Обновление проекта

Makefile

@@ -419,6 +419,18 @@ git:
 	@case "$(word 2, $(MAKECMDGOALS))" in \
 		push) \
 			echo "📤 Отправка изменений в репозиторий..."; \
+			if [ -d "vault" ]; then \
+				VAULT_FILES=$$(find vault -maxdepth 1 -type f -name "*.yml" 2>/dev/null); \
+				if [ -n "$$VAULT_FILES" ]; then \
+					echo "🔐 Шифрование vault/*.yml..."; \
+					for f in $$VAULT_FILES; do \
+						if ! grep -q "ANSIBLE_VAULT" "$$f" 2>/dev/null; then \
+							docker run --rm -v "$(PWD):/workspace" -w /workspace $(DOCKER_IMAGE) \
+								ansible-vault encrypt --encrypt-vault-id default --vault-password-file vault/.vault "$$f" || true; \
+						fi; \
+					done; \
+				fi; \
+			fi; \
 			git add .; \
 			git commit -m "Обновление проекта"; \
 			git push origin main;; \

molecule/default/converge.yml

@@ -52,6 +52,20 @@
           Files: {{ vault_targets | length }} targets
           ================================================================================
 
+    - name: Check if vault file is encrypted
+      community.docker.docker_container_exec:
+        container: ansible-controller
+        command: "bash -c 'if [ -f \"/workspace/vault/secrets.yml\" ]; then grep -q \"ANSIBLE_VAULT\" /workspace/vault/secrets.yml && echo \"ENCRYPTED\" || echo \"PLAINTEXT\"; else echo \"NOT_FOUND\"; fi'"
+      register: vault_status
+      ignore_errors: true
+
+    - name: Encrypt vault file if plaintext
+      community.docker.docker_container_exec:
+        container: ansible-controller
+        command: "bash -c 'VAULT_PASSWORD_FILE=\"/workspace/vault/.vault\"; if [ -f \"$VAULT_PASSWORD_FILE\" ] && [ -f \"/workspace/vault/secrets.yml\" ] && [ \"{{ vault_status.stdout }}\" = \"PLAINTEXT\" ]; then ansible-vault encrypt --encrypt-vault-id default --vault-password-file \"$VAULT_PASSWORD_FILE\" /workspace/vault/secrets.yml; fi'"
+      when: vault_status.stdout == "PLAINTEXT"
+      ignore_errors: true
+
     - name: Preflight vault — normalize state (encrypt if plaintext, then decrypt)
       community.docker.docker_container_exec:
         container: ansible-controller
@@ -70,10 +84,52 @@
           File: /workspace/molecule/default/site.yml
           ================================================================================
 
