Оптимизация Dockerfile: убраны лишние пакеты и закомментированы Docker/yq

- Убраны пакеты: vim, jq, git, htop, tree из всех Dockerfile - Закомментированы установки Docker, Docker Compose, yq - Обновлен Rocky Linux до версии 9 с Python 3 - Исправлена проблема с passlib в ansible-controller - Оставлены только необходимые пакеты: systemd, curl, wget, nano, python3, sudo
2025-10-25 22:31:41 +03:00
parent 1fc454e767
commit 7924691d34
28 changed files with 410 additions and 153 deletions
--- a/19
+++ b/19
@@ -915,6 +915,20 @@ controller:
 				--push \
 				.; \
 			echo "✅ ansible-controller собран и отправлен";; \
+		rebuild) \
+			echo "🔄 Пересборка ansible-controller с исправлениями..."; \
+			echo "📋 Платформы: $(DOCKER_PLATFORMS)"; \
+			echo "🔧 Исправления: добавлен passlib для хеширования паролей"; \
+			$(MAKE) docker setup-builder; \
+			cd dockerfiles/ansible-controller && \
+			docker buildx build \
+				--platform $(DOCKER_PLATFORMS) \
+				--tag $(DOCKER_REGISTRY):ansible-controller-$(DOCKER_VERSION) \
+				--tag $(DOCKER_REGISTRY):ansible-controller-latest \
+				--push \
+				--no-cache \
+				.; \
+			echo "✅ ansible-controller пересобран с исправлениями";; \
 		run) \
 			echo "🚀 Запуск ansible-controller..."; \
 			cd dockerfiles/ansible-controller && docker-compose up -d; \
@@ -932,6 +946,11 @@ controller:
 			echo "     💡 Использует: dockerfiles/ansible-controller/Dockerfile"; \
 			echo "     💡 Requirements: dockerfiles/ansible-controller/requirements.yml"; \
 			echo ""; \
+			echo "  🔄 make controller rebuild - пересобрать ansible-controller с исправлениями"; \
+			echo "     💡 Пересобирает: с --no-cache для применения исправлений"; \
+			echo "     💡 Исправления: добавлен passlib для хеширования паролей"; \
+			echo "     💡 Платформы: $(DOCKER_PLATFORMS)"; \
+			echo ""; \
 			echo "  🚀 make controller run     - запустить ansible-controller"; \
 			echo "     💡 Запускает: docker-compose up -d"; \
 			echo "     💡 Использует: dockerfiles/ansible-controller/docker-compose.yml"; \
--- a/dockerfiles/alma/Dockerfile
+++ b/dockerfiles/alma/Dockerfile
@@ -15,27 +15,27 @@ RUN dnf install -y \
    dbus \
    curl \
    wget \
-    git \
-    vim \
    nano \
-    jq \
-    python3 \
-    python3-pip \
+    python39 \
+    python39-pip \
    sudo \
    && dnf clean all

+# Создаем symlink для python3 -> python3.9
+RUN ln -sf /usr/bin/python3.9 /usr/bin/python3
+
 # Устанавливаем yq
-RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
-    && chmod +x /usr/local/bin/yq
+# RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
+#     && chmod +x /usr/local/bin/yq

 # Устанавливаем Docker
-RUN dnf install -y dnf-plugins-core \
-    && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \
-    && dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+# RUN dnf install -y dnf-plugins-core \
+#     && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \
+#     && dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

 # Устанавливаем Docker Compose
-RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose
+# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
+#     && chmod +x /usr/local/bin/docker-compose

 # Настраиваем systemd
 RUN systemctl set-default multi-user.target
--- a/dockerfiles/alt-linux/Dockerfile
+++ b/dockerfiles/alt-linux/Dockerfile
@@ -14,12 +14,7 @@ RUN apt-get install -y \
    dbus \
    curl \
    wget \
-    git \
-    vim-enhanced \
    nano \
-    htop \
-    tree \
-    jq \
    python3 \
    sudo \
    && apt-get clean
@@ -28,19 +23,19 @@ RUN apt-get install -y \
 RUN curl -sS https://bootstrap.pypa.io/pip/3.7/get-pip.py | python3

 # Устанавливаем yq
-RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
-    && chmod +x /usr/local/bin/yq
+# RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
+#     && chmod +x /usr/local/bin/yq

