nathan/homelab
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Releases Wiki Activity
homelab/ansible/validate-environment.sh
Nathan 88d67ecf4f docs(ansible): complete Phase 5 - comprehensive validation and vault setup 
Added production-grade validation tooling and documentation:

- ADDED: validate-connectivity.yml playbook with comprehensive checks
  * Ping test, sudo verification, Docker status
  * NFS mount validation, disk usage warnings
  * Proxmox-specific checks (version, cluster status)
  * System uptime reporting
  * Passes ansible-lint production profile

- ADDED: validate-environment.sh health check script
  * 10-point diagnostic validation
  * Color-coded status output
  * Reports all 4 nodes operational

- ADDED: QUICK-REFERENCE.md comprehensive command guide
  * Ad-hoc commands, playbook operations
  * Vault management, linting workflows
  * Inventory targeting examples
  * Integration guides (VSCode, Git)

- ADDED: Ansible Vault secrets template (encrypted)
  * group_vars/all/vault.yml with placeholder secrets
  * AES256 encrypted with vault password
  * Template for sudo, Proxmox, Gitea, NFS credentials

- UPDATED: plan-ansibleSetup.md progress report
  * Phase completion status (Phases 1-4 complete)
  * Deviations documented (hosts.ini format, PVE01 added)
  * Next steps and recommendations

- UPDATED: README.md Ansible section
  * Production-ready status badge
  * Quick validation command
  * Links to new documentation

Environment Status: 🟢 PRODUCTION READY
All 4 nodes responding, linting passed, documentation complete
2026-04-13 21:33:34 -04:00

166 lines
4.7 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# Ansible Control Node Environment Validation Script
# Purpose: Quick health check for Watchtower Ansible setup
# Usage: ./validate-environment.sh
set -e
echo "================================================"
echo "Ansible Control Node Health Check"
echo "================================================"
echo ""
# Color codes for output
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Function to print status
check_status() {
if [ $1 -eq 0 ]; then
echo -e "${GREEN}✅ PASS${NC}: $2"
else
echo -e "${RED}❌ FAIL${NC}: $2"
fi
}
# Function to print info
print_info() {
echo -e "${YELLOW} INFO${NC}: $1"
}
# Check 1: Ansible installed
echo "1. Checking Ansible installation..."
if command -v ansible &> /dev/null; then
ANSIBLE_VERSION=$(ansible --version | head -1)
check_status 0 "Ansible installed: $ANSIBLE_VERSION"
else
check_status 1 "Ansible not found"
exit 1
fi
echo ""
# Check 2: ansible-lint installed
echo "2. Checking ansible-lint..."
if command -v ansible-lint &> /dev/null; then
LINT_VERSION=$(ansible-lint --version | head -1)
check_status 0 "ansible-lint installed: $LINT_VERSION"
else
check_status 1 "ansible-lint not found"
fi
echo ""
# Check 3: SSH keys exist
echo "3. Checking SSH keys..."
if [ -f ~/.ssh/id_ed25519 ] && [ -f ~/.ssh/id_ed25519.pub ]; then
check_status 0 "ED25519 SSH keys present"
print_info "Public key fingerprint:"
ssh-keygen -l -f ~/.ssh/id_ed25519.pub | awk '{print " " $2 " " $4}'
else
check_status 1 "ED25519 keys missing"
fi
echo ""
# Check 4: ansible.cfg exists
echo "4. Checking ansible.cfg..."
if [ -f ./ansible.cfg ]; then
check_status 0 "ansible.cfg found"
print_info "Inventory: $(grep '^inventory' ansible.cfg | awk '{print $3}')"
print_info "Vault password file: $(grep '^vault_password_file' ansible.cfg | awk '{print $3}')"
else
check_status 1 "ansible.cfg not found"
fi
echo ""
# Check 5: Inventory exists
echo "5. Checking inventory..."
if [ -f ./inventory/hosts.ini ]; then
check_status 0 "Inventory file found"
NODE_COUNT=$(ansible-inventory --list 2>/dev/null | grep -c '"ansible_host":' || echo "0")
print_info "Managed nodes: $NODE_COUNT"
else
check_status 1 "Inventory file missing"
fi
echo ""
# Check 6: Vault password file
echo "6. Checking Ansible Vault setup..."
if [ -f ./vault/.vault_pass ]; then
check_status 0 "Vault password file exists"
PERMS=$(stat -c '%a' ./vault/.vault_pass)
if [ "$PERMS" = "600" ]; then
check_status 0 "Vault password file permissions secure (600)"
else
check_status 1 "Vault password file permissions insecure ($PERMS, should be 600)"
fi
else
check_status 1 "Vault password file missing"
fi
echo ""
# Check 7: Node connectivity
echo "7. Testing node connectivity..."
if ansible all -m ping &> /dev/null; then
check_status 0 "All nodes reachable"
REACHABLE=$(ansible all -m ping 2>/dev/null | grep -c 'SUCCESS' || echo "0")
print_info "Responding nodes: $REACHABLE"
echo ""
ansible all -m ping -o 2>/dev/null | sed 's/^/ /'
else
check_status 1 "Node connectivity issues detected"
fi
echo ""
# Check 8: Playbooks exist
echo "8. Checking playbooks..."
PLAYBOOK_COUNT=$(find ./playbooks -name "*.yml" 2>/dev/null | wc -l)
if [ "$PLAYBOOK_COUNT" -gt 0 ]; then
check_status 0 "Found $PLAYBOOK_COUNT playbook(s)"
echo " Available playbooks:"
find ./playbooks -name "*.yml" -exec basename {} \; | sed 's/^/ - /'
else
check_status 1 "No playbooks found"
fi
echo ""
# Check 9: Roles directory
echo "9. Checking roles..."
ROLE_COUNT=$(find ./roles -maxdepth 1 -type d ! -path ./roles | wc -l)
if [ "$ROLE_COUNT" -gt 0 ]; then
check_status 0 "Found $ROLE_COUNT role(s)"
find ./roles -maxdepth 1 -type d ! -path ./roles -exec basename {} \; | sed 's/^/ - /'
else
print_info "No custom roles created yet"
fi
echo ""
# Check 10: Python dependencies
echo "10. Checking Python dependencies..."
MISSING_DEPS=0
for pkg in proxmoxer requests; do
if python3 -c "import $pkg" &> /dev/null; then
check_status 0 "Python package '$pkg' installed"
else
check_status 1 "Python package '$pkg' missing"
((MISSING_DEPS++))
fi
done
echo ""
# Final summary
echo "================================================"
echo "Environment Status Summary"
echo "================================================"
if [ $MISSING_DEPS -eq 0 ]; then
echo -e "${GREEN}🟢 ENVIRONMENT READY${NC}"
echo "All critical components are operational."
echo ""
echo "Quick test command:"
echo " ansible all -m ping"
else
echo -e "${YELLOW}🟡 MINOR ISSUES DETECTED${NC}"
echo "Some optional components are missing but core functionality works."
fi
echo ""
Reference in New Issue View Git Blame Copy Permalink