Ansible/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
5ea320ce9aa2c0c16d99649e10818483cae89e95
DevOpsLab/molecule/default/create.yml
Сергей Антропов 5ea320ce9a Обновление проекта
2025-10-27 20:06:32 +03:00

434 lines
19 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
# =============================================================================
# CREATE - Создание тестовых инстансов
# =============================================================================
- hosts: localhost
gather_facts: false
vars:
# Получаем preset из переменной окружения или используем default
preset_name: "{{ lookup('env', 'MOLECULE_PRESET') | default('default') }}"
# Проверяем сначала в папке k8s, затем в основной папке presets
preset_file: "{{ '/workspace/molecule/presets/k8s/' + preset_name + '.yml' if (preset_name in ['k8s-minimal', 'kubernetes', 'k8s-full'] or preset_name.startswith('k8s-')) else '/workspace/molecule/presets/' + preset_name + '.yml' }}"
# Fallback значения если preset файл не найден
docker_network: labnet
generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
images:
alt9: "inecs/ansible-lab:alt9-latest"
alt10: "inecs/ansible-lab:alt10-latest"
astra: "inecs/ansible-lab:astra-linux-latest"
astra-arm64: "inecs/ansible-lab:astra-linux-arm64-latest"
rhel: "inecs/ansible-lab:rhel-latest"
centos7: "inecs/ansible-lab:centos7-latest"
centos8: "inecs/ansible-lab:centos8-latest"
centos9: "inecs/ansible-lab:centos9-latest"
alma: "inecs/ansible-lab:alma-latest"
rocky: "inecs/ansible-lab:rocky-latest"
redos: "inecs/ansible-lab:redos-latest"
ubuntu20: "inecs/ansible-lab:ubuntu20-latest"
ubuntu22: "inecs/ansible-lab:ubuntu22-latest"
ubuntu24: "inecs/ansible-lab:ubuntu24-latest"
debian9: "inecs/ansible-lab:debian9-latest"
debian10: "inecs/ansible-lab:debian10-latest"
debian11: "inecs/ansible-lab:debian11-latest"
debian12: "inecs/ansible-lab:debian12-latest"
systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]
hosts:
- name: u1
family: debian
groups: [test]
kind_clusters: []
tasks:
# - name: Install required collections
# command: ansible-galaxy collection install -r /workspace/requirements.yml
# delegate_to: localhost
# ignore_errors: true
# register: collections_install
# changed_when: false
# run_once: true
# become: true
# vars:
# ansible_python_interpreter: /usr/bin/python3
# environment:
# ANSIBLE_COLLECTIONS_PATH: /usr/share/ansible/collections
# Определяем архитектуру системы для корректной загрузки образов
- name: Detect system architecture
shell: |
arch=$(uname -m)
case $arch in
x86_64) echo "linux/amd64" ;;
aarch64|arm64) echo "linux/arm64" ;;
armv7l) echo "linux/arm/v7" ;;
*) echo "linux/amd64" ;;
esac
register: detected_platform
changed_when: false
- name: Set ansible_architecture variable
set_fact:
ansible_architecture: "{{ detected_platform.stdout }}"
- name: Load preset configuration
include_vars: "{{ preset_file }}"
when: preset_file is file
ignore_errors: true
# Фильтрация хостов по поддерживаемым платформам
- name: Filter hosts by supported platforms
set_fact:
filtered_hosts: "{{ filtered_hosts | default([]) + [item] }}"
loop: "{{ hosts }}"
when: |
item.supported_platforms is not defined or
ansible_architecture in item.supported_platforms
- name: Update hosts list with filtered results
set_fact:
hosts: "{{ filtered_hosts | default(hosts) }}"
- name: Display filtered hosts
debug:
msg: |
================================================================================
СОЗДАНИЕ ТЕСТОВЫХ ИНСТАНСОВ
================================================================================
Platform: {{ ansible_architecture }}
Hosts: {{ hosts | length }}
================================================================================
# =============================================================================
# СЕТЕВОЕ ПОДКЛЮЧЕНИЕ
# =============================================================================
- name: Network setup
debug:
msg: |
================================================================================
НАСТРОЙКА СЕТИ
================================================================================
Network: {{ docker_network }}
================================================================================
- name: Ensure network exists
community.docker.docker_network:
name: "{{ docker_network }}"
state: present
# =============================================================================
# SYSTEMD NODES - Создание контейнеров с systemd
# =============================================================================
- name: Systemd nodes setup
debug:
msg: |
================================================================================
SYSTEMD NODES - Создание контейнеров с systemd
================================================================================
Count: {{ hosts | selectattr('type','undefined') | list | length }}
================================================================================
