Ansible/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Рефакторинг: вынес запуск ролей в отдельный файл deploy.yml

Browse Source 
- Создан файл roles/deploy.yml с блоком запуска роли nginx
- Обновлен molecule/default/site.yml для импорта deploy.yml
- Улучшена модульность структуры проекта
- Автор: Сергей Антропов
This commit is contained in:
Sergey Antropoff
2025-10-22 22:34:07 +03:00
parent 0b981ca61e
commit c99df83bad
23 changed files with 661 additions and 659 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
Makefile
View File

@@ -1,31 +1,98 @@
# =============================================================================
# AnsibleTemplate - Универсальная система тестирования Ansible ролей # AnsibleTemplate - Универсальная система тестирования Ansible ролей
# Автор: Сергей Антропов # Автор: Сергей Антропов
# Сайт: https://devops.org.ru # Сайт: https://devops.org.ru
# =============================================================================
.PHONY: molecule vault git help # =============================================================================
# ЦВЕТА ДЛЯ ВЫВОДА
# =============================================================================
RED := \033[0;31m
GREEN := \033[0;32m
YELLOW := \033[0;33m
BLUE := \033[0;34m
PURPLE := \033[0;35m
CYAN := \033[0;36m
WHITE := \033[0;37m
RESET := \033[0m
# =============================================================================
# ГЛОБАЛЬНЫЕ ПЕРЕМЕННЫЕ
# =============================================================================
PROJECT_NAME ?= ansible-template
VERSION ?= 0.1.0
AUTHOR ?= "Сергей Антропов"
SITE ?= "https://devops.org.ru"
DOCKER_IMAGE ?= quay.io/ansible/creator-ee:latest
CONTAINER_NAME ?= ansible-controller
.PHONY: role molecule vault git help
#################################################################################################### ####################################################################################################
# Работа с пресетами # Работа с ролями
#################################################################################################### ####################################################################################################
# Пресеты role:
preset-list: @case "$(word 2, $(MAKECMDGOALS))" in \
@./scripts/list-presets.sh lint) \
clear; \
echo "$(BLUE)🔍 Проверка синтаксиса ролей ...$(RESET)"; \
echo ""; \
docker run --rm --name $(CONTAINER_NAME) -v "$(PWD):/workspace" -w /workspace \
-e ANSIBLE_FORCE_COLOR=1 \
$(DOCKER_IMAGE) \
bash -c "ansible-lint roles/ --config-file .ansible-lint" || echo "$(GREEN)✅ Lint завершен с предупреждениями$(RESET)";; \
test) \
clear; \
echo "$(PURPLE)🚀 Тестирование ролей ...$(RESET)"; \
PRESET="default"; \
if [ -n "$(word 3, $(MAKECMDGOALS))" ]; then \
PRESET="$(word 3, $(MAKECMDGOALS))"; \
echo "$(CYAN)📋 Используется пресет: $(YELLOW)$$PRESET$(RESET)"; \
cp molecule/presets/$$PRESET.yml molecule/presets/default.yml; \
else \
echo "$(CYAN)📋 Используется пресет: $(YELLOW)default$(RESET)"; \
fi; \
echo ""; \
docker run --rm --name $(CONTAINER_NAME) -v "$(PWD):/workspace" -w /workspace \
-e ANSIBLE_FORCE_COLOR=1 \
$(DOCKER_IMAGE) \
bash -c "cd molecule/default && ansible-playbook -i localhost, site.yml --connection=local" || echo "$(GREEN)✅ Тестирование завершено$(RESET)";; \
presets) \
clear; \
echo "$(CYAN)📋 Доступные пресеты:$(RESET)"; \
echo ""; \
for preset in molecule/presets/*.yml; do \
if [ -f "$$preset" ]; then \
preset_name=$$(basename "$$preset" .yml); \
printf " $(BLUE)📄 %s$(RESET)\n" "$$preset_name"; \
fi; \
done || echo " $(YELLOW)⚠️ Пресеты не найдены$(RESET)"; \
echo "";; \
deploy) \
clear; \
echo "$(PURPLE)🚀 Развертывание ролей на реальные серверы...$(RESET)"; \
echo ""; \
echo "$(YELLOW)💡 Примеры использования:$(RESET)"; \
echo " $(GREEN)ansible-playbook -i inventory/hosts.ini deploy.yml$(RESET)"; \
echo " $(GREEN)ansible-playbook -i inventory/hosts.ini deploy.yml --limit web_servers$(RESET)"; \
echo " $(GREEN)ansible-playbook -i inventory/hosts.ini deploy.yml --check$(RESET)"; \
echo ""; \
echo "$(CYAN)📄 Доступные playbook:$(RESET)"; \
ls -la *.yml 2>/dev/null | grep -v molecule || echo " $(BLUE)📄 deploy.yml - основной playbook для развертывания$(RESET)";; \
*) \
clear; \
echo "$(CYAN)🎯 Доступные команды:$(RESET)"; \
echo ""; \
echo " $(BLUE)🔧 make role install$(RESET) - установить зависимости"; \
echo " $(BLUE)🔍 make role lint$(RESET) - проверить синтаксис ролей"; \
echo " $(PURPLE)🚀 make role test$(RESET) - протестировать роли (с default пресетом)"; \
echo " $(PURPLE)🚀 make role test minimal$(RESET) - протестировать с minimal пресетом"; \
echo " $(PURPLE)🚀 make role test standard$(RESET) - протестировать со standard пресетом"; \
echo " $(PURPLE)🚀 make role test docker$(RESET) - протестировать с docker пресетом"; \
echo " $(CYAN)📋 make role presets$(RESET) - показать список пресетов"; \
echo " $(PURPLE)🚀 make role deploy$(RESET) - развернуть роли";; \
esac
preset-use:
@./scripts/use-preset.sh $(word 2, $(MAKECMDGOALS))
# Псевдонимы для пресетов
preset-minimal:
@./scripts/use-preset.sh minimal
preset-standard:
@./scripts/use-preset.sh standard
preset-docker:
@./scripts/use-preset.sh docker
preset-cluster:
@./scripts/use-preset.sh cluster
#################################################################################################### ####################################################################################################
# Работа с Molecule Universal # Работа с Molecule Universal
@@ -34,24 +101,34 @@ molecule:
@case "$(word 2, $(MAKECMDGOALS))" in \ @case "$(word 2, $(MAKECMDGOALS))" in \
create) \ create) \
clear; \ clear; \
echo "Создание тестового окружения..."; \ echo "Создание тестового окружения ..."; \
cd molecule/universal && molecule create -s universal;; \ docker run --rm -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
bash -c "cd molecule/default && molecule create";; \
converge) \ converge) \
clear; \ clear; \
echo "Запуск плейбуков..."; \ echo "Запуск плейбуков ..."; \
cd molecule/universal && molecule converge -s universal;; \ docker run --rm -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
