KNEL/KNELConfigMgmt-FetchApply
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
0a7efe5303133bcf9dd6486531ff53dcbb8376c7
KNELConfigMgmt-FetchApply/README.md
Charles N Wyble 09d93e37cd Initial port of KNELServerBuild to FetchApply framework 
- Created base FetchApply directory structure with classes, initializers, modules, roles, and variables
- Ported SetupNewSystem.sh functionality to modular FetchApply structure
- Created server classes: physical, virtual, librenms, database, webserver, dev-workstation
- Implemented initializers for system-setup, packages, ssh-keys, and user-configuration
- Created modules for oam, system-config, ssh-hardening, and librenms-agent
- Defined security and monitoring roles
- Copied configuration templates from KNELServerBuild
- Updated README with comprehensive FetchApply usage instructions

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
2026-01-21 11:05:17 -05:00

165 lines
4.1 KiB
Markdown
Raw Blame History

# KNEL Configuration Management - FetchApply
This repository contains the KNEL server configuration management system implemented with the FetchApply framework.
## Overview
The KNEL FetchApply system provides automated server provisioning, configuration, and security hardening for Linux servers. It uses the FetchApply framework to apply configurations based on server classes and hostnames.
## Repository Structure
```
.
├── classes/ # Server classifications
│ ├── physical/ # Physical Dell servers
│ ├── virtual/ # Virtual machines
│ ├── librenms/ # LibreNMS monitoring servers
│ ├── database/ # Database servers
│ ├── webserver/ # Web servers
│ └── dev-workstation/ # Development workstations
├── initializers/ # One-time setup scripts
├── modules/ # Recurring maintenance modules
├── roles/ # Groups of related modules
└── variables # Global configuration variables
```
## Installation
### Prerequisites
- Linux server (Ubuntu 18.04+ or Debian 10+ recommended)
- Root or sudo access
- Internet connectivity for package downloads
### Install FetchApply
First, install FetchApply on your system:
```bash
curl https://source.priveasy.org/Priveasy/fetch-apply/raw/branch/main/install -o /tmp/install
sudo bash /tmp/install --operations-repository-url=https://git.knownelement.com/KNEL/KNELConfigMgmt-FetchApply.git
```
### Usage
Once installed, FetchApply will automatically:
1. Detect the server type based on hostname and hardware characteristics
2. Apply the appropriate configuration modules and initializers
3. Maintain the system configuration with regular runs
You can also run FetchApply manually:
```bash
sudo fa
```
## Server Classes
Servers are automatically classified based on their characteristics:
### Physical Servers (`physical`)
**Criteria:** Dell physical hardware detected via dmidecode
**Applied Modules:**
- System setup and package installation
- SSH hardening
- Security hardening
- OAM monitoring
### Virtual Machines (`virtual`)
**Criteria:** KVM/Hyper-V guests detected via virt-what
**Applied Modules:**
- System setup and package installation
- SSH hardening
- Security hardening (virtual-optimized)
- OAM monitoring
### LibreNMS Servers (`librenms`)
**Criteria:** Hostname contains "tsys-librenms"
**Applied Modules:**
- Standard server configuration
- LibreNMS monitoring setup
- Security hardening
### Development Workstations (`dev-workstation`)
**Criteria:** Hostname matches "subopi-dev" or "CharlesDevServer"
**Applied Modules:**
- Development tools and packages
- Less restrictive SSH configuration
- Security monitoring
## Security Features
The system includes comprehensive security hardening:
- SSH key-based authentication only
- 2FA support via Google Authenticator
- Wazuh security monitoring
- SCAP/STIG compliance hardening
- Automated security updates
## Monitoring and Management
- LibreNMS network monitoring integration
- Cockpit web-based management interface
- Comprehensive logging and audit trails
- SNMP monitoring configuration
- Performance monitoring tools
## Configuration Templates
Configuration files are managed using mustache templates (via `mo`) to allow for:
- Environment-specific customizations
- Dynamic variable substitution
- Class-based configuration variations
## Maintenance
The system is designed to be idempotent and can be safely re-run to:
- Restore configuration drift
- Apply security updates
- Add new servers to the fleet
- Standardize configurations across environments
## Troubleshooting
For detailed status information:
```bash
sudo fa status
```
To run specific modules:
```bash
sudo fa run <module-name>
```
To pause automatic runs during maintenance:
```bash
sudo fa pause
```
To resume automatic runs:
```bash
sudo fa resume
```
## Repository Information
**Issues:** https://projects.knownelement.com/project/reachableceo-vptechnicaloperations/timeline
**Discussion:** https://community.turnsys.com/c/chieftechnologyandproductofficer/26
## License
This project is licensed under the terms specified in the LICENSE file.
View Git Blame Copy Permalink