- name: Pull systemd images with correct platform
command: "docker pull --platform {{ ansible_architecture }} {{ images[item.family] }}"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
register: pull_result
ignore_errors: yes
- name: Display pull results
debug:
msg: "Pulled {{ item.item.name }}: {{ 'OK' if (item.rc is defined and item.rc == 0) else 'SKIPPED (not available for this platform)' }}"
loop: "{{ pull_result.results | default([]) }}"
loop_control:
label: "{{ item.item.name }}"
- name: Start systemd nodes
community.docker.docker_container:
name: "{{ item.name }}"
image: "{{ images[item.family] }}"
networks:
- name: "{{ docker_network }}"
privileged: "{{ systemd_defaults.privileged }}"
command: "{{ '/bin/bash -c \"while true; do sleep 30; done\"' if item.family in ['alt10', 'alt9'] else systemd_defaults.command }}"
volumes: "{{ systemd_defaults.volumes | default([]) + (item.volumes | default([])) }}"
tmpfs: "{{ systemd_defaults.tmpfs | default([]) }}"
capabilities: "{{ systemd_defaults.capabilities | default([]) }}"
published_ports: "{{ item.publish | default([]) }}"
env: "{{ item.env | default({}) }}"
# Специальные настройки для Astra Linux и RedOS
security_opts: "{{ ['seccomp=unconfined', 'apparmor=unconfined'] if item.family in ['astra', 'redos'] else [] }}"
platform: "{{ item.docker_platform | default(item.platform) | default(omit) }}"
state: started
restart_policy: unless-stopped
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
# Ожидание стабилизации контейнеров
- name: Wait for containers to be ready
pause:
seconds: 10
when: hosts | length > 0
# Проверка готовности контейнеров
- name: Wait for containers to be running
community.docker.docker_container_info:
name: "{{ item.name }}"
register: container_info
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
retries: 10
delay: 5
until: container_info.container.State.Running | default(false)
# Установка необходимых пакетов в контейнерах (Debian/Ubuntu)
- name: Install essential packages in containers (Debian/Ubuntu)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'apt-get update && apt-get install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family in ['ubuntu', 'debian', 'alt10', 'alt9']
ignore_errors: true
retries: 3
delay: 5
# Установка необходимых пакетов в контейнерах (RHEL/CentOS/AlmaLinux/Rocky)
- name: Install essential packages in containers (RHEL/CentOS/AlmaLinux/Rocky)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'yum update -y && yum install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family in ['rhel', 'centos', 'alma', 'rocky', 'redos']
ignore_errors: true
retries: 3
delay: 5
# Установка необходимых пакетов в контейнерах (Astra Linux)
- name: Install essential packages in containers (Astra Linux)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'apt-get update && apt-get install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family == 'astra'
ignore_errors: true
retries: 3
delay: 5
# Установка необходимых пакетов в контейнерах (Alt Linux)
- name: Install essential packages in containers (Alt Linux)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'apt-get update && apt-get install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family in ['alt10', 'alt9']
ignore_errors: true
retries: 3
delay: 5
# Создание tmp директории в контейнерах
- name: Create Ansible tmp directory in containers
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "mkdir -p /tmp/.ansible-tmp && chmod 755 /tmp/.ansible-tmp"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
ignore_errors: true
retries: 5
delay: 3
# Создание vault директории в контейнерах
- name: Create vault directory in containers
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "mkdir -p /workspace/vault && chmod 755 /workspace/vault"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
ignore_errors: true
retries: 5
delay: 3
# =============================================================================
# DIND NODES - Создание контейнеров Docker-in-Docker
# =============================================================================
- name: DinD nodes setup
debug:
msg: |
================================================================================
DIND NODES - Создание контейнеров Docker-in-Docker
================================================================================
Count: {{ hosts | selectattr('type','defined') | selectattr('type','equalto','dind') | list | length }}
================================================================================
- name: Start DinD nodes (docker:27-dind)
community.docker.docker_container:
name: "{{ item.name }}"
image: "docker:27-dind"
networks:
- name: "{{ docker_network }}"
privileged: true
env:
DOCKER_TLS_CERTDIR: ""
published_ports: "{{ item.publish | default([]) }}"
volumes: "{{ (item.volumes | default([])) + [item.name + '-docker:/var/lib/docker'] }}"