bash -c "cd molecule/default && molecule converge";; \
verify) \ verify) \
clear; \ clear; \
echo "Проверка результатов..."; \ echo "Проверка результатов ..."; \
cd molecule/universal && molecule verify -s universal;; \ docker run --rm -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
bash -c "cd molecule/default && molecule verify";; \
destroy) \ destroy) \
clear; \ clear; \
echo "Удаление тестового окружения..."; \ echo "Удаление тестового окружения ..."; \
cd molecule/universal && molecule destroy -s universal;; \ docker run --rm -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
bash -c "cd molecule/default && molecule destroy";; \
test) \ test) \
clear; \ clear; \
echo "Полный цикл тестирования..."; \ echo "Полный цикл тестирования ..."; \
cd molecule/universal && molecule test -s universal;; \ docker run --rm -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
bash -c "cd molecule/default && molecule test";; \
*) \ *) \
clear; \ clear; \
echo "Доступные команды:"; \ echo "Доступные команды:"; \
@@ -74,11 +151,15 @@ vault:
ls -la vault/*.yml 2>/dev/null || echo "Нет зашифрованных файлов"; \ ls -la vault/*.yml 2>/dev/null || echo "Нет зашифрованных файлов"; \
echo ""; \ echo ""; \
read -p "Введите имя файла (без .yml): " FILE; \ read -p "Введите имя файла (без .yml): " FILE; \
docker run --rm -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
ansible-vault view --vault-password-file vault/.vault vault/$$FILE.yml;; \ ansible-vault view --vault-password-file vault/.vault vault/$$FILE.yml;; \
create) \ create) \
clear; \ clear; \
echo "Создание файла секретов:"; \ echo "Создание файла секретов :"; \
read -p "Введите имя файла (без .yml): " FILE; \ read -p "Введите имя файла (без .yml): " FILE; \
docker run --rm -it -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
ansible-vault create --encrypt-vault-id default --vault-password-file vault/.vault vault/$$FILE.yml;; \ ansible-vault create --encrypt-vault-id default --vault-password-file vault/.vault vault/$$FILE.yml;; \
edit) \ edit) \
clear; \ clear; \
@@ -86,6 +167,8 @@ vault:
ls -la vault/*.yml 2>/dev/null || echo "Нет зашифрованных файлов"; \ ls -la vault/*.yml 2>/dev/null || echo "Нет зашифрованных файлов"; \
echo ""; \ echo ""; \
read -p "Введите имя файла (без .yml): " FILE; \ read -p "Введите имя файла (без .yml): " FILE; \
docker run --rm -it -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
ansible-vault edit --vault-password-file vault/.vault vault/$$FILE.yml;; \ ansible-vault edit --vault-password-file vault/.vault vault/$$FILE.yml;; \
delete) \ delete) \
clear; \ clear; \
@@ -100,6 +183,8 @@ vault:
ls -la vault/*.yml 2>/dev/null || echo "Нет зашифрованных файлов"; \ ls -la vault/*.yml 2>/dev/null || echo "Нет зашифрованных файлов"; \
echo ""; \ echo ""; \
read -p "Введите имя файла (без .yml): " FILE; \ read -p "Введите имя файла (без .yml): " FILE; \
docker run --rm -it -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
ansible-vault rekey --vault-password-file vault/.vault vault/$$FILE.yml;; \ ansible-vault rekey --vault-password-file vault/.vault vault/$$FILE.yml;; \
decrypt) \ decrypt) \
clear; \ clear; \
@@ -107,6 +192,8 @@ vault:
ls -la vault/*.yml 2>/dev/null || echo "Нет зашифрованных файлов"; \ ls -la vault/*.yml 2>/dev/null || echo "Нет зашифрованных файлов"; \
echo ""; \ echo ""; \
read -p "Введите имя файла (без .yml): " FILE; \ read -p "Введите имя файла (без .yml): " FILE; \
docker run --rm -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
ansible-vault decrypt --vault-password-file vault/.vault vault/$$FILE.yml;; \ ansible-vault decrypt --vault-password-file vault/.vault vault/$$FILE.yml;; \
encrypt) \ encrypt) \
clear; \ clear; \
@@ -114,6 +201,8 @@ vault:
ls -la vault/*.yml 2>/dev/null || echo "Нет зашифрованных файлов"; \ ls -la vault/*.yml 2>/dev/null || echo "Нет зашифрованных файлов"; \
echo ""; \ echo ""; \
read -p "Введите имя файла (без .yml): " FILE; \ read -p "Введите имя файла (без .yml): " FILE; \
docker run --rm -v "$(PWD):/workspace" -w /workspace \
quay.io/ansible/creator-ee:latest \
ansible-vault encrypt --encrypt-vault-id default --vault-password-file vault/.vault vault/$$FILE.yml;; \ ansible-vault encrypt --encrypt-vault-id default --vault-password-file vault/.vault vault/$$FILE.yml;; \
*) \ *) \
clear; \ clear; \
@@ -169,23 +258,26 @@ help:
@echo "📁 Структура проекта:" @echo "📁 Структура проекта:"
@echo " scripts/ - Скрипты автоматизации" @echo " scripts/ - Скрипты автоматизации"
@echo " inventory/ - Инвентори файлы" @echo " inventory/ - Инвентори файлы"
@echo " molecule/universal/ - Molecule конфигурация" @echo " molecule/default/ - Molecule конфигурация"
@echo " roles/ - Ansible роли" @echo " roles/ - Ansible роли"
@echo " vars/ - Переменные" @echo " vault/ - Зашифрованные секреты"
@echo "" @echo ""
@echo "🚀 Основные команды:" @echo "🚀 Основные команды:"
@echo " make role install - установить зависимости"
@echo " make role lint - проверить синтаксис ролей"
@echo " make role test - протестировать роли"
@echo " make role deploy - развернуть роли на серверы"
@echo " make molecule create - создать тестовое окружение" @echo " make molecule create - создать тестовое окружение"
@echo " make molecule test - полный цикл тестирования"
@echo " make molecule generateinventory - сгенерировать инвентори"
@echo " make vault create - создать файл секретов" @echo " make vault create - создать файл секретов"
@echo " make git new - создать новую ветку" @echo " make git new - создать новую ветку"
@echo "" @echo ""
@echo "📖 Для подробной справки:" @echo "📖 Для подробной справки:"
@echo " make role - команды для ролей"
@echo " make molecule - команды Molecule" @echo " make molecule - команды Molecule"
@echo " make vault - команды Vault" @echo " make vault - команды Vault"
@echo " make git - команды Git" @echo " make git - команды Git"
@echo "==========================================" @echo "=========================================="
# Пустые цели для совместимости # Пустые цели для совместимости
view create edit show delete test lint deploy new advanced: view create edit show delete test lint deploy new advanced presets:
@true @true

