ansible
704cf44f43
- Follow Keep a Changelog format - Document initial release v0.1.0 with all features - Include security improvements and infrastructure changes - Add release notes and getting started guide 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
3.6 KiB
3.6 KiB
Changelog
All notable changes to this Ansible infrastructure automation project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased
0.1.0 - 2025-11-10
Added
- Initial project setup with Ansible infrastructure automation framework
- Comprehensive Ansible guidelines and best practices (CLAUDE.md)
- Security-first approach with CIS Benchmarks and NIST guidelines
- Dynamic inventory requirements and best practices
- OS-specific configuration for Debian and RHEL families
- Role development standards and testing strategies
- Infrastructure inventory documentation (INFRASTRUCTURE_INVENTORY.md)
- VM deployment automation
deploy_linux_vmrole with LVM support and SSH hardening- Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky Linux)
- Automated partitioning with LVM configuration
- Security hardening (SELinux/AppArmor, firewall, fail2ban)
- Test playbook for role validation
- Dynamic inventory plugins
libvirt_kvm.py- KVM/libvirt dynamic inventoryssh_config_inventory.py- SSH config-based inventory
- Unattended deployment configurations
- Cloud-init templates (user-data, meta-data)
- Debian preseed configuration
- Bash configuration script for Debian VMs
- Comprehensive documentation
- Role documentation (ROLE.md)
- Setup summary (SETUP_SUMMARY.md)
- Quick reference cheatsheets for all playbooks
- README.md with project overview
- Git repository structure
- Main repository:
ansible/infra-automation(public) - Secrets submodule:
ansible/secrets(private) - Proper .gitmodules configuration
- Main repository:
Security
- Implemented secrets management using private git submodule
- SSH key-based authentication for Gitea repository access
- Security-first configuration templates following industry standards
- Ansible user with passwordless sudo and SSH key authentication
- SELinux/AppArmor enforcement configurations
- Firewall configurations (firewalld/ufw)
- Fail2ban integration for SSH protection
Infrastructure
- Git repository hosting on Gitea (git.mymx.me:2222)
- SSH configuration for git.mymx.me with dedicated key
- Dynamic inventory support for multiple sources (AWS, Azure, VMware, libvirt)
- LVM-based storage configuration for all deployed systems
0.0.1 - 2025-11-10
Added
- Initial repository creation
- Basic project structure
- Infrastructure configuration files
- Dynamic inventory configuration
- Multi-distribution VM deployment playbooks
Release Notes
Version 0.1.0 - Initial Release
This is the first official release of the Ansible infrastructure automation project. It provides a complete framework for deploying and managing Linux virtual machines with security-first principles.
Key Features:
- Automated VM deployment with LVM configuration
- Multi-distribution support (Debian/Ubuntu and RHEL families)
- Security hardening out of the box
- Dynamic inventory support
- Comprehensive documentation and cheatsheets
Requirements:
- Ansible 2.9 or higher
- Python 3.6 or higher
- SSH access to target systems
- For VM deployment: libvirt/KVM hypervisor
Getting Started:
# Clone with submodules
git clone --recursive ssh://git@git.mymx.me:2222/ansible/infra-automation.git
# Review documentation
cat docs/README.md
# Check available cheatsheets
ls cheatsheets/