Update documentation for PRIVATE submodules structure

📚 Documentation Update - Repository Security Enhancement Changes: 1. Updated README.md: - Clarified submodule structure (both PRIVATE) - Updated Quick Start with submodule commands - Updated Project Structure diagram - Added SSH agent initialization 2. Created docs/submodule-workflow.md: - Comprehensive submodule usage guide - Clone, update, and workflow procedures - Security considerations for both submodules - Troubleshooting section - Best practices and compliance notes 3. Made ansible-inventories PRIVATE: - Protects internal network topology - Protects IP addresses and hostnames - Updated all documentation to reflect PRIVATE status 4. Updated inventories submodule reference: - Points to latest commit with security updates Security Rationale: - inventories → PRIVATE: Protects network topology, IP addresses - secrets → PRIVATE: Protects SSH keys, vault files - Main repo → PUBLIC: Playbooks and roles only Repository Structure: ├── infra-automation (PUBLIC) ├── inventories (PRIVATE) └── secrets (PRIVATE) Benefits: ✅ Network topology protection ✅ Sensitive data isolation ✅ Proper access controls ✅ Independent version control ✅ Security-first approach Documentation: - docs/submodule-workflow.md: Complete submodule guide - docs/git-ssh-setup.md: SSH configuration - README.md: Updated project structure 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-11 14:47:12 +01:00
parent be33603856
commit 7e89e93c9f
3 changed files with 451 additions and 24 deletions
--- a/README.md
+++ b/README.md
@@ -2,20 +2,42 @@

 Enterprise-grade Ansible infrastructure with security-first principles, modularity, and scalability.

+## Repository Structure
+
+This repository uses **git submodules** for proper separation of concerns:
+
+- **Main Repository** (PUBLIC): Playbooks, roles, and infrastructure code
+- **Inventories Submodule** (PRIVATE): Dynamic inventories and host configurations
+- **Secrets Submodule** (PRIVATE): SSH keys, vault files, and sensitive data
+
 ## Quick Start

+### Initial Setup
+
 ```bash
-# Test connectivity with SSH config inventory
-ansible all -i plugins/inventory/ssh_config_inventory.py -m ping
+# Clone with submodules (recommended)
+git clone --recurse-submodules ssh://git@git.mymx.me:2222/ansible/infra-automation.git
+cd infra-automation

-# Test connectivity with Libvirt dynamic inventory
-ansible running_vms -i plugins/inventory/libvirt_kvm.py -m ping
+# Or initialize submodules after clone
+git submodule init
+git submodule update

-# Use static development inventory
-ansible all -i inventories/development/hosts.yml -m ping
+# Set up SSH agent for git operations
+source .ssh-agent-init
+```
+
+### Basic Usage
+
+```bash
+# Test connectivity with dynamic inventory
+ansible all -i inventories/production/libvirt.yml -m ping
+
+# List inventory
+ansible-inventory -i inventories/production/libvirt.yml --list

 # Run a playbook
-ansible-playbook -i inventories/development/hosts.yml site.yml
+ansible-playbook -i inventories/production/libvirt.yml playbooks/gather_system_info.yml
 ```

 ## Project Structure
@@ -26,28 +48,33 @@ ansible-playbook -i inventories/development/hosts.yml site.yml
 ├── CLAUDE.md                       # Development guidelines and standards
 ├── ansible.cfg                     # Ansible configuration
 ├── site.yml                        # Master playbook
+├── .ssh-agent-init                 # SSH agent auto-initialization
 │
-├── inventories/                    # Inventory configurations
-│   ├── production/                 # Production (dynamic only)
-│   ├── staging/                    # Staging (dynamic only)
-│   └── development/                # Development environment
-│       ├── hosts.yml               # Static inventory
-│       ├── libvirt_kvm.yml         # Libvirt config
-│       └── group_vars/             # Group variables
-│           ├── all.yml
-│           ├── kvm_guests.yml
-│           └── hypervisors.yml
+├── inventories/                    # → Git submodule (PRIVATE)
+│   ├── production/                 #   Dynamic libvirt inventory
+│   ├── staging/                    #   Staging environment
+│   └── development/                #   Development environment
 │
-├── plugins/                        # Custom plugins
-│   └── inventory/                  # Dynamic inventory scripts
-│       ├── ssh_config_inventory.py # SSH config parser
-│       └── libvirt_kvm.py          # Libvirt/KVM discovery
+├── secrets/                        # → Git submodule (PRIVATE)
+│   ├── ssh/                        #   SSH keys for automation
+│   ├── machines/                   #   Machine-specific secrets
+│   └── vaults/                     #   Ansible vault files
+│
+├── playbooks/                      # Playbooks
+│   ├── gather_system_info.yml      # System information collection
+│   ├── configure_swap.yml          # Swap configuration
+│   ├── install_qemu_agent.yml      # QEMU guest agent
+│   └── audit_docker.yml            # Docker security audit
 │
 ├── roles/                          # Ansible roles
-├── playbooks/                      # Playbooks
-├── collections/                    # Ansible collections
+│   ├── system_info/                # Production-ready
+│   └── deploy_linux_vm/            # Production-ready
 │
+├── collections/                    # Ansible collections
 ├── docs/                           # Documentation
+│   ├── submodule-workflow.md       # Submodule usage guide
+│   ├── git-ssh-setup.md            # Git SSH configuration
+│   └── security/                   # Security documentation
 │   ├── inventory.md                # Inventory documentation
 │   └── [other docs]
 │