feat: 集成 OpenTofu + Ansible + Gitea CI/CD

- 重构项目目录结构
- 添加 OpenTofu 多云支持
- 配置 Ansible 自动化部署
- 集成 Gitea Actions CI/CD 流水线
- 添加 Docker Swarm 管理
- 完善监控和安全配置

configuration/playbooks/applications/cloud-providers-update.yml

@@ -0,0 +1,72 @@
+---
+- name: Cloud Providers System Update Playbook
+  hosts: huawei,google,ditigalocean,aws
+  become: yes
+  gather_facts: yes
+  
+  tasks:
+    # Ubuntu/Debian 系统更新 (apt)
+    - name: Update apt cache (Ubuntu/Debian)
+      apt:
+        update_cache: yes
+        cache_valid_time: 3600
+      when: ansible_os_family == "Debian"
+      
+    - name: Upgrade all packages (Ubuntu/Debian)
+      apt:
+        upgrade: yes
+        autoremove: yes
+        autoclean: yes
+      when: ansible_os_family == "Debian"
+      register: apt_upgrade_result
+      
+    # AWS Linux 系统更新 (dnf)
+    - name: Update dnf cache (AWS Linux/RHEL)
+      dnf:
+        update_cache: yes
+      when: ansible_os_family == "RedHat"
+      
+    - name: Upgrade all packages (AWS Linux/RHEL)
+      dnf:
+        name: "*"
+        state: latest
+        skip_broken: yes
+      when: ansible_os_family == "RedHat"
+      register: dnf_upgrade_result
+      
+    # 显示升级结果
+    - name: Display apt upgrade results
+      debug:
+        msg: "APT system upgrade completed. {{ apt_upgrade_result.changed }} packages were updated."
+      when: ansible_os_family == "Debian" and apt_upgrade_result is defined
+        
+    - name: Display dnf upgrade results
+      debug:
+        msg: "DNF system upgrade completed. {{ dnf_upgrade_result.changed }} packages were updated."
+      when: ansible_os_family == "RedHat" and dnf_upgrade_result is defined
+        
+    # 检查是否需要重启 (Ubuntu/Debian)
+    - name: Check if reboot is required (Ubuntu/Debian)
+      stat:
+        path: /var/run/reboot-required
+      register: debian_reboot_required
+      when: ansible_os_family == "Debian"
+      
+    # 检查是否需要重启 (AWS Linux/RHEL)
+    - name: Check if reboot is required (AWS Linux/RHEL)
+      command: needs-restarting -r
+      register: rhel_reboot_required
+      failed_when: false
+      changed_when: false
+      when: ansible_os_family == "RedHat"
+      
+    # 通知重启信息
+    - name: Notify if reboot is required (Ubuntu/Debian)
+      debug:
+        msg: "System reboot is required to complete the update."
+      when: ansible_os_family == "Debian" and debian_reboot_required.stat.exists is defined and debian_reboot_required.stat.exists
+      
+    - name: Notify if reboot is required (AWS Linux/RHEL)
+      debug:
+        msg: "System reboot is required to complete the update."
+      when: ansible_os_family == "RedHat" and rhel_reboot_required.rc == 1

configuration/playbooks/applications/docker-management.yml

@@ -0,0 +1,128 @@
+---
+- name: Docker Container Management
+  hosts: all
+  become: yes
+  gather_facts: yes
+  
+  tasks:
+    # 检查 Docker 是否安装
+    - name: Check if Docker is installed
+      command: which docker
+      register: docker_installed
+      failed_when: false
+      changed_when: false
+      
+    - name: Skip Docker tasks if not installed
+      debug:
+        msg: "Docker not installed on {{ inventory_hostname }}, skipping Docker tasks"
+      when: docker_installed.rc != 0
+      
+    # Docker 系统信息
+    - name: Get Docker system info
+      shell: docker system df
+      register: docker_system_info
+      when: docker_installed.rc == 0
+      
+    - name: Display Docker system usage
+      debug:
+        msg: "🐳 Docker System Usage: {{ docker_system_info.stdout_lines }}"
+      when: docker_installed.rc == 0
+      
+    # 检查运行中的容器
+    - name: List running containers
+      shell: docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
+      register: running_containers
+      when: docker_installed.rc == 0
+      
+    - name: Display running containers
+      debug:
+        msg: "📦 Running Containers: {{ running_containers.stdout_lines }}"
+      when: docker_installed.rc == 0
+      
+    # 检查停止的容器
+    - name: List stopped containers
+      shell: docker ps -a --filter "status=exited" --format "table {{.Names}}\t{{.Status}}"
+      register: stopped_containers
+      when: docker_installed.rc == 0
+      
+    - name: Display stopped containers
+      debug:
+        msg: "⏹️  Stopped Containers: {{ stopped_containers.stdout_lines }}"
+      when: docker_installed.rc == 0 and stopped_containers.stdout_lines | length > 1
+      
+    # 检查 Docker 镜像
+    - name: List Docker images
+      shell: docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"
+      register: docker_images
+      when: docker_installed.rc == 0
+      
+    - name: Display Docker images
+      debug:
+        msg: "🖼️  Docker Images: {{ docker_images.stdout_lines }}"
+      when: docker_installed.rc == 0
+      
+    # 检查悬空镜像
+    - name: Check for dangling images
+      shell: docker images -f "dangling=true" -q
+      register: dangling_images
+      when: docker_installed.rc == 0
+      
+    - name: Report dangling images
+      debug:
+        msg: "🗑️  Found {{ dangling_images.stdout_lines | length }} dangling images"
+      when: docker_installed.rc == 0
+      
+    # 检查 Docker 卷
+    - name: List Docker volumes
+      shell: docker volume ls
+      register: docker_volumes
+      when: docker_installed.rc == 0
+      
+    - name: Display Docker volumes
+      debug:
+        msg: "💾 Docker Volumes: {{ docker_volumes.stdout_lines }}"
+      when: docker_installed.rc == 0
+      
+    # 检查 Docker 网络
+    - name: List Docker networks
+      shell: docker network ls
+      register: docker_networks
+      when: docker_installed.rc == 0
+      
+    - name: Display Docker networks
+      debug:
+        msg: "🌐 Docker Networks: {{ docker_networks.stdout_lines }}"
+      when: docker_installed.rc == 0
+      
+    # 检查容器资源使用
+    - name: Check container resource usage
+      shell: docker stats --no-stream --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}"
+      register: container_stats
+      when: docker_installed.rc == 0
+      
+    - name: Display container resource usage
+      debug:
+        msg: "📊 Container Stats: {{ container_stats.stdout_lines }}"
+      when: docker_installed.rc == 0
+      
+    # 检查 Docker 服务状态
+    - name: Check Docker service status
+      systemd:
+        name: docker
+      register: docker_service_status
+      when: docker_installed.rc == 0
+      
+    - name: Display Docker service status
+      debug:
+        msg: "🔧 Docker Service: {{ docker_service_status.status.ActiveState }}"
+      when: docker_installed.rc == 0
+      
+    # 清理建议
+    - name: Suggest cleanup if needed
+      debug:
+        msg: |
+          💡 Cleanup suggestions:
+          - Run 'docker system prune -f' to remove unused data
+          - Run 'docker image prune -f' to remove dangling images
+          - Run 'docker volume prune -f' to remove unused volumes
+      when: docker_installed.rc == 0 and (dangling_images.stdout_lines | length > 0 or stopped_containers.stdout_lines | length > 1)

