DevOpsTools/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: улучшения роли devops и тестирования

Browse Source 
- Убрана подстановка значений по умолчанию для devops_password и devops_ssh_public_key
- Добавлена строгая валидация секретов из vault/secrets.yml с детальными сообщениями об ошибках
- Убран подробный вывод установки пакетов в тасках
- Исправлена проблема с созданием симлинков в vault/ при тестировании
- Обновлена логика загрузки vault переменных в molecule тестах
- Добавлена очистка симлинков в destroy.yml для дополнительной безопасности

Автор: Сергей Антропов
Сайт: https://devops.org.ru
This commit is contained in:
Сергей Антропов
2025-10-29 18:53:52 +03:00
parent f6d1182193
commit cb5045fb79
23 changed files with 821 additions and 679 deletions
Download Patch File Download Diff File Expand all files Collapse all files

329
molecule/default/converge.yml
View File

@@ -13,9 +13,11 @@
vault_targets:
- /workspace/vault/secrets.yml
- /workspace/vault/secret.yml
- /workspace/files/playbooks/group_vars/*/vault.yml
- /workspace/files/playbooks/host_vars/*/vault.yml
- /workspace/roles/**/vars/vault.yml
# - /workspace/files/playbooks/group_vars/*/vault.yml
# - /workspace/files/playbooks/host_vars/*/vault.yml
# - /workspace/roles/**/vars/vault.yml
# - /workspace/roles/*/defaults/*.yml
# - /workspace/files/**/*secret*.yml
tasks:
# =============================================================================
@@ -35,10 +37,6 @@
when: preset_file is file
ignore_errors: true
# - name: Install collections
# community.docker.docker_container_exec:
# container: ansible-controller
# command: bash -lc "ansible-galaxy collection install -r /workspace/requirements.yml --force --no-deps --upgrade >/dev/null 2>&1 || true"
# =============================================================================
# VAULT - Работа с зашифрованными файлами
@@ -52,99 +50,250 @@
Files: {{ vault_targets | length }} targets
================================================================================
- name: Check if vault file is encrypted
community.docker.docker_container_exec:
container: ansible-controller
command: "bash -c 'if [ -f \"/workspace/vault/secrets.yml\" ]; then grep -q \"ANSIBLE_VAULT\" /workspace/vault/secrets.yml && echo \"ENCRYPTED\" || echo \"PLAINTEXT\"; else echo \"NOT_FOUND\"; fi'"
register: vault_status
ignore_errors: true
- name: Encrypt vault file if plaintext
community.docker.docker_container_exec:
container: ansible-controller
command: "bash -c 'VAULT_PASSWORD_FILE=\"/workspace/vault/.vault\"; if [ -f \"$VAULT_PASSWORD_FILE\" ] && [ -f \"/workspace/vault/secrets.yml\" ] && [ \"{{ vault_status.stdout }}\" = \"PLAINTEXT\" ]; then ansible-vault encrypt --encrypt-vault-id default --vault-password-file \"$VAULT_PASSWORD_FILE\" /workspace/vault/secrets.yml; fi'"
when: vault_status.stdout == "PLAINTEXT"
ignore_errors: true
- name: Preflight vault — normalize state (encrypt if plaintext, then decrypt)
community.docker.docker_container_exec:
container: ansible-controller
command: "bash -c 'VAULT_PASSWORD_FILE=\"/workspace/vault/.vault\"; if [ -f \"$VAULT_PASSWORD_FILE\" ] && [ -f \"/workspace/vault/secrets.yml\" ]; then ansible-vault decrypt --vault-password-file \"$VAULT_PASSWORD_FILE\" /workspace/vault/secrets.yml; fi'"
