/html/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# HTTPS Server
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name _;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/html/public;
index index.php index.html;
server {
listen 80;
server_name localhost;
root /var/www/html/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

53
.deployment-backup/x_ansible/docker/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,53 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}

16
.deployment-backup/x_ansible/docker/php/Dockerfile Normal file
View File

@@ -0,0 +1,16 @@
FROM php:8.4-fpm
RUN apt-get update && apt-get install -y \
git \
unzip \
libzip-dev \
zip \
&& docker-php-ext-install zip pdo pdo_mysql \
&& docker-php-ext-install opcache \
&& docker-php-ext-install pcntl posix shmop \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /var/www/html
CMD ["php-fpm"]

15
.deployment-backup/x_ansible/docker/php/Dockerfile-simple Normal file
View File

@@ -0,0 +1,15 @@
FROM php:8.1-fpm
RUN apt-get update && apt-get install -y \
git \
unzip \
libzip-dev \
zip \
&& docker-php-ext-install zip pdo pdo_mysql \
&& docker-php-ext-install opcache \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /var/www/html
CMD ["php-fpm"]

91
.deployment-backup/x_ansible/group_vars/all.yml Normal file
View File

@@ -0,0 +1,91 @@
# Basis-Konfiguration
app_name: michaelschiemer
app_domain: test.michaelschiemer.de
app_email: kontakt@michaelschiemer.de
# Verzeichnisse
project_root: "{{ playbook_dir | dirname }}"
app_root: /var/www/{{ app_name }}
app_public: "{{ app_root }}/public"
# Docker
docker_version: "20.10"
docker_compose_version: "2.24.5"
# Benutzer
deploy_user: deploy
# Let's Encrypt
letsencrypt_enabled: true
letsencrypt_certbot_method: webroot # oder standalone oder nginx
#netcup_customer_id: "218722"
#netcup_api_key: "dmJINUMyNjRmOG1aNDViajZHN2JkOTFRUjU3ckE5ZjJ1Zm1vUz"
#netcup_api_password: "iGWL8Hl4m93DgESsP/MPXmtDd0hEVkZ3480Na0psTlXRALnopl"
#netcup_vserver_id: "v2202309206672239295"
# fallback_ip:
wg_all_clients_private_keys:
michael: "PITbFZ3UfY5vD5dYUCELO37Qo2W8I4R8+r6D9CeMrm4="
---
# Allgemeine Variablen für alle Hosts
---
# Globale Variablen für alle Umgebungen
# Docker-Konfiguration
docker_compose_version: "1.29.2"
# Nginx-Konfiguration
nginx_worker_processes: auto
nginx_worker_connections: 1024
# Verwendeter PHP-Container
php_version: "8.1"
# Allgemeine Anwendungsvariablen
app_name: "michaelschiemer"
app_env: "production"
# Docker-Einstellungen
docker_version: "20.10"
docker_compose_version: "2.24.5"
docker_install_compose: true
docker_user: "{{ ansible_user | default('deploy') }}"
# Deployment-Verzeichnisse
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
docker_compose_project_path: "{{ deploy_root }}"
# Anwendungsvariablen
project_root: "{{ playbook_dir }}/../.."
project_source: "{{ playbook_dir }}/../.."
app_domain: "{{ hostvars[inventory_hostname]['ansible_host'] | default(inventory_hostname) }}"
---
# Variablen für alle Gruppen
# Standardwerte für Deployment
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
deploy_user: "{{ ansible_user | default('deploy') }}"
# Projektpfade
project_source: "{{ playbook_dir }}/../.."
project_root: "{{ playbook_dir }}/../.."
# Docker-Konfiguration
docker_compose_project_path: "{{ deploy_root }}"
# Standard-Domain (wird normalerweise durch umgebungsspezifische Variablen überschrieben)
app_domain: "localhost"
# Standard Nginx-Konfiguration
nginx_worker_processes: "auto"
nginx_worker_connections: 1024
wireguard_clients:
- name: michael
address: 10.8.0.2
public_key: DEIN_PUBLIC_KEY

15
.deployment-backup/x_ansible/group_vars/common.yml Normal file
View File

@@ -0,0 +1,15 @@
---
# Gemeinsame Variablen für alle Umgebungen
# Deployment-Variablen
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
deploy_user: deploy
# Anwendungsvariablen
app_domain: "{{ hostvars[inventory_hostname]['ansible_host'] | default(inventory_hostname) }}"
project_source: "{{ playbook_dir }}/../.."
project_root: "{{ playbook_dir }}/../.."
# Docker-Compose-Pfad
docker_compose_project_path: "{{ deploy_root }}"

25
.deployment-backup/x_ansible/group_vars/localhost.yml Normal file
View File

@@ -0,0 +1,25 @@
nginx_vite_proxy_include: "vite-proxy.inc.dev"
# Localhost-spezifische Konfiguration
# Deployment-Pfade
deploy_root: /home/michael/dev/michaelschiemer
docker_compose_project_path: "{{ deploy_root }}"
env_file_path: "{{ deploy_root }}/.env"
deploy_public: "{{ deploy_root }}/public"
# Domainname für lokale Entwicklung
app_domain: "localhost"
# Umgebungsvariablen
env_vars:
APP_ENV: development
APP_DEBUG: "true"
APP_PORT: 80
APP_SSL_PORT: 443
# Docker-Compose-Projekt
compose_project_name: "michaelschiemer_dev"
# Lokale Quell- und Zielverzeichnisse sind identisch
project_source: "{{ deploy_root }}"
project_root: "{{ deploy_root }}"

37
.deployment-backup/x_ansible/group_vars/production.yml Normal file
View File

@@ -0,0 +1,37 @@
---
# Produktions-spezifische Variablen
environment: production
# Deployment-Pfade
deploy_root: /var/www/michaelschiemer
docker_compose_project_path: "{{ deploy_root }}"
env_file_path: "{{ deploy_root }}/.env"
deploy_public: "{{ deploy_root }}/public"
# Domainname für Produktion
app_domain: "michaelschiemer.de"
app_env: "production"
# Umgebungsvariablen
env_vars:
APP_ENV: production
APP_DEBUG: "false"
APP_PORT: 80
APP_SSL_PORT: 443
COMPOSER_INSTALL_FLAGS: --no-dev --optimize-autoloader
# Docker-Compose-Projekt
compose_project_name: "michaelschiemer_prod"
# SSL-Konfiguration
ssl_enabled: true
ssl_cert_path: "/etc/letsencrypt/live/{{ app_domain }}"
# Performance-Optimierung
redis_maxmemory: "512mb"
nginx_worker_processes: "auto"
nginx_worker_connections: 2048
# Cache-Einstellungen
cache_enabled: true
cache_lifetime: 3600

34
.deployment-backup/x_ansible/group_vars/staging.yml Normal file
View File

@@ -0,0 +1,34 @@
---
# Staging-spezifische Variablen
environment: staging
# Deployment-Pfade
deploy_root: /var/www/stage.michaelschiemer
docker_compose_project_path: "{{ deploy_root }}"
env_file_path: "{{ deploy_root }}/.env"
deploy_public: "{{ deploy_root }}/public"
# Domainname für Staging
app_domain: "staging.michaelschiemer.de"
app_env: "staging"
# Nginx-Konfiguration
nginx_vite_proxy_include: "vite-proxy.inc.prod"
# Umgebungsvariablen
env_vars:
APP_ENV: staging
APP_DEBUG: "false"
APP_PORT: 80
APP_SSL_PORT: 443
# Docker-Compose-Projekt
compose_project_name: "michaelschiemer_staging"
# Zusätzliche Staging-spezifische Einstellungen
database_host: "db"
database_name: "michaelschiemer_staging"
database_user: "michaelschiemer"
# Quelle der Anwendung (lokales Entwicklungsverzeichnis)
project_source: "/home/michael/dev/michaelschiemer"

4
.deployment-backup/x_ansible/group_vars/vpn.yml Normal file
View File

@@ -0,0 +1,4 @@
wg_privkey: "HIER_DEIN_PRIVATER_KEY_ODER_DATEIPFAD"
wg_all_clients_private_keys:
michael: "PITbFZ3UfY5vD5dYUCELO37Qo2W8I4R8+r6D9CeMrm4="

0
.deployment-backup/x_ansible/group_vars/web.yml Normal file
View File

8
.deployment-backup/x_ansible/inventory/development Normal file
View File

@@ -0,0 +1,8 @@
# Entwicklungsumgebung (lokal)
[localhost]
127.0.0.1 ansible_connection=local
# Variablen für die Entwicklungsumgebung
[localhost:vars]
ansible_python_interpreter=/usr/bin/python3
environment=development

56
.deployment-backup/x_ansible/inventory/hosts.ini Normal file
View File

@@ -0,0 +1,56 @@
[localhost]
127.0.0.1 ansible_connection=local
[localhost]
127.0.0.1 ansible_connection=local
[staging]
94.16.110.151 ansible_user=deploy ansible_ssh_private_key_file=/home/michael/.ssh/staging
[production]
# Hier Produktionsserver eintragen
# beispiel.com ansible_user=deploy ansible_ssh_private_key_file=~/.ssh/production
[development]
127.0.0.1 ansible_connection=local
[web:children]
staging
production
[all:vars]
ansible_python_interpreter=/usr/bin/python3
[staging]
94.16.110.151 ansible_user=deploy ansible_ssh_private_key_file=~/.ssh/staging
[production]
# Hier Produktionsserver eintragen
# beispiel.com ansible_user=deploy ansible_ssh_private_key_file=~/.ssh/production
[vpn]
94.16.110.151 ansible_user=deploy
[web:children]
staging
production
[localhost]
127.0.0.1 ansible_connection=local
[staging]
94.16.110.151 ansible_user=deploy ansible_ssh_private_key_file=~/.ssh/staging
[production]
# Hier Produktionsserver eintragen
# beispiel.com ansible_user=deploy ansible_ssh_private_key_file=~/.ssh/production
[web:children]
staging
production
[web:vars]
ansible_python_interpreter=/usr/bin/python3
deploy_root=/var/www/michaelschiemer
deploy_user=deploy
[web:vars]
ansible_python_interpreter=/usr/bin/python3
deploy_root=/var/www/michaelschiemer
deploy_user=deploy

9
.deployment-backup/x_ansible/inventory/production Normal file
View File

@@ -0,0 +1,9 @@
# Produktionsserver
[production]
# Hier Produktionsserver eintragen
# beispiel.com ansible_user=deploy ansible_ssh_private_key_file=~/.ssh/production
# Variablen für die Produktionsumgebung
[production:vars]
ansible_python_interpreter=/usr/bin/python3
environment=production

8
.deployment-backup/x_ansible/inventory/staging Normal file
View File

@@ -0,0 +1,8 @@
# Staging-Server
[staging]
94.16.110.151 ansible_user=deploy ansible_ssh_private_key_file=/home/michael/.ssh/staging
# Variablen für die Staging-Umgebung
[staging:vars]
ansible_python_interpreter=/usr/bin/python3
environment=staging

40
.deployment-backup/x_ansible/playbooks/check.yml Normal file
View File

@@ -0,0 +1,40 @@
#- name: Check ob /ping erreichbar ist
# uri:
# url: "http://localhost/ping"
# status_code: 200
# return_content: yes
# register: ping_response
#
#- debug:
# var: ping_response.content
- name: Healthcheck nach dem Deployment
hosts: localhost
connection: local
gather_facts: false
become: false
vars:
healthcheck_url: "http://127.0.0.1:8080/ping"
max_retries: 10
delay_between_retries: 3
tasks:
- name: Warte, bis der Webserver erreichbar ist
uri:
url: "{{ healthcheck_url }}"
status_code: 200
return_content: yes
register: healthcheck_response
retries: "{{ max_retries }}"
delay: "{{ delay_between_retries }}"
until: >
healthcheck_response is defined and
healthcheck_response.status is defined and
healthcheck_response.status == 200
failed_when: healthcheck_response.status != 200
ignore_errors: false
- name: Ausgabe des Healthcheck-Resultats
debug:
msg: "Healthcheck erfolgreich: {{ healthcheck_response.content }}"

