infra-automation/inventories/production/README.md

# Production Inventory

This directory contains dynamic inventory configurations for the production environment.

## Available Inventory Sources

### 1. Libvirt/KVM Dynamic Inventory (Active)

**File**: `libvirt_kvm.yml`

Uses custom libvirt plugin to discover VMs on production hypervisors.

```bash
# List all production hosts
ansible-inventory -i inventories/production/libvirt_kvm.yml --list

# Test connectivity
ansible all -i inventories/production/libvirt_kvm.yml -m ping
```

### 2. NetBox CMDB (Example Configuration)

**File**: `netbox.yml.example`

For NetBox-based infrastructure management:

1. Rename `netbox.yml.example` to `netbox.yml`
2. Configure NetBox API endpoint and token
3. Install required collection:
   ```bash
   ansible-galaxy collection install netbox.netbox
   ```

### 3. AWS EC2 (Example Configuration)

**File**: `aws_ec2.yml.example`

For AWS cloud infrastructure:

1. Rename `aws_ec2.yml.example` to `aws_ec2.yml`
2. Configure AWS regions and filters
3. Install required collection:
   ```bash
   ansible-galaxy collection install amazon.aws
   pip3 install boto3 botocore
   ```

## Configuration

### Group Variables

Add production-specific variables in:
- `group_vars/all.yml` - Global production settings
- `group_vars/all/vault.yml` - Encrypted secrets
- `group_vars/webservers.yml` - Web server group settings
- `group_vars/databases.yml` - Database group settings

### Host Variables

Add host-specific variables in:
- `host_vars/<hostname>.yml`

## Security

- All secrets must be encrypted using Ansible Vault
- Never commit plaintext credentials
- Use environment variables or external secret managers when possible
- Rotate credentials every 90 days

## Usage Examples

```bash
# Run against all production hosts
ansible-playbook -i inventories/production site.yml

# Run against specific group
ansible-playbook -i inventories/production site.yml --limit webservers

# Check mode (dry-run)
ansible-playbook -i inventories/production site.yml --check

# With specific tags
ansible-playbook -i inventories/production site.yml --tags security
```

## Validation

```bash
# Validate inventory syntax
ansible-inventory -i inventories/production --list

# Check specific host
ansible-inventory -i inventories/production --host hostname

# Graph inventory structure
ansible-inventory -i inventories/production --graph
```