ignore_errors: true
# =============================================================================
# PLAYBOOK - Запуск основного playbook
# =============================================================================
- name: Playbook execution
debug:
msg: |
================================================================================
PLAYBOOK - Запуск основного playbook
================================================================================
File: /workspace/molecule/default/site.yml
================================================================================
- name: Debug - Check files in container
- name: Check vault files encryption status
community.docker.docker_container_exec:
container: ansible-controller
command: |
bash -c '
echo "=== DEBUG INFO ==="
echo "Current directory: $(pwd)"
echo "ANSIBLE_ROLES_PATH: $ANSIBLE_ROLES_PATH"
echo "VAULT_PASSWORD_FILE: $VAULT_PASSWORD_FILE"
echo "VAULT_SECRETS_FILE: $VAULT_SECRETS_FILE"
echo "INVENTORY_FILE: $INVENTORY_FILE"
echo ""
echo "=== FILE CHECKS ==="
echo "Inventory exists: $([ -f "/tmp/molecule_workspace/inventory/hosts.ini" ] && echo "YES" || echo "NO")"
echo "Vault password exists: $([ -f "/workspace/vault/.vault" ] && echo "YES" || echo "NO")"
echo "Vault secrets exists: $([ -f "/workspace/vault/secrets.yml" ] && echo "YES" || echo "NO")"
echo "Site.yml exists: $([ -f "/workspace/molecule/default/site.yml" ] && echo "YES" || echo "NO")"
echo ""
echo "=== DIRECTORY LISTING ==="
ls -la /tmp/molecule_workspace/ || echo "No molecule_workspace dir"
ls -la /workspace/vault/ || echo "No vault dir"
echo ""
echo "=== INVENTORY CONTENT ==="
cat /tmp/molecule_workspace/inventory/hosts.ini || echo "Cannot read inventory"
VAULT_TARGETS_JSON="{{ vault_targets | to_json }}"
VAULT_PASSWORD_FILE="/workspace/vault/.vault"
echo "=== CHECKING VAULT FILES ENCRYPTION STATUS ==="
# Парсим JSON массив и проверяем каждый файл
echo "$VAULT_TARGETS_JSON" | jq -r ".[]" | while read -r target; do
echo "Checking target: $target"
# Если это glob паттерн, находим файлы
if [[ "$target" == *"*"* ]]; then
for file in $target; do
if [ -f "$file" ]; then
echo "Found file: $file"
if grep -q "ANSIBLE_VAULT" "$file"; then
echo "ENCRYPTED: $file"
else
echo "PLAINTEXT: $file"
fi
fi
done
else
# Обычный файл
if [ -f "$target" ]; then
echo "Found file: $target"
if grep -q "ANSIBLE_VAULT" "$target"; then
echo "ENCRYPTED: $target"
else
echo "PLAINTEXT: $target"
fi
else
echo "NOT_FOUND: $target"
fi
fi
done
'
register: vault_status_check
ignore_errors: true
# - name: Run lab playbook
# community.docker.docker_container_exec:
# container: ansible-controller
# command: |
# bash -c '
# set -e
# export ANSIBLE_ROLES_PATH=/workspace/roles
# export VAULT_PASSWORD_FILE="/workspace/vault/.vault"
# export VAULT_SECRETS_FILE="/workspace/vault/secrets.yml"
# export INVENTORY_FILE="/tmp/molecule_workspace/inventory/hosts.ini"
# echo "Starting playbook execution..."
# if [ -f "$VAULT_PASSWORD_FILE" ] && [ -f "$VAULT_SECRETS_FILE" ]; then
# echo "Running with vault..."
# ansible-playbook -i "$INVENTORY_FILE" /workspace/molecule/default/site.yml --vault-password-file "$VAULT_PASSWORD_FILE" -e "vault_file_path=$VAULT_SECRETS_FILE" -v
