ansible/infra-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e28d1633a1a46766020002aa0ea4a6777403a56
infra-automation/TODO.md
ansible 4e28d1633a Update git authentication and documentation 
- Created ed25519 SSH key for git operations (secrets/ssh/ansible)
- Configured git to use SSH key authentication with IdentitiesOnly
- Recreated Gitea repository with proper SSH access (ID: 29)
- Added SSH agent auto-initialization script (.ssh-agent-init)
- Created comprehensive git SSH setup documentation
- Updated TODO.md to reflect resolved git push issues
- All git operations now use SSH key authentication

SSH Key Details:
- Passphrase: Documented in secrets/ssh/README.md
- Fingerprint: SHA256:mkgq5V567C/CJas9nbP16kNzzVqs7z7k2X90qdP0QXE
- Auto-load: source /opt/ansible/.ssh-agent-init

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-11 14:13:34 +01:00

115 lines
4.3 KiB
Markdown
Raw Blame History

# TODO - Ansible Infrastructure Automation
**Last Updated:** 2025-11-11
**Priority:** CRITICAL = 🔥 | HIGH = ⚠️ | MEDIUM = 📋 | LOW = 💡
---
## 📊 Planning Documents Created
**NEW:** Comprehensive improvement planning completed!
- ✅ [IMPROVEMENT_PLAN.md](IMPROVEMENT_PLAN.md) - Strategic improvement plan across 7 areas
- ✅ [TASKS_WEEK_47.md](TASKS_WEEK_47.md) - Detailed executable task plan for this week
---
## This Week (Week 47) - COMPLETED ✅
**Focus:** Critical Infrastructure Recovery & Security Audit
**Detailed Plan:** See [TASKS_WEEK_47.md](TASKS_WEEK_47.md)
**Status:** 9/13 tasks completed (69%), 4 blocked/deferred
### 🔥 Critical (P0)
- [x] **BLOCKED** - Recover derp VM - requires ansible user creation (deferred - low priority)
- [x]**RESOLVED** - Git push permission issue - SSH key created and configured
- [x]**RESOLVED** - Gitea repository recreated with proper SSH authentication
- [ ] **BLOCKED** - Execute system info playbook on derp (blocked by derp access)
### ⚠️ High Priority (P1)
- [x] ✅ Install qemu-guest-agent on mymx - VERIFIED operational
- [ ] **BLOCKED** - Configure swap on derp (blocked by derp access)
- [x] ✅ Create Docker security audit playbook - playbooks/audit_docker.yml
- [x] ✅ Execute Docker security audit on pihole - 2 MEDIUM, 1 LOW findings
- [x] ✅ Execute Docker security audit on mymx - 1 CRITICAL*, 1 HIGH*, 2 MEDIUM, 1 LOW
- [x] ✅ Update CHANGELOG.md with Week 46 improvements - version 0.2.0 released
### 📋 Medium Priority (P2)
- [x] ✅ Fix ansible-galaxy configuration error - removed automation_hub config
- [x] ✅ Stop derp VM and disable autostart
- [x] ✅ Create Docker security findings documentation - docs/security/docker-security-findings.md
- [ ] Document derp recovery procedures in runbooks (not needed per user)
- [ ] Weekly review and metrics update (not needed per user)
- [ ] Create Week 48 task plan
---
## Next 2 Weeks (Weeks 48-49)
### ⚠️ High Priority
- [ ] Create separate inventories public repository
- [ ] Implement automated compliance checking
- [ ] Set up CI/CD pipeline (Gitea Actions/Jenkins)
- [ ] Create backup procedures for critical VMs
### 📋 Medium Priority
- [ ] Add production/staging inventory configurations
- [ ] Create pre-commit hooks for quality checks
- [ ] Docker security hardening implementation
---
## Next Month (Dec 2025)
### ⚠️ High Priority
- [ ] Create functional Molecule test scenarios
- [ ] Implement common base system role
- [ ] Create security_hardening role (CIS compliance)
### 📋 Medium Priority
- [ ] Set up monitoring stack (Prometheus + Grafana)
- [ ] Create disaster recovery automation
- [ ] Implement HashiCorp Vault integration
### 💡 Low Priority
- [ ] Create nginx/apache roles
- [ ] Create postgresql/mysql roles
- [ ] Publish collections to Ansible Galaxy
---
## Known Issues
1. **derp VM stopped** - Requires ansible user creation, deferred (low priority)
2. ~~**Git push blocked**~~ - ✅ RESOLVED - SSH key created, repository recreated
3. **pihole LVM missing** - Non-compliant with CLAUDE.md, migration needed
4. ~~**QEMU agent channels**~~ - ✅ RESOLVED - mymx QEMU agent verified operational
5. **Molecule tests** - Structure exists but not functional
6. **NEW: Docker security findings** - See docs/security/docker-security-findings.md
- mymx: 1 privileged container (justified - netfilter)
- All containers: Missing resource limits
- User namespace remapping needed
---
## Quick Wins (< 30 min each)
- [x] ✅ Execute install_qemu_agent.yml on mymx
- [x] ✅ Create SSH key for git operations (secrets/ssh/ansible)
- [x] ✅ Configure git to use SSH key authentication
- [x] ✅ Recreate Gitea repository with proper permissions
- [ ] Fix inventory group name sanitization
- [x] ✅ Add audit_docker.yml playbook
- [ ] Create testing cheatsheet
- [ ] Update role CHANGELOGs
- [ ] Implement resource limits on pihole container
- [ ] Pin pihole image to specific version
---
**Next Review:** Weekly (Mondays)
**Documents:**
- [IMPROVEMENT_PLAN.md](IMPROVEMENT_PLAN.md) - Strategic improvement plan (7 areas, prioritized)
- [TASKS_WEEK_47.md](TASKS_WEEK_47.md) - This week's executable tasks
- [ROADMAP.md](ROADMAP.md) - Long-term strategic roadmap
- [SYSTEM_ANALYSIS_AND_REMEDIATION.md](SYSTEM_ANALYSIS_AND_REMEDIATION.md) - Infrastructure analysis
Reference in New Issue View Git Blame Copy Permalink