Ansible/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
5543ae4d27702175b4c4357ff66b1e92583568ab
DevOpsLab/molecule/default/converge.yml
Сергей Антропов 5543ae4d27 feat: Переименование geop в cod и добавление ARM64 поддержки 
- Переименован пресет geop.yml в cod.yml
- Обновлены все группы с geop на cod
- Добавлена поддержка ARM64 для Astra Linux и RedOS
- Создан Dockerfile.arm64 для RedOS с исправлением конфликтов пакетов
- Улучшены разделители в логах Molecule
- Зашифрован файл vault/secrets.yml
- Обновлена роль devops с поддержкой vault
- Добавлены шаблоны для SSH и sudoers конфигураций
2025-10-27 19:43:26 +03:00

94 lines
5.6 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
# =============================================================================
# CONVERGE - Сборка и запуск тестовых сценариев
# =============================================================================
- hosts: localhost
gather_facts: false
vars:
# Получаем preset из переменной окружения или используем default
preset_name: "{{ lookup('env', 'MOLECULE_PRESET') | default('default') }}"
preset_file: "/workspace/molecule/presets/{{ preset_name }}.yml"
# перечисли файлы/глобы, которые нужно временно расшифровать
vault_targets:
- /workspace/vault/secrets.yml
- /workspace/vault/secret.yml
- /workspace/files/playbooks/group_vars/*/vault.yml
- /workspace/files/playbooks/host_vars/*/vault.yml
- /workspace/roles/**/vars/vault.yml
tasks:
# =============================================================================
# НАСТРОЙКА - Загрузка конфигурации и подготовка
# =============================================================================
- name: Configuration setup
debug:
msg: |
================================================================================
НАСТРОЙКА - Загрузка конфигурации и подготовка
================================================================================
Preset: {{ preset_name }}
================================================================================
- name: Load preset configuration
include_vars: "{{ preset_file }}"
when: preset_file is file
ignore_errors: true
# - name: Install collections
# community.docker.docker_container_exec:
# container: ansible-controller
# command: bash -lc "ansible-galaxy collection install -r /workspace/requirements.yml --force --no-deps --upgrade >/dev/null 2>&1 || true"
# =============================================================================
# VAULT - Работа с зашифрованными файлами
# =============================================================================
- name: Vault operations
debug:
msg: |
================================================================================
VAULT - Работа с зашифрованными файлами
================================================================================
Files: {{ vault_targets | length }} targets
================================================================================
- name: Preflight vault — normalize state (encrypt if plaintext, then decrypt)
community.docker.docker_container_exec:
container: ansible-controller
command: "bash -c 'VAULT_PASSWORD_FILE=\"/workspace/vault/.vault\"; if [ -f \"$VAULT_PASSWORD_FILE\" ] && [ -f \"/workspace/vault/secrets.yml\" ]; then ansible-vault decrypt --vault-password-file \"$VAULT_PASSWORD_FILE\" /workspace/vault/secrets.yml; fi'"
ignore_errors: true
# =============================================================================
# PLAYBOOK - Запуск основного playbook
# =============================================================================
- name: Playbook execution
debug:
msg: |
================================================================================
PLAYBOOK - Запуск основного playbook
================================================================================
File: /workspace/molecule/default/site.yml
================================================================================
- name: Run lab playbook
community.docker.docker_container_exec:
container: ansible-controller
command: "bash -c 'ANSIBLE_ROLES_PATH=/workspace/roles; VAULT_PASSWORD_FILE=\"/workspace/vault/.vault\"; VAULT_SECRETS_FILE=\"/workspace/vault/secrets.yml\"; INVENTORY_FILE=\"/tmp/molecule_workspace/inventory/hosts.ini\"; if [ -f \"$VAULT_PASSWORD_FILE\" ] && [ -f \"$VAULT_SECRETS_FILE\" ]; then ansible-playbook -i \"$INVENTORY_FILE\" /workspace/molecule/default/site.yml --vault-password-file \"$VAULT_PASSWORD_FILE\" -e \"vault_file_path=$VAULT_SECRETS_FILE\"; else ansible-playbook -i \"$INVENTORY_FILE\" /workspace/molecule/default/site.yml; fi'"
# =============================================================================
# CLEANUP - Перешифровка файлов после выполнения
# =============================================================================
- name: Cleanup operations
debug:
msg: |
================================================================================
CLEANUP - Перешифровка файлов после выполнения
================================================================================
Re-encrypting vault files
================================================================================
- name: Post-run — re-encrypt secrets
community.docker.docker_container_exec:
container: ansible-controller
command: "bash -c 'VAULT_PASSWORD_FILE=\"/workspace/vault/.vault\"; if [ -f \"$VAULT_PASSWORD_FILE\" ] && [ -f \"/workspace/vault/secrets.yml\" ]; then ansible-vault encrypt --encrypt-vault-id default --vault-password-file \"$VAULT_PASSWORD_FILE\" /workspace/vault/secrets.yml; fi'"
ignore_errors: true
Reference in New Issue View Git Blame Copy Permalink