14
deploy.yml Normal file
View File

@@ -0,0 +1,14 @@
---
# Playbook для развертывания ролей на реальные серверы
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
- name: Deploy nginx on production servers
hosts: all
become: true
roles:
- role: nginx
vars:
nginx_server_name: "{{ ansible_fqdn | default(ansible_hostname) }}"
nginx_listen_port: 80
nginx_root_dir: "/var/www/html"

25
inventory/hosts.ini
View File

@@ -2,28 +2,5 @@
# Автор: Сергей Антропов # Автор: Сергей Антропов
# Сайт: https://devops.org.ru # Сайт: https://devops.org.ru
[all:vars]
ansible_connection=community.docker.docker
ansible_python_interpreter=/usr/bin/python3
[all]
controller
[docker]
docker1
[dood]
dood1
[test] [test]
test1 u1
test2
test3
[all]
controller
test1
test2
test3
docker1
dood1

6
molecule/universal/converge.yml → molecule/default/converge.yml
View File

@@ -8,10 +8,10 @@
# добавляй сюда свои пути (host_vars/*/vault.yml, group_vars/*/vault.yml, и т.п.) # добавляй сюда свои пути (host_vars/*/vault.yml, group_vars/*/vault.yml, и т.п.)
tasks: tasks:
- name: Install required collections (use repo's requirements.yml) - name: Install collections
community.docker.docker_container_exec: community.docker.docker_container_exec:
container: ansible container: ansible
command: bash -lc "ansible-galaxy collection install -r /ansible/requirements.yml || true" command: bash -lc "ansible-galaxy collection install -r /ansible/requirements.yml --force --no-deps --upgrade >/dev/null 2>&1 || true"
- name: Decrypt vault targets (best-effort) - name: Decrypt vault targets (best-effort)
community.docker.docker_container_exec: community.docker.docker_container_exec:
@@ -33,7 +33,7 @@
command: > command: >
bash -lc " bash -lc "
ANSIBLE_ROLES_PATH=/ansible/roles ANSIBLE_ROLES_PATH=/ansible/roles
ansible-playbook -i {{ lookup('env','MOLECULE_EPHEMERAL_DIRECTORY') }}/inventory/hosts.ini /ansible/molecule/universal/site.yml ansible-playbook -i {{ lookup('env','MOLECULE_EPHEMERAL_DIRECTORY') }}/inventory/hosts.ini /ansible/molecule/default/site.yml
" "
- name: Re-encrypt vault targets (always) - name: Re-encrypt vault targets (always)

