dlx-ansible

Commit Graph

Author	SHA1	Message	Date
directlx	538feb79c2	Add comprehensive security audit and Jenkins connectivity fixes Security Audit Infrastructure: - Add security-audit.yml and security-audit-v2.yml playbooks - Comprehensive security checks: SSH config, firewall, open ports, failed logins, auto-updates, password policies - Generate per-server reports in /tmp/security-audit-*/ - Add SECURITY-AUDIT-SUMMARY.md with prioritized findings Docker Server Security (Ready for Execution): - Add secure-docker-server-firewall.yml playbook - Three firewall modes: internal (recommended), selective, custom - Add DOCKER-SERVER-SECURITY.md execution guide - Security updates applied (107 packages upgraded) - Firewall configuration saved for future execution Jenkins Connectivity Fixes: - Fixed Jenkins and SonarQube port blocking (opened 8080, 9000) - Created jenkins host_vars with firewall configuration - Restarted SonarQube containers (postgresql, sonarqube) - Add JENKINS-CONNECTIVITY-FIX.md documentation Jenkins SSH Agent Configuration: - Add setup-jenkins-agent-ssh.yml for SSH key generation - Enable password authentication for AWS Jenkins Master - Created jenkins user SSH key pair - Add comprehensive troubleshooting guide NPM SSH Proxy Setup: - Configure NPM as SSH proxy for Jenkins agents (port 2222) - Update npm.yml host_vars with port 2222 - Add configure-npm-ssh-proxy.yml playbook - Create nginx stream config at /data/nginx/stream/jenkins.conf - Add NPM-SSH-PROXY-FOR-JENKINS.md full documentation - Add JENKINS-NPM-PROXY-QUICK-REFERENCE.md quick guide DNS Configuration: - Add jenkins.directlx.dev to Pi-hole DNS - Points to NPM server (192.168.200.71) for internal resolution Key Security Findings: - 16 servers audited - Critical: Root SSH login enabled on 2 servers - Critical: No firewall on several servers - High: 65 pending security updates on docker server (now applied) - High: Automatic updates not configured on most servers Documentation: - SECURITY-AUDIT-SUMMARY.md: Executive summary and remediation plan - DOCKER-SERVER-SECURITY.md: Docker server security guide - JENKINS-CONNECTIVITY-FIX.md: Jenkins firewall fix documentation - JENKINS-SSH-AGENT-TROUBLESHOOTING.md: SSH troubleshooting guide - NPM-SSH-PROXY-FOR-JENKINS.md: NPM proxy configuration - JENKINS-NPM-PROXY-QUICK-REFERENCE.md: Quick reference guide Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-09 13:27:36 -05:00
directlx	90ed5c1edb	Add storage remediation playbooks and comprehensive audit documentation This commit introduces a complete storage remediation solution for critical Proxmox cluster issues: Playbooks (4 new): - remediate-storage-critical-issues.yml: Log cleanup, Docker prune, audits - remediate-docker-storage.yml: Deep Docker cleanup with automation - remediate-stopped-containers.yml: Safe container removal with backups - configure-storage-monitoring.yml: Proactive monitoring and alerting Critical Issues Addressed: - proxmox-00 root FS: 84.5% → <70% (frees 10-15 GB) - proxmox-01 dlx-docker: 81.1% → <75% (frees 50-150 GB) - Unused containers: 1.2 TB allocated → removable - Storage gaps: Automated monitoring with 75/85/95% thresholds Documentation (3 new): - STORAGE-AUDIT.md: Comprehensive capacity analysis and hardware inventory - STORAGE-REMEDIATION-GUIDE.md: Step-by-step execution with timeline - REMEDIATION-SUMMARY.md: Quick reference for playbooks and results Features: ✓ Dry-run modes for safety ✓ Configuration backups before removal ✓ Automated weekly maintenance scheduled ✓ Continuous monitoring with syslog integration ✓ Prometheus metrics export ready ✓ Complete troubleshooting guide Expected Results: - Total space freed: 1-2 TB - Automated cleanup prevents regrowth - Real-time capacity alerts - Monthly audit cycles Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>	2026-02-08 13:22:53 -05:00

