Files

ansible 455133c600 Initial commit: Ansible infrastructure automation

- Add comprehensive Ansible guidelines and best practices (CLAUDE.md)
- Add infrastructure inventory documentation
- Add VM deployment playbooks and configurations
- Add dynamic inventory plugins (libvirt_kvm, ssh_config)
- Add cloud-init and preseed configurations for automated deployments
- Add security-first configuration templates
- Add role and setup documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-10 23:02:32 +01:00

10 KiB

Raw Blame History

Infrastructure Inventory - grokbox

Generated: 2025-11-10 Hypervisor: grokbox (grok.home.serneels.xyz) Libvirt URI: qemu:///system Security Model: AppArmor (enforcing)

Summary

Metric	Value
Total VMs	3
Running VMs	3
Stopped VMs	0
Total vCPUs Allocated	12
Total Memory Allocated	20 GB
Network	virbr0 (192.168.122.0/24)

Virtual Machines

1. derp (Development VM)

Status: ✅ Running (ID: 2)

Configuration

Property	Value
UUID	`9ede717f-879b-48aa-add0-2dfd33e10765`
OS Type	HVM
vCPUs	2
Memory	2 GB (2097152 KiB)
CPU Time	33278.4s
Autostart	Enabled
Persistent	Yes

Network

Interface	MAC Address	IP Address	Network
vnet1	`52:54:00:d9:b8:0a`	`192.168.122.99/24`	virbr0 (NAT)

Storage

Type	Device	Target	Source
file	disk	vda	`/var/lib/libvirt/images/derp.qcow2`
file	cdrom	sda	-

Security

Security Model: AppArmor
Security Label: libvirt-9ede717f-879b-48aa-add0-2dfd33e10765 (enforcing)

Ansible Access

# Direct SSH (via ProxyJump)
ssh -J grokbox ansible@192.168.122.99

# Ansible ad-hoc
ansible derp -i inventories/development/hosts.yml -m ping

# Using dynamic inventory
ansible derp -i plugins/inventory/libvirt_kvm.py -m ping

2. pihole (DNS/DHCP Server)

Status: ✅ Running (ID: 5)

Configuration

Property	Value
UUID	`6d714c93-16fb-41c8-8ef8-9001f9066b3a`
OS Type	HVM
vCPUs	2
Memory	2 GB (2097152 KiB)
CPU Time	74968.5s
Autostart	Enabled
Persistent	Yes

Network

Interface	MAC Address	IP Address	Network
vnet4	`52:54:00:3b:ea:52`	`192.168.122.12/24`	virbr0 (NAT)

Storage

Type	Device	Target	Source
file	disk	vda	`/var/lib/libvirt/images/pihole.qcow2`

Security

Security Model: AppArmor
Security Label: libvirt-6d714c93-16fb-41c8-8ef8-9001f9066b3a (enforcing)

Services

Pi-hole (DNS ad-blocking)
dnsmasq (DHCP server)
lighttpd (Web interface)

Ansible Access

# Direct SSH (via ProxyJump)
ssh -J grokbox ansible@192.168.122.12

# Ansible ad-hoc
ansible pihole -i inventories/development/hosts.yml -m ping

# Using dynamic inventory
ansible dns_servers -i plugins/inventory/libvirt_kvm.py -m ping

3. mymx (Mail Server)

Status: ✅ Running (ID: 21)

Configuration

Property	Value
UUID	`7cd5a220-bea4-49a1-a44e-a247dbdfd085`
OS Type	HVM
vCPUs	8
Memory	16 GB (16777216 KiB)
CPU Time	476431.1s
Autostart	Enabled
Persistent	Yes

Network

Interface	MAC Address	IP Address	Network
vnet20	`52:54:00:de:fc:e9`	`192.168.122.119/24`	virbr0 (NAT)

Storage

Type	Device	Target	Source
file	disk	vda	`/var/lib/libvirt/images/mymx.qcow2`

Security

Security Model: AppArmor
Security Label: libvirt-7cd5a220-bea4-49a1-a44e-a247dbdfd085 (enforcing)

