91 lines
2.8 KiB
YAML
91 lines
2.8 KiB
YAML
---
|
||
#description: Пресет для тестирования безопасности с 10 хостами (bastion + internal + monitoring)
|
||
# Автор: Сергей Антропов
|
||
# Сайт: https://devops.org.ru
|
||
|
||
docker_network: labnet
|
||
generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"
|
||
|
||
# systemd-ready образы
|
||
images:
|
||
alt9: "inecs/ansible-lab:alt9-latest"
|
||
alt10: "inecs/ansible-lab:alt10-latest"
|
||
astra: "inecs/ansible-lab:astra-linux-latest"
|
||
rhel: "inecs/ansible-lab:rhel-latest"
|
||
centos7: "inecs/ansible-lab:centos7-latest"
|
||
centos8: "inecs/ansible-lab:centos8-latest"
|
||
centos9: "inecs/ansible-lab:centos9-latest"
|
||
alma: "inecs/ansible-lab:alma-latest"
|
||
rocky: "inecs/ansible-lab:rocky-latest"
|
||
redos: "inecs/ansible-lab:redos-latest"
|
||
ubuntu20: "inecs/ansible-lab:ubuntu20-latest"
|
||
ubuntu22: "inecs/ansible-lab:ubuntu22-latest"
|
||
ubuntu24: "inecs/ansible-lab:ubuntu24-latest"
|
||
debian9: "inecs/ansible-lab:debian9-latest"
|
||
debian10: "inecs/ansible-lab:debian10-latest"
|
||
debian11: "inecs/ansible-lab:debian11-latest"
|
||
debian12: "inecs/ansible-lab:debian12-latest"
|
||
|
||
systemd_defaults:
|
||
privileged: true
|
||
command: "/sbin/init"
|
||
volumes:
|
||
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
||
tmpfs: ["/run", "/run/lock"]
|
||
capabilities: ["SYS_ADMIN"]
|
||
|
||
# Описание кластера для тестирования безопасности
|
||
hosts:
|
||
# Bastion хосты (точки входа)
|
||
- name: bastion1
|
||
family: rhel
|
||
groups: [bastion, security, jump]
|
||
publish: ["2222:22"]
|
||
- name: bastion2
|
||
family: debian12
|
||
groups: [bastion, security, jump]
|
||
publish: ["2223:22"]
|
||
|
||
# Внутренние серверы (без внешнего доступа)
|
||
- name: internal1
|
||
family: rhel
|
||
groups: [internal, servers, app]
|
||
- name: internal2
|
||
family: debian12
|
||
groups: [internal, servers, app]
|
||
- name: internal3
|
||
family: rhel
|
||
groups: [internal, servers, app]
|
||
|
||
# База данных (изолированная сеть)
|
||
- name: db-secure1
|
||
family: rhel
|
||
groups: [database, secure, internal]
|
||
- name: db-secure2
|
||
family: debian12
|
||
groups: [database, secure, internal]
|
||
|
||
# Мониторинг и логирование
|
||
- name: monitor1
|
||
family: debian12
|
||
groups: [monitoring, security, logs]
|
||
- name: monitor2
|
||
family: rhel
|
||
groups: [monitoring, security, logs]
|
||
|
||
# Firewall и сетевые компоненты
|
||
- name: fw1
|
||
family: rhel
|
||
groups: [firewall, network, security]
|
||
- name: fw2
|
||
family: debian12
|
||
groups: [firewall, network, security]
|
||
|
||
# DOoD узел для тестирования Docker безопасности
|
||
- name: docker-secure
|
||
type: dood
|
||
family: debian12
|
||
groups: [docker, security, apps]
|
||
publish: ["8080:8080"]
|
||
env:
|
||
DOCKER_HOST: "unix:///var/run/docker.sock" |