Ansible/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Рефакторинг: вынес запуск ролей в отдельный файл deploy.yml

Browse Source 
- Создан файл roles/deploy.yml с блоком запуска роли nginx
- Обновлен molecule/default/site.yml для импорта deploy.yml
- Улучшена модульность структуры проекта
- Автор: Сергей Антропов
This commit is contained in:
Sergey Antropoff
2025-10-22 22:34:07 +03:00
parent 0b981ca61e
commit c99df83bad
23 changed files with 661 additions and 659 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
molecule/universal/converge.yml → molecule/default/converge.yml
View File

@@ -8,10 +8,10 @@
# добавляй сюда свои пути (host_vars/*/vault.yml, group_vars/*/vault.yml, и т.п.)
tasks:
- name: Install required collections (use repo's requirements.yml)
- name: Install collections
community.docker.docker_container_exec:
container: ansible
command: bash -lc "ansible-galaxy collection install -r /ansible/requirements.yml || true"
command: bash -lc "ansible-galaxy collection install -r /ansible/requirements.yml --force --no-deps --upgrade >/dev/null 2>&1 || true"
- name: Decrypt vault targets (best-effort)
community.docker.docker_container_exec:
@@ -33,7 +33,7 @@
command: >
bash -lc "
ANSIBLE_ROLES_PATH=/ansible/roles
ansible-playbook -i {{ lookup('env','MOLECULE_EPHEMERAL_DIRECTORY') }}/inventory/hosts.ini /ansible/molecule/universal/site.yml
ansible-playbook -i {{ lookup('env','MOLECULE_EPHEMERAL_DIRECTORY') }}/inventory/hosts.ini /ansible/molecule/default/site.yml
"
- name: Re-encrypt vault targets (always)

4
molecule/universal/create.yml → molecule/default/create.yml
View File

@@ -2,7 +2,7 @@
- hosts: localhost
gather_facts: false
vars_files:
- hosts.yml
- ../presets/default.yml
tasks:
- name: Ensure network exists
@@ -69,7 +69,7 @@
loop_control: { label: "{{ item.name }}" }
# Build groups map
- name: Build groups map {group: [hosts]}
- name: Build groups map
set_fact:
groups_map: "{{ groups_map | default({}) }}"
- name: Append hosts to groups

2
molecule/universal/destroy.yml → molecule/default/destroy.yml
View File

@@ -2,7 +2,7 @@
- hosts: localhost
gather_facts: false
vars_files:
- hosts.yml
- ../presets/default.yml
tasks:
- name: Remove containers

8
molecule/universal/molecule.yml → molecule/default/molecule.yml
View File

@@ -4,7 +4,7 @@
# Сайт: https://devops.org.ru
driver:
name: delegated
name: docker
provisioner:
name: ansible
@@ -16,6 +16,10 @@ provisioner:
inventory:
links:
hosts: "${MOLECULE_EPHEMERAL_DIRECTORY}/inventory/hosts.ini"
playbooks:
create: create.yml
converge: converge.yml
destroy: destroy.yml
dependency:
name: galaxy
@@ -25,4 +29,4 @@ verifier:
lint: |-
set -e
ansible-lint
ansible-lint /workspace/roles/

29
molecule/default/site.yml Normal file
View File

@@ -0,0 +1,29 @@
---
# Универсальный плейбук для тестирования
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
- name: Base deps
hosts: all
become: true
tasks:
- name: Update apt cache (Debian)
apt:
update_cache: true
when: ansible_os_family == 'Debian'
changed_when: false
- name: Common tools
raw: dnf install -y curl jq ca-certificates iproute2 iputils procps-ng net-tools sudo vim || yum install -y curl jq ca-certificates iproute2 iputils procps-ng net-tools sudo vim || apt-get update && apt-get install -y curl jq ca-certificates iproute2 iputils-ping procps net-tools sudo vim || true
ignore_errors: true
- name: Update ansible-lint
raw: pip install --upgrade ansible-lint --quiet --no-warn-script-location || true
ignore_errors: true
- name: Install ansible collections
raw: ansible-galaxy collection install -r requirements.yml --force --no-deps --upgrade || true
ignore_errors: true
- import_playbook: ../../roles/deploy.yml