# else
# echo "Running without vault..."
# ansible-playbook -i "$INVENTORY_FILE" /workspace/molecule/default/site.yml -v
# fi
# echo "Playbook completed successfully"
# '
- name: Encrypt plaintext vault files
community.docker.docker_container_exec:
container: ansible-controller
command: |
bash -c '
VAULT_TARGETS_JSON="{{ vault_targets | to_json }}"
VAULT_PASSWORD_FILE="/workspace/vault/.vault"
echo "=== ENCRYPTING PLAINTEXT VAULT FILES ==="
if [ ! -f "$VAULT_PASSWORD_FILE" ]; then
echo "Vault password file not found: $VAULT_PASSWORD_FILE"
exit 0
fi
# Парсим JSON массив и шифруем каждый plaintext файл
echo "$VAULT_TARGETS_JSON" | jq -r ".[]" | while read -r target; do
echo "Processing target: $target"
# Если это glob паттерн, находим файлы
if [[ "$target" == *"*"* ]]; then
for file in $target; do
if [ -f "$file" ] && ! grep -q "ANSIBLE_VAULT" "$file"; then
echo "Encrypting plaintext file: $file"
ansible-vault encrypt --encrypt-vault-id default --vault-password-file "$VAULT_PASSWORD_FILE" "$file"
fi
done
else
# Обычный файл
if [ -f "$target" ] && ! grep -q "ANSIBLE_VAULT" "$target"; then
echo "Encrypting plaintext file: $target"
ansible-vault encrypt --encrypt-vault-id default --vault-password-file "$VAULT_PASSWORD_FILE" "$target"
fi
fi
done
'
ignore_errors: true
- name: Decrypt vault files for processing
community.docker.docker_container_exec:
container: ansible-controller
command: |
bash -c '
VAULT_TARGETS_JSON="{{ vault_targets | to_json }}"
VAULT_PASSWORD_FILE="/workspace/vault/.vault"
echo "=== DECRYPTING VAULT FILES FOR PROCESSING ==="
if [ ! -f "$VAULT_PASSWORD_FILE" ]; then
echo "Vault password file not found: $VAULT_PASSWORD_FILE"
exit 0
fi
# Парсим JSON массив и расшифровываем каждый зашифрованный файл
echo "$VAULT_TARGETS_JSON" | jq -r ".[]" | while read -r target; do
echo "Processing target: $target"
# Если это glob паттерн, находим файлы
if [[ "$target" == *"*"* ]]; then
for file in $target; do
if [ -f "$file" ] && grep -q "ANSIBLE_VAULT" "$file"; then
echo "Decrypting encrypted file: $file"
ansible-vault decrypt --vault-password-file "$VAULT_PASSWORD_FILE" "$file"
fi
done
else
# Обычный файл
if [ -f "$target" ] && grep -q "ANSIBLE_VAULT" "$target"; then
echo "Decrypting encrypted file: $target"
ansible-vault decrypt --vault-password-file "$VAULT_PASSWORD_FILE" "$target"
fi
fi
done
'
ignore_errors: true
# =============================================================================
# CLEANUP - Перешифровка файлов после выполнения
# VAULT LOADING - Загрузка vault переменных из vault_targets
# =============================================================================
- name: Cleanup operations
- name: Load vault variables from vault_targets
community.docker.docker_container_exec:
container: ansible-controller
command: |
bash -c '
VAULT_PASSWORD_FILE="/workspace/vault/.vault"
# Читаем vault_targets из переменных Ansible
VAULT_TARGETS_JSON="{{ vault_targets | to_json }}"
echo "=== VAULT LOADING ==="
echo "Vault password file: $VAULT_PASSWORD_FILE"
echo "Vault targets from Ansible: $VAULT_TARGETS_JSON"
# Создаем директории для vault файлов
mkdir -p /tmp/vault_files
# Создаем временный файл для объединения всех vault переменных
echo "---" > /tmp/vault_vars.yml
# Счетчик для обработки конфликтов
declare -A variable_sources
# Парсим JSON массив и обрабатываем каждый target
echo "$VAULT_TARGETS_JSON" | jq -r ".[]" | while read -r target; do
echo "Processing target: $target"
# Если это glob паттерн, находим файлы
if [[ "$target" == *"*"* ]]; then
for file in $target; do
if [ -f "$file" ]; then
echo "Found vault file: $file"
