Обновление проекта

2025-10-28 19:19:49 +03:00
parent 0b4efd9ca1
commit f6d1182193
11 changed files with 257 additions and 31 deletions
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -52,6 +52,20 @@
          Files: {{ vault_targets | length }} targets
          ================================================================================

+    - name: Check if vault file is encrypted
+      community.docker.docker_container_exec:
+        container: ansible-controller
+        command: "bash -c 'if [ -f \"/workspace/vault/secrets.yml\" ]; then grep -q \"ANSIBLE_VAULT\" /workspace/vault/secrets.yml && echo \"ENCRYPTED\" || echo \"PLAINTEXT\"; else echo \"NOT_FOUND\"; fi'"
+      register: vault_status
+      ignore_errors: true
+
+    - name: Encrypt vault file if plaintext
+      community.docker.docker_container_exec:
+        container: ansible-controller
+        command: "bash -c 'VAULT_PASSWORD_FILE=\"/workspace/vault/.vault\"; if [ -f \"$VAULT_PASSWORD_FILE\" ] && [ -f \"/workspace/vault/secrets.yml\" ] && [ \"{{ vault_status.stdout }}\" = \"PLAINTEXT\" ]; then ansible-vault encrypt --encrypt-vault-id default --vault-password-file \"$VAULT_PASSWORD_FILE\" /workspace/vault/secrets.yml; fi'"
+      when: vault_status.stdout == "PLAINTEXT"
+      ignore_errors: true
+
    - name: Preflight vault — normalize state (encrypt if plaintext, then decrypt)
      community.docker.docker_container_exec:
        container: ansible-controller
@@ -70,10 +84,52 @@
          File: /workspace/molecule/default/site.yml
          ================================================================================

-    - name: Run lab playbook
+    - name: Debug - Check files in container
      community.docker.docker_container_exec:
        container: ansible-controller
-        command: "bash -c 'ANSIBLE_ROLES_PATH=/workspace/roles; VAULT_PASSWORD_FILE=\"/workspace/vault/.vault\"; VAULT_SECRETS_FILE=\"/workspace/vault/secrets.yml\"; INVENTORY_FILE=\"/tmp/molecule_workspace/inventory/hosts.ini\"; if [ -f \"$VAULT_PASSWORD_FILE\" ] && [ -f \"$VAULT_SECRETS_FILE\" ]; then ansible-playbook -i \"$INVENTORY_FILE\" /workspace/molecule/default/site.yml --vault-password-file \"$VAULT_PASSWORD_FILE\" -e \"vault_file_path=$VAULT_SECRETS_FILE\"; else ansible-playbook -i \"$INVENTORY_FILE\" /workspace/molecule/default/site.yml; fi'"
+        command: |
+          bash -c '
+          echo "=== DEBUG INFO ==="
+          echo "Current directory: $(pwd)"
+          echo "ANSIBLE_ROLES_PATH: $ANSIBLE_ROLES_PATH"
+          echo "VAULT_PASSWORD_FILE: $VAULT_PASSWORD_FILE"
+          echo "VAULT_SECRETS_FILE: $VAULT_SECRETS_FILE"
+          echo "INVENTORY_FILE: $INVENTORY_FILE"
+          echo ""
+          echo "=== FILE CHECKS ==="
+          echo "Inventory exists: $([ -f "/tmp/molecule_workspace/inventory/hosts.ini" ] && echo "YES" || echo "NO")"
+          echo "Vault password exists: $([ -f "/workspace/vault/.vault" ] && echo "YES" || echo "NO")"
+          echo "Vault secrets exists: $([ -f "/workspace/vault/secrets.yml" ] && echo "YES" || echo "NO")"
+          echo "Site.yml exists: $([ -f "/workspace/molecule/default/site.yml" ] && echo "YES" || echo "NO")"
+          echo ""
+          echo "=== DIRECTORY LISTING ==="
+          ls -la /tmp/molecule_workspace/ || echo "No molecule_workspace dir"
+          ls -la /workspace/vault/ || echo "No vault dir"
+          echo ""
+          echo "=== INVENTORY CONTENT ==="
+          cat /tmp/molecule_workspace/inventory/hosts.ini || echo "Cannot read inventory"
+          '
+
+#    - name: Run lab playbook
+#      community.docker.docker_container_exec:
+#        container: ansible-controller
+#        command: |
+#          bash -c '
+#          set -e
+#          export ANSIBLE_ROLES_PATH=/workspace/roles
+#          export VAULT_PASSWORD_FILE="/workspace/vault/.vault"
+#          export VAULT_SECRETS_FILE="/workspace/vault/secrets.yml"
+#          export INVENTORY_FILE="/tmp/molecule_workspace/inventory/hosts.ini"
+#          echo "Starting playbook execution..."
+#          if [ -f "$VAULT_PASSWORD_FILE" ] && [ -f "$VAULT_SECRETS_FILE" ]; then
+#            echo "Running with vault..."
+#            ansible-playbook -i "$INVENTORY_FILE" /workspace/molecule/default/site.yml --vault-password-file "$VAULT_PASSWORD_FILE" -e "vault_file_path=$VAULT_SECRETS_FILE" -v
+#          else
+#            echo "Running without vault..."
+#            ansible-playbook -i "$INVENTORY_FILE" /workspace/molecule/default/site.yml -v
+#          fi
+#          echo "Playbook completed successfully"
+#          '

    # =============================================================================
    # CLEANUP - Перешифровка файлов после выполнения
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -17,6 +17,7 @@ platforms:
    image: inecs/ansible-lab:ansible-controller-latest
    pre_build_image: true
    volumes:
+      - "${MOLECULE_EPHEMERAL_DIRECTORY}:/tmp/molecule_workspace:ro"
      - "../vault:/workspace/vault:ro"
  # ALT Linux
  - name: alt9
--- a/molecule/default/site.yml
+++ b/molecule/default/site.yml
@@ -16,6 +16,14 @@
  hosts: all
  become: true
  tasks:
+    # Сброс цветовых кодов ANSI для корректного отображения
+    - name: Reset ANSI color codes
+      debug:
+        msg: "\033[0m"
+      changed_when: false
+      tags:
+        - setup
+        - color-reset
    # Создание tmp директории для Ansible
    - name: Create Ansible tmp directory
      file:
--- a/molecule/presets/minimal.yml
+++ b/molecule/presets/minimal.yml
@@ -35,11 +35,8 @@ systemd_defaults:
  capabilities: ["SYS_ADMIN"]

 hosts:
-  # Минимальный набор - один хост
+  # Минимальный набор - один хост Astra Linux для arm64
  - name: u1
    family: astra
    groups: [test]
-    supported_platforms: ["linux/amd64"]  # Только amd64
-  - name: u2
-    family: alt
-    groups: [test]
+    supported_platforms: ["linux/arm64", "linux/amd64"]