DevOpsTools/DevOpsLab
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb5045fb79167eac22115c20be18cc6af6e44d46
DevOpsLab/molecule/default/destroy.yml
Сергей Антропов cb5045fb79 feat: улучшения роли devops и тестирования 
- Убрана подстановка значений по умолчанию для devops_password и devops_ssh_public_key
- Добавлена строгая валидация секретов из vault/secrets.yml с детальными сообщениями об ошибках
- Убран подробный вывод установки пакетов в тасках
- Исправлена проблема с созданием симлинков в vault/ при тестировании
- Обновлена логика загрузки vault переменных в molecule тестах
- Добавлена очистка симлинков в destroy.yml для дополнительной безопасности

Автор: Сергей Антропов
Сайт: https://devops.org.ru
2025-10-29 18:53:52 +03:00

202 lines
9.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
# =============================================================================
# DESTROY - Удаление тестовых инстансов
# =============================================================================
- hosts: localhost
gather_facts: false
vars:
# Получаем preset из переменной окружения или используем default
preset_name: "{{ lookup('env', 'MOLECULE_PRESET') | default('default') }}"
# Проверяем сначала в папке k8s, затем в основной папке presets
preset_file: "{{ '/workspace/molecule/presets/k8s/' + preset_name + '.yml' if (preset_name in ['k8s-minimal', 'kubernetes', 'k8s-full'] or preset_name.startswith('k8s-')) else '/workspace/molecule/presets/' + preset_name + '.yml' }}"
# Fallback значения если preset файл не найден
docker_network: labnet
hosts:
- name: u1
family: debian
groups: [test]
kind_clusters: []
# перечисли файлы/глобы, которые нужно временно расшифровать
vault_targets:
- /workspace/vault/secrets.yml
- /workspace/vault/secret.yml
tasks:
# =============================================================================
# НАСТРОЙКА - Загрузка конфигурации
# =============================================================================
- name: Configuration setup
debug:
msg: |
================================================================================
НАСТРОЙКА - Загрузка конфигурации
================================================================================
Preset: {{ preset_name }}
================================================================================
- name: Load preset configuration
include_vars: "{{ preset_file }}"
when: preset_file is file
ignore_errors: true
# =============================================================================
# VAULT CLEANUP - Перешифровка файлов перед удалением контейнеров
# =============================================================================
- name: Vault cleanup operations
debug:
msg: |
================================================================================
VAULT CLEANUP - Перешифровка файлов перед удалением контейнеров
================================================================================
Re-encrypting vault files
================================================================================
- name: Re-encrypt all vault files
community.docker.docker_container_exec:
container: ansible-controller
command: |
bash -c '
VAULT_TARGETS_JSON="{{ vault_targets | to_json }}"
VAULT_PASSWORD_FILE="/workspace/vault/.vault"
echo "=== RE-ENCRYPTING ALL VAULT FILES ==="
if [ ! -f "$VAULT_PASSWORD_FILE" ]; then
echo "Vault password file not found: $VAULT_PASSWORD_FILE"
exit 0
fi
# Парсим JSON массив и перешифровываем каждый файл
echo "$VAULT_TARGETS_JSON" | jq -r ".[]" | while read -r target; do
echo "Processing target: $target"
# Если это glob паттерн, находим файлы
if [[ "$target" == *"*"* ]]; then
for file in $target; do
if [ -f "$file" ] && ! grep -q "ANSIBLE_VAULT" "$file"; then
echo "Re-encrypting file: $file"
ansible-vault encrypt --encrypt-vault-id default --vault-password-file "$VAULT_PASSWORD_FILE" "$file"
fi
done
else
# Обычный файл
if [ -f "$target" ] && ! grep -q "ANSIBLE_VAULT" "$target"; then
echo "Re-encrypting file: $target"
ansible-vault encrypt --encrypt-vault-id default --vault-password-file "$VAULT_PASSWORD_FILE" "$target"
fi
fi
done
echo "All vault files re-encrypted successfully"
# Очистка символических ссылок в vault/
echo "Cleaning up vault symlinks..."