# Создаем копию файла в /tmp/vault_files для прямых ссылок
filename=$(basename "$file")
cp "$file" "/tmp/vault_files/$filename"
# Расшифровываем файл если нужно
if [ -f "$VAULT_PASSWORD_FILE" ]; then
echo "Loading encrypted vault file: $file"
ansible-vault view --vault-password-file "$VAULT_PASSWORD_FILE" "$file" > "/tmp/vault_files/${filename}.decrypted"
# Добавляем в объединенный файл с проверкой конфликтов
echo "---" >> /tmp/vault_vars.yml
echo "# From: $file" >> /tmp/vault_vars.yml
ansible-vault view --vault-password-file "$VAULT_PASSWORD_FILE" "$file" >> /tmp/vault_vars.yml
else
echo "Loading plain vault file: $file"
cp "$file" "/tmp/vault_files/${filename}.decrypted"
# Добавляем в объединенный файл с проверкой конфликтов
echo "---" >> /tmp/vault_vars.yml
echo "# From: $file" >> /tmp/vault_vars.yml
cat "$file" >> /tmp/vault_vars.yml
fi
fi
done
else
# Обычный файл
if [ -f "$target" ]; then
echo "Found vault file: $target"
# Создаем копию файла в /tmp/vault_files для прямых ссылок
filename=$(basename "$target")
cp "$target" "/tmp/vault_files/$filename"
# Расшифровываем файл если нужно
if [ -f "$VAULT_PASSWORD_FILE" ]; then
echo "Loading encrypted vault file: $target"
ansible-vault view --vault-password-file "$VAULT_PASSWORD_FILE" "$target" > "/tmp/vault_files/${filename}.decrypted"
# Добавляем в объединенный файл с проверкой конфликтов
echo "---" >> /tmp/vault_vars.yml
echo "# From: $target" >> /tmp/vault_vars.yml
ansible-vault view --vault-password-file "$VAULT_PASSWORD_FILE" "$target" >> /tmp/vault_vars.yml
else
echo "Loading plain vault file: $target"
cp "$target" "/tmp/vault_files/${filename}.decrypted"
# Добавляем в объединенный файл с проверкой конфликтов
echo "---" >> /tmp/vault_vars.yml
echo "# From: $target" >> /tmp/vault_vars.yml
cat "$target" >> /tmp/vault_vars.yml
fi
fi
fi
done
# Символические ссылки не нужны для работы, убираем их создание
echo "=== VAULT VARIABLES LOADED ==="
echo "Combined vault variables:"
cat /tmp/vault_vars.yml
echo ""
echo "Individual vault files available at:"
ls -la /tmp/vault_files/
'
ignore_errors: true
# =============================================================================
# LOAD VAULT VARIABLES - Загрузка vault переменных в Ansible
# =============================================================================
- name: Load vault variables into Ansible
include_vars:
file: /tmp/vault_vars.yml
ignore_errors: true
- name: Set vault files path
set_fact:
vault_files_path: /tmp/vault_files
when: vault_files_path is not defined
# =============================================================================
# CONVERGE ЗАВЕРШЕН - Playbook'и выполняются через Makefile
# =============================================================================
- name: Converge completed
debug:
msg: |
================================================================================
CLEANUP - Перешифровка файлов после выполнения
CONVERGE ЗАВЕРШЕН
================================================================================
Re-encrypting vault files
================================================================================
- name: Post-run — re-encrypt secrets
community.docker.docker_container_exec:
container: ansible-controller
command: "bash -c 'VAULT_PASSWORD_FILE=\"/workspace/vault/.vault\"; if [ -f \"$VAULT_PASSWORD_FILE\" ] && [ -f \"/workspace/vault/secrets.yml\" ]; then ansible-vault encrypt --encrypt-vault-id default --vault-password-file \"$VAULT_PASSWORD_FILE\" /workspace/vault/secrets.yml; fi'"
ignore_errors: true
Vault переменные загружены и готовы к использованию