configuration/playbooks/applications/docker-status-check.yml

@@ -0,0 +1,97 @@
+---
+- name: Docker Status Check for HCP Nodes
+  hosts: hcp
+  gather_facts: yes
+  become: yes
+  
+  tasks:
+    - name: Check if Docker is installed
+      command: docker --version
+      register: docker_version
+      ignore_errors: yes
+      
+    - name: Display Docker version
+      debug:
+        msg: "Docker version: {{ docker_version.stdout }}"
+      when: docker_version.rc == 0
+      
+    - name: Check Docker service status
+      systemd:
+        name: docker
+      register: docker_service_status
+      
+    - name: Display Docker service status
+      debug:
+        msg: "Docker service is {{ docker_service_status.status.ActiveState }}"
+        
+    - name: Check Docker daemon info
+      command: docker info --format "{{ '{{' }}.ServerVersion{{ '}}' }}"
+      register: docker_info
+      ignore_errors: yes
+      
+    - name: Display Docker daemon info
+      debug:
+        msg: "Docker daemon version: {{ docker_info.stdout }}"
+      when: docker_info.rc == 0
+      
+    - name: Check Docker Swarm status
+      command: docker info --format "{{ '{{' }}.Swarm.LocalNodeState{{ '}}' }}"
+      register: swarm_status
+      ignore_errors: yes
+      
+    - name: Display Swarm status
+      debug:
+        msg: "Swarm status: {{ swarm_status.stdout }}"
+      when: swarm_status.rc == 0
+      
+    - name: Get Docker Swarm node info (if in swarm)
+      command: docker node ls
+      register: swarm_nodes
+      ignore_errors: yes
+      when: swarm_status.stdout == "active"
+      
+    - name: Display Swarm nodes
+      debug:
+        msg: "{{ swarm_nodes.stdout_lines }}"
+      when: swarm_nodes is defined and swarm_nodes.rc == 0
+      
+    - name: List running containers
+      command: docker ps --format "table {{ '{{' }}.Names{{ '}}' }}\t{{ '{{' }}.Status{{ '}}' }}\t{{ '{{' }}.Ports{{ '}}' }}"
+      register: running_containers
+      ignore_errors: yes
+      
+    - name: Display running containers
+      debug:
+        msg: "{{ running_containers.stdout_lines }}"
+      when: running_containers.rc == 0
+      
+    - name: Check Docker network list
+      command: docker network ls
+      register: docker_networks
+      ignore_errors: yes
+      
+    - name: Display Docker networks
+      debug:
+        msg: "{{ docker_networks.stdout_lines }}"
+      when: docker_networks.rc == 0
+      
+    - name: Get Docker system info
+      command: docker system df
+      register: docker_system_info
+      ignore_errors: yes
+      
+    - name: Display Docker system usage
+      debug:
+        msg: "{{ docker_system_info.stdout_lines }}"
+      when: docker_system_info.rc == 0
+      
+    - name: Check if node is Swarm manager
+      command: docker node inspect self --format "{{ '{{' }}.ManagerStatus.Leader{{ '}}' }}"
+      register: is_manager
+      ignore_errors: yes
+      when: swarm_status.stdout == "active"
+      
+    - name: Display manager status
+      debug:
+        msg: "Is Swarm manager: {{ is_manager.stdout }}"
+      when: is_manager is defined and is_manager.rc == 0

