diff --git a/Makefile b/Makefile index 9112990..75a9adc 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ -view create edit show delete test lint deploy: +view create edit show delete test lint deploy new: @true #################################################################################################### @@ -27,33 +27,45 @@ prune: #################################################################################################### vault: @case "$(word 2, $(MAKECMDGOALS))" in \ - show) docker compose run --rm ansible bash -c "ansible-vault view --vault-password-file vault-password.txt roles/vars/secrets.yml";; \ - create) docker compose run --rm ansible bash -c "ansible-vault create --encrypt-vault-id default --vault-password-file vault-password.txt roles/vars/secrets.yml";; \ - edit) docker compose run --rm ansible bash -c "ansible-vault edit --vault-password-file vault-password.txt roles/vars/secrets.yml";; \ - delete) docker compose run --rm ansible bash -c "rm roles/vars/secrets.yml";; \ + show) docker compose run --rm ansible bash -c "ansible-vault view --vault-password-file vault-password.txt vars/secrets.yml";; \ + create) docker compose run --rm ansible bash -c "ansible-vault create --encrypt-vault-id default --vault-password-file vault-password.txt vars/secrets.yml";; \ + edit) docker compose run --rm ansible bash -c "ansible-vault edit --vault-password-file vault-password.txt vars/secrets.yml";; \ + delete) docker compose run --rm ansible bash -c "rm vars/secrets.yml";; \ *) echo "Unknown action";; \ esac + role: @case "$(word 2, $(MAKECMDGOALS))" in \ + new) \ + clear; \ + echo "Введите название новой роли на английском:"; \ + read ROLE_NAME; \ + echo "Введите описание роли:"; \ + read ROLE_DESC; \ + cp -r default/ "roles/$${ROLE_NAME}"; \ + printf "\n- name: $${ROLE_DESC}" >> roles/deploy.yaml; \ + printf "\n import_playbook: $${ROLE_NAME}/deploy.yaml" >> roles/deploy.yaml; \ + printf '\n - /ansible/roles/%s' "$$ROLE_NAME" >> molecule/default/converge.yml; \ + printf "\n - $${ROLE_NAME}" >> roles/$$ROLE_NAME/deploy.yaml;; \ lint) \ - clear; \ - echo "Check your role..."; \ - docker compose run --rm ansible bash -c "ansible-vault decrypt --vault-password-file vault-password.txt roles/vars/secrets.yml"; \ - docker compose run --rm ansible bash -c "ansible-lint roles/*"; \ - echo " "; \ - docker compose run --rm ansible bash -c "ansible-vault encrypt roles/vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt";; \ + clear; \ + echo "Check your role..."; \ + docker compose run --rm ansible bash -c "ansible-vault decrypt --vault-password-file vault-password.txt vars/secrets.yml"; \ + docker compose run --rm ansible bash -c "ansible-lint roles/*"; \ + echo " "; \ + docker compose run --rm ansible bash -c "ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt";; \ test) \ - clear; \ - echo "Running test roles..."; \ - docker compose run --rm ansible bash -c "ansible-vault decrypt --vault-password-file vault-password.txt roles/vars/secrets.yml"; \ - docker compose run --rm ansible bash -c "molecule test --parallel"; \ - echo " "; \ - docker compose run --rm ansible bash -c "ansible-vault encrypt roles/vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt";; \ + clear; \ + echo "Running test roles..."; \ + docker compose run --rm ansible bash -c "ansible-vault decrypt --vault-password-file vault-password.txt vars/secrets.yml"; \ + docker compose run --rm ansible bash -c "molecule test --parallel"; \ + echo " "; \ + docker compose run --rm ansible bash -c "ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt";; \ deploy) \ - clear; \ - echo "Deploying roles to production..."; \ - docker compose run --rm ansible bash -c "ansible-playbook /ansible/roles/deploy.yaml";; \ + clear; \ + echo "Deploying roles to production..."; \ + docker compose run --rm ansible bash -c "ansible-playbook /ansible/roles/deploy.yaml";; \ *) echo "Unknown action";; \ esac diff --git a/README.md b/README.md index 3d9d3d5..e758d17 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,46 @@ # AnsibleTemplate +Темплейт для создания, проверки и тестирование ролей Ansible с помощью контейнеров Docker. + +### С чего начать? + +На вашей машине вам необходимо сбилдить образ, где будут запускаться все роли через docker-compose. + +- **make build** - создание контейнера +- **make rebuild** - пересоздание контейнера, если были внесены изменения в Dockerfile +- **make prune** - очистить систему от лишних образов + +### Работа с ролью +- **make role new** - создать новую роль из шаблона. Название роли пишется на английском, описание роли на любом языке +- **make role lint** - проверяет все роли в папке roles/* на наличие ошибок +- **make role test** - позволяет тестировать роль, указанную в molecule/default/converge.yml +сразу на двух контейнерах (RedHat и Ubuntu) +- **make role deploy** - запускает роль в продакшен. Все хосты берет из файла inventory/hosts + +### Работа с файлом переменных + +Все переменные защищены через **Ansible-Vault** и находятся в папке vars/secrets.yml + +Для смены пароля измените его в файле **./vault-password.txt** + +- **make vault create** - создать новый файл с учетом пароля в файле **./vault-password.txt** +- **make vault delete** - удалить файл с переменными +- **make vault edit** - отредактировать файл переменных +- **make vault show** - показать содержимое файла переменных + +### Работа с Git + +- **make push** - запушить изменения. С выбором ветки и вводом коммита. +- **make pull** - получить изменения из репы + +### Добавить свой образ контейнера для тестов + +Что бы добавить или изменить докер-образы для тестирования ролей измените файл настроек молекулы +molecule/default/molecule.yml +```yaml + - name: ubuntu-instance + image: "geerlingguy/docker-ubuntu2004-ansible:latest" + privileged: true + pre_build_image: true +``` +помните, что образ обязательно должен содержать python не ниже версии 3.12 \ No newline at end of file diff --git a/roles/role/defaults/.gitkeep b/default/defaults/.gitkeep similarity index 100% rename from roles/role/defaults/.gitkeep rename to default/defaults/.gitkeep diff --git a/roles/role/deploy.yaml b/default/deploy.yaml similarity index 76% rename from roles/role/deploy.yaml rename to default/deploy.yaml index 9119955..61ab8b8 100644 --- a/roles/role/deploy.yaml +++ b/default/deploy.yaml @@ -5,7 +5,6 @@ become_user: root become_method: ansible.builtin.sudo gather_facts: true - roles: - - role vars_files: - - ../vars/secrets.yml \ No newline at end of file + - ../../vars/secrets.yml + roles: \ No newline at end of file diff --git a/roles/role/files/.gitkeep b/default/files/.gitkeep similarity index 100% rename from roles/role/files/.gitkeep rename to default/files/.gitkeep diff --git a/roles/role/handlers/.gitkeep b/default/handlers/.gitkeep similarity index 100% rename from roles/role/handlers/.gitkeep rename to default/handlers/.gitkeep diff --git a/roles/role/meta/.gitkeep b/default/meta/.gitkeep similarity index 100% rename from roles/role/meta/.gitkeep rename to default/meta/.gitkeep diff --git a/roles/role/tasks/debian/main.yaml b/default/tasks/debian/main.yaml similarity index 100% rename from roles/role/tasks/debian/main.yaml rename to default/tasks/debian/main.yaml diff --git a/roles/role/tasks/main.yaml b/default/tasks/main.yaml similarity index 100% rename from roles/role/tasks/main.yaml rename to default/tasks/main.yaml diff --git a/roles/role/tasks/redhat/main.yaml b/default/tasks/redhat/main.yaml similarity index 100% rename from roles/role/tasks/redhat/main.yaml rename to default/tasks/redhat/main.yaml diff --git a/roles/role/templates/.gitkeep b/default/templates/.gitkeep similarity index 100% rename from roles/role/templates/.gitkeep rename to default/templates/.gitkeep diff --git a/roles/role/tests/.gitkeep b/default/tests/.gitkeep similarity index 100% rename from roles/role/tests/.gitkeep rename to default/tests/.gitkeep diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 88c42cd..749dcda 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,7 +1,6 @@ --- - name: Converge hosts: all - roles: - - /ansible/roles/role vars_files: - - ../../roles/vars/secrets.yml \ No newline at end of file + - ../../vars/secrets.yml + roles: \ No newline at end of file diff --git a/roles/deploy.yaml b/roles/deploy.yaml index 4acdabc..73b314f 100644 --- a/roles/deploy.yaml +++ b/roles/deploy.yaml @@ -1,3 +1 @@ ---- -- name: Import role - import_playbook: role/deploy.yaml \ No newline at end of file +--- \ No newline at end of file diff --git a/roles/vars/secrets.yml b/roles/vars/secrets.yml deleted file mode 100644 index b2f57d5..0000000 --- a/roles/vars/secrets.yml +++ /dev/null @@ -1,6 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -33333461346434666539316330333661306537303234306132383733633635656139623330346339 -3735343834396131623436333737363436346137613337340a393633636663346131353135313332 -35656537663832366464316538346565313236306538343537343032373161653366353665366565 -3461316135353337640a613137383034663265306666353338326135613961646364373966353863 -37313731623164303566383431613131353331363035653630313630353130623066 diff --git a/roles/vars/.gitkeep b/vars/.gitkeep similarity index 100% rename from roles/vars/.gitkeep rename to vars/.gitkeep diff --git a/vars/secrets.yml b/vars/secrets.yml new file mode 100644 index 0000000..92757ea --- /dev/null +++ b/vars/secrets.yml @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +30376237306137343436646138333634613432346133323130646136633466643964336637306434 +3963303237623565666462393234653266333036363538370a643739633530313766363035633266 +37623335383861333034653064613865396332653561356333346333373533353561663431323539 +6365636662376666380a636332333435636662303732623531613661313835376636383664373534 +30363830383731666334653635366236323262326432326338366237383533366231