Playbook'и run.yml и roles/deploy.yml будут выполнены через Makefile
================================================================================

77
molecule/default/create.yml
View File

@@ -156,7 +156,7 @@
- name: "{{ docker_network }}"
privileged: "{{ systemd_defaults.privileged }}"
command: "{{ '/bin/bash -c \"while true; do sleep 30; done\"' if item.family in ['alt10', 'alt9'] else systemd_defaults.command }}"
volumes: "{{ systemd_defaults.volumes | default([]) + (item.volumes | default([])) }}"
volumes: "{{ systemd_defaults.volumes | default([]) + (item.volumes | default([])) + ['/Users/inecs/PycharmProjects/DevOpsLab/vault:/workspace/vault:ro', '/Users/inecs/PycharmProjects/DevOpsLab/files:/workspace/files:ro', '/Users/inecs/PycharmProjects/DevOpsLab/roles:/workspace/roles:ro'] }}"
tmpfs: "{{ systemd_defaults.tmpfs | default([]) }}"
capabilities: "{{ systemd_defaults.capabilities | default([]) }}"
published_ports: "{{ item.publish | default([]) }}"
@@ -188,77 +188,8 @@
delay: 5
until: container_info.container.State.Running | default(false)
# Установка необходимых пакетов в контейнерах (Debian/Ubuntu)
- name: Install essential packages in containers (Debian/Ubuntu)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'apt-get update && apt-get install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family in ['ubuntu', 'debian', 'alt10', 'alt9']
ignore_errors: true
retries: 3
delay: 5
# Установка необходимых пакетов в контейнерах (RHEL/CentOS/AlmaLinux/Rocky)
- name: Install essential packages in containers (RHEL/CentOS/AlmaLinux/Rocky)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'yum update -y && yum install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family in ['rhel', 'centos', 'alma', 'rocky', 'redos']
ignore_errors: true
retries: 3
delay: 5
# Установка необходимых пакетов в контейнерах (Astra Linux)
- name: Install essential packages in containers (Astra Linux)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'apt-get update && apt-get install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family == 'astra'
ignore_errors: true
retries: 3
delay: 5
# Установка необходимых пакетов в контейнерах (Alt Linux)
- name: Install essential packages in containers (Alt Linux)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'apt-get update && apt-get install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family in ['alt10', 'alt9']
ignore_errors: true
retries: 3
delay: 5
# Создание tmp директории в контейнерах
- name: Create Ansible tmp directory in containers
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "mkdir -p /tmp/.ansible-tmp && chmod 755 /tmp/.ansible-tmp"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
ignore_errors: true
retries: 5
delay: 3
# Создание vault директории в контейнерах
- name: Create vault directory in containers
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "mkdir -p /workspace/vault && chmod 755 /workspace/vault"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
ignore_errors: true
retries: 5
delay: 3
# Примечание: Установка пакетов и создание директорий перенесены в run.yml
# для выполнения на всех поднятых контейнерах
# =============================================================================
# DIND NODES - Создание контейнеров Docker-in-Docker
@@ -308,7 +239,7 @@
- name: "{{ docker_network }}"
privileged: "{{ systemd_defaults.privileged }}"
command: "{{ systemd_defaults.command }}"
volumes: "{{ (systemd_defaults.volumes | default([])) + ['/var/run/docker.sock:/var/run/docker.sock'] + (item.volumes | default([])) }}"