 # Устанавливаем Docker вручную для ALT Linux
-RUN apt-get update && apt-get install -y \
-    ca-certificates \
-    curl \
-    gnupg \
-    && apt-get clean
+# RUN apt-get update && apt-get install -y \
+#     ca-certificates \
+#     curl \
+#     gnupg \
+#     && apt-get clean

 # Устанавливаем Docker Compose
-RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose
+# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
+#     && chmod +x /usr/local/bin/docker-compose

 # Настраиваем systemd
 RUN systemctl set-default multi-user.target
--- a/dockerfiles/ansible-controller/Dockerfile
+++ b/dockerfiles/ansible-controller/Dockerfile
@@ -16,8 +16,8 @@ RUN apt-get install -y \
    build-essential \
    && apt-get clean

-# Устанавливаем Ansible и ansible-lint
-RUN pip3 install ansible ansible-core ansible-lint
+# Устанавливаем Ansible, ansible-lint и passlib для хеширования паролей
+RUN pip3 install ansible ansible-core ansible-lint passlib

 # Устанавливаем дополнительные пакеты
 RUN apt-get install -y \
@@ -56,8 +56,12 @@ RUN curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64 \
 #    && mv istio-1.22.1/bin/istioctl /usr/local/bin/ \
 #    && rm -rf istio-1.22.1

-# Копируем requirements.yml
+# Копируем файлы зависимостей
 COPY requirements.yml /tmp/requirements.yml
+COPY requirements.txt /tmp/requirements.txt
+
+# Устанавливаем Python зависимости
+RUN pip3 install -r /tmp/requirements.txt

 # Устанавливаем Ansible коллекции
 RUN ansible-galaxy collection install -r /tmp/requirements.yml
--- a/dockerfiles/ansible-controller/requirements.txt
+++ b/dockerfiles/ansible-controller/requirements.txt
@@ -0,0 +1,9 @@
+# Python зависимости для Ansible Controller
+# Автор: Сергей Антропов
+# Сайт: https://devops.org.ru
+
+# Основные зависимости для работы с паролями
+passlib>=1.7.4
+
+# Дополнительные зависимости для безопасности
+bcrypt>=4.0.1
--- a/dockerfiles/ansible-controller/requirements.yml
+++ b/dockerfiles/ansible-controller/requirements.yml
@@ -1,5 +1,5 @@
 ---
-# Ansible Collections для Molecule Universal
+# Ansible Collections for Molecule Universal
 collections:
  - name: community.docker
    version: ">=3.0.0"
--- a/dockerfiles/astra-linux/Dockerfile
+++ b/dockerfiles/astra-linux/Dockerfile
@@ -15,37 +15,34 @@ RUN apt-get install -y \
    dbus \
    curl \
    wget \
-    git \
-    vim \
    nano \
-    htop \
-    tree \
-    jq \
    python3 \
    python3-pip \
    sudo \
    && apt-get clean

-# Устанавливаем yq
-RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
-    && chmod +x /usr/local/bin/yq
+# Устанавливаем yq (автоопределение архитектуры)
+# RUN ARCH=$(dpkg --print-architecture | sed 's/amd64/amd64/; s/arm64/arm64/; s/aarch64/arm64/') && \
+#     wget -qO /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" && \
+#     chmod +x /usr/local/bin/yq

-# Устанавливаем Docker вручную для AstraLinux
-RUN apt-get update && apt-get install -y \
-    ca-certificates \
-    curl \
-    gnupg \
-    lsb-release \
-    && mkdir -p /usr/share/keyrings \
-    && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
-    && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian buster stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
-    && apt-get update \
-    && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin \
-    && apt-get clean
+# Устанавливаем Docker вручную для AstraLinux (автоопределение архитектуры)
+# RUN ARCH=$(dpkg --print-architecture) && \
+#     apt-get update && apt-get install -y \
+#     ca-certificates \
+#     curl \
+#     gnupg \
+#     lsb-release && \
+#     mkdir -p /usr/share/keyrings && \
+#     curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \
+#     echo "deb [arch=${ARCH} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian buster stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+#     apt-get update && \
+#     apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin && \
+#     apt-get clean

