jeet/OCI_Build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d2e8cc6e70775df9b43d83070a28fda3c58f3e64
OCI_Build/playbooks/redeploy.yml
T
jeet d2e8cc6e70 Fix issues 3,5,6,7,8,9,11,15,16: security hardening and reliability improvements 
- ansible.cfg: enable host_key_checking (closes #1)
- update_upgrade.yml: fix reboot crash on non-Debian hosts, exclude AnsibleHost from targets (closes #2, #7)
- deploy.yml: replace silent ignore_errors with real container health assertion (closes #3)
- redeploy.yml: same assertion fix + restic --overwrite always + RESTIC_RESTORE_PATH variable (closes #3, #4, #5)
- disaster.yml: same fixes as redeploy.yml (closes #3, #4, #5)
- docker_update_containers.yml: create missing playbook (closes #6)
- fresh_install.yml: add safety guard to abort if containers already running (closes #8)
- docker_status.yml: add become: true (closes #9)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 14:14:14 -04:00

46 lines
1.5 KiB
YAML
Raw Blame History

- name: Rebuild OCI Stack
hosts: Prod
tasks:
- include_vars: ./vault/restic/restic.yml
- name: Create folder
ansible.builtin.file:
path: ~/docker
state: directory
mode: '0755'
- name: Pull backups
ansible.builtin.shell: |
unset HISTFILE
export RESTIC_REPOSITORY={{ RESTIC_REPOSITORY }}
export AWS_ACCESS_KEY_ID={{ AWS_ACCESS_KEY_ID }}
export AWS_SECRET_ACCESS_KEY={{ AWS_SECRET_ACCESS_KEY }}
export RESTIC_PASSWORD={{ RESTIC_PASSWORD }}
cd ~/docker
# RESTIC_RESTORE_PATH: verify with 'restic snapshots' before running
# Updated from /source/gcloud — set the correct snapshot path in vault/restic/restic.yml
restic restore latest:{{ RESTIC_RESTORE_PATH }} --target ./ --overwrite always
- name: Start container using Docker Compose
ansible.builtin.command:
cmd: docker compose up -d
chdir: ~/docker
- name: Pause for 30 seconds to allow containers to stabilize
ansible.builtin.pause:
seconds: 30
- name: Verify all containers are running
ansible.builtin.shell: |
expected=$(docker compose config --services | wc -l | tr -d ' ')
running=$(docker compose ps --status running -q | wc -l | tr -d ' ')
if [ "$expected" != "$running" ]; then
echo "FAIL: $running/$expected containers running"
docker compose ps
exit 1
fi
echo "OK: all $running containers running"
args:
chdir: ~/docker
changed_when: false
Reference in New Issue View Git Blame Copy Permalink