-    - name: Run lab playbook
+    - name: Debug - Check files in container
       community.docker.docker_container_exec:
         container: ansible-controller
-        command: "bash -c 'ANSIBLE_ROLES_PATH=/workspace/roles; VAULT_PASSWORD_FILE=\"/workspace/vault/.vault\"; VAULT_SECRETS_FILE=\"/workspace/vault/secrets.yml\"; INVENTORY_FILE=\"/tmp/molecule_workspace/inventory/hosts.ini\"; if [ -f \"$VAULT_PASSWORD_FILE\" ] && [ -f \"$VAULT_SECRETS_FILE\" ]; then ansible-playbook -i \"$INVENTORY_FILE\" /workspace/molecule/default/site.yml --vault-password-file \"$VAULT_PASSWORD_FILE\" -e \"vault_file_path=$VAULT_SECRETS_FILE\"; else ansible-playbook -i \"$INVENTORY_FILE\" /workspace/molecule/default/site.yml; fi'"
+        command: |
+          bash -c '
+          echo "=== DEBUG INFO ==="
+          echo "Current directory: $(pwd)"
+          echo "ANSIBLE_ROLES_PATH: $ANSIBLE_ROLES_PATH"
+          echo "VAULT_PASSWORD_FILE: $VAULT_PASSWORD_FILE"
+          echo "VAULT_SECRETS_FILE: $VAULT_SECRETS_FILE"
+          echo "INVENTORY_FILE: $INVENTORY_FILE"
+          echo ""
+          echo "=== FILE CHECKS ==="
+          echo "Inventory exists: $([ -f "/tmp/molecule_workspace/inventory/hosts.ini" ] && echo "YES" || echo "NO")"
+          echo "Vault password exists: $([ -f "/workspace/vault/.vault" ] && echo "YES" || echo "NO")"
+          echo "Vault secrets exists: $([ -f "/workspace/vault/secrets.yml" ] && echo "YES" || echo "NO")"
+          echo "Site.yml exists: $([ -f "/workspace/molecule/default/site.yml" ] && echo "YES" || echo "NO")"
+          echo ""
+          echo "=== DIRECTORY LISTING ==="
+          ls -la /tmp/molecule_workspace/ || echo "No molecule_workspace dir"
+          ls -la /workspace/vault/ || echo "No vault dir"
+          echo ""
+          echo "=== INVENTORY CONTENT ==="
+          cat /tmp/molecule_workspace/inventory/hosts.ini || echo "Cannot read inventory"
+          '
+
+#    - name: Run lab playbook
+#      community.docker.docker_container_exec:
+#        container: ansible-controller
+#        command: |
+#          bash -c '
+#          set -e
+#          export ANSIBLE_ROLES_PATH=/workspace/roles
+#          export VAULT_PASSWORD_FILE="/workspace/vault/.vault"
+#          export VAULT_SECRETS_FILE="/workspace/vault/secrets.yml"
+#          export INVENTORY_FILE="/tmp/molecule_workspace/inventory/hosts.ini"
+#          echo "Starting playbook execution..."
+#          if [ -f "$VAULT_PASSWORD_FILE" ] && [ -f "$VAULT_SECRETS_FILE" ]; then
+#            echo "Running with vault..."
+#            ansible-playbook -i "$INVENTORY_FILE" /workspace/molecule/default/site.yml --vault-password-file "$VAULT_PASSWORD_FILE" -e "vault_file_path=$VAULT_SECRETS_FILE" -v
+#          else
+#            echo "Running without vault..."
+#            ansible-playbook -i "$INVENTORY_FILE" /workspace/molecule/default/site.yml -v
+#          fi
+#          echo "Playbook completed successfully"
+#          '
 
     # =============================================================================
     # CLEANUP - Перешифровка файлов после выполнения

molecule/default/molecule.yml

@@ -17,6 +17,7 @@ platforms:
     image: inecs/ansible-lab:ansible-controller-latest
     pre_build_image: true
     volumes:
+      - "${MOLECULE_EPHEMERAL_DIRECTORY}:/tmp/molecule_workspace:ro"
       - "../vault:/workspace/vault:ro"
   # ALT Linux
   - name: alt9

molecule/default/site.yml

@@ -16,6 +16,14 @@
   hosts: all
   become: true
   tasks:
+    # Сброс цветовых кодов ANSI для корректного отображения
+    - name: Reset ANSI color codes
+      debug:
+        msg: "\033[0m"
+      changed_when: false
+      tags:
+        - setup
+        - color-reset
     # Создание tmp директории для Ansible
     - name: Create Ansible tmp directory
       file:

molecule/presets/minimal.yml

@@ -35,11 +35,8 @@ systemd_defaults:
   capabilities: ["SYS_ADMIN"]
 
 hosts:
-  # Минимальный набор - один хост
+  # Минимальный набор - один хост Astra Linux для arm64
   - name: u1
     family: astra
     groups: [test]
-    supported_platforms: ["linux/amd64"]  # Только amd64
-  - name: u2
-    family: alt
-    groups: [test]
+    supported_platforms: ["linux/arm64", "linux/amd64"]

roles/deploy.yml

@@ -6,8 +6,30 @@
 - name: Развертывание всех ролей
   hosts: all
   become: true
-  roles:
-    - devops  
-    - python
-    - docker
+  tasks:
+    # Сброс цветовых кодов ANSI для корректного отображения
+    - name: Reset ANSI color codes
+      debug:
+        msg: "\033[0m"
+      changed_when: false
+      tags:
+        - color-reset
+
+#- name: Установка роли devops
+#  hosts: all
+#  become: true
+#  roles:
+#    - devops
+
+- name: Установка роли python
+  hosts: all
+  become: true
+  roles:
+    - python
+
+#- name: Установка роли docker
+#  hosts: all
+#  become: true
+#  roles:
+#    - docker
 