 # Устанавливаем Docker Compose
-RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose
+# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
+#     && chmod +x /usr/local/bin/docker-compose

 # Отключаем Parsec для работы в контейнере
 RUN if [ -f /etc/parsec/parsec.conf ]; then \
--- a/dockerfiles/centos/Dockerfile
+++ b/dockerfiles/centos/Dockerfile
@@ -14,25 +14,22 @@ RUN dnf install -y --allowerasing \
    dbus \
    curl \
    wget \
-    git \
-    vim \
    nano \
-    jq \
    python3 \
    python3-pip \
    sudo \
    && dnf clean all

 # Устанавливаем yq
-RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
-    && chmod +x /usr/local/bin/yq
+# RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
+#     && chmod +x /usr/local/bin/yq

 # Устанавливаем Docker
-RUN curl -fsSL https://get.docker.com | sh
+# RUN curl -fsSL https://get.docker.com | sh

 # Устанавливаем Docker Compose
-RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose
+# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
+#     && chmod +x /usr/local/bin/docker-compose

 # Настраиваем systemd
 RUN systemctl set-default multi-user.target
--- a/dockerfiles/debian/Dockerfile
+++ b/dockerfiles/debian/Dockerfile
@@ -14,33 +14,28 @@ RUN apt-get install -y \
    dbus \
    curl \
    wget \
-    git \
-    vim \
    nano \
-    htop \
-    tree \
-    jq \
    python3 \
    python3-pip \
    sudo \
    && apt-get clean

 # Устанавливаем Docker вручную для Debian
-RUN apt-get update && apt-get install -y \
-    ca-certificates \
-    curl \
-    gnupg \
-    lsb-release \
-    && mkdir -p /usr/share/keyrings \
-    && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
-    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bookworm stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
-    && apt-get update \
-    && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin \
-    && apt-get clean
+# RUN apt-get update && apt-get install -y \
+#     ca-certificates \
+#     curl \
+#     gnupg \
+#     lsb-release \
+#     && mkdir -p /usr/share/keyrings \
+#     && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
+#     && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bookworm stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
+#     && apt-get update \
+#     && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin \
+#     && apt-get clean

 # Устанавливаем Docker Compose
-RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose
+# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
+#     && chmod +x /usr/local/bin/docker-compose

 # Настраиваем systemd
 RUN systemctl set-default multi-user.target
--- a/dockerfiles/redos/Dockerfile
+++ b/dockerfiles/redos/Dockerfile
@@ -16,28 +16,26 @@ RUN dnf install -y \
    dbus \
    curl \
    wget \
-    git \
-    vim \
    nano \
-    jq \
    python3 \
    python3-pip \
    sudo \
    && dnf clean all

-# Устанавливаем yq
-RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
-    && chmod +x /usr/local/bin/yq
+# Устанавливаем yq (автоопределение архитектуры)
+# RUN ARCH=$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/') && \
+#     wget -qO /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" && \
+#     chmod +x /usr/local/bin/yq

 # Устанавливаем Docker вручную для RED OS
-RUN dnf install -y dnf-plugins-core \
-    && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \
-    && dnf install -y docker-ce docker-ce-cli containerd.io \
-    && dnf clean all
+# RUN dnf install -y dnf-plugins-core \
+#     && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \
+#     && dnf install -y docker-ce docker-ce-cli containerd.io \
+#     && dnf clean all

 # Устанавливаем Docker Compose
-RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose
+# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
+#     && chmod +x /usr/local/bin/docker-compose

 # Настраиваем systemd
 RUN systemctl set-default multi-user.target
--- a/dockerfiles/rhel/Dockerfile
+++ b/dockerfiles/rhel/Dockerfile
@@ -14,25 +14,25 @@ RUN dnf install -y \
    dbus \
    curl \
    wget \
-    git \
-    vim \
    nano \
-    jq \
-    python3 \
-    python3-pip \
+    python39 \
+    python39-pip \
    sudo \
    && dnf clean all

+# Создаем symlink для python3 -> python3.9
+RUN ln -sf /usr/bin/python3.9 /usr/bin/python3
+
 # Устанавливаем yq
-RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
-    && chmod +x /usr/local/bin/yq
+# RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
+#     && chmod +x /usr/local/bin/yq

