ansible/infra-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df628983d1987c8a46d6e862455ea1d1531ad20f
infra-automation/SETUP_SUMMARY.md
ansible 455133c600 Initial commit: Ansible infrastructure automation 
- Add comprehensive Ansible guidelines and best practices (CLAUDE.md)
- Add infrastructure inventory documentation
- Add VM deployment playbooks and configurations
- Add dynamic inventory plugins (libvirt_kvm, ssh_config)
- Add cloud-init and preseed configurations for automated deployments
- Add security-first configuration templates
- Add role and setup documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-10 23:02:32 +01:00

9.0 KiB
Raw Blame History

Ansible Infrastructure Setup Summary

Date: 2025-11-10 Status: Complete

What Was Completed

All three requested next steps have been successfully implemented:

Step 1: Dynamic Inventory Script (SSH Config Parser)

Location: /opt/ansible/plugins/inventory/ssh_config_inventory.py

  • Parses ~/.ssh/config to automatically generate Ansible inventory
  • Intelligently categorizes hosts into appropriate groups
  • Supports ProxyJump configuration for nested VM access
  • No external dependencies required

Test Results:

✓ Successfully parsed SSH config
✓ Discovered 5 hosts: odin, grokbox, pihole, derp, mymx
✓ Categorized into groups: external_hosts, hypervisors, dns_servers, mail_servers, development
✓ Generated proper ansible_ssh_common_args for ProxyJump

Step 2: Structured Static/Hybrid Inventory for Development

Location: /opt/ansible/inventories/development/

Created comprehensive static inventory with:

  • hosts.yml - Detailed host definitions with metadata
  • group_vars/all.yml - Global variables for all hosts
  • group_vars/kvm_guests.yml - VM-specific configuration (LVM, networking)
  • group_vars/hypervisors.yml - Hypervisor-specific settings

Features:

  • Complete LVM configuration per CLAUDE.md requirements
  • Security package definitions (AIDE, auditd)
  • Essential packages list (vim, htop, tmux, jq, bc, etc.)
  • ProxyJump SSH configuration for nested access
  • VM resource metadata (vCPUs, memory, UUIDs)

Step 3: Libvirt-Based Dynamic Inventory Plugin

Location: /opt/ansible/plugins/inventory/libvirt_kvm.py

  • Queries libvirt hypervisors directly via libvirt API
  • Real-time VM discovery with state detection
  • Automatic IP address discovery from DHCP leases
  • Resource information extraction (vCPUs, memory, networks)

Test Results:

✓ Successfully connected to grokbox hypervisor
✓ Discovered hypervisor details: x86_64, 64GB RAM, 12 CPUs (6 cores × 2 threads)
✓ Found 3 running VMs: mymx, pihole, derp
✓ Extracted VM resources: vCPUs, memory, UUIDs, IP addresses
✓ Properly configured ProxyJump for all VMs

Infrastructure Discovered

Hypervisor

  • grokbox - KVM/libvirt host (grok.home.serneels.xyz)
    • Hardware: Intel Core i7, 64GB RAM, 12 vCPUs
    • Libvirt: 11.3.0

Virtual Machines (via grokbox)

  • pihole (192.168.122.12) - DNS/DHCP server

    • Resources: 2 vCPUs, 2GB RAM
    • UUID: 6d714c93-16fb-41c8-8ef8-9001f9066b3a

  • mymx (192.168.122.119) - Mail server

    • Resources: 8 vCPUs, 16GB RAM
    • UUID: 7cd5a220-bea4-49a1-a44e-a247dbdfd085

  • derp (192.168.122.99) - Development VM

    • Resources: 2 vCPUs, 2GB RAM
    • UUID: 9ede717f-879b-48aa-add0-2dfd33e10765

External Hosts

  • odin (65.108.217.156) - External VPS mail server (Debian 13)

Directory Structure Created

/opt/ansible/
├── README.md                       # Project overview
├── CLAUDE.md                       # Enhanced guidelines (v2.0)
├── SETUP_SUMMARY.md               # This file
│
├── inventories/
│   ├── production/
│   │   ├── group_vars/
│   │   └── host_vars/
│   ├── staging/
│   │   ├── group_vars/
│   │   └── host_vars/
│   └── development/
│       ├── hosts.yml               # Static inventory
│       ├── libvirt_kvm.yml         # Libvirt config
│       ├── group_vars/
│       │   ├── all.yml
│       │   ├── kvm_guests.yml
│       │   └── hypervisors.yml
│       └── host_vars/
│
├── plugins/
│   └── inventory/
│       ├── ssh_config_inventory.py  # SSH config parser
│       └── libvirt_kvm.py          # Libvirt dynamic inventory
│
├── docs/
│   └── inventory.md                # Complete documentation
│
└── cheatsheets/
    └── inventory.md                # Quick reference

