Update 10 files

- /roles/proxmox_lxc/handlers/main.yml - /roles/proxmox_lxc/tasks/main.yml - /gateway-deploy.yml - /ansible.cfg - /roles/base_setup/tasks/ssh.yml - /group_vars/all.yml - /olimp-deploy.yml - /inventories/hosts.yml - /roles/base_setup/tasks/main.yml - /roles/base_setup/handlers/main.yml
2025-10-14 12:39:42 +00:00 · 2025-10-14 12:39:42 +00:00 · a04b3cf1fd
commit a04b3cf1fd
parent 231b860d88
10 changed files with 36 additions and 196 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,9 +0,0 @@
 [defaults]
 collections_path = /root/.ansible/collections:/usr/share/ansible/collections
 inventory = inventories/hosts.yml
 host_key_checking = False
 remote_user = root
 private_key_file = /root/.ssh/ansible_id_rsa
 [inventory]
 enable_plugins = auto, yaml, toml
--- a/gateway-deploy.yml
+++ b/gateway-deploy.yml
@ -1,17 +0,0 @@
 ---
 - name: Create Gateway LXC container
  hosts: proxmox_servers
  gather_facts: false
  vars_files:
    - vault.yml
  roles:
    - role: proxmox_lxc
      tags: deploy_lxc
 - name: Deploy Gateway services
  hosts: gateway_servers
  vars_files:
    - vault.yml
  roles:
    - role: gateway
      tags: gateway_services
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -24,20 +24,8 @@ base_packages:
  - dnsutils
  - iputils-ping
  - traceroute
-
+# Дополнительные настройки
-# SSH ключи
+system_scripts: []
-ssh_public_keys:
+custom_directories:
-  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYM8fX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp"
+  - /opt/scripts
-  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvRBW+2Xpck2tznhWJyls5J/4wUoVYdyFM6JTU7uogK ansible@olimp"
+  - /etc/apt/keyrings
 # Настройки контейнеров
 containers:
  - vmid: 221
    hostname: gateway
    ip: 192.168.1.221
    template_path: "/mnt/pve/vmbackup/template/cache/ubuntu-24.04-standard_24.04-2_amd64.tar.zst"
    storage: "vmsystem"
    disk_size: 5
    cores: 1
    memory: 2048
    swap: 512
--- a/inventories/hosts.yml
+++ b/inventories/hosts.yml
@ -1,20 +1,2 @@
-all:
+[infra]
-  children:
+gateway         ansible_host=192.168.1.221 int_ip=192.168.1.221
    proxmox_server:
      hosts:
        proxmox:
          ansible_host: 192.168.1.200
          ansible_user: root
    gateway_server:
      hosts:
        gateway:
          ansible_host: 192.168.1.221
          ansible_user: root
    # Остальные хосты добавим позже
    # database:
    #   hosts:
    #     database:
    #       ansible_host: 192.168.1.222
    #       ansible_user: root
--- a/olimp-deploy.yml
+++ b/olimp-deploy.yml
@ -1,28 +1,4 @@
 ---
- name: Deploy Olimp Infrastructure
+- hosts: all
-  hosts: localhost
+  roles:
-  gather_facts: false
+    - {role: base_setup,              tags: deploy_base       }
  vars_files:
    - vault.yml
  tasks:
    - name: Include gateway deployment
      include_tasks: gateway-deploy.yml
      tags: gateway
    - name: Display deployment summary
      debug:
        msg: |
          Olimp Infrastructure deployed successfully!
