Merge pull request #185 from Runnect/dev

thingineeer · web-flow · commit de2057e81bd6 · 2026-02-24T08:46:39.000+09:00
[Fix] - deploy.sh 방화벽 초기화 + Nginx 강제 재시작
diff --git a/.github/workflows/ec2-reboot.yml b/.github/workflows/ec2-reboot.yml
@@ -1,11 +1,11 @@
-name: EC2-DIAGNOSTIC
+name: EC2-READ-DEPLOY-LOG
 
 on:
   workflow_dispatch:
 
 jobs:
-  diagnose:
-    name: Diagnose EC2 Instance
+  read-log:
+    name: Read CodeDeploy Logs
     runs-on: ubuntu-latest
 
     steps:
@@ -16,81 +16,38 @@ jobs:
         aws-secret-access-key: ${{ secrets.AWS_PROD_SECRET_KEY }}
         aws-region: ap-northeast-2
 
-    - name: Check IAM identity and permissions
+    - name: Get deployment lifecycle events
       run: |
-        echo "=== IAM 정보 ==="
-        aws sts get-caller-identity 2>&1 || true
-
-        echo ""
-        echo "=== IAM 정책 확인 ==="
-        ACCOUNT=$(aws sts get-caller-identity --query Account --output text 2>/dev/null)
-        USER_NAME=$(aws sts get-caller-identity --query Arn --output text 2>/dev/null | awk -F'/' '{print $NF}')
-        echo "Account: $ACCOUNT"
-        echo "User: $USER_NAME"
-
-        echo ""
-        echo "=== Attached Policies ==="
-        aws iam list-attached-user-policies --user-name "$USER_NAME" 2>&1 || echo "IAM 정책 조회 권한 없음"
-
-        echo ""
-        echo "=== Inline Policies ==="
-        aws iam list-user-policies --user-name "$USER_NAME" 2>&1 || echo "IAM 인라인 정책 조회 권한 없음"
-
-    - name: CodeDeploy deployment group info
-      run: |
-        echo "=== 배포 그룹 상세 ==="
-        aws deploy get-deployment-group \
-          --application-name runnect-prod-codedeploy \
-          --deployment-group-name runnect-prod-codedeploy-group \
-          --output json 2>&1 || echo "배포 그룹 조회 실패"
-
-    - name: Latest deployment details
-      run: |
-        echo "=== 최근 배포 목록 ==="
-        LATEST=$(aws deploy list-deployments \
+        echo "=== 최근 배포 목록 (최대 5개) ==="
+        DEPLOYMENTS=$(aws deploy list-deployments \
           --application-name runnect-prod-codedeploy \
           --deployment-group-name runnect-prod-codedeploy-group \
-          --query "deployments[0]" \
+          --query "deployments[:5]" \
           --output text 2>/dev/null)
-        echo "Latest deployment: $LATEST"
+        echo "Deployments: $DEPLOYMENTS"
 
-        if [ -n "$LATEST" ] && [ "$LATEST" != "None" ]; then
+        for DEP_ID in $DEPLOYMENTS; do
           echo ""
-          echo "=== 배포 상세 ==="
-          aws deploy get-deployment --deployment-id "$LATEST" --output json 2>&1
+          echo "================================================"
+          echo "=== Deployment: $DEP_ID ==="
+          echo "================================================"
 
-          echo ""
-          echo "=== 배포 인스턴스 목록 ==="
-          aws deploy list-deployment-instances --deployment-id "$LATEST" --output json 2>&1 || echo "인스턴스 목록 조회 실패"
+          aws deploy get-deployment --deployment-id "$DEP_ID" \
+            --query "deploymentInfo.{status:status, createTime:createTime, completeTime:completeTime, error:errorInformation}" \
+            --output json 2>&1
 
           echo ""
-          echo "=== 배포 타겟 상세 ==="
-          INSTANCE_IDS=$(aws deploy list-deployment-instances --deployment-id "$LATEST" --query "instancesList" --output text 2>/dev/null)
-          for INST in $INSTANCE_IDS; do
-            echo "--- Instance: $INST ---"
-            aws deploy get-deployment-instance --deployment-id "$LATEST" --instance-id "$INST" --output json 2>&1 || echo "조회 실패"
+          echo "--- Instance lifecycle events ---"
+          INSTANCES=$(aws deploy list-deployment-instances \
+            --deployment-id "$DEP_ID" \
+            --query "instancesList" \
+            --output text 2>/dev/null)
+
+          for INST in $INSTANCES; do
+            echo "Instance: $INST"
+            aws deploy get-deployment-instance \
+              --deployment-id "$DEP_ID" \
+              --instance-id "$INST" \
+              --output json 2>&1
           done
-        fi
-
-    - name: Check SSM access
-      run: |
-        echo "=== SSM 인스턴스 목록 ==="
-        aws ssm describe-instance-information --output json 2>&1 || echo "SSM 권한 없음"
-
-    - name: Try EC2 describe (may fail)
-      run: |
-        echo "=== EC2 인스턴스 조회 시도 ==="
-        aws ec2 describe-instances --output json 2>&1 || echo "EC2 권한 없음"
-
-        echo ""
-        echo "=== Elastic IP 조회 시도 ==="
-        aws ec2 describe-addresses --public-ips 3.35.195.11 2>&1 || echo "Elastic IP 조회 실패"
-
-        echo ""
-        echo "=== 보안 그룹 조회 시도 ==="
-        aws ec2 describe-security-groups 2>&1 || echo "보안 그룹 조회 실패"
-
-    - name: Check S3 bucket
-      run: |
-        echo "=== S3 버킷 확인 ==="
-        aws s3 ls s3://runnect-prod-bucket/ 2>&1 || echo "S3 접근 실패"
+        done
diff --git a/scripts/deploy.sh b/scripts/deploy.sh
@@ -77,87 +77,34 @@ do
   sleep 10
 done
 