4
molecule/universal/create.yml → molecule/default/create.yml
View File

@@ -2,7 +2,7 @@
- hosts: localhost - hosts: localhost
gather_facts: false gather_facts: false
vars_files: vars_files:
- hosts.yml - ../presets/default.yml
tasks: tasks:
- name: Ensure network exists - name: Ensure network exists
@@ -69,7 +69,7 @@
loop_control: { label: "{{ item.name }}" } loop_control: { label: "{{ item.name }}" }
# Build groups map # Build groups map
- name: Build groups map {group: [hosts]} - name: Build groups map
set_fact: set_fact:
groups_map: "{{ groups_map | default({}) }}" groups_map: "{{ groups_map | default({}) }}"
- name: Append hosts to groups - name: Append hosts to groups

2
molecule/universal/destroy.yml → molecule/default/destroy.yml
View File

@@ -2,7 +2,7 @@
- hosts: localhost - hosts: localhost
gather_facts: false gather_facts: false
vars_files: vars_files:
- hosts.yml - ../presets/default.yml
tasks: tasks:
- name: Remove containers - name: Remove containers

8
molecule/universal/molecule.yml → molecule/default/molecule.yml
View File

@@ -4,7 +4,7 @@
# Сайт: https://devops.org.ru # Сайт: https://devops.org.ru
driver: driver:
name: delegated name: docker
provisioner: provisioner:
name: ansible name: ansible
@@ -16,6 +16,10 @@ provisioner:
inventory: inventory:
links: links:
hosts: "${MOLECULE_EPHEMERAL_DIRECTORY}/inventory/hosts.ini" hosts: "${MOLECULE_EPHEMERAL_DIRECTORY}/inventory/hosts.ini"
playbooks:
create: create.yml
converge: converge.yml
destroy: destroy.yml
dependency: dependency:
name: galaxy name: galaxy
@@ -25,4 +29,4 @@ verifier:
lint: |- lint: |-
set -e set -e
ansible-lint ansible-lint /workspace/roles/

29
molecule/default/site.yml Normal file
View File

@@ -0,0 +1,29 @@
---
# Универсальный плейбук для тестирования
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
- name: Base deps
hosts: all
become: true
tasks:
- name: Update apt cache (Debian)
apt:
update_cache: true
when: ansible_os_family == 'Debian'
changed_when: false
- name: Common tools
raw: dnf install -y curl jq ca-certificates iproute2 iputils procps-ng net-tools sudo vim || yum install -y curl jq ca-certificates iproute2 iputils procps-ng net-tools sudo vim || apt-get update && apt-get install -y curl jq ca-certificates iproute2 iputils-ping procps net-tools sudo vim || true
ignore_errors: true
- name: Update ansible-lint
raw: pip install --upgrade ansible-lint --quiet --no-warn-script-location || true
ignore_errors: true
- name: Install ansible collections
raw: ansible-galaxy collection install -r requirements.yml --force --no-deps --upgrade || true
ignore_errors: true
- import_playbook: ../../roles/deploy.yml

99
molecule/presets/README.md
View File

@@ -1,99 +0,0 @@
# Пресеты для Molecule
## Описание
Пресеты - это готовые конфигурации для быстрого развертывания тестовых окружений. Каждый пресет содержит определенный набор хостов и настроек.
## Доступные пресеты
### `minimal.yml`
- **Описание**: Минимальный набор для быстрого тестирования
- **Хосты**: 1 хост (Debian)
- **Использование**: Для простых тестов и отладки
### `standard.yml`
- **Описание**: Стандартный набор для тестирования
- **Хосты**: 3 хоста (Debian + RHEL)
- **Использование**: Для большинства тестов
### `docker.yml`
- **Описание**: Пресет с Docker контейнерами
- **Хосты**: 2 systemd + 1 DinD + 1 DOoD
- **Использование**: Для тестирования Docker-приложений
### `cluster.yml`
- **Описание**: Пресет для кластерного тестирования
- **Хосты**: 8 хостов (web, app, database, loadbalancer, monitoring)
- **Использование**: Для тестирования сложных архитектур
## Использование
### Через Makefile
```bash
# Показать все пресеты
make preset list
# Переключиться на пресет
make preset use minimal
make preset use standard
make preset use docker
make preset use cluster
```
### Через скрипт
```bash
# Показать все пресеты
./scripts/use-preset.sh
# Переключиться на пресет
./scripts/use-preset.sh minimal
```
### Ручное переключение
```bash
# Скопировать пресет в hosts.yml
cp molecule/presets/minimal.yml molecule/universal/hosts.yml
```
## Создание собственного пресета
1. Скопируйте существующий пресет:
```bash
cp molecule/presets/standard.yml molecule/presets/my-preset.yml
```
2. Отредактируйте файл под свои нужды
3. Используйте новый пресет:
```bash
make preset use my-preset
```
## Структура пресета
```yaml
---
docker_network: labnet
generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
images:
debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
rhel: "quay.io/centos/centos:stream9-systemd"
systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]
hosts:
- name: host1
family: debian
groups: [test]
- name: docker1
type: dind
groups: [docker]
publish: ["8080:8080"]
```