Services

Postfix (Mail Transfer Agent)
Dovecot (IMAP/POP3 server)

Ansible Access

# Direct SSH (via ProxyJump)
ssh -J grokbox ansible@192.168.122.119

# Ansible ad-hoc
ansible mymx -i inventories/development/hosts.yml -m ping

# Using dynamic inventory
ansible mail_servers -i plugins/inventory/libvirt_kvm.py -m ping

Network Configuration

NAT Network (virbr0)

Property	Value
Network	192.168.122.0/24
Gateway	192.168.122.1 (grokbox)
DHCP Range	192.168.122.2 - 192.168.122.254
DNS	Provided by dnsmasq

IP Allocation

VM	IP Address	MAC Address	Status
pihole	192.168.122.12	52:54:00:3b:ea:52	✅ Active
derp	192.168.122.99	52:54:00:d9:b8:0a	✅ Active
mymx	192.168.122.119	52:54:00:de:fc:e9	✅ Active

Resource Allocation Summary

CPU Allocation

VM	vCPUs	CPU Time	% of Total
mymx	8	476431.1s	66.7%
derp	2	33278.4s	16.7%
pihole	2	74968.5s	16.7%
Total	12	584678.0s	100%

Memory Allocation

VM	Memory	% of Total
mymx	16 GB	80%
derp	2 GB	10%
pihole	2 GB	10%
Total	20 GB	100%

Storage

VM	Disk Type	Location	Format
mymx	file (qcow2)	`/var/lib/libvirt/images/mymx.qcow2`	qcow2
derp	file (qcow2)	`/var/lib/libvirt/images/derp.qcow2`	qcow2
pihole	file (qcow2)	`/var/lib/libvirt/images/pihole.qcow2`	qcow2

Security Status

All VMs

✅ Security Model: AppArmor enforcing
✅ Unique Security Labels: Per-VM isolation
✅ Persistent Configuration: All VMs persistent
✅ Autostart: All VMs set to autostart
✅ Network Isolation: NAT network with gateway

Access Control

Hypervisor Access: SSH to grokbox (user: grok)
VM Access: SSH via ProxyJump through grokbox (user: ansible)
Authentication: SSH key-based (no password auth)
Privilege Escalation: Passwordless sudo for ansible user

Ansible Integration

Available Inventory Sources

1. Static Inventory

ansible all -i inventories/development/hosts.yml --list-hosts

2. Libvirt Dynamic Inventory

ansible running_vms -i plugins/inventory/libvirt_kvm.py --list-hosts

3. SSH Config Inventory

ansible kvm_guests -i plugins/inventory/ssh_config_inventory.py --list-hosts

Group Memberships

VM	Groups
derp	all, kvm_guests, development, running_vms
pihole	all, kvm_guests, dns_servers, running_vms
mymx	all, kvm_guests, mail_servers, running_vms

Testing Connectivity

# Test all VMs
ansible kvm_guests -i plugins/inventory/libvirt_kvm.py -m ping

# Test specific groups
ansible dns_servers -i inventories/development/hosts.yml -m ping
ansible mail_servers -i inventories/development/hosts.yml -m ping
ansible development -i inventories/development/hosts.yml -m ping

# Gather facts
ansible derp -i plugins/inventory/libvirt_kvm.py -m setup

# Check uptime
ansible all -i plugins/inventory/libvirt_kvm.py -m shell -a "uptime"

Management Commands

VM Lifecycle

# Start VM
ssh grokbox "virsh -c qemu:///system start <vm_name>"

# Shutdown VM gracefully
ssh grokbox "virsh -c qemu:///system shutdown <vm_name>"

# Force stop VM
ssh grokbox "virsh -c qemu:///system destroy <vm_name>"

# Reboot VM
ssh grokbox "virsh -c qemu:///system reboot <vm_name>"

# Check VM status
ssh grokbox "virsh -c qemu:///system domstate <vm_name>"

VM Information

# Detailed VM info
ssh grokbox "virsh -c qemu:///system dominfo <vm_name>"

# VM network addresses
ssh grokbox "virsh -c qemu:///system domifaddr <vm_name>"

# VM disk info
ssh grokbox "virsh -c qemu:///system domblklist <vm_name> --details"

# VM console access
ssh grokbox "virsh -c qemu:///system console <vm_name>"

Snapshots

# Create snapshot
ssh grokbox "virsh -c qemu:///system snapshot-create-as <vm_name> <snapshot_name> --description '<description>'"

