feat: 集成 OpenTofu + Ansible + Gitea CI/CD

- 重构项目目录结构 - 添加 OpenTofu 多云支持 - 配置 Ansible 自动化部署 - 集成 Gitea Actions CI/CD 流水线 - 添加 Docker Swarm 管理 - 完善监控和安全配置
2025-09-20 10:48:41 +00:00
parent d755f237a0
commit 7eb4a33523
55 changed files with 3745 additions and 1921 deletions
--- a/infrastructure/environments/dev/main.tf
+++ b/infrastructure/environments/dev/main.tf
@@ -0,0 +1,49 @@
+# 开发环境主配置文件
+
+# 引用共享配置
+module "shared" {
+  source = "../../shared"
+}
+
+# Oracle Cloud 基础设施
+module "oracle_cloud" {
+  source = "../../providers/oracle-cloud"
+  
+  # 传递变量
+  environment    = var.environment
+  project_name   = var.project_name
+  owner          = var.owner
+  vpc_cidr       = var.vpc_cidr
+  availability_zones = var.availability_zones
+  common_tags    = var.common_tags
+  oci_config     = var.oci_config
+  
+  # 开发环境特定配置
+  instance_count = 1
+  instance_size  = "VM.Standard.E2.1.Micro"  # 免费层
+}
+
+# 华为云基础设施 (可选)
+module "huawei_cloud" {
+  source = "../../providers/huawei-cloud"
+  count  = contains(var.cloud_providers, "huawei") ? 1 : 0
+  
+  environment    = var.environment
+  project_name   = var.project_name
+  owner          = var.owner
+  vpc_cidr       = "10.1.0.0/16"  # 不同的 CIDR 避免冲突
+  availability_zones = var.availability_zones
+  common_tags    = var.common_tags
+  huawei_config  = var.huawei_config
+}
+
+# 输出
+output "oracle_cloud_outputs" {
+  description = "Oracle Cloud 基础设施输出"
+  value       = module.oracle_cloud
+}
+
+output "huawei_cloud_outputs" {
+  description = "华为云基础设施输出"
+  value       = length(module.huawei_cloud) > 0 ? module.huawei_cloud[0] : null
+}
--- a/infrastructure/environments/dev/terraform.tfvars.example
+++ b/infrastructure/environments/dev/terraform.tfvars.example
@@ -0,0 +1,61 @@
+# 开发环境配置示例
+# 复制此文件为 terraform.tfvars 并填入实际值
+
+# 基本配置
+environment = "dev"
+project_name = "mgmt"
+owner = "ben"
+
+# 要启用的云服务商
+cloud_providers = ["oracle", "huawei"]
+
+# 网络配置
+vpc_cidr = "10.0.0.0/16"
+availability_zones = ["a", "b"]
+
+# 通用标签
+common_tags = {
+  Environment = "dev"
+  Project     = "mgmt"
+  Owner       = "ben"
+  ManagedBy   = "opentofu"
+}
+
+# Oracle Cloud 配置
+oci_config = {
+  tenancy_ocid     = "ocid1.tenancy.oc1..your-tenancy-id"
+  user_ocid        = "ocid1.user.oc1..your-user-id"
+  fingerprint      = "your-key-fingerprint"
+  private_key_path = "~/.oci/oci_api_key.pem"
+  region           = "ap-seoul-1"
+  compartment_ocid = "ocid1.compartment.oc1..your-compartment-id"
+}
+
+# 华为云配置
+huawei_config = {
+  access_key = "your-access-key"
+  secret_key = "your-secret-key"
+  region     = "cn-north-4"
+  project_id = "your-project-id"
+}
+
+# Google Cloud 配置 (可选)
+gcp_config = {
+  project_id = "your-project-id"
+  region     = "asia-northeast3"
+  zone       = "asia-northeast3-a"
+  credentials_file = "~/.gcp/service-account.json"
+}
+
+# AWS 配置 (可选)
+aws_config = {
+  region     = "ap-northeast-2"
+  access_key = "your-access-key"
+  secret_key = "your-secret-key"
+}
+
+# DigitalOcean 配置 (可选)
+do_config = {
+  token  = "your-do-token"
+  region = "sgp1"
+}
--- a/infrastructure/environments/dev/variables.tf
+++ b/infrastructure/environments/dev/variables.tf
@@ -0,0 +1,133 @@
+# 开发环境变量定义
+
+variable "environment" {
+  description = "环境名称"
+  type        = string
+  default     = "dev"
+}
+
+variable "project_name" {
+  description = "项目名称"
+  type        = string
+  default     = "mgmt"
+}
+
+variable "owner" {
+  description = "项目所有者"
+  type        = string
+  default     = "ben"
+}
+
+variable "cloud_providers" {
+  description = "要启用的云服务商列表"
+  type        = list(string)
+  default     = ["oracle"]
+}
+
+variable "vpc_cidr" {
+  description = "VPC CIDR 块"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
+variable "availability_zones" {
+  description = "可用区列表"
+  type        = list(string)
+  default     = ["a", "b"]
+}
+
+variable "common_tags" {
+  description = "通用标签"
+  type        = map(string)
+  default = {
+    Environment = "dev"
+    Project     = "mgmt"
+    ManagedBy   = "opentofu"
+  }
+}
+
+# Oracle Cloud 配置
+variable "oci_config" {
+  description = "Oracle Cloud 配置"
+  type = object({
+    tenancy_ocid     = string
+    user_ocid        = string
+    fingerprint      = string
+    private_key_path = string
+    region           = string
+    compartment_ocid = optional(string)
+  })
+  default = {
+    tenancy_ocid     = ""
+    user_ocid        = ""
+    fingerprint      = ""
+    private_key_path = ""
+    region           = "ap-seoul-1"
+    compartment_ocid = ""
+  }
+}
+
+# 华为云配置
+variable "huawei_config" {
+  description = "华为云配置"
+  type = object({
+    access_key = string
+    secret_key = string
+    region     = string
+    project_id = optional(string)
+  })
+  default = {
+    access_key = ""
+    secret_key = ""
+    region     = "cn-north-4"
+    project_id = ""
+  }
+  sensitive = true
+}
+
+# Google Cloud 配置
+variable "gcp_config" {
+  description = "Google Cloud 配置"
+  type = object({
+    project_id       = string
+    region           = string
+    zone             = string
+    credentials_file = string
+  })
+  default = {
+    project_id       = ""
+    region           = "asia-northeast3"
+    zone             = "asia-northeast3-a"
+    credentials_file = ""
+  }
+}
+
+# AWS 配置
+variable "aws_config" {
+  description = "AWS 配置"
+  type = object({
+    region     = string
+    access_key = string
+    secret_key = string
+  })
+  default = {
+    region     = "ap-northeast-2"
+    access_key = ""
+    secret_key = ""
+  }
+  sensitive = true
+}
+
+# DigitalOcean 配置
+variable "do_config" {
+  description = "DigitalOcean 配置"
+  type = object({
+    token  = string
+    region = string
+  })
+  default = {
+    token  = ""
+    region = "sgp1"
+  }
+  sensitive = true
+}