          Gateway Services:
            - Heimdall: http://192.168.1.221:45131
            - NPM Admin: http://192.168.1.221:81
          Next steps:
            1. Configure NPM proxy hosts
            2. Deploy database host (222)
            3. Deploy media host (223)
      when: >
        'deploy_lxc' in ansible_run_tags or 
        'gateway_services' in ansible_run_tags
--- a/roles/base_setup/handlers/main.yml
+++ b/roles/base_setup/handlers/main.yml
@ -1,5 +1,8 @@
 ---
- name: restart ssh
+- name: Reboot system
-  service:
+  reboot:
-    name: ssh
+    msg: "Reboot triggered by base setup"
-    state: restarted
+    connect_timeout: 5
    reboot_timeout: 300
    pre_reboot_delay: 0
    post_reboot_delay: 30
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@ -1,6 +1,7 @@
 ---
- name: Update apt package cache
+- name: Update and upgrade apt packages
  apt:
    upgrade: yes
    update_cache: yes
    cache_valid_time: 3600
@ -8,19 +9,29 @@
  apt:
    name: "{{ base_packages }}"
    state: present
    update_cache: yes
- name: Set timezone
+- name: Configure timezone
  timezone:
    name: "{{ timezone }}"
- name: Set system locale
+- name: Configure locale
  locale_gen:
    name: "{{ system_locale }}"
    state: present
- name: Ensure hostname is set correctly
+- name: Set default locale
-  hostname:
+  lineinfile:
-    name: "{{ inventory_hostname }}"
+    path: /etc/default/locale
    line: "LANG={{ system_locale }}"
    state: present
    create: yes
- name: Include SSH configuration
+- name: Ensure required directories exist
-  include_tasks: ssh.yml
+  file:
    path: "{{ item }}"
    state: directory
    mode: 0755
  loop:
    - /opt/scripts
    - /etc/apt/keyrings
--- a/roles/base_setup/tasks/ssh.yml
+++ b/roles/base_setup/tasks/ssh.yml
@ -1,21 +0,0 @@
 ---
 - name: Disable SSH password authentication
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?PasswordAuthentication'
    line: 'PasswordAuthentication no'
    state: present
  notify: restart ssh
 - name: Ensure SSH directory exists
  file:
    path: /root/.ssh
    state: directory
    mode: '0700'
 - name: Add SSH public keys for root access
  authorized_key:
    user: root
    key: "{{ item }}"
    state: present
  loop: "{{ ssh_public_keys }}"
--- a/roles/proxmox_lxc/handlers/main.yml
+++ b/roles/proxmox_lxc/handlers/main.yml
--- a/roles/proxmox_lxc/tasks/main.yml
+++ b/roles/proxmox_lxc/tasks/main.yml
@ -1,73 +0,0 @@
 ---
 - name: Check if container already exists
  shell: pct list | grep "{{ item.vmid }}" || true
  register: container_check
  delegate_to: proxmox
  loop: "{{ containers }}"
  loop_control:
    label: "{{ item.hostname }}"
 - name: Create temporary SSH keys file on Proxmox
  copy:
    content: "{{ ssh_public_keys | join('\n') }}"
    dest: "/tmp/ssh_keys_{{ item.vmid }}.txt"
    mode: '0644'
  delegate_to: proxmox
  loop: "{{ containers }}"
  when: "item.vmid not in container_check.results[0].stdout"
  loop_control:
    label: "{{ item.hostname }}"
 - name: Create LXC containers
  shell: |
    pct create {{ item.vmid }} \
      "{{ item.template_path }}" \
      --rootfs {{ item.storage }}:{{ item.disk_size }} \
      --cores {{ item.cores }} \
      --memory {{ item.memory }} \
      --swap {{ item.swap }} \
      --hostname {{ item.hostname }} \
      --net0 name=eth0,bridge=vmbr0,ip={{ item.ip }}/24,gw=192.168.1.1 \
      --storage {{ item.storage }} \
      --password "{{ proxmox_root_password }}" \
      --unprivileged 0 \
      --features nesting=1 \
      --ssh-public-keys /tmp/ssh_keys_{{ item.vmid }}.txt \
      --start 1
  args:
    executable: /bin/bash
  delegate_to: proxmox
  loop: "{{ containers }}"
  when: "item.vmid not in container_check.results[0].stdout"
  loop_control:
    label: "{{ item.hostname }}"
 - name: Remove temporary SSH keys files
  file:
    path: "/tmp/ssh_keys_{{ item.vmid }}.txt"
    state: absent
  delegate_to: proxmox
  loop: "{{ containers }}"
  loop_control:
    label: "{{ item.hostname }}"
 - name: Configure LXC for Docker support
  shell: |
    pct set {{ item.vmid }} -lxc.apparmor.profile=unconfined
    pct set {{ item.vmid }} -lxc.cgroup.devices.allow=a
    pct set {{ item.vmid }} -lxc.cap.drop=
  delegate_to: proxmox
  loop: "{{ containers }}"
  loop_control:
    label: "{{ item.hostname }}"
 - name: Wait for containers to be ready
  wait_for:
    host: "{{ item.ip }}"
    port: 22
    timeout: 120
    delay: 10
  delegate_to: localhost
  loop: "{{ containers }}"
  loop_control:
    label: "{{ item.hostname }}"