Initial port of KNELServerBuild to FetchApply framework

- Created base FetchApply directory structure with classes, initializers, modules, roles, and variables - Ported SetupNewSystem.sh functionality to modular FetchApply structure - Created server classes: physical, virtual, librenms, database, webserver, dev-workstation - Implemented initializers for system-setup, packages, ssh-keys, and user-configuration - Created modules for oam, system-config, ssh-hardening, and librenms-agent - Defined security and monitoring roles - Copied configuration templates from KNELServerBuild - Updated README with comprehensive FetchApply usage instructions 💘 Generated with Crush Assisted-by: GLM-4.6 via Crush <crush@charm.land>
2026-01-21 11:05:17 -05:00
parent c82ab1b7db
commit 09d93e37cd
45 changed files with 928 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,165 @@
-# KNELConfigMgmt-FetchApply
+# KNEL Configuration Management - FetchApply

-KNEL Configuration Management Collection - FetchApply
+This repository contains the KNEL server configuration management system implemented with the FetchApply framework.
+
+## Overview
+
+The KNEL FetchApply system provides automated server provisioning, configuration, and security hardening for Linux servers. It uses the FetchApply framework to apply configurations based on server classes and hostnames.
+
+## Repository Structure
+
+```
+.
+├── classes/          # Server classifications
+│   ├── physical/     # Physical Dell servers
+│   ├── virtual/      # Virtual machines
+│   ├── librenms/     # LibreNMS monitoring servers
+│   ├── database/     # Database servers
+│   ├── webserver/    # Web servers
+│   └── dev-workstation/ # Development workstations
+├── initializers/     # One-time setup scripts
+├── modules/          # Recurring maintenance modules
+├── roles/           # Groups of related modules
+└── variables         # Global configuration variables
+```
+
+## Installation
+
+### Prerequisites
+
+- Linux server (Ubuntu 18.04+ or Debian 10+ recommended)
+- Root or sudo access
+- Internet connectivity for package downloads
+
+### Install FetchApply
+
+First, install FetchApply on your system:
+
+```bash
+curl https://source.priveasy.org/Priveasy/fetch-apply/raw/branch/main/install -o /tmp/install
+sudo bash /tmp/install --operations-repository-url=https://git.knownelement.com/KNEL/KNELConfigMgmt-FetchApply.git
+```
+
+### Usage
+
+Once installed, FetchApply will automatically:
+
+1. Detect the server type based on hostname and hardware characteristics
+2. Apply the appropriate configuration modules and initializers
+3. Maintain the system configuration with regular runs
+
+You can also run FetchApply manually:
+
+```bash
+sudo fa
+```
+
+## Server Classes
+
+Servers are automatically classified based on their characteristics:
+
+### Physical Servers (`physical`)
+
+**Criteria:** Dell physical hardware detected via dmidecode
+
+**Applied Modules:**
+- System setup and package installation
+- SSH hardening
+- Security hardening
+- OAM monitoring
+
+### Virtual Machines (`virtual`)
+
+**Criteria:** KVM/Hyper-V guests detected via virt-what
+
+**Applied Modules:**
+- System setup and package installation
+- SSH hardening
+- Security hardening (virtual-optimized)
+- OAM monitoring
+
+### LibreNMS Servers (`librenms`)
+
+**Criteria:** Hostname contains "tsys-librenms"
+
+**Applied Modules:**
+- Standard server configuration
+- LibreNMS monitoring setup
+- Security hardening
+
+### Development Workstations (`dev-workstation`)
+
+**Criteria:** Hostname matches "subopi-dev" or "CharlesDevServer"
+
+**Applied Modules:**
+- Development tools and packages
+- Less restrictive SSH configuration
+- Security monitoring
+
+## Security Features
+
+The system includes comprehensive security hardening:
+
+- SSH key-based authentication only
+- 2FA support via Google Authenticator
+- Wazuh security monitoring
+- SCAP/STIG compliance hardening
+- Automated security updates
+
+## Monitoring and Management
+
+- LibreNMS network monitoring integration
+- Cockpit web-based management interface
+- Comprehensive logging and audit trails
+- SNMP monitoring configuration
+- Performance monitoring tools
+
+## Configuration Templates
+
+Configuration files are managed using mustache templates (via `mo`) to allow for:
+- Environment-specific customizations
+- Dynamic variable substitution
+- Class-based configuration variations
+
+## Maintenance
+
+The system is designed to be idempotent and can be safely re-run to:
+- Restore configuration drift
+- Apply security updates
+- Add new servers to the fleet
+- Standardize configurations across environments
+
+## Troubleshooting
+
+For detailed status information:
+
+```bash
+sudo fa status
+```
+
+To run specific modules:
+
+```bash
+sudo fa run <module-name>
+```
+
+To pause automatic runs during maintenance:
+
+```bash
+sudo fa pause
+```
+
+To resume automatic runs:
+
+```bash
+sudo fa resume
+```
+
+## Repository Information
+
+**Issues:** https://projects.knownelement.com/project/reachableceo-vptechnicaloperations/timeline  
+**Discussion:** https://community.turnsys.com/c/chieftechnologyandproductofficer/26
+
+## License
+
+This project is licensed under the terms specified in the LICENSE file.