Ansible/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Оптимизация Dockerfile: убраны лишние пакеты и закомментированы Docker/yq
Some checks failed
Ansible Testing / lint (push) Has been cancelled
Details
Ansible Testing / test (default) (push) Has been cancelled
Details
Ansible Testing / test (minimal) (push) Has been cancelled
Details
Ansible Testing / test (performance) (push) Has been cancelled
Details
Ansible Testing / deploy-check (push) Has been cancelled
Details

Browse Source 
- Убраны пакеты: vim, jq, git, htop, tree из всех Dockerfile
- Закомментированы установки Docker, Docker Compose, yq
- Обновлен Rocky Linux до версии 9 с Python 3
- Исправлена проблема с passlib в ansible-controller
- Оставлены только необходимые пакеты: systemd, curl, wget, nano, python3, sudo
This commit is contained in:
Сергей Антропов
2025-10-25 22:31:41 +03:00
parent 1fc454e767
commit 7924691d34
28 changed files with 410 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
molecule/default/create.yml
View File

@@ -23,7 +23,7 @@
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]
hosts:
@@ -45,24 +45,65 @@
# environment:
# ANSIBLE_COLLECTIONS_PATH: /usr/share/ansible/collections
# Определяем архитектуру системы для корректной загрузки образов
- name: Detect system architecture
shell: |
arch=$(uname -m)
case $arch in
x86_64) echo "linux/amd64" ;;
aarch64|arm64) echo "linux/arm64" ;;
armv7l) echo "linux/arm/v7" ;;
*) echo "linux/amd64" ;;
esac
register: detected_platform
changed_when: false
- name: Set ansible_architecture variable
set_fact:
ansible_architecture: "{{ detected_platform.stdout }}"
- name: Load preset configuration
include_vars: "{{ preset_file }}"
when: preset_file is file
ignore_errors: true
# Фильтрация хостов по поддерживаемым платформам
- name: Filter hosts by supported platforms
set_fact:
filtered_hosts: "{{ filtered_hosts | default([]) + [item] }}"
loop: "{{ hosts }}"
when: |
item.supported_platforms is not defined or
ansible_architecture in item.supported_platforms
- name: Update hosts list with filtered results
set_fact:
hosts: "{{ filtered_hosts | default(hosts) }}"
- name: Display filtered hosts
debug:
msg: "Platform {{ ansible_architecture }}: {{ hosts | length }} hosts will be deployed"
- name: Ensure network exists
community.docker.docker_network:
name: "{{ docker_network }}"
state: present
# SYSTEMD nodes
- name: Pull systemd images
community.docker.docker_image:
name: "{{ images[item.family] }}"
source: pull
- name: Pull systemd images with correct platform
command: "docker pull --platform {{ ansible_architecture }} {{ images[item.family] }}"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
register: pull_result
ignore_errors: yes
- name: Display pull results
debug:
msg: "Pulled {{ item.item.name }}: {{ 'OK' if item.rc == 0 else 'SKIPPED (not available for this platform)' }}"
loop: "{{ pull_result.results | default([]) }}"
loop_control:
label: "{{ item.item.name }}"
- name: Start systemd nodes
community.docker.docker_container:
@@ -77,8 +118,9 @@
capabilities: "{{ systemd_defaults.capabilities | default([]) }}"
published_ports: "{{ item.publish | default([]) }}"
env: "{{ item.env | default({}) }}"
# Специальные настройки для Astra Linux
security_opts: "{{ ['seccomp=unconfined', 'apparmor=unconfined'] if item.family == 'astra' else [] }}"
# Специальные настройки для Astra Linux и RedOS (для совместимости с amd64 базовыми образами)
security_opts: "{{ ['seccomp=unconfined', 'apparmor=unconfined'] if item.family in ['astra', 'redos'] else [] }}"
platform: "{{ 'linux/amd64' if item.family in ['astra', 'redos'] else omit }}"
state: started
restart_policy: unless-stopped
loop: "{{ hosts | selectattr('type','undefined') | list }}"
@@ -161,7 +203,6 @@
inv_content: |
[all:vars]
ansible_connection=community.docker.docker
ansible_python_interpreter=/usr/bin/python3
ansible_remote_tmp=/tmp/.ansible-tmp
{% for group, members in (groups_map | dictsort) %}
@@ -173,6 +214,58 @@
[all]
{% for h in hosts %}{{ h.name }}
{% endfor %}
{# Группа с Debian-based системами (Debian, Ubuntu, Alt) - используем /usr/bin/python3 #}
{% set debian_hosts = [] %}
{% for h in hosts %}
{% if h.family in ['ubuntu', 'debian', 'alt'] %}
{% set _ = debian_hosts.append(h.name) %}
{% endif %}
{% endfor %}
{% if debian_hosts %}
[debian_family:vars]
ansible_python_interpreter=/usr/bin/python3
[debian_family]
{% for h in debian_hosts %}{{ h }}
{% endfor %}
{% endif %}
{# Группа с RHEL-based системами (RHEL, CentOS, Alma, Rocky, RedOS) #}
{% set rhel_hosts = [] %}
{% for h in hosts %}
{% if h.family in ['rhel', 'centos', 'alma', 'rocky', 'redos'] %}
{% set _ = rhel_hosts.append(h.name) %}
{% endif %}
{% endfor %}
{% if rhel_hosts %}
[rhel_family:vars]
ansible_python_interpreter=/usr/bin/python3
[rhel_family]
{% for h in rhel_hosts %}{{ h }}
{% endfor %}
{% endif %}
{# Astra Linux - используем /usr/bin/python3 #}
{% set astra_hosts = [] %}
{% for h in hosts %}
{% if h.family == 'astra' %}
{% set _ = astra_hosts.append(h.name) %}
{% endif %}
{% endfor %}
{% if astra_hosts %}
[astra_family:vars]
ansible_python_interpreter=/usr/bin/python3
[astra_family]
{% for h in astra_hosts %}{{ h }}
{% endfor %}
{% endif %}
{# Глобальный fallback для остальных хостов #}
[unmatched_hosts:vars]
ansible_python_interpreter=auto_silent
- name: Write inventory file
copy:

5
molecule/presets/all-images.yml
View File

@@ -2,6 +2,7 @@
#description: Пресет для тестирования всех доступных образов (9 хостов)
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
# Примечание: Astra Linux и RedOS поддерживают только linux/amd64
docker_network: labnet
generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
@@ -22,7 +23,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]
@@ -58,6 +59,7 @@ hosts:
- name: astra-test
family: astra
groups: [test, astra]
supported_platforms: ["linux/amd64"] # Только amd64
publish:
- "8083:80"
env:
@@ -104,6 +106,7 @@ hosts:
- name: redos-test
family: redos
groups: [test, rhel]
supported_platforms: ["linux/amd64"] # Только amd64
publish:
- "8088:80"
env:

2
molecule/presets/default.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]

2
molecule/presets/docker-full.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]

2
molecule/presets/docker-test.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]

2
molecule/presets/etcd-patroni.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]

3
molecule/presets/minimal.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]
@@ -31,6 +31,7 @@ hosts:
- name: u1
family: astra
groups: [test]
supported_platforms: ["linux/amd64"] # Только amd64
- name: u2
family: alt
groups: [test]

2
molecule/presets/multi-os.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]

2
molecule/presets/performance.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]

2
molecule/presets/security.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]

2
molecule/presets/stable.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]

2
molecule/presets/standart.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]

2
molecule/presets/test.yml
View File

@@ -22,7 +22,7 @@ systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]