rm -f /workspace/vault/*.decrypted
echo "Vault symlinks cleaned up"
'
ignore_errors: true
# =============================================================================
# УДАЛЕНИЕ КОНТЕЙНЕРОВ - Остановка и удаление контейнеров
# =============================================================================
- name: Container removal
debug:
msg: |
================================================================================
УДАЛЕНИЕ КОНТЕЙНЕРОВ - Остановка и удаление контейнеров
================================================================================
Count: {{ hosts | length }} containers
================================================================================
- name: Stop and remove containers
community.docker.docker_container:
name: "{{ item.name }}"
state: absent
force_kill: true
cleanup: true
loop: "{{ hosts }}"
loop_control: { label: "{{ item.name }}" }
ignore_errors: true
- name: Force remove any remaining containers
shell: |
docker ps -a --filter "name={{ item.name }}" --format "{{ '{{' }}.ID{{ '}}' }}" | xargs -r docker rm -f
loop: "{{ hosts }}"
loop_control: { label: "{{ item.name }}" }
ignore_errors: true
- name: Remove DinD volumes
community.docker.docker_volume:
name: "{{ item.name }}-docker"
state: absent
loop: "{{ hosts | selectattr('type','defined') | selectattr('type','equalto','dind') | list }}"
loop_control: { label: "{{ item.name }}" }
ignore_errors: true
- name: Remove custom volumes
community.docker.docker_volume:
name: "{{ item.volumes | default([]) | select('match', '^[^:]+$') | list }}"
state: absent
loop: "{{ hosts }}"
loop_control: { label: "{{ item.name }}" }
ignore_errors: true
when: item.volumes is defined
# =============================================================================
# ОЧИСТКА СЕТИ - Удаление Docker сети
# =============================================================================
- name: Network cleanup
debug:
msg: |
================================================================================
ОЧИСТКА СЕТИ - Удаление Docker сети
================================================================================
Network: {{ docker_network }}
================================================================================
- name: Remove network
community.docker.docker_network:
name: "{{ docker_network }}"
state: absent
ignore_errors: true
- name: Force cleanup all project containers
shell: |
# Удаляем все контейнеры из загруженного пресета
{% for host in hosts %}
docker ps -a --filter "name={{ host.name }}" --format "{{ '{{' }}.ID{{ '}}' }}" | xargs -r docker rm -f 2>/dev/null || true
{% endfor %}
# Удаляем все контейнеры с образами ansible-lab
docker ps -a --filter "ancestor=inecs/ansible-lab" --format "{{ '{{' }}.ID{{ '}}' }}" | xargs -r docker rm -f 2>/dev/null || true
# Удаляем все контейнеры с сетью labnet
docker ps -a --filter "network=labnet" --format "{{ '{{' }}.ID{{ '}}' }}" | xargs -r docker rm -f 2>/dev/null || true
ignore_errors: true
vars:
# Используем переменную hosts из загруженного пресета
hosts: "{{ hosts }}"
# =============================================================================
# ДОПОЛНИТЕЛЬНАЯ ОЧИСТКА - Удаление симлинков vault
# =============================================================================
- name: Clean up vault symlinks
file:
path: "{{ item }}"
state: absent
loop:
- /workspace/vault/secrets.yml.decrypted
- /workspace/vault/secret.yml.decrypted
ignore_errors: true
- name: Display cleanup summary
debug:
msg: |
================================================================================
CLEANUP SUMMARY
================================================================================
Containers: {{ hosts | length }}
Volumes: {{ hosts | selectattr('type','defined') | selectattr('type','equalto','dind') | list | length }}
Network: {{ docker_network }}
Clusters: {{ kind_clusters | default([]) | length }}
================================================================================
Reference in New Issue View Git Blame Copy Permalink