infra-automation/CHANGELOG.md

# Changelog

All notable changes to this Ansible infrastructure automation project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [0.1.0] - 2025-11-10

### Added
- Initial project setup with Ansible infrastructure automation framework
- Comprehensive Ansible guidelines and best practices (CLAUDE.md)
  - Security-first approach with CIS Benchmarks and NIST guidelines
  - Dynamic inventory requirements and best practices
  - OS-specific configuration for Debian and RHEL families
  - Role development standards and testing strategies
- Infrastructure inventory documentation (INFRASTRUCTURE_INVENTORY.md)
- VM deployment automation
  - `deploy_linux_vm` role with LVM support and SSH hardening
  - Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky Linux)
  - Automated partitioning with LVM configuration
  - Security hardening (SELinux/AppArmor, firewall, fail2ban)
  - Test playbook for role validation
- Dynamic inventory plugins
  - `libvirt_kvm.py` - KVM/libvirt dynamic inventory
  - `ssh_config_inventory.py` - SSH config-based inventory
- Unattended deployment configurations
  - Cloud-init templates (user-data, meta-data)
  - Debian preseed configuration
  - Bash configuration script for Debian VMs
- Comprehensive documentation
  - Role documentation (ROLE.md)
  - Setup summary (SETUP_SUMMARY.md)
  - Quick reference cheatsheets for all playbooks
  - README.md with project overview
- Git repository structure
  - Main repository: `ansible/infra-automation` (public)
  - Secrets submodule: `ansible/secrets` (private)
  - Proper .gitmodules configuration

### Security
- Implemented secrets management using private git submodule
- SSH key-based authentication for Gitea repository access
- Security-first configuration templates following industry standards
- Ansible user with passwordless sudo and SSH key authentication
- SELinux/AppArmor enforcement configurations
- Firewall configurations (firewalld/ufw)
- Fail2ban integration for SSH protection

### Infrastructure
- Git repository hosting on Gitea (git.mymx.me:2222)
- SSH configuration for git.mymx.me with dedicated key
- Dynamic inventory support for multiple sources (AWS, Azure, VMware, libvirt)
- LVM-based storage configuration for all deployed systems

## [0.0.1] - 2025-11-10

### Added
- Initial repository creation
- Basic project structure
- Infrastructure configuration files
- Dynamic inventory configuration
- Multi-distribution VM deployment playbooks

---

## Release Notes

### Version 0.1.0 - Initial Release

This is the first official release of the Ansible infrastructure automation project. It provides a complete framework for deploying and managing Linux virtual machines with security-first principles.

**Key Features:**
- Automated VM deployment with LVM configuration
- Multi-distribution support (Debian/Ubuntu and RHEL families)
- Security hardening out of the box
- Dynamic inventory support
- Comprehensive documentation and cheatsheets

**Requirements:**
- Ansible 2.9 or higher
- Python 3.6 or higher
- SSH access to target systems
- For VM deployment: libvirt/KVM hypervisor

**Getting Started:**
```bash
# Clone with submodules
git clone --recursive ssh://git@git.mymx.me:2222/ansible/infra-automation.git

# Review documentation
cat docs/README.md

# Check available cheatsheets
ls cheatsheets/
```

---

[Unreleased]: https://git.mymx.me/ansible/infra-automation/compare/v0.1.0...HEAD
[0.1.0]: https://git.mymx.me/ansible/infra-automation/releases/tag/v0.1.0
[0.0.1]: https://git.mymx.me/ansible/infra-automation/commits/77d3dda