configuration/playbooks/applications/docker-swarm-analysis-simple.yml

@@ -0,0 +1,210 @@
+---
+- name: Simple Docker Swarm Analysis for ash3c
+  hosts: ash3c
+  become: yes
+  gather_facts: yes
+  
+  tasks:
+    # 基础检查
+    - name: Check if Docker is installed
+      command: which docker
+      register: docker_installed
+      failed_when: false
+      changed_when: false
+      
+    - name: Fail if Docker not installed
+      fail:
+        msg: "Docker is not installed on {{ inventory_hostname }}"
+      when: docker_installed.rc != 0
+      
+    # 检查当前 Swarm 状态
+    - name: Check Docker Swarm status
+      shell: docker info | grep "Swarm:" -A 1
+      register: swarm_status
+      
+    - name: Display current Swarm status
+      debug:
+        msg: "🔍 Current Swarm Status: {{ swarm_status.stdout_lines }}"
+        
+    # 获取运行中的容器
+    - name: Get running containers
+      shell: docker ps --format "table {{ '{{' }}.Names{{ '}}' }}\t{{ '{{' }}.Image{{ '}}' }}\t{{ '{{' }}.Status{{ '}}' }}\t{{ '{{' }}.Ports{{ '}}' }}"
+      register: running_containers
+      
+    - name: Display running containers
+      debug:
+        msg: "🏃 Running Containers: {{ running_containers.stdout_lines }}"
+        
+    # 获取所有容器（包括停止的）
+    - name: Get all containers
+      shell: docker ps -a --format "table {{ '{{' }}.Names{{ '}}' }}\t{{ '{{' }}.Image{{ '}}' }}\t{{ '{{' }}.Status{{ '}}' }}"
+      register: all_containers
+      
+    - name: Display all containers
+      debug:
+        msg: "📦 All Containers: {{ all_containers.stdout_lines }}"
+        
+    # 检查每个容器的详细信息
+    - name: Get container names only
+      shell: docker ps -a --format "{{ '{{' }}.Names{{ '}}' }}"
+      register: container_names
+      
+    - name: Inspect each container
+      shell: |
+        echo "=== Container: {{ item }} ==="
+        echo "Image: $(docker inspect {{ item }} --format '{{ '{{' }}.Config.Image{{ '}}' }}')"
+        echo "Status: $(docker inspect {{ item }} --format '{{ '{{' }}.State.Status{{ '}}' }}')"
+        echo "Restart Policy: $(docker inspect {{ item }} --format '{{ '{{' }}.HostConfig.RestartPolicy.Name{{ '}}' }}')"
+        echo "Network Mode: $(docker inspect {{ item }} --format '{{ '{{' }}.HostConfig.NetworkMode{{ '}}' }}')"
+        echo "Published Ports: $(docker port {{ item }} 2>/dev/null || echo 'None')"
+        echo "Volumes/Mounts:"
+        docker inspect {{ item }} --format '{{ '{{' }}range .Mounts{{ '}}' }}  {{ '{{' }}.Source{{ '}}' }}:{{ '{{' }}.Destination{{ '}}' }} ({{ '{{' }}.Mode{{ '}}' }}){{ '{{' }}"\n"{{ '}}' }}{{ '{{' }}end{{ '}}' }}' || echo "  None"
+        echo "Environment Variables:"
+        docker inspect {{ item }} --format '{{ '{{' }}range .Config.Env{{ '}}' }}  {{ '{{' }}.{{ '}}' }}{{ '{{' }}"\n"{{ '}}' }}{{ '{{' }}end{{ '}}' }}' | head -10
+        echo "Labels:"
+        docker inspect {{ item }} --format '{{ '{{' }}range $key, $value := .Config.Labels{{ '}}' }}  {{ '{{' }}$key{{ '}}' }}={{ '{{' }}$value{{ '}}' }}{{ '{{' }}"\n"{{ '}}' }}{{ '{{' }}end{{ '}}' }}' | head -5
+        echo "---"
+      register: container_inspect
+      loop: "{{ container_names.stdout_lines }}"
+      when: container_names.stdout_lines | length > 0
+      
+    - name: Display container inspection results
+      debug:
+        msg: "{{ item.stdout }}"
+      loop: "{{ container_inspect.results }}"
+      when: container_inspect is defined
+      
+    # 检查 Docker Compose 文件
+    - name: Find docker-compose files
+      find:
+        paths: 
+          - /root
+          - /home
+          - /opt
+        patterns: 
+          - "docker-compose.yml"
+          - "docker-compose.yaml"
+          - "compose.yml"
+          - "compose.yaml"
+        recurse: yes
+        depth: 3
+      register: compose_files
+      
+    - name: Display found compose files
+      debug:
+        msg: "📄 Found compose files: {{ item.path }}"
+      loop: "{{ compose_files.files }}"
+      when: compose_files.files | length > 0
+      
+    # 分析网络配置
+    - name: Get Docker networks
+      shell: docker network ls