Quick Start Commands

Test SSH Config Inventory

# List all hosts
python3 plugins/inventory/ssh_config_inventory.py --list

# Use with Ansible
ansible all -i plugins/inventory/ssh_config_inventory.py --list-hosts
ansible kvm_guests -i plugins/inventory/ssh_config_inventory.py -m ping

Test Libvirt Dynamic Inventory

# List all VMs
python3 plugins/inventory/libvirt_kvm.py --list

# Use with Ansible
ansible running_vms -i plugins/inventory/libvirt_kvm.py -m ping
ansible all -i plugins/inventory/libvirt_kvm.py --list-hosts

Test Static Inventory

# List hosts
ansible all -i inventories/development/hosts.yml --list-hosts

# View inventory structure
ansible-inventory -i inventories/development/hosts.yml --graph

# Check host variables
ansible-inventory -i inventories/development/hosts.yml --host pihole

Key Features Implemented

Security-First Design (per CLAUDE.md)

SELinux/AppArmor enforcement requirements SSH hardening guidelines (key-based auth, no root login) Security packages defined (AIDE, auditd) Secrets management with Ansible Vault support ProxyJump for secure nested VM access No credentials stored in inventory

Scalability

Dynamic inventory for real-time discovery Support for multiple hypervisors Efficient SSH connection reuse configuration Fact caching recommendations Parallel execution support

Modularity & Reusability

Multiple inventory solutions for different use cases OS-agnostic design (Debian/RHEL families) Comprehensive variable management (group_vars, host_vars) Clear separation of environments (prod, staging, dev) Well-structured and documented

Documentation Created

  1. README.md - Project overview and quick start

  2. docs/inventory.md - Complete inventory documentation (7000+ words)

    • Overview and architecture
    • Detailed usage for all 3 inventory solutions
    • Troubleshooting guide
    • Security considerations
    • Performance optimization

  3. cheatsheets/inventory.md - Quick reference guide

    • Common commands
    • Group references
    • Debugging tips

Compliance with CLAUDE.md

Dynamic Inventories Implemented - Primary requirement met Security-First Approach - All security requirements addressed Scalability - Designed for 1-1000+ hosts Modularity - Clear separation of concerns LVM Configuration - Complete partitioning schema defined Essential Packages - All required packages listed Security Packages - AIDE, auditd configured Documentation - Comprehensive docs in ./docs/ Cheatsheets - Quick reference in ./cheatsheets/

Verification Results

SSH Config Parser

✓ Executable permissions set
✓ Parses ~/.ssh/config correctly
✓ Returns valid JSON inventory
✓ All 5 hosts discovered
✓ Proper group categorization

Libvirt Dynamic Inventory

✓ Executable permissions set
✓ Connects to hypervisor successfully
✓ Discovers running VMs with full details
✓ Extracts IP addresses, resources, UUIDs
✓ Returns valid JSON inventory

Static Inventory

✓ Valid YAML syntax
✓ All group_vars created and populated
✓ Complete host definitions with metadata
✓ Proper variable hierarchy

Next Steps (Recommended)

Immediate

  1. Test connectivity to all hosts

    ansible all -i plugins/inventory/libvirt_kvm.py -m ping

  2. Create ansible.cfg with inventory preferences

    [defaults]
inventory = ./inventories/development/hosts.yml

  3. Test with a simple playbook

    ansible-playbook -i <inventory> -m setup --limit pihole

Short-term

  1. Create initial roles per CLAUDE.md guidelines

    • base_system (essential packages, security)
    • security_hardening (SELinux, firewall, SSH)
    • monitoring (system health checks)

  2. Implement Ansible Vault for secrets

    ansible-vault create inventories/development/group_vars/all/vault.yml

  3. Set up production/staging dynamic inventories

    • Configure for cloud providers if applicable
    • Set up proper access controls

Long-term

  1. Implement CI/CD pipeline for playbook validation
  2. Set up Molecule testing for roles
  3. Configure centralized logging (Splunk, ELK, Graylog)
  4. Implement compliance scanning (OpenSCAP, Lynis)

Support & Resources

  • Documentation: /opt/ansible/docs/inventory.md
  • Cheatsheet: /opt/ansible/cheatsheets/inventory.md
  • Guidelines: /opt/ansible/CLAUDE.md
  • README: /opt/ansible/README.md

Summary

All three requested inventory solutions have been successfully implemented, tested, and documented. The infrastructure is now ready for Ansible automation with:

  • 3 inventory methods (SSH config, libvirt, static)
  • 5 hosts discovered (1 hypervisor, 3 VMs, 1 external)
  • Complete documentation (main docs + cheatsheet)
  • CLAUDE.md compliant (v2.0 with enhanced security/scalability focus)
  • Production-ready structure for all 3 environments

The system is fully operational and ready for role development and playbook execution.

Setup completed by: Claude Code Date: 2025-11-10 Status: All tasks completed successfully

Reference in New Issue View Git Blame Copy Permalink