ansible/infra-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13 Commits 1 Branch 0 Tags
09b083cb03da90072cd40e73d8d8cc02166fde07
Commit Graph

13 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ansible
09b083cb03 Add comprehensive role analysis and improvement recommendations 
Comprehensive analysis of deploy_linux_vm and system_info roles against
CLAUDE.md core principles with detailed improvement recommendations.

Analysis findings:
- Overall compliance: 70% (Good, room for improvement)
- Identified 5 critical issues requiring immediate attention
- Documented 10 medium-priority improvements
- Created priority action plan with timeline

Critical issues identified:
- Missing CHANGELOG.md and ROADMAP.md files (CLAUDE.md violation)
- Empty Molecule test scenarios (no automated testing)
- Hardcoded secrets in defaults (security risk)
- Insufficient error handling (limited block/rescue usage)
- Missing handlers in deploy_linux_vm role

Strengths documented:
- Excellent README documentation for both roles
- Strong security-first approach (SSH, firewall, SELinux)
- Good code quality with ansible-lint production profile
- Well-structured LVM configuration per CLAUDE.md
- Performance optimizations (fact caching, pipelining)

Document includes:
- Detailed compliance scorecard (11 categories assessed)
- Code examples for recommended fixes
- Priority action plan (immediate, short-term, medium-term, long-term)
- Security improvements with vault integration examples
- Testing strategy with Molecule and CI/CD pipeline templates
- Modularity recommendations (extract security_baseline role)
- Documentation standards alignment

This analysis provides a roadmap to achieve 90%+ compliance with
organizational standards and industry best practices.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-11 01:32:10 +01:00
ansible
1198d8e4a3 Add comprehensive roadmap and execution plan 
- Add ROADMAP.md with short-term and long-term objectives
  - Phase 1-4: Short-term (12 weeks)
  - Phase 5-10: Long-term (2025-2026)
  - Success metrics and KPIs
  - Risk assessment and mitigation
  - Resource requirements

- Add EXECUTION_PLAN.md with detailed todo lists
  - Week-by-week breakdown of Phase 1-4
  - Actionable tasks with priorities and effort estimates
  - Acceptance criteria for each task
  - Issue tracking guidance
  - Progress reporting templates

- Update CLAUDE.md with correct login credentials
  - Use ansible@mymx.me as login for services

Roadmap covers:
- Foundation strengthening (inventories, CI/CD, testing)
- Core role development (common, security, monitoring)
- Secrets management (Ansible Vault, HashiCorp Vault)
- Application deployment (nginx, postgresql)
- Cloud infrastructure (AWS, Azure, GCP)
- Container orchestration (Docker, Kubernetes)
- Advanced features (backup, compliance, observability)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-10 23:49:42 +01:00
ansible
704cf44f43 Add CHANGELOG.md for version tracking 
- Follow Keep a Changelog format
- Document initial release v0.1.0 with all features
- Include security improvements and infrastructure changes
- Add release notes and getting started guide

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-10 23:15:36 +01:00
ansible
048f2bf808 Convert secrets directory to private git submodule 
- Remove secrets files from main repository
- Add secrets as git submodule pointing to private repository
- Secrets repository: ansible/secrets (private)
- Follows security best practice of separating sensitive data

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-10 23:11:01 +01:00
ansible
455133c600 Initial commit: Ansible infrastructure automation 
- Add comprehensive Ansible guidelines and best practices (CLAUDE.md)
- Add infrastructure inventory documentation
- Add VM deployment playbooks and configurations
- Add dynamic inventory plugins (libvirt_kvm, ssh_config)
- Add cloud-init and preseed configurations for automated deployments
- Add security-first configuration templates
- Add role and setup documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-10 23:02:32 +01:00
Infrastructure Team
5ba666dfbf Add quick reference cheatsheets for all playbooks 
Cheatsheets created:
- deploy-debian12-vm.md - Basic Debian 12 deployment reference
- deploy-debian-lvm-netinst.md - Network installer with native LVM
- deploy-linux-vm.md - Multi-distribution quick reference
- deploy-linux-vm-lvm.md - Multi-distro with post-config LVM
- deploy-linux-vm-role.md - Role-based deployment guide
- test-deploy-linux-vm-role.md - Testing and validation procedures

