From c60c881f5a17d702f76523090cb8b7f22517f7eb Mon Sep 17 00:00:00 2001
From: fencl <martin@martinfencl.eu>
Date: Sun, 5 Oct 2025 13:27:22 +0200
Subject: [PATCH] .

---
 nextcloud/update_uptime_kuma.yml | 91 ++++++++++++++++++++++++--------
 1 file changed, 70 insertions(+), 21 deletions(-)

diff --git a/nextcloud/update_uptime_kuma.yml b/nextcloud/update_uptime_kuma.yml
index 31b7c76..86ea768 100644
--- a/nextcloud/update_uptime_kuma.yml
+++ b/nextcloud/update_uptime_kuma.yml
@@ -13,9 +13,8 @@
     vm_pass: "{{ lookup('env', 'VM_PASS') }}"
     use_sudo: false
 
-    # --- Debug toggle ---
-     # Set DEBUG=1 in Semaphore to see full stdout/stderr (disables no_log)
-    debug: "{{ (lookup('env','DEBUG') | default('0')) | bool }}"
+    # --- Debug toggle (set DEBUG=1 in Semaphore to see raw stdout/stderr) ---
+    kuma_debug: "{{ (lookup('env','DEBUG') | default('0')) | bool }}"
 
     # --- Uptime Kuma specifics ---
     kuma_project: "uptime-kuma"                    # docker compose project name
@@ -25,7 +24,7 @@
     kuma_port: 3001
     kuma_url: "{{ lookup('env', 'KUMA_URL') | default('', true) }}"  # optional public URL
 
-    # Fixed container name used in your compose (conflicts if an older non-compose/Portainer container exists)
+    # Fixed container name used in your compose (may conflict with pre-existing container)
     kuma_container_name: "uptime-kuma-dev"
     kuma_force_replace_conflict: true              # remove conflicting container automatically
     kuma_remove_orphans: true                      # remove containers not present in the compose file
@@ -36,7 +35,7 @@
     # Docker command prefix (consistent behavior and quiet hints)
     docker_prefix: "unalias docker 2>/dev/null || true; DOCKER_CLI_HINTS=0; command docker"
 
-    # Commands to run on the target VM (outputs are kept visible when debug=true)
+    # Commands to run on the target VM (outputs are visible when kuma_debug=true)
     kuma_commands:
       # 0) pull image (helpful cache warm-up)
       - "{{ docker_prefix }} pull -q {{ kuma_image }}"
@@ -59,10 +58,43 @@
         update_cache: yes
 
     # -------------------------
-    # Preflight checks
+    # Preflight: connectivity and inputs
     # -------------------------
 
-    - name: Preflight | Ensure compose file exists on VM
+    - name: Preflight | Validate required inputs are present
+      ansible.builtin.assert:
+        that:
+          - vm_ip   | length > 0
+          - vm_user | length > 0
+          - vm_pass | length > 0
+        fail_msg: "Missing VM connection variables (VM_IP/VM_USER/VM_PASS). Check Semaphore template variables."
+        success_msg: "Inputs look good."
+
+    - name: Preflight | Check SSH connectivity to VM
+      ansible.builtin.command:
+        argv:
+          - sshpass
+          - -p
+          - "{{ vm_pass }}"
+          - ssh
+          - -o
+          - StrictHostKeyChecking=no
+          - -o
+          - ConnectTimeout=8
+          - "{{ vm_user }}@{{ vm_ip }}"
+          - bash
+          - -lc
+          - "echo OK"
+      register: preflight_ssh_ok
+      changed_when: false
+      failed_when: preflight_ssh_ok.rc != 0 or (preflight_ssh_ok.stdout | trim) != 'OK'
+      no_log: "{{ not kuma_debug }}"
+
+    # -------------------------
+    # Preflight: compose sanity
+    # -------------------------
+
+    - name: Preflight | Compose file exists on VM (do not fail here)
       ansible.builtin.command:
         argv:
           - sshpass
@@ -79,10 +111,10 @@
           - "test -r {{ kuma_compose_file }}"
       register: preflight_compose_exists
       changed_when: false
-      failed_when: preflight_compose_exists.rc != 0
-      no_log: "{{ not debug }}"
+      failed_when: false
+      no_log: "{{ not kuma_debug }}"
 
