commit 0b058c35de8e56bb75385bc55729d8c3dab153a7 Author: Gabenov Stanislav Date: Mon Feb 9 20:12:53 2026 +0300 Initial diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..e60f83a --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,79 @@ +# ansible-project/ansible.cfg +[defaults] +# Основная директория с инвентарем +inventory = ./inventory/hosts + +# Пути для поиска ролей (можно несколько через двоеточие) +roles_path = ./roles + +# Файлы плейбуков по умолчанию +hostfile = ./inventory/hosts +library = ./library +module_utils = ./module_utils +filter_plugins = ./filter_plugins + +# Путь для поиска плейбуков +playbook_dir = ./playbooks + +# Настройки для групповых и хостовых переменных +retry_files_enabled = False +hash_behaviour = merge +deprecation_warnings = True +system_warnings = True +interpreter_python = auto_silent + +# Параметры соединения +transport = smart +gather_facts = true +gather_subset = all +fact_caching = memory +fact_caching_timeout = 3600 + +# Параметры по умолчанию для подключения +ansible_connection = ssh +ansible_user = ansible +ansible_port = 22 +ansible_become = true +ansible_become_method = sudo +ansible_become_user = root +ansible_python_interpreter = /usr/bin/python3 + +# Контрольные суммы и проверки +host_key_checking = False + +[inventory] +# Включить динамический инвентарь +enable_plugins = host_list, script, auto, yaml, ini, toml + +[privilege_escalation] +become = true +become_method = sudo +become_user = root +become_ask_pass = false + +[ssh_connection] +# Настройки SSH +#ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=~/.ssh/ansible-%r@%h:%p +#pipelining = true +#scp_if_ssh = smart +#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r +#timeout = 30 +#retries = 3 + +[persistent_connection] +connect_timeout = 30 +command_timeout = 30 + +[galaxy] +# Настройки Ansible Galaxy +server = https://galaxy.ansible.com + + +# Дополнительные настройки для разработки +[defaults:development] +# Для разработки - более строгие проверки +force_color = 1 +callback_whitelist = profile_tasks, timer, mail +retry_files_save_path = ./retry-files +local_tmp = ~/.ansible/tmp +remote_tmp = ~/.ansible/tmp \ No newline at end of file diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml new file mode 100644 index 0000000..e69de29 diff --git a/inventory/group_vars/vpnservers.yml b/inventory/group_vars/vpnservers.yml new file mode 100644 index 0000000..e69de29 diff --git a/inventory/host_vars/host1.yml b/inventory/host_vars/host1.yml new file mode 100644 index 0000000..e69de29 diff --git a/inventory/hosts b/inventory/hosts new file mode 100644 index 0000000..e68604d --- /dev/null +++ b/inventory/hosts @@ -0,0 +1,17 @@ +# ansible/inventory/hosts + +# Все хосты +[all:vars] +ansible_python_interpreter=/usr/bin/python3 +ansible_user=root +ansible_port=22 +ansible_ssh_private_key_file=~/.ssh/id_rsa + +# VPN серверы +[vpnservers] +access.stanito.me ansible_user=root + +# Группы по ОС +[ubuntu_servers:children] +vpnservers + diff --git a/playbook_main.yml b/playbook_main.yml new file mode 100644 index 0000000..e69de29 diff --git a/playbook_vpn.yml b/playbook_vpn.yml new file mode 100644 index 0000000..2961a10 --- /dev/null +++ b/playbook_vpn.yml @@ -0,0 +1,6 @@ +[vpn] +access.stanito.me + +[all:vars] +ansible_user=admin +ansible_ssh_private_key_file=~/.ssh/id_rsa \ No newline at end of file diff --git a/playbooks/base.yml b/playbooks/base.yml new file mode 100644 index 0000000..a119a36 --- /dev/null +++ b/playbooks/base.yml @@ -0,0 +1,7 @@ +--- +- name: Bootstrap Ubuntu servers + hosts: all + become: true + + roles: + - base \ No newline at end of file diff --git a/readme_deploy.md b/readme_deploy.md new file mode 100644 index 0000000..e69de29 diff --git a/readme_structure.md b/readme_structure.md new file mode 100644 index 0000000..20e2746 --- /dev/null +++ b/readme_structure.md @@ -0,0 +1,53 @@ +# Structure +``` +production # inventory file for production servers +staging # inventory file for staging environment + +group_vars/ + group1.yml # here we assign variables to particular groups + group2.yml +host_vars/ + hostname1.yml # here we assign variables to particular systems + hostname2.yml + +library/ # if any custom modules, put them here (optional) +module_utils/ # if any custom module_utils to support modules, put them here (optional) +filter_plugins/ # if any custom filter plugins, put them here (optional) + +site.yml # main playbook +webservers.yml # playbook for webserver tier +dbservers.yml # playbook for dbserver tier +tasks/ # task files included from playbooks + webservers-extra.yml # <-- avoids confusing playbook with task files +``` + + +# Roles +``` +roles/ + common/ # this hierarchy represents a "role" + tasks/ # + main.yml # <-- tasks file can include smaller files if warranted + handlers/ # + main.yml # <-- handlers file + templates/ # <-- files for use with the template resource + ntp.conf.j2 # <------- templates end in .j2 + files/ # + bar.txt # <-- files for use with the copy resource + foo.sh # <-- script files for use with the script resource + vars/ # + main.yml # <-- variables associated with this role + defaults/ # + main.yml # <-- default lower priority variables for this role + meta/ # + main.yml # <-- role dependencies and optional Galaxy info + library/ # roles can also include custom modules + module_utils/ # roles can also include custom module_utils + lookup_plugins/ # or other types of plugins, like lookup in this case + + webtier/ # same kind of structure as "common" was above, done for the webtier role + monitoring/ # "" + fooapp/ # "" +``` + +# Deployment diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..6408107 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,15 @@ +--- +roles: + # Install a role from Ansible Galaxy. + # note that ranges are not supported for roles + - name: geerlingguy.certbot + version: "5.4.1" + +collections: + # Install a collection from Ansible Galaxy. + - name: community.general + version: ">=7.0.0" + source: https://galaxy.ansible.com + - name: ansible.posix + + diff --git a/roles/base/files/id_rsa.pub b/roles/base/files/id_rsa.pub new file mode 100644 index 0000000..31f1e5a --- /dev/null +++ b/roles/base/files/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChdhIFLJ1nwmqkFJzgHKvPJXPdGRZ3tmN0IqAJyP61DSsQf4rJcw4fL9Z4UKGfIw4Mn4f8FFcAUCmD/2OZxSKjjQBYiq/+q3AS12PVUbDR3fE5IyZx3uDmAB3m9yJuIFGl3mqldefnnH98UA3+kwZgFoJXJwHgp6mTV+S5N0aJdX1gCwoVMz3imkUAkGQrK4eDp9T4YH94yVh8or3si+mQJe+5j5xjF7oFGWWVYIr7iNS6zrtgRQdFklAt8cFIx2Mxql6PuTNJo83zS1NUxijEEGC/aZMLhafsOWm8M63EvkXsGOYS2JN5ycKJaTTDiD22tyXP4a1Oe6SGzB7of2NJ9RUXYnq7IYNlMpLJ4D7tHyYJUEckRQy9yugYWSUFxPgLc6n1PxDUEk1hTVwm5xsha9kYYXtuAY4RI3uXkvYIMsuO92kwqnOwt6Yw285DrXQQYSLt2NGBYvGfVczrSM8TYwsCZ0wHOaNeZKieeOmNDeHcOX8smSsiYlF08NOJ6pk= stanito@MacM5 \ No newline at end of file diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml new file mode 100644 index 0000000..f01f911 --- /dev/null +++ b/roles/base/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- import_tasks: packages.yml + +- import_tasks: users.yml + +- import_tasks: sudo.yml + +- import_tasks: ssh.yml \ No newline at end of file diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml new file mode 100644 index 0000000..6bdd16f --- /dev/null +++ b/roles/base/tasks/packages.yml @@ -0,0 +1,10 @@ +--- +- name: Install base packages + ansible.builtin.apt: + name: + - vim + - curl + - git + - htop + state: present + update_cache: true \ No newline at end of file diff --git a/roles/base/tasks/ssh.yml b/roles/base/tasks/ssh.yml new file mode 100644 index 0000000..4784394 --- /dev/null +++ b/roles/base/tasks/ssh.yml @@ -0,0 +1,5 @@ +--- +- name: Add authorized key + ansible.posix.authorized_key: + user: stanito + key: "{{ lookup('file', 'id_rsa.pub') }}" \ No newline at end of file diff --git a/roles/base/tasks/sudo.yml b/roles/base/tasks/sudo.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/base/tasks/users.yml b/roles/base/tasks/users.yml new file mode 100644 index 0000000..b650579 --- /dev/null +++ b/roles/base/tasks/users.yml @@ -0,0 +1,7 @@ +--- +- name: Create user + ansible.builtin.user: + name: stanito + groups: sudo + shell: /bin/bash + create_home: true \ No newline at end of file