From 7924691d34c8a0a8725a4255435f1ed0e800faa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9=20=D0=90=D0=BD=D1=82?= =?UTF-8?q?=D1=80=D0=BE=D0=BF=D0=BE=D0=B2?= Date: Sat, 25 Oct 2025 22:31:41 +0300 Subject: [PATCH] =?UTF-8?q?=D0=9E=D0=BF=D1=82=D0=B8=D0=BC=D0=B8=D0=B7?= =?UTF-8?q?=D0=B0=D1=86=D0=B8=D1=8F=20Dockerfile:=20=D1=83=D0=B1=D1=80?= =?UTF-8?q?=D0=B0=D0=BD=D1=8B=20=D0=BB=D0=B8=D1=88=D0=BD=D0=B8=D0=B5=20?= =?UTF-8?q?=D0=BF=D0=B0=D0=BA=D0=B5=D1=82=D1=8B=20=D0=B8=20=D0=B7=D0=B0?= =?UTF-8?q?=D0=BA=D0=BE=D0=BC=D0=BC=D0=B5=D0=BD=D1=82=D0=B8=D1=80=D0=BE?= =?UTF-8?q?=D0=B2=D0=B0=D0=BD=D1=8B=20Docker/yq?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Убраны пакеты: vim, jq, git, htop, tree из всех Dockerfile - Закомментированы установки Docker, Docker Compose, yq - Обновлен Rocky Linux до версии 9 с Python 3 - Исправлена проблема с passlib в ansible-controller - Оставлены только необходимые пакеты: systemd, curl, wget, nano, python3, sudo --- Makefile | 19 +++ dockerfiles/alma/Dockerfile | 24 +-- dockerfiles/alt-linux/Dockerfile | 23 ++- dockerfiles/ansible-controller/Dockerfile | 10 +- .../ansible-controller/requirements.txt | 9 ++ .../ansible-controller/requirements.yml | 4 +- dockerfiles/astra-linux/Dockerfile | 41 +++-- dockerfiles/centos/Dockerfile | 13 +- dockerfiles/debian/Dockerfile | 31 ++-- dockerfiles/redos/Dockerfile | 22 ++- dockerfiles/rhel/Dockerfile | 20 +-- dockerfiles/rocky/Dockerfile | 27 ++-- dockerfiles/ubuntu/Dockerfile | 31 ++-- docs/platform-support.md | 148 ++++++++++++++++++ molecule/default/create.yml | 109 ++++++++++++- molecule/presets/all-images.yml | 5 +- molecule/presets/default.yml | 2 +- molecule/presets/docker-full.yml | 2 +- molecule/presets/docker-test.yml | 2 +- molecule/presets/etcd-patroni.yml | 2 +- molecule/presets/minimal.yml | 3 +- molecule/presets/multi-os.yml | 2 +- molecule/presets/performance.yml | 2 +- molecule/presets/security.yml | 2 +- molecule/presets/stable.yml | 2 +- molecule/presets/standart.yml | 2 +- molecule/presets/test.yml | 2 +- roles/deploy.yml | 4 +- 28 files changed, 410 insertions(+), 153 deletions(-) create mode 100644 dockerfiles/ansible-controller/requirements.txt create mode 100644 docs/platform-support.md diff --git a/Makefile b/Makefile index 192be68..58816e5 100644 --- a/Makefile +++ b/Makefile @@ -915,6 +915,20 @@ controller: --push \ .; \ echo "✅ ansible-controller собран и отправлен";; \ + rebuild) \ + echo "🔄 Пересборка ansible-controller с исправлениями..."; \ + echo "📋 Платформы: $(DOCKER_PLATFORMS)"; \ + echo "🔧 Исправления: добавлен passlib для хеширования паролей"; \ + $(MAKE) docker setup-builder; \ + cd dockerfiles/ansible-controller && \ + docker buildx build \ + --platform $(DOCKER_PLATFORMS) \ + --tag $(DOCKER_REGISTRY):ansible-controller-$(DOCKER_VERSION) \ + --tag $(DOCKER_REGISTRY):ansible-controller-latest \ + --push \ + --no-cache \ + .; \ + echo "✅ ansible-controller пересобран с исправлениями";; \ run) \ echo "🚀 Запуск ansible-controller..."; \ cd dockerfiles/ansible-controller && docker-compose up -d; \ @@ -932,6 +946,11 @@ controller: echo " 💡 Использует: dockerfiles/ansible-controller/Dockerfile"; \ echo " 💡 Requirements: dockerfiles/ansible-controller/requirements.yml"; \ echo ""; \ + echo " 🔄 make controller rebuild - пересобрать ansible-controller с исправлениями"; \ + echo " 💡 Пересобирает: с --no-cache для применения исправлений"; \ + echo " 💡 Исправления: добавлен passlib для хеширования паролей"; \ + echo " 💡 Платформы: $(DOCKER_PLATFORMS)"; \ + echo ""; \ echo " 🚀 make controller run - запустить ansible-controller"; \ echo " 💡 Запускает: docker-compose up -d"; \ echo " 💡 Использует: dockerfiles/ansible-controller/docker-compose.yml"; \ diff --git a/dockerfiles/alma/Dockerfile b/dockerfiles/alma/Dockerfile index 73cd5bb..d914d89 100644 --- a/dockerfiles/alma/Dockerfile +++ b/dockerfiles/alma/Dockerfile @@ -15,27 +15,27 @@ RUN dnf install -y \ dbus \ curl \ wget \ - git \ - vim \ nano \ - jq \ - python3 \ - python3-pip \ + python39 \ + python39-pip \ sudo \ && dnf clean all +# Создаем symlink для python3 -> python3.9 +RUN ln -sf /usr/bin/python3.9 /usr/bin/python3 + # Устанавливаем yq -RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ - && chmod +x /usr/local/bin/yq +# RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ +# && chmod +x /usr/local/bin/yq # Устанавливаем Docker -RUN dnf install -y dnf-plugins-core \ - && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \ - && dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin +# RUN dnf install -y dnf-plugins-core \ +# && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \ +# && dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin # Устанавливаем Docker Compose -RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose +# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ +# && chmod +x /usr/local/bin/docker-compose # Настраиваем systemd RUN systemctl set-default multi-user.target diff --git a/dockerfiles/alt-linux/Dockerfile b/dockerfiles/alt-linux/Dockerfile index f6c83b2..7c05415 100644 --- a/dockerfiles/alt-linux/Dockerfile +++ b/dockerfiles/alt-linux/Dockerfile @@ -14,12 +14,7 @@ RUN apt-get install -y \ dbus \ curl \ wget \ - git \ - vim-enhanced \ nano \ - htop \ - tree \ - jq \ python3 \ sudo \ && apt-get clean @@ -28,19 +23,19 @@ RUN apt-get install -y \ RUN curl -sS https://bootstrap.pypa.io/pip/3.7/get-pip.py | python3 # Устанавливаем yq -RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ - && chmod +x /usr/local/bin/yq +# RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ +# && chmod +x /usr/local/bin/yq # Устанавливаем Docker вручную для ALT Linux -RUN apt-get update && apt-get install -y \ - ca-certificates \ - curl \ - gnupg \ - && apt-get clean +# RUN apt-get update && apt-get install -y \ +# ca-certificates \ +# curl \ +# gnupg \ +# && apt-get clean # Устанавливаем Docker Compose -RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose +# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ +# && chmod +x /usr/local/bin/docker-compose # Настраиваем systemd RUN systemctl set-default multi-user.target diff --git a/dockerfiles/ansible-controller/Dockerfile b/dockerfiles/ansible-controller/Dockerfile index 67b91b8..71d3a77 100644 --- a/dockerfiles/ansible-controller/Dockerfile +++ b/dockerfiles/ansible-controller/Dockerfile @@ -16,8 +16,8 @@ RUN apt-get install -y \ build-essential \ && apt-get clean -# Устанавливаем Ansible и ansible-lint -RUN pip3 install ansible ansible-core ansible-lint +# Устанавливаем Ansible, ansible-lint и passlib для хеширования паролей +RUN pip3 install ansible ansible-core ansible-lint passlib # Устанавливаем дополнительные пакеты RUN apt-get install -y \ @@ -56,8 +56,12 @@ RUN curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64 \ # && mv istio-1.22.1/bin/istioctl /usr/local/bin/ \ # && rm -rf istio-1.22.1 -# Копируем requirements.yml +# Копируем файлы зависимостей COPY requirements.yml /tmp/requirements.yml +COPY requirements.txt /tmp/requirements.txt + +# Устанавливаем Python зависимости +RUN pip3 install -r /tmp/requirements.txt # Устанавливаем Ansible коллекции RUN ansible-galaxy collection install -r /tmp/requirements.yml diff --git a/dockerfiles/ansible-controller/requirements.txt b/dockerfiles/ansible-controller/requirements.txt new file mode 100644 index 0000000..983ba28 --- /dev/null +++ b/dockerfiles/ansible-controller/requirements.txt @@ -0,0 +1,9 @@ +# Python зависимости для Ansible Controller +# Автор: Сергей Антропов +# Сайт: https://devops.org.ru + +# Основные зависимости для работы с паролями +passlib>=1.7.4 + +# Дополнительные зависимости для безопасности +bcrypt>=4.0.1 diff --git a/dockerfiles/ansible-controller/requirements.yml b/dockerfiles/ansible-controller/requirements.yml