 # Устанавливаем Docker
-RUN curl -fsSL https://get.docker.com | sh
+# RUN curl -fsSL https://get.docker.com | sh

 # Устанавливаем Docker Compose
-RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose
+# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
+#     && chmod +x /usr/local/bin/docker-compose

 # Настраиваем systemd
 RUN systemctl set-default multi-user.target
--- a/dockerfiles/rocky/Dockerfile
+++ b/dockerfiles/rocky/Dockerfile
@@ -2,7 +2,7 @@
 # Автор: Сергей Антропов
 # Сайт: https://devops.org.ru

-FROM rockylinux:8
+FROM rockylinux:9

 # Обновляем систему
 RUN dnf update -y && dnf upgrade -y
@@ -14,27 +14,30 @@ RUN dnf install -y \
    dbus \
    curl \
    wget \
-    git \
-    vim \
    nano \
-    jq \
    python3 \
    python3-pip \
+    python3-devel \
    sudo \
    && dnf clean all

-# Устанавливаем yq
-RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 \
-    && chmod +x /usr/local/bin/yq
+# Устанавливаем более новую версию Python через pip если нужно
+RUN python3 -m pip install --upgrade pip
+
+# Устанавливаем yq (автоматически определяем архитектуру)
+# RUN ARCH=$(uname -m) && \
+#     if [ "$ARCH" = "x86_64" ]; then ARCH="amd64"; elif [ "$ARCH" = "aarch64" ]; then ARCH="arm64"; fi && \
+#     wget -qO /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" && \
+#     chmod +x /usr/local/bin/yq

 # Устанавливаем Docker
-RUN dnf install -y dnf-plugins-core \
-    && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \
-    && dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+# RUN dnf install -y dnf-plugins-core \
+#     && dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \
+#     && dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

 # Устанавливаем Docker Compose
-RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose
+# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
+#     && chmod +x /usr/local/bin/docker-compose

 # Настраиваем systemd
 RUN systemctl set-default multi-user.target
--- a/dockerfiles/ubuntu/Dockerfile
+++ b/dockerfiles/ubuntu/Dockerfile
@@ -14,33 +14,28 @@ RUN apt-get install -y \
    dbus \
    curl \
    wget \
-    git \
-    vim \
    nano \
-    htop \
-    tree \
-    jq \
    python3 \
    python3-pip \
    sudo \
    && apt-get clean

 # Устанавливаем Docker вручную для Ubuntu
-RUN apt-get update && apt-get install -y \
-    ca-certificates \
-    curl \
-    gnupg \
-    lsb-release \
-    && mkdir -p /usr/share/keyrings \
-    && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
-    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu jammy stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
-    && apt-get update \
-    && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin \
-    && apt-get clean
+# RUN apt-get update && apt-get install -y \
+#     ca-certificates \
+#     curl \
+#     gnupg \
+#     lsb-release \
+#     && mkdir -p /usr/share/keyrings \
+#     && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
+#     && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu jammy stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
+#     && apt-get update \
+#     && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin \
+#     && apt-get clean

 # Устанавливаем Docker Compose
-RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose
+# RUN curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
+#     && chmod +x /usr/local/bin/docker-compose

