diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..fbe20f8
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,5 @@
+skip_list:
+ - fqcn
+ - yaml[new-line-at-end-of-file]
+ - yaml[truthy]
+ - var-naming[no-role-prefix]
\ No newline at end of file
diff --git a/.ansible/.lock b/.ansible/.lock
deleted file mode 100644
index e69de29..0000000
diff --git a/.idea/AnsibleTemplate.iml b/.idea/AnsibleTemplate.iml
new file mode 100644
index 0000000..db32fb1
--- /dev/null
+++ b/.idea/AnsibleTemplate.iml
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
new file mode 100644
index 0000000..95a0fdb
--- /dev/null
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -0,0 +1,47 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..105ce2d
--- /dev/null
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
index 8df3993..a6dd401 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -1,6 +1,7 @@
-
-
+
+
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..febcd53
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..35eb1dd
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 9ddc0ef..a9a7409 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,6 +16,7 @@ RUN apt-get update && \
make \
sudo \
sshpass \
+ openssh-client \
nano \
less \
&& rm -rf /var/lib/apt/lists/*
@@ -48,6 +49,10 @@ RUN pip install --upgrade pip && \
docker
+# Копируем ssh ключ
+COPY id_rsa /root/.ssh/id_rsa
+RUN chmod 600 /root/.ssh/id_rsa
+
# Set the working directory
WORKDIR /ansible
diff --git a/Makefile b/Makefile
index 2b1a6c5..9112990 100644
--- a/Makefile
+++ b/Makefile
@@ -1,86 +1,59 @@
-# Переменные
-ROLE_NAME ?= my_new_role
-VAULT_PASSWORD_FILE ?= vault_password_file
-INVENTORY ?= /workspace/inventory/hosts # Путь к инвентори внутри контейнера
-PLAYBOOK ?= /workspace/role/playbook.yml # Путь к playbook внутри контейнера
+
+view create edit show delete test lint deploy:
+ @true
####################################################################################################
# Управление контейнерами с помощью docker compose
####################################################################################################
# Сборка docker-образов
build:
+ cp ~/.ssh/id_rsa .
docker compose build $(c)
+ rm id_rsa
# Пересборка docker-образов
rebuild:
+ cp ~/.ssh/id_rsa .
docker compose build --no-cache $(c)
- docker compose down
-# docker compose up -d
-
-# Создание и запуск docker-контейнеров
-up:
- docker compose up -d
-
-# Остановка и УДАЛЕНИЕ docker-контейнеров
-down:
- docker compose down
-
-# Остановка docker-контейнеров
-stop:
- docker compose stop $(c)
-
-# Запуск docker-контейнеров
-start:
- docker compose start $(c)
-
-# Перезапуск docker-контейнеров
-restart: down up
-
-# Удаление docker-контейнеров с вольюмами
-destroy:
- docker compose down --volumes --remove-orphans && rm -rf data/*/
+ rm id_rsa
# Удаление docker-контейнеров с полной очисткой неактивных контейнеров
prune:
docker system prune -af
-# Показать список контейнеров
-ps:
- docker compose ps
-
-# Все логи конейнеров
-logs:
- docker compose logs --tail=100 -f $(c)
-
-shell:
- docker compose exec ansible bash
####################################################################################################
# Работа с ролью
####################################################################################################
-view create edit view delete test lint deploy:
- @true
-
vault:
@case "$(word 2, $(MAKECMDGOALS))" in \
- view) docker compose run --rm ansible bash -c "ansible-vault view --vault-password-file vault-password.txt roles/role/vars/secrets.yml";; \
- create) docker compose run --rm ansible bash -c "ansible-vault create --encrypt-vault-id default --vault-password-file vault-password.txt roles/role/vars/secrets.yml";; \
- edit) docker compose run --rm ansible bash -c "ansible-vault edit --vault-password-file vault-password.txt roles/role/vars/secrets.yml";; \
- delete) docker compose run --rm ansible bash -c "rm roles/role/vars/secrets.yml";; \
+ show) docker compose run --rm ansible bash -c "ansible-vault view --vault-password-file vault-password.txt roles/vars/secrets.yml";; \
+ create) docker compose run --rm ansible bash -c "ansible-vault create --encrypt-vault-id default --vault-password-file vault-password.txt roles/vars/secrets.yml";; \
+ edit) docker compose run --rm ansible bash -c "ansible-vault edit --vault-password-file vault-password.txt roles/vars/secrets.yml";; \
+ delete) docker compose run --rm ansible bash -c "rm roles/vars/secrets.yml";; \
*) echo "Unknown action";; \
esac
role:
@case "$(word 2, $(MAKECMDGOALS))" in \
- test) \
- echo "Running test roles..."; \
- docker compose run --rm ansible bash -c "molecule test";; \
lint) \
+ clear; \
echo "Check your role..."; \
- docker compose run --rm ansible bash -c "ansible-lint roles/role";; \
+ docker compose run --rm ansible bash -c "ansible-vault decrypt --vault-password-file vault-password.txt roles/vars/secrets.yml"; \
