fix2
This commit is contained in:
Сергей Антропов
14
Dockerfile
14
Dockerfile
@@ -6,19 +6,13 @@ RUN apt-get update && apt-get install -y \
|
|||||||
curl \
|
curl \
|
||||||
docker.io \
|
docker.io \
|
||||||
docker-compose \
|
docker-compose \
|
||||||
|
sshpass \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# Устанавливаем Ansible, Molecule и Ansible Vault
|
RUN pip3 install --no-cache-dir ansible ansible-lint ansible-vault molecule docker molecule-docker
|
||||||
RUN pip install --no-cache-dir ansible ansible-vault molecule docker molecule-docker
|
|
||||||
|
|
||||||
# Устанавливаем Docker CLI
|
# Устанавливаем Docker CLI
|
||||||
RUN curl -fsSL https://get.docker.com | sh
|
RUN curl -fsSL https://get.docker.com | sh
|
||||||
|
|
||||||
# Устанавливаем рабочую директорию
|
WORKDIR /ansible
|
||||||
WORKDIR /workspace
|
ENTRYPOINT ["/bin/bash"]
|
||||||
|
|
||||||
# Устанавливаем роль из Ansible Galaxy (пример: geerlingguy.nginx)
|
|
||||||
#RUN ansible-galaxy role install geerlingguy.nginx
|
|
||||||
|
|
||||||
# Указываем команду по умолчанию
|
|
||||||
CMD ["molecule", "--version"]
|
|
||||||
|
|||||||
37
Makefile
37
Makefile
@@ -53,38 +53,23 @@ logs:
|
|||||||
docker compose logs --tail=100 -f $(c)
|
docker compose logs --tail=100 -f $(c)
|
||||||
|
|
||||||
shell:
|
shell:
|
||||||
docker compose exec ansible-molecule bash
|
docker compose exec ansible bash
|
||||||
|
|
||||||
|
|
||||||
# Создание новой роли с помощью Molecule
|
.PHONY: test lint vault deploy
|
||||||
create:
|
|
||||||
docker compose run --rm ansible-molecule sh -c "ansible-galaxy role init $(ROLE_NAME) && cd $(ROLE_NAME) && molecule init scenario
|
|
||||||
#docker compose run --rm ansible-molecule sh -c "molecule create"
|
|
||||||
|
|
||||||
# Запуск тестов Molecule
|
test: ## Запуск тестов с molecule
|
||||||
test:
|
docker compose run --rm ansible bash -c "molecule test"
|
||||||
docker compose run --rm ansible-molecule sh -c "molecule test"
|
|
||||||
#docker compose run --rm ansible-molecule sh -c "molecule --help"
|
|
||||||
|
|
||||||
# Установка зависимостей из requirements.yml
|
lint: ## Проверка кода с ansible-lint
|
||||||
dependencies:
|
docker compose run --rm ansible sh -c "ansible-lint roles/role"
|
||||||
docker compose run --rm ansible-molecule sh -c "ansible-galaxy role install -r /workspace/requirements.yml"
|
|
||||||
|
|
||||||
# Шифрование файла с помощью Ansible Vault
|
vault: ## Шифрование/дешифрование с ansible-vault
|
||||||
encrypt:
|
docker compose run --rm ansible sh -c "ansible-vault edit --vault-password-file vault-password.txt vars/secrets.yml"
|
||||||
docker compose run --rm ansible-molecule sh -c "ansible-vault encrypt --vault-password-file /workspace/$(VAULT_PASSWORD_FILE) /workspace/role/$(FILE)"
|
|
||||||
|
|
||||||
# Расшифровка файла с помощью Ansible Vault
|
deploy: test ## Деплой на реальные машины, если тест прошел успешно
|
||||||
decrypt:
|
@echo "Deploying roles to production..."
