--- # ============================================================================= # DESTROY - Удаление тестовых инстансов # ============================================================================= - hosts: localhost gather_facts: false vars: # Получаем preset из переменной окружения или используем default preset_name: "{{ lookup('env', 'MOLECULE_PRESET') | default('default') }}" # Проверяем сначала в папке k8s, затем в основной папке presets preset_file: "{{ '/workspace/molecule/presets/k8s/' + preset_name + '.yml' if (preset_name in ['k8s-minimal', 'kubernetes', 'k8s-full'] or preset_name.startswith('k8s-')) else '/workspace/molecule/presets/' + preset_name + '.yml' }}" # Fallback значения если preset файл не найден docker_network: labnet hosts: - name: u1 family: debian groups: [test] kind_clusters: [] # перечисли файлы/глобы, которые нужно временно расшифровать vault_targets: - /workspace/vault/secrets.yml - /workspace/vault/secret.yml tasks: # ============================================================================= # НАСТРОЙКА - Загрузка конфигурации # ============================================================================= - name: Configuration setup debug: msg: | ================================================================================ НАСТРОЙКА - Загрузка конфигурации ================================================================================ Preset: {{ preset_name }} ================================================================================ - name: Load preset configuration include_vars: "{{ preset_file }}" when: preset_file is file ignore_errors: true # ============================================================================= # VAULT CLEANUP - Перешифровка файлов перед удалением контейнеров # ============================================================================= - name: Vault cleanup operations debug: msg: | ================================================================================ VAULT CLEANUP - Перешифровка файлов перед удалением контейнеров ================================================================================ Re-encrypting vault files ================================================================================ - name: Re-encrypt all vault files community.docker.docker_container_exec: container: ansible-controller command: | bash -c ' VAULT_TARGETS_JSON="{{ vault_targets | to_json }}" VAULT_PASSWORD_FILE="/workspace/vault/.vault" echo "=== RE-ENCRYPTING ALL VAULT FILES ===" if [ ! -f "$VAULT_PASSWORD_FILE" ]; then echo "Vault password file not found: $VAULT_PASSWORD_FILE" exit 0 fi # Парсим JSON массив и перешифровываем каждый файл echo "$VAULT_TARGETS_JSON" | jq -r ".[]" | while read -r target; do echo "Processing target: $target" # Если это glob паттерн, находим файлы if [[ "$target" == *"*"* ]]; then for file in $target; do if [ -f "$file" ] && ! grep -q "ANSIBLE_VAULT" "$file"; then echo "Re-encrypting file: $file" ansible-vault encrypt --encrypt-vault-id default --vault-password-file "$VAULT_PASSWORD_FILE" "$file" fi done else # Обычный файл if [ -f "$target" ] && ! grep -q "ANSIBLE_VAULT" "$target"; then echo "Re-encrypting file: $target" ansible-vault encrypt --encrypt-vault-id default --vault-password-file "$VAULT_PASSWORD_FILE" "$target" fi fi done echo "All vault files re-encrypted successfully" # Очистка символических ссылок в vault/ echo "Cleaning up vault symlinks..." rm -f /workspace/vault/*.decrypted echo "Vault symlinks cleaned up" ' ignore_errors: true # ============================================================================= # УДАЛЕНИЕ КОНТЕЙНЕРОВ - Остановка и удаление контейнеров # ============================================================================= - name: Container removal debug: msg: | ================================================================================ УДАЛЕНИЕ КОНТЕЙНЕРОВ - Остановка и удаление контейнеров ================================================================================ Count: {{ hosts | length }} containers ================================================================================ - name: Stop and remove containers community.docker.docker_container: name: "{{ item.name }}" state: absent force_kill: true cleanup: true loop: "{{ hosts }}" loop_control: { label: "{{ item.name }}" } ignore_errors: true - name: Force remove any remaining containers shell: | docker ps -a --filter "name={{ item.name }}" --format "{{ '{{' }}.ID{{ '}}' }}" | xargs -r docker rm -f loop: "{{ hosts }}" loop_control: { label: "{{ item.name }}" } ignore_errors: true - name: Remove DinD volumes community.docker.docker_volume: name: "{{ item.name }}-docker" state: absent loop: "{{ hosts | selectattr('type','defined') | selectattr('type','equalto','dind') | list }}" loop_control: { label: "{{ item.name }}" } ignore_errors: true - name: Remove custom volumes community.docker.docker_volume: name: "{{ item.volumes | default([]) | select('match', '^[^:]+$') | list }}" state: absent loop: "{{ hosts }}" loop_control: { label: "{{ item.name }}" } ignore_errors: true when: item.volumes is defined # ============================================================================= # ОЧИСТКА СЕТИ - Удаление Docker сети # ============================================================================= - name: Network cleanup debug: msg: | ================================================================================ ОЧИСТКА СЕТИ - Удаление Docker сети ================================================================================ Network: {{ docker_network }} ================================================================================ - name: Remove network community.docker.docker_network: name: "{{ docker_network }}" state: absent ignore_errors: true - name: Force cleanup all project containers shell: | # Удаляем все контейнеры из загруженного пресета {% for host in hosts %} docker ps -a --filter "name={{ host.name }}" --format "{{ '{{' }}.ID{{ '}}' }}" | xargs -r docker rm -f 2>/dev/null || true {% endfor %} # Удаляем все контейнеры с образами ansible-lab docker ps -a --filter "ancestor=inecs/ansible-lab" --format "{{ '{{' }}.ID{{ '}}' }}" | xargs -r docker rm -f 2>/dev/null || true # Удаляем все контейнеры с сетью labnet docker ps -a --filter "network=labnet" --format "{{ '{{' }}.ID{{ '}}' }}" | xargs -r docker rm -f 2>/dev/null || true ignore_errors: true vars: # Используем переменную hosts из загруженного пресета hosts: "{{ hosts }}" # ============================================================================= # ДОПОЛНИТЕЛЬНАЯ ОЧИСТКА - Удаление симлинков vault # ============================================================================= - name: Clean up vault symlinks file: path: "{{ item }}" state: absent loop: - /workspace/vault/secrets.yml.decrypted - /workspace/vault/secret.yml.decrypted ignore_errors: true - name: Display cleanup summary debug: msg: | ================================================================================ CLEANUP SUMMARY ================================================================================ Containers: {{ hosts | length }} Volumes: {{ hosts | selectattr('type','defined') | selectattr('type','equalto','dind') | list | length }} Network: {{ docker_network }} Clusters: {{ kind_clusters | default([]) | length }} ================================================================================