+ docker compose run --rm ansible bash -c "ansible-lint roles/*"; \
+ echo " "; \
+ docker compose run --rm ansible bash -c "ansible-vault encrypt roles/vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt";; \
+ test) \
+ clear; \
+ echo "Running test roles..."; \
+ docker compose run --rm ansible bash -c "ansible-vault decrypt --vault-password-file vault-password.txt roles/vars/secrets.yml"; \
+ docker compose run --rm ansible bash -c "molecule test --parallel"; \
+ echo " "; \
+ docker compose run --rm ansible bash -c "ansible-vault encrypt roles/vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt";; \
deploy) \
+ clear; \
echo "Deploying roles to production..."; \
- docker compose run --rm ansible /usr/bin/sh -c "ansible-playbook -i inventory/production deploy.yml --vault-password-file vault-password.txt";; \
+ docker compose run --rm ansible bash -c "ansible-playbook /ansible/roles/deploy.yaml";; \
*) echo "Unknown action";; \
esac
@@ -88,8 +61,6 @@ role:
# Работа с Git
####################################################################################################
push:
-# git config --global user.email "sergey@antropoff.ru"
-# git config --global user.name "Sergey Antropoff"
git branch
@read -p "Выберите ветку для пуша: " BRANCH; \
read -p "Введите описание коммита: " COMMIT; \
@@ -101,9 +72,3 @@ push:
pull:
git pull
-
-new-branch:
- git checkout branch $(name)
-
-branch:
- git checkout $(name)
diff --git a/ansible.cfg b/ansible.cfg
index 33d3bd5..1e23d45 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,7 +1,8 @@
[defaults]
-inventory = /ansible/inventory
+inventory = /ansible/inventory/hosts
vault_password_file = /ansible/vault_password.txt
-remote_user = ansible
+remote_user = devops
host_key_checking = False
enable_plugins = yaml, ini
-roles_path = /ansible/roles
\ No newline at end of file
+roles_path = /ansible/roles
+interpreter_python = auto
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
index fde264c..9b924a3 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,6 +1,9 @@
services:
ansible:
- build: .
+ build:
+ context: .
+ ssh:
+ - default
container_name: ansible
volumes:
- .:/ansible
diff --git a/inventory/hosts b/inventory/hosts
new file mode 100644
index 0000000..6e8b241
--- /dev/null
+++ b/inventory/hosts
@@ -0,0 +1,2 @@
+[all]
+10.14.246.9
\ No newline at end of file
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index b84d23e..88c42cd 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -2,4 +2,6 @@
- name: Converge
hosts: all
roles:
- - role: /ansible/roles/role
+ - /ansible/roles/role
+ vars_files:
+ - ../../roles/vars/secrets.yml
\ No newline at end of file
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index d26a736..d384fff 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -4,16 +4,27 @@ dependency:
enabled: true
options:
requirements-file: /ansible/requirements.yml
+
driver:
name: docker
+
platforms:
- - name: instance
+ - name: centos-instance
+ image: "quay.io/fedora/python-312"
+ privileged: true
+ pre_build_image: true
+
+ - name: ubuntu-instance
image: "geerlingguy/docker-ubuntu2004-ansible:latest"
privileged: true
pre_build_image: true
+
provisioner:
name: ansible
+ env:
+ ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
lint:
name: ansible-lint
+
verifier:
name: ansible
diff --git a/molecule/default/no-prepare.yml b/molecule/default/no-prepare.yml
new file mode 100644
index 0000000..57b792f
--- /dev/null
+++ b/molecule/default/no-prepare.yml
@@ -0,0 +1,43 @@
+- name: Prepare
+ hosts: all
+ tasks:
+ - name: Detect OS family
+ ansible.builtin.setup:
+ gather_subset:
+ - "min"
+
+ - name: Обновляем пакеты для работы с Ansible в RockyLinux (Centos/RedHat)
+ when: ansible_facts['os_family'] == "RedHat"
+ block:
+ - name: Устанавливаем репозиторий AppStream (если его нет)
+ ansible.builtin.raw: dnf config-manager --set-enabled appstream
+ changed_when: false
+
+ - name: Установить rsync
+ ansible.builtin.raw: dnf install -y rsync
+ changed_when: false
+
+ - name: Устанавливаем Python 3.8
+ ansible.builtin.raw: dnf install -y python38 python38-pip
+ changed_when: false
+
+ - name: Обновляем символическую ссылку python3
+ ansible.builtin.raw: alternatives --set python /usr/bin/python3.8
+ changed_when: false
+# - name: Fix repository URLs
+# ansible.builtin.command:
+# cmd: sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
+# changed_when: false
+
+# - name: Update baseurl
+# ansible.builtin.command:
+# cmd: sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
+# changed_when: false
+
+# - name: Install required packages
+# ansible.builtin.yum:
+# name:
+# - epel-release
+# - python3
+# - python3-pip
+# state: present
diff --git a/molecule/default/no-verify.yml b/molecule/default/no-verify.yml
new file mode 100644
index 0000000..5e80115
--- /dev/null
+++ b/molecule/default/no-verify.yml
@@ -0,0 +1,7 @@
+---
+- name: Prepare
+ hosts: all
+ tasks:
+ - name: Reun verify
+ debug:
+ msg: "Hello, Verify!"