+      register: docker_networks
+      
+    - name: Display Docker networks
+      debug:
+        msg: "🌐 Docker Networks: {{ docker_networks.stdout_lines }}"
+        
+    # 检查卷使用情况
+    - name: Get Docker volumes
+      shell: docker volume ls
+      register: docker_volumes
+      
+    - name: Display Docker volumes
+      debug:
+        msg: "💾 Docker Volumes: {{ docker_volumes.stdout_lines }}"
+        
+    # 检查容器资源使用
+    - name: Get container resource usage
+      shell: docker stats --no-stream
+      register: container_stats
+      when: container_names.stdout_lines | length > 0
+      
+    - name: Display container stats
+      debug:
+        msg: "📊 Container Resource Usage: {{ container_stats.stdout_lines }}"
+      when: container_stats is defined
+      
+    # 生成 Swarm 适用性分析
+    - name: Generate Swarm suitability analysis
+      debug:
+        msg: |
+          🔍 DOCKER SWARM MIGRATION ANALYSIS FOR {{ inventory_hostname }}
+          ================================================================
+          
+          📋 SUMMARY:
+          - Current Swarm Status: {{ 'Active' if 'active' in swarm_status.stdout else 'Inactive' }}
+          - Total Containers: {{ container_names.stdout_lines | length }}
+          - Running Containers: {{ (running_containers.stdout_lines | length) - 1 }}
+          - Compose Files Found: {{ compose_files.files | length }}
+          
+          💡 GENERAL RECOMMENDATIONS:
+          
+          ✅ SUITABLE FOR SWARM (typically):
+          - Web applications (nginx, apache, etc.)
+          - API services
+          - Databases (with proper volume management)
+          - Monitoring tools (prometheus, grafana, etc.)
+          - Load balancers
+          
+          ❌ NOT SUITABLE FOR SWARM:
+          - Containers using Docker socket (/var/run/docker.sock)
+          - Containers with --privileged flag
+          - Containers requiring specific host access
+          - Development/testing containers
+          
+          ⚠️  NEEDS MODIFICATION:
+          - Containers using bind mounts (convert to volumes)
+          - Containers without restart policies
+          - Containers using host networking
+          
+          🚀 NEXT STEPS:
+          1. Review each container's configuration above
+          2. Identify services that can benefit from scaling
+          3. Convert suitable containers to Docker services
+          4. Set up overlay networks
+          5. Configure secrets and configs management
+          
+          📝 MIGRATION CHECKLIST:
+          □ Initialize Swarm (already done: {{ 'Yes' if 'active' in swarm_status.stdout else 'No' }})
+          □ Create overlay networks
+          □ Convert containers to services
+          □ Set up service discovery
+          □ Configure load balancing
+          □ Test service scaling
+          □ Set up monitoring
+      when: container_names is defined
+      
+    # 保存分析结果
+    - name: Save analysis summary
+      copy:
+        content: |
+          Docker Swarm Analysis for {{ inventory_hostname }}
+          Generated: {{ ansible_date_time.iso8601 }}
+          
+          Current Swarm Status: {{ swarm_status.stdout }}
+          Total Containers: {{ container_names.stdout_lines | length }}
+          
+          Container List:
+          {{ container_names.stdout_lines | join('\n') }}
+          
+          Networks:
+          {{ docker_networks.stdout }}
+          
+          Volumes:
+          {{ docker_volumes.stdout }}
+          
+          Compose Files Found:
+          {% for file in compose_files.files %}
+          - {{ file.path }}
+          {% endfor %}
+        dest: "/tmp/swarm-analysis-{{ inventory_hostname }}-{{ ansible_date_time.epoch }}.txt"
+      
+    - name: Analysis complete
+      debug:
+        msg: |
+          🎉 Analysis complete! 
+          Results saved to: /tmp/swarm-analysis-{{ inventory_hostname }}-{{ ansible_date_time.epoch }}.txt
+          
+          Review the container details above to determine which services
+          are suitable for Swarm migration.