|
||||||
docker compose run --rm ansible-molecule sh -c "ansible-vault decrypt --vault-password-file /workspace/$(VAULT_PASSWORD_FILE) /workspace/role/$(FILE)"
|
docker compose run --rm ansible sh -c "ansible-playbook -i inventory/production deploy.yml --vault-password-file vault-password.txt"
|
||||||
|
|
||||||
# Просмотр зашифрованного файла
|
|
||||||
view:
|
|
||||||
docker compose run --rm ansible-molecule sh -c "ansible-vault view --vault-password-file /workspace/$(VAULT_PASSWORD_FILE) /workspace/role/$(FILE)"
|
|
||||||
|
|
||||||
# Запуск роли на реальных серверах
|
|
||||||
deploy:
|
|
||||||
docker compose run --rm ansible-molecule sh -c "ansible-playbook -i $(INVENTORY) $(PLAYBOOK) --vault-password-file /workspace/$(VAULT_PASSWORD_FILE)"
|
|
||||||
|
|
||||||
####################################################################################################
|
####################################################################################################
|
||||||
# Работа с Git
|
# Работа с Git
|
||||||
|
|||||||
@@ -1,13 +0,0 @@
|
|||||||
# Molecule managed
|
|
||||||
|
|
||||||
{% if item.registry is defined %}
|
|
||||||
FROM {{ item.registry.url }}/{{ item.image }}
|
|
||||||
{% else %}
|
|
||||||
FROM {{ item.image }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if item.dockerfile is defined %}
|
|
||||||
{% for line in item.dockerfile %}
|
|
||||||
{{ line }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
Installation
|
|
||||||
============
|
|
||||||
|
|
||||||
To install Molecule, run the following command:
|
|
||||||
|
|
||||||
.. code-block:: bash
|
|
||||||
|
|
||||||
pip install molecule docker
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Create
|
|
||||||
hosts: localhost
|
|
||||||
connection: local
|
|
||||||
tasks:
|
|
||||||
- name: Create molecule instance(s)
|
|
||||||
molecule_docker:
|
|
||||||
platform: "{{ item }}"
|
|
||||||
with_items: "{{ molecule_yml.platforms }}"
|
|
||||||
loop_control:
|
|
||||||
label: "{{ item.name }}"
|
|
||||||
@@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Destroy
|
|
||||||
hosts: localhost
|
|
||||||
connection: local
|
|
||||||
tasks:
|
|
||||||
- name: Destroy molecule instance(s)
|
|
||||||
molecule_docker:
|
|
||||||
platform: "{{ item }}"
|
|
||||||
state: absent
|
|
||||||
with_items: "{{ molecule_yml.platforms }}"
|
|
||||||
loop_control:
|
|
||||||
label: "{{ item.name }}"
|
|
||||||
@@ -1,2 +0,0 @@
|
|||||||
[all]
|
|
||||||
instance ansible_connection=docker
|
|
||||||
@@ -1,17 +0,0 @@
|
|||||||
---
|
|
||||||
dependency:
|
|
||||||
name: galaxy
|
|
||||||
driver:
|
|
||||||
name: docker
|
|
||||||
platforms:
|
|
||||||
- name: instance
|
|
||||||
image: geerlingguy/docker-ubuntu2004-ansible:latest
|
|
||||||
pre_build_image: true
|
|
||||||
provisioner:
|
|
||||||
name: ansible
|
|
||||||
inventory:
|
|
||||||
host_vars:
|
|
||||||
instance:
|
|
||||||
ansible_connection: docker
|
|
||||||
verifier:
|
|
||||||
name: ansible
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Prepare
|
|
||||||
hosts: all
|
|
||||||
tasks: []
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
import os
|
|
||||||
import testinfra.utils.ansible_runner
|
|
||||||
|
|
||||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
||||||
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
|
|
||||||
|
|
||||||
|
|
||||||
def test_hosts_file(host):
|
|
||||||
f = host.file('/etc/hosts')
|
|
||||||
|
|
||||||
assert f.exists
|
|
||||||
assert f.user == 'root'
|
|
||||||
assert f.group == 'root'
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Verify
|
|
||||||
hosts: all
|
|
||||||
tasks: []
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Apply my_ansible_role to servers
|
|
||||||
hosts: all # Используем все хосты из инвентори
|
|
||||||
become: yes # Повышаем привилегии (sudo)
|
|
||||||
roles:
|
|
||||||
- role: my_ansible_role # Указываем имя вашей роли
|
|
||||||
@@ -1,16 +1,9 @@
|
|||||||
services:
|
services:
|
||||||
ansible-molecule:
|
ansible:
|
||||||
build:
|
build: .