92
.deployment-backup/x_ansible/playbooks/deploy.yml Normal file
View File

@@ -0,0 +1,92 @@
---
- name: Deployment in jeweilige Umgebung
hosts: web
become: true
gather_facts: true
vars:
project_source: "{{ playbook_dir }}/../.."
docker_compose_project_path: "{{ deploy_root }}"
pre_tasks:
- name: Überprüfe Server-Verbindung
ping:
tags: [always, check]
- name: Zeige Server-Informationen
debug:
msg: "Verbunden mit {{ inventory_hostname }} ({{ ansible_host | default('IP unbekannt') }})"
tags: [always, check]
roles:
- common
- docker
- nginx
tasks:
- name: Stelle sicher, dass Zielverzeichnisse existieren
file:
path: "{{ item }}"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
loop:
- "{{ deploy_root }}"
- "{{ deploy_root }}/public"
- "{{ deploy_root }}/ssl"
- "{{ deploy_root }}/src"
- "{{ deploy_root }}/docker"
- "{{ deploy_root }}/docker/nginx"
- "{{ deploy_root }}/docker/php"
tags: [deploy, folders]
- name: Kopiere Docker-Konfigurationen
copy:
src: "{{ playbook_dir }}/../docker/"
dest: "{{ deploy_root }}/docker/"
mode: '0644'
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
tags: [deploy, docker]
- name: Kopiere docker-compose.yml
copy:
src: "{{ playbook_dir }}/../docker-compose.yml"
dest: "{{ deploy_root }}/docker-compose.yml"
mode: '0644'
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
tags: [deploy, docker]
- name: Container starten oder neustarten
ansible.builtin.shell: |
cd "{{ deploy_root }}" && \
docker-compose -f docker-compose.yml -p michaelschiemer up -d --build
tags: [deploy, docker]
post_tasks:
- name: Überprüfe Anwendungsstatus
uri:
url: "http://{{ ansible_host }}/"
return_content: no
status_code: 200, 301, 302, 403, 404
validate_certs: no
timeout: 10
register: app_status
ignore_errors: yes
delegate_to: localhost
become: no
tags: [check]
- name: Zeige Deployment-Ergebnis
debug:
msg: |
Deployment abgeschlossen:
- Server: {{ inventory_hostname }}
- Umgebung: {{ environment | default('unbekannt') }}
- Status: {% if app_status.status is defined and app_status.status == 200 %}Erfolgreich (HTTP 200){% else %}Überprüfung erforderlich{% endif %}
Anwendung sollte erreichbar sein unter: http://{{ ansible_host }}/
tags: [check]

40
.deployment-backup/x_ansible/playbooks/deploy/dev.yml Normal file
View File

@@ -0,0 +1,40 @@
- name: Deployment für DEV (localhost)
hosts: localhost
become: true
gather_facts: false
vars:
docker_compose_project_path: "/home/michael/dev/michaelschiemer"
env_file_path: "/var/www/michaelschiemer/.env"
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
deploy_user: deploy
app_domain: "localhost" # Passe ggf. an
project_root: "/home/michael/dev/michaelschiemer"
# Rollen definieren, die für dieses Deployment benötigt werden
roles:
- common
- nginx
- php
- redis
# Vorbereitung für das Deployment
pre_tasks:
- name: Prüfe Voraussetzungen
debug:
msg: "Starte Deployment für Entwicklungsumgebung auf {{ docker_compose_project_path }}"
tags: [always]
# Haupttasks für das Deployment
tasks:
- name: Deployment durchführen
import_tasks: ../deploy/includes/deploy_common.yml
tags: [deploy]
# Nachbereitung nach dem Deployment
post_tasks:
- name: Deployment abgeschlossen
debug:
msg: "Deployment auf {{ docker_compose_project_path }} erfolgreich abgeschlossen"
tags: [always]

67
.deployment-backup/x_ansible/playbooks/deploy/includes/docker_compose.yml Normal file
View File

@@ -0,0 +1,67 @@
---
# Datei: ansible/playbooks/deploy/includes/docker_compose.yml
# Verwaltet die Docker-Compose-Konfiguration und -Ausführung
- name: Erstelle Docker-Compose-Datei
copy:
dest: "{{ docker_compose_project_path }}/docker-compose-simple.yml"
content: |
version: '3.8'
services:
php:
container_name: michaelschiemer_php
build:
context: ./docker/php
dockerfile: Dockerfile-simple
volumes:
- ./src:/var/www/html/src:rw
- ./public:/var/www/html/public:rw
networks:
- backend
nginx:
container_name: michaelschiemer_nginx
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./public:/var/www/html/public:ro
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
depends_on:
- php
networks:
- frontend
- backend
redis:
container_name: michaelschiemer_redis
image: redis:alpine
volumes:
- ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
networks:
- cache
networks:
frontend:
backend:
cache:
owner: root
group: root
mode: '0644'
- name: Erstelle .env-Datei falls nicht vorhanden
copy:
dest: "{{ docker_compose_project_path }}/.env"
content: |
COMPOSE_PROJECT_NAME=michaelschiemer
APP_ENV=production
APP_PORT=80
APP_SSL_PORT=443
owner: root
group: root
mode: '0644'
when: not lookup('vars', 'project_root', default=false)

57
.deployment-backup/x_ansible/playbooks/deploy/includes/docker_run.yml Normal file
View File

@@ -0,0 +1,57 @@
---
# Datei: ansible/playbooks/deploy/includes/docker_run.yml
# Verwaltet das Starten und Überwachen der Docker-Container
# Sicherstellen, dass vor dem Neustart alle Container gestoppt werden
- name: Container stoppen, falls bereits laufend
ansible.builtin.shell: |
docker-compose -p michaelschiemer -f "{{ docker_compose_project_path | regex_replace('//$', '/') }}docker-compose-simple.yml" down --remove-orphans || true
args:
chdir: "{{ docker_compose_project_path | regex_replace('//$', '/') }}"
executable: /bin/bash
environment:
COMPOSE_IGNORE_ORPHANS: "True"
ignore_errors: yes
# Container neustarten mit der vereinfachten Konfiguration
- name: Docker Container starten
ansible.builtin.shell: |
export DOCKER_BUILDKIT=0
docker-compose -p michaelschiemer -f "{{ docker_compose_project_path | regex_replace('//$', '/') }}docker-compose-simple.yml" up -d --build
args:
chdir: "{{ docker_compose_project_path | regex_replace('//$', '/') }}"
executable: /bin/bash
environment:
COMPOSE_IGNORE_ORPHANS: "True"
PATH: "/usr/local/bin:/usr/bin:/bin"
- name: Container-Status prüfen
ansible.builtin.shell: |
docker-compose -p michaelschiemer -f "{{ docker_compose_project_path | regex_replace('//$', '/') }}docker-compose-simple.yml" ps
args:
chdir: "{{ docker_compose_project_path | regex_replace('//$', '/') }}"
executable: /bin/bash
register: compose_ps
- name: Container-Status anzeigen
ansible.builtin.debug:
var: compose_ps.stdout_lines
- name: Docker-Fehlermeldungen anzeigen (falls vorhanden)
ansible.builtin.debug:
var: compose_ps.stderr_lines
when: compose_ps.stderr is defined and compose_ps.stderr != ""
- name: Container-Logs anzeigen für Fehlersuche
ansible.builtin.shell: |
docker-compose -p michaelschiemer -f "{{ docker_compose_project_path | regex_replace('//$', '/') }}docker-compose-simple.yml" logs --tail=20
args:
chdir: "{{ docker_compose_project_path | regex_replace('//$', '/') }}"
executable: /bin/bash
register: compose_logs
ignore_errors: yes
- name: Container-Logs ausgeben
ansible.builtin.debug:
var: compose_logs.stdout_lines
when: compose_logs.stdout is defined

109
.deployment-backup/x_ansible/playbooks/deploy/includes/docker_setup.yml Normal file
View File

@@ -0,0 +1,109 @@
---
# Datei: ansible/playbooks/deploy/includes/docker_setup.yml
# Verwaltet die Docker-Umgebung und Grundkonfigurationen
- name: Stelle sicher, dass die Docker-Verzeichnisstruktur existiert
file:
path: "{{ docker_compose_project_path }}/{{ item }}"
state: directory
mode: '0755'
recurse: yes
loop:
- "docker/php"
- "docker/nginx"
- "docker/redis"
- "src"
- "public"
- "cache"
- name: Docker-Basis-Konfiguration erstellen für PHP
copy:
dest: "{{ docker_compose_project_path }}/docker/php/Dockerfile-simple"
content: |
FROM php:8.4-fpm
RUN apt-get update && apt-get install -y \
git \
unzip \
libzip-dev \
zip \
&& docker-php-ext-install zip pdo pdo_mysql \
&& docker-php-ext-install opcache \
&& docker-php-ext-install pcntl posix shmop \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /var/www/html
# Kein Composer-Befehl hier
CMD ["php-fpm"]
owner: root
group: root
mode: '0644'
- name: Erstelle Nginx-Konfiguration
copy:
dest: "{{ docker_compose_project_path }}/docker/nginx/nginx.conf"
content: |
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
mode: '0644'
- name: Erstelle Nginx Default-Site-Konfiguration
copy:
dest: "{{ docker_compose_project_path }}/docker/nginx/default.conf"
content: |
server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/html/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
mode: '0644'
- name: Erstelle Redis-Konfiguration (falls benötigt)
copy:
dest: "{{ docker_compose_project_path }}/docker/redis/redis.conf"
content: |
# Redis Konfiguration
maxmemory 256mb
maxmemory-policy allkeys-lru
mode: '0644'
when: false # Nur aktivieren, wenn Redis-Konfiguration benötigt wird

44
.deployment-backup/x_ansible/playbooks/deploy/includes/env_setup.yml Normal file
View File

@@ -0,0 +1,44 @@
---
# Datei: ansible/playbooks/deploy/includes/env_setup.yml
# Verwaltet die Erstellung und Konfiguration von Umgebungsvariablen
- name: Stelle sicher dass das Template-Verzeichnis existiert
file:
path: "{{ playbook_dir }}/../roles/deploy/templates"
state: directory
mode: '0755'
delegate_to: localhost
become: false
run_once: true
- name: Erstelle .env-Template falls es nicht existiert
copy:
dest: "{{ playbook_dir }}/../roles/deploy/templates/.env.j2"
content: |
# Automatisch generierte .env-Datei
# Generiert durch Ansible am {{ ansible_date_time.date }}
COMPOSE_PROJECT_NAME={{ compose_project_name | default('michaelschiemer') }}
# Allgemeine Einstellungen
APP_NAME={{ app_name | default('michaelschiemer') }}
APP_ENV={{ env_vars.APP_ENV | default('production') }}
APP_DEBUG={{ env_vars.APP_DEBUG | default('false') }}
APP_PORT={{ env_vars.APP_PORT | default(80) }}
APP_SSL_PORT={{ env_vars.APP_SSL_PORT | default(443) }}
# Server-Konfiguration
APP_URL={{ 'https' if ssl_enabled | default(false) else 'http' }}://{{ app_domain }}
mode: '0644'
delegate_to: localhost
become: false
run_once: true
- name: .env-Datei erstellen oder aktualisieren
template:
src: ../roles/deploy/templates/.env.j2
dest: "{{ deploy_root }}/.env"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
when: lookup('vars', 'env_vars', default=false)

67
.deployment-backup/x_ansible/playbooks/deploy/includes/project_sync.yml Normal file
View File

@@ -0,0 +1,67 @@
---
# Datei: ansible/playbooks/deploy/includes/project_sync.yml
# Verwaltet die Synchronisierung von Projektdateien
- name: Stelle sicher, dass das Zielverzeichnis existiert
file:
path: "{{ deploy_root }}"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
- name: Synchronisiere Projektdateien (wenn project_source definiert ist)
synchronize:
src: "{{ project_source }}/"
dest: "{{ deploy_root }}/"
delete: yes
rsync_opts:
- "--exclude=.git/"
- "--exclude=node_modules/"
- "--exclude=vendor/"
- "--exclude=.env.local"
when: lookup('vars', 'project_source', default=false)
- name: SSL-Verzeichnis sicherstellen
file:
path: "{{ deploy_root }}/ssl"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
- name: Public-Verzeichnis sicherstellen
file:
path: "{{ deploy_root }}/public"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
- name: SSL-Zertifikate prüfen
stat:
path: "/etc/letsencrypt/live/{{ app_domain }}/fullchain.pem"
register: ssl_certs
when: ssl_enabled | default(false)
- name: SSL-Zertifikate kopieren (falls vorhanden)
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
remote_src: yes
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
loop:
- { src: "/etc/letsencrypt/live/{{ app_domain }}/fullchain.pem", dest: "{{ deploy_root }}/ssl/fullchain.pem" }
- { src: "/etc/letsencrypt/live/{{ app_domain }}/privkey.pem", dest: "{{ deploy_root }}/ssl/privkey.pem" }
when: ssl_enabled | default(false) and ssl_certs.stat.exists | default(false)
- name: .env-Datei erstellen oder aktualisieren
template:
src: templates/.env.j2
dest: "{{ deploy_root }}/.env"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
when: lookup('vars', 'env_vars', default=false)

