diff --git a/Dockerfile b/Dockerfile index 8041c1d..d4bb7e9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,19 +6,13 @@ RUN apt-get update && apt-get install -y \ curl \ docker.io \ docker-compose \ + sshpass \ && rm -rf /var/lib/apt/lists/* -# Устанавливаем Ansible, Molecule и Ansible Vault -RUN pip install --no-cache-dir ansible ansible-vault molecule docker molecule-docker +RUN pip3 install --no-cache-dir ansible ansible-lint ansible-vault molecule docker molecule-docker # Устанавливаем Docker CLI RUN curl -fsSL https://get.docker.com | sh -# Устанавливаем рабочую директорию -WORKDIR /workspace - -# Устанавливаем роль из Ansible Galaxy (пример: geerlingguy.nginx) -#RUN ansible-galaxy role install geerlingguy.nginx - -# Указываем команду по умолчанию -CMD ["molecule", "--version"] +WORKDIR /ansible +ENTRYPOINT ["/bin/bash"] diff --git a/Makefile b/Makefile index 028eb75..3d25be6 100644 --- a/Makefile +++ b/Makefile @@ -53,38 +53,23 @@ logs: docker compose logs --tail=100 -f $(c) shell: - docker compose exec ansible-molecule bash + docker compose exec ansible bash -# Создание новой роли с помощью Molecule -create: - docker compose run --rm ansible-molecule sh -c "ansible-galaxy role init $(ROLE_NAME) && cd $(ROLE_NAME) && molecule init scenario - #docker compose run --rm ansible-molecule sh -c "molecule create" +.PHONY: test lint vault deploy -# Запуск тестов Molecule -test: - docker compose run --rm ansible-molecule sh -c "molecule test" - #docker compose run --rm ansible-molecule sh -c "molecule --help" +test: ## Запуск тестов с molecule + docker compose run --rm ansible bash -c "molecule test" -# Установка зависимостей из requirements.yml -dependencies: - docker compose run --rm ansible-molecule sh -c "ansible-galaxy role install -r /workspace/requirements.yml" +lint: ## Проверка кода с ansible-lint + docker compose run --rm ansible sh -c "ansible-lint roles/role" -# Шифрование файла с помощью Ansible Vault -encrypt: - docker compose run --rm ansible-molecule sh -c "ansible-vault encrypt --vault-password-file /workspace/$(VAULT_PASSWORD_FILE) /workspace/role/$(FILE)" +vault: ## Шифрование/дешифрование с ansible-vault + docker compose run --rm ansible sh -c "ansible-vault edit --vault-password-file vault-password.txt vars/secrets.yml" -# Расшифровка файла с помощью Ansible Vault -decrypt: - docker compose run --rm ansible-molecule sh -c "ansible-vault decrypt --vault-password-file /workspace/$(VAULT_PASSWORD_FILE) /workspace/role/$(FILE)" - -# Просмотр зашифрованного файла -view: - docker compose run --rm ansible-molecule sh -c "ansible-vault view --vault-password-file /workspace/$(VAULT_PASSWORD_FILE) /workspace/role/$(FILE)" - -# Запуск роли на реальных серверах -deploy: - docker compose run --rm ansible-molecule sh -c "ansible-playbook -i $(INVENTORY) $(PLAYBOOK) --vault-password-file /workspace/$(VAULT_PASSWORD_FILE)" +deploy: test ## Деплой на реальные машины, если тест прошел успешно + @echo "Deploying roles to production..." + docker compose run --rm ansible sh -c "ansible-playbook -i inventory/production deploy.yml --vault-password-file vault-password.txt" #################################################################################################### # Работа с Git diff --git a/ansible_role/molecule/default/Dockerfile.j2 b/ansible_role/molecule/default/Dockerfile.j2 deleted file mode 100644 index 83e7814..0000000 --- a/ansible_role/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -{% if item.dockerfile is defined %} -{% for line in item.dockerfile %} -{{ line }} -{% endfor %} -{% endif %} \ No newline at end of file diff --git a/ansible_role/molecule/default/INSTALL.rst b/ansible_role/molecule/default/INSTALL.rst deleted file mode 100644 index d138f0f..0000000 --- a/ansible_role/molecule/default/INSTALL.rst +++ /dev/null @@ -1,8 +0,0 @@ -Installation -============ - -To install Molecule, run the following command: - -.. code-block:: bash - - pip install molecule docker \ No newline at end of file diff --git a/ansible_role/molecule/default/create.yml b/ansible_role/molecule/default/create.yml deleted file mode 100644 index a29cdaa..0000000 --- a/ansible_role/molecule/default/create.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - tasks: - - name: Create molecule instance(s) - molecule_docker: - platform: "{{ item }}" - with_items: "{{ molecule_yml.platforms }}" - loop_control: - label: "{{ item.name }}" \ No newline at end of file diff --git a/ansible_role/molecule/default/destroy.yml b/ansible_role/molecule/default/destroy.yml deleted file mode 100644 index 4443cd7..0000000 --- a/ansible_role/molecule/default/destroy.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - tasks: - - name: Destroy molecule instance(s) - molecule_docker: - platform: "{{ item }}" - state: absent - with_items: "{{ molecule_yml.platforms }}" - loop_control: - label: "{{ item.name }}" \ No newline at end of file diff --git a/ansible_role/molecule/default/inventory/hosts b/ansible_role/molecule/default/inventory/hosts deleted file mode 100644 index bafbacc..0000000 --- a/ansible_role/molecule/default/inventory/hosts +++ /dev/null @@ -1,2 +0,0 @@ -[all] -instance ansible_connection=docker \ No newline at end of file diff --git a/ansible_role/molecule/default/molecule.yml b/ansible_role/molecule/default/molecule.yml deleted file mode 100644 index dd06b76..0000000 --- a/ansible_role/molecule/default/molecule.