99
molecule/presets/README.md
View File

@@ -1,99 +0,0 @@
# Пресеты для Molecule
## Описание
Пресеты - это готовые конфигурации для быстрого развертывания тестовых окружений. Каждый пресет содержит определенный набор хостов и настроек.
## Доступные пресеты
### `minimal.yml`
- **Описание**: Минимальный набор для быстрого тестирования
- **Хосты**: 1 хост (Debian)
- **Использование**: Для простых тестов и отладки
### `standard.yml`
- **Описание**: Стандартный набор для тестирования
- **Хосты**: 3 хоста (Debian + RHEL)
- **Использование**: Для большинства тестов
### `docker.yml`
- **Описание**: Пресет с Docker контейнерами
- **Хосты**: 2 systemd + 1 DinD + 1 DOoD
- **Использование**: Для тестирования Docker-приложений
### `cluster.yml`
- **Описание**: Пресет для кластерного тестирования
- **Хосты**: 8 хостов (web, app, database, loadbalancer, monitoring)
- **Использование**: Для тестирования сложных архитектур
## Использование
### Через Makefile
```bash
# Показать все пресеты
make preset list
# Переключиться на пресет
make preset use minimal
make preset use standard
make preset use docker
make preset use cluster
```
### Через скрипт
```bash
# Показать все пресеты
./scripts/use-preset.sh
# Переключиться на пресет
./scripts/use-preset.sh minimal
```
### Ручное переключение
```bash
# Скопировать пресет в hosts.yml
cp molecule/presets/minimal.yml molecule/universal/hosts.yml
```
## Создание собственного пресета
1. Скопируйте существующий пресет:
```bash
cp molecule/presets/standard.yml molecule/presets/my-preset.yml
```
2. Отредактируйте файл под свои нужды
3. Используйте новый пресет:
```bash
make preset use my-preset
```
## Структура пресета
```yaml
---
docker_network: labnet
generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
images:
debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
rhel: "quay.io/centos/centos:stream9-systemd"
systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]
hosts:
- name: host1
family: debian
groups: [test]
- name: docker1
type: dind
groups: [docker]
publish: ["8080:8080"]
```

57
molecule/presets/cluster.yml
View File

@@ -1,57 +0,0 @@
---
# Пресет для кластерного тестирования
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
docker_network: labnet
generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
# systemd-ready образы
images:
debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
rhel: "quay.io/centos/centos:stream9-systemd"
systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]
hosts:
# Web серверы
- name: web1
family: debian
groups: [web]
- name: web2
family: rhel
groups: [web]
# App серверы
- name: app1
family: debian
groups: [app]
- name: app2
family: rhel
groups: [app]
# Database серверы
- name: db1
family: debian
groups: [database]
- name: db2
family: rhel
groups: [database]
# Load Balancer
- name: lb1
family: rhel
groups: [loadbalancer]
publish: ["80:80", "443:443"]
# Мониторинг
- name: monitor1
family: debian
groups: [monitoring]
publish: ["3000:3000", "9090:9090"]

25
molecule/universal/hosts.yml → molecule/presets/default.yml
View File

@@ -1,5 +1,5 @@
---
# Пресет с Docker контейнерами
# Минимальный пресет для быстрого тестирования
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
@@ -9,7 +9,6 @@ generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
# systemd-ready образы
images:
debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
rhel: "quay.io/centos/centos:stream9-systemd"
systemd_defaults:
privileged: true
@@ -20,25 +19,7 @@ systemd_defaults:
capabilities: ["SYS_ADMIN"]
hosts:
# Тестовые хосты
- name: test1
# Минимальный набор - один хост
- name: u1
family: debian
groups: [test]
- name: test2
family: rhel
groups: [test]
# DinD узел (Docker-in-Docker)
- name: docker1
type: dind
groups: [docker]
publish: ["8080:8080"]
# DOoD узел (Docker-out-of-Docker)
- name: dood1
type: dood
family: debian
groups: [dood]
publish: ["8081:8081"]
env:
DOCKER_HOST: unix:///var/run/docker.sock