36
.deployment-backup/x_ansible/playbooks/deploy/includes/status_check.yml Normal file
View File

@@ -0,0 +1,36 @@
# Diese Datei enthält wiederverwendbare Tasks für die Anwendungsstatusüberprüfung
- name: Prüfe Anwendungsstatus
uri:
url: "http://{{ app_domain }}/"
return_content: no
status_code: 200, 301, 302, 403
validate_certs: no
timeout: 10
register: app_status
ignore_errors: yes
delegate_to: localhost
become: no
tags: [check]
- name: Setze Standardwerte für app_status
set_fact:
app_status: { 'status': 'unbekannt' }
when: app_status is undefined or app_status.status is undefined
tags: [check]
- name: Zeige Anwendungsstatus
debug:
msg: >
Anwendung ist
{% if app_status.status is defined and app_status.status == 200 %}
verfügbar
{% else %}
nicht verfügbar
{% if app_status.status is defined %}
(Status: {{ app_status.status }})
{% else %}
(Status konnte nicht ermittelt werden)
{% endif %}
{% endif %}
tags: [check]

98
.deployment-backup/x_ansible/playbooks/deploy/production.yml Normal file
View File

@@ -0,0 +1,98 @@
- name: Deployment für PRODUCTION
hosts: production
become: true
gather_facts: false
vars:
docker_compose_project_path: "/var/www/www.michaelschiemer.de/"
env_file_path: "/var/www/www.michaelschiemer.de/.env"
deploy_root: /var/www/www.michaelschiemer.de
deploy_public: "{{ deploy_root }}/public"
deploy_user: deploy
app_domain: "michaelschiemer.de"
project_root: "{{ playbook_dir }}/../.."
roles:
- app
- nginx
- php
- redis
---
# Produktions-Deployment
# Dieses Playbook steuert das Deployment in die Produktionsumgebung
- name: Deployment für PRODUKTIONS-Umgebung
hosts: production
become: true
gather_facts: true
# Vorbereitung des Deployments
pre_tasks:
- name: Prüfe Verbindung zum Produktionsserver
ping:
register: ping_result
tags: [always, check]
- name: Zeige Serverinformationen
debug:
msg: "Verbunden mit {{ inventory_hostname }} ({{ ansible_host }})"
tags: [always, check]
- name: Sicherung der aktuellen Anwendung erstellen
shell: |
timestamp=$(date +%Y%m%d_%H%M%S)
mkdir -p {{ deploy_root }}_backups
tar -czf {{ deploy_root }}_backups/backup_$timestamp.tar.gz -C {{ deploy_root }} . || true
tags: [backup]
# Rollen für die Basiseinrichtung des Servers
roles:
- docker
- app
- nginx
- php
- redis
# Haupttasks für das Deployment
tasks:
- name: Synchronisiere Anwendungsdateien
synchronize:
src: "{{ project_source }}/"
dest: "{{ deploy_root }}/"
delete: yes
rsync_opts:
- "--exclude=.git/"
- "--exclude=node_modules/"
- "--exclude=vendor/"
- "--exclude=.env.local"
tags: [sync, files]
- name: Wende modulare Deployment-Tasks an
import_tasks: ../deploy/includes/deploy_common.yml
tags: [deploy]
# Nachbereitung nach dem Deployment
post_tasks:
- name: Prüfe Anwendungsstatus
uri:
url: "https://{{ app_domain }}/"
return_content: no
status_code: 200, 301, 302, 403
validate_certs: yes
register: app_status
ignore_errors: yes
delegate_to: localhost
tags: [check]
- name: Zeige Anwendungsstatus
debug:
msg: "Anwendung ist {% if app_status.status == 200 %}verfügbar{% else %}nicht verfügbar (Status: {{ app_status.status | default('unbekannt') }}){% endif %}"
tags: [check]
- name: Benachrichtigung über abgeschlossenes Deployment
debug:
msg: "Deployment in Produktionsumgebung abgeschlossen"
tags: [always, notify]
tasks:
- name: Common Deployment Tasks
import_tasks: ../deploy/includes/deploy_common.yml

304
.deployment-backup/x_ansible/playbooks/deploy/staging.yml Normal file
View File

@@ -0,0 +1,304 @@
---
# Staging-Deployment
# Dieses Playbook steuert das Deployment in die Staging-Umgebung
- name: Deployment für STAGING-Umgebung
hosts: staging
become: true
gather_facts: true
vars:
# Deployment-Variablen
project_source: "{{ playbook_dir }}/../.."
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
docker_compose_project_path: "{{ deploy_root }}"
# Vorbereitung des Deployments
pre_tasks:
- name: Prüfe Verbindung zum Staging-Server
ping:
register: ping_result
tags: [always, check]
- name: Zeige Serverinformationen
debug:
msg: "Verbunden mit {{ inventory_hostname }} ({{ ansible_host }})"
tags: [always, check]
# Rollen für die Basiseinrichtung des Servers
roles:
- common
- docker
- app
- nginx
- php
- redis
# Haupttasks für das Deployment
tasks:
- name: Synchronisiere Anwendungsdateien
synchronize:
src: "{{ project_source }}/"
dest: "{{ deploy_root }}/"
delete: yes
rsync_opts:
- "--exclude=.git/"
- "--exclude=node_modules/"
- "--exclude=vendor/"
- "--exclude=.env.local"
tags: [sync, files]
- name: Wende modulare Deployment-Tasks an
import_tasks: ../deploy/includes/deploy_common.yml
tags: [deploy]
# Nachbereitung nach dem Deployment
post_tasks:
- name: Hole Server-IP-Adresse
shell: hostname -I | awk '{print $1}'
register: server_ip
ignore_errors: yes
tags: [check]
- name: Hole Nginx-Container-IP (vereinfacht)
shell: |
CONTAINER_ID=$(docker ps -q --filter name=michaelschiemer_nginx)
if [ -n "$CONTAINER_ID" ]; then
docker inspect $CONTAINER_ID | grep -m 1 '"IPAddress"' | awk -F '"' '{print $4}'
else
echo "Container nicht gefunden"
fi
register: container_ip
ignore_errors: yes
tags: [check]
- name: Warte kurz bis Docker-Container gestartet sind
pause:
seconds: 5
tags: [check]
- name: Überprüfe ob curl installiert ist
shell: which curl || echo "not found"
register: curl_check
ignore_errors: yes
tags: [check]
- name: Installiere curl falls notwendig
apt:
name: curl
state: present
when: curl_check.stdout == "not found"
tags: [check]
- name: Teste direkten Zugriff auf Nginx-Container via curl
shell: |
CONTAINER_IP=$(docker ps -q --filter name=michaelschiemer_nginx | xargs -I{} docker inspect {} --format='{{.NetworkSettings.Networks.frontend.IPAddress}}' 2>/dev/null || echo "nicht verfügbar")
if [ "$CONTAINER_IP" != "nicht verfügbar" ]; then
curl -s -I http://$CONTAINER_IP || echo "Verbindung fehlgeschlagen"
else
echo "Container-IP nicht verfügbar"
fi
register: curl_test
ignore_errors: yes
tags: [check]
- name: Teste lokalen Zugriff auf Port 80
shell: |
curl -s --connect-timeout 5 -I http://localhost:80 || curl -s --connect-timeout 5 -I http://127.0.0.1:80 || echo "Lokale Verbindung fehlgeschlagen"
register: curl_local_test
ignore_errors: yes
tags: [check]
- name: Teste direkten Zugriff auf Nginx-Container
shell: |
CONTAINER_ID=$(docker ps -q --filter name=michaelschiemer_nginx)
if [ -n "$CONTAINER_ID" ]; then
docker exec $CONTAINER_ID nginx -v || echo "Nginx-Befehl nicht verfügbar"
else
echo "Container nicht aktiv"
fi
register: nginx_version_test
ignore_errors: yes
tags: [check]
- name: Prüfe Docker-Container-Ports
shell: docker port michaelschiemer_nginx || echo "Container-Port-Informationen nicht verfügbar"
register: container_ports
ignore_errors: yes
tags: [check]
- name: Prüfe Anwendungsstatus über Server-IP
uri:
url: "http://{{ server_ip.stdout | trim }}/"
return_content: no
status_code: 200, 301, 302, 403, 404, 500, 502, 503
validate_certs: no
timeout: 10
register: app_status
ignore_errors: yes
delegate_to: localhost
become: no
tags: [check]
- name: Prüfe Anwendungsstatus über konfigurierte Domain (falls IP-Prüfung fehlschlägt)
uri:
url: "http://{{ app_domain }}/"
return_content: no
status_code: 200, 301, 302, 403, 404, 500, 502, 503
validate_certs: no
timeout: 10
register: app_status
ignore_errors: yes
delegate_to: localhost
become: no
when: app_status.status is defined and app_status.status|int < 0
tags: [check]
- name: Verarbeite app_status zu einem gültigen Wert
set_fact:
app_status_code: "{{ app_status.status|default('unbekannt') }}"
tags: [check]
- name: Debug app_status
debug:
msg: "Aktueller app_status: {{ app_status_code }}"
tags: [check]
- name: Prüfe Docker-Container-Status
shell: docker ps | grep nginx || echo "Kein Nginx-Container gefunden"
register: nginx_status
ignore_errors: yes
tags: [check]
- name: Ermittle Docker-Netzwerke
shell: docker network ls
register: docker_networks
ignore_errors: yes
tags: [check]
- name: Erstelle ein einfaches HTML-Testdokument im public-Verzeichnis
copy:
dest: "{{ deploy_root }}/public/index.html"
content: |
<!DOCTYPE html>
<html>
<head>
<title>Webserver ist aktiv</title>
<style>
body { font-family: Arial, sans-serif; margin: 40px; line-height: 1.6; }
h1 { color: #333; }
.container { max-width: 800px; margin: 0 auto; padding: 20px; border: 1px solid #ddd; border-radius: 5px; }
.success { color: green; }
.info { margin-top: 20px; background: #f8f8f8; padding: 10px; border-radius: 5px; }
</style>
</head>
<body>
<div class="container">
<h1>Webserver ist <span class="success">aktiv</span>!</h1>
<p>Diese Seite bestätigt, dass der Nginx-Webserver korrekt läuft.</p>
<div class="info">
<h3>Server-Informationen:</h3>
<p>Datum: {{ ansible_date_time.date | default('nicht verfügbar') }}</p>
<p>Server: {{ inventory_hostname }}</p>
<p>IP: {{ server_ip.stdout | trim | default('nicht verfügbar') }}</p>
<p>Deployment-Zeit: {{ ansible_date_time.iso8601 | default('unbekannt') }}</p>
</div>
</div>
</body>
</html>
mode: '0644'
tags: [check]
- name: Erstelle zusätzliche Test-Datei direkt im Webroot
copy:
dest: "{{ deploy_root }}/public/test.html"
content: |
<!DOCTYPE html>
<html>
<head>
<title>Nginx Test</title>
</head>
<body>
<h1>Nginx Test erfolgreich!</h1>
<p>Wenn Sie diese Seite sehen, funktioniert der Nginx-Webserver korrekt.</p>
<p>Server-IP: {{ server_ip.stdout | trim | default('nicht verfügbar') }}</p>
</body>
</html>
mode: '0644'
tags: [check]
- name: Hole Container-Informationen für Diagnose
shell: |
docker ps | grep michaelschiemer_nginx || echo "Container nicht gefunden"
register: container_info
ignore_errors: yes
tags: [check]
- name: Prüfe auf offene Ports
shell: |
ss -tulpn | grep LISTEN | grep ':80' || echo "Kein Prozess an Port 80 gebunden"
register: port_check
ignore_errors: yes
tags: [check]
- name: Zeige Anwendungsstatus und Server-Informationen
debug:
msg: |
Anwendungsstatus:
- Server IP: {{ server_ip.stdout | trim | default('nicht verfügbar') }}
- Domain: {{ app_domain }}
- Status: {% if app_status_code == 200 %}Verfügbar (HTTP 200 OK){% elif app_status_code|int > 0 %}Erreichbar aber mit Fehler (HTTP {{ app_status_code }}){% else %}Status konnte nicht ermittelt werden ({{ app_status_code }}){% endif %}
Docker-Container Status:
{{ nginx_status.stdout | default('Keine Informationen verfügbar') }}
Port-Status:
{{ port_80_check.stdout | default('Keine Port-Informationen verfügbar') }}
Lokaler Verbindungstest:
{{ curl_local_test.stdout | default('Keine Testinformationen verfügbar') }}
Nginx-Version im Container:
{{ nginx_version_test.stdout | default('Keine Versionsinformationen verfügbar') }}
Docker-Container sollte auf Port 80 verfügbar sein.
Lösungsvorschläge bei Verbindungsproblemen:
- Firewall-Regeln prüfen: sudo ufw status
- Nginx-Container-Logs prüfen: docker logs michaelschiemer_nginx
- Stellen Sie sicher, dass kein anderer Prozess Port 80 belegt: ss -tulpn | grep ':80'
- Container neu starten: cd {{ deploy_root }} && docker-compose -f docker-compose-simple.yml restart nginx
- Überprüfen Sie den Status: docker-compose -f {{ deploy_root }}/docker-compose-simple.yml ps
tags: [check]
- name: Prüfe Nginx-Container Status
shell: docker ps -a | grep michaelschiemer-nginx
register: nginx_container_status
ignore_errors: yes
tags: [check]
- name: Prüfe ob Port 80 offen ist
shell: netstat -tulpn | grep LISTEN | grep ':80'
register: port_80_status
ignore_errors: yes
tags: [check]
- name: Zeige Container-Status und Port-Informationen
debug:
msg: |
Nginx-Container Status:
{{ nginx_status.stdout | default('Container nicht gefunden') }}
Port 80 Status:
{{ port_80_check.stdout | default('Port 80 scheint nicht zu lauschen') }}
Server-IP: {{ server_ip.stdout | trim | default('nicht ermittelbar') }}
Diagnoseinformationen:
- Überprüfen Sie, ob der Container läuft: docker ps -a
- Prüfen Sie die Container-Logs: docker logs michaelschiemer_nginx
- Prüfen Sie die Container-Netzwerkeinstellungen: docker inspect michaelschiemer_nginx
- Stellen Sie sicher, dass der Host-Port 80 nicht bereits belegt ist
- Prüfen Sie die Firewall-Einstellungen: sudo ufw status
tags: [check]

