DevOpsTools/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: улучшения роли devops и тестирования

Browse Source 
- Убрана подстановка значений по умолчанию для devops_password и devops_ssh_public_key
- Добавлена строгая валидация секретов из vault/secrets.yml с детальными сообщениями об ошибках
- Убран подробный вывод установки пакетов в тасках
- Исправлена проблема с созданием симлинков в vault/ при тестировании
- Обновлена логика загрузки vault переменных в molecule тестах
- Добавлена очистка симлинков в destroy.yml для дополнительной безопасности

Автор: Сергей Антропов
Сайт: https://devops.org.ru
This commit is contained in:
Сергей Антропов
2025-10-29 18:53:52 +03:00
parent f6d1182193
commit cb5045fb79
23 changed files with 821 additions and 679 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
molecule/default/create.yml
View File

@@ -156,7 +156,7 @@
- name: "{{ docker_network }}"
privileged: "{{ systemd_defaults.privileged }}"
command: "{{ '/bin/bash -c \"while true; do sleep 30; done\"' if item.family in ['alt10', 'alt9'] else systemd_defaults.command }}"
volumes: "{{ systemd_defaults.volumes | default([]) + (item.volumes | default([])) }}"
volumes: "{{ systemd_defaults.volumes | default([]) + (item.volumes | default([])) + ['/Users/inecs/PycharmProjects/DevOpsLab/vault:/workspace/vault:ro', '/Users/inecs/PycharmProjects/DevOpsLab/files:/workspace/files:ro', '/Users/inecs/PycharmProjects/DevOpsLab/roles:/workspace/roles:ro'] }}"
tmpfs: "{{ systemd_defaults.tmpfs | default([]) }}"
capabilities: "{{ systemd_defaults.capabilities | default([]) }}"
published_ports: "{{ item.publish | default([]) }}"
@@ -188,77 +188,8 @@
delay: 5
until: container_info.container.State.Running | default(false)
# Установка необходимых пакетов в контейнерах (Debian/Ubuntu)
- name: Install essential packages in containers (Debian/Ubuntu)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'apt-get update && apt-get install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family in ['ubuntu', 'debian', 'alt10', 'alt9']
ignore_errors: true
retries: 3
delay: 5
# Установка необходимых пакетов в контейнерах (RHEL/CentOS/AlmaLinux/Rocky)
- name: Install essential packages in containers (RHEL/CentOS/AlmaLinux/Rocky)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'yum update -y && yum install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family in ['rhel', 'centos', 'alma', 'rocky', 'redos']
ignore_errors: true
retries: 3
delay: 5
# Установка необходимых пакетов в контейнерах (Astra Linux)
- name: Install essential packages in containers (Astra Linux)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'apt-get update && apt-get install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family == 'astra'
ignore_errors: true
retries: 3
delay: 5
# Установка необходимых пакетов в контейнерах (Alt Linux)
- name: Install essential packages in containers (Alt Linux)
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "sh -c 'apt-get update && apt-get install -y sudo python3 python3-pip curl wget'"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined and item.family in ['alt10', 'alt9']
ignore_errors: true
retries: 3
delay: 5
# Создание tmp директории в контейнерах
- name: Create Ansible tmp directory in containers
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "mkdir -p /tmp/.ansible-tmp && chmod 755 /tmp/.ansible-tmp"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
ignore_errors: true
retries: 5
delay: 3
# Создание vault директории в контейнерах
- name: Create vault directory in containers
community.docker.docker_container_exec:
container: "{{ item.name }}"
command: "mkdir -p /workspace/vault && chmod 755 /workspace/vault"
loop: "{{ hosts | selectattr('type','undefined') | list }}"
loop_control: { label: "{{ item.name }}" }
when: item.family is defined and images[item.family] is defined
ignore_errors: true
retries: 5
delay: 3
# Примечание: Установка пакетов и создание директорий перенесены в run.yml
# для выполнения на всех поднятых контейнерах
# =============================================================================
# DIND NODES - Создание контейнеров Docker-in-Docker
@@ -308,7 +239,7 @@
- name: "{{ docker_network }}"
privileged: "{{ systemd_defaults.privileged }}"
command: "{{ systemd_defaults.command }}"
volumes: "{{ (systemd_defaults.volumes | default([])) + ['/var/run/docker.sock:/var/run/docker.sock'] + (item.volumes | default([])) }}"
volumes: "{{ (systemd_defaults.volumes | default([])) + ['/var/run/docker.sock:/var/run/docker.sock'] + (item.volumes | default([])) + ['/Users/inecs/PycharmProjects/DevOpsLab/vault:/workspace/vault:ro', '/Users/inecs/PycharmProjects/DevOpsLab/files:/workspace/files:ro', '/Users/inecs/PycharmProjects/DevOpsLab/roles:/workspace/roles:ro'] }}"
tmpfs: "{{ systemd_defaults.tmpfs | default([]) }}"
capabilities: "{{ systemd_defaults.capabilities | default([]) }}"
published_ports: "{{ item.publish | default([]) }}"