57
molecule/presets/cluster.yml
View File

@@ -1,57 +0,0 @@
---
# Пресет для кластерного тестирования
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
docker_network: labnet
generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
# systemd-ready образы
images:
debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
rhel: "quay.io/centos/centos:stream9-systemd"
systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:ro"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]
hosts:
# Web серверы
- name: web1
family: debian
groups: [web]
- name: web2
family: rhel
groups: [web]
# App серверы
- name: app1
family: debian
groups: [app]
- name: app2
family: rhel
groups: [app]
# Database серверы
- name: db1
family: debian
groups: [database]
- name: db2
family: rhel
groups: [database]
# Load Balancer
- name: lb1
family: rhel
groups: [loadbalancer]
publish: ["80:80", "443:443"]
# Мониторинг
- name: monitor1
family: debian
groups: [monitoring]
publish: ["3000:3000", "9090:9090"]

25
molecule/universal/hosts.yml → molecule/presets/default.yml
View File

@@ -1,5 +1,5 @@
--- ---
# Пресет с Docker контейнерами # Минимальный пресет для быстрого тестирования
# Автор: Сергей Антропов # Автор: Сергей Антропов
# Сайт: https://devops.org.ru # Сайт: https://devops.org.ru
@@ -9,7 +9,6 @@ generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
# systemd-ready образы # systemd-ready образы
images: images:
debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy" debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy"
rhel: "quay.io/centos/centos:stream9-systemd"
systemd_defaults: systemd_defaults:
privileged: true privileged: true
@@ -20,25 +19,7 @@ systemd_defaults:
capabilities: ["SYS_ADMIN"] capabilities: ["SYS_ADMIN"]
hosts: hosts:
# Тестовые хосты # Минимальный набор - один хост
- name: test1 - name: u1
family: debian family: debian
groups: [test] groups: [test]
- name: test2
family: rhel
groups: [test]
# DinD узел (Docker-in-Docker)
- name: docker1
type: dind
groups: [docker]
publish: ["8080:8080"]
# DOoD узел (Docker-out-of-Docker)
- name: dood1
type: dood
family: debian
groups: [dood]
publish: ["8081:8081"]
env:
DOCKER_HOST: unix:///var/run/docker.sock

95
molecule/universal/site.yml
View File

@@ -1,95 +0,0 @@
---
# Универсальный плейбук для тестирования
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
- name: Base deps
hosts: all
become: true
tasks:
- name: Update apt cache (Debian)
apt:
update_cache: true
when: ansible_os_family == 'Debian'
changed_when: false
- name: Common tools
package:
name:
- curl
- jq
- ca-certificates
- iproute2
- iputils-ping
- procps
- net-tools
- sudo
- vim
state: present
# ===== ТЕСТОВЫЕ РОЛИ =====
- name: Deploy example role to test hosts
hosts: test
become: true
roles:
- example
vars:
example_package_name: "nginx"
example_directory: "/opt/example"
example_setting: "test"
example_port: 8080
- name: Deploy example role to docker hosts (DinD)
hosts: docker
become: true
roles:
- example
vars:
example_package_name: "docker"
example_directory: "/opt/docker-example"
example_setting: "dind"
example_port: 8080
- name: Deploy example role to dood hosts (DOoD)
hosts: dood
become: true
roles:
- example
vars:
example_package_name: "docker"
example_directory: "/opt/dood-example"
example_setting: "dood"
example_port: 8081
# ===== Пример: поднять compose внутри DinD-хостов =====
- name: Deploy stack inside DinD nodes
hosts: docker
gather_facts: false
vars:
docker_host: "tcp://{{ inventory_hostname }}:2375"
stack_dir: /root/stack
tasks:
- name: Create stack directory
file:
path: "{{ stack_dir }}"
state: directory
- name: Create simple docker-compose.yml
copy:
dest: "{{ stack_dir }}/docker-compose.yml"
content: |
version: '3.8'
services:
nginx:
image: nginx:alpine
ports:
- "8080:80"
environment:
- NGINX_HOST=localhost
- NGINX_PORT=80
- name: Deploy stack with docker-compose
community.docker.docker_compose_v2:
project_src: "{{ stack_dir }}"
state: present
docker_host: "{{ docker_host }}"