Each cheatsheet includes:
- Quick deployment commands
- Variable reference tables
- Tag-based execution examples
- Post-deployment verification steps
- LVM management commands (where applicable)
- Troubleshooting procedures
- Security validation steps
- VM management commands
 2025-11-10 22:52:11 +01:00
Infrastructure Team
04a381e0d5 Add comprehensive documentation 
- Add linux-vm-deployment.md with complete deployment guide
  - Architecture overview and security model
  - Supported distributions matrix
  - LVM partitioning specifications
  - Distribution-specific configurations
  - Troubleshooting procedures
  - Performance tuning guidelines
 2025-11-10 22:52:03 +01:00
Infrastructure Team
82796a18e4 Add test playbook for deploy_linux_vm role 
- Test configuration for Debian 12 with LVM enabled
- Validates LVM configuration compliance
- Tests SSH hardening (GSSAPI disabled)
- Verifies security features (firewall, audit, updates)
- Includes post-test validation checklist
- Documents expected test output and verification steps
 2025-11-10 22:51:57 +01:00
Infrastructure Team
eec15a1cc2 Add deploy_linux_vm role with LVM and SSH hardening 
Features:
- Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE)
- LVM configuration with meaningful volume groups and logical volumes
- 8 LVs: lv_opt, lv_tmp, lv_home, lv_var, lv_var_log, lv_var_tmp, lv_var_audit, lv_swap
- Security mount options on sensitive directories

SSH Hardening:
- GSSAPI authentication disabled
- GSSAPI cleanup credentials disabled
- Root login disabled via SSH
- Password authentication disabled
- Key-based authentication only
- MaxAuthTries: 3, ClientAliveInterval: 300s

Security Features:
- SELinux enforcing (RHEL family)
- AppArmor enabled (Debian family)
- Firewall configuration (UFW/firewalld)
- Automatic security updates
- Audit daemon (auditd) enabled
- Time synchronization (chrony)
- Essential security packages (aide, auditd)

Role Structure:
- Modular task organization (validate, install, download, storage, deploy, lvm)
- Tag-based execution for selective deployment
- OS-family specific cloud-init templates
- Comprehensive variable defaults (100+ configurable options)
- Post-deployment validation tasks
 2025-11-10 22:51:51 +01:00
Infrastructure Team
47df4035c3 Add LVM-enabled VM deployment playbooks 
- Add deploy-debian-lvm-netinst.yml for Debian with native LVM
  - Uses network installer with preseed configuration
  - Full LVM partitioning per infrastructure guidelines
  - Creates vg_system with 8 logical volumes
  - Separate /boot, /opt, /tmp, /home, /var, /var/log, /var/tmp, /var/log/audit
  - Security mount options (noexec,nosuid,nodev on /tmp and /var/tmp)

- Add deploy-linux-vm-lvm.yml for multi-distro with post-config LVM
  - Supports all distributions from deploy-linux-vm.yml
  - Deploys VM with secondary 30GB disk for LVM
  - Post-deployment LVM configuration on /dev/vdb
  - Data migration from primary disk to LVM volumes
  - Automatic fstab updates
 2025-11-10 22:51:40 +01:00
Infrastructure Team
a5337029ff Add multi-distribution VM deployment playbooks 
- Add deploy-debian12-vm.yml for basic Debian 12 deployment
- Add deploy-linux-vm.yml for multi-distribution support
  - Support for Debian, Ubuntu, RHEL, CentOS, Rocky, Alma, SUSE
  - Cloud-init based provisioning
  - Distribution-specific security hardening
  - Automatic security updates configuration
  - UFW/firewalld setup per OS family
  - SELinux enforcing for RHEL family
 2025-11-10 22:51:30 +01:00
Infrastructure Team
e7f5c7aea7 Add dynamic inventory configuration 
- Add development environment inventory structure
- Configure libvirt/KVM inventory plugin for VM management
- Add grokbox hypervisor host configuration
- Include existing VM hosts (pihole, mymx, derp)
- Set up SSH ProxyJump through grokbox for all VMs
 2025-11-10 22:51:17 +01:00
Infrastructure Team
77d3dda572 Add infrastructure configuration files 
- Add .gitignore for Ansible project (Python, temp files, secrets)
- Add ansible.cfg with optimized settings
  - Enable SSH pipelining for performance
  - Configure fact caching with jsonfile backend
  - Set roles_path and inventory defaults
 2025-11-10 22:50:59 +01:00