-    - name: Preflight | Validate compose file syntax
+    - name: Preflight | Validate compose file syntax (do not fail here)
       ansible.builtin.command:
         argv:
           - sshpass
@@ -99,10 +131,10 @@
           - "{{ docker_prefix }} compose -f {{ kuma_compose_file }} config -q"
       register: preflight_compose_valid
       changed_when: false
-      failed_when: preflight_compose_valid.rc != 0
-      no_log: "{{ not debug }}"
+      failed_when: false
+      no_log: "{{ not kuma_debug }}"
 
-    - name: Preflight | Ensure service exists in compose file
+    - name: Preflight | Ensure service exists in compose (do not fail here)
       ansible.builtin.command:
         argv:
           - sshpass
@@ -120,8 +152,25 @@
             {{ docker_prefix }} compose -f {{ kuma_compose_file }} config --services | grep -x {{ kuma_service }}
       register: preflight_service_exists
       changed_when: false
-      failed_when: preflight_service_exists.rc != 0
-      no_log: "{{ not debug }}"
+      failed_when: false
+      no_log: "{{ not kuma_debug }}"
+
+    - name: Preflight | Assert compose prerequisites
+      ansible.builtin.assert:
+        that:
+          - preflight_compose_exists.rc == 0
+          - preflight_compose_valid.rc  == 0
+          - preflight_service_exists.rc == 0
+        fail_msg: >-
+          Compose preflight failed on {{ vm_ip }} as {{ vm_user }}.
+          - exists: rc={{ preflight_compose_exists.rc }}
+          - syntax: rc={{ preflight_compose_valid.rc }}
+          - service "{{ kuma_service }}": rc={{ preflight_service_exists.rc }}
+          Hints:
+            * Verify {{ kuma_compose_file }} path on VM and its permissions.
+            * Check that service name in the compose matches "kuma_service".
+            * If SSH connectivity is flaky, re-check VM_IP/USER/PASS.
+        success_msg: "Compose file present, valid, and service '{{ kuma_service }}' found."
 
     - name: Preflight | Ensure Kuma data dir exists (host path from compose)
       ansible.builtin.command:
@@ -139,7 +188,7 @@
           - -lc
           - "mkdir -p {{ kuma_data_dir }}"
       changed_when: false
-      no_log: "{{ not debug }}"
+      no_log: "{{ not kuma_debug }}"
 
     - name: Preflight | Detect conflicting container by fixed name
       ansible.builtin.command:
@@ -159,7 +208,7 @@
       register: kuma_conflict
       changed_when: false
       failed_when: false
-      no_log: "{{ not debug }}"
+      no_log: "{{ not kuma_debug }}"
 
     - name: Preflight | Remove conflicting container if present (and allowed)
       ansible.builtin.command:
@@ -180,7 +229,7 @@
         - kuma_force_replace_conflict | bool
         - (kuma_conflict.stdout | default('') | trim) | length > 0
       changed_when: true
-      no_log: "{{ not debug }}"
+      no_log: "{{ not kuma_debug }}"
 
     # -------------------------
     # Update commands
@@ -196,7 +245,7 @@
           - -o
           - StrictHostKeyChecking=no
           - -o
-          - ConnectTimeout=15
+          - ConnectTimeout=20
           - "{{ vm_user }}@{{ vm_ip }}"
           - bash
           - -lc
@@ -205,7 +254,7 @@
       register: kuma_cmds
       changed_when: false
       ignore_errors: true
-      no_log: "{{ not debug }}"
+      no_log: "{{ not kuma_debug }}"
 
     - name: Show summarized outputs for each command (sanitized)
       ansible.builtin.debug:
@@ -315,4 +364,4 @@
     - name: Kuma | Not ready after retries
       ansible.builtin.debug:
         msg: "Kuma web není dostupná ani po pokusech."
-      when: not kuma_ready
+      when: not kuma_ready
\ No newline at end of file