Ansible/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat: Переименование geop в cod и добавление ARM64 поддержки

Browse Source 
- Переименован пресет geop.yml в cod.yml
- Обновлены все группы с geop на cod
- Добавлена поддержка ARM64 для Astra Linux и RedOS
- Создан Dockerfile.arm64 для RedOS с исправлением конфликтов пакетов
- Улучшены разделители в логах Molecule
- Зашифрован файл vault/secrets.yml
- Обновлена роль devops с поддержкой vault
- Добавлены шаблоны для SSH и sudoers конфигураций
This commit is contained in:
Сергей Антропов
2025-10-27 19:43:26 +03:00
parent c66bb35f97
commit 5543ae4d27
25 changed files with 1531 additions and 931 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
roles/devops/vars/main.yml
View File

@@ -1,25 +1,209 @@
---
# Переменные для роли devops
# OS-специфичные переменные для роли devops
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
# Список пакетов, необходимых для роли
devops_required_packages:
- openssh-server
- sudo
- passwd
# Определение семейства ОС
devops_os_family: "{{ ansible_os_family | lower }}"
devops_distribution: "{{ ansible_distribution | lower }}"
devops_distribution_version: "{{ ansible_distribution_version | lower }}"
# Настройки безопасности для SSH
devops_ssh_security:
permit_root_login: "no"
password_authentication: "yes"
pubkey_authentication: "yes"
authorized_keys_file: ".ssh/authorized_keys"
# Настройки для разных семейств ОС
devops_os_config:
redhat:
package_manager: "yum"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "wheel"
additional_groups:
- "wheel"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "nano"
- "mc"
- "tar"
- "gzip"
services:
- "sshd"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
debian:
package_manager: "apt"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "sudo"
additional_groups:
- "sudo"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "nano"
- "mc"
- "tar"
- "gzip"
services:
- "ssh"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
suse:
package_manager: "zypper"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "wheel"
additional_groups:
- "wheel"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "nano"
- "mc"
- "tar"
- "gzip"
services:
- "sshd"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
alpine:
package_manager: "apk"
user_management: "adduser"
group_management: "addgroup"
sudo_group: "wheel"
additional_groups:
- "wheel"
- "docker"
packages:
- "sudo"
- "openssh"
- "curl"
- "wget"
- "mc"
- "nano"
- "tar"
- "gzip"
services:
- "sshd"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
# Настройки sudo для безопасности
devops_sudo_security:
requiretty: false
visiblepw: false
always_set_home: true
env_reset: true
env_keep: "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
# Специфичные настройки для российских ОС
devops_russian_os_config:
astra:
package_manager: "apt"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "sudo"
additional_groups:
- "sudo"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "mc"
- "nano"
- "tar"
- "gzip"
services:
- "ssh"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
redos:
package_manager: "yum"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "wheel"
additional_groups:
- "wheel"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "mc"
- "nano"
- "tar"
- "gzip"
services:
- "sshd"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
alt:
package_manager: "apt"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "sudo"
additional_groups:
- "sudo"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "mc"
- "nano"
- "tar"
- "gzip"
services:
- "ssh"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
# Получение конфигурации для текущей ОС
devops_current_config: "{{ devops_russian_os_config[devops_distribution] | default(devops_os_config[devops_os_family]) }}"
# Переменные для работы с пакетами
devops_package_manager_cmd: "{{ devops_current_config.package_manager }}"
devops_user_cmd: "{{ devops_current_config.user_management }}"
devops_group_cmd: "{{ devops_current_config.group_management }}"
devops_sudo_group: "{{ devops_current_config.sudo_group }}"
devops_packages_to_install: "{{ devops_current_config.packages }}"
devops_services_to_enable: "{{ devops_current_config.services }}"
devops_sudoers_path: "{{ devops_current_config.sudoers_path }}"
devops_ssh_config_path: "{{ devops_current_config.ssh_config_path }}"
# Дополнительные группы для пользователя
devops_final_additional_groups: "{{ devops_current_config.additional_groups }}"
# Настройки для проверки системы
devops_system_checks:
- name: "check_user_exists"
command: "id {{ devops_user }}"
register: "devops_user_check"
- name: "check_ssh_key_exists"
stat:
path: "{{ devops_ssh_authorized_keys }}"
register: "devops_ssh_key_check"
- name: "check_sudoers_exists"
stat:
path: "{{ devops_sudoers_file }}"
register: "devops_sudoers_check"
# Настройки для логирования
devops_log_config:
level: "{{ devops_log_level }}"
file: "{{ devops_log_file }}"
format: "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
max_size: "10MB"
backup_count: 5
# Настройки для уведомлений
devops_notification_config:
success_message: "Пользователь {{ devops_user }} успешно настроен"
failure_message: "Ошибка при настройке пользователя {{ devops_user }}"
ssh_message: "SSH ключ для пользователя {{ devops_user }} настроен"
sudo_message: "Sudo права для пользователя {{ devops_user }} настроены"