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
deleted file mode 100644
index 0470683..0000000
--- a/molecule/default/prepare.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: Prepare
- hosts: all
- tasks:
- - name: Install required packages
- debug:
- msg: "Hello, Prepare!"
-# apt:
-# name:
-# - git
-# state: present
\ No newline at end of file
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
deleted file mode 100644
index d7adc4f..0000000
--- a/molecule/default/verify.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-- name: Prepare
- hosts: all
- tasks:
- - name: Install required packages
- debug:
- msg: "Hello, Verify!"
\ No newline at end of file
diff --git a/requirements.yml b/requirements.yml
index d33abdd..cf12a33 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -2,8 +2,3 @@
collections:
- name: maxhoesel.proxmox
version: 5.0.1
- - name: community.general
- version: 6.0.0
- - name: ansible.posix
- version: 1.4.0
-
diff --git a/roles/deploy.yaml b/roles/deploy.yaml
new file mode 100644
index 0000000..4acdabc
--- /dev/null
+++ b/roles/deploy.yaml
@@ -0,0 +1,3 @@
+---
+- name: Import role
+ import_playbook: role/deploy.yaml
\ No newline at end of file
diff --git a/roles/role/deploy.yaml b/roles/role/deploy.yaml
index 3c9cf2e..9119955 100644
--- a/roles/role/deploy.yaml
+++ b/roles/role/deploy.yaml
@@ -1,6 +1,11 @@
---
- name: Deploy roles
- hosts: production
+ hosts: all
become: true
+ become_user: root
+ become_method: ansible.builtin.sudo
+ gather_facts: true
roles:
- role
+ vars_files:
+ - ../vars/secrets.yml
\ No newline at end of file
diff --git a/roles/role/tasks/debian/main.yaml b/roles/role/tasks/debian/main.yaml
new file mode 100644
index 0000000..2b67c3c
--- /dev/null
+++ b/roles/role/tasks/debian/main.yaml
@@ -0,0 +1,4 @@
+---
+- name: Пример таски
+ debug:
+ msg: "Привет! Я запустился на Debian/Ubuntu! Переменная role_test равна {{ role_test }}"
diff --git a/roles/role/tasks/main.yaml b/roles/role/tasks/main.yaml
index f6da4a6..2b9ddee 100644
--- a/roles/role/tasks/main.yaml
+++ b/roles/role/tasks/main.yaml
@@ -1,4 +1,12 @@
---
-- name: Example task
- debug:
- msg: "Hello, Ansible!"
\ No newline at end of file
+- name: "Определяем ОС"
+ set_fact:
+ os_family: "{{ ansible_facts['os_family'] }}"
+
+- name: "Подключаем таски для RedHat совместимых"
+ include_tasks: "redhat/main.yaml"
+ when: os_family == "RedHat"
+
+- name: "Подключаем таски для Debian/Ubuntu совместимых"
+ include_tasks: "debian/main.yaml"
+ when: os_family == "Debian"
diff --git a/roles/role/tasks/redhat/main.yaml b/roles/role/tasks/redhat/main.yaml
new file mode 100644
index 0000000..64e5c36
--- /dev/null
+++ b/roles/role/tasks/redhat/main.yaml
@@ -0,0 +1,4 @@
+---
+- name: Пример таски
+ debug:
+ msg: "Привет! Я запустился на RedHat/CentOS/Fedora!"
diff --git a/roles/role/vars/secrets.yml b/roles/role/vars/secrets.yml
deleted file mode 100644
index 046de5c..0000000
--- a/roles/role/vars/secrets.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30363439326335316131303133653930363431336539356134363933656566663330366165616366
-6639353565306634613164636161353362643237353933610a323838666436363835303765323930
-62333364613535656138623233666635303934376234633937666131366239323436333334646666
-6364303839396532310a633636333665346538313931366666333665363163623966666236346666
-6464
diff --git a/roles/role/vars/.gitkeep b/roles/vars/.gitkeep
similarity index 100%
rename from roles/role/vars/.gitkeep
rename to roles/vars/.gitkeep
diff --git a/roles/vars/secrets.yml b/roles/vars/secrets.yml
new file mode 100644
index 0000000..b2f57d5
--- /dev/null
+++ b/roles/vars/secrets.yml
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+33333461346434666539316330333661306537303234306132383733633635656139623330346339
+3735343834396131623436333737363436346137613337340a393633636663346131353135313332
+35656537663832366464316538346565313236306538343537343032373161653366353665366565
+3461316135353337640a613137383034663265306666353338326135613961646364373966353863
+37313731623164303566383431613131353331363035653630313630353130623066