|
||||||
context: .
|
container_name: ansible
|
||||||
dockerfile: Dockerfile
|
|
||||||
container_name: ansible-molecule
|
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- .:/ansible
|
||||||
- ./ansible_role:/workspace/role # Монтируем роль
|
environment:
|
||||||
- ./inventory:/workspace/inventory # Монтируем инвентори
|
- ANSIBLE_VAULT_PASSWORD_FILE=/ansible/vault-password.txt
|
||||||
- ./ansible.cfg:/etc/ansible/ansible.cfg # Монтируем конфиг Ansible
|
tty: true
|
||||||
- ./vault_password_file:/workspace/vault_password_file # Монтируем файл с паролем для Vault
|
|
||||||
- ./requirements.yaml:/workspace/requirements.yml # Монтируем файл с зависимостями
|
|
||||||
working_dir: /workspace/role
|
|
||||||
command: >
|
|
||||||
sh -c "ansible-galaxy role install -r /workspace/requirements.yml && molecule test"
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
[webservers]
|
|
||||||
server1 ansible_host=192.168.1.10 ansible_user=ubuntu
|
|
||||||
server2 ansible_host=192.168.1.11 ansible_user=ubuntu
|
|
||||||
|
|
||||||
[dbservers]
|
|
||||||
server3 ansible_host=192.168.1.12 ansible_user=ubuntu
|
|
||||||
@@ -2,4 +2,4 @@
|
|||||||
- name: Converge
|
- name: Converge
|
||||||
hosts: all
|
hosts: all
|
||||||
roles:
|
roles:
|
||||||
- role: my_new_role
|
- role: role
|
||||||
16
molecule/default/molecule.yml
Normal file
16
molecule/default/molecule.yml
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
platforms:
|
||||||
|
- name: instance
|
||||||
|
image: "geerlingguy/docker-ubuntu2004-ansible:latest"
|
||||||
|
privileged: true
|
||||||
|
pre_build_image: true
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
lint:
|
||||||
|
name: ansible-lint
|
||||||
|
verifier:
|
||||||
|
name: ansible
|
||||||
0
molecule/default/verify.yml
Normal file
0
molecule/default/verify.yml
Normal file
0
roles/role/defaults/.gitkeep
Normal file
0
roles/role/defaults/.gitkeep
Normal file
6
roles/role/deploy.yaml
Normal file
6
roles/role/deploy.yaml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- name: Deploy roles
|
||||||
|
hosts: production
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- role
|
||||||
0
roles/role/files/.gitkeep
Normal file
0
roles/role/files/.gitkeep
Normal file
0
roles/role/handlers/.gitkeep
Normal file
0
roles/role/handlers/.gitkeep
Normal file
0
roles/role/meta/.gitkeep
Normal file
0
roles/role/meta/.gitkeep
Normal file
4
roles/role/tasks/main.yaml
Normal file
4
roles/role/tasks/main.yaml
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
- name: Example task
|
||||||
|
debug:
|
||||||
|
msg: "Hello, Ansible!"
|
||||||
0
roles/role/templates/.gitkeep
Normal file
0
roles/role/templates/.gitkeep
Normal file
0
roles/role/tests/.gitkeep
Normal file
0
roles/role/tests/.gitkeep
Normal file
0
roles/role/vars/.gitkeep
Normal file
0
roles/role/vars/.gitkeep
Normal file
0
roles/role/vars/secrets.yml
Normal file
0
roles/role/vars/secrets.yml
Normal file
Reference in New Issue
Block a user