Update 13 files

- /inventories/group_vars/all.yml - /inventories/group_vars/gateway.yml - /roles/npm/tasks/main.yml - /roles/heimdall/tasks/main.yml - /roles/docker/tasks/main.yml - /group_vars/all.yml - /group_vars/gateway_servers.yml - /roles/proxmox_lxc/handlers/main.yml - /roles/proxmox_lxc/tasks/main.yml - /roles/gateway/handlers/main.yml - /roles/gateway/tasks/main.yml - /gateway-deploy.yml - /olimp-deploy.yml
2025-10-14 09:15:17 +00:00 · 2025-10-14 09:15:17 +00:00 · 299e41fd57
commit 299e41fd57
parent 0dc36f67e6
12 changed files with 238 additions and 155 deletions
--- a/gateway-deploy.yml
+++ b/gateway-deploy.yml
@ -0,0 +1,17 @@
+---
+- name: 🏗️ Create Gateway LXC container
+  hosts: proxmox_servers
+  gather_facts: false
+  vars_files:
+    - vault.yml
+  roles:
+    - role: proxmox_lxc
+      tags: deploy_lxc
+
+- name: 🚀 Deploy Gateway services
+  hosts: gateway_servers
+  vars_files:
+    - vault.yml
+  roles:
+    - role: gateway
+      tags: gateway_services
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -0,0 +1,43 @@
+---
+# Общие настройки для всех хостов
+timezone: Asia/Yekaterinburg
+system_locale: ru_RU.UTF-8
+
+proxmox_node: "Olimp"
+
+# Настройки пользователей
+admin_user: root
+
+# Список пакетов для установки на всех хостах
+base_packages:
+  - curl
+  - wget
+  - gnupg
+  - ca-certificates
+  - software-properties-common
+  - tree
+  - htop
+  - nano
+  - git
+  - apt-transport-https
+  - net-tools
+  - dnsutils
+  - iputils-ping
+  - traceroute
+
+# SSH ключи
+ssh_public_keys:
+  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYM8fX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp"
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvRBW+2Xpck2tznhWJyls5J/4wUoVYdyFM6JTU7uogK ansible@olimp"
+
+# Настройки контейнеров
+containers:
+  - vmid: 221
+    hostname: gateway
+    ip: 192.168.1.221
+    template_path: "/mnt/pve/vmbackup/template/cache/ubuntu-24.04-standard_24.04-2_amd64.tar.zst"
+    storage: "vmsystem"
+    disk_size: 5
+    cores: 1
+    memory: 2048
+    swap: 512
--- a/inventories/group_vars/gateway.yml
+++ b/inventories/group_vars/gateway.yml
@ -8,7 +8,7 @@ heimdall:
  group_id: "1000"
  timezone: "Asia/Yekaterinburg"

-# Настройки NPM (Nginx Proxy Manager)
+# Настройки NPM
 npm:
  image: jc21/nginx-proxy-manager:latest
  data_dir: "/opt/npm/data"
--- a/inventories/group_vars/all.yml
+++ b/inventories/group_vars/all.yml
@ -1,26 +0,0 @@
---
-# Общие настройки для всех хостов
-timezone: Asia/Yekaterinburg
-system_locale: ru_RU.UTF-8
-
-proxmox_node: "Olimp"
-
-# Настройки пользователей
-admin_user: root
-
-# Список пакетов для установки на всех хостах
-base_packages:
-  - curl
-  - wget
-  - gnupg
-  - ca-certificates
-  - software-properties-common
-  - tree
-  - htop
-  - nano
-  - git
-  - apt-transport-https
-  - net-tools
-  - dnsutils
-  - iputils-ping
-  - traceroute
--- a/olimp-deploy.yml
+++ b/olimp-deploy.yml
@ -1,35 +1,28 @@
 ---
- name: Create Gateway LXC container in Proxmox
-  hosts: proxmox
+- name: 🏗️ Deploy Olimp Infrastructure
+  hosts: localhost
  gather_facts: false
  vars_files:
    - vault.yml
-  roles:
-    - role: proxmox_lxc
-      tags: deploy_lxc
  
- name: Base setup for gateway
-  hosts: gateway
-  vars_files:
-    - vault.yml
-  roles:
-    - role: base_setup
-      tags: base_setup
+  tasks:
+    - name: Include gateway deployment
+      include_tasks: gateway-deploy.yml
+      tags: gateway

- name: Install Docker on gateway
-  hosts: gateway
-  roles:
-    - role: docker
-      tags: deploy_docker
+    - name: Display deployment summary
+      debug:
+        msg: |
+          🎉 Olimp Infrastructure deployed successfully!
          