volumes: "{{ (systemd_defaults.volumes | default([])) + ['/var/run/docker.sock:/var/run/docker.sock'] + (item.volumes | default([])) + ['/Users/inecs/PycharmProjects/DevOpsLab/vault:/workspace/vault:ro', '/Users/inecs/PycharmProjects/DevOpsLab/files:/workspace/files:ro', '/Users/inecs/PycharmProjects/DevOpsLab/roles:/workspace/roles:ro'] }}"
tmpfs: "{{ systemd_defaults.tmpfs | default([]) }}"
capabilities: "{{ systemd_defaults.capabilities | default([]) }}"
published_ports: "{{ item.publish | default([]) }}"

74
molecule/default/destroy.yml
View File

@@ -17,6 +17,11 @@
family: debian
groups: [test]
kind_clusters: []
# перечисли файлы/глобы, которые нужно временно расшифровать
vault_targets:
- /workspace/vault/secrets.yml
- /workspace/vault/secret.yml
tasks:
# =============================================================================
@@ -36,6 +41,63 @@
when: preset_file is file
ignore_errors: true
# =============================================================================
# VAULT CLEANUP - Перешифровка файлов перед удалением контейнеров
# =============================================================================
- name: Vault cleanup operations
debug:
msg: |
================================================================================
VAULT CLEANUP - Перешифровка файлов перед удалением контейнеров
================================================================================
Re-encrypting vault files
================================================================================
- name: Re-encrypt all vault files
community.docker.docker_container_exec:
container: ansible-controller
command: |
bash -c '
VAULT_TARGETS_JSON="{{ vault_targets | to_json }}"
VAULT_PASSWORD_FILE="/workspace/vault/.vault"
echo "=== RE-ENCRYPTING ALL VAULT FILES ==="
if [ ! -f "$VAULT_PASSWORD_FILE" ]; then
echo "Vault password file not found: $VAULT_PASSWORD_FILE"
exit 0
fi
# Парсим JSON массив и перешифровываем каждый файл
echo "$VAULT_TARGETS_JSON" | jq -r ".[]" | while read -r target; do
echo "Processing target: $target"
# Если это glob паттерн, находим файлы
if [[ "$target" == *"*"* ]]; then
for file in $target; do
if [ -f "$file" ] && ! grep -q "ANSIBLE_VAULT" "$file"; then
echo "Re-encrypting file: $file"
ansible-vault encrypt --encrypt-vault-id default --vault-password-file "$VAULT_PASSWORD_FILE" "$file"
fi
done
else
# Обычный файл
if [ -f "$target" ] && ! grep -q "ANSIBLE_VAULT" "$target"; then
echo "Re-encrypting file: $target"
ansible-vault encrypt --encrypt-vault-id default --vault-password-file "$VAULT_PASSWORD_FILE" "$target"
fi
fi
done
echo "All vault files re-encrypted successfully"
# Очистка символических ссылок в vault/
echo "Cleaning up vault symlinks..."
rm -f /workspace/vault/*.decrypted
echo "Vault symlinks cleaned up"
'
ignore_errors: true
# =============================================================================
# УДАЛЕНИЕ КОНТЕЙНЕРОВ - Остановка и удаление контейнеров
# =============================================================================
@@ -114,6 +176,18 @@
vars:
# Используем переменную hosts из загруженного пресета
hosts: "{{ hosts }}"
# =============================================================================
# ДОПОЛНИТЕЛЬНАЯ ОЧИСТКА - Удаление симлинков vault
# =============================================================================
- name: Clean up vault symlinks
file:
path: "{{ item }}"
state: absent
loop:
- /workspace/vault/secrets.yml.decrypted
- /workspace/vault/secret.yml.decrypted
ignore_errors: true
- name: Display cleanup summary
debug:
msg: |

151
molecule/default/site.yml → molecule/default/run.yml