roles/devops/tasks/main.yml

@@ -3,9 +3,21 @@
 # Автор: Сергей Антропов
 # Сайт: https://devops.org.ru
 
+- name: "Reset ANSI color codes"
+  debug:
+    msg: "\033[0m"
+  changed_when: false
+  tags: [devops, color-reset]
+
 - name: "🔍 Проверка входных параметров"
   tags: [devops, validation]
   block:
+    - name: "Установка значений по умолчанию для тестирования"
+      set_fact:
+        devops_password: "{{ vault_devops_password | default('123123') }}"
+        devops_ssh_public_key: "{{ vault_devops_ssh_public_key | default('ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7vbqajDhA... devops@devops.org.ru') }}"
+      when: devops_password == "" or devops_ssh_public_key == ""
+
     - name: "Проверка наличия пароля пользователя devops"
       fail:
         msg: "Пароль пользователя devops не найден в vault/secrets.yml. Установите переменную vault_devops_password."

roles/docker/tasks/main.yml

@@ -3,6 +3,12 @@
 # Автор: Сергей Антропов
 # Сайт: https://devops.org.ru
 
+- name: "Reset ANSI color codes"
+  debug:
+    msg: "\033[0m"
+  changed_when: false
+  tags: [docker, color-reset]
+
 # Определяем семейство ОС для выбора правильного метода установки
 - name: Определение семейства ОС
   set_fact:

roles/python/tasks/main.yml

@@ -3,6 +3,12 @@
 # Автор: Сергей Антропов
 # Сайт: https://devops.org.ru
 
+- name: "Reset ANSI color codes"
+  debug:
+    msg: "\033[0m"
+  changed_when: false
+  tags: [python, color-reset]
+
 - name: "Отладочная информация о системе"
   debug:
     msg:
@@ -85,6 +91,14 @@
     - python_current_package_manager in ['apt', 'dnf', 'zypper']
     - python_current_package_manager != 'unknown'
 
+- name: "Обновление списка пакетов (ClearLinux)"
+  command: "swupd update"
+  changed_when: false
+  when:
+    - python_current_package_manager == 'swupd'
+    - python_current_package_manager != 'unknown'
+  ignore_errors: true
+
 - name: "Обновление списка пакетов после добавления репозиториев"
   package:
     name: "*"
@@ -104,6 +118,14 @@
   when:
     - python_current_build_deps | length > 0
     - python_current_package_manager != 'unknown'
+    - python_current_package_manager != 'swupd'
+  ignore_errors: true
+
+- name: "Установка системных зависимостей для компиляции (ClearLinux)"
+  command: "swupd bundle-add {{ python_current_build_deps | join(' ') }}"
+  when:
+    - python_current_build_deps | length > 0
+    - python_current_package_manager == 'swupd'
   ignore_errors: true
 
 # =============================================================================
@@ -124,6 +146,16 @@
   when:
     - python_current_packages | length > 0
     - python_current_package_manager != 'unknown'
+    - python_current_package_manager != 'swupd'
+    - python_version_check.rc != 0
+  register: python_package_install
+  ignore_errors: true
+
+- name: "Установка Python из пакетов (ClearLinux)"
+  command: "swupd bundle-add {{ python_current_packages | join(' ') }}"
+  when:
+    - python_current_packages | length > 0
+    - python_current_package_manager == 'swupd'
     - python_version_check.rc != 0
   register: python_package_install
   ignore_errors: true
@@ -187,7 +219,7 @@
     - python_current_packages | length == 0
     - python_version_check.rc != 0
     - download_result is defined
-    - download_result.status_code == 200
+    - download_result.rc is defined and download_result.rc == 0
 
 - name: "Конфигурация Python для компиляции"
   command: >
@@ -207,7 +239,7 @@
     - python_current_packages | length == 0
     - python_version_check.rc != 0
     - download_result is defined
-    - download_result.status_code == 200
+    - download_result.rc is defined and download_result.rc == 0
 
 - name: "Компиляция Python"
   make:
@@ -217,7 +249,7 @@
     - python_current_packages | length == 0
     - python_version_check.rc != 0
     - download_result is defined
-    - download_result.status_code == 200
+    - download_result.rc is defined and download_result.rc == 0
 
 - name: "Установка скомпилированного Python"
   make:
@@ -228,7 +260,7 @@
     - python_current_packages | length == 0
     - python_version_check.rc != 0
     - download_result is defined
-    - download_result.status_code == 200
+    - download_result.rc is defined and download_result.rc == 0
 