 # Настраиваем systemd
 RUN systemctl set-default multi-user.target
--- a/docs/platform-support.md
+++ b/docs/platform-support.md
@@ -0,0 +1,148 @@
+# Поддержка платформ в пресетах
+
+## Автор
+Сергей Антропов
+Сайт: https://devops.org.ru
+
+## Описание
+
+Начиная с версии 1.0, Molecule Template поддерживает указание конкретных платформ для хостов в пресетах. Это позволяет автоматически фильтровать хосты, которые не поддерживаются на текущей архитектуре системы.
+
+## Обязательные требования
+
+**Для Astra Linux и RedOS** во всех пресетах **обязательно** должно быть указано `supported_platforms: ["linux/amd64"]`, так как эти системы не поддерживают arm64 архитектуру. Без этого указания могут возникать ошибки при запуске на ARM-системах.
+
+## Как это работает
+
+### Определение платформы
+
+Система автоматически определяет архитектуру хоста при запуске:
+- `x86_64` → `linux/amd64`
+- `aarch64` / `arm64` → `linux/arm64`
+- `armv7l` → `linux/arm/v7`
+
+### Синтаксис в пресетах
+
+В файлах пресетов (molecule/presets/*.yml) можно указать поле `supported_platforms` для каждого хоста:
+
+```yaml
+hosts:
+  - name: ubuntu-test
+    family: ubuntu
+    groups: [test]
+    # Без supported_platforms - работает на всех платформах
+    publish:
+      - "8080:80"
+
+  - name: astra-test
+    family: astra
+    groups: [test]
+    supported_platforms: ["linux/amd64"]  # Только amd64
+    publish:
+      - "8083:80"
+
+  - name: multi-test
+    family: ubuntu
+    groups: [test]
+    supported_platforms: ["linux/amd64", "linux/arm64"]  # Несколько платформ
+    publish:
+      - "8084:80"
+```
+
+### Правила фильтрации
+
+1. **Если `supported_platforms` не указано** - хост будет запущен на всех платформах
+2. **Если `supported_platforms: ["linux/amd64"]`** - хост запустится только на amd64
+3. **Если `supported_platforms: ["linux/amd64", "linux/arm64"]`** - хост запустится на обеих платформах
+
+### Примеры использования
+
+#### Универсальный хост (работает везде)
+```yaml
+- name: universal-test
+  family: ubuntu
+  groups: [test]
+  # supported_platforms не указано = работает на всех платформах
+```
+
+#### Только для amd64
+```yaml
+- name: amd64-only-test
+  family: astra
+  groups: [test]
+  supported_platforms: ["linux/amd64"]
+```
+
+#### Для нескольких платформ
+```yaml
+- name: multi-platform-test
+  family: debian
+  groups: [test]
+  supported_platforms: ["linux/amd64", "linux/arm64"]
+```
+
+## Реализация
+
+Фильтрация происходит в файле `molecule/default/create.yml`:
+
+1. Система определяет текущую платформу
+2. Загружается пресет
+3. Хосты фильтруются по `supported_platforms`
+4. Отображается количество хостов для текущей платформы
+
+```yaml
+# Фильтрация хостов по поддерживаемым платформам
+- name: Filter hosts by supported platforms
+  set_fact:
+    filtered_hosts: "{{ filtered_hosts | default([]) + [item] }}"
+  loop: "{{ hosts }}"
+  when: |
+    item.supported_platforms is not defined or
+    ansible_architecture in item.supported_platforms
+```
+
+## Текущее состояние
+
+### Хосты с ограничениями по платформе
+
+- **Astra Linux** - только `linux/amd64` (нет нативной поддержки arm64)
+  - Во всех пресетах имеет `supported_platforms: ["linux/amd64"]`
+  - Базовый образ `registry.astralinux.ru/library/astra/ubi17:1.7.6.uu2` доступен только для amd64
+  
+- **RedOS** - только `linux/amd64` (нет нативной поддержки arm64)
+  - Во всех пресетах имеет `supported_platforms: ["linux/amd64"]`
+  - Базовый образ `registry.red-soft.ru/ubi7/ubi` доступен только для amd64
+
+**Важно:** При запуске на arm64 системе эти хосты будут автоматически исключены из списка, что предотвратит ошибки при сборке и запуске контейнеров.
+
+### Универсальные хосты
+
+Следующие системы работают на всех платформах:
+- Ubuntu
+- Debian
+- Alt Linux
+- CentOS
+- RHEL
+- AlmaLinux
+- Rocky Linux
+
+## Примеры запуска
+
+### На amd64 (все 9 хостов)
+```bash
+make role test all-images
+# Platform linux/amd64: 9 hosts will be deployed
+```
+
+### На arm64 (7 хостов, без Astra и RedOS)
+```bash
+make role test all-images
+# Platform linux/arm64: 7 hosts will be deployed
+```
+
+## Дополнительная информация
+
+- Все образы загружаются с принудительным указанием платформы
+- Система автоматически адаптирует количество контейнеров под текущую платформу
+- Информация о количестве хостов отображается при запуске
+
--- a/molecule/default/create.yml
+++ b/molecule/default/create.yml
@@ -23,7 +23,7 @@
      privileged: true
      command: "/sbin/init"
      volumes:
-        - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+        - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
      tmpfs: ["/run", "/run/lock"]
      capabilities: ["SYS_ADMIN"]
    hosts:
@@ -45,24 +45,65 @@
 #      environment:
 #        ANSIBLE_COLLECTIONS_PATH: /usr/share/ansible/collections

