Обновление конфигурации Ansible: добавлены новые пресеты, улучшен Makefile, добавлена документация

molecule/default/converge.yml

@@ -10,12 +10,12 @@
   tasks:
     - name: Install collections
       community.docker.docker_container_exec:
-        container: ansible
+        container: ansible-controller
         command: bash -lc "ansible-galaxy collection install -r /ansible/requirements.yml --force --no-deps --upgrade >/dev/null 2>&1 || true"
 
     - name: Decrypt vault targets (best-effort)
       community.docker.docker_container_exec:
-        container: ansible
+        container: ansible-controller
         command: >
           bash -lc '
           set -euo pipefail;
@@ -29,7 +29,7 @@
 
     - name: Run external playbook (your lab play)
       community.docker.docker_container_exec:
-        container: ansible
+        container: ansible-controller
         command: >
           bash -lc "
             ANSIBLE_ROLES_PATH=/ansible/roles
@@ -38,7 +38,7 @@
 
     - name: Re-encrypt vault targets (always)
       community.docker.docker_container_exec:
-        container: ansible
+        container: ansible-controller
         command: >
           bash -lc '
           set -euo pipefail;

molecule/default/create.yml

@@ -1,70 +1,88 @@
 ---
 - hosts: localhost
   gather_facts: false
-  vars_files:
-    - ../presets/default.yml
+  vars:
+    # Получаем preset из переменной окружения или используем default
+    preset_name: "{{ lookup('env', 'MOLECULE_PRESET') | default('default') }}"
+    preset_file: "/workspace/molecule/presets/{{ preset_name }}.yml"
+    
+    # Fallback значения если preset файл не найден
+    docker_network: labnet
+    generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
+    images:
+      debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
+    systemd_defaults:
+      privileged: true
+      command: "/sbin/init"
+      volumes:
+        - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+      tmpfs: ["/run", "/run/lock"]
+      capabilities: ["SYS_ADMIN"]
+    hosts:
+      - name: u1
+        family: debian
+        groups: [test]
 
   tasks:
+    - name: Load preset configuration
+      include_vars: "{{ preset_file }}"
+      when: preset_file is file
+      ignore_errors: true
+
     - name: Ensure network exists
-      community.docker.docker_network:
-        name: "{{ docker_network }}"
-        state: present
+      command: docker network create {{ docker_network }}
+      delegate_to: localhost
+      ignore_errors: true
 
     # SYSTEMD nodes
     - name: Pull systemd images
-      community.docker.docker_image:
-        name: "{{ images[item.family] }}"
-        source: pull
+      command: docker pull {{ images[item.family] }}
+      delegate_to: localhost
       loop: "{{ hosts | selectattr('type','undefined') | list }}"
       loop_control: { label: "{{ item.name }}" }
 
     - name: Start systemd nodes
-      community.docker.docker_container:
-        name: "{{ item.name }}"
-        image: "{{ images[item.family] }}"
-        networks: [ { name: "{{ docker_network }}" } ]
-        privileged: "{{ systemd_defaults.privileged }}"
-        command: "{{ systemd_defaults.command }}"
-        volumes: "{{ (systemd_defaults.volumes | default([])) + (item.volumes | default([])) }}"
-        tmpfs: "{{ (systemd_defaults.tmpfs | default([])) + (item.tmpfs | default([])) }}"
-        capabilities: "{{ (systemd_defaults.capabilities | default([])) + (item.capabilities | default([])) }}"
-        published_ports: "{{ item.publish | default([]) }}"
-        env: "{{ item.env | default({}) }}"
-        state: started
-        restart_policy: unless-stopped
+      command: >
+        docker run -d --name {{ item.name }} 
+        --network {{ docker_network }}
+        --privileged={{ systemd_defaults.privileged | lower }}
+        --tmpfs {{ (systemd_defaults.tmpfs | default([])) | join(' --tmpfs ') }}
+        --cap-add {{ (systemd_defaults.capabilities | default([])) | join(' --cap-add ') }}
+        {% for port in item.publish | default([]) %}--publish {{ port }} {% endfor %}
+        {% for key, value in item.env | default({}) | dictsort %}--env {{ key }}={{ value }} {% endfor %}
+        {% for volume in (systemd_defaults.volumes | default([])) + (item.volumes | default([])) %}--volume {{ volume }} {% endfor %}
+        {{ images[item.family] }} {{ systemd_defaults.command }}
+      delegate_to: localhost
       loop: "{{ hosts | selectattr('type','undefined') | list }}"
       loop_control: { label: "{{ item.name }}" }
 
