dlx-ansible

Commit Graph

Author	SHA1	Message	Date
directlx	015c708644	Add PostgreSQL user management playbook and documentation Created reusable Ansible playbook for creating PostgreSQL users with flexible privilege options (superuser, createdb, createrole). Features include auto-generated secure passwords, credential file export, and comprehensive documentation with examples. Files added: - playbooks/create-postgres-user.yml - Automated user creation - docs/POSTGRES-USER-MANAGEMENT.md - Usage guide and examples Initial use case: Created hiveops superuser for HiveOps application. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-14 07:44:35 -05:00
directlx	538feb79c2	Add comprehensive security audit and Jenkins connectivity fixes Security Audit Infrastructure: - Add security-audit.yml and security-audit-v2.yml playbooks - Comprehensive security checks: SSH config, firewall, open ports, failed logins, auto-updates, password policies - Generate per-server reports in /tmp/security-audit-*/ - Add SECURITY-AUDIT-SUMMARY.md with prioritized findings Docker Server Security (Ready for Execution): - Add secure-docker-server-firewall.yml playbook - Three firewall modes: internal (recommended), selective, custom - Add DOCKER-SERVER-SECURITY.md execution guide - Security updates applied (107 packages upgraded) - Firewall configuration saved for future execution Jenkins Connectivity Fixes: - Fixed Jenkins and SonarQube port blocking (opened 8080, 9000) - Created jenkins host_vars with firewall configuration - Restarted SonarQube containers (postgresql, sonarqube) - Add JENKINS-CONNECTIVITY-FIX.md documentation Jenkins SSH Agent Configuration: - Add setup-jenkins-agent-ssh.yml for SSH key generation - Enable password authentication for AWS Jenkins Master - Created jenkins user SSH key pair - Add comprehensive troubleshooting guide NPM SSH Proxy Setup: - Configure NPM as SSH proxy for Jenkins agents (port 2222) - Update npm.yml host_vars with port 2222 - Add configure-npm-ssh-proxy.yml playbook - Create nginx stream config at /data/nginx/stream/jenkins.conf - Add NPM-SSH-PROXY-FOR-JENKINS.md full documentation - Add JENKINS-NPM-PROXY-QUICK-REFERENCE.md quick guide DNS Configuration: - Add jenkins.directlx.dev to Pi-hole DNS - Points to NPM server (192.168.200.71) for internal resolution Key Security Findings: - 16 servers audited - Critical: Root SSH login enabled on 2 servers - Critical: No firewall on several servers - High: 65 pending security updates on docker server (now applied) - High: Automatic updates not configured on most servers Documentation: - SECURITY-AUDIT-SUMMARY.md: Executive summary and remediation plan - DOCKER-SERVER-SECURITY.md: Docker server security guide - JENKINS-CONNECTIVITY-FIX.md: Jenkins firewall fix documentation - JENKINS-SSH-AGENT-TROUBLESHOOTING.md: SSH troubleshooting guide - NPM-SSH-PROXY-FOR-JENKINS.md: NPM proxy configuration - JENKINS-NPM-PROXY-QUICK-REFERENCE.md: Quick reference guide Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-09 13:27:36 -05:00
directlx	90ed5c1edb	Add storage remediation playbooks and comprehensive audit documentation This commit introduces a complete storage remediation solution for critical Proxmox cluster issues: Playbooks (4 new): - remediate-storage-critical-issues.yml: Log cleanup, Docker prune, audits - remediate-docker-storage.yml: Deep Docker cleanup with automation - remediate-stopped-containers.yml: Safe container removal with backups - configure-storage-monitoring.yml: Proactive monitoring and alerting Critical Issues Addressed: - proxmox-00 root FS: 84.5% → <70% (frees 10-15 GB) - proxmox-01 dlx-docker: 81.1% → <75% (frees 50-150 GB) - Unused containers: 1.2 TB allocated → removable - Storage gaps: Automated monitoring with 75/85/95% thresholds Documentation (3 new): - STORAGE-AUDIT.md: Comprehensive capacity analysis and hardware inventory - STORAGE-REMEDIATION-GUIDE.md: Step-by-step execution with timeline - REMEDIATION-SUMMARY.md: Quick reference for playbooks and results Features: ✓ Dry-run modes for safety ✓ Configuration backups before removal ✓ Automated weekly maintenance scheduled ✓ Continuous monitoring with syslog integration ✓ Prometheus metrics export ready ✓ Complete troubleshooting guide Expected Results: - Total space freed: 1-2 TB - Automated cleanup prevents regrowth - Real-time capacity alerts - Monthly audit cycles Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>	2026-02-08 13:22:53 -05:00

Author

SHA1

Message

Date

directlx

015c708644

Add PostgreSQL user management playbook and documentation

Created reusable Ansible playbook for creating PostgreSQL users with
flexible privilege options (superuser, createdb, createrole). Features
include auto-generated secure passwords, credential file export, and
comprehensive documentation with examples.

