From f3921c62f057cc3651af3ef0f39458f35fff93e3 Mon Sep 17 00:00:00 2001 From: LeeMyeongJin Date: Tue, 24 Feb 2026 08:42:58 +0900 Subject: [PATCH 1/3] =?UTF-8?q?chore:=20S3=20=EC=A7=84=EB=8B=A8=20?= =?UTF-8?q?=ED=8C=8C=EC=9D=BC=20=EC=9D=BD=EA=B8=B0=20=EC=9B=8C=ED=81=AC?= =?UTF-8?q?=ED=94=8C=EB=A1=9C=EC=9A=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ec2-reboot.yml | 101 +++++++++++-------------------- 1 file changed, 35 insertions(+), 66 deletions(-) diff --git a/.github/workflows/ec2-reboot.yml b/.github/workflows/ec2-reboot.yml index 9b975a5..cab09a7 100644 --- a/.github/workflows/ec2-reboot.yml +++ b/.github/workflows/ec2-reboot.yml @@ -1,11 +1,11 @@ -name: EC2-DIAGNOSTIC +name: EC2-READ-DIAGNOSTIC on: workflow_dispatch: jobs: - diagnose: - name: Diagnose EC2 Instance + read-diag: + name: Read S3 Diagnostic runs-on: ubuntu-latest steps: @@ -16,37 +16,8 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_PROD_SECRET_KEY }} aws-region: ap-northeast-2 - - name: Check IAM identity and permissions + - name: Check latest CodeDeploy deployment run: | - echo "=== IAM 정보 ===" - aws sts get-caller-identity 2>&1 || true - - echo "" - echo "=== IAM 정책 확인 ===" - ACCOUNT=$(aws sts get-caller-identity --query Account --output text 2>/dev/null) - USER_NAME=$(aws sts get-caller-identity --query Arn --output text 2>/dev/null | awk -F'/' '{print $NF}') - echo "Account: $ACCOUNT" - echo "User: $USER_NAME" - - echo "" - echo "=== Attached Policies ===" - aws iam list-attached-user-policies --user-name "$USER_NAME" 2>&1 || echo "IAM 정책 조회 권한 없음" - - echo "" - echo "=== Inline Policies ===" - aws iam list-user-policies --user-name "$USER_NAME" 2>&1 || echo "IAM 인라인 정책 조회 권한 없음" - - - name: CodeDeploy deployment group info - run: | - echo "=== 배포 그룹 상세 ===" - aws deploy get-deployment-group \ - --application-name runnect-prod-codedeploy \ - --deployment-group-name runnect-prod-codedeploy-group \ - --output json 2>&1 || echo "배포 그룹 조회 실패" - - - name: Latest deployment details - run: | - echo "=== 최근 배포 목록 ===" LATEST=$(aws deploy list-deployments \ --application-name runnect-prod-codedeploy \ --deployment-group-name runnect-prod-codedeploy-group \ @@ -54,43 +25,41 @@ jobs: --output text 2>/dev/null) echo "Latest deployment: $LATEST" - if [ -n "$LATEST" ] && [ "$LATEST" != "None" ]; then - echo "" - echo "=== 배포 상세 ===" - aws deploy get-deployment --deployment-id "$LATEST" --output json 2>&1 - - echo "" - echo "=== 배포 인스턴스 목록 ===" - aws deploy list-deployment-instances --deployment-id "$LATEST" --output json 2>&1 || echo "인스턴스 목록 조회 실패" - - echo "" - echo "=== 배포 타겟 상세 ===" - INSTANCE_IDS=$(aws deploy list-deployment-instances --deployment-id "$LATEST" --query "instancesList" --output text 2>/dev/null) - for INST in $INSTANCE_IDS; do - echo "--- Instance: $INST ---" - aws deploy get-deployment-instance --deployment-id "$LATEST" --instance-id "$INST" --output json 2>&1 || echo "조회 실패" - done - fi + aws deploy get-deployment --deployment-id "$LATEST" \ + --query "deploymentInfo.