+    # Определяем архитектуру системы для корректной загрузки образов
+    - name: Detect system architecture
+      shell: |
+        arch=$(uname -m)
+        case $arch in
+          x86_64) echo "linux/amd64" ;;
+          aarch64|arm64) echo "linux/arm64" ;;
+          armv7l) echo "linux/arm/v7" ;;
+          *) echo "linux/amd64" ;;
+        esac
+      register: detected_platform
+      changed_when: false
+
+    - name: Set ansible_architecture variable
+      set_fact:
+        ansible_architecture: "{{ detected_platform.stdout }}"
+
    - name: Load preset configuration
      include_vars: "{{ preset_file }}"
      when: preset_file is file
      ignore_errors: true

+    # Фильтрация хостов по поддерживаемым платформам
+    - name: Filter hosts by supported platforms
+      set_fact:
+        filtered_hosts: "{{ filtered_hosts | default([]) + [item] }}"
+      loop: "{{ hosts }}"
+      when: |
+        item.supported_platforms is not defined or
+        ansible_architecture in item.supported_platforms
+
+    - name: Update hosts list with filtered results
+      set_fact:
+        hosts: "{{ filtered_hosts | default(hosts) }}"
+
+    - name: Display filtered hosts
+      debug:
+        msg: "Platform {{ ansible_architecture }}: {{ hosts | length }} hosts will be deployed"
+
    - name: Ensure network exists
      community.docker.docker_network:
        name: "{{ docker_network }}"
        state: present

    # SYSTEMD nodes
-    - name: Pull systemd images
-      community.docker.docker_image:
-        name: "{{ images[item.family] }}"
-        source: pull
+    - name: Pull systemd images with correct platform
+      command: "docker pull --platform {{ ansible_architecture }} {{ images[item.family] }}"
      loop: "{{ hosts | selectattr('type','undefined') | list }}"
      loop_control: { label: "{{ item.name }}" }
      when: item.family is defined and images[item.family] is defined
+      register: pull_result
+      ignore_errors: yes
+
+    - name: Display pull results
+      debug:
+        msg: "Pulled {{ item.item.name }}: {{ 'OK' if item.rc == 0 else 'SKIPPED (not available for this platform)' }}"
+      loop: "{{ pull_result.results | default([]) }}"
+      loop_control:
+        label: "{{ item.item.name }}"

    - name: Start systemd nodes
      community.docker.docker_container:
@@ -77,8 +118,9 @@
        capabilities: "{{ systemd_defaults.capabilities | default([]) }}"
        published_ports: "{{ item.publish | default([]) }}"
        env: "{{ item.env | default({}) }}"
-        # Специальные настройки для Astra Linux
-        security_opts: "{{ ['seccomp=unconfined', 'apparmor=unconfined'] if item.family == 'astra' else [] }}"
+        # Специальные настройки для Astra Linux и RedOS (для совместимости с amd64 базовыми образами)
+        security_opts: "{{ ['seccomp=unconfined', 'apparmor=unconfined'] if item.family in ['astra', 'redos'] else [] }}"
+        platform: "{{ 'linux/amd64' if item.family in ['astra', 'redos'] else omit }}"
        state: started
        restart_policy: unless-stopped
      loop: "{{ hosts | selectattr('type','undefined') | list }}"
@@ -161,7 +203,6 @@
        inv_content: |
          [all:vars]
          ansible_connection=community.docker.docker
-          ansible_python_interpreter=/usr/bin/python3
          ansible_remote_tmp=/tmp/.ansible-tmp

          {% for group, members in (groups_map | dictsort) %}
@@ -174,6 +215,58 @@
          {% for h in hosts %}{{ h.name }}
          {% endfor %}
          