- name: Deploy Heimdall service
-  hosts: gateway
-  roles:
-    - role: heimdall
-      tags: deploy_heimdall
+          Gateway Services:
+            - Heimdall: http://192.168.1.221:45131
+            - NPM Admin: http://192.168.1.221:81
          
- name:  Deploy NPM service
-  hosts: gateway
-  roles:
-    - role: npm
-      tags: deploy_npm
+          Next steps:
+            1. Configure NPM proxy hosts
+            2. Deploy database host (222)
+            3. Deploy media host (223)
+      when: >
+        'deploy_lxc' in ansible_run_tags or 
+        'gateway_services' in ansible_run_tags
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -1,32 +0,0 @@
---
- name: Add Docker GPG key
-  apt_key:
-    url: https://download.docker.com/linux/ubuntu/gpg
-    state: present
-
- name: Add Docker repository
-  apt_repository:
-    repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu noble stable"
-    state: present
-
- name: Install Docker packages
-  apt:
-    name:
-      - docker-ce
-      - docker-ce-cli
-      - containerd.io
-      - docker-compose-plugin
-    state: present
-    update_cache: yes
-
- name: Start and enable Docker service
-  systemd:
-    name: docker
-    state: started
-    enabled: yes
-
- name: Add root to docker group
-  user:
-    name: root
-    groups: docker
-    append: yes
--- a/roles/gateway/handlers/main.yml
+++ b/roles/gateway/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: restart docker
+  systemd:
+    name: docker
+    state: restarted
--- a/roles/gateway/tasks/main.yml
+++ b/roles/gateway/tasks/main.yml
@ -0,0 +1,93 @@
+---
+- name: Install system dependencies
+  apt:
+    pkg:
+      - aptitude
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - software-properties-common
+      - python3-pip
+      - virtualenv
+      - python3-setuptools
+    state: latest
+    update_cache: true
+
+- name: Add Docker GPG apt Key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    state: present
+
+- name: Add Docker Repository
+  apt_repository:
+    repo: deb https://download.docker.com/linux/ubuntu noble stable
+    state: present
+
+- name: Install Docker CE
+  apt:
+    name: docker-ce
+    state: latest
+    update_cache: true
+
+- name: Install Docker Python module
+  pip:
+    name: docker
+
+- name: Configure Docker for LXC compatibility
+  copy:
+    content: |
+      {
+        "storage-driver": "vfs"
+      }
+    dest: /etc/docker/daemon.json
+  notify: restart docker
+
+- name: Ensure Docker daemon is running
+  systemd:
+    name: docker
+    state: started
+    enabled: yes
+
+- name: Create directories for services
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - { path: "{{ heimdall.config_dir }}" }
+    - { path: "{{ npm.data_dir }}" }
+    - { path: "{{ npm.letsencrypt_dir }}" }
+
+- name: Pull Docker images
+  community.docker.docker_image:
+    name: "{{ item.image }}"
+    source: pull
+  loop:
+    - { image: "{{ heimdall.image }}" }
+    - { image: "{{ npm.image }}" }
+
+- name: Deploy Heimdall container
+  community.docker.docker_container:
+    name: heimdall
+    image: "{{ heimdall.image }}"
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - "{{ heimdall.port }}"
+    volumes:
+      - "{{ heimdall.config_dir }}:/config"
+    env:
+      PUID: "{{ heimdall.user_id }}"
+      PGID: "{{ heimdall.group_id }}"
+      TZ: "{{ heimdall.timezone }}"
+
+- name: Deploy NPM container
+  community.docker.docker_container:
+    name: npm
+    image: "{{ npm.image }}"
+    state: started
+    restart_policy: unless-stopped
+    ports: "{{ npm.ports }}"
+    volumes:
+      - "{{ npm.data_dir }}:/data"
+      - "{{ npm.letsencrypt_dir }}:/etc/letsencrypt"
--- a/roles/heimdall/tasks/main.yml
+++ b/roles/heimdall/tasks/main.yml
@ -1,21 +0,0 @@
---
- name: Create directory for Heimdall
-  file:
-    path: "{{ heimdall.config_dir }}"
-    state: directory
-    mode: '0755'
-
- name: Run Heimdall container
-  docker_container:
-    name: heimdall
-    image: "{{ heimdall.image }}"
-    state: started
-    restart_policy: unless-stopped
-    ports:
-      - "{{ heimdall.port }}"
-    volumes:
-      - "{{ heimdall.config_dir }}:/config"
-    env:
-      PUID: "{{ heimdall.user_id }}"
-      PGID: "{{ heimdall.group_id }}"
-      TZ: "{{ heimdall.timezone }}"
--- a/roles/npm/tasks/main.yml
+++ b/roles/npm/tasks/main.yml
@ -1,20 +0,0 @@
---
- name: Create directories for NPM
-  file:
-    path: "{{ item }}"
-    state: directory
-    mode: '0755'
-  loop:
-    - "{{ npm.data_dir }}"
-    - "{{ npm.letsencrypt_dir }}"
-
- name: Run NPM container
-  docker_container:
-    name: npm
-    image: "{{ npm.image }}"
-    state: started
-    restart_policy: unless-stopped
-    ports: "{{ npm.ports }}"
-    volumes:
-      - "{{ npm.data_dir }}:/data"
-      - "{{ npm.letsencrypt_dir }}:/etc/letsencrypt"
--- a/roles/proxmox_lxc/handlers/main.yml
+++ b/roles/proxmox_lxc/handlers/main.yml
--- a/roles/proxmox_lxc/tasks/main.yml
+++ b/roles/proxmox_lxc/tasks/main.yml
@ -1,42 +1,73 @@
 ---
 - name: Check if container already exists
-  shell: pct list | grep 221 || true
+  shell: pct list | grep "{{ item.vmid }}" || true
  register: container_check
  delegate_to: proxmox
-  changed_when: false
+  loop: "{{ containers }}"
+  loop_control:
+    label: "{{ item.hostname }}"

