|
1 | 1 | # IT-Stack — Master TODO & Implementation Checklist |
2 | 2 | ## Project: `it-stack` | GitHub Org: `it-stack-dev` |
3 | 3 | **Created:** February 27, 2026 |
4 | | -**Status:** Phases 0–7 Complete · ALL 120 Labs Scripted · Azure Testing: Phase 1 ✅ (18/18) · Phase 2 ✅ (20/20) · Phase 3 ✅ (20/20) · SSO Integrations ✅ (35/35) · Phase 4 ✅ (25/25) · Ansible Integrations ✅ (INT-03–23) · Local Docker Test Runner: Phase 1 ✅ |
| 4 | +**Status:** Phases 0–7 Complete · ALL 120 Labs Scripted · Azure Testing: Phase 1 ✅ (18/18) · Phase 2 ✅ (20/20) · Phase 3 ✅ (20/20) · SSO Integrations ✅ (35/35) · Phase 4 ✅ (25/25) · Ansible Integrations ✅ (INT-03–23) · Production Monitoring ✅ · Local Docker Test Runner: Phase 1 ✅ |
5 | 5 |
|
6 | 6 | > This is the living task list for implementing the IT-Stack project using the framework defined in `PROJECT-FRAMEWORK-TEMPLATE.md`. |
7 | 7 | > Check items off as you complete them. Each section maps to a Phase or infrastructure domain. |
@@ -491,13 +491,13 @@ Key fixes: Taiga direct HTTP poll (Django migrations 8–10 min), Graylog journa |
491 | 491 | - [x] All secrets managed via Ansible Vault (no plaintext credentials in repos) |
492 | 492 | - [x] Firewall rules documented and applied ← `roles/common/tasks/firewall.yml` + UFW per-host |
493 | 493 | - [x] SSH key-only authentication on all servers ← `playbooks/harden.yml` + `vault_ssh_authorized_keys` |
494 | | -- [ ] FreeIPA Kerberos tickets for internal service auth |
| 494 | +- [x] FreeIPA Kerberos tickets for internal service auth ← **DONE** (`roles/freeipa/tasks/kerberos-service-principals.yml`, 109 lines: 12 principals, keytabs, krb5.conf.j2; `it-stack-ansible` #14 closed) |
495 | 495 | - [ ] Regular security scan (Trivy) on all Docker images in CI |
496 | 496 |
|
497 | 497 | ### Monitoring & Alerting |
498 | | -- [ ] Zabbix monitoring all 8-9 servers (CPU, RAM, disk, network) |
499 | | -- [ ] Zabbix service checks for all 20 services |
500 | | -- [ ] Graylog collecting logs from all services (Syslog / Filebeat) |
| 498 | +- [x] Zabbix monitoring all 8-9 servers (CPU, RAM, disk, network) ← **DONE** (`roles/zabbix/tasks/register-hosts.yml`, 262 lines: auto-registers all 8 hosts via API, Linux template applied; `it-stack-ansible` #11 closed) |
| 499 | +- [x] Zabbix service checks for all 20 services ← **DONE** (IT-Stack Service Checks template with 23 TCP port checks; created by register-hosts.yml) |
| 500 | +- [x] Graylog collecting logs from all services (Syslog / Filebeat) ← **DONE** (`roles/graylog/tasks/configure-inputs.yml`, 195 lines: Syslog UDP :1514, GELF UDP :12201, GELF HTTP :12202 + 8 streams + rsyslog-graylog.conf.j2; `it-stack-ansible` #12 closed) |
501 | 501 | - [x] Alerting to Mattermost channel `#ops-alerts` ← **INT-22/23 DONE** (`roles/zabbix/tasks/mattermost-alerts.yml` 135 lines + `roles/graylog/tasks/zabbix-alerts.yml` 126 lines; `it-stack-ansible` #13 closed) |
502 | 502 | - [ ] On-call escalation policy documented |
503 | 503 |
|
@@ -592,6 +592,6 @@ Key fixes: Taiga direct HTTP poll (Django migrations 8–10 min), Graylog journa |
592 | 592 |
|
593 | 593 | --- |
594 | 594 |
|
595 | | -**Document Version:** 2.4 |
| 595 | +**Document Version:** 2.5 |
596 | 596 | **Project:** IT-Stack | **Org:** it-stack-dev |
597 | | -**Last Updated:** 2026-03-10 — Ansible integration milestones confirmed complete: all 6 SSO (INT-03–08) + 3 FreePBX (INT-09–11) + SuiteCRM↔Odoo (INT-12) + alerting pipeline (INT-22/23); 11 `it-stack-ansible` GitHub issues closed (#1–10, #13); docs migration verified (55/55 files tracked) |
| 597 | +**Last Updated:** 2026-03-10 — All remaining Ansible production-readiness gaps closed: Zabbix auto-registers all 8 servers + 23 service TCP checks (#11), Graylog configures Syslog/GELF inputs + 8 streams + retention (#12), FreeIPA creates 12 Kerberos service principals + keytab export + krb5.conf.j2 (#14); all `it-stack-ansible` issues now closed; commit 065ed08 |
0 commit comments