ben/mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 集成 OpenTofu + Ansible + Gitea CI/CD

Browse Source 
- 重构项目目录结构
- 添加 OpenTofu 多云支持
- 配置 Ansible 自动化部署
- 集成 Gitea Actions CI/CD 流水线
- 添加 Docker Swarm 管理
- 完善监控和安全配置
This commit is contained in:
Houzhong Xu
2025-09-20 10:48:41 +00:00
parent d755f237a0
commit 7eb4a33523
55 changed files with 3745 additions and 1921 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
configuration/playbooks/monitoring/network-connectivity.yml Normal file
View File

@@ -0,0 +1,143 @@
---
- name: Network Connectivity and Performance Check
hosts: all
gather_facts: yes
vars:
test_domains:
- google.com
- github.com
- docker.io
- tailscale.com
test_ports:
- { host: "8.8.8.8", port: 53, name: "Google DNS" }
- { host: "1.1.1.1", port: 53, name: "Cloudflare DNS" }
- { host: "github.com", port: 443, name: "GitHub HTTPS" }
- { host: "docker.io", port: 443, name: "Docker Hub" }
tasks:
# 基本网络信息
- name: Get network interfaces
shell: ip addr show | grep -E "^[0-9]+:|inet "
register: network_interfaces
- name: Display network interfaces
debug:
msg: "🌐 Network Interfaces: {{ network_interfaces.stdout_lines }}"
# 检查默认路由
- name: Check default route
shell: ip route | grep default
register: default_route
- name: Display default route
debug:
msg: "🛣️ Default Route: {{ default_route.stdout }}"
# DNS 解析测试
- name: Test DNS resolution
shell: nslookup {{ item }} | grep -A2 "Name:"
register: dns_test
loop: "{{ test_domains }}"
failed_when: false
- name: Display DNS test results
debug:
msg: "🔍 DNS Test for {{ item.item }}: {{ 'SUCCESS' if item.rc == 0 else 'FAILED' }}"
loop: "{{ dns_test.results }}"
# 网络连通性测试
- name: Test network connectivity (ping)
shell: ping -c 3 {{ item }}
register: ping_test
loop: "{{ test_domains }}"
failed_when: false
- name: Display ping test results
debug:
msg: "🏓 Ping to {{ item.item }}: {{ 'SUCCESS' if item.rc == 0 else 'FAILED' }}"
loop: "{{ ping_test.results }}"
# 端口连通性测试
- name: Test port connectivity
wait_for:
host: "{{ item.host }}"
port: "{{ item.port }}"
timeout: 5
register: port_test
loop: "{{ test_ports }}"
failed_when: false
- name: Display port test results
debug:
msg: "🔌 {{ item.item.name }} ({{ item.item.host }}:{{ item.item.port }}): {{ 'SUCCESS' if not item.failed else 'FAILED' }}"
loop: "{{ port_test.results }}"
# 检查 Tailscale 状态
- name: Check Tailscale status
shell: tailscale status
register: tailscale_status
failed_when: false
- name: Display Tailscale status
debug:
msg: "🔗 Tailscale Status: {{ 'CONNECTED' if tailscale_status.rc == 0 else 'NOT CONNECTED' }}"
- name: Show Tailscale details
debug:
msg: "{{ tailscale_status.stdout_lines }}"
when: tailscale_status.rc == 0
# 检查防火墙状态
- name: Check UFW status (Ubuntu/Debian)
shell: ufw status
register: ufw_status
failed_when: false
when: ansible_os_family == "Debian"
- name: Display UFW status
debug:
msg: "🛡️ UFW Firewall: {{ ufw_status.stdout_lines }}"
when: ansible_os_family == "Debian" and ufw_status.rc == 0
# 检查 iptables 规则
- name: Check iptables rules
shell: iptables -L -n | head -20
register: iptables_rules
failed_when: false
become: yes
- name: Display iptables summary
debug:
msg: "🔥 Iptables Rules: {{ iptables_rules.stdout_lines[:10] }}"
when: iptables_rules.rc == 0
# 网络性能测试
- name: Test download speed (small file)
shell: curl -o /dev/null -s -w "%{time_total}" http://speedtest.wdc01.softlayer.com/downloads/test10.zip
register: download_speed
failed_when: false
- name: Display download speed test
debug:
msg: "⚡ Download Speed Test: {{ download_speed.stdout }}s for 10MB file"
when: download_speed.rc == 0
# 检查网络统计
- name: Get network statistics
shell: cat /proc/net/dev | grep -v "lo:" | grep ":"
register: network_stats
- name: Display network statistics
debug:
msg: "📊 Network Stats: {{ network_stats.stdout_lines }}"
# 生成网络健康报告
- name: Generate network health summary
debug:
msg: |
🌐 Network Health Summary for {{ inventory_hostname }}:
✅ DNS Resolution: {{ (dns_test.results | selectattr('rc', 'equalto', 0) | list | length) }}/{{ test_domains | length }} domains
✅ Ping Connectivity: {{ (ping_test.results | selectattr('rc', 'equalto', 0) | list | length) }}/{{ test_domains | length }} hosts
✅ Port Connectivity: {{ (port_test.results | rejectattr('failed', 'defined') | list | length) }}/{{ test_ports | length }} ports
✅ Tailscale: {{ 'Connected' if tailscale_status.rc == 0 else 'Disconnected' }}

