--- #description: Пресет для тестирования безопасности с 10 хостами (bastion + internal + monitoring) # Автор: Сергей Антропов # Сайт: https://devops.org.ru docker_network: labnet generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini" # systemd-ready образы images: debian: "ghcr.io/ansible-community/molecule-ubuntu-systemd:jammy" # Собственные образы AnsibleTemplate alt: "inecs/ansible-lab:alt-linux-latest" astra: "inecs/ansible-lab:astra-linux-latest" rhel: "inecs/ansible-lab:rhel-latest" centos: "inecs/ansible-lab:centos-latest" alma: "inecs/ansible-lab:alma-latest" rocky: "inecs/ansible-lab:rocky-latest" redos: "inecs/ansible-lab:redos-latest" systemd_defaults: privileged: true command: "/sbin/init" volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:ro" tmpfs: ["/run", "/run/lock"] capabilities: ["SYS_ADMIN"] # Описание кластера для тестирования безопасности hosts: # Bastion хосты (точки входа) - name: bastion1 family: rhel groups: [bastion, security, jump] publish: ["2222:22"] - name: bastion2 family: debian groups: [bastion, security, jump] publish: ["2223:22"] # Внутренние серверы (без внешнего доступа) - name: internal1 family: rhel groups: [internal, servers, app] - name: internal2 family: debian groups: [internal, servers, app] - name: internal3 family: rhel groups: [internal, servers, app] # База данных (изолированная сеть) - name: db-secure1 family: rhel groups: [database, secure, internal] - name: db-secure2 family: debian groups: [database, secure, internal] # Мониторинг и логирование - name: monitor1 family: debian groups: [monitoring, security, logs] - name: monitor2 family: rhel groups: [monitoring, security, logs] # Firewall и сетевые компоненты - name: fw1 family: rhel groups: [firewall, network, security] - name: fw2 family: debian groups: [firewall, network, security] # DOoD узел для тестирования Docker безопасности - name: docker-secure type: dood family: debian groups: [docker, security, apps] publish: ["8080:8080"] env: DOCKER_HOST: "unix:///var/run/docker.sock"