     # DinD nodes
     - name: Start DinD nodes (docker:27-dind)
-      community.docker.docker_container:
-        name: "{{ item.name }}"
-        image: "docker:27-dind"
-        privileged: true
-        environment: { DOCKER_TLS_CERTDIR: "" }
-        networks: [ { name: "{{ docker_network }}" } ]
-        published_ports: "{{ item.publish | default([]) }}"
-        volumes: [ "{{ item.name }}-docker:/var/lib/docker" ]
-        state: started
-        restart_policy: unless-stopped
+      command: >
+        docker run -d --name {{ item.name }} 
+        --network {{ docker_network }}
+        --privileged=true
+        --env DOCKER_TLS_CERTDIR=""
+        {% for port in item.publish | default([]) %}--publish {{ port }} {% endfor %}
+        --volume {{ item.name }}-docker:/var/lib/docker
+        docker:27-dind
+      delegate_to: localhost
       loop: "{{ hosts | selectattr('type','defined') | selectattr('type','equalto','dind') | list }}"
       loop_control: { label: "{{ item.name }}" }
 
     # DOoD nodes (mount docker.sock)
     - name: Start DOoD nodes (systemd + docker.sock mount)
-      community.docker.docker_container:
-        name: "{{ item.name }}"
-        image: "{{ images[item.family] }}"
-        networks: [ { name: "{{ docker_network }}" } ]
-        privileged: "{{ systemd_defaults.privileged }}"
-        command: "{{ systemd_defaults.command }}"
-        volumes: "{{ (systemd_defaults.volumes | default([])) + ['/var/run/docker.sock:/var/run/docker.sock'] + (item.volumes | default([])) }}"
-        tmpfs: "{{ (systemd_defaults.tmpfs | default([])) + (item.tmpfs | default([])) }}"
-        capabilities: "{{ (systemd_defaults.capabilities | default([])) + (item.capabilities | default([])) }}"
-        published_ports: "{{ item.publish | default([]) }}"
-        env: "{{ item.env | default({}) }}"
-        state: started
-        restart_policy: unless-stopped
+      command: >
+        docker run -d --name {{ item.name }} 
+        --network {{ docker_network }}
+        --privileged={{ systemd_defaults.privileged | lower }}
+        --tmpfs {{ (systemd_defaults.tmpfs | default([])) | join(' --tmpfs ') }}
+        --cap-add {{ (systemd_defaults.capabilities | default([])) | join(' --cap-add ') }}
+        {% for port in item.publish | default([]) %}--publish {{ port }} {% endfor %}
+        {% for key, value in item.env | default({}) | dictsort %}--env {{ key }}={{ value }} {% endfor %}
+        {% for volume in (systemd_defaults.volumes | default([])) + ['/var/run/docker.sock:/var/run/docker.sock'] + (item.volumes | default([])) %}--volume {{ volume }} {% endfor %}
+        {{ images[item.family] }} {{ systemd_defaults.command }}
+      delegate_to: localhost
       loop: "{{ hosts | selectattr('type','defined') | selectattr('type','equalto','dood') | list }}"
       loop_control: { label: "{{ item.name }}" }
 

molecule/default/destroy.yml

@@ -1,10 +1,24 @@
 ---
 - hosts: localhost
   gather_facts: false
-  vars_files:
-    - ../presets/default.yml
+  vars:
+    # Получаем preset из переменной окружения или используем default
+    preset_name: "{{ lookup('env', 'MOLECULE_PRESET') | default('default') }}"
+    preset_file: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') | default('/tmp') }}/../presets/{{ preset_name }}.yml"
+    
+    # Fallback значения если preset файл не найден
+    docker_network: labnet
+    hosts:
+      - name: u1
+        family: debian
+        groups: [test]
 
