Woolfer0097 · Woolfer0097 · Mar 11, 2026 · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026
diff --git a/.github/workflows/ansible-deploy.yml b/.github/workflows/ansible-deploy.yml
@@ -0,0 +1,115 @@
+name: Ansible Deployment
+
+on:
+  push:
+    branches: [ main, master, lab6 ]
+    paths:
+      - 'ansible/**'
+      - '.github/workflows/ansible-deploy.yml'
+  pull_request:
+    branches: [ main, master ]
+    paths:
+      - 'ansible/**'
+      - '.github/workflows/ansible-deploy.yml'
+
+env:
+  WORKING_DIR: ./ansible
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible ansible-lint
+          ansible-galaxy collection install community.docker
+
+      - name: Create vault password file
+        working-directory: ./ansible
+        env:
+          ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+        run: |
+          echo "$ANSIBLE_VAULT_PASSWORD" > .vault_pass
+
+      - name: Run ansible-lint
+        working-directory: ${{ env.WORKING_DIR }}
+        run: |
+          ansible-lint playbooks/*.yml
+
+  deploy:
+    name: Deploy Application
+    needs: lint
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+
+      - name: Install Ansible
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible
+          ansible-galaxy collection install community.docker
+
+      - name: Setup SSH
+        env:
+          VM_HOST: ${{ secrets.VM_HOST }}
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H "$VM_HOST" >> ~/.ssh/known_hosts
+
+      - name: Prepare inventory and vault password
+        env:
+          VM_HOST: ${{ secrets.VM_HOST }}
+          VM_USER: ${{ secrets.VM_USER }}
+          ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+        run: |
+          printf "[webservers]\nwoolfer-vm ansible_host=%s ansible_user=%s\n" "$VM_HOST" "$VM_USER" > "${{ env.WORKING_DIR }}/inventory/hosts.ini"
+          echo "$ANSIBLE_VAULT_PASSWORD" > "${{ env.WORKING_DIR }}/.vault_pass"
+
+      - name: Deploy with Ansible
+        working-directory: ${{ env.WORKING_DIR }}
+        run: |
+          ansible-playbook playbooks/deploy.yml --tags "app_deploy"
+          rm -f .vault_pass
+
+      - name: Verify Deployment via SSH tunnel
+        env:
+          VM_HOST: ${{ secrets.VM_HOST }}
+          VM_USER: ${{ secrets.VM_USER }}
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          APP_PORT: ${{ secrets.APP_PORT }}
+          HEALTHCHECK_PATH: ${{ secrets.HEALTHCHECK_PATH }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H "$VM_HOST" >> ~/.ssh/known_hosts
+
+          APP_PORT="${APP_PORT:-8000}"
+          HEALTHCHECK_PATH="${HEALTHCHECK_PATH:-/health}"
+
+          ssh -f -N -L 8000:localhost:${APP_PORT} ${VM_USER}@${VM_HOST}
+
+          curl -fsS "http://localhost:${APP_PORT}${HEALTHCHECK_PATH}"
+
diff --git a/ansible/docs/LAB06.md b/ansible/docs/LAB06.md
diff --git a/ansible/docs/image.png b/ansible/docs/image.png
diff --git a/ansible/inventory/hosts.ini b/ansible/inventory/hosts.ini
@@ -1,2 +1,2 @@
 [webservers]
-woolfer-vm ansible_host=84.252.128.111 ansible_user=ubuntu
+woolfer-vm ansible_host=158.160.56.244 ansible_user=ubuntu
diff --git a/ansible/playbooks/deploy.yml b/ansible/playbooks/deploy.yml
@@ -1,9 +1,10 @@
 ---
 - name: Deploy application
   hosts: webservers
-  become: yes
+  become: true
   vars_files:
     - "{{ playbook_dir }}/../group_vars/all.yml"
 
   roles:
-    - app_deploy
+    - role: web_app
+      tags: [web_app]
diff --git a/ansible/playbooks/provision.yml b/ansible/playbooks/provision.yml
@@ -1,8 +1,10 @@
 ---
 - name: Provision web servers
   hosts: webservers
-  become: yes
+  become: true
 
   roles:
-    - common
-    - docker
+    - role: common
+      tags: [common]
+    - role: docker
+      tags: [docker]
diff --git a/ansible/playbooks/site.yml b/ansible/playbooks/site.yml
@@ -0,0 +1,4 @@
+---
+- name: Site playbook (placeholder)
+  hosts: webservers
+  gather_facts: false
diff --git a/ansible/roles/app_deploy/defaults/main.yml b/ansible/roles/app_deploy/defaults/main.yml
diff --git a/ansible/roles/app_deploy/handlers/main.yml b/ansible/roles/app_deploy/handlers/main.yml
diff --git a/ansible/roles/app_deploy/tasks/main.yml b/ansible/roles/app_deploy/tasks/main.yml
diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml
@@ -9,4 +9,9 @@ common_packages:
   - gnupg
   - lsb-release
 
-common_timezone: "UTC"
+common_timezone: "UTC"
+
+common_users:
+  - name: devops
+    groups: [sudo]
+    shell: /bin/bash
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
@@ -1,14 +1,61 @@
 ---
-- name: Update apt cache
-  apt:
-    update_cache: yes
-    cache_valid_time: 3600
-
-- name: Install common packages
-  apt:
-    name: "{{ common_packages }}"
-    state: present
-
-- name: Set timezone
-  timezone:
-    name: "{{ common_timezone }}"
+- name: Common | Packages
+  become: true
+  tags:
+    - packages
+  block:
+    - name: Update apt cache
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 3600
+
+    - name: Install common packages
+      ansible.builtin.apt:
+        name: "{{ common_packages }}"
+        state: present
+
+  rescue:
+    - name: Retry apt cache update
+      ansible.builtin.apt:
+        update_cache: true
+
+    - name: Retry installing common packages
+      ansible.builtin.apt:
+        name: "{{ common_packages }}"
+        state: present
+
+  always:
+    - name: Log packages block completion
+      ansible.builtin.copy:
+        dest: /tmp/ansible-common-packages.done
+        content: "common packages block completed on {{ ansible_date_time.iso8601 }}\n"
+        mode: "0644"
+
+- name: Common | Users
+  when: (common_users | length) > 0
+  become: true
+  tags:
+    - users
+  block:
+    - name: Ensure users exist
+      ansible.builtin.user:
+        name: "{{ item.name }}"
+        groups: "{{ item.groups | default(omit) }}"
+        shell: "{{ item.shell | default(omit) }}"
+        state: present
+        create_home: true
+      loop: "{{ common_users }}"
+
+  always:
+    - name: Log users block completion
+      ansible.builtin.copy:
+        dest: /tmp/ansible-common-users.done
+        content: "common users block completed on {{ ansible_date_time.iso8601 }}\n"
+        mode: "0644"
+
+- name: Common | Set timezone
+  community.general.timezone:
+    name: "{{ common_timezone }}"
+  become: true
+  tags:
+    - common
diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml
@@ -8,4 +8,4 @@ docker_packages:
 
 docker_user: "{{ ansible_user | default('ubuntu') }}"
 docker_apt_repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
-docker_gpg_url: "https://download.docker.com/linux/ubuntu/gpg"
+docker_gpg_url: "https://download.docker.com/linux/ubuntu/gpg"
diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: restart docker
-  service:
+- name: Restart Docker
+  ansible.builtin.service:
     name: docker
-    state: restarted
+    state: restarted