70b57d223f
Add system_info role for comprehensive infrastructure inventory
...
New role for gathering detailed system information including CPU, GPU,
RAM, disk, network, and hypervisor details with JSON export capabilities.
Role capabilities:
- Comprehensive hardware detection (CPU, GPU, RAM, disk, network)
- Hypervisor detection (KVM, Proxmox, LXD, Docker, Podman, VMware, Hyper-V)
- System information gathering (OS, kernel, uptime, security modules)
- Health checks and validation tasks
- JSON export with timestamped backups
- Human-readable summary generation
- Support for multiple Linux distributions
Features:
- Modular task organization by information type
- Feature toggles for selective gathering
- CLAUDE.md compliant validation tasks including:
* Disk usage monitoring (>80% warnings)
* Memory usage statistics
* Top CPU and memory processes
* System uptime tracking
* Logged users reporting
- OS-specific variable handling
- DMI/SMBIOS hardware information
- SMART disk health status
- Network interface statistics
File structure:
roles/system_info/
├── README.md # Comprehensive documentation
├── defaults/main.yml # Configurable defaults
├── vars/main.yml # Role variables
├── meta/main.yml # Galaxy metadata
├── tasks/
│ ├── main.yml # Main task coordinator
│ ├── install.yml # Package installation
│ ├── gather_system.yml # OS and system info
│ ├── gather_cpu.yml # CPU details
│ ├── gather_gpu.yml # GPU detection
│ ├── gather_memory.yml # RAM information
│ ├── gather_disk.yml # Disk and LVM info
│ ├── gather_network.yml # Network configuration
│ ├── detect_hypervisor.yml # Virtualization detection
│ ├── export_stats.yml # JSON export
│ └── validate.yml # Health checks (CLAUDE.md compliant)
├── templates/
│ └── summary.txt.j2 # Human-readable summary
├── handlers/
│ └── main.yml # Service handlers
└── tests/
└── test.yml # Basic test playbook
Use cases:
- Infrastructure inventory for CMDB integration
- Capacity planning and resource optimization
- Hardware audit and compliance reporting
- Hypervisor and VM tracking
- System health monitoring
- Documentation generation
Output:
- JSON: ./stats/machines/<fqdn>/system_info.json
- Backup: ./stats/machines/<fqdn>/system_info_<timestamp>.json
- Summary: ./stats/machines/<fqdn>/summary.txt
Requirements:
- Ansible >= 2.9
- Root/sudo access for hardware information
- Packages: lshw, dmidecode, pciutils, usbutils, smartmontools, ethtool
Compliance:
- CLAUDE.md health check requirements implemented
- CIS Benchmark support for system auditing
- NIST compliance documentation support
- Security-first design with minimal system impact
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-11 01:36:01 +01:00
Infrastructure Team
eec15a1cc2
Add deploy_linux_vm role with LVM and SSH hardening
...
Features:
- Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE)
- LVM configuration with meaningful volume groups and logical volumes
- 8 LVs: lv_opt, lv_tmp, lv_home, lv_var, lv_var_log, lv_var_tmp, lv_var_audit, lv_swap
- Security mount options on sensitive directories
SSH Hardening:
- GSSAPI authentication disabled
- GSSAPI cleanup credentials disabled
- Root login disabled via SSH
- Password authentication disabled
- Key-based authentication only
- MaxAuthTries: 3, ClientAliveInterval: 300s
Security Features:
- SELinux enforcing (RHEL family)
- AppArmor enabled (Debian family)
- Firewall configuration (UFW/firewalld)
- Automatic security updates
- Audit daemon (auditd) enabled
- Time synchronization (chrony)
- Essential security packages (aide, auditd)
Role Structure:
- Modular task organization (validate, install, download, storage, deploy, lvm)
- Tag-based execution for selective deployment
- OS-family specific cloud-init templates
- Comprehensive variable defaults (100+ configurable options)
- Post-deployment validation tasks
2025-11-10 22:51:51 +01:00