configuration/playbooks/applications/docker-swarm-analysis.yml

@@ -0,0 +1,246 @@
+---
+- name: Docker Swarm Migration Analysis for ash3c
+  hosts: ash3c
+  become: yes
+  gather_facts: yes
+  
+  vars:
+    analysis_results: []
+    
+  tasks:
+    # 基础检查
+    - name: Check if Docker is installed
+      command: which docker
+      register: docker_installed
+      failed_when: false
+      changed_when: false
+      
+    - name: Fail if Docker not installed
+      fail:
+        msg: "Docker is not installed on {{ inventory_hostname }}"
+      when: docker_installed.rc != 0
+      
+    # 检查当前 Swarm 状态
+    - name: Check Docker Swarm status
+      shell: docker info --format "{{ '{{' }}.Swarm.LocalNodeState{{ '}}' }}"
+      register: swarm_status
+      
+    - name: Display current Swarm status
+      debug:
+        msg: "🔍 Current Swarm Status: {{ swarm_status.stdout }}"
+        
+    # 获取所有容器的详细信息
+    - name: Get all containers (running and stopped)
+      shell: docker ps -a --format "{{ '{{' }}.Names{{ '}}' }}"
+      register: all_containers
+      
+    - name: Get basic container information
+      shell: |
+        echo "=== Container: {{ item }} ==="
+        docker inspect {{ item }} | jq -r '
+        .[0] | 
+        "Image: " + .Config.Image,
+        "Status: " + .State.Status,
+        "RestartPolicy: " + .HostConfig.RestartPolicy.Name,
+        "NetworkMode: " + .HostConfig.NetworkMode,
+        "Ports: " + (.NetworkSettings.Ports | keys | join(", ")),
+        "Volumes: " + ([.Mounts[]? | .Source + ":" + .Destination + ":" + .Mode] | join(" ")),
+        "Memory: " + (.HostConfig.Memory | tostring),
+        "CPUs: " + (.HostConfig.NanoCpus | tostring)
+        '
+        echo "---"
+      register: container_details
+      loop: "{{ all_containers.stdout_lines }}"
+      when: all_containers.stdout_lines | length > 0
+      
+    - name: Display container details
+      debug:
+        msg: "{{ item.stdout }}"
+      loop: "{{ container_details.results }}"
+      when: container_details is defined
+      
+    # 检查 Docker Compose 文件
+    - name: Find docker-compose files
+      find:
+        paths: 
+          - /root
+          - /home
+          - /opt
+        patterns: 
+          - "docker-compose.yml"
+          - "docker-compose.yaml"
+          - "compose.yml"
+          - "compose.yaml"
+        recurse: yes
+      register: compose_files
+      
+    - name: Display found compose files
+      debug:
+        msg: "📄 Found compose files: {{ item.path }}"
+      loop: "{{ compose_files.files }}"
+      when: compose_files.files | length > 0
+      
+    # 分析网络配置
+    - name: Get Docker networks
+      shell: docker network ls --format "{{ '{{' }}.Name{{ '}}' }}\t{{ '{{' }}.Driver{{ '}}' }}\t{{ '{{' }}.Scope{{ '}}' }}"
+      register: docker_networks
+      
+    - name: Display Docker networks
+      debug:
+        msg: "🌐 Docker Networks: {{ docker_networks.stdout_lines }}"
+        
+    # 检查卷使用情况
+    - name: Get Docker volumes
+      shell: docker volume ls --format "{{ '{{' }}.Name{{ '}}' }}\t{{ '{{' }}.Driver{{ '}}' }}"
+      register: docker_volumes
+      
+    - name: Display Docker volumes
+      debug:
+        msg: "💾 Docker Volumes: {{ docker_volumes.stdout_lines }}"
+        
+    # 检查容器资源使用
+    - name: Get container resource usage
+      shell: docker stats --no-stream --format "{{ '{{' }}.Name{{ '}}' }}\t{{ '{{' }}.CPUPerc{{ '}}' }}\t{{ '{{' }}.MemUsage{{ '}}' }}\t{{ '{{' }}.NetIO{{ '}}' }}\t{{ '{{' }}.BlockIO{{ '}}' }}"
+      register: container_stats
+      when: all_containers.stdout_lines | length > 0
+      
+    - name: Display container stats
+      debug:
+        msg: "📊 Container Resource Usage: {{ container_stats.stdout_lines }}"
+      when: container_stats is defined
+      
+    # 分析服务类型和 Swarm 适用性
+    - name: Analyze containers for Swarm suitability
+      set_fact:
+        swarm_analysis: |
+          🔍 SWARM MIGRATION ANALYSIS FOR {{ inventory_hostname }}
+          ================================================
+          
+          Current Swarm Status: {{ swarm_status.stdout }}
+          Total Containers: {{ all_containers.stdout_lines | length }}
+          
+          📋 CONTAINER ANALYSIS:
+          {% for container in container_details.results %}
+          
+          Container: {{ container.item }}
+          {% set details = container.stdout.split('\n') %}
+          {% for line in details %}
+          {{ line }}
+          {% endfor %}
+          