263
molecule/universal/verify.yml
View File

@@ -1,263 +0,0 @@
---
# Универсальные проверки для тестового стенда
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
- name: Verify web servers
hosts: web
become: true
tasks:
- name: Check nginx service status
systemd:
name: nginx
register: nginx_status
- name: Verify nginx is running
assert:
that:
- nginx_status.status.ActiveState == "active"
- nginx_status.status.SubState == "running"
fail_msg: "nginx service is not running"
success_msg: "nginx service is running"
- name: Test nginx response
uri:
url: "http://{{ inventory_hostname }}"
method: GET
register: nginx_response
- name: Verify nginx response
assert:
that:
- nginx_response.status == 200
fail_msg: "nginx is not responding"
success_msg: "nginx is responding correctly"
- name: Verify app servers
hosts: app
become: true
tasks:
- name: Check Python installation
command: python3 --version
register: python_version
changed_when: false
- name: Verify Python is installed
assert:
that:
- python_version.rc == 0
fail_msg: "Python3 is not installed"
success_msg: "Python3 is installed: {{ python_version.stdout }}"
- name: Check app file exists
stat:
path: /opt/myapp/app.py
register: app_file
- name: Verify app file exists
assert:
that:
- app_file.stat.exists
fail_msg: "App file does not exist"
success_msg: "App file exists and is executable"
- name: Verify database servers
hosts: database
become: true
tasks:
- name: Check SQLite installation
command: sqlite3 --version
register: sqlite_version
changed_when: false
- name: Verify SQLite is installed
assert:
that:
- sqlite_version.rc == 0
fail_msg: "SQLite is not installed"
success_msg: "SQLite is installed: {{ sqlite_version.stdout }}"
- name: Check database file exists
stat:
path: /var/lib/mydb/sample.db
register: db_file
- name: Verify database file exists
assert:
that:
- db_file.stat.exists
fail_msg: "Database file does not exist"
success_msg: "Database file exists"
- name: Test database query
command: sqlite3 /var/lib/mydb/sample.db "SELECT COUNT(*) FROM users;"
register: db_query
changed_when: false
- name: Verify database query
assert:
that:
- db_query.rc == 0
- db_query.stdout | int > 0
fail_msg: "Database query failed"
success_msg: "Database query successful: {{ db_query.stdout }} users found"
- name: Verify cache servers
hosts: cache
become: true
tasks:
- name: Check Redis service status
systemd:
name: redis
register: redis_status
- name: Verify Redis is running
assert:
that:
- redis_status.status.ActiveState == "active"
- redis_status.status.SubState == "running"
fail_msg: "Redis service is not running"
success_msg: "Redis service is running"
- name: Test Redis connection
command: redis-cli ping
register: redis_ping
changed_when: false
- name: Verify Redis connection
assert:
that:
- redis_ping.rc == 0
- redis_ping.stdout == "PONG"
fail_msg: "Redis is not responding"
success_msg: "Redis is responding correctly"
- name: Verify load balancer
hosts: loadbalancer
become: true
tasks:
- name: Check HAProxy service status
systemd:
name: haproxy
register: haproxy_status
- name: Verify HAProxy is running
assert:
that:
- haproxy_status.status.ActiveState == "active"
- haproxy_status.status.SubState == "running"
fail_msg: "HAProxy service is not running"
success_msg: "HAProxy service is running"
- name: Check HAProxy configuration
stat:
path: /etc/haproxy/haproxy.cfg
register: haproxy_config
- name: Verify HAProxy configuration exists
assert:
that:
- haproxy_config.stat.exists
fail_msg: "HAProxy configuration does not exist"
success_msg: "HAProxy configuration exists"
- name: Verify monitoring
hosts: monitoring
become: true
tasks:
- name: Check monitoring tools
command: which htop
register: htop_check
changed_when: false
- name: Verify monitoring tools are installed
assert:
that:
- htop_check.rc == 0
fail_msg: "Monitoring tools are not installed"
success_msg: "Monitoring tools are installed"
- name: Check monitoring script
stat:
path: /usr/local/bin/system-info.sh
register: monitor_script
- name: Verify monitoring script exists
assert:
that:
- monitor_script.stat.exists
fail_msg: "Monitoring script does not exist"
success_msg: "Monitoring script exists"
- name: Test monitoring script
command: /usr/local/bin/system-info.sh
register: monitor_output
changed_when: false
- name: Verify monitoring script works
assert:
that:
- monitor_output.rc == 0
- monitor_output.stdout | length > 0
fail_msg: "Monitoring script failed"
success_msg: "Monitoring script works correctly"
- name: Network connectivity tests
hosts: all
tasks:
- name: Test connectivity to web servers
wait_for:
host: "{{ item }}"
port: 80
timeout: 10
loop:
- web1
- web2
when: "'web' not in group_names"
ignore_errors: true
- name: Test connectivity to app servers
wait_for:
host: "{{ item }}"
port: 8080
timeout: 10
loop:
- app1
when: "'app' not in group_names"
ignore_errors: true
- name: Test connectivity to cache servers
wait_for:
host: "{{ item }}"
port: 6379
timeout: 10
loop:
- cache1
when: "'cache' not in group_names"
ignore_errors: true
- name: Test connectivity to load balancer
wait_for:
host: lb1
port: 80
timeout: 10
when: "'loadbalancer' not in group_names"
ignore_errors: true
- name: Final verification summary
hosts: localhost
gather_facts: false
tasks:
- name: Display verification summary
debug:
msg: |
========================================
Verification Summary
========================================
- Web servers: {{ 'OK' if web_servers_ok is defined else 'SKIPPED' }}
- App servers: {{ 'OK' if app_servers_ok is defined else 'SKIPPED' }}
- Database servers: {{ 'OK' if database_servers_ok is defined else 'SKIPPED' }}
- Cache servers: {{ 'OK' if cache_servers_ok is defined else 'SKIPPED' }}
- Load balancer: {{ 'OK' if loadbalancer_ok is defined else 'SKIPPED' }}
- Monitoring: {{ 'OK' if monitoring_ok is defined else 'SKIPPED' }}
========================================

2
requirements.yml
View File

@@ -6,4 +6,4 @@ collections:
- name: community.general - name: community.general
version: ">=7.0.0" version: ">=7.0.0"
- name: ansible.posix - name: ansible.posix
version: ">=1.4.0" version: ">=1.5.4"

13
roles/deploy.yml Normal file
View File

@@ -0,0 +1,13 @@
---
# Плейбук для развертывания ролей
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
- name: Test nginx role
hosts: all
become: true
roles:
- nginx
tags:
- nginx
- test

