# Roadmap - deploy_linux_vm Role This document outlines the planned improvements and future development for the `deploy_linux_vm` role. ## Version 1.1.0 - Security & Compliance Hardening (Q1 2026) ### Critical Priority - [ ] **Remove hardcoded secrets from defaults/main.yml** - Move default passwords to Ansible Vault - Use environment variables or external secret manager - Document secret management in README - Security impact: HIGH - [ ] **Implement comprehensive error handling** - Add block/rescue/always patterns for all critical tasks - Implement rollback mechanisms for failed deployments - Add pre-flight validation checks - Graceful cleanup on failure - [ ] **Add missing handlers** - Handler for network configuration changes - Handler for storage reconfiguration - Handler for cloud-init regeneration - Handler for VM restart if needed ### High Priority - [ ] **Enhance Molecule testing** - Create functional test scenarios - Test VM creation and destruction - Validate cloud-init configuration - Test LVM partitioning verification - Add security validation tests - [ ] **Input validation** - Validate all required variables with assert module - Check for valid VM resource ranges - Validate network configuration parameters - Ensure SSH key format is correct - [ ] **Idempotency improvements** - Ensure tasks are fully idempotent - Add proper changed_when conditions - Implement check mode support ## Version 1.2.0 - Multi-Distribution Support (Q2 2026) ### High Priority - [ ] **RHEL/AlmaLinux/Rocky support** - Create RHEL family cloud-init templates - Add Kickstart support for bare-metal - SELinux configuration in cloud-init - DNF/YUM package management - [ ] **Ubuntu LTS version support** - Test with Ubuntu 22.04 LTS - Test with Ubuntu 24.04 LTS - Autoinstall support for newer versions ### Medium Priority - [ ] **SUSE/openSUSE support** - Create SUSE-specific templates - AutoYaST support for bare-metal - AppArmor configuration ## Version 1.3.0 - Advanced Features (Q3 2026) ### Medium Priority - [ ] **Cloud provider support** - AWS EC2 cloud-init integration - Azure cloud-init support - GCP metadata support - DigitalOcean cloud-init - [ ] **Storage enhancements** - Support for multiple disk configurations - LVM thin provisioning option - Encrypted LVM volumes (LUKS) - Custom partition layouts - [ ] **Network enhancements** - Multiple network interface support - VLAN configuration - Bond/bridge configuration - IPv6 support ### Low Priority - [ ] **Advanced security features** - AIDE/Tripwire file integrity monitoring - Automatic security updates configuration - Firewall rules in cloud-init - Fail2ban pre-configuration ## Version 2.0.0 - Enterprise Features (Q4 2026) ### High Priority - [ ] **Terraform/Pulumi integration** - Terraform provider compatibility - Pulumi resource support - Infrastructure-as-code examples - [ ] **Monitoring and logging** - Prometheus node_exporter in cloud-init - Centralized logging configuration - Health check endpoints - Performance metrics collection ### Medium Priority - [ ] **Backup and disaster recovery** - LVM snapshot integration - Backup schedule configuration - Disaster recovery playbooks - Point-in-time recovery support - [ ] **Compliance frameworks** - CIS Benchmark compliance - DISA STIG configuration - PCI-DSS hardening - HIPAA compliance options ### Low Priority - [ ] **Container support** - Docker pre-installation option - Podman support for RHEL - Kubernetes node preparation - Container runtime selection ## Continuous Improvements ### Ongoing Tasks - [ ] **Documentation** - Keep README.md updated with all features - Add troubleshooting guide - Create example playbooks for common scenarios - Document all variables with examples - [ ] **Code quality** - Regular ansible-lint compliance checks - YAML formatting consistency - Variable naming conventions - Comment critical sections - [ ] **Testing** - Expand Molecule test coverage - Add integration tests - Performance testing for large deployments - Security scanning automation - [ ] **Performance optimization** - Reduce deployment time - Optimize cloud-init execution - Parallel task execution where possible - Fact caching optimization ## Deferred/Under Consideration - [ ] Support for Windows VMs (cloud-init equivalent) - [ ] BSD operating system support - [ ] ARM architecture support - [ ] Bare-metal deployment support - [ ] PXE boot integration ## Completed - [x] Initial role structure and basic functionality (v1.0.0) - [x] Cloud-init template for Debian/Ubuntu (v1.0.0) - [x] LVM partitioning configuration (v1.0.0) - [x] Ansible user creation with SSH keys (v1.0.0) - [x] Basic Molecule test structure (v1.0.0) - [x] CHANGELOG.md and ROADMAP.md creation (v1.0.0) --- **Last Updated**: 2025-11-11 **Current Version**: 1.0.0 **Next Release**: 1.1.0 (Target: Q1 2026)