Files added:
- playbooks/create-postgres-user.yml - Automated user creation
- docs/POSTGRES-USER-MANAGEMENT.md - Usage guide and examples

Initial use case: Created hiveops superuser for HiveOps application.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-14 07:44:35 -05:00

directlx

538feb79c2

Add comprehensive security audit and Jenkins connectivity fixes

Security Audit Infrastructure:
- Add security-audit.yml and security-audit-v2.yml playbooks
- Comprehensive security checks: SSH config, firewall, open ports,
  failed logins, auto-updates, password policies
- Generate per-server reports in /tmp/security-audit-*/
- Add SECURITY-AUDIT-SUMMARY.md with prioritized findings

Docker Server Security (Ready for Execution):
- Add secure-docker-server-firewall.yml playbook
- Three firewall modes: internal (recommended), selective, custom
- Add DOCKER-SERVER-SECURITY.md execution guide
- Security updates applied (107 packages upgraded)
- Firewall configuration saved for future execution

Jenkins Connectivity Fixes:
- Fixed Jenkins and SonarQube port blocking (opened 8080, 9000)
- Created jenkins host_vars with firewall configuration
- Restarted SonarQube containers (postgresql, sonarqube)
- Add JENKINS-CONNECTIVITY-FIX.md documentation

Jenkins SSH Agent Configuration:
- Add setup-jenkins-agent-ssh.yml for SSH key generation
- Enable password authentication for AWS Jenkins Master
- Created jenkins user SSH key pair
- Add comprehensive troubleshooting guide

NPM SSH Proxy Setup:
- Configure NPM as SSH proxy for Jenkins agents (port 2222)
- Update npm.yml host_vars with port 2222
- Add configure-npm-ssh-proxy.yml playbook
- Create nginx stream config at /data/nginx/stream/jenkins.conf
- Add NPM-SSH-PROXY-FOR-JENKINS.md full documentation
- Add JENKINS-NPM-PROXY-QUICK-REFERENCE.md quick guide

DNS Configuration:
- Add jenkins.directlx.dev to Pi-hole DNS
- Points to NPM server (192.168.200.71) for internal resolution

Key Security Findings:
- 16 servers audited
- Critical: Root SSH login enabled on 2 servers
- Critical: No firewall on several servers
- High: 65 pending security updates on docker server (now applied)
- High: Automatic updates not configured on most servers

Documentation:
- SECURITY-AUDIT-SUMMARY.md: Executive summary and remediation plan
- DOCKER-SERVER-SECURITY.md: Docker server security guide
- JENKINS-CONNECTIVITY-FIX.md: Jenkins firewall fix documentation
- JENKINS-SSH-AGENT-TROUBLESHOOTING.md: SSH troubleshooting guide
- NPM-SSH-PROXY-FOR-JENKINS.md: NPM proxy configuration
- JENKINS-NPM-PROXY-QUICK-REFERENCE.md: Quick reference guide

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-09 13:27:36 -05:00

directlx

90ed5c1edb

Add storage remediation playbooks and comprehensive audit documentation

This commit introduces a complete storage remediation solution for critical
Proxmox cluster issues:

Playbooks (4 new):
- remediate-storage-critical-issues.yml: Log cleanup, Docker prune, audits
- remediate-docker-storage.yml: Deep Docker cleanup with automation
- remediate-stopped-containers.yml: Safe container removal with backups
- configure-storage-monitoring.yml: Proactive monitoring and alerting

Critical Issues Addressed:
- proxmox-00 root FS: 84.5% → <70% (frees 10-15 GB)
- proxmox-01 dlx-docker: 81.1% → <75% (frees 50-150 GB)
- Unused containers: 1.2 TB allocated → removable
- Storage gaps: Automated monitoring with 75/85/95% thresholds

Documentation (3 new):
- STORAGE-AUDIT.md: Comprehensive capacity analysis and hardware inventory
- STORAGE-REMEDIATION-GUIDE.md: Step-by-step execution with timeline
- REMEDIATION-SUMMARY.md: Quick reference for playbooks and results

Features:
✓ Dry-run modes for safety
✓ Configuration backups before removal
✓ Automated weekly maintenance scheduled
✓ Continuous monitoring with syslog integration
✓ Prometheus metrics export ready
✓ Complete troubleshooting guide

Expected Results:
- Total space freed: 1-2 TB
- Automated cleanup prevents regrowth
- Real-time capacity alerts
- Monthly audit cycles

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

2026-02-08 13:22:53 -05:00

3 Commits