feat: CI/CD pipeline setup complete - Ansible playbooks updated, secrets configured, workflow ready

deployment/scripts/setup-production.sh

@@ -0,0 +1,211 @@
+#!/bin/bash
+set -e
+
+# Setup Production Server
+# This script performs initial production server setup with Ansible
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+DEPLOYMENT_DIR="$(dirname "$SCRIPT_DIR")"
+ANSIBLE_DIR="$DEPLOYMENT_DIR/ansible"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+echo ""
+echo "🚀 Production Server Setup"
+echo "=========================="
+echo ""
+
+# Function to print colored messages
+print_success() {
+    echo -e "${GREEN}✅ $1${NC}"
+}
+
+print_error() {
+    echo -e "${RED}❌ $1${NC}"
+}
+
+print_warning() {
+    echo -e "${YELLOW}⚠️  $1${NC}"
+}
+
+print_info() {
+    echo -e "${BLUE}ℹ️  $1${NC}"
+}
+
+# Check if running from correct directory
+if [ ! -f "$ANSIBLE_DIR/ansible.cfg" ]; then
+    print_error "Error: Must run from deployment/scripts directory"
+    exit 1
+fi
+
+cd "$ANSIBLE_DIR"
+
+# Step 1: Check Prerequisites
+echo "Step 1: Checking Prerequisites"
+echo "------------------------------"
+
+# Check Ansible installed
+if ! command -v ansible &> /dev/null; then
+    print_error "Ansible is not installed"
+    echo ""
+    echo "Install Ansible:"
+    echo "  pip install ansible"
+    exit 1
+fi
+print_success "Ansible is installed: $(ansible --version | head -n1)"
+
+# Check Ansible playbooks exist
+if [ ! -f "$ANSIBLE_DIR/playbooks/setup-production-secrets.yml" ]; then
+    print_error "Ansible playbooks not found"
+    exit 1
+fi
+print_success "Ansible playbooks found"
+
+# Check SSH key
+SSH_KEY="$HOME/.ssh/production"
+if [ ! -f "$SSH_KEY" ]; then
+    print_warning "SSH key not found: $SSH_KEY"
+    echo ""
+    read -p "Do you want to create SSH key now? (y/N): " -n 1 -r
+    echo
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        ssh-keygen -t ed25519 -f "$SSH_KEY" -C "ansible-deploy"
+        chmod 600 "$SSH_KEY"
+        chmod 644 "$SSH_KEY.pub"
+        print_success "SSH key created"
+        echo ""
+        echo "📋 Public key:"
+        cat "$SSH_KEY.pub"
+        echo ""
+        print_warning "You must add this public key to the production server:"
+        echo "   ssh-copy-id -i $SSH_KEY.pub deploy@94.16.110.151"
+        echo ""
+        read -p "Press ENTER after adding SSH key to server..."
+    else
+        print_error "SSH key is required for Ansible"
+        exit 1
+    fi
+else
+    print_success "SSH key found: $SSH_KEY"
+fi
+
+echo ""
+
+# Step 2: Setup Ansible Secrets
+echo "Step 2: Setup Ansible Secrets"
+echo "-----------------------------"
+
+# Check if vault file exists
+if [ ! -f "$ANSIBLE_DIR/secrets/production.vault.yml" ]; then
+    print_warning "Vault file not found"
+    echo ""
+    read -p "Do you want to run init-secrets.sh now? (Y/n): " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Nn]$ ]]; then
+        "$ANSIBLE_DIR/scripts/init-secrets.sh"
+    else
+        print_error "Vault file is required"
+        exit 1
+    fi
+else
+    print_success "Vault file exists"
+fi
+
+# Check vault password file
+if [ ! -f "$ANSIBLE_DIR/secrets/.vault_pass" ]; then
+    print_error "Vault password file not found: secrets/.vault_pass"
+    echo ""
+    echo "Run init-secrets.sh to create vault password file:"
+    echo "  $ANSIBLE_DIR/scripts/init-secrets.sh"
+    exit 1
+fi
+print_success "Vault password file found"
+
+# Verify vault can be decrypted
+if ! ansible-vault view "$ANSIBLE_DIR/secrets/production.vault.yml" \
+    --vault-password-file "$ANSIBLE_DIR/secrets/.vault_pass" > /dev/null 2>&1; then
+    print_error "Failed to decrypt vault file"
+    echo "Check your vault password in: secrets/.vault_pass"
+    exit 1
+fi
+print_success "Vault file can be decrypted"
+
+echo ""
+
+# Step 3: Test Connection
+echo "Step 3: Test Connection to Production"
+echo "-------------------------------------"
+
+if ansible production -m ping 2>&1 | grep -q "SUCCESS"; then
+    print_success "Connection to production server successful"
+else
+    print_error "Connection to production server failed"
+    echo ""
+    echo "Troubleshooting steps:"
+    echo "1. Test SSH manually: ssh -i $SSH_KEY deploy@94.16.110.151"
+    echo "2. Verify SSH key is added: ssh-copy-id -i $SSH_KEY.pub deploy@94.16.110.151"
+    echo "3. Check inventory file: cat $ANSIBLE_DIR/inventory/production.yml"
+    exit 1
+fi
+
+echo ""
+
+# Step 4: Deploy Secrets to Production
+echo "Step 4: Deploy Secrets to Production"
+echo "------------------------------------"
+
+read -p "Deploy secrets to production server? (Y/n): " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Nn]$ ]]; then
+    print_info "Deploying secrets to production..."
+    echo ""
+
+    if ansible-playbook "$ANSIBLE_DIR/playbooks/setup-production-secrets.yml" \
+        --vault-password-file "$ANSIBLE_DIR/secrets/.vault_pass"; then
+        print_success "Secrets deployed successfully"
+    else
+        print_error "Failed to deploy secrets"
+        exit 1
+    fi
+else
+    print_warning "Skipped secrets deployment"
+fi
+
+echo ""
+
+# Step 5: Verify Docker Services
+echo "Step 5: Verify Docker Services"
+echo "------------------------------"
+
+print_info "Checking Docker services on production..."
+echo ""
+
+ssh -i "$SSH_KEY" deploy@94.16.110.151 "docker node ls" || true
+echo ""
+ssh -i "$SSH_KEY" deploy@94.16.110.151 "docker service ls" || true
+
+echo ""
+
+# Summary
+echo ""
+echo "✅ Production Server Setup Complete!"
+echo "===================================="
+echo ""
+echo "Next Steps:"
+echo ""
+echo "1. Verify secrets are deployed:"
+echo "   ssh -i $SSH_KEY deploy@94.16.110.151 'cat /home/deploy/secrets/.env'"
+echo ""
+echo "2. Deploy your application:"
+echo "   $SCRIPT_DIR/deploy.sh <image-tag>"
+echo ""
+echo "3. Monitor deployment:"
+echo "   ssh -i $SSH_KEY deploy@94.16.110.151 'docker service logs -f app_app'"
+echo ""
+echo "📖 For more information, see: $ANSIBLE_DIR/README.md"
+echo ""