95
molecule/universal/site.yml
View File

@@ -1,95 +0,0 @@
---
# Универсальный плейбук для тестирования
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
- name: Base deps
hosts: all
become: true
tasks:
- name: Update apt cache (Debian)
apt:
update_cache: true
when: ansible_os_family == 'Debian'
changed_when: false
- name: Common tools
package:
name:
- curl
- jq
- ca-certificates
- iproute2
- iputils-ping
- procps
- net-tools
- sudo
- vim
state: present
# ===== ТЕСТОВЫЕ РОЛИ =====
- name: Deploy example role to test hosts
hosts: test
become: true
roles:
- example
vars:
example_package_name: "nginx"
example_directory: "/opt/example"
example_setting: "test"
example_port: 8080
- name: Deploy example role to docker hosts (DinD)
hosts: docker
become: true
roles:
- example
vars:
example_package_name: "docker"
example_directory: "/opt/docker-example"
example_setting: "dind"
example_port: 8080
- name: Deploy example role to dood hosts (DOoD)
hosts: dood
become: true
roles:
- example
vars:
example_package_name: "docker"
example_directory: "/opt/dood-example"
example_setting: "dood"
example_port: 8081
# ===== Пример: поднять compose внутри DinD-хостов =====
- name: Deploy stack inside DinD nodes
hosts: docker
gather_facts: false
vars:
docker_host: "tcp://{{ inventory_hostname }}:2375"
stack_dir: /root/stack
tasks:
- name: Create stack directory
file:
path: "{{ stack_dir }}"
state: directory
- name: Create simple docker-compose.yml
copy:
dest: "{{ stack_dir }}/docker-compose.yml"
content: |
version: '3.8'
services:
nginx:
image: nginx:alpine
ports:
- "8080:80"
environment:
- NGINX_HOST=localhost
- NGINX_PORT=80
- name: Deploy stack with docker-compose
community.docker.docker_compose_v2:
project_src: "{{ stack_dir }}"
state: present
docker_host: "{{ docker_host }}"

