directlx
/
dlx-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
21 Commits 1 Branch 0 Tags 168 KiB
Commit Graph

10 Commits

Author SHA1 Message Date
directlx 015c708644 Add PostgreSQL user management playbook and documentation 
Created reusable Ansible playbook for creating PostgreSQL users with
flexible privilege options (superuser, createdb, createrole). Features
include auto-generated secure passwords, credential file export, and
comprehensive documentation with examples.

Files added:
- playbooks/create-postgres-user.yml - Automated user creation
- docs/POSTGRES-USER-MANAGEMENT.md - Usage guide and examples

Initial use case: Created hiveops superuser for HiveOps application.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-14 07:44:35 -05:00
directlx 538feb79c2 Add comprehensive security audit and Jenkins connectivity fixes 
Security Audit Infrastructure:
- Add security-audit.yml and security-audit-v2.yml playbooks
- Comprehensive security checks: SSH config, firewall, open ports,
  failed logins, auto-updates, password policies
- Generate per-server reports in /tmp/security-audit-*/
- Add SECURITY-AUDIT-SUMMARY.md with prioritized findings

Docker Server Security (Ready for Execution):
- Add secure-docker-server-firewall.yml playbook
- Three firewall modes: internal (recommended), selective, custom
- Add DOCKER-SERVER-SECURITY.md execution guide
- Security updates applied (107 packages upgraded)
- Firewall configuration saved for future execution

Jenkins Connectivity Fixes:
- Fixed Jenkins and SonarQube port blocking (opened 8080, 9000)
- Created jenkins host_vars with firewall configuration
- Restarted SonarQube containers (postgresql, sonarqube)
- Add JENKINS-CONNECTIVITY-FIX.md documentation

Jenkins SSH Agent Configuration:
- Add setup-jenkins-agent-ssh.yml for SSH key generation
- Enable password authentication for AWS Jenkins Master
- Created jenkins user SSH key pair
- Add comprehensive troubleshooting guide

NPM SSH Proxy Setup:
- Configure NPM as SSH proxy for Jenkins agents (port 2222)
- Update npm.yml host_vars with port 2222
- Add configure-npm-ssh-proxy.yml playbook
- Create nginx stream config at /data/nginx/stream/jenkins.conf
- Add NPM-SSH-PROXY-FOR-JENKINS.md full documentation
- Add JENKINS-NPM-PROXY-QUICK-REFERENCE.md quick guide

DNS Configuration:
- Add jenkins.directlx.dev to Pi-hole DNS
- Points to NPM server (192.168.200.71) for internal resolution

Key Security Findings:
- 16 servers audited
- Critical: Root SSH login enabled on 2 servers
- Critical: No firewall on several servers
- High: 65 pending security updates on docker server (now applied)
- High: Automatic updates not configured on most servers

Documentation:
- SECURITY-AUDIT-SUMMARY.md: Executive summary and remediation plan
- DOCKER-SERVER-SECURITY.md: Docker server security guide
- JENKINS-CONNECTIVITY-FIX.md: Jenkins firewall fix documentation
- JENKINS-SSH-AGENT-TROUBLESHOOTING.md: SSH troubleshooting guide
- NPM-SSH-PROXY-FOR-JENKINS.md: NPM proxy configuration
- JENKINS-NPM-PROXY-QUICK-REFERENCE.md: Quick reference guide

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-09 13:27:36 -05:00
directlx 3194eba094 Fix journalctl command syntax in remediation playbook 
Changed from invalid '--vacuum=time:30d' to correct '--vacuum-time=30d'
This command now properly compresses and removes old journal logs.

Test result: Freed 1.9GB on proxmox-00

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-02-09 07:54:26 -05:00
directlx 520b8d08c3 Fix YAML syntax errors in remediation playbooks 
Remove document separators (---) between plays in multi-play playbooks.
Ansible expects multiple plays to be in a single YAML document, not
separated by document delimiters.

Fixed files:
- remediate-storage-critical-issues.yml
- remediate-docker-storage.yml
- remediate-stopped-containers.yml
- configure-storage-monitoring.yml

All playbooks now pass ansible-playbook --syntax-check validation.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-02-09 07:49:53 -05:00
directlx 90ed5c1edb Add storage remediation playbooks and comprehensive audit documentation 
This commit introduces a complete storage remediation solution for critical
Proxmox cluster issues:

Playbooks (4 new):
- remediate-storage-critical-issues.yml: Log cleanup, Docker prune, audits
- remediate-docker-storage.yml: Deep Docker cleanup with automation
- remediate-stopped-containers.yml: Safe container removal with backups
- configure-storage-monitoring.yml: Proactive monitoring and alerting

Critical Issues Addressed:
- proxmox-00 root FS: 84.5% → <70% (frees 10-15 GB)
- proxmox-01 dlx-docker: 81.1% → <75% (frees 50-150 GB)
- Unused containers: 1.2 TB allocated → removable
- Storage gaps: Automated monitoring with 75/85/95% thresholds

Documentation (3 new):
- STORAGE-AUDIT.md: Comprehensive capacity analysis and hardware inventory
- STORAGE-REMEDIATION-GUIDE.md: Step-by-step execution with timeline
- REMEDIATION-SUMMARY.md: Quick reference for playbooks and results

Features:
✓ Dry-run modes for safety
✓ Configuration backups before removal
✓ Automated weekly maintenance scheduled
✓ Continuous monitoring with syslog integration
✓ Prometheus metrics export ready
✓ Complete troubleshooting guide

Expected Results:
- Total space freed: 1-2 TB
- Automated cleanup prevents regrowth
- Real-time capacity alerts
- Monthly audit cycles

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-02-08 13:22:53 -05:00
directlx de76f5c6a8 Update Pi-hole DNS playbook for v6 
Pi-hole v6 uses pihole.toml hosts array instead of custom.list.
Updated playbook to modify toml config directly via Python script.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 09:56:31 -05:00
directlx c4bdaa0e57 Add Pi-hole DNS management playbook 
- playbooks/pihole-dns.yml: Configure local DNS records
- templates/pihole-custom-list.j2: DNS records template

Domain: lab.directlx.dev
Records for all infrastructure hosts with short and FQDN names.

Usage: ansible-playbook playbooks/pihole-dns.yml

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 09:01:35 -05:00
directlx 94be59bb26 Add common role, scripts, and documentation 
- ansible.cfg: Set remote_user to dlxadmin
- inventory: Add infrastructure, application hosts with IPs
- group_vars/all.yml: Set ansible_user to dlxadmin
- playbooks/site.yml: Enable common role
- roles/common: Baseline configuration role
  - Package installation (Debian/RedHat/Arch)
  - Timezone and locale setup
  - User management with SSH keys
  - SSH hardening
  - UFW firewall and security settings
- scripts/create-user.sh: Create ansible user on servers
- USAGE.md: Project usage documentation
- HOSTS.md: Infrastructure host inventory

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 08:33:36 -05:00
directlx 35d6965fab Add connectivity test playbook 
Tests SSH connectivity and displays basic host info (OS, version).

Usage: ansible-playbook playbooks/ping.yml

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 06:56:58 -05:00
directlx c781ec25a2 Initial Ansible project structure 
Set up standard directory layout with:
- ansible.cfg with sensible defaults
- YAML inventory with example groups
- Main site playbook template
- Directories for roles, group_vars, host_vars, files, templates
- .gitignore for secrets, vault files, and SSH keys

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 06:37:33 -05:00