103
.deployment-backup/x_ansible/playbooks/includes/deploy_common.yml Normal file
View File

@@ -0,0 +1,103 @@
---
# Gemeinsame Tasks für alle Deployment-Szenarien
- name: Stelle sicher, dass Zielverzeichnisse existieren
file:
path: "{{ item }}"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
loop:
- "{{ deploy_root }}"
- "{{ deploy_root }}/public"
- "{{ deploy_root }}/ssl"
- "{{ deploy_root }}/src"
- "{{ deploy_root }}/docker"
- "{{ deploy_root }}/docker/nginx"
- "{{ deploy_root }}/docker/php"
- name: SSL-Zertifikate prüfen
stat:
path: "/etc/letsencrypt/live/{{ app_domain }}/fullchain.pem"
register: ssl_certs
- name: SSL-Zertifikate kopieren (falls vorhanden)
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
remote_src: yes
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
loop:
- { src: "/etc/letsencrypt/live/{{ app_domain }}/fullchain.pem", dest: "{{ deploy_root }}/ssl/fullchain.pem" }
- { src: "/etc/letsencrypt/live/{{ app_domain }}/privkey.pem", dest: "{{ deploy_root }}/ssl/privkey.pem" }
when: ssl_certs.stat.exists
- name: Kopiere Docker-Konfigurationen
copy:
src: "{{ playbook_dir }}/../docker/"
dest: "{{ deploy_root }}/docker/"
mode: '0644'
- name: Kopiere docker-compose.yml
copy:
src: "{{ playbook_dir }}/../docker-compose.yml"
dest: "{{ deploy_root }}/docker-compose.yml"
mode: '0644'
- name: Erstelle .env-Datei
copy:
dest: "{{ deploy_root }}/.env"
content: |
COMPOSE_PROJECT_NAME=michaelschiemer
APP_ENV={{ environment | default('production') }}
APP_DOMAIN={{ app_domain }}
DEPLOY_ROOT={{ deploy_root }}
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
- name: Starte Docker-Container
shell: |
cd {{ deploy_root }} && \
docker-compose up -d --build
args:
chdir: "{{ deploy_root }}"
environment:
COMPOSE_IGNORE_ORPHANS: "True"
PATH: "/usr/local/bin:/usr/bin:/bin"
- name: Warte kurz bis Docker-Container gestartet sind
pause:
seconds: 5
- name: Erstelle Test-HTML-Datei
copy:
dest: "{{ deploy_root }}/public/index.html"
content: |
<!DOCTYPE html>
<html>
<head>
<title>Server aktiv</title>
<style>
body { font-family: Arial, sans-serif; margin: 40px; }
h1 { color: #3273dc; }
.container { max-width: 800px; margin: 0 auto; padding: 20px; border: 1px solid #eee; border-radius: 5px; }
.info { margin-top: 20px; background: #f8f8f8; padding: 10px; border-radius: 5px; }
</style>
</head>
<body>
<div class="container">
<h1>Server ist aktiv!</h1>
<p>Diese Seite bestätigt, dass der Webserver korrekt läuft.</p>
<div class="info">
<p>Server: {{ inventory_hostname }}</p>
<p>Umgebung: {{ environment | default('unbekannt') }}</p>
<p>Deployment-Zeit: {{ ansible_date_time.iso8601 | default('unbekannt') }}</p>
</div>
</div>
</body>
</html>
mode: '0644'

81
.deployment-backup/x_ansible/playbooks/setup.yml Normal file
View File

@@ -0,0 +1,81 @@
---
- name: Basis Setup für alle Zielsysteme
hosts: web
become: true
gather_facts: true
pre_tasks:
- name: Überprüfe Serververbindung
ping:
tags: [always, check]
- name: Zeige Server-Informationen
debug:
msg: "Verbunden mit {{ inventory_hostname }} ({{ ansible_host | default('IP unbekannt') }})"
tags: [always, check]
roles:
- common
- docker
post_tasks:
- name: Stelle sicher, dass Zielverzeichnisse existieren
file:
path: "{{ item }}"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
loop:
- "{{ deploy_root }}"
- "{{ deploy_root }}/public"
- "{{ deploy_root }}/ssl"
- "{{ deploy_root }}/src"
- "{{ deploy_root }}/docker"
- "{{ deploy_root }}/docker/nginx"
- "{{ deploy_root }}/docker/php"
tags: [setup, folders]
- name: Kopiere Docker-Konfigurationen
synchronize:
src: "{{ playbook_dir }}/docker/"
dest: "{{ deploy_root }}/docker/"
delete: yes
tags: [setup, docker]
- name: Kopiere docker-compose.yml
copy:
src: "{{ playbook_dir }}/docker-compose.yml"
dest: "{{ deploy_root }}/docker-compose.yml"
mode: '0644'
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
tags: [setup, docker]
- name: Erstelle Test-HTML-Datei
copy:
dest: "{{ deploy_root }}/public/index.html"
content: |
<!DOCTYPE html>
<html>
<head>
<title>Server Setup erfolgreich</title>
<style>
body { font-family: Arial, sans-serif; margin: 40px; }
h1 { color: #3273dc; }
.container { max-width: 800px; margin: 0 auto; padding: 20px; border: 1px solid #eee; border-radius: 5px; }
</style>
</head>
<body>
<div class="container">
<h1>Server-Setup erfolgreich!</h1>
<p>Diese Seite bestätigt, dass die grundlegende Servereinrichtung abgeschlossen ist.</p>
<p>Als nächstes können Sie das Deployment ausführen mit:</p>
<pre>./ansible/deploy.sh {{ environment | default('staging') }}</pre>
</div>
</body>
</html>
mode: '0644'
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
tags: [setup, test]

250
.deployment-backup/x_ansible/playbooks/simplified-deploy.yml Normal file
View File

@@ -0,0 +1,250 @@
---
- name: Vereinfachtes Deployment mit Docker
hosts: all
become: true
gather_facts: true
vars:
deploy_root: /var/www/michaelschiemer
deploy_user: "{{ ansible_user | default('deploy') }}"
app_domain: "{{ hostvars[inventory_hostname]['ansible_host'] | default(inventory_hostname) }}"
tasks:
# 1. Grundlegende Server-Einrichtung
- name: Installiere grundlegende Pakete
apt:
name: [curl, ca-certificates, gnupg, apt-transport-https, software-properties-common, iproute2]
state: present
update_cache: yes
# 2. Docker Installation
- name: Docker GPG-Schlüssel hinzufügen
apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: present
- name: Docker Repository hinzufügen
apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
state: present
- name: Docker Engine installieren
apt:
name: [docker-ce, docker-ce-cli, containerd.io, docker-compose-plugin]
state: present
update_cache: yes
- name: Benutzer zur Docker-Gruppe hinzufügen
user:
name: "{{ ansible_user }}"
groups: docker
append: yes
- name: Docker-Service aktivieren
service:
name: docker
state: started
enabled: yes
# 3. Verzeichnisstruktur anlegen
- name: Stelle sicher, dass die Verzeichnisse existieren
file:
path: "{{ deploy_root }}/{{ item }}"
state: directory
mode: '0755'
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
recurse: yes
loop:
- public
- docker/nginx
- docker/php
- src
# 4. Docker-Compose Datei erstellen
- name: Erstelle docker-compose.yml
copy:
dest: "{{ deploy_root }}/docker-compose.yml"
content: |
version: '3.8'
services:
php:
container_name: michaelschiemer_php
image: php:8.4-fpm
volumes:
- ./src:/var/www/html/src:rw
- ./public:/var/www/html/public:rw
networks:
- backend
nginx:
container_name: michaelschiemer_nginx
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./public:/var/www/html/public:ro
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
depends_on:
- php
networks:
- frontend
- backend
networks:
frontend:
backend:
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
# 5. Nginx Konfiguration erstellen
- name: Erstelle Nginx-Konfiguration
copy:
dest: "{{ deploy_root }}/docker/nginx/nginx.conf"
content: |
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
mode: '0644'
- name: Erstelle Nginx Default-Site-Konfiguration
copy:
dest: "{{ deploy_root }}/docker/nginx/default.conf"
content: |
server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/html/public;
index index.html index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
mode: '0644'
# 6. Test HTML-Datei erstellen
- name: Erstelle Testseite
copy:
dest: "{{ deploy_root }}/public/index.html"
content: |
<!DOCTYPE html>
<html>
<head>
<title>Webserver ist aktiv</title>
<style>
body { font-family: Arial, sans-serif; margin: 40px; line-height: 1.6; }
h1 { color: #333; }
.container { max-width: 800px; margin: 0 auto; padding: 20px; border: 1px solid #ddd; border-radius: 5px; }
.success { color: green; }
.info { margin-top: 20px; background: #f8f8f8; padding: 10px; border-radius: 5px; }
</style>
</head>
<body>
<div class="container">
<h1>Webserver ist <span class="success">aktiv</span>!</h1>
<p>Diese Seite bestätigt, dass der Nginx-Webserver korrekt läuft.</p>
<div class="info">
<h3>Server-Informationen:</h3>
<p>Server: {{ inventory_hostname }}</p>
<p>IP: {{ ansible_default_ipv4.address }}</p>
<p>Deployment-Zeit: {{ ansible_date_time.iso8601 }}</p>
</div>
</div>
</body>
</html>
mode: '0644'
# 7. Container starten
- name: Stoppe alle vorhandenen Container
command: docker-compose down --remove-orphans
args:
chdir: "{{ deploy_root }}"
ignore_errors: yes
- name: Starte Docker-Container
command: docker-compose up -d
args:
chdir: "{{ deploy_root }}"
# 8. Status und Tests
- name: Warte kurz bis Docker-Container gestartet sind
pause:
seconds: 5
- name: Server-IP ermitteln
shell: hostname -I | awk '{print $1}'
register: server_ip
ignore_errors: yes
- name: Prüfe Nginx-Container Status
shell: docker ps | grep nginx || echo "Kein Nginx-Container gefunden"
register: nginx_status
ignore_errors: yes
- name: Prüfe ob Port 80 offen ist
shell: ss -tulpn | grep LISTEN | grep ':80' || echo "Kein Prozess an Port 80 gebunden"
register: port_80_check
ignore_errors: yes
- name: Teste lokalen Zugriff auf Port 80
shell: curl -s --connect-timeout 5 -I http://localhost:80 || curl -s --connect-timeout 5 -I http://127.0.0.1:80 || echo "Lokale Verbindung fehlgeschlagen"
register: curl_local_test
ignore_errors: yes
- name: Zeige Anwendungsstatus und Server-Informationen
debug:
msg: |
Anwendungsstatus:
- Server IP: {{ server_ip.stdout | trim | default('nicht verfügbar') }}
- Domain: {{ app_domain }}
Docker-Container Status:
{{ nginx_status.stdout | default('Keine Informationen verfügbar') }}
Port-Status:
{{ port_80_check.stdout | default('Keine Port-Informationen verfügbar') }}
Lokaler Verbindungstest:
{{ curl_local_test.stdout | default('Keine Testinformationen verfügbar') }}
Docker-Container sollte auf Port 80 verfügbar sein.
Lösungsvorschläge bei Verbindungsproblemen:
- Firewall-Regeln prüfen: sudo ufw status
- Container-Logs prüfen: docker logs michaelschiemer_nginx
- Container neu starten: cd {{ deploy_root }} && docker-compose restart nginx

