This commit is contained in:
Mateusz Suski
+62
-26
@@ -1,34 +1,70 @@
|
||||
# infra-run
|
||||
|
||||
`infra-run` is the operational core of this repository. It groups automation, scripts, runbooks, and supporting documentation for Linux infrastructure work, incident response, and controlled change execution.
|
||||
`infra-run` is a sanitized infrastructure operations project. It contains Bash and Ansible examples based on Linux administration, incident response, storage operations, hardening, prechecks, postchecks, and controlled change workflows.
|
||||
|
||||
## Diagram
|
||||
The goal is to show operational judgment, not to ship a universal automation product.
|
||||
|
||||
```mermaid
|
||||
flowchart TD
|
||||
A["infra-run"] --> B["ansible"]
|
||||
A --> C["docs"]
|
||||
A --> D["runbooks"]
|
||||
A --> E["scripts"]
|
||||
E --> E1["bash"]
|
||||
E --> E2["python"]
|
||||
## Current Contents
|
||||
|
||||
- [scripts/bash/os-healthcheck](./scripts/bash/os-healthcheck/) - general Linux health, service, disk, network, and report scripts.
|
||||
- [scripts/bash/disk-full](./scripts/bash/disk-full/) - disk-full triage and cleanup review workflow.
|
||||
- [scripts/bash/veritas](./scripts/bash/veritas/) - Veritas VxVM/VCS storage expansion workflow examples.
|
||||
- [scripts/bash/gpfs](./scripts/bash/gpfs/) - GPFS / IBM Spectrum Scale expansion workflow examples.
|
||||
- [ansible](./ansible/) - selected baseline hardening examples for RHEL-like Linux, Debian/Ubuntu, and AIX.
|
||||
- [examples](./examples/) - sanitized sample command outputs and incident notes.
|
||||
|
||||
## What This Is
|
||||
|
||||
- A portfolio project for Linux and infrastructure operations roles.
|
||||
- A set of readable examples showing precheck, dry-run, execution guardrails, postcheck, and reporting patterns.
|
||||
- A place to demonstrate Bash, Ansible, storage workflow, and troubleshooting habits with sanitized inputs.
|
||||
|
||||
## What This Is Not
|
||||
|
||||
- Not intended for direct live use.
|
||||
- Not a complete CIS benchmark implementation.
|
||||
- Not a replacement for site-specific change procedures.
|
||||
- Not tested against live Veritas, GPFS, or AIX systems in this repository.
|
||||
- Not safe to run blindly on servers without review.
|
||||
|
||||
## Currently Usable
|
||||
|
||||
- Bash syntax can be checked locally.
|
||||
- Shell scripts can be reviewed and partially exercised on a Linux workstation when platform commands are available or mocked.
|
||||
- Disk-full read-only scripts can be run against local paths for basic behavior checks.
|
||||
- Ansible YAML and role structure can be linted locally.
|
||||
|
||||
## Lab-Safe Examples
|
||||
|
||||
- Veritas and GPFS scripts default to dry-run behavior where they plan destructive or platform-changing operations.
|
||||
- Ansible hardening roles are examples of selected controls and need adaptation before use.
|
||||
- Sample outputs under [examples](./examples/) are fake and sanitized.
|
||||
|
||||
## Tested
|
||||
|
||||
See [TESTED.md](./TESTED.md) for current validation status.
|
||||
|
||||
Short version:
|
||||
|
||||
- Shell scripts were reviewed for dry-run behavior and obvious quoting issues.
|
||||
- YAML and Ansible files are intended for local linting.
|
||||
- Veritas, GPFS, and AIX behavior was not validated against real systems here.
|
||||
|
||||
## Basic Validation
|
||||
|
||||
From the repository root:
|
||||
|
||||
```bash
|
||||
find infra-run/scripts/bash -name '*.sh' -print0 | xargs -0 shellcheck -x -P infra-run/scripts/bash/disk-full -P infra-run/scripts/bash/gpfs -P infra-run/scripts/bash/veritas
|
||||
yamllint .
|
||||
cd infra-run/ansible && ansible-lint playbooks roles
|
||||
```
|
||||
|
||||
## Scope
|
||||
If `ansible-lint` reports collection-related issues, install the collections listed in [ansible/collections/requirements.yml](./ansible/collections/requirements.yml) and rerun it. Treat lint as a starting point; platform testing still requires actual target systems.
|
||||
|
||||
- `ansible` - infrastructure automation with CIS-inspired hardening roles and playbooks.
|
||||
- `docs` - supporting technical notes and written documentation.
|
||||
- `runbooks` - procedural operational guides.
|
||||
- `scripts` - executable tooling for operations and diagnostics.
|
||||
## Supporting Notes
|
||||
|
||||
## Current Automation
|
||||
|
||||
- RHEL 9 CIS-inspired hardening role and playbook.
|
||||
- Debian 13 / Ubuntu 26.04 CIS-inspired hardening role and playbook.
|
||||
- IBM AIX 7 CIS-inspired hardening role and playbook.
|
||||
- Shared sanitized inventory defaults for Linux and AIX examples.
|
||||
|
||||
## Notes
|
||||
|
||||
- This folder reflects the structure of a production-oriented operations repository.
|
||||
- Current implementation includes Bash operational toolkits and Ansible hardening automation.
|
||||
- [SOURCE.md](./SOURCE.md) explains why this project exists and what experience shaped it.
|
||||
- [TESTED.md](./TESTED.md) lists what was checked locally and what was not.
|
||||
- [KNOWN_LIMITATIONS.md](./KNOWN_LIMITATIONS.md) documents technical limits and operational cautions.
|
||||
- [ROADMAP.md](./ROADMAP.md) tracks planned additions without presenting them as completed work.
|
||||
|
||||
Reference in New Issue
Block a user