-echo "> Nginx 상태 확인"
-if ! sudo systemctl is-active --quiet nginx; then
-  echo "> Nginx가 중지되어 있습니다. 재시작합니다."
-  sudo systemctl start nginx
-  sleep 2
-  if sudo systemctl is-active --quiet nginx; then
-    echo "> Nginx 재시작 성공"
-  else
-    echo "> Nginx 재시작 실패. 상태:"
-    sudo systemctl status nginx
-  fi
+echo "> Nginx 상태 확인 및 복구"
+sudo systemctl stop nginx 2>/dev/null || true
+sleep 1
+sudo systemctl start nginx
+sleep 2
+if sudo systemctl is-active --quiet nginx; then
+  echo "> Nginx 시작 성공"
 else
-  echo "> Nginx 정상 구동 중"
+  echo "> Nginx 시작 실패. 강제 재시작 시도..."
+  sudo killall nginx 2>/dev/null || true
+  sleep 1
+  sudo nginx
+  sleep 2
 fi
 
+echo "> 방화벽 규칙 초기화 (인바운드 트래픽 허용)"
+# UFW 비활성화
+sudo ufw disable 2>/dev/null || true
+
+# iptables 초기화 - 모든 트래픽 허용
+sudo iptables -P INPUT ACCEPT 2>/dev/null || true
+sudo iptables -P FORWARD ACCEPT 2>/dev/null || true
+sudo iptables -P OUTPUT ACCEPT 2>/dev/null || true
+sudo iptables -F 2>/dev/null || true
+sudo iptables -X 2>/dev/null || true
+
 echo "> 스위칭"
 sleep 10
 /home/ubuntu/app/nonstop/switch.sh
 
-echo "> 배포 완료. 진단 정보 수집 중..."
-
-DIAG_FILE="/tmp/server-diagnostic-$(date +%Y%m%d-%H%M%S).txt"
-{
-  echo "========== SERVER DIAGNOSTIC =========="
-  echo "Date: $(date)"
-  echo ""
-
-  echo "=== Public IP (EC2 metadata) ==="
-  curl -s --connect-timeout 3 http://169.254.169.254/latest/meta-data/public-ipv4 2>/dev/null || echo "메타데이터 접근 불가"
-  echo ""
-
-  echo "=== Network Interfaces ==="
-  ip addr show 2>/dev/null || ifconfig 2>/dev/null
-  echo ""
-
-  echo "=== Nginx Status ==="
-  sudo systemctl status nginx 2>&1
-  echo ""
-
-  echo "=== Nginx Config ==="
-  sudo nginx -T 2>&1
-  echo ""
-
-  echo "=== Listening Ports ==="
-  sudo ss -tlnp 2>/dev/null || sudo netstat -tlnp 2>/dev/null
-  echo ""
-
-  echo "=== Java Processes ==="
-  pgrep -a java 2>/dev/null || echo "Java 프로세스 없음"
-  echo ""
-
-  echo "=== iptables Rules ==="
-  sudo iptables -L -n 2>/dev/null || echo "iptables 조회 실패"
-  echo ""
-
-  echo "=== Localhost Health Check ==="
-  curl -s http://localhost:8081/actuator/health 2>/dev/null
-  echo ""
-  curl -s http://localhost:8082/actuator/health 2>/dev/null
-  echo ""
-  curl -s http://localhost/actuator/health 2>/dev/null
-  echo ""
-  curl -s http://localhost/profile 2>/dev/null
-  echo ""
-
-  echo "=== Disk Usage ==="
-  df -h 2>/dev/null
-  echo ""
-
-  echo "=== Memory Usage ==="
-  free -h 2>/dev/null
-  echo ""
-
-  echo "=== nohup.out (last 50 lines) ==="
-  tail -50 /home/ubuntu/app/nohup.out 2>/dev/null || echo "nohup.out 없음"
-  echo ""
-
-  echo "========== END DIAGNOSTIC =========="
-} > "$DIAG_FILE" 2>&1
-
-echo "> 진단 결과를 S3에 업로드..."
-aws s3 cp "$DIAG_FILE" s3://runnect-prod-bucket/diagnostics/$(basename "$DIAG_FILE") 2>&1 || echo "> S3 업로드 실패"
-
-echo "> 진단 완료"
+echo "> 배포 완료"