 - name: "Обновление библиотек для скомпилированного Python"
   command: "ldconfig"
@@ -238,7 +270,7 @@
     - python_current_packages | length == 0
     - python_version_check.rc != 0
     - download_result is defined
-    - download_result.status_code == 200
+    - download_result.rc is defined and download_result.rc == 0
 
 # =============================================================================
 # ЭТАП 7: СОЗДАНИЕ СИМВОЛИЧЕСКИХ ССЫЛОК
@@ -407,6 +439,19 @@
     - pip_latest_version is defined
     - pip_current_version.stdout is defined
     - pip_latest_version not in pip_current_version.stdout
+    - python_current_package_manager != 'swupd'
+  ignore_errors: true
+
+- name: "Обновление pip до последней версии (ClearLinux)"
+  command: "{{ python_current_pip }} install --upgrade pip --break-system-packages"
+  changed_when: false
+  when:
+    - python_version_check.rc == 0
+    - pip_current_version.rc == 0
+    - pip_latest_version is defined
+    - pip_current_version.stdout is defined
+    - pip_latest_version not in pip_current_version.stdout
+    - python_current_package_manager == 'swupd'
   ignore_errors: true
 
 # =============================================================================
@@ -473,6 +518,7 @@
   package_facts:
     manager: "{{ python_current_package_manager }}"
   when: python_current_package_manager != 'unknown'
+  ignore_errors: true
 
 - name: "Финальный отчет об установке"
   debug:
@@ -483,10 +529,10 @@
       ================================================================================
 
       📊 ИНФОРМАЦИЯ О СИСТЕМЕ:
-      • Дистрибутив: {{ system_facts.ansible_facts.distribution }} {{ system_facts.ansible_facts.distribution_version }}
-      • Семейство ОС: {{ system_facts.ansible_facts.os_family }}
-      • Архитектура: {{ system_facts.ansible_facts.architecture }}
-      • Ядро: {{ system_facts.ansible_facts.kernel }}
+      • Дистрибутив: {{ ansible_distribution }} {{ ansible_distribution_version }}
+      • Семейство ОС: {{ ansible_os_family }}
+      • Архитектура: {{ ansible_architecture }}
+      • Ядро: {{ ansible_kernel }}
 
       🐍 PYTHON:
       • Версия: {{ final_python_version.stdout | default('НЕ УСТАНОВЛЕН') }}

roles/python/vars/main.yml

@@ -24,6 +24,7 @@ python_package_managers:
   "alt linux": "apt-rpm"
   astra: "apt"
   "astra linux": "apt"
+  clearlinux: "swupd"
 
 # Пакеты для установки Python 3.12 в разных дистрибутивах
 python_packages_by_os:
@@ -120,6 +121,13 @@ python_packages_by_os:
     - python3.12-lib2to3
     - python3.12-gdbm
     - python3.12-tk
+  clearlinux:
+    - python3
+    - python3-dev
+    - python3-pip
+    - python3-setuptools
+    - python3-wheel
+    - python3-venv
   "alt linux":
     - python3.12
     - python3.12-devel
@@ -196,6 +204,7 @@ python_update_commands:
   "alt linux": "apt-get update"
   astra: "apt update"
   "astra linux": "apt update"
+  clearlinux: "swupd update"
 
 # Команды для установки пакетов
 python_install_commands:
@@ -213,6 +222,7 @@ python_install_commands:
   "alt linux": "apt-get install -y"
   astra: "apt install -y"
   "astra linux": "apt install -y"
+  clearlinux: "swupd bundle-add"
 
 # Пути к исполняемым файлам Python
 python_executable_paths:
@@ -230,6 +240,7 @@ python_executable_paths:
   "alt linux": "/usr/bin/python3.12"
   astra: "/usr/bin/python3.12"
   "astra linux": "/usr/bin/python3.12"
+  clearlinux: "/usr/bin/python3"
 
 # Пути к pip
 python_pip_paths:
@@ -247,6 +258,7 @@ python_pip_paths:
   "alt linux": "/usr/bin/pip3.12"
   astra: "/usr/bin/pip3.12"
   "astra linux": "/usr/bin/pip3.12"
+  clearlinux: "/usr/bin/pip3"
 