{status:status, createTime:createTime, completeTime:completeTime}" \ + --output json 2>&1 - - name: Check SSM access + - name: List S3 diagnostics run: | - echo "=== SSM 인스턴스 목록 ===" - aws ssm describe-instance-information --output json 2>&1 || echo "SSM 권한 없음" - - - name: Try EC2 describe (may fail) - run: | - echo "=== EC2 인스턴스 조회 시도 ===" - aws ec2 describe-instances --output json 2>&1 || echo "EC2 권한 없음" + echo "=== S3 diagnostics 폴더 ===" + aws s3 ls s3://runnect-prod-bucket/diagnostics/ 2>&1 || echo "diagnostics 폴더 없거나 접근 불가" echo "" - echo "=== Elastic IP 조회 시도 ===" - aws ec2 describe-addresses --public-ips 3.35.195.11 2>&1 || echo "Elastic IP 조회 실패" + echo "=== S3 버킷 전체 목록 ===" + aws s3 ls s3://runnect-prod-bucket/ 2>&1 || echo "S3 접근 실패" - echo "" - echo "=== 보안 그룹 조회 시도 ===" - aws ec2 describe-security-groups 2>&1 || echo "보안 그룹 조회 실패" + - name: Download and display diagnostic file + run: | + echo "=== 진단 파일 다운로드 시도 ===" + LATEST_FILE=$(aws s3 ls s3://runnect-prod-bucket/diagnostics/ --recursive 2>/dev/null | sort | tail -1 | awk '{print $4}') - - name: Check S3 bucket + if [ -n "$LATEST_FILE" ]; then + echo "Found: $LATEST_FILE" + aws s3 cp "s3://runnect-prod-bucket/$LATEST_FILE" /tmp/diagnostic.txt 2>&1 + echo "" + echo "=== DIAGNOSTIC CONTENTS ===" + cat /tmp/diagnostic.txt + else + echo "진단 파일이 없습니다." + echo "" + echo "S3에 직접 접근하여 모든 파일 확인..." + aws s3 ls s3://runnect-prod-bucket/ --recursive 2>&1 | tail -20 + fi + + - name: Health check from GitHub Actions run: | - echo "=== S3 버킷 확인 ===" - aws s3 ls s3://runnect-prod-bucket/ 2>&1 || echo "S3 접근 실패" + echo "=== External Health Check ===" + for PORT in 80 8081 8082; do + HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 5 --max-time 10 http://3.35.195.11:$PORT/actuator/health 2>/dev/null || echo "000") + echo "Port $PORT: HTTP $HTTP_CODE" + done From 10b1f84abbb50e25607528d87a87d1c5ec1f90ce Mon Sep 17 00:00:00 2001 From: LeeMyeongJin Date: Tue, 24 Feb 2026 08:44:30 +0900 Subject: [PATCH 2/3] =?UTF-8?q?chore:=20CodeDeploy=20lifecycle=20=EB=A1=9C?= =?UTF-8?q?=EA=B7=B8=20=EC=A1=B0=ED=9A=8C=20=EC=9B=8C=ED=81=AC=ED=94=8C?= =?UTF-8?q?=EB=A1=9C=EC=9A=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ec2-reboot.yml | 70 +++++++++++++------------------- 1 file changed, 29 insertions(+), 41 deletions(-) diff --git a/.github/workflows/ec2-reboot.yml b/.github/workflows/ec2-reboot.yml index cab09a7..cd04cac 100644 --- a/.github/workflows/ec2-reboot.yml +++ b/.github/workflows/ec2-reboot.yml @@ -1,11 +1,11 @@ -name: EC2-READ-DIAGNOSTIC +name: EC2-READ-DEPLOY-LOG on: workflow_dispatch: jobs: - read-diag: - name: Read S3 Diagnostic + read-log: + name: Read CodeDeploy Logs runs-on: ubuntu-latest steps: @@ -16,50 +16,38 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_PROD_SECRET_KEY }} aws-region: ap-northeast-2 - - name: Check latest CodeDeploy deployment + - name: Get deployment lifecycle events run: | - LATEST=$(aws deploy list-deployments \ + echo "=== 최근 배포 목록 (최대 5개) ===" + DEPLOYMENTS=$(aws deploy list-deployments \ --application-name runnect-prod-codedeploy \ --deployment-group-name runnect-prod-codedeploy-group \ - --query "deployments[0]" \ + --query "deployments[:5]" \ --output text 2>/dev/null) - echo "Latest deployment: $LATEST" + echo "Deployments: $DEPLOYMENTS" - aws deploy get-deployment --deployment-id "$LATEST" \ - --query "deploymentInfo.{status:status, createTime:createTime, completeTime:completeTime}" \ - --output json 2>&1 - - - name: List S3 diagnostics - run: | - echo "=== S3 diagnostics 폴더 ===" - aws s3 ls s3://runnect-prod-bucket/diagnostics/ 2>&1 || echo "diagnostics 폴더 없거나 접근 불가" - - echo "" - echo "=== S3 버킷 전체 목록 ===" - aws s3 ls s3://runnect-prod-bucket/ 2>&1 || echo "S3 접근 실패" + for DEP_ID in $DEPLOYMENTS; do + echo "" + echo "================================================" + echo "=== Deployment: $DEP_ID ===" + echo "================================================" - - name: Download and display diagnostic file - run: | - echo "=== 진단 파일 다운로드 시도 ===" - LATEST_FILE=$(aws s3 ls s3://runnect-prod-bucket/diagnostics/ --recursive 2>/dev/null | sort | tail -1 | awk '{print $4}') + aws deploy get-deployment --deployment-id "$DEP_ID" \ + --query "deploymentInfo.{status:status, createTime:createTime, completeTime:completeTime, error:errorInformation}" \ + --output json 2>&1 - if [ -n "$LATEST_FILE" ]; then - echo "Found: $LATEST_FILE" - aws s3 cp "s3://runnect-prod-bucket/$LATEST_FILE" /tmp/diagnostic.txt 2>&1 - echo "" - echo "=== DIAGNOSTIC CONTENTS ===" - cat /tmp/diagnostic.txt - else - echo "진단 파일이 없습니다." echo "" - echo "S3에 직접 접근하여 모든 파일 확인..." - aws s3 ls s3://runnect-prod-bucket/ --recursive 2>&1 | tail -20 - fi - - - name: Health check from GitHub Actions - run: | - echo "=== External Health Check ===" - for PORT in 80 8081 8082; do - HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 5 --max-time 10 http://3.35.195.11:$PORT/actuator/health 2>/dev/null || echo "000") - echo "Port $PORT: HTTP $HTTP_CODE" + echo "--- Instance lifecycle events ---" + INSTANCES=$(aws deploy list-deployment-instances \ + --deployment-id "$DEP_ID" \ + --query "instancesList" \ + --output text 2>/dev/null) + + for INST in $INSTANCES; do + echo "Instance: $INST" + aws deploy get-deployment-instance \ + --deployment-id "$DEP_ID" \ + --instance-id "$INST" \ + --output json 2>&1 + done done From 03955a7a6f79567a12cec79e298b2628a64c8d66 Mon Sep 17 00:00:00 2001 From: LeeMyeongJin Date: Tue, 24 Feb 2026 08:46:20 +0900 Subject: [PATCH 3/3] =?UTF-8?q?fix:=20deploy.sh=20=EB=B0=A9=ED=99=94?= =?UTF-8?q?=EB=B2=BD=20=EC=B4=88=EA=B8=B0=ED=99=94=20+=20Nginx=20=EA=B0=95?= =?UTF-8?q?