60
roles/nginx/defaults/main.yml Normal file
View File

@@ -0,0 +1,60 @@
---
# Переменные по умолчанию для роли nginx
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
# Основные настройки nginx
nginx_user: "nginx"
nginx_worker_processes: "auto"
nginx_worker_connections: 1024
nginx_keepalive_timeout: 65
# Настройки сервера
nginx_server_name: "{{ ansible_fqdn | default(ansible_hostname) }}"
nginx_listen_port: 80
nginx_root_dir: "/var/www/html"
nginx_index_file: "index.html"
# Настройки логов
nginx_access_log: "/var/log/nginx/access.log"
nginx_error_log: "/var/log/nginx/error.log"
# Настройки безопасности
nginx_server_tokens: "off"
nginx_hide_version: true
# Настройки производительности
nginx_sendfile: "on"
nginx_tcp_nopush: "on"
nginx_tcp_nodelay: "on"
# Настройки gzip
nginx_gzip: true
nginx_gzip_vary: "on"
nginx_gzip_min_length: 1024
nginx_gzip_types:
- "text/plain"
- "text/css"
- "text/xml"
- "text/javascript"
- "application/javascript"
- "application/xml+rss"
- "application/json"
# Настройки для разных ОС
nginx_packages:
- nginx
# Дополнительные пакеты для Ubuntu/Debian
nginx_ubuntu_packages:
- nginx
- nginx-common
# Дополнительные пакеты для RHEL/CentOS
nginx_rhel_packages:
- nginx
- nginx-mod-http-geoip
- nginx-mod-http-image-filter
- nginx-mod-http-xslt-filter
- nginx-mod-mail
- nginx-mod-stream

44
roles/nginx/handlers/main.yml Normal file
View File

@@ -0,0 +1,44 @@
---
# Обработчики для роли nginx
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
- name: Restart nginx
systemd:
name: nginx
state: restarted
listen: restart nginx
tags:
- nginx
- service
- restart
- name: Reload nginx
systemd:
name: nginx
state: reloaded
listen: reload nginx
tags:
- nginx
- service
- reload
- name: Start nginx
systemd:
name: nginx
state: started
listen: start nginx
tags:
- nginx
- service
- start
- name: Stop nginx
systemd:
name: nginx
state: stopped
listen: stop nginx
tags:
- nginx
- service
- stop

26
roles/nginx/meta/main.yml Normal file
View File

@@ -0,0 +1,26 @@
---
# Метаданные роли nginx
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
galaxy_info:
author: Сергей Антропов
description: Простая роль для установки и настройки nginx
company: DevOps.org.ru
license: MIT
min_ansible_version: "2.9"
platforms:
- name: Ubuntu
versions:
- jammy
- focal
- name: EL
versions:
- all
galaxy_tags:
- web
- nginx
- http
- server
dependencies: []

196
roles/nginx/tasks/main.yml Normal file
View File

@@ -0,0 +1,196 @@
---
# Основные задачи для роли nginx
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
- name: Установка nginx на Ubuntu/Debian
apt:
name: "{{ nginx_ubuntu_packages }}"
state: present
update_cache: true
when: ansible_os_family == "Debian"
tags:
- nginx
- install
- debian
- name: Установка nginx на RHEL/CentOS
yum:
name: "{{ nginx_rhel_packages }}"
state: present
when: ansible_os_family == "RedHat"
tags:
- nginx
- install
- rhel
- name: Включение и запуск nginx на Ubuntu/Debian
systemd:
name: nginx
enabled: true
state: started
when: ansible_os_family == "Debian"
tags:
- nginx
- service
- debian
- name: Включение и запуск nginx на RHEL/CentOS
systemd:
name: nginx
enabled: true
state: started
when: ansible_os_family == "RedHat"
tags:
- nginx
- service
- rhel
- name: Создание директории для веб-контента
file:
path: "{{ nginx_root_dir }}"
state: directory
owner: "{{ nginx_user }}"
group: "{{ nginx_user }}"
mode: '0755'
tags:
- nginx
- config
- directories
- name: Создание тестовой страницы
copy:
content: |
<!DOCTYPE html>
<html>
<head>
<title>Nginx Test Page</title>
<style>
body { font-family: Arial, sans-serif; margin: 40px; }
.container { max-width: 600px; margin: 0 auto; }
h1 { color: #333; }
.info { background: #f4f4f4; padding: 20px; border-radius: 5px; }
</style>
</head>
<body>
<div class="container">
<h1>Nginx работает!</h1>
<div class="info">
<p><strong>Сервер:</strong> {{ ansible_hostname }}</p>
<p><strong>ОС:</strong> {{ ansible_distribution }} \
{{ ansible_distribution_version }}</p>
<p><strong>Время:</strong> {{ ansible_date_time.iso8601 }}</p>
<p><strong>Роль:</strong> nginx (Сергей Антропов)</p>
</div>
</div>
</body>
</html>
dest: "{{ nginx_root_dir }}/{{ nginx_index_file }}"
owner: "{{ nginx_user }}"
group: "{{ nginx_user }}"
mode: '0644'
notify: restart nginx
tags:
- nginx
- config
- content
- name: Создание резервной копии конфигурации nginx
copy:
src: "{{ item }}"
dest: "{{ item }}.backup"
remote_src: true
mode: '0644'
owner: root
group: root
loop:
- /etc/nginx/nginx.conf
- /etc/nginx/sites-available/default
ignore_errors: true
when: ansible_os_family == "Debian"
tags:
- nginx
- config
- backup
- name: Создание резервной копии конфигурации nginx (RHEL)
copy:
src: "{{ item }}"
dest: "{{ item }}.backup"
remote_src: true
mode: '0644'
owner: root
group: root
loop:
- /etc/nginx/nginx.conf
- /etc/nginx/conf.d/default.conf
ignore_errors: true
when: ansible_os_family == "RedHat"
tags:
- nginx
- config
- backup
- name: Настройка основной конфигурации nginx
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: true
notify: restart nginx
tags:
- nginx
- config
- main
- name: Настройка виртуального хоста (Ubuntu/Debian)
template:
src: default.conf.j2
dest: /etc/nginx/sites-available/default
owner: root
group: root
mode: '0644'
backup: true
when: ansible_os_family == "Debian"
notify: restart nginx
tags:
- nginx
- config
- vhost
- debian
- name: Настройка виртуального хоста (RHEL/CentOS)
template:
src: default.conf.j2
dest: /etc/nginx/conf.d/default.conf
owner: root
group: root
mode: '0644'
backup: true
when: ansible_os_family == "RedHat"
notify: restart nginx
tags:
- nginx
- config
- vhost
- rhel
- name: Проверка конфигурации nginx
command: nginx -t
register: nginx_config_test
changed_when: false
tags:
- nginx
- config
- test
- name: Показать результат проверки конфигурации
debug:
msg: "{{ nginx_config_test.stdout_lines }}"
when: nginx_config_test.stdout_lines is defined
tags:
- nginx
- config
- test

