DevOpsTools/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ce450215b7762078c9a0ca33228eb7f1ab9efc5
DevOpsLab/roles/devops/vars/main.yml
Сергей Антропов cb5045fb79 feat: улучшения роли devops и тестирования 
- Убрана подстановка значений по умолчанию для devops_password и devops_ssh_public_key
- Добавлена строгая валидация секретов из vault/secrets.yml с детальными сообщениями об ошибках
- Убран подробный вывод установки пакетов в тасках
- Исправлена проблема с созданием симлинков в vault/ при тестировании
- Обновлена логика загрузки vault переменных в molecule тестах
- Добавлена очистка симлинков в destroy.yml для дополнительной безопасности

Автор: Сергей Антропов
Сайт: https://devops.org.ru
2025-10-29 18:53:52 +03:00

253 lines
6.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
# OS-специфичные переменные для роли devops
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru
# Определение семейства ОС
devops_os_family: "{{ ansible_os_family | lower }}"
devops_distribution: "{{ ansible_distribution | lower }}"
devops_distribution_version: "{{ ansible_distribution_version | lower }}"
# Настройки для разных семейств ОС
devops_os_config:
redhat:
package_manager: "yum"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "wheel"
additional_groups:
- "wheel"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "nano"
- "mc"
- "tar"
- "gzip"
services:
- "sshd"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
debian:
package_manager: "apt"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "sudo"
additional_groups:
- "sudo"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "nano"
- "mc"
- "tar"
- "gzip"
services:
- "ssh"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
suse:
package_manager: "zypper"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "wheel"
additional_groups:
- "wheel"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "nano"
- "mc"
- "tar"
- "gzip"
services:
- "sshd"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
alpine:
package_manager: "apk"
user_management: "adduser"
group_management: "addgroup"
sudo_group: "wheel"
additional_groups:
- "wheel"
- "docker"
packages:
- "sudo"
- "openssh"
- "curl"
- "wget"
- "mc"
- "nano"
- "tar"
- "gzip"
services:
- "sshd"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
# Специфичные настройки для российских ОС
devops_russian_os_config:
clearlinux: # Astra Linux определяется как clearlinux
package_manager: "apt"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "sudo"
additional_groups:
- "sudo"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "mc"
- "nano"
- "tar"
- "gzip"
services:
- "ssh"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
astra:
package_manager: "apt"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "sudo"
additional_groups:
- "sudo"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "mc"
- "nano"
- "tar"
- "gzip"
services:
- "ssh"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
redos:
package_manager: "yum"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "wheel"
additional_groups:
- "wheel"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "mc"
- "nano"
- "tar"
- "gzip"
services:
- "sshd"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
altlinux: # Alt Linux определяется как altlinux
package_manager: "apt"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "sudo"
additional_groups:
- "sudo"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "mc"
- "nano"
- "tar"
- "gzip"
services:
- "ssh"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
alt:
package_manager: "apt"
user_management: "useradd"
group_management: "groupadd"
sudo_group: "sudo"
additional_groups:
- "sudo"
- "docker"
- "systemd-journal"
packages:
- "sudo"
- "curl"
- "wget"
- "mc"
- "nano"
- "tar"
- "gzip"
services:
- "ssh"
sudoers_path: "/etc/sudoers.d"
ssh_config_path: "/etc/ssh/sshd_config"
# Получение конфигурации для текущей ОС
devops_current_config: "{{ devops_russian_os_config[devops_distribution] | default(devops_os_config[devops_os_family]) }}"
# Переменные для работы с пакетами
devops_package_manager_cmd: "{{ devops_current_config.package_manager }}"
devops_user_cmd: "{{ devops_current_config.user_management }}"
devops_group_cmd: "{{ devops_current_config.group_management }}"
devops_sudo_group: "{{ devops_current_config.sudo_group }}"
devops_packages_to_install: "{{ devops_current_config.packages }}"
devops_services_to_enable: "{{ devops_current_config.services }}"
devops_sudoers_path: "{{ devops_current_config.sudoers_path }}"
devops_ssh_config_path: "{{ devops_current_config.ssh_config_path }}"
# Дополнительные группы для пользователя
devops_final_additional_groups: "{{ devops_current_config.additional_groups }}"
# Настройки для проверки системы
devops_system_checks:
- name: "check_user_exists"
command: "id {{ devops_user }}"
register: "devops_user_check"
- name: "check_ssh_key_exists"
stat:
path: "{{ devops_ssh_authorized_keys }}"
register: "devops_ssh_key_check"
- name: "check_sudoers_exists"
stat:
path: "{{ devops_sudoers_file }}"
register: "devops_sudoers_check"
# Настройки для логирования
devops_log_config:
level: "{{ devops_log_level }}"
file: "{{ devops_log_file }}"
format: "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
max_size: "10MB"
backup_count: 5
# Настройки для уведомлений
devops_notification_config:
success_message: "Пользователь {{ devops_user }} успешно настроен"
failure_message: "Ошибка при настройке пользователя {{ devops_user }}"
ssh_message: "SSH ключ для пользователя {{ devops_user }} настроен"
sudo_message: "Sudo права для пользователя {{ devops_user }} настроены"
Reference in New Issue View Git Blame Copy Permalink