+          SWARM SUITABILITY ASSESSMENT:
+          {% if 'restart=always' in container.stdout or 'restart=unless-stopped' in container.stdout %}
+          ✅ Good restart policy for Swarm
+          {% else %}
+          ⚠️  Consider adding restart policy
+          {% endif %}
+          
+          {% if 'NetworkMode: bridge' in container.stdout or 'NetworkMode: host' in container.stdout %}
+          ⚠️  May need network configuration for Swarm
+          {% else %}
+          ✅ Custom network - good for Swarm
+          {% endif %}
+          
+          {% if '/var/run/docker.sock' in container.stdout %}
+          ❌ Uses Docker socket - NOT suitable for Swarm
+          {% elif 'bind' in container.stdout %}
+          ⚠️  Uses bind mounts - consider using volumes
+          {% else %}
+          ✅ Good volume configuration
+          {% endif %}
+          
+          {% endfor %}
+          
+          💡 RECOMMENDATIONS:
+          
+          SUITABLE FOR SWARM:
+          {% for container in container_details.results %}
+          {% if '/var/run/docker.sock' not in container.stdout %}
+          - {{ container.item }}: Ready for Swarm migration
+          {% endif %}
+          {% endfor %}
+          
+          NEEDS MODIFICATION:
+          {% for container in container_details.results %}
+          {% if '/var/run/docker.sock' in container.stdout %}
+          - {{ container.item }}: Uses Docker socket - keep as standalone
+          {% elif 'bind' in container.stdout %}
+          - {{ container.item }}: Convert bind mounts to volumes
+          {% endif %}
+          {% endfor %}
+          
+          NEXT STEPS:
+          1. Initialize Swarm: docker swarm init
+          2. Create overlay networks for services
+          3. Convert suitable containers to services
+          4. Set up service discovery and load balancing
+          5. Configure secrets and configs management
+      when: container_details is defined
+      
+    - name: Display Swarm analysis
+      debug:
+        msg: "{{ swarm_analysis }}"
+      when: swarm_analysis is defined
+      
+    # 生成迁移脚本建议
+    - name: Generate migration script suggestions
+      set_fact:
+        migration_script: |
+          #!/bin/bash
+          # Docker Swarm Migration Script for {{ inventory_hostname }}
+          # Generated on {{ ansible_date_time.iso8601 }}
+          
+          echo "🚀 Starting Docker Swarm migration..."
+          
+          # Initialize Swarm (if not already done)
+          if [ "{{ swarm_status.stdout }}" != "active" ]; then
+              echo "Initializing Docker Swarm..."
+              docker swarm init
+          fi
+          
+          # Create overlay networks
+          echo "Creating overlay networks..."
+          docker network create -d overlay --attachable app-network
+          
+          # Example service creation (modify as needed)
+          {% for container in container_details.results if container_details is defined %}
+          {% if '/var/run/docker.sock' not in container.stdout %}
+          echo "Converting {{ container.item }} to Swarm service..."
+          # docker service create --name {{ container.item }}-svc \
+          #   --network app-network \
+          #   --replicas 1 \
+          #   [ADD_YOUR_SPECIFIC_OPTIONS] \
+          #   [IMAGE_NAME]
+          {% endif %}
+          {% endfor %}
+          
+          echo "✅ Migration script template generated!"
+          echo "Please review and customize before running."
+      when: container_details is defined
+      
+    - name: Display migration script
+      debug:
+        msg: "{{ migration_script }}"
+      when: migration_script is defined
+      
+    # 保存分析结果到文件
+    - name: Save analysis results to file
+      copy:
+        content: |
+          {{ swarm_analysis }}
+          
+          MIGRATION SCRIPT:
+          {{ migration_script }}
+        dest: "/tmp/swarm-analysis-{{ inventory_hostname }}-{{ ansible_date_time.epoch }}.txt"
+      when: swarm_analysis is defined and migration_script is defined
+      
+    - name: Analysis complete
+      debug:
+        msg: |
+          🎉 Analysis complete! 
+          Results saved to: /tmp/swarm-analysis-{{ inventory_hostname }}-{{ ansible_date_time.epoch }}.txt
+          
+          Summary:
+          - Total containers analyzed: {{ all_containers.stdout_lines | length }}
+          - Compose files found: {{ compose_files.files | length }}
+          - Current Swarm status: {{ swarm_status.stdout }}