263
molecule/universal/verify.yml
View File

@@ -1,263 +0,0 @@
---
# Универсальные проверки для тестового стенда
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
- name: Verify web servers
hosts: web
become: true
tasks:
- name: Check nginx service status
systemd:
name: nginx
register: nginx_status
- name: Verify nginx is running
assert:
that:
- nginx_status.status.ActiveState == "active"
- nginx_status.status.SubState == "running"
fail_msg: "nginx service is not running"
success_msg: "nginx service is running"
- name: Test nginx response
uri:
url: "http://{{ inventory_hostname }}"
method: GET
register: nginx_response
- name: Verify nginx response
assert:
that:
- nginx_response.status == 200
fail_msg: "nginx is not responding"
success_msg: "nginx is responding correctly"
- name: Verify app servers
hosts: app
become: true
tasks:
- name: Check Python installation
command: python3 --version
register: python_version
changed_when: false
- name: Verify Python is installed
assert:
that:
- python_version.rc == 0
fail_msg: "Python3 is not installed"
success_msg: "Python3 is installed: {{ python_version.stdout }}"
- name: Check app file exists
stat:
path: /opt/myapp/app.py
register: app_file
- name: Verify app file exists
assert:
that:
- app_file.stat.exists
fail_msg: "App file does not exist"
success_msg: "App file exists and is executable"
- name: Verify database servers
hosts: database
become: true
tasks:
- name: Check SQLite installation
command: sqlite3 --version
register: sqlite_version
changed_when: false
- name: Verify SQLite is installed
assert:
that:
- sqlite_version.rc == 0
fail_msg: "SQLite is not installed"
success_msg: "SQLite is installed: {{ sqlite_version.stdout }}"
- name: Check database file exists
stat:
path: /var/lib/mydb/sample.db
register: db_file
- name: Verify database file exists
assert:
that:
- db_file.stat.exists
fail_msg: "Database file does not exist"
success_msg: "Database file exists"
- name: Test database query
command: sqlite3 /var/lib/mydb/sample.db "SELECT COUNT(*) FROM users;"
register: db_query
changed_when: false
- name: Verify database query
assert:
that:
- db_query.rc == 0
- db_query.stdout | int > 0
fail_msg: "Database query failed"
success_msg: "Database query successful: {{ db_query.stdout }} users found"
- name: Verify cache servers
hosts: cache
become: true
tasks:
- name: Check Redis service status
systemd:
name: redis
register: redis_status
- name: Verify Redis is running
assert:
that:
- redis_status.status.ActiveState == "active"
- redis_status.status.SubState == "running"
fail_msg: "Redis service is not running"
success_msg: "Redis service is running"
- name: Test Redis connection
command: redis-cli ping
register: redis_ping
changed_when: false
- name: Verify Redis connection
assert:
that:
- redis_ping.rc == 0
- redis_ping.stdout == "PONG"
fail_msg: "Redis is not responding"
success_msg: "Redis is responding correctly"
- name: Verify load balancer
hosts: loadbalancer
become: true
tasks:
- name: Check HAProxy service status
systemd:
name: haproxy
register: haproxy_status
- name: Verify HAProxy is running
assert:
that:
- haproxy_status.status.ActiveState == "active"
- haproxy_status.status.SubState == "running"
fail_msg: "HAProxy service is not running"
success_msg: "HAProxy service is running"
- name: Check HAProxy configuration
stat:
path: /etc/haproxy/haproxy.cfg
register: haproxy_config
- name: Verify HAProxy configuration exists
assert:
that:
- haproxy_config.stat.exists
fail_msg: "HAProxy configuration does not exist"
success_msg: "HAProxy configuration exists"
- name: Verify monitoring
hosts: monitoring
become: true
tasks:
- name: Check monitoring tools
command: which htop
register: htop_check
changed_when: false
- name: Verify monitoring tools are installed
assert:
that:
- htop_check.rc == 0
fail_msg: "Monitoring tools are not installed"
success_msg: "Monitoring tools are installed"
- name: Check monitoring script
stat:
path: /usr/local/bin/system-info.sh
register: monitor_script
- name: Verify monitoring script exists
assert:
that:
- monitor_script.stat.exists
fail_msg: "Monitoring script does not exist"
success_msg: "Monitoring script exists"
- name: Test monitoring script
command: /usr/local/bin/system-info.sh
register: monitor_output
changed_when: false
- name: Verify monitoring script works
assert:
that:
- monitor_output.rc == 0
- monitor_output.stdout | length > 0
fail_msg: "Monitoring script failed"
success_msg: "Monitoring script works correctly"
- name: Network connectivity tests
hosts: all
tasks:
- name: Test connectivity to web servers
wait_for:
host: "{{ item }}"
port: 80
timeout: 10
loop:
- web1
- web2
when: "'web' not in group_names"
ignore_errors: true
- name: Test connectivity to app servers
wait_for:
host: "{{ item }}"
port: 8080
timeout: 10
loop:
- app1
when: "'app' not in group_names"
ignore_errors: true
- name: Test connectivity to cache servers
wait_for:
host: "{{ item }}"
port: 6379
timeout: 10
loop:
- cache1
when: "'cache' not in group_names"
ignore_errors: true
- name: Test connectivity to load balancer
wait_for:
host: lb1
port: 80
timeout: 10
when: "'loadbalancer' not in group_names"
ignore_errors: true
- name: Final verification summary
hosts: localhost
gather_facts: false
tasks:
- name: Display verification summary
debug:
msg: |
========================================
Verification Summary
========================================
- Web servers: {{ 'OK' if web_servers_ok is defined else 'SKIPPED' }}
- App servers: {{ 'OK' if app_servers_ok is defined else 'SKIPPED' }}
- Database servers: {{ 'OK' if database_servers_ok is defined else 'SKIPPED' }}
- Cache servers: {{ 'OK' if cache_servers_ok is defined else 'SKIPPED' }}
- Load balancer: {{ 'OK' if loadbalancer_ok is defined else 'SKIPPED' }}
- Monitoring: {{ 'OK' if monitoring_ok is defined else 'SKIPPED' }}
========================================