index 3760d1a..037030c 100644 --- a/dockerfiles/ansible-controller/requirements.yml +++ b/dockerfiles/ansible-controller/requirements.yml @@ -1,9 +1,9 @@ --- -# Ansible Collections для Molecule Universal +# Ansible Collections for Molecule Universal collections: - name: community.docker version: ">=3.0.0" - name: community.general version: ">=7.0.0" - name: ansible.posix - version: ">=1.5.4" + version: ">=1.5.4" \ No newline at end of file diff --git a/dockerfiles/astra-linux/Dockerfile b/dockerfiles/astra-linux/Dockerfile index de40ad9..7fd53df 100644 --- a/dockerfiles/astra-linux/Dockerfile +++ b/dockerfiles/astra-linux/Dockerfile @@ -15,37 +15,34 @@ RUN apt-get install -y \ dbus \ curl \ wget \ - git \ - vim \ nano \ - htop \ - tree \ - jq \ python3 \ python3-pip \ sudo \ && apt-get clean -# Устанавливаем yq -RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ - && chmod +x /usr/local/bin/yq +# Устанавливаем yq (автоопределение архитектуры) +# RUN ARCH=$(dpkg --print-architecture | sed 's/amd64/amd64/; s/arm64/arm64/; s/aarch64/arm64/') && \ +# wget -qO /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" && \ +# chmod +x /usr/local/bin/yq -# Устанавливаем Docker вручную для AstraLinux -RUN apt-get update && apt-get install -y \ - ca-certificates \ - curl \ - gnupg \ - lsb-release \ - && mkdir -p /usr/share/keyrings \ - && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \ - && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian buster stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \ - && apt-get update \ - && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin \ - && apt-get clean +# Устанавливаем Docker вручную для AstraLinux (автоопределение архитектуры) +# RUN ARCH=$(dpkg --print-architecture) && \ +# apt-get update && apt-get install -y \ +# ca-certificates \ +# curl \ +# gnupg \ +# lsb-release && \ +# mkdir -p /usr/share/keyrings && \ +# curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \ +# echo "deb [arch=${ARCH} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian buster stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \ +# apt-get update && \ +# apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin && \ +# apt-get clean # Устанавливаем Docker Compose -RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose +# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ +# && chmod +x /usr/local/bin/docker-compose # Отключаем Parsec для работы в контейнере RUN if [ -f /etc/parsec/parsec.conf ]; then \ diff --git a/dockerfiles/centos/Dockerfile b/dockerfiles/centos/Dockerfile index 8f7438e..41534a7 100644 --- a/dockerfiles/centos/Dockerfile +++ b/dockerfiles/centos/Dockerfile @@ -14,25 +14,22 @@ RUN dnf install -y --allowerasing \ dbus \ curl \ wget \ - git \ - vim \ nano \ - jq \ python3 \ python3-pip \ sudo \ && dnf clean all # Устанавливаем yq -RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ - && chmod +x /usr/local/bin/yq +# RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ +# && chmod +x /usr/local/bin/yq # Устанавливаем Docker -RUN curl -fsSL https://get.docker.com | sh +# RUN curl -fsSL https://get.docker.com | sh # Устанавливаем Docker Compose -RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose +# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ +# && chmod +x /usr/local/bin/docker-compose # Настраиваем systemd RUN systemctl set-default multi-user.target diff --git a/dockerfiles/debian/Dockerfile b/dockerfiles/debian/Dockerfile index 98bf895..21013b1 100644 --- a/dockerfiles/debian/Dockerfile +++ b/dockerfiles/debian/Dockerfile @@ -14,33 +14,28 @@ RUN apt-get install -y \ dbus \ curl \ wget \ - git \ - vim \ nano \ - htop \ - tree \ - jq \ python3 \ python3-pip \ sudo \ && apt-get clean # Устанавливаем Docker вручную для Debian -RUN apt-get update && apt-get install -y \ - ca-certificates \ - curl \ - gnupg \ - lsb-release \ - && mkdir -p /usr/share/keyrings \ - && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \ - && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bookworm stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \ - && apt-get update \ - && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin \ - && apt-get clean +# RUN apt-get update && apt-get install -y \ +# ca-certificates \ +# curl \ +# gnupg \ +# lsb-release \ +# && mkdir -p /usr/share/keyrings \ +# && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \ +# && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bookworm stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \ +# && apt-get update \ +# && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin \ +# && apt-get clean # Устанавливаем Docker Compose -RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose +# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ +# && chmod +x /usr/local/bin/docker-compose # Настраиваем systemd RUN systemctl set-default multi-user.target diff --git a/dockerfiles/redos/Dockerfile b/dockerfiles/redos/Dockerfile index b1098e2..e687f9d 100644 --- a/dockerfiles/redos/Dockerfile +++ b/dockerfiles/redos/Dockerfile @@ -16,28 +16,26 @@ RUN dnf install -y \ dbus \ curl \ wget \ - git \ - vim \ nano \ - jq \ python3 \ python3-pip \ sudo \ && dnf clean all -# Устанавливаем yq -RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ - && chmod +x /usr/local/bin/yq +# Устанавливаем yq (автоопределение архитектуры) +# RUN ARCH=$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/') && \ +# wget -qO /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" && \ +# chmod +x /usr/local/bin/yq # Устанавливаем Docker вручную для RED OS -RUN dnf install -y dnf-plugins-core \ - && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \ - && dnf install -y docker-ce docker-ce-cli containerd.io \ - && dnf clean all +# RUN dnf install -y dnf-plugins-core \ +# && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \ +# && dnf install -y docker-ce docker-ce-cli containerd.io \ +# && dnf clean all # Устанавливаем Docker Compose -RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose +# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ +# && chmod +x /usr/local/bin/docker-compose # Настраиваем systemd RUN systemctl set-default multi-user.target diff --git a/dockerfiles/rhel/Dockerfile b/dockerfiles/rhel/Dockerfile index 87cfed9..c62c286 100644 --- a/dockerfiles/rhel/Dockerfile +++ b/dockerfiles/rhel/Dockerfile @@ -14,25 +14,25 @@ RUN dnf install -y \ dbus \ curl \ wget \ - git \ - vim \ nano \ - jq \ - python3 \ - python3-pip \ + python39 \ + python39-pip \ sudo \ && dnf clean all +# Создаем symlink для python3 -> python3.9 +RUN ln -sf /usr/bin/python3.9 /usr/bin/python3 + # Устанавливаем yq -RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ - && chmod +x /usr/local/bin/yq +# RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ +# && chmod +x /usr/local/bin/yq # Устанавливаем Docker -RUN curl -fsSL https://get.docker.com | sh +# RUN curl -fsSL https://get.docker.com | sh # Устанавливаем Docker Compose -RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose +# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ +# && chmod +x /usr/local/bin/docker-compose # Настраиваем systemd RUN systemctl set-default multi-user.target diff --git a/dockerfiles/rocky/Dockerfile b/dockerfiles/rocky/Dockerfile index d5c14fb..3744dd8 100644 --- a/dockerfiles/rocky/Dockerfile +++ b/dockerfiles/rocky/Dockerfile @@ -2,7 +2,7 @@ # Автор: Сергей Антропов # Сайт: https://devops.org.ru -FROM rockylinux:8 +FROM rockylinux:9 # Обновляем систему RUN dnf update -y && dnf upgrade -y @@ -14,27 +14,30 @@ RUN dnf install -y \ dbus \ curl \ wget \ - git \ - vim \ nano \ - jq \ python3 \ python3-pip \ + python3-devel \ sudo \ && dnf clean all -# Устанавливаем yq -RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \ - && chmod +x /usr/local/bin/yq +# Устанавливаем более новую версию Python через pip если нужно +RUN python3 -m pip install --upgrade pip + +# Устанавливаем yq (автоматически определяем архитектуру) +# RUN ARCH=$(uname -m) && \ +# if [ "$ARCH" = "x86_64" ]; then ARCH="amd64"; elif [ "$ARCH" = "aarch64" ]; then ARCH="arm64"; fi && \ +# wget -qO /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" && \ +# chmod +x /usr/local/bin/yq # Устанавливаем Docker -RUN dnf install -y dnf-plugins-core \ - && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \ - && dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin +# RUN dnf install -y dnf-plugins-core \ +# && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \ +# && dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin # Устанавливаем Docker Compose -RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose +# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ +# && chmod +x /usr/local/bin/docker-compose # Настраиваем systemd RUN systemctl set-default multi-user.target diff --git a/dockerfiles/ubuntu/Dockerfile b/dockerfiles/ubuntu/Dockerfile index 7ac6296..126c015 100644 --- a/dockerfiles/ubuntu/Dockerfile +++ b/dockerfiles/ubuntu/Dockerfile @@ -14,33 +14,28 @@ RUN apt-get install -y \ dbus \ curl \ wget \ - git \ - vim \ nano \ - htop \ - tree \ - jq \ python3 \ python3-pip \ sudo \ && apt-get clean # Устанавливаем Docker вручную для Ubuntu -RUN apt-get update && apt-get install -y \ - ca-certificates \ - curl \ - gnupg \ - lsb-release \ - && mkdir -p /usr/share/keyrings \ - && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \ - && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu jammy stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \ - && apt-get update \ - && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin \ - && apt-get clean +# RUN apt-get update && apt-get install -y \ +# ca-certificates \ +# curl \ +# gnupg \ +# lsb-release \ +# && mkdir -p /usr/share/keyrings \ +# && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \ +# && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu jammy stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \ +# && apt-get update \ +# && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin \ +# && apt-get clean # Устанавливаем Docker Compose -RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose +# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ +# && chmod +x /usr/local/bin/docker-compose # Настраиваем systemd RUN systemctl set-default multi-user.target diff --git a/docs/platform-support.md b/docs/platform-support.md new file mode 100644 index 0000000..2c3b339 --- /dev/null +++ b/docs/platform-support.md @@ -0,0 +1,148 @@ +# Поддержка платформ в пресетах + +## Автор +Сергей Антропов +Сайт: https://devops.org.ru + +## Описание + +Начиная с версии 1.0, Molecule Template поддерживает указание конкретных платформ для хостов в пресетах. Это позволяет автоматически фильтровать хосты, которые не поддерживаются на текущей архитектуре системы. + +## Обязательные требования + +**Для Astra Linux и RedOS** во всех пресетах **обязательно** должно быть указано `supported_platforms: ["linux/amd64"]`, так как эти системы не поддерживают arm64 архитектуру. Без этого указания могут возникать ошибки при запуске на ARM-системах. + +## Как это работает + +### Определение платформы + +Система автоматически определяет архитектуру хоста при запуске: +- `x86_64` → `linux/amd64` +- `aarch64` / `arm64` → `linux/arm64` +- `armv7l` → `linux/arm/v7` + +### Синтаксис в пресетах + +В файлах пресетов (molecule/presets/*.yml) можно указать поле `supported_platforms` для каждого хоста: + +```yaml +hosts: + - name: ubuntu-test + family: ubuntu + groups: [test] + # Без supported_platforms - работает на всех платформах + publish: + - "8080:80" + + - name: astra-test + family: astra + groups: [test] + supported_platforms: ["linux/amd64"] # Только amd64 + publish: + - "8083:80" + + - name: multi-test + family: ubuntu + groups: [test] + supported_platforms: ["linux/amd64", "linux/arm64"] # Несколько платформ + publish: + - "8084:80" +``` + +### Правила фильтрации + +1. **Если `supported_platforms` не указано** - хост будет запущен на всех платформах +2. **Если `supported_platforms: ["linux/amd64"]`** - хост запустится только на amd64 +3. **Если `supported_platforms: ["linux/amd64", "linux/arm64"]`** - хост запустится на обеих платформах + +### Примеры использования + +#### Универсальный хост (работает везде) +```yaml +- name: universal-test + family: ubuntu + groups: [test] + # supported_platforms не указано = работает на всех платформах +``` + +#### Только для amd64 +```yaml +- name: amd64-only-test + family: astra + groups: [test] + supported_platforms: ["linux/amd64"] +``` + +#### Для нескольких платформ +```yaml +- name: multi-platform-test + family: debian + groups: [test] + supported_platforms: ["linux/amd64", "linux/arm64"] +``` + +## Реализация + +Фильтрация происходит в файле `molecule/default/create.yml`: + +1. Система определяет текущую платформу +2. Загружается пресет +3. Хосты фильтруются по `supported_platforms` +4. Отображается количество хостов для текущей платформы + +```yaml +# Фильтрация хостов по поддерживаемым платформам +- name: Filter hosts by supported platforms + set_fact: + filtered_hosts: "{{ filtered_hosts | default([]) + [item] }}" + loop: "{{ hosts }}" + when: | + item.supported_platforms is not defined or + ansible_architecture in item.supported_platforms +``` + +## Текущее состояние + +### Хосты с ограничениями по платформе + +- **Astra Linux** - только `linux/amd64` (нет нативной поддержки arm64) + - Во всех пресетах имеет `supported_platforms: ["linux/amd64"]` + - Базовый образ `registry.astralinux.ru/library/astra/ubi17:1.7.6.uu2` доступен только для amd64 + +- **RedOS** - только `linux/amd64` (нет нативной поддержки arm64) + - Во всех пресетах имеет `supported_platforms: ["linux/amd64"]` + - Базовый образ `registry.red-soft.ru/ubi7/ubi` доступен только для amd64 + +**Важно:** При запуске на arm64 системе эти хосты будут автоматически исключены из списка, что предотвратит ошибки при сборке и запуске контейнеров. + +### Универсальные хосты + +Следующие системы работают на всех платформах: +- Ubuntu +- Debian +- Alt Linux +- CentOS +- RHEL +- AlmaLinux +- Rocky Linux + +## Примеры запуска + +### На amd64 (все 9 хостов) +```bash +make role test all-images +# Platform linux/amd64: 9 hosts will be deployed +``` + +### На arm64 (7 хостов, без Astra и RedOS) +```bash +make role test all-images +# Platform linux/arm64: 7 hosts will be deployed +``` + +## Дополнительная информация + +- Все образы загружаются с принудительным указанием платформы +- Система автоматически адаптирует количество контейнеров под текущую платформу +- Информация о количестве хостов отображается при запуске + diff --git a/molecule/default/create.yml b/molecule/default/create.yml index 18e3c0b..7c6cc13 100644 --- a/molecule/default/create.yml +++ b/molecule/default/create.yml @@ -23,7 +23,7 @@ privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] hosts: @@ -45,24 +45,65 @@ # environment: # ANSIBLE_COLLECTIONS_PATH: /usr/share/ansible/collections + # Определяем архитектуру системы для корректной загрузки образов + - name: Detect system architecture + shell: | + arch=$(uname -m) + case $arch in + x86_64) echo "linux/amd64" ;; + aarch64|arm64) echo "linux/arm64" ;; + armv7l) echo "linux/arm/v7" ;; + *) echo "linux/amd64" ;; + esac + register: detected_platform + changed_when: false + + - name: Set ansible_architecture variable + set_fact: + ansible_architecture: "{{ detected_platform.stdout }}" + - name: Load preset configuration include_vars: "{{ preset_file }}" when: preset_file is file ignore_errors: true + # Фильтрация