6
.deployment-backup/x_ansible/playbooks/test.yml Normal file
View File

@@ -0,0 +1,6 @@
- hosts: web
become: true
gather_facts: true
roles:
- console

7
.deployment-backup/x_ansible/playbooks/wireguard.yml Normal file
View File

@@ -0,0 +1,7 @@
# ansible/wireguard.yml
- hosts: vpn
become: false
gather_facts: false
roles:
- wireguard

44
.deployment-backup/x_ansible/roles/app/defaults/main.yml Normal file
View File

@@ -0,0 +1,44 @@
---
# Standardwerte für die App-Rolle
# Standardwerte für die App-Rolle
# Deployment-Verzeichnisse
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
# Benutzer
deploy_user: "{{ ansible_user | default('deploy') }}"
# Quellverzeichnis für Dateisynchronisation
project_source: "{{ playbook_dir | dirname | dirname }}"
# Domain
app_domain: "localhost"
---
# Standardwerte für die App-Rolle
---
# Standardwerte für die App-Rolle
# Deployment-Verzeichnisse
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
# Benutzer
deploy_user: "{{ ansible_user | default('deploy') }}"
# Deployment-Variablen
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
deploy_user: deploy
# Anwendungsvariablen
app_domain: "{{ hostvars[inventory_hostname]['ansible_host'] | default(inventory_hostname) }}"
project_source: "{{ playbook_dir }}/../.."
project_root: "{{ playbook_dir }}/../.."
# Docker-Compose-Pfad
docker_compose_project_path: "{{ deploy_root }}"
# Diese Werte werden nur verwendet, wenn sie nicht anderweitig definiert sind
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
deploy_user: "{{ ansible_user | default('deploy') }}"
app_domain: "localhost"
project_root: "{{ playbook_dir | dirname }}"

622
.deployment-backup/x_ansible/roles/app/tasks/main.yml Normal file
View File

@@ -0,0 +1,622 @@
---
- name: Prüfe erforderliche Variablen
assert:
that:
- deploy_root is defined
- deploy_user is defined
fail_msg: "Erforderliche Variablen fehlen: deploy_root und/oder deploy_user nicht definiert"
success_msg: "Alle erforderlichen Variablen sind korrekt definiert"
tags: [always]
- name: Projektverzeichnisse erstellen
file:
path: "{{ item }}"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
loop:
- "{{ deploy_root }}"
- "{{ deploy_root }}/ssl"
- "{{ deploy_root }}/public"
- "{{ deploy_root }}/src"
- "{{ deploy_root }}/docker"
- name: SSL-Zertifikate prüfen
stat:
path: "/etc/letsencrypt/live/{{ app_domain }}/fullchain.pem"
register: ssl_certs
- name: SSL-Zertifikate kopieren (falls vorhanden)
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
remote_src: yes
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
loop:
- { src: "/etc/letsencrypt/live/{{ app_domain }}/fullchain.pem", dest: "{{ deploy_root }}/ssl/fullchain.pem" }
- { src: "/etc/letsencrypt/live/{{ app_domain }}/privkey.pem", dest: "{{ deploy_root }}/ssl/privkey.pem" }
when: ssl_certs.stat.exists
- name: Lokales public-Verzeichnis prüfen
stat:
path: "{{ playbook_dir }}/../../public"
register: public_dir
delegate_to: localhost
become: false
- name: public-Verzeichnis synchronisieren
synchronize:
src: "{{ playbook_dir }}/../../public/"
dest: "{{ deploy_public }}/"
delete: yes
recursive: yes
when: public_dir.stat.exists and public_dir.stat.isdir
- name: Lokale docker-compose.yml Datei prüfen
stat:
path: "{{ playbook_dir }}/../../docker-compose.yml"
register: docker_compose_file
delegate_to: localhost
become: false
- name: Projekt-Stammdaten kopieren
copy:
src: "{{ playbook_dir }}/../../docker-compose.yml"
dest: "{{ deploy_root }}/docker-compose.yml"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
when: docker_compose_file.stat.exists
- name: .env-Datei prüfen
stat:
path: "{{ project_root }}/.env"
register: env_file
delegate_to: localhost
become: false
- name: .env kopieren (falls vorhanden)
copy:
src: "{{ project_root }}/.env"
dest: "{{ deploy_root }}/.env"
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
when: env_file.stat.exists
- name: Erstelle Standard-.env-Datei, wenn keine existiert
copy:
dest: "{{ deploy_root }}/.env"
content: |
COMPOSE_PROJECT_NAME=michaelschiemer
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
when: not env_file.stat.exists
- name: Lokales src-Verzeichnis prüfen
stat:
path: "{{ playbook_dir }}/../../src"
register: src_dir
delegate_to: localhost
become: false
- name: Quellcode synchronisieren
synchronize:
src: "{{ playbook_dir }}/../../src/"
dest: "{{ deploy_root }}/src/"
delete: yes
recursive: yes
when: src_dir.stat.exists and src_dir.stat.isdir
- name: Docker-Verzeichnis prüfen
stat:
path: "{{ project_root }}/docker"
register: docker_dir
delegate_to: localhost
become: false
- name: Docker-Configs synchronisieren (falls vorhanden)
synchronize:
src: "{{ project_root }}/docker/"
dest: "{{ deploy_root }}/docker/"
delete: yes
recursive: yes
when: docker_dir.stat.exists
- name: Rechte im Zielverzeichnis korrigieren
file:
path: "{{ deploy_root }}"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
recurse: yes
# Cache-Verzeichnis für UID/GID 1000 (z.B. appuser im Container)
- name: Stelle Schreibrechte für Cache-Verzeichnis her
file:
path: "{{ deploy_root }}/cache"
state: directory
owner: 1000
group: 1000
mode: '0775'
recurse: yes
- name: Erstelle .env-Datei für Docker Compose
copy:
dest: "{{ deploy_root }}/.env"
content: |
COMPOSE_PROJECT_NAME=michaelschiemer
APP_ENV=production
APP_PORT=80
APP_SSL_PORT=443
COMPOSER_INSTALL_FLAGS=--no-dev --optimize-autoloader
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
when: not env_file.stat.exists
- name: Prüfe docker-compose.yml im project_root
stat:
path: "{{ project_root }}/docker-compose.yml"
register: compose_file
delegate_to: localhost
become: false
- name: Docker-Compose-Konfiguration für Deployment anpassen
copy:
dest: "{{ deploy_root }}/docker-compose-deploy.yml"
content: |
version: '3.8'
services:
php:
build:
context: {{ deploy_root }}/docker/php
dockerfile: Dockerfile-simple
volumes:
- {{ deploy_root }}/src:/var/www/html/src:rw
- {{ deploy_root }}/public:/var/www/html/public:rw
networks:
- backend
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- {{ deploy_root }}/public:/var/www/html/public:ro
- {{ deploy_root }}/docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- {{ deploy_root }}/docker/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
depends_on:
- php
networks:
- frontend
- backend
redis:
image: redis:alpine
networks:
- cache
networks:
frontend:
backend:
cache:
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
- name: Stelle sicher, dass die Nginx-Verzeichnisstruktur korrekt ist
file:
path: "{{ deploy_root }}/docker/nginx"
state: directory
mode: '0755'
- name: Bereinige nginx.conf Verzeichnis falls es existiert
shell: |
if [ -d "{{ deploy_root }}/docker/nginx/nginx.conf" ]; then
rm -rf "{{ deploy_root }}/docker/nginx/nginx.conf"
fi
args:
executable: /bin/bash
ignore_errors: yes
- name: Erstelle Dockerfile für Nginx
copy:
dest: "{{ deploy_root }}/docker/nginx/Dockerfile"
content: |
FROM nginx:alpine
# Konfigurationen kopieren
COPY nginx.conf /etc/nginx/nginx.conf
COPY default.conf /etc/nginx/conf.d/default.conf
# Erstelle Verzeichnis für SSL
RUN mkdir -p /etc/nginx/ssl
# Starte nginx im Vordergrund
CMD ["nginx", "-g", "daemon off;"]
mode: '0644'
- name: Docker-Compose-Datei für Deployment anpassen (PHP Dockerfile)
replace:
path: "{{ deploy_root }}/docker-compose-deploy.yml"
regexp: 'dockerfile: docker/php/Dockerfile'
replace: 'dockerfile: {{ deploy_root }}/docker/php/Dockerfile'
---
# App Deployment Tasks
- name: Prüfe erforderliche Variablen
assert:
that:
- deploy_root is defined
- deploy_user is defined
fail_msg: "Erforderliche Variablen fehlen: deploy_root und/oder deploy_user nicht definiert"
success_msg: "Alle erforderlichen Variablen sind korrekt definiert"
tags: [always]
- name: Projektverzeichnisse erstellen
file:
path: "{{ item }}"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
loop:
- "{{ deploy_root }}"
- "{{ deploy_root }}/ssl"
- "{{ deploy_root }}/public"
- "{{ deploy_root }}/src"
- "{{ deploy_root }}/docker"
- name: Erstelle einfache Test-HTML-Datei
copy:
dest: "{{ deploy_root }}/public/index.html"
content: |
<!DOCTYPE html>
<html>
<head>
<title>App ist aktiv</title>
<style>
body { font-family: Arial, sans-serif; margin: 40px; }
h1 { color: #3273dc; }
.container { max-width: 800px; margin: 0 auto; padding: 20px; border: 1px solid #eee; border-radius: 5px; }
</style>
</head>
<body>
<div class="container">
<h1>Anwendung ist aktiv!</h1>
<p>Diese Seite bestätigt, dass das App-Deployment erfolgreich war.</p>
<p>Server: {{ inventory_hostname }}</p>
</div>
</body>
</html>
mode: '0644'
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
- name: Docker-Compose-Datei für Deployment anpassen (Nginx Context)
replace:
path: "{{ deploy_root }}/docker-compose-deploy.yml"
regexp: 'context: docker/nginx'
replace: 'context: {{ deploy_root }}/docker/nginx'
- name: Docker-Volumes in docker-compose.yml anpassen (korrigiert)
replace:
path: "{{ deploy_root }}/docker-compose-deploy.yml"
regexp: '(\s+-)?\s+\./(.+?)(?::cached|:delegated)?(?::rw|:ro)?$'
replace: '\1 {{ deploy_root }}/\2'
with_items:
- volumes
- volume
- name: Docker-Volumes für Redis anpassen
replace:
path: "{{ deploy_root }}/docker-compose-deploy.yml"
regexp: '\./docker/redis/redis.conf'
replace: '{{ deploy_root }}/docker/redis/redis.conf'
- name: Korrigiere spezielle Volume-Optionen (cached, delegated)
replace:
path: "{{ deploy_root }}/docker-compose-deploy.yml"
regexp: '{{ deploy_root }}/([^:]+):cached'
replace: '{{ deploy_root }}/\1:rw'
- name: Korrigiere spezielle Volume-Optionen (delegated)
replace:
path: "{{ deploy_root }}/docker-compose-deploy.yml"
regexp: '{{ deploy_root }}/([^:]+):delegated'
replace: '{{ deploy_root }}/\1:rw'
- name: Finde und korrigiere ungültige Volume-Spezifikationen
shell: |
sed -i 's|{{ deploy_root }}/var/www/html:|{{ deploy_root }}:|g' {{ deploy_root }}/docker-compose-deploy.yml
sed -i 's|:cached:rw|:rw|g' {{ deploy_root }}/docker-compose-deploy.yml
sed -i 's|:delegated:rw|:rw|g' {{ deploy_root }}/docker-compose-deploy.yml
cat {{ deploy_root }}/docker-compose-deploy.yml | grep -A 20 volumes
args:
chdir: "{{ deploy_root }}"
register: volume_debug
- name: Erstelle einfache Docker Compose-Datei als Fallback
copy:
dest: "{{ deploy_root }}/docker-compose-simple.yml"
content: |
version: '3.8'
services:
php:
build:
context: {{ deploy_root }}/docker/php
dockerfile: Dockerfile-simple
volumes:
- {{ deploy_root }}/src:/var/www/html/src:rw
- {{ deploy_root }}/public:/var/www/html/public:rw
networks:
- backend
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- {{ deploy_root }}/public:/var/www/html/public:ro
- {{ deploy_root }}/docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- php
networks:
- frontend
- backend
redis:
image: redis:alpine
networks:
- cache
networks:
frontend:
backend:
cache:
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
- name: Erstelle composer.lock-Datei wenn diese nicht existiert
file:
path: "{{ deploy_root }}/composer.lock"
state: touch
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
register: composer_lock_created
- name: Prüfe ob Dockerfile existiert
stat:
path: "{{ project_root }}/docker/php/Dockerfile"
register: dockerfile_exists
delegate_to: localhost
become: false
- name: Erstelle angepasste Dockerfile für PHP
copy:
dest: "{{ deploy_root }}/docker/php/Dockerfile-deploy"
content: |
FROM php:8.4-fpm
RUN apt-get update && apt-get install -y \
git \
unzip \
libzip-dev \
zip \
&& docker-php-ext-install zip pdo pdo_mysql \
&& docker-php-ext-install opcache \
&& docker-php-ext-install pcntl posix shmop \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /var/www/html
# Kopiere Projektdateien
COPY . /var/www/html/
# Stelle sicher, dass der Webserver Zugriff auf Dateien hat
RUN chown -R www-data:www-data /var/www/html
CMD ["php-fpm"]
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
# Task entfernt, da wir jetzt direkt eine vollständige Dockerfile erstellen
# und nicht mehr eine vorhandene Datei anpassen müssen
- name: Erstelle vereinfachte Dockerfile für PHP
copy:
dest: "{{ deploy_root }}/docker/php/Dockerfile-simple"
content: |
FROM php:8.4-fpm
RUN apt-get update && apt-get install -y \
git \
unzip \
libzip-dev \
zip \
&& docker-php-ext-install zip pdo pdo_mysql \
&& docker-php-ext-install opcache \
&& docker-php-ext-install pcntl posix shmop \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /var/www/html
# Kein Composer-Befehl hier
CMD ["php-fpm"]
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
- name: Docker-Compose-Datei anpassen um die modifizierte Dockerfile zu verwenden
replace:
path: "{{ deploy_root }}/docker-compose-deploy.yml"
regexp: 'dockerfile: {{ deploy_root }}/docker/php/Dockerfile'
replace: 'dockerfile: {{ deploy_root }}/docker/php/Dockerfile-simple'
- name: Erstelle composer.json für Docker-Build
copy:
dest: "{{ deploy_root }}/composer.json"
content: |
{
"name": "michaelschiemer/website",
"description": "Michael Schiemer Website",
"type": "project",
"require": {
"php": "^8.1"
},
"minimum-stability": "stable"
}
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
- name: Debug-Info für Docker Compose
debug:
msg: "Versuche, Container zu starten mit Docker Compose-Datei: {{ deploy_root }}/docker-compose-simple.yml"
- name: Zeige Docker Images
shell: docker images
register: docker_images
ignore_errors: yes
- name: Docker Images anzeigen
debug:
var: docker_images.stdout_lines
- name: Zeige laufende Docker Container
shell: docker ps -a
register: docker_containers
ignore_errors: yes
- name: Docker Container anzeigen
debug:
var: docker_containers.stdout_lines
- name: Docker Compose Container stoppen
shell: |
cd {{ deploy_root }} && \
docker-compose -f {{ deploy_root }}/docker-compose-simple.yml -p michaelschiemer down --remove-orphans || true
args:
chdir: "{{ deploy_root }}"
environment:
COMPOSE_IGNORE_ORPHANS: "True"
- name: Prüfe ob docker-compose-simple.yml existiert
stat:
path: "{{ deploy_root }}/docker-compose-simple.yml"
register: simple_compose_file
- name: Anzeigen des Inhalts der docker-compose-simple.yml Datei
shell: cat {{ deploy_root }}/docker-compose-simple.yml
register: compose_content
when: simple_compose_file.stat.exists
- name: Anzeigen des Inhalts der docker-compose-simple.yml Datei
debug:
var: compose_content.stdout_lines
when: compose_content is defined
- name: Verzeichnisse in nginx Docker Verzeichnis anzeigen
shell: "ls -la {{ deploy_root }}/docker/nginx"
register: nginx_dir_content
- name: Nginx Verzeichnisinhalt anzeigen
debug:
var: nginx_dir_content.stdout_lines
- name: Stoppe alle Docker Container
shell: |
cd {{ deploy_root }} && \
docker-compose -f {{ deploy_root }}/docker-compose-simple.yml -p michaelschiemer down --remove-orphans
args:
chdir: "{{ deploy_root }}"
ignore_errors: yes
environment:
COMPOSE_IGNORE_ORPHANS: "True"
- name: Bereinige Docker-Systemressourcen
shell: docker system prune -f
ignore_errors: yes
- name: Docker Compose neu bauen und starten (vereinfachte Version)
shell: |
cd {{ deploy_root }} && \
export DOCKER_BUILDKIT=0 && \
docker-compose -f {{ deploy_root }}/docker-compose-simple.yml -p michaelschiemer up -d --build
args:
chdir: "{{ deploy_root }}"
ignore_errors: yes
environment:
COMPOSE_IGNORE_ORPHANS: "True"
- name: Warte kurz bis Docker-Container gestartet sind
pause:
seconds: 5
- name: Prüfe welche Prozesse an Port 80 gebunden sind
shell: |
netstat -tulpn | grep LISTEN | grep ':80' || echo "Kein Prozess an Port 80 gebunden"
register: port_80_check
ignore_errors: yes
- name: Zeige Port 80 Bindung
debug:
var: port_80_check.stdout_lines
- name: Prüfe Docker-Container Netzwerkeinstellungen
shell: |
docker inspect michaelschiemer-nginx-1 | grep -A 20 "NetworkSettings" || echo "Container nicht gefunden"
register: container_network
ignore_errors: yes
- name: Zeige Container-Netzwerkeinstellungen
debug:
var: container_network.stdout_lines
- name: PHP-Container für Composer starten
shell: docker-compose -f {{ deploy_root }}/docker-compose-simple.yml -p michaelschiemer up -d php
args:
chdir: "{{ deploy_root }}"
- name: Kurze Wartezeit bis PHP-Container bereit
wait_for:
timeout: 5
- name: Composer Abhängigkeiten installieren (deaktiviert)
debug:
msg: "Composer-Installation übersprungen - keine PHP-Anwendung vorhanden"
register: composer_result
- name: Composer-Ergebnis anzeigen
debug:
var: composer_result.stdout_lines
when: composer_result.stdout is defined
- name: Composer-Fehler anzeigen
debug:
var: composer_result.stderr_lines
when: composer_result.stderr is defined

