Ansible/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
c66bb35f979322cc49a0227094ac9e3deb28f42f
DevOpsLab/molecule/default/converge.yml
Сергей Антропов c66bb35f97 feat: Добавлена поддержка ARM64 для Astra Linux и обновлена документация 
- Создан совместимый образ Astra Linux для ARM64 на базе Debian
- Добавлена команда make docker build-astra-arm64 для сборки ARM64 версии
- Обновлена документация по Docker образам с информацией о ARM64 поддержке
- Создан новый файл docs/arm64-support.md с подробным описанием ARM64 поддержки
- Обновлен README.md с информацией о multi-arch поддержке
- Добавлена информация о ALT Linux P9/P10 с поддержкой ARM64

Автор: Сергей Антропов
Сайт: https://devops.org.ru
2025-10-27 14:16:29 +03:00

76 lines
3.1 KiB
YAML
Raw Blame History

---
- hosts: localhost
gather_facts: false
vars:
# Получаем preset из переменной окружения или используем default
preset_name: "{{ lookup('env', 'MOLECULE_PRESET') | default('default') }}"
preset_file: "/workspace/molecule/presets/{{ preset_name }}.yml"
# перечисли файлы/глобы, которые нужно временно расшифровать
vault_targets:
- /workspace/vault/secrets.yml
- /workspace/vault/secret.yml
- /workspace/files/playbooks/group_vars/*/vault.yml
- /workspace/files/playbooks/host_vars/*/vault.yml
- /workspace/roles/**/vars/vault.yml
tasks:
- name: Load preset configuration
include_vars: "{{ preset_file }}"
when: preset_file is file
ignore_errors: true
# - name: Install collections
# community.docker.docker_container_exec:
# container: ansible-controller
# command: bash -lc "ansible-galaxy collection install -r /workspace/requirements.yml --force --no-deps --upgrade >/dev/null 2>&1 || true"
- name: Preflight vault — normalize state (encrypt if plaintext, then decrypt)
community.docker.docker_container_exec:
container: ansible-controller
command: >
bash -lc '
set -euo pipefail; shopt -s nullglob globstar;
for p in {{ vault_targets | map('quote') | join(' ') }}; do
for f in $p; do
[ -f "$f" ] || continue;
if head -n1 "$f" | grep -q "^\$ANSIBLE_VAULT;"; then
echo "[vault] already encrypted: $f";
else
echo "[vault] plaintext -> encrypt: $f";
ansible-vault encrypt --encrypt-vault-id default --vault-password-file /workspace/vault/.vault "$f";
fi
echo "[vault] decrypt for run: $f";
ansible-vault decrypt --vault-password-file /workspace/vault/.vault "$f";
done
done
'
- name: Run lab playbook
community.docker.docker_container_exec:
container: ansible-controller
command: >
bash -lc "
ANSIBLE_ROLES_PATH=/workspace/roles
ansible-playbook -i {{ lookup('env','MOLECULE_EPHEMERAL_DIRECTORY') }}/inventory/hosts.ini /workspace/molecule/default/site.yml
"
- name: Post-run — re-encrypt secrets
community.docker.docker_container_exec:
container: ansible-controller
command: >
bash -lc '
set -euo pipefail; shopt -s nullglob globstar;
for p in {{ vault_targets | map('quote') | join(' ') }}; do
for f in $p; do
[ -f "$f" ] || continue;
if head -n1 "$f" | grep -q "^\$ANSIBLE_VAULT;"; then
echo "[vault] ok (encrypted): $f";
else
echo "[vault] encrypt back: $f";
ansible-vault encrypt --encrypt-vault-id default --vault-password-file /workspace/vault/.vault "$f" || true;
fi
done
done
'
ignore_errors: true
Reference in New Issue View Git Blame Copy Permalink