configuration/playbooks/applications/docker-swarm-check.yml

@@ -0,0 +1,236 @@
+---
+- name: Docker Swarm Check for ash3c
+  hosts: ash3c
+  become: yes
+  gather_facts: yes
+  
+  tasks:
+    # 基础检查
+    - name: Check if Docker is installed
+      command: which docker
+      register: docker_installed
+      failed_when: false
+      changed_when: false
+      
+    - name: Fail if Docker not installed
+      fail:
+        msg: "Docker is not installed on {{ inventory_hostname }}"
+      when: docker_installed.rc != 0
+      
+    # 检查当前 Swarm 状态
+    - name: Check Docker Swarm status
+      shell: docker info | grep "Swarm:" -A 1
+      register: swarm_status
+      
+    - name: Display current Swarm status
+      debug:
+        msg: "🔍 Current Swarm Status: {{ swarm_status.stdout_lines }}"
+        
+    # 获取运行中的容器 - 使用简单格式
+    - name: Get running containers
+      shell: docker ps
+      register: running_containers
+      
+    - name: Display running containers
+      debug:
+        msg: "🏃 Running Containers:\n{{ running_containers.stdout }}"
+        
+    # 获取所有容器（包括停止的）
+    - name: Get all containers
+      shell: docker ps -a
+      register: all_containers
+      
+    - name: Display all containers
+      debug:
+        msg: "📦 All Containers:\n{{ all_containers.stdout }}"
+        
+    # 获取容器名称列表
+    - name: Get container names
+      shell: docker ps -a | awk 'NR>1 {print $NF}' | head -20
+      register: container_names
+      
+    - name: Display container names
+      debug:
+        msg: "Container names: {{ container_names.stdout_lines }}"
+        
+    # 检查每个容器的基本信息
+    - name: Get basic container info
+      shell: |
+        echo "=== Container: {{ item }} ==="
+        docker inspect {{ item }} | jq -r '.[0] | {
+          "Image": .Config.Image,
+          "Status": .State.Status,
+          "RestartPolicy": .HostConfig.RestartPolicy.Name,
+          "NetworkMode": .HostConfig.NetworkMode
+        }'
+        echo "Ports:"
+        docker port {{ item }} 2>/dev/null || echo "No published ports"
+        echo "Mounts:"
+        docker inspect {{ item }} | jq -r '.[0].Mounts[]? | "  \(.Source):\(.Destination) (\(.Mode))"'
+        echo "---"
+      register: container_info
+      loop: "{{ container_names.stdout_lines[:10] }}"  # 限制前10个容器
+      when: container_names.stdout_lines | length > 0
+      
+    - name: Display container info
+      debug:
+        msg: "{{ item.stdout }}"
+      loop: "{{ container_info.results }}"
+      when: container_info is defined
+      
+    # 检查 Docker Compose 文件
+    - name: Find docker-compose files in common locations
+      find:
+        paths: 
+          - /root
+          - /home
+          - /opt
+          - /var/lib/docker
+        patterns: 
+          - "docker-compose.yml"
+          - "docker-compose.yaml"
+          - "compose.yml"
+          - "compose.yaml"
+        recurse: yes
+        depth: 3
+      register: compose_files
+      ignore_errors: yes
+      
+    - name: Display found compose files
+      debug:
+        msg: "📄 Found compose files: {{ compose_files.files | map(attribute='path') | list }}"
+      when: compose_files.files | length > 0
+      
+    # 分析网络配置
+    - name: Get Docker networks
+      shell: docker network ls
+      register: docker_networks
+      
+    - name: Display Docker networks
+      debug:
+        msg: "🌐 Docker Networks:\n{{ docker_networks.stdout }}"
+        
+    # 检查卷使用情况
+    - name: Get Docker volumes
+      shell: docker volume ls
+      register: docker_volumes
+      
+    - name: Display Docker volumes
+      debug:
+        msg: "💾 Docker Volumes:\n{{ docker_volumes.stdout }}"
+        
+    # 检查容器资源使用
+    - name: Get container resource usage
+      shell: docker stats --no-stream
+      register: container_stats
+      when: container_names.stdout_lines | length > 0
+      
+    - name: Display container stats
+      debug:
+        msg: "📊 Container Resource Usage:\n{{ container_stats.stdout }}"
+      when: container_stats is defined
+      
+    # 检查 Docker 镜像
+    - name: Get Docker images
+      shell: docker images
+      register: docker_images
+      
+    - name: Display Docker images
+      debug:
+        msg: "🖼️ Docker Images:\n{{ docker_images.stdout }}"
+        
+    # 生成 Swarm 适用性分析
+    - name: Generate Swarm suitability analysis
+      debug:
+        msg: |
+          
+          🔍 DOCKER SWARM MIGRATION ANALYSIS FOR {{ inventory_hostname }}
+          ================================================================
+          
+          📋 SUMMARY:
+          - Current Swarm Status: {{ 'Active' if 'active' in swarm_status.stdout else 'Inactive' }}
+          - Total Containers: {{ container_names.stdout_lines | length }}
+          - Running Containers: {{ running_containers.stdout_lines | length - 1 }}
+          - Compose Files Found: {{ compose_files.files | length if compose_files.files is defined else 0 }}
+          
+          💡 SWARM MIGRATION RECOMMENDATIONS:
+          
+          ✅ TYPICALLY SUITABLE FOR SWARM:
+          - Web servers (nginx, apache, caddy)
+          - API services and microservices
+          - Application servers
+          - Load balancers (traefik, haproxy)
+          - Monitoring tools (prometheus, grafana)
+          - Databases (with proper volume strategy)
+          
+          ❌ NOT SUITABLE FOR SWARM:
+          - Containers using Docker socket (/var/run/docker.sock)
+          - Containers with --privileged flag
+          - Development/testing containers
+          - Containers requiring specific host hardware access
+          
+          ⚠️  NEEDS MODIFICATION FOR SWARM:
+          - Containers using bind mounts → convert to volumes
+          - Containers without restart policies → add restart policies
+          - Containers using host networking → use overlay networks
+          - Containers with hardcoded IPs → use service discovery
+          
+          🚀 MIGRATION STEPS:
+          1. ✅ Swarm is already initialized
+          2. Create overlay networks for service communication
+          3. Convert suitable containers to Docker services
+          4. Set up service discovery and load balancing
+          5. Configure secrets and configs management
+          6. Test service scaling and failover
+          
+          📝 NEXT ACTIONS:
+          - Review each container above for Swarm suitability
+          - Identify services that would benefit from scaling
+          - Plan network topology for services
+          - Prepare volume migration strategy
+      when: container_names is defined
+      
+    # 保存分析结果
+    - name: Save analysis summary to file
+      copy:
+        content: |
+          Docker Swarm Analysis for {{ inventory_hostname }}
+          Generated: {{ ansible_date_time.iso8601 }}
+          
+          SWARM STATUS:
+          {{ swarm_status.stdout }}
+          
+          CONTAINERS ({{ container_names.stdout_lines | length }} total):
+          {{ container_names.stdout_lines | join('\n') }}
+          
+          NETWORKS:
+          {{ docker_networks.stdout }}
+          
+          VOLUMES:
+          {{ docker_volumes.stdout }}
+          
+          IMAGES:
+          {{ docker_images.stdout }}
+          
+          {% if compose_files.files is defined and compose_files.files | length > 0 %}
+          COMPOSE FILES FOUND:
+          {% for file in compose_files.files %}
+          - {{ file.path }}
+          {% endfor %}
+          {% endif %}
+        dest: "/tmp/swarm-analysis-{{ inventory_hostname }}-{{ ansible_date_time.epoch }}.txt"
+      
+    - name: Analysis complete
+      debug:
+        msg: |
+          
+          🎉 ANALYSIS COMPLETE!
+          
+          📄 Results saved to: /tmp/swarm-analysis-{{ inventory_hostname }}-{{ ansible_date_time.epoch }}.txt
+          
+          🔍 Review the container details above to identify:
+          - Which services are suitable for Swarm
+          - Which containers need modification
+          - Migration priority and strategy
+          
+          💡 TIP: Focus on stateless services first for easier migration!