12
.deployment-backup/x_ansible/roles/common/defaults/main.yml Normal file
View File

@@ -0,0 +1,12 @@
---
# Standardwerte für die Common-Rolle
# Verzeichnisse
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
# Benutzer
deploy_user: "{{ ansible_user | default('deploy') }}"
# Domain
app_domain: "localhost"

101
.deployment-backup/x_ansible/roles/common/tasks/main.yml Normal file
View File

@@ -0,0 +1,101 @@
---
# Common-Rolle für grundlegende Systemeinstellungen
- name: Setze globale Variablen
set_fact:
deploy_root: "{{ deploy_root | default('/var/www/michaelschiemer') }}"
deploy_user: "{{ deploy_user | default(ansible_user) }}"
app_domain: "{{ app_domain | default('localhost') }}"
tags: [always]
- name: Aktualisiere Paketindex
apt:
update_cache: yes
cache_valid_time: 3600
tags: [always]
- name: Installiere grundlegende Pakete
apt:
name:
- sudo
- vim
- htop
- git
- zip
- unzip
- curl
- wget
- net-tools
- rsync
- python3-pip
- ufw
- fail2ban
state: present
tags: [system, packages]
- name: Setze Zeitzone auf Europe/Berlin
timezone:
name: Europe/Berlin
tags: [system, timezone]
# Benutzer und Berechtigungen
- name: Stelle sicher, dass Deploy-Benutzer existiert
user:
name: "{{ deploy_user }}"
shell: /bin/bash
groups: sudo
append: yes
createhome: yes
state: present
when: deploy_user != 'root' and ansible_connection != 'local'
tags: [system, user]
- name: Stelle sicher, dass SSH-Verzeichnis existiert
file:
path: "/home/{{ deploy_user }}/.ssh"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0700'
when: deploy_user != 'root' and ansible_connection != 'local'
tags: [system, user]
- name: Konfiguriere passwordless sudo für deploy-Benutzer
lineinfile:
path: "/etc/sudoers.d/{{ deploy_user }}"
line: "{{ deploy_user }} ALL=(ALL) NOPASSWD: ALL"
state: present
create: yes
mode: '0440'
validate: 'visudo -cf %s'
become: true
when: deploy_user != 'root' and ansible_connection != 'local'
tags: [system, user]
# Firewall
- name: Öffne Ports in Firewall
ufw:
rule: allow
port: "{{ item }}"
proto: tcp
loop:
- '22' # SSH
- '80' # HTTP
- '443' # HTTPS
tags: [system, firewall]
- name: Aktiviere Firewall
ufw:
state: enabled
policy: deny
tags: [system, firewall]
# Verzeichnisse
- name: Erstelle deploy_root-Verzeichnis
file:
path: "{{ deploy_root }}"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
tags: [system, directories]

9
.deployment-backup/x_ansible/roles/console/tasks/main.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Füge Funktion für ms (mit Argumenten) hinzu
blockinfile:
path: "/home/{{ ansible_user }}/.bashrc"
marker: "# {mark} ms docker alias"
block: |
ms() {
docker compose exec php php ms "$@"
}
become: false

14
.deployment-backup/x_ansible/roles/deploy/tasks/main.yml Normal file
View File

@@ -0,0 +1,14 @@
- name: Stoppe laufende Container
command: docker compose down
args:
chdir: "{{ playbook_dir }}/../"
- name: Baue Images neu (ohne Cache)
command: docker compose build --no-cache
args:
chdir: "{{ playbook_dir }}/../"
- name: Starte Container neu
command: docker compose up -d
args:
chdir: "{{ playbook_dir }}/../"

36
.deployment-backup/x_ansible/roles/deploy/templates/.env.j2 Normal file
View File

@@ -0,0 +1,36 @@
# Automatisch generierte .env-Datei
# Generiert durch Ansible am {{ ansible_date_time.date }}
COMPOSE_PROJECT_NAME={{ compose_project_name | default('michaelschiemer') }}
# Allgemeine Einstellungen
APP_NAME={{ app_name | default('michaelschiemer') }}
APP_ENV={{ env_vars.APP_ENV | default('production') }}
APP_DEBUG={{ env_vars.APP_DEBUG | default('false') }}
APP_PORT={{ env_vars.APP_PORT | default(80) }}
APP_SSL_PORT={{ env_vars.APP_SSL_PORT | default(443) }}
# Server-Konfiguration
APP_URL={{ 'https' if ssl_enabled | default(false) else 'http' }}://{{ app_domain }}
# Datenbank-Einstellungen
{% if lookup('vars', 'database_host', default=false) %}
DB_CONNECTION=mysql
DB_HOST={{ database_host }}
DB_PORT=3306
DB_DATABASE={{ database_name }}
DB_USERNAME={{ database_user }}
DB_PASSWORD={{ database_password | default('') }}
{% endif %}
# Redis-Konfiguration
{% if lookup('vars', 'redis_host', default=false) %}
REDIS_HOST={{ redis_host }}
REDIS_PASSWORD={{ redis_password | default(null) }}
REDIS_PORT={{ redis_port | default(6379) }}
{% endif %}
# Weitere Umgebungsspezifische Einstellungen
{% for key, value in env_vars.items() if key not in ['APP_ENV', 'APP_DEBUG', 'APP_PORT', 'APP_SSL_PORT'] %}
{{ key }}={{ value }}
{% endfor %}

9
.deployment-backup/x_ansible/roles/docker/README.md Normal file
View File

@@ -0,0 +1,9 @@
# Rolle: Docker
Diese Rolle installiert Docker Engine, CLI, Compose-Plugin sowie (optional) Docker Compose V1 als Fallback.
- Fügt den gewünschten User zur Docker-Gruppe hinzu.
- Startet und aktiviert den Docker-Dienst.
## Variablen
- `docker_compose_version`: Version von Docker Compose V1 für Fallback (Standard: 1.29.2).
- `docker_user`: Benutzer, der in die Gruppe `docker` aufgenommen werden soll (Standard: aktueller Ansible-User).