   tasks:
+    - name: Load preset configuration
+      include_vars: "{{ preset_file }}"
+      when: preset_file is file
+      ignore_errors: true
+
     - name: Remove containers
       community.docker.docker_container:
         name: "{{ item.name }}"

molecule/default/molecule.yml

@@ -6,6 +6,12 @@
 driver:
   name: docker
 
+platforms:
+  # Платформы будут созданы динамически через preset файлы
+  - name: placeholder
+    image: ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy
+    pre_build_image: true
+
 provisioner:
   name: ansible
   config_options:

molecule/default/site.yml

@@ -25,5 +25,5 @@
       raw: ansible-galaxy collection install -r requirements.yml --force --no-deps --upgrade || true
       ignore_errors: true
 
-- import_playbook: ../../roles/deploy.yml
+- import_playbook: ../../deploy.yml
 

molecule/presets/default.yml

@@ -1,5 +1,5 @@
 ---
-# Минимальный пресет для быстрого тестирования
+# Стандартный пресет по умолчанию для тестирования
 # Автор: Сергей Антропов
 # Сайт: https://devops.org.ru
 
@@ -9,6 +9,7 @@ generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
 # systemd-ready образы
 images:
   debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
+  rhel: "quay.io/centos/centos:stream9-systemd"
 
 systemd_defaults:
   privileged: true
@@ -19,7 +20,10 @@ systemd_defaults:
   capabilities: ["SYS_ADMIN"]
 
 hosts:
-  # Минимальный набор - один хост
+  # Стандартный набор - 2 хоста для базового тестирования
   - name: u1
     family: debian
-    groups: [test]
+    groups: [test, web]
+  - name: u2
+    family: rhel
+    groups: [test, web]

molecule/presets/performance.yml

@@ -0,0 +1,38 @@
+---
+# Пресет для тестирования производительности
+# Автор: Сергей Антропов
+# Сайт: https://devops.org.ru
+
+docker_network: labnet
+generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
+
+# systemd-ready образы
+images:
+  debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
+  rhel: "quay.io/centos/centos:stream9-systemd"
+
+systemd_defaults:
+  privileged: true
+  command: "/sbin/init"
+  volumes:
+    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+  tmpfs: ["/run", "/run/lock"]
+  capabilities: ["SYS_ADMIN"]
+
+hosts:
+  # Нагрузочное тестирование - 5 хостов
+  - name: perf1
+    family: debian
+    groups: [test, performance]
+  - name: perf2
+    family: debian
+    groups: [test, performance]
+  - name: perf3
+    family: rhel
+    groups: [test, performance]
+  - name: perf4
+    family: rhel
+    groups: [test, performance]
+  - name: perf5
+    family: debian
+    groups: [test, performance]

molecule/presets/security.yml

@@ -0,0 +1,32 @@
+---
+# Пресет для тестирования безопасности
+# Автор: Сергей Антропов
+# Сайт: https://devops.org.ru
+
+docker_network: labnet
+generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
+
+# systemd-ready образы
+images:
+  debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
+  rhel: "quay.io/centos/centos:stream9-systemd"
+
+systemd_defaults:
+  privileged: true
+  command: "/sbin/init"
+  volumes:
+    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+  tmpfs: ["/run", "/run/lock"]
+  capabilities: ["SYS_ADMIN"]
+
+hosts:
+  # Тестирование безопасности - 3 хоста с разными ОС
+  - name: sec1
+    family: debian
+    groups: [test, security, web]
+  - name: sec2
+    family: rhel
+    groups: [test, security, db]
+  - name: sec3
+    family: debian
+    groups: [test, security, api]

molecule/presets/test.yml

@@ -0,0 +1,25 @@
+---
+# Минимальный пресет для быстрого тестирования
+# Автор: Сергей Антропов
+# Сайт: https://devops.org.ru
+
+docker_network: labnet
+generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
+
+# systemd-ready образы
+images:
+  debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
+
+systemd_defaults:
+  privileged: true
+  command: "/sbin/init"
+  volumes:
+    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+  tmpfs: ["/run", "/run/lock"]
+  capabilities: ["SYS_ADMIN"]
+
+hosts:
+  # Минимальный набор - один хост
+  - name: u1
+    family: debian
+    groups: [test]