Обновление проекта
Some checks failed
Ansible Testing / lint (push) Has been cancelled
Ansible Testing / test (default) (push) Has been cancelled
Ansible Testing / test (minimal) (push) Has been cancelled
Ansible Testing / test (performance) (push) Has been cancelled
Ansible Testing / deploy-check (push) Has been cancelled
Some checks failed
Ansible Testing / lint (push) Has been cancelled
Ansible Testing / test (default) (push) Has been cancelled
Ansible Testing / test (minimal) (push) Has been cancelled
Ansible Testing / test (performance) (push) Has been cancelled
Ansible Testing / deploy-check (push) Has been cancelled
This commit is contained in:
Сергей Антропов
90
molecule/presets/examples/security.yml
Normal file
90
molecule/presets/examples/security.yml
Normal file
@@ -0,0 +1,90 @@
|
||||
---
|
||||
#description: Пресет для тестирования безопасности с 10 хостами (bastion + internal + monitoring)
|
||||
# Автор: Сергей Антропов
|
||||
# Сайт: https://devops.org.ru
|
||||
|
||||
docker_network: labnet
|
||||
generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
|
||||
|
||||
# systemd-ready образы
|
||||
images:
|
||||
alt: "inecs/ansible-lab:alt-linux-latest"
|
||||
astra: "inecs/ansible-lab:astra-linux-latest"
|
||||
rhel: "inecs/ansible-lab:rhel-latest"
|
||||
centos7: "inecs/ansible-lab:centos7-latest"
|
||||
centos8: "inecs/ansible-lab:centos8-latest"
|
||||
centos9: "inecs/ansible-lab:centos9-latest"
|
||||
alma: "inecs/ansible-lab:alma-latest"
|
||||
rocky: "inecs/ansible-lab:rocky-latest"
|
||||
redos: "inecs/ansible-lab:redos-latest"
|
||||
ubuntu20: "inecs/ansible-lab:ubuntu20-latest"
|
||||
ubuntu22: "inecs/ansible-lab:ubuntu22-latest"
|
||||
ubuntu24: "inecs/ansible-lab:ubuntu24-latest"
|
||||
debian9: "inecs/ansible-lab:debian9-latest"
|
||||
debian10: "inecs/ansible-lab:debian10-latest"
|
||||
debian11: "inecs/ansible-lab:debian11-latest"
|
||||
debian12: "inecs/ansible-lab:debian12-latest"
|
||||
|
||||
systemd_defaults:
|
||||
privileged: true
|
||||
command: "/sbin/init"
|
||||
volumes:
|
||||
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
||||
tmpfs: ["/run", "/run/lock"]
|
||||
capabilities: ["SYS_ADMIN"]
|
||||
|
||||
# Описание кластера для тестирования безопасности
|
||||
hosts:
|
||||
# Bastion хосты (точки входа)
|
||||
- name: bastion1
|
||||
family: rhel
|
||||
groups: [bastion, security, jump]
|
||||
publish: ["2222:22"]
|
||||
- name: bastion2
|
||||
family: debian12
|
||||
groups: [bastion, security, jump]
|
||||
publish: ["2223:22"]
|
||||
|
||||
# Внутренние серверы (без внешнего доступа)
|
||||
- name: internal1
|
||||
family: rhel
|
||||
groups: [internal, servers, app]
|
||||
- name: internal2
|
||||
family: debian12
|
||||
groups: [internal, servers, app]
|
||||
- name: internal3
|
||||
family: rhel
|
||||
groups: [internal, servers, app]
|
||||
|
||||
# База данных (изолированная сеть)
|
||||
- name: db-secure1
|
||||
family: rhel
|
||||
groups: [database, secure, internal]
|
||||
- name: db-secure2
|
||||
family: debian12
|
||||
groups: [database, secure, internal]
|
||||
|
||||
# Мониторинг и логирование
|
||||
- name: monitor1
|
||||
family: debian12
|
||||
groups: [monitoring, security, logs]
|
||||
- name: monitor2
|
||||
family: rhel
|
||||
groups: [monitoring, security, logs]
|
||||
|
||||
# Firewall и сетевые компоненты
|
||||
- name: fw1
|
||||
family: rhel
|
||||
groups: [firewall, network, security]
|
||||
- name: fw2
|
||||
family: debian12
|
||||
groups: [firewall, network, security]
|
||||
|
||||
# DOoD узел для тестирования Docker безопасности
|
||||
- name: docker-secure
|
||||
type: dood
|
||||
family: debian12
|
||||
groups: [docker, security, apps]
|
||||
publish: ["8080:8080"]
|
||||
env:
|
||||
DOCKER_HOST: "unix:///var/run/docker.sock"
|
||||
Reference in New Issue
Block a user