Ansible/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
e638f7cc94b6bf2f3728381d19bc9e074e9a46b2
DevOpsLab/molecule/presets/security.yml

83 lines
2.4 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
#description: Пресет для тестирования безопасности с 10 хостами (bastion + internal + monitoring)
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
docker_network: labnet
generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
# systemd-ready образы
images:
alt: "inecs/ansible-lab:alt-linux-latest"
astra: "inecs/ansible-lab:astra-linux-latest"
rhel: "inecs/ansible-lab:rhel-latest"
centos: "inecs/ansible-lab:centos-latest"
alma: "inecs/ansible-lab:alma-latest"
rocky: "inecs/ansible-lab:rocky-latest"
redos: "inecs/ansible-lab:redos-latest"
ubuntu: "inecs/ansible-lab:ubuntu-latest"
debian: "inecs/ansible-lab:debian-latest"
systemd_defaults:
privileged: true
command: "/sbin/init"
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
tmpfs: ["/run", "/run/lock"]
capabilities: ["SYS_ADMIN"]
# Описание кластера для тестирования безопасности
hosts:
# Bastion хосты (точки входа)
- name: bastion1
family: rhel
groups: [bastion, security, jump]
publish: ["2222:22"]
- name: bastion2
family: debian12
groups: [bastion, security, jump]
publish: ["2223:22"]
# Внутренние серверы (без внешнего доступа)
- name: internal1
family: rhel
groups: [internal, servers, app]
- name: internal2
family: debian12
groups: [internal, servers, app]
- name: internal3
family: rhel
groups: [internal, servers, app]
# База данных (изолированная сеть)
- name: db-secure1
family: rhel
groups: [database, secure, internal]
- name: db-secure2
family: debian12
groups: [database, secure, internal]
# Мониторинг и логирование
- name: monitor1
family: debian12
groups: [monitoring, security, logs]
- name: monitor2
family: rhel
groups: [monitoring, security, logs]
# Firewall и сетевые компоненты
- name: fw1
family: rhel
groups: [firewall, network, security]
- name: fw2
family: debian12
groups: [firewall, network, security]
# DOoD узел для тестирования Docker безопасности
- name: docker-secure
type: dood
family: debian12
groups: [docker, security, apps]
publish: ["8080:8080"]
env:
DOCKER_HOST: "unix:///var/run/docker.sock"
Reference in New Issue View Git Blame Copy Permalink