+          {# Группа с Debian-based системами (Debian, Ubuntu, Alt) - используем /usr/bin/python3 #}
+          {% set debian_hosts = [] %}
+          {% for h in hosts %}
+            {% if h.family in ['ubuntu', 'debian', 'alt'] %}
+              {% set _ = debian_hosts.append(h.name) %}
+            {% endif %}
+          {% endfor %}
+          {% if debian_hosts %}
+          [debian_family:vars]
+          ansible_python_interpreter=/usr/bin/python3
+          
+          [debian_family]
+          {% for h in debian_hosts %}{{ h }}
+          {% endfor %}
+          {% endif %}
+          
+          {# Группа с RHEL-based системами (RHEL, CentOS, Alma, Rocky, RedOS) #}
+          {% set rhel_hosts = [] %}
+          {% for h in hosts %}
+            {% if h.family in ['rhel', 'centos', 'alma', 'rocky', 'redos'] %}
+              {% set _ = rhel_hosts.append(h.name) %}
+            {% endif %}
+          {% endfor %}
+          {% if rhel_hosts %}
+          [rhel_family:vars]
+          ansible_python_interpreter=/usr/bin/python3
+          
+          [rhel_family]
+          {% for h in rhel_hosts %}{{ h }}
+          {% endfor %}
+          {% endif %}
+          
+          {# Astra Linux - используем /usr/bin/python3 #}
+          {% set astra_hosts = [] %}
+          {% for h in hosts %}
+            {% if h.family == 'astra' %}
+              {% set _ = astra_hosts.append(h.name) %}
+            {% endif %}
+          {% endfor %}
+          {% if astra_hosts %}
+          [astra_family:vars]
+          ansible_python_interpreter=/usr/bin/python3
+          
+          [astra_family]
+          {% for h in astra_hosts %}{{ h }}
+          {% endfor %}
+          {% endif %}
+          
+          {# Глобальный fallback для остальных хостов #}
+          [unmatched_hosts:vars]
+          ansible_python_interpreter=auto_silent
+
    - name: Write inventory file
      copy:
        dest: "{{ generated_inventory }}"
--- a/molecule/presets/all-images.yml
+++ b/molecule/presets/all-images.yml
@@ -2,6 +2,7 @@
 #description: Пресет для тестирования всех доступных образов (9 хостов)
 # Автор: Сергей Антропов
 # Сайт: https://devops.org.ru
+# Примечание: Astra Linux и RedOS поддерживают только linux/amd64

 docker_network: labnet
 generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
@@ -22,7 +23,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

@@ -58,6 +59,7 @@ hosts:
  - name: astra-test
    family: astra
    groups: [test, astra]
+    supported_platforms: ["linux/amd64"]  # Только amd64
    publish:
      - "8083:80"
    env:
@@ -104,6 +106,7 @@ hosts:
  - name: redos-test
    family: redos
    groups: [test, rhel]
+    supported_platforms: ["linux/amd64"]  # Только amd64
    publish:
      - "8088:80"
    env:
--- a/molecule/presets/default.yml
+++ b/molecule/presets/default.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

--- a/molecule/presets/docker-full.yml
+++ b/molecule/presets/docker-full.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

--- a/molecule/presets/docker-test.yml
+++ b/molecule/presets/docker-test.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

--- a/molecule/presets/etcd-patroni.yml
+++ b/molecule/presets/etcd-patroni.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

--- a/molecule/presets/minimal.yml
+++ b/molecule/presets/minimal.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

@@ -31,6 +31,7 @@ hosts:
  - name: u1
    family: astra
    groups: [test]
+    supported_platforms: ["linux/amd64"]  # Только amd64
  - name: u2
    family: alt
    groups: [test]
--- a/molecule/presets/multi-os.yml
+++ b/molecule/presets/multi-os.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

--- a/molecule/presets/performance.yml
+++ b/molecule/presets/performance.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

--- a/molecule/presets/security.yml
+++ b/molecule/presets/security.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

--- a/molecule/presets/stable.yml
+++ b/molecule/presets/stable.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

--- a/molecule/presets/standart.yml
+++ b/molecule/presets/standart.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

--- a/molecule/presets/test.yml
+++ b/molecule/presets/test.yml
@@ -22,7 +22,7 @@ systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
-    - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

--- a/roles/deploy.yml
+++ b/roles/deploy.yml
@@ -6,5 +6,5 @@
 - name: Развертывание всех ролей
  hosts: all
  roles:
-    - ping
-  #  - devops
+  #  - ping
+    - devops