state: started
restart_policy: unless-stopped
loop: "{{ hosts | selectattr('type','defined') | selectattr('type','equalto','dind') | list }}"
loop_control: { label: "{{ item.name }}" }
# =============================================================================
# DOOD NODES - Создание контейнеров Docker-out-of-Docker
# =============================================================================
- name: DOoD nodes setup
debug:
msg: |
================================================================================
DOOD NODES - Создание контейнеров Docker-out-of-Docker
================================================================================
Count: {{ hosts | selectattr('type','defined') | selectattr('type','equalto','dood') | list | length }}
================================================================================
- name: Start DOoD nodes (systemd + docker.sock mount)
community.docker.docker_container:
name: "{{ item.name }}"
image: "{{ images[item.family] }}"
networks:
- name: "{{ docker_network }}"
privileged: "{{ systemd_defaults.privileged }}"
command: "{{ systemd_defaults.command }}"
volumes: "{{ (systemd_defaults.volumes | default([])) + ['/var/run/docker.sock:/var/run/docker.sock'] + (item.volumes | default([])) }}"
tmpfs: "{{ systemd_defaults.tmpfs | default([]) }}"
capabilities: "{{ systemd_defaults.capabilities | default([]) }}"
published_ports: "{{ item.publish | default([]) }}"
env: "{{ item.env | default({}) }}"
platform: "{{ item.docker_platform | default(item.platform) | default(omit) }}"
state: started
restart_policy: unless-stopped
loop: "{{ hosts | selectattr('type','defined') | selectattr('type','equalto','dood') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
# Build groups map
- name: Initialize groups map
set_fact:
groups_map: {}
- name: Append hosts to groups
set_fact:
groups_map: "{{ groups_map | combine({ item_group: (groups_map[item_group] | default([])) + [item_name] }) }}"
loop: "{{ hosts | subelements('groups', skip_missing=True) }}"
loop_control:
label: "{{ item.0.name }}"
vars:
item_name: "{{ item.0.name }}"
item_group: "{{ item.1 }}"
# =============================================================================
# ИНВЕНТАРЬ - Генерация inventory файла
# =============================================================================
- name: Inventory generation
debug:
msg: |
================================================================================
ИНВЕНТАРЬ - Генерация inventory файла
================================================================================
File: {{ generated_inventory }}
================================================================================
- name: Render inventory ini
set_fact:
inv_content: |
[all:vars]
ansible_connection=community.docker.docker
ansible_remote_tmp=/tmp/.ansible-tmp
{% for group, members in (groups_map | dictsort) %}
[{{ group }}]
{% for h in members %}{{ h }}
{% endfor %}
{% endfor %}
[all]
{% for h in hosts %}{{ h.name }}
{% endfor %}
{# Группа с Debian-based системами (Debian, Ubuntu, Alt) - используем /usr/bin/python3 #}
{% set debian_hosts = [] %}
{% for h in hosts %}
{% if h.family in ['ubuntu', 'debian', 'alt'] %}
{% set _ = debian_hosts.append(h.name) %}
{% endif %}
{% endfor %}
{% if debian_hosts %}
[debian_family:vars]
ansible_python_interpreter=/usr/bin/python3
[debian_family]
{% for h in debian_hosts %}{{ h }}
{% endfor %}
{% endif %}
{# Группа с RHEL-based системами (RHEL, CentOS, Alma, Rocky, RedOS) #}
{% set rhel_hosts = [] %}
{% for h in hosts %}
{% if h.family in ['rhel', 'centos', 'alma', 'rocky', 'redos'] %}
{% set _ = rhel_hosts.append(h.name) %}
{% endif %}
{% endfor %}
{% if rhel_hosts %}
[rhel_family:vars]
ansible_python_interpreter=/usr/bin/python3
[rhel_family]
{% for h in rhel_hosts %}{{ h }}
{% endfor %}
{% endif %}
{# Astra Linux - используем /usr/bin/python3 #}
{% set astra_hosts = [] %}
{% for h in hosts %}
{% if h.family == 'astra' %}
{% set _ = astra_hosts.append(h.name) %}
{% endif %}
{% endfor %}
{% if astra_hosts %}
[astra_family:vars]
ansible_python_interpreter=/usr/bin/python3
[astra_family]
{% for h in astra_hosts %}{{ h }}
{% endfor %}
{% endif %}
{# Глобальный fallback для остальных хостов #}
[all:vars]
ansible_python_interpreter=auto_silent
- name: Write inventory file
copy:
dest: "{{ generated_inventory }}"
content: "{{ inv_content }}"
mode: "0644"
- name: Display inventory summary
debug:
msg: |
📋 Inventory Summary:
- Total hosts: {{ hosts | length }}
- Groups: {{ groups_map.keys() | list | join(', ') }}
- Systemd nodes: {{ hosts | selectattr('type','undefined') | list | length }}
- DinD nodes: {{ hosts | selectattr('type','defined') | selectattr('type','equalto','dind') | list | length }}
- DOoD nodes: {{ hosts | selectattr('type','defined') | selectattr('type','equalto','dood') | list | length }}
Reference in New Issue View Git Blame Copy Permalink