directlx
/
dlx-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
20 Commits 1 Branch 0 Tags 168 KiB
Commit Graph

9 Commits

Author SHA1 Message Date
directlx 538feb79c2 Add comprehensive security audit and Jenkins connectivity fixes 
Security Audit Infrastructure:
- Add security-audit.yml and security-audit-v2.yml playbooks
- Comprehensive security checks: SSH config, firewall, open ports,
  failed logins, auto-updates, password policies
- Generate per-server reports in /tmp/security-audit-*/
- Add SECURITY-AUDIT-SUMMARY.md with prioritized findings

Docker Server Security (Ready for Execution):
- Add secure-docker-server-firewall.yml playbook
- Three firewall modes: internal (recommended), selective, custom
- Add DOCKER-SERVER-SECURITY.md execution guide
- Security updates applied (107 packages upgraded)
- Firewall configuration saved for future execution

Jenkins Connectivity Fixes:
- Fixed Jenkins and SonarQube port blocking (opened 8080, 9000)
- Created jenkins host_vars with firewall configuration
- Restarted SonarQube containers (postgresql, sonarqube)
- Add JENKINS-CONNECTIVITY-FIX.md documentation

Jenkins SSH Agent Configuration:
- Add setup-jenkins-agent-ssh.yml for SSH key generation
- Enable password authentication for AWS Jenkins Master
- Created jenkins user SSH key pair
- Add comprehensive troubleshooting guide

NPM SSH Proxy Setup:
- Configure NPM as SSH proxy for Jenkins agents (port 2222)
- Update npm.yml host_vars with port 2222
- Add configure-npm-ssh-proxy.yml playbook
- Create nginx stream config at /data/nginx/stream/jenkins.conf
- Add NPM-SSH-PROXY-FOR-JENKINS.md full documentation
- Add JENKINS-NPM-PROXY-QUICK-REFERENCE.md quick guide

DNS Configuration:
- Add jenkins.directlx.dev to Pi-hole DNS
- Points to NPM server (192.168.200.71) for internal resolution

Key Security Findings:
- 16 servers audited
- Critical: Root SSH login enabled on 2 servers
- Critical: No firewall on several servers
- High: 65 pending security updates on docker server (now applied)
- High: Automatic updates not configured on most servers

Documentation:
- SECURITY-AUDIT-SUMMARY.md: Executive summary and remediation plan
- DOCKER-SERVER-SECURITY.md: Docker server security guide
- JENKINS-CONNECTIVITY-FIX.md: Jenkins firewall fix documentation
- JENKINS-SSH-AGENT-TROUBLESHOOTING.md: SSH troubleshooting guide
- NPM-SSH-PROXY-FOR-JENKINS.md: NPM proxy configuration
- JENKINS-NPM-PROXY-QUICK-REFERENCE.md: Quick reference guide

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-09 13:27:36 -05:00
directlx 3194eba094 Fix journalctl command syntax in remediation playbook 
Changed from invalid '--vacuum=time:30d' to correct '--vacuum-time=30d'
This command now properly compresses and removes old journal logs.

Test result: Freed 1.9GB on proxmox-00

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-02-09 07:54:26 -05:00
directlx 520b8d08c3 Fix YAML syntax errors in remediation playbooks 
Remove document separators (---) between plays in multi-play playbooks.
Ansible expects multiple plays to be in a single YAML document, not
separated by document delimiters.

Fixed files:
- remediate-storage-critical-issues.yml
- remediate-docker-storage.yml
- remediate-stopped-containers.yml
- configure-storage-monitoring.yml

All playbooks now pass ansible-playbook --syntax-check validation.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-02-09 07:49:53 -05:00
directlx 90ed5c1edb Add storage remediation playbooks and comprehensive audit documentation 
This commit introduces a complete storage remediation solution for critical
Proxmox cluster issues:

Playbooks (4 new):
- remediate-storage-critical-issues.yml: Log cleanup, Docker prune, audits
- remediate-docker-storage.yml: Deep Docker cleanup with automation
- remediate-stopped-containers.yml: Safe container removal with backups
- configure-storage-monitoring.yml: Proactive monitoring and alerting

Critical Issues Addressed:
- proxmox-00 root FS: 84.5% → <70% (frees 10-15 GB)
- proxmox-01 dlx-docker: 81.1% → <75% (frees 50-150 GB)
- Unused containers: 1.2 TB allocated → removable
- Storage gaps: Automated monitoring with 75/85/95% thresholds

Documentation (3 new):
- STORAGE-AUDIT.md: Comprehensive capacity analysis and hardware inventory
- STORAGE-REMEDIATION-GUIDE.md: Step-by-step execution with timeline
- REMEDIATION-SUMMARY.md: Quick reference for playbooks and results

Features:
✓ Dry-run modes for safety
✓ Configuration backups before removal
✓ Automated weekly maintenance scheduled
✓ Continuous monitoring with syslog integration
✓ Prometheus metrics export ready
✓ Complete troubleshooting guide

Expected Results:
- Total space freed: 1-2 TB
- Automated cleanup prevents regrowth
- Real-time capacity alerts
- Monthly audit cycles

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-02-08 13:22:53 -05:00
directlx de76f5c6a8 Update Pi-hole DNS playbook for v6 
Pi-hole v6 uses pihole.toml hosts array instead of custom.list.
Updated playbook to modify toml config directly via Python script.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 09:56:31 -05:00
directlx c4bdaa0e57 Add Pi-hole DNS management playbook 
- playbooks/pihole-dns.yml: Configure local DNS records
- templates/pihole-custom-list.j2: DNS records template

Domain: lab.directlx.dev
Records for all infrastructure hosts with short and FQDN names.

Usage: ansible-playbook playbooks/pihole-dns.yml

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 09:01:35 -05:00
directlx 94be59bb26 Add common role, scripts, and documentation 
- ansible.cfg: Set remote_user to dlxadmin
- inventory: Add infrastructure, application hosts with IPs
- group_vars/all.yml: Set ansible_user to dlxadmin
- playbooks/site.yml: Enable common role
- roles/common: Baseline configuration role
  - Package installation (Debian/RedHat/Arch)
  - Timezone and locale setup
  - User management with SSH keys
  - SSH hardening
  - UFW firewall and security settings
- scripts/create-user.sh: Create ansible user on servers
- USAGE.md: Project usage documentation
- HOSTS.md: Infrastructure host inventory

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 08:33:36 -05:00
directlx 35d6965fab Add connectivity test playbook 
Tests SSH connectivity and displays basic host info (OS, version).

Usage: ansible-playbook playbooks/ping.yml

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 06:56:58 -05:00
directlx c781ec25a2 Initial Ansible project structure 
Set up standard directory layout with:
- ansible.cfg with sensible defaults
- YAML inventory with example groups
- Main site playbook template
- Directories for roles, group_vars, host_vars, files, templates
- .gitignore for secrets, vault files, and SSH keys

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 06:37:33 -05:00