View File

@@ -24,6 +24,18 @@
tags:
- setup
- color-reset
# Отладочная информация о vault переменных (передаются из converge.yml)
- name: Проверка vault переменных
debug:
msg: |
Vault переменные на {{ ansible_hostname }}:
- vault_devops_password: {{ vault_devops_password | default('НЕ ОПРЕДЕЛЕНА') | length }} символов
- vault_devops_ssh_public_key: {{ vault_devops_ssh_public_key | default('НЕ ОПРЕДЕЛЕНА') | length }} символов
tags:
- setup
- vault
- debug
# Создание tmp директории для Ansible
- name: Create Ansible tmp directory
file:
@@ -35,6 +47,18 @@
tags:
- setup
- tmp
# Создание vault директории
- name: Create vault directory
file:
path: /workspace/vault
state: directory
mode: '0755'
owner: root
group: root
tags:
- setup
- vault
# Обновление кеша пакетов для Debian/Ubuntu
- name: Update package cache (Debian/Ubuntu)
apt:
@@ -76,65 +100,67 @@
- setup
- update
# Установка common tools для всех ОС (ЗАКОММЕНТИРОВАНО)
# - name: Install common tools (Debian/Ubuntu)
# apt:
# name:
# - curl
# - jq
# - ca-certificates
# - iproute2
# - iputils-ping
# - procps
# - net-tools
# - vim
# - wget
# - unzip
# - git
# state: present
# update_cache: false
# when: ansible_os_family == 'Debian'
# tags:
# - setup
# - tools
# Установка common tools для всех ОС
- name: Install common tools (Debian/Ubuntu)
apt:
name:
- curl
- jq
- ca-certificates
- iproute2
- iputils-ping
- procps
- net-tools
- vim
- wget
- unzip
- git
- sudo
state: present
update_cache: false
when: ansible_os_family == 'Debian'
tags:
- setup
- tools
# - name: Install common tools (RHEL/CentOS/AlmaLinux/Rocky)
# yum:
# name:
# - curl
# - jq
# - ca-certificates
# - iproute
# - iputils
# - procps-ng
# - net-tools
# - vim
# - wget
# - unzip
# - git
# state: present
# when: ansible_os_family == 'RedHat'
# tags:
# - setup
# - tools
- name: Install common tools (RHEL/CentOS/AlmaLinux/Rocky)
yum:
name:
- curl
- jq
- ca-certificates
- iproute
- iputils
- procps-ng
- net-tools
- vim
- wget
- unzip
- git
- sudo
state: present
when: ansible_os_family == 'RedHat'
tags:
- setup
- tools
# - name: Install common tools (Alt Linux)
# command: apt-get install -y curl jq ca-certificates iproute2 iputils procps net-tools vim wget unzip git
# when: ansible_os_family == 'Altlinux'
# changed_when: false
# failed_when: false
# tags:
# - setup
# - tools
- name: Install common tools (Alt Linux)
command: apt-get install -y curl jq ca-certificates iproute2 iputils procps net-tools vim wget unzip git sudo
when: ansible_os_family == 'Altlinux'
changed_when: false
failed_when: false
tags:
- setup
- tools
# - name: Install common tools (Astra Linux)
# command: apt-get install -y curl jq ca-certificates iproute2 iputils procps net-tools vim wget unzip git
# when: ansible_os_family == 'Astra Linux'
# changed_when: false
# failed_when: false
# tags:
# - setup
# - tools
- name: Install common tools (Astra Linux)
command: apt-get install -y curl jq ca-certificates iproute2 iputils procps net-tools vim wget unzip git sudo
when: ansible_os_family == 'Astra Linux'
changed_when: false
failed_when: false
tags:
- setup
- tools
# Установка Python для Ansible (если не установлен)
- name: Install Python (Debian/Ubuntu)
@@ -149,18 +175,6 @@
- setup
- python
# Установка Python 3.8+ для RHEL/CentOS/Rocky/AlmaLinux
- name: Install Python 3.8+ (RHEL/CentOS/Rocky/AlmaLinux)
yum:
name:
- python3
- python3-pip
state: present
when: ansible_os_family == 'RedHat'
tags:
- setup
- python
- name: Install Python (RHEL/CentOS/AlmaLinux/Rocky)
yum:
name:
@@ -224,4 +238,3 @@
# - setup
# - directory
- import_playbook: ../../roles/deploy.yml