хостов по поддерживаемым платформам + - name: Filter hosts by supported platforms + set_fact: + filtered_hosts: "{{ filtered_hosts | default([]) + [item] }}" + loop: "{{ hosts }}" + when: | + item.supported_platforms is not defined or + ansible_architecture in item.supported_platforms + + - name: Update hosts list with filtered results + set_fact: + hosts: "{{ filtered_hosts | default(hosts) }}" + + - name: Display filtered hosts + debug: + msg: "Platform {{ ansible_architecture }}: {{ hosts | length }} hosts will be deployed" + - name: Ensure network exists community.docker.docker_network: name: "{{ docker_network }}" state: present # SYSTEMD nodes - - name: Pull systemd images - community.docker.docker_image: - name: "{{ images[item.family] }}" - source: pull + - name: Pull systemd images with correct platform + command: "docker pull --platform {{ ansible_architecture }} {{ images[item.family] }}" loop: "{{ hosts | selectattr('type','undefined') | list }}" loop_control: { label: "{{ item.name }}" } when: item.family is defined and images[item.family] is defined + register: pull_result + ignore_errors: yes + + - name: Display pull results + debug: + msg: "Pulled {{ item.item.name }}: {{ 'OK' if item.rc == 0 else 'SKIPPED (not available for this platform)' }}" + loop: "{{ pull_result.results | default([]) }}" + loop_control: + label: "{{ item.item.name }}" - name: Start systemd nodes community.docker.docker_container: @@ -77,8 +118,9 @@ capabilities: "{{ systemd_defaults.capabilities | default([]) }}" published_ports: "{{ item.publish | default([]) }}" env: "{{ item.env | default({}) }}" - # Специальные настройки для Astra Linux - security_opts: "{{ ['seccomp=unconfined', 'apparmor=unconfined'] if item.family == 'astra' else [] }}" + # Специальные настройки для Astra Linux и RedOS (для совместимости с amd64 базовыми образами) + security_opts: "{{ ['seccomp=unconfined', 'apparmor=unconfined'] if item.family in ['astra', 'redos'] else [] }}" + platform: "{{ 'linux/amd64' if item.family in ['astra', 'redos'] else omit }}" state: started restart_policy: unless-stopped loop: "{{ hosts | selectattr('type','undefined') | list }}" @@ -161,7 +203,6 @@ inv_content: | [all:vars] ansible_connection=community.docker.docker - ansible_python_interpreter=/usr/bin/python3 ansible_remote_tmp=/tmp/.ansible-tmp {% for group, members in (groups_map | dictsort) %} @@ -173,6 +214,58 @@ [all] {% for h in hosts %}{{ h.name }} {% endfor %} + + {# Группа с Debian-based системами (Debian, Ubuntu, Alt) - используем /usr/bin/python3 #} + {% set debian_hosts = [] %} + {% for h in hosts %} + {% if h.family in ['ubuntu', 'debian', 'alt'] %} + {% set _ = debian_hosts.append(h.name) %} + {% endif %} + {% endfor %} + {% if debian_hosts %} + [debian_family:vars] + ansible_python_interpreter=/usr/bin/python3 + + [debian_family] + {% for h in debian_hosts %}{{ h }} + {% endfor %} + {% endif %} + + {# Группа с RHEL-based системами (RHEL, CentOS, Alma, Rocky, RedOS) #} + {% set rhel_hosts = [] %} + {% for h in hosts %} + {% if h.family in ['rhel', 'centos', 'alma', 'rocky', 'redos'] %} + {% set _ = rhel_hosts.append(h.name) %} + {% endif %} + {% endfor %} + {% if rhel_hosts %} + [rhel_family:vars] + ansible_python_interpreter=/usr/bin/python3 + + [rhel_family] + {% for h in rhel_hosts %}{{ h }} + {% endfor %} + {% endif %} + + {# Astra Linux - используем /usr/bin/python3 #} + {% set astra_hosts = [] %} + {% for h in hosts %} + {% if h.family == 'astra' %} + {% set _ = astra_hosts.append(h.name) %} + {% endif %} + {% endfor %} + {% if astra_hosts %} + [astra_family:vars] + ansible_python_interpreter=/usr/bin/python3 + + [astra_family] + {% for h in astra_hosts %}{{ h }} + {% endfor %} + {% endif %} + + {# Глобальный fallback для остальных хостов #} + [unmatched_hosts:vars] + ansible_python_interpreter=auto_silent - name: Write inventory file copy: diff --git