- name: Verify template exists at custom path
-  shell: ls -la "/mnt/pve/vmbackup/template/cache/ubuntu-24.04-standard_24.04-2_amd64.tar.zst"
-  register: template_check
+- name: Create temporary SSH keys file on Proxmox
+  copy:
+    content: "{{ ssh_public_keys | join('\n') }}"
+    dest: "/tmp/ssh_keys_{{ item.vmid }}.txt"
+    mode: '0644'
  delegate_to: proxmox
-  changed_when: false
-  ignore_errors: yes
+  loop: "{{ containers }}"
+  when: "item.vmid not in container_check.results[0].stdout"
+  loop_control:
+    label: "{{ item.hostname }}"

- name: Create Gateway LXC container using correct template path
+- name: Create LXC containers
  shell: |
-    pct create 221 \
-      "/mnt/pve/vmbackup/template/cache/ubuntu-24.04-standard_24.04-2_amd64.tar.zst" \
-      --rootfs vmsystem:5 \
-      --cores 1 \
-      --memory 2048 \
-      --swap 512 \
-      --hostname gateway \
-      --net0 name=eth0,bridge=vmbr0,ip=192.168.1.221/24,gw=192.168.1.1 \
-      --storage vmsystem \
+    pct create {{ item.vmid }} \
+      "{{ item.template_path }}" \
+      --rootfs {{ item.storage }}:{{ item.disk_size }} \
+      --cores {{ item.cores }} \
+      --memory {{ item.memory }} \
+      --swap {{ item.swap }} \
+      --hostname {{ item.hostname }} \
+      --net0 name=eth0,bridge=vmbr0,ip={{ item.ip }}/24,gw=192.168.1.1 \
+      --storage {{ item.storage }} \
      --password "{{ proxmox_root_password }}" \
-      --unprivileged 1 \
+      --unprivileged 0 \
+      --features nesting=1 \
+      --ssh-public-keys /tmp/ssh_keys_{{ item.vmid }}.txt \
      --start 1
  args:
    executable: /bin/bash
  delegate_to: proxmox
-  when: 
-    - "'221' not in container_check.stdout"
-    - "template_check.rc == 0"
+  loop: "{{ containers }}"
+  when: "item.vmid not in container_check.results[0].stdout"
+  loop_control:
+    label: "{{ item.hostname }}"

- name: Wait for container SSH port to be available
+- name: Remove temporary SSH keys files
+  file:
+    path: "/tmp/ssh_keys_{{ item.vmid }}.txt"
+    state: absent
+  delegate_to: proxmox
+  loop: "{{ containers }}"
+  loop_control:
+    label: "{{ item.hostname }}"
+
+- name: Configure LXC for Docker support
+  shell: |
+    pct set {{ item.vmid }} -lxc.apparmor.profile=unconfined
+    pct set {{ item.vmid }} -lxc.cgroup.devices.allow=a
+    pct set {{ item.vmid }} -lxc.cap.drop=
+  delegate_to: proxmox
+  loop: "{{ containers }}"
+  loop_control:
+    label: "{{ item.hostname }}"
+
+- name: Wait for containers to be ready
  wait_for:
-    host: 192.168.1.221
+    host: "{{ item.ip }}"
    port: 22
    timeout: 120
    delay: 10
  delegate_to: localhost
+  loop: "{{ containers }}"
+  loop_control:
+    label: "{{ item.hostname }}"