135
configuration/playbooks/monitoring/service-health-check.yml Normal file
View File

@@ -0,0 +1,135 @@
---
- name: Service Health Check and Monitoring
hosts: all
become: yes
gather_facts: yes
vars:
critical_services:
- ssh
- systemd-resolved
- cron
web_services:
- nginx
- apache2
database_services:
- mysql
- mariadb
- postgresql
container_services:
- docker
- containerd
network_services:
- tailscale
- cloudflared
tasks:
# 检查关键系统服务
- name: Check critical system services
systemd:
name: "{{ item }}"
register: critical_service_status
loop: "{{ critical_services }}"
failed_when: false
- name: Report critical service issues
debug:
msg: "⚠️ Critical service {{ item.item }} is {{ item.status.ActiveState | default('not found') }}"
loop: "{{ critical_service_status.results }}"
when: item.status is defined and item.status.ActiveState != "active"
# 检查 Web 服务
- name: Check web services
systemd:
name: "{{ item }}"
register: web_service_status
loop: "{{ web_services }}"
failed_when: false
- name: Report web service status
debug:
msg: "🌐 Web service {{ item.item }}: {{ item.status.ActiveState | default('not installed') }}"
loop: "{{ web_service_status.results }}"
when: item.status is defined
# 检查数据库服务
- name: Check database services
systemd:
name: "{{ item }}"
register: db_service_status
loop: "{{ database_services }}"
failed_when: false
- name: Report database service status
debug:
msg: "🗄️ Database service {{ item.item }}: {{ item.status.ActiveState | default('not installed') }}"
loop: "{{ db_service_status.results }}"
when: item.status is defined
# 检查容器服务
- name: Check container services
systemd:
name: "{{ item }}"
register: container_service_status
loop: "{{ container_services }}"
failed_when: false
- name: Report container service status
debug:
msg: "📦 Container service {{ item.item }}: {{ item.status.ActiveState | default('not installed') }}"
loop: "{{ container_service_status.results }}"
when: item.status is defined
# 检查网络服务
- name: Check network services
systemd:
name: "{{ item }}"
register: network_service_status
loop: "{{ network_services }}"
failed_when: false
- name: Report network service status
debug:
msg: "🌐 Network service {{ item.item }}: {{ item.status.ActiveState | default('not installed') }}"
loop: "{{ network_service_status.results }}"
when: item.status is defined
# 检查系统负载
- name: Check system load
shell: uptime
register: system_load
- name: Display system load
debug:
msg: "📊 System Load: {{ system_load.stdout }}"
# 检查磁盘空间警告
- name: Check disk space usage
shell: df -h | awk '$5 > 80 {print $0}'
register: disk_warning
changed_when: false
- name: Warn about high disk usage
debug:
msg: "⚠️ High disk usage detected: {{ disk_warning.stdout_lines }}"
when: disk_warning.stdout_lines | length > 0
# 检查内存使用率
- name: Check memory usage percentage
shell: free | awk 'NR==2{printf "%.2f%%", $3*100/$2}'
register: memory_percent
- name: Display memory usage
debug:
msg: "🧠 Memory Usage: {{ memory_percent.stdout }}"
# 检查最近的系统错误
- name: Check recent system errors
shell: journalctl --since "1 hour ago" --priority=err --no-pager | tail -10
register: recent_errors
changed_when: false
- name: Display recent errors
debug:
msg: "🚨 Recent system errors: {{ recent_errors.stdout_lines }}"
when: recent_errors.stdout_lines | length > 0