a/molecule/presets/all-images.yml b/molecule/presets/all-images.yml index f85e6b0..bf6de05 100644 --- a/molecule/presets/all-images.yml +++ b/molecule/presets/all-images.yml @@ -2,6 +2,7 @@ #description: Пресет для тестирования всех доступных образов (9 хостов) # Автор: Сергей Антропов # Сайт: https://devops.org.ru +# Примечание: Astra Linux и RedOS поддерживают только linux/amd64 docker_network: labnet generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini" @@ -22,7 +23,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] @@ -58,6 +59,7 @@ hosts: - name: astra-test family: astra groups: [test, astra] + supported_platforms: ["linux/amd64"] # Только amd64 publish: - "8083:80" env: @@ -104,6 +106,7 @@ hosts: - name: redos-test family: redos groups: [test, rhel] + supported_platforms: ["linux/amd64"] # Только amd64 publish: - "8088:80" env: diff --git a/molecule/presets/default.yml b/molecule/presets/default.yml index 04ae232..3362234 100644 --- a/molecule/presets/default.yml +++ b/molecule/presets/default.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] diff --git a/molecule/presets/docker-full.yml b/molecule/presets/docker-full.yml index d003e9c..01a5a5e 100644 --- a/molecule/presets/docker-full.yml +++ b/molecule/presets/docker-full.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] diff --git a/molecule/presets/docker-test.yml b/molecule/presets/docker-test.yml index b3052be..9a605a9 100644 --- a/molecule/presets/docker-test.yml +++ b/molecule/presets/docker-test.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] diff --git a/molecule/presets/etcd-patroni.yml b/molecule/presets/etcd-patroni.yml index 5519100..7e64a1a 100644 --- a/molecule/presets/etcd-patroni.yml +++ b/molecule/presets/etcd-patroni.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] diff --git a/molecule/presets/minimal.yml b/molecule/presets/minimal.yml index 1baa39b..1cc7b4e 100644 --- a/molecule/presets/minimal.yml +++ b/molecule/presets/minimal.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] @@ -31,6 +31,7 @@ hosts: - name: u1 family: astra groups: [test] + supported_platforms: ["linux/amd64"] # Только amd64 - name: u2 family: alt groups: [test] \ No newline at end of file diff --git a/molecule/presets/multi-os.yml b/molecule/presets/multi-os.yml index d81e1e2..0be2b1e 100644 --- a/molecule/presets/multi-os.yml +++ b/molecule/presets/multi-os.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] diff --git a/molecule/presets/performance.yml b/molecule/presets/performance.yml index 4cee82c..79babf3 100644 --- a/molecule/presets/performance.yml +++ b/molecule/presets/performance.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] diff --git a/molecule/presets/security.yml b/molecule/presets/security.yml index 01109f8..098da20 100644 --- a/molecule/presets/security.yml +++ b/molecule/presets/security.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] diff --git a/molecule/presets/stable.yml b/molecule/presets/stable.yml index c171c22..5636631 100644 --- a/molecule/presets/stable.yml +++ b/molecule/presets/stable.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] diff --git a/molecule/presets/standart.yml b/molecule/presets/standart.yml index 1085786..d9807a5 100644 --- a/molecule/presets/standart.yml +++ b/molecule/presets/standart.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] diff --git a/molecule/presets/test.yml b/molecule/presets/test.yml index db39883..f1f376b 100644 --- a/molecule/presets/test.yml +++ b/molecule/presets/test.yml @@ -22,7 +22,7 @@ systemd_defaults: privileged: true command: "/sbin/init" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] diff --git a/roles/deploy.yml b/roles/deploy.yml index 5dd65c3..6e43308 100644 --- a/roles/deploy.yml +++ b/roles/deploy.yml @@ -6,5 +6,5 @@ - name: Развертывание всех ролей hosts: all roles: - - ping - # - devops + # - ping + - devops