configuration/playbooks/applications/swarm-migration-plan.yml

@@ -0,0 +1,194 @@
+---
+- name: Docker Swarm Migration Plan for ash3c
+  hosts: ash3c
+  become: yes
+  gather_facts: yes
+  
+  vars:
+    # 定义服务迁移计划
+    swarm_services:
+      high_priority:
+        - name: ghproxy
+          image: wjqserver/ghproxy:latest
+          ports: "8046:8080"
+          replicas: 2
+          networks: ["app-network"]
+          
+        - name: redis
+          image: redis:latest
+          ports: "63789:6379"
+          replicas: 1
+          networks: ["app-network"]
+          volumes: ["redis-data:/data"]
+          
+      medium_priority:
+        - name: consul
+          image: bitnami/consul:latest
+          ports: 
+            - "8310:8300"
+            - "8311:8301"
+            - "8312:8302"
+            - "8501:8500"
+            - "8601:8600/udp"
+          replicas: 1
+          networks: ["consul-network"]
+          
+        - name: discourse-app
+          image: bitnami/discourse:3.4.1
+          ports: "31080:3000"
+          replicas: 1
+          networks: ["app-network"]
+          depends_on: ["postgres", "redis"]
+          
+        - name: discourse-sidekiq
+          image: bitnami/discourse:3.4.1
+          replicas: 1
+          networks: ["app-network"]
+          depends_on: ["postgres", "redis"]
+          
+      low_priority:
+        - name: elasticsearch
+          image: bitnami/elasticsearch:8.17.2
+          ports: "59200:9200"
+          replicas: 1
+          networks: ["elastic-network"]
+          volumes: ["elastic-data:/bitnami/elasticsearch/data"]
+          constraints: ["node.role==manager"]
+          
+        - name: postgres
+          image: postgres:17.2
+          ports: "54322:5432"
+          replicas: 1
+          networks: ["db-network"]
+          volumes: ["postgres-data:/var/lib/postgresql/data"]
+          constraints: ["node.role==manager"]
+          secrets: ["postgres_password"]
+  
+  tasks:
+    - name: Display migration plan
+      debug:
+        msg: |
+          🚀 DOCKER SWARM MIGRATION PLAN FOR {{ inventory_hostname }}
+          =========================================================
+          
+          📋 PHASE 1 - HIGH PRIORITY (Low Risk)
+          {% for service in swarm_services.high_priority %}
+          ✅ {{ service.name }}:
+             - Image: {{ service.image }}
+             - Replicas: {{ service.replicas }}
+             - Networks: {{ service.networks | join(', ') }}
+             - Migration: Safe, stateless service
+          {% endfor %}
+          
+          📋 PHASE 2 - MEDIUM PRIORITY (Medium Risk)
+          {% for service in swarm_services.medium_priority %}
+          ⚠️  {{ service.name }}:
+             - Image: {{ service.image }}
+             - Replicas: {{ service.replicas }}
+             - Networks: {{ service.networks | join(', ') }}
+             - Migration: Requires coordination
+          {% endfor %}
+          
+          📋 PHASE 3 - LOW PRIORITY (High Risk)
+          {% for service in swarm_services.low_priority %}
+          🔴 {{ service.name }}:
+             - Image: {{ service.image }}
+             - Replicas: {{ service.replicas }}
+             - Networks: {{ service.networks | join(', ') }}
+             - Migration: Requires careful planning
+          {% endfor %}
+    
+    - name: Create migration script
+      copy:
+        content: |
+          #!/bin/bash
+          # Docker Swarm Migration Script for {{ inventory_hostname }}
+          # Generated: {{ ansible_date_time.iso8601 }}
+          
+          set -e
+          
+          echo "🚀 Starting Docker Swarm Migration..."
+          
+          # Create networks
+          echo "📡 Creating overlay networks..."
+          docker network create -d overlay --attachable app-network || true
+          docker network create -d overlay --attachable db-network || true
+          docker network create -d overlay --attachable consul-network || true
+          docker network create -d overlay --attachable elastic-network || true
+          
+          # Create volumes
+          echo "💾 Creating volumes..."
+          docker volume create redis-data || true
+          docker volume create postgres-data || true
+          docker volume create elastic-data || true
+          
+          # Create secrets (example)
+          echo "🔐 Creating secrets..."
+          echo "your_postgres_password" | docker secret create postgres_password - || true
+          
+          echo "✅ Infrastructure setup complete!"
+          echo ""
+          echo "🔄 PHASE 1 - Migrate high priority services:"
+          echo "docker service create --name ghproxy-svc --replicas 2 --network app-network -p 8046:8080 wjqserver/ghproxy:latest"
+          echo "docker service create --name redis-svc --replicas 1 --network app-network -p 63789:6379 --mount type=volume,source=redis-data,target=/data redis:latest"
+          echo ""
+          echo "🔄 PHASE 2 - Migrate medium priority services:"
+          echo "docker service create --name consul-svc --replicas 1 --network consul-network -p 8310:8300 -p 8311:8301 -p 8312:8302 -p 8501:8500 -p 8601:8600/udp bitnami/consul:latest"
+          echo "docker service create --name discourse-app-svc --replicas 1 --network app-network -p 31080:3000 bitnami/discourse:3.4.1"
+          echo "docker service create --name discourse-sidekiq-svc --replicas 1 --network app-network bitnami/discourse:3.4.1"
+          echo ""
+          echo "🔄 PHASE 3 - Migrate low priority services (CAREFUL!):"
+          echo "docker service create --name postgres-svc --replicas 1 --network db-network -p 54322:5432 --mount type=volume,source=postgres-data,target=/var/lib/postgresql/data --secret postgres_password --constraint 'node.role==manager' postgres:17.2"
+          echo "docker service create --name elasticsearch-svc --replicas 1 --network elastic-network -p 59200:9200 --mount type=volume,source=elastic-data,target=/bitnami/elasticsearch/data --constraint 'node.role==manager' bitnami/elasticsearch:8.17.2"
+          echo ""
+          echo "📊 Monitor services:"
+          echo "docker service ls"
+          echo "docker service ps <service-name>"
+          echo ""
+          echo "⚠️  IMPORTANT NOTES:"
+          echo "1. Stop original containers before creating services"
+          echo "2. Backup data before migrating databases"
+          echo "3. Test each phase before proceeding"
+          echo "4. Monitor logs: docker service logs <service-name>"
+        dest: "/tmp/swarm-migration-{{ inventory_hostname }}.sh"
+        mode: '0755'
+    
+    - name: Create rollback script
+      copy:
+        content: |
+          #!/bin/bash
+          # Docker Swarm Rollback Script for {{ inventory_hostname }}
+          
+          echo "🔄 Rolling back Swarm services..."
+          
+          # Remove services
+          docker service rm ghproxy-svc redis-svc consul-svc discourse-app-svc discourse-sidekiq-svc postgres-svc elasticsearch-svc 2>/dev/null || true
+          
+          # Remove networks (optional)
+          # docker network rm app-network db-network consul-network elastic-network 2>/dev/null || true
+          
+          echo "✅ Rollback complete. Original containers should be restarted manually."
+        dest: "/tmp/swarm-rollback-{{ inventory_hostname }}.sh"
+        mode: '0755'
+    
+    - name: Migration plan complete
+      debug:
+        msg: |
+          🎉 MIGRATION PLAN GENERATED!
+          
+          📄 Files created:
+          - /tmp/swarm-migration-{{ inventory_hostname }}.sh (Migration script)
+          - /tmp/swarm-rollback-{{ inventory_hostname }}.sh (Rollback script)
+          
+          🚀 RECOMMENDED APPROACH:
+          1. Backup all data first
+          2. Test migration in phases
+          3. Start with Phase 1 (low risk services)
+          4. Monitor each service before proceeding
+          5. Keep rollback script ready
+          
+          💡 NEXT STEPS:
+          1. Review and customize the migration script
+          2. Plan maintenance window
+          3. Execute phase by phase
+          4. Monitor and validate each service