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: geerlingguy/docker-ubuntu2004-ansible:latest - pre_build_image: true -provisioner: - name: ansible - inventory: - host_vars: - instance: - ansible_connection: docker -verifier: - name: ansible \ No newline at end of file diff --git a/ansible_role/molecule/default/prepare.yml b/ansible_role/molecule/default/prepare.yml deleted file mode 100644 index f1fb2a0..0000000 --- a/ansible_role/molecule/default/prepare.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: [] \ No newline at end of file diff --git a/ansible_role/molecule/default/tests/test_default.py b/ansible_role/molecule/default/tests/test_default.py deleted file mode 100644 index a471b81..0000000 --- a/ansible_role/molecule/default/tests/test_default.py +++ /dev/null @@ -1,13 +0,0 @@ -import os -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_hosts_file(host): - f = host.file('/etc/hosts') - - assert f.exists - assert f.user == 'root' - assert f.group == 'root' \ No newline at end of file diff --git a/ansible_role/molecule/default/verify.yml b/ansible_role/molecule/default/verify.yml deleted file mode 100644 index 04e2b30..0000000 --- a/ansible_role/molecule/default/verify.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Verify - hosts: all - tasks: [] \ No newline at end of file diff --git a/ansible_role/plybook.yaml b/ansible_role/plybook.yaml deleted file mode 100644 index 46f1731..0000000 --- a/ansible_role/plybook.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Apply my_ansible_role to servers - hosts: all # Используем все хосты из инвентори - become: yes # Повышаем привилегии (sudo) - roles: - - role: my_ansible_role # Указываем имя вашей роли \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index d8fa860..464db8e 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,16 +1,9 @@ services: - ansible-molecule: - build: - context: . - dockerfile: Dockerfile - container_name: ansible-molecule + ansible: + build: . + container_name: ansible volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ./ansible_role:/workspace/role # Монтируем роль - - ./inventory:/workspace/inventory # Монтируем инвентори - - ./ansible.cfg:/etc/ansible/ansible.cfg # Монтируем конфиг Ansible - - ./vault_password_file:/workspace/vault_password_file # Монтируем файл с паролем для Vault - - ./requirements.yaml:/workspace/requirements.yml # Монтируем файл с зависимостями - working_dir: /workspace/role - command: > - sh -c "ansible-galaxy role install -r /workspace/requirements.yml && molecule test" \ No newline at end of file + - .:/ansible + environment: + - ANSIBLE_VAULT_PASSWORD_FILE=/ansible/vault-password.txt + tty: true \ No newline at end of file diff --git a/inventory/hosts b/inventory/hosts deleted file mode 100644 index 1a36ab7..0000000 --- a/inventory/hosts +++ /dev/null @@ -1,6 +0,0 @@ -[webservers] -server1 ansible_host=192.168.1.10 ansible_user=ubuntu -server2 ansible_host=192.168.1.11 ansible_user=ubuntu - -[dbservers] -server3 ansible_host=192.168.1.12 ansible_user=ubuntu \ No newline at end of file diff --git a/ansible_role/molecule/default/converge.yml b/molecule/default/converge.yml similarity index 65% rename from ansible_role/molecule/default/converge.yml rename to molecule/default/converge.yml index 07c6d35..ce61f6b 100644 --- a/ansible_role/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -2,4 +2,4 @@ - name: Converge hosts: all roles: - - role: my_new_role \ No newline at end of file + - role: role diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..31ffe92 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,16 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: "geerlingguy/docker-ubuntu2004-ansible:latest" + privileged: true + pre_build_image: true +provisioner: + name: ansible + lint: + name: ansible-lint +verifier: + name: ansible diff --git a/ansible_role/tasks/main.yaml b/molecule/default/prepare.yml similarity index 100% rename from ansible_role/tasks/main.yaml rename to molecule/default/prepare.yml diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/role/defaults/.gitkeep b/roles/role/defaults/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/role/deploy.yaml b/roles/role/deploy.yaml new file mode 100644 index 0000000..3c9cf2e --- /dev/null +++ b/roles/role/deploy.yaml @@ -0,0 +1,6 @@ +--- +- name: Deploy roles + hosts: production + become: true + roles: + - role diff --git a/roles/role/files/.gitkeep b/roles/role/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/role/handlers/.gitkeep b/roles/role/handlers/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/role/meta/.gitkeep b/roles/role/meta/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/role/tasks/main.yaml b/roles/role/tasks/main.yaml new file mode 100644 index 0000000..f6da4a6 --- /dev/null +++ b/roles/role/tasks/main.yaml @@ -0,0 +1,4 @@ +--- +- name: Example task + debug: + msg: "Hello, Ansible!" \ No newline at end of file diff --git a/roles/role/templates/.gitkeep b/roles/role/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/role/tests/.gitkeep b/roles/role/tests/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/role/vars/.gitkeep b/roles/role/vars/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/role/vars/secrets.yml b/roles/role/vars/secrets.yml new file mode 100644 index 0000000..e69de29 diff --git a/vault_password_file b/vault-password.txt similarity index 100% rename from vault_password_file rename to vault-password.txt