Author

SHA1

Message

Date

directlx

538feb79c2

Add comprehensive security audit and Jenkins connectivity fixes

Security Audit Infrastructure:
- Add security-audit.yml and security-audit-v2.yml playbooks
- Comprehensive security checks: SSH config, firewall, open ports,
  failed logins, auto-updates, password policies
- Generate per-server reports in /tmp/security-audit-*/
- Add SECURITY-AUDIT-SUMMARY.md with prioritized findings

Docker Server Security (Ready for Execution):
- Add secure-docker-server-firewall.yml playbook
- Three firewall modes: internal (recommended), selective, custom
- Add DOCKER-SERVER-SECURITY.md execution guide
- Security updates applied (107 packages upgraded)
- Firewall configuration saved for future execution

Jenkins Connectivity Fixes:
- Fixed Jenkins and SonarQube port blocking (opened 8080, 9000)
- Created jenkins host_vars with firewall configuration
- Restarted SonarQube containers (postgresql, sonarqube)
- Add JENKINS-CONNECTIVITY-FIX.md documentation

Jenkins SSH Agent Configuration:
- Add setup-jenkins-agent-ssh.yml for SSH key generation
- Enable password authentication for AWS Jenkins Master
- Created jenkins user SSH key pair
- Add comprehensive troubleshooting guide

NPM SSH Proxy Setup:
- Configure NPM as SSH proxy for Jenkins agents (port 2222)
- Update npm.yml host_vars with port 2222
- Add configure-npm-ssh-proxy.yml playbook
- Create nginx stream config at /data/nginx/stream/jenkins.conf
- Add NPM-SSH-PROXY-FOR-JENKINS.md full documentation
- Add JENKINS-NPM-PROXY-QUICK-REFERENCE.md quick guide

DNS Configuration:
- Add jenkins.directlx.dev to Pi-hole DNS
- Points to NPM server (192.168.200.71) for internal resolution

Key Security Findings:
- 16 servers audited
- Critical: Root SSH login enabled on 2 servers
- Critical: No firewall on several servers
- High: 65 pending security updates on docker server (now applied)
- High: Automatic updates not configured on most servers

Documentation:
- SECURITY-AUDIT-SUMMARY.md: Executive summary and remediation plan
- DOCKER-SERVER-SECURITY.md: Docker server security guide
- JENKINS-CONNECTIVITY-FIX.md: Jenkins firewall fix documentation
- JENKINS-SSH-AGENT-TROUBLESHOOTING.md: SSH troubleshooting guide
- NPM-SSH-PROXY-FOR-JENKINS.md: NPM proxy configuration
- JENKINS-NPM-PROXY-QUICK-REFERENCE.md: Quick reference guide

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-09 13:27:36 -05:00

directlx

90ed5c1edb

Add storage remediation playbooks and comprehensive audit documentation

This commit introduces a complete storage remediation solution for critical
Proxmox cluster issues:

Playbooks (4 new):
- remediate-storage-critical-issues.yml: Log cleanup, Docker prune, audits
- remediate-docker-storage.yml: Deep Docker cleanup with automation
- remediate-stopped-containers.yml: Safe container removal with backups
- configure-storage-monitoring.yml: Proactive monitoring and alerting

Critical Issues Addressed:
- proxmox-00 root FS: 84.5% → <70% (frees 10-15 GB)
- proxmox-01 dlx-docker: 81.1% → <75% (frees 50-150 GB)
- Unused containers: 1.2 TB allocated → removable
- Storage gaps: Automated monitoring with 75/85/95% thresholds

Documentation (3 new):
- STORAGE-AUDIT.md: Comprehensive capacity analysis and hardware inventory
- STORAGE-REMEDIATION-GUIDE.md: Step-by-step execution with timeline
- REMEDIATION-SUMMARY.md: Quick reference for playbooks and results

Features:
✓ Dry-run modes for safety
✓ Configuration backups before removal
✓ Automated weekly maintenance scheduled
✓ Continuous monitoring with syslog integration
✓ Prometheus metrics export ready
✓ Complete troubleshooting guide

Expected Results:
- Total space freed: 1-2 TB
- Automated cleanup prevents regrowth
- Real-time capacity alerts
- Monthly audit cycles

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

2026-02-08 13:22:53 -05:00

2 Commits