fix: исправлены пути /ansible/ → /workspace/ в converge.yml
- Исправлены все пути с /ansible/ на /workspace/ - Исправлен путь к playbook на /workspace/molecule/default/site.yml - Обновлены пути для vault файлов - Обновлен ANSIBLE_ROLES_PATH Автор: Сергей Антропов Сайт: https://devops.org.ru
This commit is contained in:
Сергей Антропов
@@ -8,10 +8,10 @@
|
|||||||
|
|
||||||
# перечисли файлы/глобы, которые нужно временно расшифровать
|
# перечисли файлы/глобы, которые нужно временно расшифровать
|
||||||
vault_targets:
|
vault_targets:
|
||||||
- /ansible/vault/secrets.yml
|
- /workspace/vault/secrets.yml
|
||||||
- /ansible/files/playbooks/group_vars/*/vault.yml
|
- /workspace/files/playbooks/group_vars/*/vault.yml
|
||||||
- /ansible/files/playbooks/host_vars/*/vault.yml
|
- /workspace/files/playbooks/host_vars/*/vault.yml
|
||||||
- /ansible/roles/**/vars/vault.yml
|
- /workspace/roles/**/vars/vault.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Load preset configuration
|
- name: Load preset configuration
|
||||||
@@ -19,10 +19,10 @@
|
|||||||
when: preset_file is file
|
when: preset_file is file
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: Install collections
|
# - name: Install collections
|
||||||
community.docker.docker_container_exec:
|
# community.docker.docker_container_exec:
|
||||||
container: ansible-controller
|
# container: ansible-controller
|
||||||
command: bash -lc "ansible-galaxy collection install -r /ansible/requirements.yml --force --no-deps --upgrade >/dev/null 2>&1 || true"
|
# command: bash -lc "ansible-galaxy collection install -r /workspace/requirements.yml --force --no-deps --upgrade >/dev/null 2>&1 || true"
|
||||||
|
|
||||||
- name: Preflight vault — normalize state (encrypt if plaintext, then decrypt)
|
- name: Preflight vault — normalize state (encrypt if plaintext, then decrypt)
|
||||||
community.docker.docker_container_exec:
|
community.docker.docker_container_exec:
|
||||||
@@ -37,10 +37,10 @@
|
|||||||
echo "[vault] already encrypted: $f";
|
echo "[vault] already encrypted: $f";
|
||||||
else
|
else
|
||||||
echo "[vault] plaintext -> encrypt: $f";
|
echo "[vault] plaintext -> encrypt: $f";
|
||||||
ansible-vault encrypt --encrypt-vault-id default --vault-password-file /ansible/vault-password.txt "$f";
|
ansible-vault encrypt --encrypt-vault-id default --vault-password-file /workspace/vault-password.txt "$f";
|
||||||
fi
|
fi
|
||||||
echo "[vault] decrypt for run: $f";
|
echo "[vault] decrypt for run: $f";
|
||||||
ansible-vault decrypt --vault-password-file /ansible/vault-password.txt "$f";
|
ansible-vault decrypt --vault-password-file /workspace/vault-password.txt "$f";
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
'
|
'
|
||||||
@@ -50,8 +50,8 @@
|
|||||||
container: ansible-controller
|
container: ansible-controller
|
||||||
command: >
|
command: >
|
||||||
bash -lc "
|
bash -lc "
|
||||||
ANSIBLE_ROLES_PATH=/ansible/roles
|
ANSIBLE_ROLES_PATH=/workspace/roles
|
||||||
ansible-playbook -i {{ lookup('env','MOLECULE_EPHEMERAL_DIRECTORY') }}/inventory/hosts.ini /ansible/files/playbooks/site.yml
|
ansible-playbook -i {{ lookup('env','MOLECULE_EPHEMERAL_DIRECTORY') }}/inventory/hosts.ini /workspace/molecule/default/site.yml
|
||||||
"
|
"
|
||||||
|
|
||||||
- name: Post-run — re-encrypt secrets
|
- name: Post-run — re-encrypt secrets
|
||||||
@@ -67,7 +67,7 @@
|
|||||||
echo "[vault] ok (encrypted): $f";
|
echo "[vault] ok (encrypted): $f";
|
||||||
else
|
else
|
||||||
echo "[vault] encrypt back: $f";
|
echo "[vault] encrypt back: $f";
|
||||||
ansible-vault encrypt --encrypt-vault-id default --vault-password-file /ansible/vault-password.txt "$f" || true;
|
ansible-vault encrypt --encrypt-vault-id default --vault-password-file /workspace/vault-password.txt "$f" || true;
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|||||||
Reference in New Issue
Block a user