# List snapshots
ssh grokbox "virsh -c qemu:///system snapshot-list <vm_name>"

# Revert to snapshot
ssh grokbox "virsh -c qemu:///system snapshot-revert <vm_name> <snapshot_name>"

# Delete snapshot
ssh grokbox "virsh -c qemu:///system snapshot-delete <vm_name> <snapshot_name>"

Maintenance Recommendations

Immediate Actions

✅ All VMs running and accessible
✅ Network connectivity verified
✅ Security models enforcing (AppArmor)
⚠️ Consider implementing LVM partitioning per CLAUDE.md on next rebuild

Short-term

Backup Strategy
- Implement regular VM snapshots
- Export VM definitions: virsh dumpxml <vm_name> > <vm_name>.xml
- Backup qcow2 images from /var/lib/libvirt/images/
Monitoring
- Deploy node_exporter on all VMs
- Implement centralized logging
- Set up alerting for resource thresholds
Security Hardening
- Run security audit playbooks
- Verify AIDE/auditd installation
- Review and harden SSH configurations

Long-term

Infrastructure as Code
- Create Terraform/Pulumi for VM provisioning
- Implement cloud-init templates
- Standardize VM configurations
High Availability
- Consider VM clustering
- Implement backup hypervisor
- Set up automated failover
Compliance
- Implement CIS benchmark scanning
- Run OpenSCAP compliance checks
- Generate compliance reports

Troubleshooting

Connection Issues

# Test SSH to hypervisor
ssh grokbox "hostname"

# Test SSH to VM (direct)
ssh -J grokbox ansible@192.168.122.12 "hostname"

# Check libvirt connectivity
ssh grokbox "virsh -c qemu:///system version"

# Verify network
ssh grokbox "virsh -c qemu:///system net-list --all"

VM Not Starting

# Check VM definition
ssh grokbox "virsh -c qemu:///system dumpxml <vm_name>"

# Check logs
ssh grokbox "journalctl -u libvirtd -n 50"

# Validate configuration
ssh grokbox "virt-xml-validate /etc/libvirt/qemu/<vm_name>.xml"

Network Issues

# Check network status
ssh grokbox "virsh -c qemu:///system net-info default"

# Restart network
ssh grokbox "virsh -c qemu:///system net-destroy default && virsh -c qemu:///system net-start default"

# Check DHCP leases
ssh grokbox "virsh -c qemu:///system net-dhcp-leases default"

References

CLAUDE.md: Infrastructure guidelines and standards
docs/inventory.md: Complete inventory documentation
cheatsheets/inventory.md: Quick reference commands
SSH Config: ~/.ssh/config - Connection configurations

Last Updated: 2025-11-10 Updated By: Automated infrastructure discovery Next Review: Weekly or on infrastructure changes

10 KiB Raw Blame History

Infrastructure Inventory - grokbox

Summary

Virtual Machines

1. derp (Development VM)

Configuration

Network

Storage

Security

Ansible Access

2. pihole (DNS/DHCP Server)

Configuration

Network

Storage

Security

Services

Ansible Access

3. mymx (Mail Server)

Configuration

Network

Storage

Security

Services

Ansible Access

Network Configuration

NAT Network (virbr0)

IP Allocation

Resource Allocation Summary

CPU Allocation

Memory Allocation

Storage

Security Status

All VMs

Access Control

Ansible Integration

Available Inventory Sources

1. Static Inventory

2. Libvirt Dynamic Inventory

3. SSH Config Inventory

Group Memberships

Testing Connectivity

Management Commands

VM Lifecycle

VM Information

Snapshots

Maintenance Recommendations

Immediate Actions

Short-term

Long-term

Troubleshooting

Connection Issues

VM Not Starting

Network Issues

References

10 KiB

Raw Blame History