16
.deployment-backup/x_ansible/roles/docker/defaults/main.yml Normal file
View File

@@ -0,0 +1,16 @@
# Standardwerte für die Docker-Rolle
# Docker-Version
docker_version: "20.10"
docker_compose_version: "2.24.5"
# Docker-Einstellungen
docker_install_compose: true
docker_user: "{{ ansible_user | default('michael') }}"
# Deployment-Verzeichnisse
deploy_root: /var/www/michaelschiemer
docker_compose_project_path: "{{ deploy_root }}"
# Benutzer
deploy_user: "{{ ansible_user | default('deploy') }}"

4
.deployment-backup/x_ansible/roles/docker/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: restart docker
ansible.builtin.service:
name: docker
state: restarted

191
.deployment-backup/x_ansible/roles/docker/tasks/main.yml Normal file
View File

@@ -0,0 +1,191 @@
- name: Prüfe erforderliche Variablen
assert:
that:
- deploy_root is defined
- deploy_user is defined
fail_msg: "Erforderliche Variablen fehlen: deploy_root und/oder deploy_user nicht definiert"
success_msg: "Alle erforderlichen Variablen sind korrekt definiert"
tags: [always]
- name: Docker-Abhängigkeiten installieren
apt:
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg
- lsb-release
state: present
update_cache: yes
---
# Docker-Installation und -Konfiguration
- name: Docker-Abhängigkeiten installieren
apt:
name:
- ca-certificates
- curl
- gnupg
- apt-transport-https
- software-properties-common
state: present
update_cache: yes
---
# Tasks für Docker-Installation
- name: Docker-Abhängigkeiten installieren
apt:
name:
- apt-transport-https
- ca-certificates
- gnupg
- lsb-release
state: present
- name: Docker GPG-Schlüssel hinzufügen
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Docker Repository hinzufügen
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
state: present
- name: Docker installieren
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose-plugin
state: present
update_cache: yes
- name: Docker-Gruppe erstellen
group:
name: docker
state: present
- name: Benutzer zur Docker-Gruppe hinzufügen
user:
name: "{{ deploy_user }}"
groups: docker
append: yes
- name: Docker-Dienst aktivieren und starten
service:
name: docker
state: started
enabled: yes
- name: Prüfen, ob Docker funktioniert
shell: docker --version
register: docker_version
changed_when: false
- name: Docker-Version anzeigen
debug:
var: docker_version.stdout
- name: Docker GPG-Schlüssel hinzufügen
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Docker-Repository hinzufügen
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
state: present
- name: Docker installieren
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
state: present
update_cache: yes
- name: Docker-Gruppe erstellen
group:
name: docker
state: present
- name: Deploy-Benutzer zur Docker-Gruppe hinzufügen
user:
name: "{{ deploy_user }}"
groups: docker
append: yes
- name: Docker-Service aktivieren und starten
systemd:
name: docker
state: started
enabled: yes
- name: Docker Compose herunterladen
get_url:
url: "https://github.com/docker/compose/releases/download/v{{ docker_compose_version }}/docker-compose-Linux-x86_64"
dest: /usr/local/bin/docker-compose
mode: '0755'
- name: Docker-Verzeichnisse und -Dateien kopieren
copy:
src: "{{ playbook_dir }}/../docker/"
dest: "{{ deploy_root }}/docker/"
directory_mode: '0755'
mode: '0644'
- name: Docker Compose-Datei kopieren
copy:
src: "{{ playbook_dir }}/../docker-compose.yml"
dest: "{{ deploy_root }}/docker-compose.yml"
mode: '0644'
- name: Docker GPG-Schlüssel hinzufügen
apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: present
- name: Docker Repository hinzufügen
apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
state: present
- name: Docker Engine installieren
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose-plugin
state: present
update_cache: yes
- name: Docker Compose installieren (V1 als Fallback)
get_url:
url: "https://github.com/docker/compose/releases/download/v{{ docker_compose_version }}/docker-compose-linux-x86_64"
dest: /usr/local/bin/docker-compose
mode: '0755'
- name: Benutzer zur Docker-Gruppe hinzufügen
user:
name: "{{ ansible_user }}"
groups: docker
append: yes
- name: Docker-Service starten und aktivieren
service:
name: docker
state: started
enabled: yes
notify: restart docker
- name: Starte Docker-Container via Compose
community.docker.docker_compose_v2:
#project_src: "{{ playbook_dir | dirname }}/../" # ggf. anpassen auf deinen Compose-Pfad!
project_src: "{{ deploy_root }}"
build: always
recreate: always
when: false

22
.deployment-backup/x_ansible/roles/nginx/defaults/main.yml Normal file
View File

@@ -0,0 +1,22 @@
---
# Standardwerte für die Nginx-Rolle
# Nginx-Konfiguration
nginx_worker_processes: auto
nginx_worker_connections: 1024
# Nginx-Verzeichnisse
nginx_target_dir: "{{ deploy_root }}/docker/nginx"
# SSL-Verzeichnisse
nginx_ssl_dest_dir: "{{ deploy_root }}/ssl"
# Deployment-Verzeichnisse
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
# Benutzer
deploy_user: "{{ ansible_user | default('deploy') }}"
# Domain
app_domain: "localhost"

0
.deployment-backup/x_ansible/roles/nginx/files/docker-entrypoint.sh Normal file
View File

14
.deployment-backup/x_ansible/roles/nginx/handlers/main.yml Normal file
View File

@@ -0,0 +1,14 @@
- name: reload nginx
ansible.builtin.shell: |
# Versuche unterschiedliche Container-Namen und Methoden
CONTAINER_ID=$(docker ps -q --filter name=michaelschiemer_nginx || docker ps -q --filter name=nginx)
if [ -n "$CONTAINER_ID" ]; then
docker exec $CONTAINER_ID nginx -s reload || true
else
# Wenn Container nicht gefunden, versuche Neustart über Docker Compose
cd {{ deploy_root }} && \
docker-compose -f {{ deploy_root }}/docker-compose-simple.yml restart nginx || true
fi
args:
executable: /bin/bash
ignore_errors: yes

299
.deployment-backup/x_ansible/roles/nginx/tasks/main.yml Normal file
View File

@@ -0,0 +1,299 @@
---
- name: Stelle sicher, dass Nginx-Verzeichnisse existieren
ansible.builtin.file:
path: "{{ nginx_target_dir }}"
state: directory
recurse: yes
mode: '0755'
- name: Kopiere Nginx-Konfigurationsdateien
ansible.builtin.copy:
src: "{{ playbook_dir }}/../docker/nginx/{{ item }}"
dest: "{{ nginx_target_dir }}/{{ item }}"
mode: '0644'
loop:
- nginx.conf
- default.conf
notify: reload nginx
- name: Erstelle nginx.conf
ansible.builtin.copy:
dest: "{{ nginx_target_dir }}/nginx.conf"
content: |
user nginx;
worker_processes {{ nginx_worker_processes }};
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections {{ nginx_worker_connections }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
mode: '0644'
- name: Überprüfe ob default.conf ein Verzeichnis ist
stat:
path: "{{ nginx_target_dir }}/default.conf"
register: default_conf_stat
- name: Entferne default.conf Verzeichnis falls es existiert
file:
path: "{{ nginx_target_dir }}/default.conf"
state: absent
when: default_conf_stat.stat.exists and default_conf_stat.stat.isdir
- name: Erstelle default.conf
ansible.builtin.copy:
dest: "{{ nginx_target_dir }}/default.conf"
content: |
server {
listen 80;
listen [::]:80;
server_name {{ app_domain }};
# Weiterleitung auf HTTPS, wenn verfügbar
# location / {
# return 301 https://$host$request_uri;
# }
root /var/www/html/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Vite Dev Server Proxy (deaktiviert)
# include /etc/nginx/vite-proxy.inc;
}
# HTTPS Server
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ app_domain }};
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/html/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Vite Dev Server Proxy (deaktiviert)
# include /etc/nginx/vite-proxy.inc;
}
mode: '0644'
- name: Prüfe ob vite-proxy.inc existiert
stat:
path: "{{ nginx_vite_proxy_src }}"
register: vite_proxy_exists
delegate_to: localhost
become: false
---
# Tasks für Nginx-Konfiguration
- name: Nginx-Konfigurationsverzeichnis erstellen
file:
path: "{{ deploy_root }}/docker/nginx"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
- name: Erstelle Nginx-Hauptkonfiguration
copy:
dest: "{{ deploy_root }}/docker/nginx/nginx.conf"
content: |
user nginx;
worker_processes {{ nginx_worker_processes }};
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections {{ nginx_worker_connections }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
notify: reload nginx
- name: Erstelle Nginx-Default-Konfiguration
copy:
dest: "{{ deploy_root }}/docker/nginx/default.conf"
content: |
server {
listen 80;
server_name {{ app_domain }} localhost;
root /var/www/html/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'
notify: reload nginx
- name: Kopiere richtige vite-proxy.inc je nach Umgebung (falls vorhanden)
ansible.builtin.copy:
src: "{{ nginx_vite_proxy_src }}"
dest: "{{ nginx_target_dir }}/vite-proxy.inc"
mode: '0644'
notify: reload nginx
when: vite_proxy_exists.stat.exists
- name: Überprüfe ob vite-proxy.inc ein Verzeichnis ist
stat:
path: "{{ nginx_target_dir }}/vite-proxy.inc"
register: vite_proxy_stat
- name: Entferne vite-proxy.inc Verzeichnis falls es existiert
file:
path: "{{ nginx_target_dir }}/vite-proxy.inc"
state: absent
when: vite_proxy_stat.stat.exists and vite_proxy_stat.stat.isdir
- name: Erstelle Standard vite-proxy.inc Datei (falls nicht vorhanden)
ansible.builtin.copy:
dest: "{{ nginx_target_dir }}/vite-proxy.inc"
content: |
# Standard Vite Proxy Konfiguration
location /@vite/ {
proxy_pass http://localhost:5173/;
proxy_set_header Host $host;
}
location /@fs/ {
proxy_pass http://localhost:5173/;
proxy_set_header Host $host;
}
location /node_modules/ {
proxy_pass http://localhost:5173/node_modules/;
proxy_set_header Host $host;
}
mode: '0644'
notify: reload nginx
when: not vite_proxy_exists.stat.exists
- name: Überprüfe ob docker-entrypoint.sh ein Verzeichnis ist
stat:
path: "{{ nginx_target_dir }}/docker-entrypoint.sh"
register: entrypoint_stat
- name: Entferne docker-entrypoint.sh Verzeichnis falls es existiert
file:
path: "{{ nginx_target_dir }}/docker-entrypoint.sh"
state: absent
when: entrypoint_stat.stat.exists and entrypoint_stat.stat.isdir
- name: Erstelle docker-entrypoint Skript
ansible.builtin.copy:
dest: "{{ nginx_target_dir }}/docker-entrypoint.sh"
content: |
#!/bin/sh
# Überprüfe SSL-Zertifikate und erstelle selbstsignierte, wenn keine vorhanden sind
if [ ! -f /etc/nginx/ssl/fullchain.pem ] || [ ! -f /etc/nginx/ssl/privkey.pem ]; then
echo "Keine SSL-Zertifikate gefunden, erstelle selbstsignierte Zertifikate..."
mkdir -p /etc/nginx/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/nginx/ssl/privkey.pem \
-out /etc/nginx/ssl/fullchain.pem \
-subj "/CN=localhost"
fi
# Starte Nginx im Vordergrund
echo "Starte Nginx..."
exec nginx -g 'daemon off;'
mode: '0755'
- name: Baue und starte Nginx-Container (optional, wenn Compose separat genutzt wird, dann hier nicht nötig)
ansible.builtin.shell: |
export DOCKER_BUILDKIT=0
docker-compose -f "{{ deploy_root }}/docker-compose-simple.yml" up -d --build nginx
args:
chdir: "{{ deploy_root }}"
executable: /bin/bash
when: nginx_target_dir is defined and deploy_root is defined
register: nginx_compose_result
ignore_errors: true
environment:
COMPOSE_IGNORE_ORPHANS: "True"
PATH: "/usr/local/bin:/usr/bin:/bin"
- name: Zeige Compose-Resultat
ansible.builtin.debug:
var: nginx_compose_result.stdout_lines
when: nginx_compose_result is defined

0
.deployment-backup/x_ansible/roles/nginx/templates/default.conf.j2 Normal file
View File

0
.deployment-backup/x_ansible/roles/nginx/templates/nginx.conf.j2 Normal file
View File

23
.deployment-backup/x_ansible/roles/php/defaults/main.yml Normal file
View File