=EC=A0=9C=20=EC=9E=AC=EC=8B=9C=EC=9E=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/deploy.sh | 101 +++++++++++----------------------------------- 1 file changed, 24 insertions(+), 77 deletions(-) diff --git a/scripts/deploy.sh b/scripts/deploy.sh index c7db67c..f2b55e4 100644 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -77,87 +77,34 @@ do sleep 10 done -echo "> Nginx 상태 확인" -if ! sudo systemctl is-active --quiet nginx; then - echo "> Nginx가 중지되어 있습니다. 재시작합니다." - sudo systemctl start nginx - sleep 2 - if sudo systemctl is-active --quiet nginx; then - echo "> Nginx 재시작 성공" - else - echo "> Nginx 재시작 실패. 상태:" - sudo systemctl status nginx - fi +echo "> Nginx 상태 확인 및 복구" +sudo systemctl stop nginx 2>/dev/null || true +sleep 1 +sudo systemctl start nginx +sleep 2 +if sudo systemctl is-active --quiet nginx; then + echo "> Nginx 시작 성공" else - echo "> Nginx 정상 구동 중" + echo "> Nginx 시작 실패. 강제 재시작 시도..." + sudo killall nginx 2>/dev/null || true + sleep 1 + sudo nginx + sleep 2 fi +echo "> 방화벽 규칙 초기화 (인바운드 트래픽 허용)" +# UFW 비활성화 +sudo ufw disable 2>/dev/null || true + +# iptables 초기화 - 모든 트래픽 허용 +sudo iptables -P INPUT ACCEPT 2>/dev/null || true +sudo iptables -P FORWARD ACCEPT 2>/dev/null || true +sudo iptables -P OUTPUT ACCEPT 2>/dev/null || true +sudo iptables -F 2>/dev/null || true +sudo iptables -X 2>/dev/null || true + echo "> 스위칭" sleep 10 /home/ubuntu/app/nonstop/switch.sh -echo "> 배포 완료. 진단 정보 수집 중..." - -DIAG_FILE="/tmp/server-diagnostic-$(date +%Y%m%d-%H%M%S).txt" -{ - echo "========== SERVER DIAGNOSTIC ==========" - echo "Date: $(date)" - echo "" - - echo "=== Public IP (EC2 metadata) ===" - curl -s --connect-timeout 3 http://169.254.169.254/latest/meta-data/public-ipv4 2>/dev/null || echo "메타데이터 접근 불가" - echo "" - - echo "=== Network Interfaces ===" - ip addr show 2>/dev/null || ifconfig 2>/dev/null - echo "" - - echo "=== Nginx Status ===" - sudo systemctl status nginx 2>&1 - echo "" - - echo "=== Nginx Config ===" - sudo nginx -T 2>&1 - echo "" - - echo "=== Listening Ports ===" - sudo ss -tlnp 2>/dev/null || sudo netstat -tlnp 2>/dev/null - echo "" - - echo "=== Java Processes ===" - pgrep -a java 2>/dev/null || echo "Java 프로세스 없음" - echo "" - - echo "=== iptables Rules ===" - sudo iptables -L -n 2>/dev/null || echo "iptables 조회 실패" - echo "" - - echo "=== Localhost Health Check ===" - curl -s http://localhost:8081/actuator/health 2>/dev/null - echo "" - curl -s http://localhost:8082/actuator/health 2>/dev/null - echo "" - curl -s http://localhost/actuator/health 2>/dev/null - echo "" - curl -s http://localhost/profile 2>/dev/null - echo "" - - echo "=== Disk Usage ===" - df -h 2>/dev/null - echo "" - - echo "=== Memory Usage ===" - free -h 2>/dev/null - echo "" - - echo "=== nohup.out (last 50 lines) ===" - tail -50 /home/ubuntu/app/nohup.out 2>/dev/null || echo "nohup.out 없음" - echo "" - - echo "========== END DIAGNOSTIC ==========" -} > "$DIAG_FILE" 2>&1 - -echo "> 진단 결과를 S3에 업로드..." -aws s3 cp "$DIAG_FILE" s3://runnect-prod-bucket/diagnostics/$(basename "$DIAG_FILE") 2>&1 || echo "> S3 업로드 실패" - -echo "> 진단 완료" +echo "> 배포 완료"