77655c298c
Phase 8 Production Hardening with complete governance infrastructure: - Vault integration with tiered policies (T0-T4) - DragonflyDB state management - SQLite audit ledger - Pipeline DSL and templates - Promotion/revocation engine - Checkpoint system for session persistence - Health manager and circuit breaker for fault tolerance - GitHub/Slack integrations - Architectural test pipeline with bug watcher, suggestion engine, council review - Multi-agent chaos testing framework Test Results: - Governance tests: 68/68 passing - E2E workflow: 16/16 passing - Phase 2 Vault: 14/14 passing - Integration tests: 27/27 passing Coverage: 57.6% average across 12 phases Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
92 lines
2.9 KiB
YAML
92 lines
2.9 KiB
YAML
---
|
|
# Sample Ansible Playbook: Deploy Docker Service
|
|
# ===============================================
|
|
# This playbook is designed for Tier 1+ agents to deploy
|
|
# containerized services to the sandbox environment.
|
|
#
|
|
# Usage:
|
|
# ansible-playbook -i inventory/sandbox.yml deploy-service.yml \
|
|
# -e service_name=myapp -e image=nginx:alpine -e port=8080
|
|
#
|
|
# For Tier 0 agents: Generate plan only (check mode)
|
|
# ansible-playbook --check deploy-service.yml
|
|
|
|
- name: Deploy Docker Service to Sandbox
|
|
hosts: localhost
|
|
connection: local
|
|
gather_facts: yes
|
|
|
|
vars:
|
|
service_name: "{{ service_name | default('test-service') }}"
|
|
image: "{{ image | default('nginx:alpine') }}"
|
|
port: "{{ port | default('8080') }}"
|
|
network: "{{ network | default('spark-net') }}"
|
|
restart_policy: "{{ restart_policy | default('unless-stopped') }}"
|
|
|
|
tasks:
|
|
- name: Preflight - Verify Docker is running
|
|
command: docker info
|
|
register: docker_info
|
|
changed_when: false
|
|
tags: [preflight]
|
|
|
|
- name: Preflight - Check if container already exists
|
|
command: "docker ps -a --filter name={{ service_name }} --format '{{ '{{' }}.Names{{ '}}' }}'"
|
|
register: existing_container
|
|
changed_when: false
|
|
tags: [preflight]
|
|
|
|
- name: Stop existing container if running
|
|
command: "docker stop {{ service_name }}"
|
|
when: existing_container.stdout != ""
|
|
ignore_errors: yes
|
|
tags: [deploy]
|
|
|
|
- name: Remove existing container
|
|
command: "docker rm {{ service_name }}"
|
|
when: existing_container.stdout != ""
|
|
ignore_errors: yes
|
|
tags: [deploy]
|
|
|
|
- name: Pull latest image
|
|
command: "docker pull {{ image }}"
|
|
register: pull_result
|
|
changed_when: "'Downloaded' in pull_result.stdout or 'Pull complete' in pull_result.stdout"
|
|
tags: [deploy]
|
|
|
|
- name: Deploy container
|
|
command: >
|
|
docker run -d
|
|
--name {{ service_name }}
|
|
--network {{ network }}
|
|
--restart {{ restart_policy }}
|
|
-p {{ port }}:{{ port }}
|
|
{{ image }}
|
|
register: deploy_result
|
|
tags: [deploy]
|
|
|
|
- name: Wait for service to be healthy
|
|
command: "docker inspect --format='{{ '{{' }}.State.Running{{ '}}' }}' {{ service_name }}"
|
|
register: health_check
|
|
until: health_check.stdout == "true"
|
|
retries: 10
|
|
delay: 2
|
|
tags: [verify]
|
|
|
|
- name: Verify - Show container status
|
|
command: "docker ps --filter name={{ service_name }} --format 'table {{ '{{' }}.Names{{ '}}' }}\t{{ '{{' }}.Status{{ '}}' }}\t{{ '{{' }}.Ports{{ '}}' }}'"
|
|
register: final_status
|
|
changed_when: false
|
|
tags: [verify]
|
|
|
|
- name: Report deployment result
|
|
debug:
|
|
msg: |
|
|
Service deployed successfully:
|
|
Name: {{ service_name }}
|
|
Image: {{ image }}
|
|
Port: {{ port }}
|
|
Network: {{ network }}
|
|
Status: {{ final_status.stdout }}
|
|
tags: [verify]
|