# Infrastructure Inventory - grokbox **Generated:** 2025-11-10 **Hypervisor:** grokbox (grok.home.serneels.xyz) **Libvirt URI:** qemu:///system **Security Model:** AppArmor (enforcing) --- ## Summary | Metric | Value | |--------|-------| | **Total VMs** | 3 | | **Running VMs** | 3 | | **Stopped VMs** | 0 | | **Total vCPUs Allocated** | 12 | | **Total Memory Allocated** | 20 GB | | **Network** | virbr0 (192.168.122.0/24) | --- ## Virtual Machines ### 1. derp (Development VM) **Status:** ✅ Running (ID: 2) #### Configuration | Property | Value | |----------|-------| | **UUID** | `9ede717f-879b-48aa-add0-2dfd33e10765` | | **OS Type** | HVM | | **vCPUs** | 2 | | **Memory** | 2 GB (2097152 KiB) | | **CPU Time** | 33278.4s | | **Autostart** | Enabled | | **Persistent** | Yes | #### Network | Interface | MAC Address | IP Address | Network | |-----------|-------------|------------|---------| | vnet1 | `52:54:00:d9:b8:0a` | `192.168.122.99/24` | virbr0 (NAT) | #### Storage | Type | Device | Target | Source | |------|--------|--------|--------| | file | disk | vda | `/var/lib/libvirt/images/derp.qcow2` | | file | cdrom | sda | - | #### Security - **Security Model:** AppArmor - **Security Label:** `libvirt-9ede717f-879b-48aa-add0-2dfd33e10765` (enforcing) #### Ansible Access ```bash # Direct SSH (via ProxyJump) ssh -J grokbox ansible@192.168.122.99 # Ansible ad-hoc ansible derp -i inventories/development/hosts.yml -m ping # Using dynamic inventory ansible derp -i plugins/inventory/libvirt_kvm.py -m ping ``` --- ### 2. pihole (DNS/DHCP Server) **Status:** ✅ Running (ID: 5) #### Configuration | Property | Value | |----------|-------| | **UUID** | `6d714c93-16fb-41c8-8ef8-9001f9066b3a` | | **OS Type** | HVM | | **vCPUs** | 2 | | **Memory** | 2 GB (2097152 KiB) | | **CPU Time** | 74968.5s | | **Autostart** | Enabled | | **Persistent** | Yes | #### Network | Interface | MAC Address | IP Address | Network | |-----------|-------------|------------|---------| | vnet4 | `52:54:00:3b:ea:52` | `192.168.122.12/24` | virbr0 (NAT) | #### Storage | Type | Device | Target | Source | |------|--------|--------|--------| | file | disk | vda | `/var/lib/libvirt/images/pihole.qcow2` | #### Security - **Security Model:** AppArmor - **Security Label:** `libvirt-6d714c93-16fb-41c8-8ef8-9001f9066b3a` (enforcing) #### Services - Pi-hole (DNS ad-blocking) - dnsmasq (DHCP server) - lighttpd (Web interface) #### Ansible Access ```bash # Direct SSH (via ProxyJump) ssh -J grokbox ansible@192.168.122.12 # Ansible ad-hoc ansible pihole -i inventories/development/hosts.yml -m ping # Using dynamic inventory ansible dns_servers -i plugins/inventory/libvirt_kvm.py -m ping ``` --- ### 3. mymx (Mail Server) **Status:** ✅ Running (ID: 21) #### Configuration | Property | Value | |----------|-------| | **UUID** | `7cd5a220-bea4-49a1-a44e-a247dbdfd085` | | **OS Type** | HVM | | **vCPUs** | 8 | | **Memory** | 16 GB (16777216 KiB) | | **CPU Time** | 476431.1s | | **Autostart** | Enabled | | **Persistent** | Yes | #### Network | Interface | MAC Address | IP Address | Network | |-----------|-------------|------------|---------| | vnet20 | `52:54:00:de:fc:e9` | `192.168.122.119/24` | virbr0 (NAT) | #### Storage | Type | Device | Target | Source | |------|--------|--------|--------| | file | disk | vda | `/var/lib/libvirt/images/mymx.qcow2` | #### Security - **Security