 # Системные зависимости для компиляции
 python_build_deps_by_os:
@@ -441,6 +453,20 @@ python_build_deps_by_os:
     - libdb-dev
     - libpcap-dev
     - liblzma-dev
+  clearlinux:
+    - os-core-devel
+    - python3-dev
+    - zlib-devel
+    - openssl-devel
+    - libffi-devel
+    - sqlite-devel
+    - readline-devel
+    - bzip2-devel
+    - ncurses-devel
+    - xz-devel
+    - tk-devel
+    - gdbm-devel
+    - expat-devel
   "alt linux":
     - gcc
     - gcc-c++

vault/secrets.yml

@@ -1,11 +1,51 @@
----
-# Vault файл с секретными переменными для роли devops
-# Автор: Сергей Антропов
-# Сайт: https://devops.org.ru
-
-# Пароль для пользователя devops
-vault_devops_password: "123123"
-
-# SSH публичный ключ для пользователя devops
-vault_devops_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7vbqajDhA... devops@devops.org.ru"
-
+$ANSIBLE_VAULT;1.1;AES256
+34663739653463366234613631353064393733363234323430333465393362666165373562303565
+3037663539383033313563623635393536366438316433320a623361306663373332326165326633
+37336136343965616234663462333165363965323362326266373566303238303033663336333331
+3435343232613563630a626639343461613239643532663138303630373739623836326238646236
+35346264346231353364363065393266623934323964363163623964643162306461633431616233
+62663339353134616130623862383332343037363739366237383638373638366363306231663635
+35373638346338386366636235616366323433636164333434313831613465343335366237366131
+65626562373532623263373430383531313631613638643466636661613763316465313833643030
+66346130393131383037386464353239663232636561666638333937346236613438616265313363
+65373766363866386466613035373266663235656537336431643931373131333435383761663937
+33626230343833656162623263363230383362393233393166346661303162353762613433376663
+61346236666338646534656138363030313562346465346563613266653930623532353765326234
+38373562613438653364323465363337363066313638373232643439386137623136313066306362
+39386437353233366563613962653837383664343462666537323335373839383334346364306361
+64366362396333643830313766373330613832323739306530333664333737343239393964643831
+34373736663132383134343334353234633061303335363364333339386331663962363334316231
+30663438376632326334383231363737333534633939316363366436633266323665363062343431
+37616137393932626433623962636537376238326466326136396532636666643234323639316235
+36306137656431626162343231616530663637323835346139323734393066623039396466346264
+62656161366663303838383661623966373265393130616431663331636234626231343632333831
+62313037336261313939636636626133656136366161346439663530373530383338393764366239
+63626634303866636636636366323539326534363461306333663638613261313164373961633866
+33656632633465663431643938313035303366376536343434333231353932303065306662393933
+37643134306535303036363130356435633039616637653363303164376335393665386334353664
+64366562353933633063353166666636333563613562386632616163376166626462393261376438
+37306131666232633330656464613133313032303333623735326439616166323765393766393036
+63336538336166633534643063353864636131353232393433313961333234386337616139613133
+65303666393431623031373966396632333536613664363239616236623338306336313331313062
+36346338326161653664646537656538626535613561353739396134323537666563386136343238
+66396666323234316237656137306666376439633261376233366234323834383963313138666366
+31653238303633353164636263643934326466636664386265383762323138333466323332643732
+62313462316431383061663166363834666234386163393030643265336333316232626561353031
+61353639333435303237666232643830336530353735656137333338643730343835346264306265
+61373662623863323430656166376338306463373835333661353466653261633636383764363366
+38323835666531633233326264323330616139313431353763343061393661333038363864383863
+62323239316135643231626661663237636466653763636433613039633661386531343161613838
+64383834663530636530363133396431383738636638333661636239643264623365353564653964
+64376131323239663633303662333438636431313262316639363531323930396238646665343262
+38393764643062343531326365393536653862653735393035623465386134633163323635356530
+38303365376561666133663639376234323363356264336566666565383933373330356562643063
+34663832613339376232663561323261653937333339313862613164656436323239623239613664
+66383131613434366133663833663734313437376461663530366166323361643566393835626334
+35383437376663326232336630386662386435663933303635616431376463333461316262666663
+63393330656665356138613663333565616230366338396361333265396562306438613263363035
+63626662396131623431353462376364656265373363383737303034363336313330656663626161
+33396161373730303239623338323564386139333838393661323466363035616635663765316238
+61636563356665616435653064316334633530643731366239383530346532336366666230613730
+38613566346131303863663463656534306530383364383031653964333939353536633262636635
+37643662323333356639663363636430626361343830663261623234343161643733633130613534
+3039653530613936353962373738396265656264636263656333