@@ -0,0 +1,23 @@
---
# Standardwerte für die PHP-Rolle
---
# Standardwerte für die PHP-Rolle
# PHP-Version
php_version: "8.1"
# PHP-Erweiterungen
php_extensions:
- zip
- pdo
- pdo_mysql
- opcache
# PHP-Version
php_version: "8.4"
# Deployment-Verzeichnisse
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
# Benutzer
deploy_user: "{{ ansible_user | default('deploy') }}"

33
.deployment-backup/x_ansible/roles/php/tasks/main.yml Normal file
View File

@@ -0,0 +1,33 @@
---
# PHP Installation und Konfiguration
- name: Stelle sicher, dass das PHP-Docker-Verzeichnis existiert
file:
path: "{{ deploy_root }}/docker/php"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
- name: Erstelle einfache PHP-Dockerfile
copy:
dest: "{{ deploy_root }}/docker/php/Dockerfile-simple"
content: |
FROM php:8.1-fpm
RUN apt-get update && apt-get install -y \
git \
unzip \
libzip-dev \
zip \
&& docker-php-ext-install zip pdo pdo_mysql \
&& docker-php-ext-install opcache \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /var/www/html
CMD ["php-fpm"]
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'

19
.deployment-backup/x_ansible/roles/redis/defaults/main.yml Normal file
View File

@@ -0,0 +1,19 @@
---
# Standardwerte für die Redis-Rolle
---
# Standardwerte für die Redis-Rolle
# Redis-Speicherlimit
redis_maxmemory: "128mb"
# Redis-Port
redis_port: 6379
# Deployment-Verzeichnisse
deploy_root: /var/www/michaelschiemer
# Benutzer
deploy_user: "{{ ansible_user | default('deploy') }}"
# Redis-Konfiguration
redis_maxmemory: "256mb"
redis_port: 6379

72
.deployment-backup/x_ansible/roles/redis/tasks/main.yml Normal file
View File

@@ -0,0 +1,72 @@
---
# Redis Installation und Konfiguration
- name: Stelle sicher, dass das Redis-Docker-Verzeichnis existiert
file:
path: "{{ deploy_root }}/docker/redis"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
- name: Erstelle Redis-Konfiguration
copy:
dest: "{{ deploy_root }}/docker/redis/redis.conf"
content: |
bind 0.0.0.0
protected-mode yes
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize no
supervised no
pidfile /var/run/redis_6379.pid
loglevel notice
logfile ""
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir ./
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
slave-priority 100
maxmemory {{ redis_maxmemory | default('128mb') }}
maxmemory-policy allkeys-lru
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0644'

12
.deployment-backup/x_ansible/roles/setup/defaults/main.yml Normal file
View File

@@ -0,0 +1,12 @@
---
# Standardwerte für die Setup-Rolle
# Verzeichnisse
deploy_root: /var/www/michaelschiemer
deploy_public: "{{ deploy_root }}/public"
# Benutzer
deploy_user: "{{ ansible_user | default('deploy') }}"
# Domain
app_domain: "localhost"

4
.deployment-backup/x_ansible/roles/setup/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: Reload nginx
service:
name: nginx
state: reloaded

47
.deployment-backup/x_ansible/roles/setup/tasks/main.yml Normal file
View File

@@ -0,0 +1,47 @@
- name: Docker installieren
apt:
name:
- docker.io
- docker-compose
state: present
update_cache: yes
- name: Certbot + Plugin installieren
apt:
name:
- certbot
- python3-certbot-nginx
state: present
update_cache: yes
- name: Challenge-Verzeichnis für Let's Encrypt anlegen
file:
path: /var/www/html/.well-known/acme-challenge
state: directory
owner: www-data
group: www-data
mode: '0755'
recurse: yes
- name: Füge Let's Encrypt Challenge-Pfad in den Nginx-Vhost ein
blockinfile:
path: /etc/nginx/sites-available/default
marker: "# {mark} ANSIBLE LETSENCRYPT"
insertafter: "^\\s*server\\s*{"
block: |
location ^~ /.well-known/acme-challenge/ {
root /var/www/html;
allow all;
default_type "text/plain";
}
notify: Reload nginx
- name: Let's Encrypt Zertifikat anfordern
command: >
certbot --nginx -n --agree-tos --redirect
-m kontakt@michaelschiemer.de
-d test.michaelschiemer.de
args:
creates: /etc/letsencrypt/live/test.michaelschiemer.de/fullchain.pem

18
.deployment-backup/x_ansible/roles/system_update/tasks/main.yml Normal file
View File

@@ -0,0 +1,18 @@
- name: Systempakete aktualisieren
apt:
update_cache: yes
upgrade: safe
autoremove: yes
autoclean: yes
register: upgrade_result
become: true
- name: Zeige ggf. Anzahl aktualisierter Pakete
debug:
msg: "Anzahl aktualisierter Pakete: {{ upgrade_result.stdout_lines | default([]) | length }}"
- name: Reboot durchführen, wenn notwendig
reboot:
msg: "Reboot wegen Kernel-/System-Update erforderlich"
pre_reboot_delay: 30
when: upgrade_result.changed

50
.deployment-backup/x_ansible/roles/webserver/tasks/main.yml Normal file
View File

@@ -0,0 +1,50 @@
- name: Certbot + Plugin installieren
apt:
name:
- certbot
- python3-certbot-nginx
state: present
update_cache: yes
when: letsencrypt_enabled
- name: Challenge-Verzeichnis für Let's Encrypt anlegen
file:
path: "{{ app_public }}/.well-known/acme-challenge"
state: directory
owner: www-data
group: www-data
mode: '0755'
recurse: yes
when: letsencrypt_enabled and letsencrypt_certbot_method == 'webroot'
- name: Stoppe Nginx für Standalone-Methode
service:
name: nginx
state: stopped
when: letsencrypt_enabled and letsencrypt_certbot_method == 'standalone'
- name: Let's Encrypt Zertifikat anfordern (Standalone)
command: >
certbot certonly --standalone -n --agree-tos
-m {{ app_email }}
-d {{ app_domain }}
args:
creates: /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem
when: letsencrypt_enabled and letsencrypt_certbot_method == 'standalone'
- name: Let's Encrypt Zertifikat anfordern (Webroot)
command: >
certbot certonly --webroot -w {{ app_public }} -n --agree-tos
-m {{ app_email }}
-d {{ app_domain }}
args:
creates: /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem
when: letsencrypt_enabled and letsencrypt_certbot_method == 'webroot'
- name: Kopiere SSL-Zertifikate für Docker
copy:
src: "/etc/letsencrypt/live/{{ app_domain }}/"
dest: "{{ app_root }}/ssl/"
remote_src: yes
mode: '0644'
when: letsencrypt_enabled

27
.deployment-backup/x_ansible/root_ansible.cfg Normal file
View File

@@ -0,0 +1,27 @@
[defaults]
#inventory = ./ansible/inventory.ini
inventory = ./ansible/inventory/hosts.ini
roles_path = ./ansible/roles
playbook_dir = ./ansible
remote_tmp = ~/.ansible/tmp
forks = 5
timeout = 10
retry_files_enabled = False
deprecation_warnings = False
interpreter_python = auto_silent
#stdout_callback = json
host_key_checking = False
command_warnings = False
gathering = smart
fact_caching = jsonfile
fact_caching_connection = .ansible/cache
fact_caching_timeout = 3600
[privilege_escalation]
become = true
become_method = sudo
become_user = root
[ssh_connection]
pipelining = true
ssh_args = -o ControlMaster=auto -o ControlPersist=60s

43
.deployment-backup/x_ansible/setup.sh Executable file
View File

@@ -0,0 +1,43 @@
#!/bin/bash
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
echo "=== Ansible-Setup für michaelschiemer.de ==="
echo "Dieses Script vereinfacht die Ausführung der Ansible-Playbooks."
if [ "$#" -lt 1 ]; then
echo "Verwendung: $0 [setup|deploy] [Zielumgebung]"
echo "Beispiel: $0 setup staging"
echo "Beispiel: $0 deploy production"
exit 1
fi
ACTION=$1
ENVIRONMENT=${2:-staging} # Standard ist staging
echo "Aktion: $ACTION"
echo "Zielumgebung: $ENVIRONMENT"
echo ""
# Wechsle in das Ansible-Verzeichnis
cd "$SCRIPT_DIR"
if [ "$ACTION" == "setup" ]; then
echo "Führe Server-Setup für $ENVIRONMENT aus..."
ansible-playbook -i inventory/hosts.ini setup.yml --limit $ENVIRONMENT -v
exit_code=$?
elif [ "$ACTION" == "deploy" ]; then
echo "Führe Deployment für $ENVIRONMENT aus..."
ansible-playbook -i inventory/hosts.ini playbooks/deploy.yml --limit $ENVIRONMENT -v
exit_code=$?
else
echo "Unbekannte Aktion: $ACTION"
echo "Erlaubte Aktionen: setup, deploy"
exit 1
fi
if [ $exit_code -eq 0 ]; then
echo "\n✅ Ansible-Ausführung erfolgreich abgeschlossen!"
else
echo "\n❌ Ansible-Ausführung fehlgeschlagen mit Fehlercode $exit_code"
fi

134
.deployment-backup/x_ansible/setup.yml Normal file
View File

@@ -0,0 +1,134 @@
---
# Basis-Setup für Server
# Dieses Playbook richtet grundlegende Komponenten auf den Zielsystemen ein
- name: Basis-Setup für alle Zielsysteme
hosts: all
become: true
gather_facts: true
pre_tasks:
- name: Aktualisiere den Paket-Cache
apt:
update_cache: yes
cache_valid_time: 3600
when: ansible_os_family == "Debian"
tags: [system, update]
---
# Basis-Setup für Server
# Dieses Playbook richtet grundlegende Komponenten auf den Zielsystemen ein
- name: Basis-Setup für alle Zielsysteme
hosts: all
become: true
gather_facts: true
pre_tasks:
- name: Debug Variablen
debug:
msg:
- "Host: {{ inventory_hostname }}"
- "Umgebung: {{ environment | default('undefiniert') }}"
- "deploy_root: {{ deploy_root | default('undefiniert') }}"
- "deploy_user: {{ deploy_user | default('undefiniert') }}"
tags: [always, debug]
roles:
- common
- docker
- webserver
post_tasks:
- name: Zeige Erfolgsmeldung
debug:
msg: "Basiseinrichtung auf {{ inventory_hostname }} abgeschlossen"
tags: [always]
- name: Installiere grundlegende Pakete
apt:
name:
- curl
- wget
- vim
- htop
- git
- zip
- unzip
- python3-pip
state: present
when: ansible_os_family == "Debian"
tags: [system, packages]
roles:
- common
- docker
- webserver
---
- name: Basis-Setup für alle Zielsysteme
hosts: web
become: true
gather_facts: true
pre_tasks:
- name: Überprüfe Serververbindung
ping:
tags: [always, check]
- name: Zeige Server-Informationen
debug:
msg: "Verbunden mit {{ inventory_hostname }} ({{ ansible_host | default('IP unbekannt') }})"
tags: [always, check]
roles:
- common
- docker
post_tasks:
- name: Stelle sicher, dass Zielverzeichnisse existieren
file:
path: "{{ item }}"
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
mode: '0755'
loop:
- "{{ deploy_root }}"
- "{{ deploy_root }}/public"
- "{{ deploy_root }}/ssl"
- "{{ deploy_root }}/src"
- "{{ deploy_root }}/docker"
- "{{ deploy_root }}/docker/nginx"
- "{{ deploy_root }}/docker/php"
tags: [setup, folders]
- name: Erstelle Test-HTML-Datei
copy:
dest: "{{ deploy_root }}/public/index.html"
content: |
<!DOCTYPE html>
<html>
<head>
<title>Server Setup erfolgreich</title>
<style>
body { font-family: Arial, sans-serif; margin: 40px; }
h1 { color: #3273dc; }
.container { max-width: 800px; margin: 0 auto; padding: 20px; border: 1px solid #eee; border-radius: 5px; }
</style>
</head>
<body>
<div class="container">
<h1>Server-Setup erfolgreich!</h1>
<p>Diese Seite bestätigt, dass die grundlegende Servereinrichtung abgeschlossen ist.</p>
<p>Als nächstes können Sie das Deployment ausführen mit:</p>
<pre>./ansible/deploy.sh {{ environment | default('staging') }}</pre>
</div>
</body>
</html>
mode: '0644'
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
tags: [setup, test]
post_tasks:
- name: Zeige Erfolgsmeldung
debug:
msg: "Basiseinrichtung auf {{ inventory_hostname }} abgeschlossen"
tags: [always]