Model:** AppArmor - **Security Label:** `libvirt-7cd5a220-bea4-49a1-a44e-a247dbdfd085` (enforcing) #### Services - Postfix (Mail Transfer Agent) - Dovecot (IMAP/POP3 server) #### Ansible Access ```bash # Direct SSH (via ProxyJump) ssh -J grokbox ansible@192.168.122.119 # Ansible ad-hoc ansible mymx -i inventories/development/hosts.yml -m ping # Using dynamic inventory ansible mail_servers -i plugins/inventory/libvirt_kvm.py -m ping ``` --- ## Network Configuration ### NAT Network (virbr0) | Property | Value | |----------|-------| | **Network** | 192.168.122.0/24 | | **Gateway** | 192.168.122.1 (grokbox) | | **DHCP Range** | 192.168.122.2 - 192.168.122.254 | | **DNS** | Provided by dnsmasq | ### IP Allocation | VM | IP Address | MAC Address | Status | |----|------------|-------------|--------| | pihole | 192.168.122.12 | 52:54:00:3b:ea:52 | ✅ Active | | derp | 192.168.122.99 | 52:54:00:d9:b8:0a | ✅ Active | | mymx | 192.168.122.119 | 52:54:00:de:fc:e9 | ✅ Active | --- ## Resource Allocation Summary ### CPU Allocation | VM | vCPUs | CPU Time | % of Total | |----|-------|----------|------------| | mymx | 8 | 476431.1s | 66.7% | | derp | 2 | 33278.4s | 16.7% | | pihole | 2 | 74968.5s | 16.7% | | **Total** | **12** | **584678.0s** | **100%** | ### Memory Allocation | VM | Memory | % of Total | |----|--------|------------| | mymx | 16 GB | 80% | | derp | 2 GB | 10% | | pihole | 2 GB | 10% | | **Total** | **20 GB** | **100%** | ### Storage | VM | Disk Type | Location | Format | |----|-----------|----------|--------| | mymx | file (qcow2) | `/var/lib/libvirt/images/mymx.qcow2` | qcow2 | | derp | file (qcow2) | `/var/lib/libvirt/images/derp.qcow2` | qcow2 | | pihole | file (qcow2) | `/var/lib/libvirt/images/pihole.qcow2` | qcow2 | --- ## Security Status ### All VMs - ✅ **Security Model:** AppArmor enforcing - ✅ **Unique Security Labels:** Per-VM isolation - ✅ **Persistent Configuration:** All VMs persistent - ✅ **Autostart:** All VMs set to autostart - ✅ **Network Isolation:** NAT network with gateway ### Access Control - **Hypervisor Access:** SSH to grokbox (user: grok) - **VM Access:** SSH via ProxyJump through grokbox (user: ansible) - **Authentication:** SSH key-based (no password auth) - **Privilege Escalation:** Passwordless sudo for ansible user --- ## Ansible Integration ### Available Inventory Sources #### 1. Static Inventory ```bash ansible all -i inventories/development/hosts.yml --list-hosts ``` #### 2. Libvirt Dynamic Inventory ```bash ansible running_vms -i plugins/inventory/libvirt_kvm.py --list-hosts ``` #### 3. SSH Config Inventory ```bash ansible kvm_guests -i plugins/inventory/ssh_config_inventory.py --list-hosts ``` ### Group Memberships | VM | Groups | |----|--------| | **derp** | all, kvm_guests, development, running_vms | | **pihole** | all, kvm_guests, dns_servers, running_vms | | **mymx** | all, kvm_guests, mail_servers, running_vms | ### Testing Connectivity ```bash # Test all VMs ansible kvm_guests -i plugins/inventory/libvirt_kvm.py -m ping # Test specific groups ansible dns_servers -i inventories/development/hosts.yml -m ping ansible mail_servers -i inventories/development/hosts.yml -m ping ansible development -i inventories/development/hosts.yml -m ping # Gather facts ansible derp -i plugins/inventory/libvirt_kvm.py -m setup # Check uptime ansible all -i plugins/inventory/libvirt_kvm.py -m shell -a "uptime" ``` --- ## Management Commands ### VM Lifecycle ```bash # Start VM ssh grokbox "virsh -c qemu:///system start " # Shutdown VM gracefully ssh grokbox "virsh -c qemu:///system shutdown " # Force stop VM ssh grokbox "virsh -c qemu:///system destroy " # Reboot VM ssh grokbox "virsh -c qemu:///system reboot " # Check VM status ssh grokbox "virsh -c qemu:///system domstate " ``` ### VM Information ```bash # Detailed VM info ssh grokbox "virsh -c qemu:///system dominfo " # VM network addresses ssh grokbox "virsh -c qemu:///system domifaddr " # VM disk info ssh grokbox "virsh -c qemu:///system domblklist --details" # VM console access ssh grokbox "virsh -c qemu:///system console " ``` ### Snapshots ```bash # Create snapshot ssh grokbox "virsh -c qemu:///system snapshot-create-as --description ''" # List snapshots ssh grokbox "virsh -c qemu:///system snapshot-list " # Revert to snapshot ssh grokbox "virsh -c qemu:///system snapshot-revert " # Delete snapshot ssh grokbox "virsh -c qemu:///system snapshot-delete " ``` --- ## Maintenance Recommendations ### Immediate Actions - ✅ All VMs running and accessible - ✅ Network connectivity verified - ✅ Security models enforcing (AppArmor) - ⚠️ Consider implementing LVM partitioning per CLAUDE.md on next rebuild ### Short-term 1. **Backup Strategy** - Implement regular VM snapshots - Export VM definitions: `virsh dumpxml > .xml` - Backup qcow2 images from `/var/lib/libvirt/images/` 2. **Monitoring** - Deploy node_exporter on all VMs - Implement centralized logging - Set up alerting for resource thresholds 3. **Security Hardening** - Run security audit playbooks - Verify AIDE/auditd installation - Review and harden SSH configurations ### Long-term 1. **Infrastructure as Code** - Create Terraform/Pulumi for VM provisioning - Implement cloud-init templates - Standardize VM configurations 2. **High Availability** - Consider VM clustering - Implement backup hypervisor - Set up automated failover 3. **Compliance** - Implement CIS benchmark scanning - Run OpenSCAP compliance checks - Generate compliance reports --- ## Troubleshooting ### Connection Issues ```bash # Test SSH to hypervisor ssh grokbox "hostname" # Test SSH to VM (direct) ssh -J grokbox ansible@192.168.122.12 "hostname" # Check libvirt connectivity ssh grokbox "virsh -c qemu:///system version" # Verify network ssh grokbox "virsh -c qemu:///system net-list --all" ``` ### VM Not Starting ```bash # Check VM definition ssh grokbox "virsh -c qemu:///system dumpxml " # Check logs ssh grokbox "journalctl -u libvirtd -n 50" # Validate configuration ssh grokbox "virt-xml-validate /etc/libvirt/qemu/.xml" ``` ### Network Issues ```bash # Check network status ssh grokbox "virsh -c qemu:///system net-info default" # Restart network ssh grokbox "virsh -c qemu:///system net-destroy default && virsh -c qemu:///system net-start default" # Check DHCP leases ssh grokbox "virsh -c qemu:///system net-dhcp-leases default" ``` --- ## References - **CLAUDE.md:** Infrastructure guidelines and standards - **docs/inventory.md:** Complete inventory documentation - **cheatsheets/inventory.md:** Quick reference commands - **SSH Config:** `~/.ssh/config` - Connection configurations --- **Last Updated:** 2025-11-10 **Updated By:** Automated infrastructure discovery **Next Review:** Weekly or on infrastructure changes