67
roles/nginx/templates/default.conf.j2 Normal file
View File

@@ -0,0 +1,67 @@
# Конфигурация виртуального хоста nginx
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
# Сгенерировано: {{ ansible_date_time.iso8601 }}
server {
listen {{ nginx_listen_port }};
server_name {{ nginx_server_name }};
# Настройки безопасности
{% if nginx_hide_version %}
server_tokens off;
{% endif %}
# Корневая директория
root {{ nginx_root_dir }};
index {{ nginx_index_file }};
# Настройки логов для этого виртуального хоста
access_log {{ nginx_access_log }};
error_log {{ nginx_error_log }};
# Основная локация
location / {
try_files $uri $uri/ =404;
}
# Настройки для статических файлов
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# Настройки безопасности
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Настройки для favicon
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Настройки для robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}
# Настройки для health check
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# Настройки для статуса nginx
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}

58
roles/nginx/templates/nginx.conf.j2 Normal file
View File

@@ -0,0 +1,58 @@
# Основная конфигурация nginx
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
# Сгенерировано: {{ ansible_date_time.iso8601 }}
user {{ nginx_user }};
worker_processes {{ nginx_worker_processes }};
error_log {{ nginx_error_log }};
pid /run/nginx.pid;
events {
worker_connections {{ nginx_worker_connections }};
}
http {
# Основные настройки
sendfile {{ nginx_sendfile }};
tcp_nopush {{ nginx_tcp_nopush }};
tcp_nodelay {{ nginx_tcp_nodelay }};
keepalive_timeout {{ nginx_keepalive_timeout }};
types_hash_max_size 2048;
server_tokens {{ nginx_server_tokens }};
# Настройки MIME типов
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Настройки логирования
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log {{ nginx_access_log }} main;
# Настройки gzip
{% if nginx_gzip %}
gzip {{ nginx_gzip_vary }};
gzip_min_length {{ nginx_gzip_min_length }};
gzip_types
{% for gzip_type in nginx_gzip_types %}
{{ gzip_type }}{% if not loop.last %} {% endif %}
{% endfor %};
{% endif %}
# Настройки безопасности
{% if nginx_hide_version %}
server_tokens off;
{% endif %}
# Включение конфигураций виртуальных хостов
{% if ansible_os_family == "Debian" %}
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
{% elif ansible_os_family == "RedHat" %}
include /etc/nginx/conf.d/*.conf;
{% endif %}
}

10
scripts/list-presets.sh
View File

@@ -1,10 +0,0 @@
#!/bin/bash
# Скрипт для показа всех пресетов
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
clear
echo "Доступные пресеты:"
for file in molecule/presets/*.yml; do
echo " $(basename "$file" .yml)"
done

35
scripts/use-preset.sh
View File

@@ -1,35 +0,0 @@
#!/bin/bash
# Скрипт для переключения между пресетами
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
set -e
PRESET_DIR="molecule/presets"
HOSTS_FILE="molecule/universal/hosts.yml"
if [ $# -eq 0 ]; then
echo "Использование: $0 <preset_name>"
echo ""
echo "Доступные пресеты:"
ls -1 "$PRESET_DIR"/*.yml | sed 's/.*\///' | sed 's/\.yml$//' | sed 's/^/ /'
exit 1
fi
PRESET="$1"
PRESET_FILE="$PRESET_DIR/$PRESET.yml"
if [ ! -f "$PRESET_FILE" ]; then
echo "Ошибка: Пресет '$PRESET' не найден!"
echo "Доступные пресеты:"
ls -1 "$PRESET_DIR"/*.yml | sed 's/.*\///' | sed 's/\.yml$//' | sed 's/^/ /'
exit 1
fi
echo "Переключение на пресет: $PRESET"
cp "$PRESET_FILE" "$HOSTS_FILE"
echo "Готово! Теперь используется пресет: $PRESET"
echo ""
echo "Для применения изменений выполните:"
echo " make molecule destroy"
echo " make molecule create"