CD/CD consolidation

2025-12-26 17:32:23 +02:00
parent a866eb6277
commit c786faae84
638 changed files with 3821 additions and 181 deletions
--- a/devops/ansible/zastava-agent.yml
+++ b/devops/ansible/zastava-agent.yml
@@ -0,0 +1,232 @@
+---
+# Ansible Playbook for Zastava Agent VM/Bare-Metal Deployment
+#
+# Requirements:
+# - Target hosts must have Docker installed and running
+# - Ansible 2.10+ with community.docker collection
+#
+# Usage:
+#   ansible-playbook -i inventory.yml zastava-agent.yml \
+#     -e zastava_tenant=my-tenant \
+#     -e scanner_backend_url=https://scanner.internal
+#
+# Variables (can be set in inventory or via -e):
+#   zastava_tenant: Tenant identifier (required)
+#   scanner_backend_url: Scanner backend URL (required)
+#   zastava_version: Version to deploy (default: latest)
+#   zastava_node_name: Override node name (default: hostname)
+#   zastava_health_port: Health check port (default: 8080)
+#   docker_socket: Docker socket path (default: /var/run/docker.sock)
+
+- name: Deploy StellaOps Zastava Agent
+  hosts: zastava_agents
+  become: true
+
+  vars:
+    zastava_version: "{{ zastava_version | default('latest') }}"
+    zastava_install_dir: /opt/stellaops/zastava-agent
+    zastava_config_dir: /etc/stellaops
+    zastava_data_dir: /var/lib/zastava-agent
+    zastava_user: zastava-agent
+    zastava_group: docker
+    zastava_health_port: "{{ zastava_health_port | default(8080) }}"
+    docker_socket: "{{ docker_socket | default('/var/run/docker.sock') }}"
+    download_base_url: "{{ download_base_url | default('https://releases.stellaops.org') }}"
+
+  pre_tasks:
+    - name: Validate required variables
+      ansible.builtin.assert:
+        that:
+          - zastava_tenant is defined and zastava_tenant | length > 0
+          - scanner_backend_url is defined and scanner_backend_url | length > 0
+        fail_msg: |
+          Required variables not set.
+          Please provide:
+            - zastava_tenant: Your tenant identifier
+            - scanner_backend_url: Scanner backend URL
+
+    - name: Check Docker service is running
+      ansible.builtin.systemd:
+        name: docker
+        state: started
+      check_mode: true
+      register: docker_status
+
+    - name: Fail if Docker is not available
+      ansible.builtin.fail:
+        msg: "Docker service is not running on {{ inventory_hostname }}"
+      when: docker_status.status.ActiveState != 'active'
+
+  tasks:
+    # =========================================================================
+    # User and Directory Setup
+    # =========================================================================
+
+    - name: Create zastava-agent system user
+      ansible.builtin.user:
+        name: "{{ zastava_user }}"
+        comment: StellaOps Zastava Agent
+        system: true
+        shell: /usr/sbin/nologin
+        groups: "{{ zastava_group }}"
+        create_home: false
+        state: present
+
+    - name: Create installation directory
+      ansible.builtin.file:
+        path: "{{ zastava_install_dir }}"
+        state: directory
+        owner: "{{ zastava_user }}"
+        group: "{{ zastava_group }}"
+        mode: '0755'
+
+    - name: Create configuration directory
+      ansible.builtin.file:
+        path: "{{ zastava_config_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: '0755'
+
+    - name: Create data directory
+      ansible.builtin.file:
+        path: "{{ zastava_data_dir }}"
+        state: directory
+        owner: "{{ zastava_user }}"
+        group: "{{ zastava_group }}"
+        mode: '0750'
+
+    - name: Create event buffer directory
+      ansible.builtin.file:
+        path: "{{ zastava_data_dir }}/runtime-events"
+        state: directory
+        owner: "{{ zastava_user }}"
+        group: "{{ zastava_group }}"
+        mode: '0750'
+
+    # =========================================================================
+    # Download and Install Agent
+    # =========================================================================
+
+    - name: Determine architecture
+      ansible.builtin.set_fact:
+        arch_suffix: "{{ 'x64' if ansible_architecture == 'x86_64' else 'arm64' if ansible_architecture == 'aarch64' else ansible_architecture }}"
+
+    - name: Download Zastava Agent binary
+      ansible.builtin.get_url:
+        url: "{{ download_base_url }}/zastava-agent/{{ zastava_version }}/zastava-agent-linux-{{ arch_suffix }}.tar.gz"
+        dest: /tmp/zastava-agent.tar.gz
+        mode: '0644'
+      register: download_result
+      retries: 3
+      delay: 5
+
+    - name: Extract Zastava Agent
+      ansible.builtin.unarchive:
+        src: /tmp/zastava-agent.tar.gz
+        dest: "{{ zastava_install_dir }}"
+        remote_src: true
+        owner: "{{ zastava_user }}"
+        group: "{{ zastava_group }}"
+        extra_opts:
+          - --strip-components=1
+      notify: Restart zastava-agent
+
+    - name: Make agent binary executable
+      ansible.builtin.file:
+        path: "{{ zastava_install_dir }}/StellaOps.Zastava.Agent"
+        mode: '0755'
+
+    - name: Clean up downloaded archive
+      ansible.builtin.file:
+        path: /tmp/zastava-agent.tar.gz
+        state: absent
+
+    # =========================================================================
+    # Configuration
+    # =========================================================================
+
+    - name: Deploy environment configuration
+      ansible.builtin.template:
+        src: zastava-agent.env.j2
+        dest: "{{ zastava_config_dir }}/zastava-agent.env"
+        owner: root
+        group: "{{ zastava_group }}"
+        mode: '0640'
+      notify: Restart zastava-agent
+
+    # =========================================================================
+    # systemd Service
+    # =========================================================================
+
+    - name: Install systemd service unit
+      ansible.builtin.copy:
+        src: zastava-agent.service
+        dest: /etc/systemd/system/zastava-agent.service
+        owner: root
+        group: root
+        mode: '0644'
+      notify:
+        - Reload systemd
+        - Restart zastava-agent
+
+    - name: Enable and start zastava-agent service
+      ansible.builtin.systemd:
+        name: zastava-agent
+        state: started
+        enabled: true
+        daemon_reload: true
+
+    # =========================================================================
+    # Health Verification
+    # =========================================================================
+
+    - name: Wait for agent health endpoint
+      ansible.builtin.uri:
+        url: "http://localhost:{{ zastava_health_port }}/healthz"
+        method: GET
+        status_code: 200
+      register: health_result
+      retries: 30
+      delay: 2
+      until: health_result.status == 200
+
+    - name: Display agent status
+      ansible.builtin.debug:
+        msg: "Zastava Agent deployed successfully on {{ inventory_hostname }}"
+
+  handlers:
+    - name: Reload systemd
+      ansible.builtin.systemd:
+        daemon_reload: true
+
+    - name: Restart zastava-agent
+      ansible.builtin.systemd:
+        name: zastava-agent
+        state: restarted
+
+# =============================================================================
+# Post-deployment verification play
+# =============================================================================
+- name: Verify Zastava Agent Deployment
+  hosts: zastava_agents
+  become: false
+  gather_facts: false
+
+  tasks:
+    - name: Check agent readiness
+      ansible.builtin.uri:
+        url: "http://localhost:{{ zastava_health_port | default(8080) }}/readyz"
+        method: GET
+        return_content: true
+      register: ready_check
+
+    - name: Display deployment summary
+      ansible.builtin.debug:
+        msg: |
+          Zastava Agent Deployment Summary:
+          - Host: {{ inventory_hostname }}
+          - Status: {{ 'Ready' if ready_check.status == 200 else 'Not Ready' }}
+          - Health Endpoint: http://localhost:{{ zastava_health_port | default(8080) }}/healthz
+          - Tenant: {{ zastava_tenant }}
+          - Backend: {{ scanner_backend_url }}