it-stack-dev
diff --git a/‎CHANGELOG.md‎
Lines changed: 58 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 24 additions & 5 deletions b/‎README.md‎
Lines changed: 24 additions & 5 deletions
diff --git a/‎apply-fixes.sh‎
Lines changed: 100 additions & 0 deletions b/‎apply-fixes.sh‎
Lines changed: 100 additions & 0 deletions
@@ -27,6 +27,64 @@ This project adheres to [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
 
 ---
 
+## [2.1.0] — 2026-03-12
+
+### Added — Cloud Lab Deployment (Azure Single-VM)
+
+This release documents the live hands-on deployment of IT-Stack services on a single Azure VM (`lab-single`, West US 2), establishing the first public-IP-accessible demo environment for IT-Stack.
+
+**Infrastructure**
+- Azure VM `lab-single`: Standard_D4s_v4 (4 vCPU / 16 GB RAM), Ubuntu 24.04 LTS, 30 GB Premium SSD
+- Static public IP `4.154.17.25` with NSG ports opened for all service UIs and protocols
+- Azure Private DNS zone `lab.it-stack.local` mapped to private IP
+- Auto-shutdown policy: 22:00 UTC daily (saves ~33% of compute cost)
+- docker-mailserver `mail-demo` deployed as real SMTP/IMAP relay (domain: itstack.local)
+
+**New Services Deployed**
+- Jitsi Meet (`jitsi-web-lab01`) — port 8880; 4-container stack (web, prosody, jicofo, JVB)
+- Taiga (`taiga-front-s01` + `taiga-back-s01`) — ports 9001/9000; project management
+- Zabbix (`zabbix-web-s01`) — port 8307; full monitoring stack + Zabbix Agent 2 on host
+- Graylog (`graylog-s01`) — port 9002; GELF UDP :12201 + Syslog UDP :1514 inputs live
+
+**Existing Services Configured / Fixed**
+- Nextcloud: 57 apps installed and enabled (collaboration, security, field operations, storage, integration)
+- SuiteCRM: SMTP configured via `config_override.php` (Bitnami image path corrected)
+- Odoo: SMTP configured via direct SQL into `ir_mail_server` + `ir_config_parameter`
+- Mattermost: SMTP wired to `mail-demo`
+- Snipe-IT: 506 Internal Server Error root-caused and fixed — duplicate migration `2018_05_14_223646_add_indexes_to_assets` marked as completed in `migrations` table; remaining migrations applied; admin user created via `artisan snipeit:create-admin`
+- Snipe-IT: SMTP settings injected via container ENV vars (not DB config)
+- Keycloak: Nginx reverse proxy sidecar added for subdirectory routing
+
+### Fixed
+- Snipe-IT 506 error caused by pre-existing `assets_created_at_index` conflicting with migration attempt
+- SuiteCRM SMTP path: Bitnami container stores config in `/bitnami/suitecrm/public/legacy/` — not `/var/www/html/`
+- Odoo SMTP: initial DB created with name `testdb` (not `odoo`) — all DB commands must target `testdb`
+- Disk space: removed orphaned `elasticsearch:8.17.3` image (2 GB) and unused `mailhog/mailhog` (572 MB)
+
+### Documentation
+- `docs/05-guides/18-azure-lab-deployment.md` — New major section: "Current Live Deployment (March 2026)" covering VM specs, all 12+ services and ports, access URLs, NSG rules, SMTP configs, Snipe-IT fix procedure, Graylog/Zabbix setup commands, disk expansion guide, and Azure cost breakdown
+- `docs/07-architecture/network-topology.md` — New major section: "Cloud Single-VM Topology" with full container diagram, port map table, and limitations comparison vs. 8-server on-prem
+- `README.md` — Added "Cloud Lab Deployment (Live — March 2026)" callout; added Cloud row to Project Status table; updated Getting Started steps
+- `docs/IT-STACK-TODO.md` — Added "Phase: Cloud Lab Deployment" section tracking all completed, pending, and blocked items
+- `docs/05-guides/22-gui-walkthrough.md` — Full accuracy pass: Service Directory table split into Active/Pending, all module sections annotated with ✅ Already running or ⏳ Pending, NSG/SSH commands updated to active ports only, corrected credentials (Snipe-IT, Zabbix, Odoo), removed stale MailHog entry, updated Zammad with disk expansion prerequisite
+- `docs/05-guides/01-master-index.md` — Added Path 0 (cloud lab, zero-setup), updated Documentation Versioning to v2.1
+- `docs/05-guides/17-admin-runbook.md` — Added Deployment Context table and Cloud Lab VM operations section (health check, container management, Keycloak user management)
+- `docs/05-guides/21-production-troubleshooting.md` — Added deployment context header clarifying single-VM vs multi-server command translation
+
+### Security / Cost
+- Deleted idle Bastion `workspace-1-vnet-bastion` (was billing ~$140/month while unused)
+- Queued deletion of second Bastion `rg-stack-test1`
+- Identified 2 unattached static IPs for deletion (saves ~$7.44/month)
+- Estimated monthly cost at 16 hrs/day runtime: ~$105/month (within Azure Students $100/month credit with recommended optimizations)
+
+### Known Issues / Pending
+- **Zammad** not deployed — 30 GB OS disk reached 100% capacity during JS asset write; requires disk expansion to 64 GB before retry
+- Docker GELF log driver not yet enabled globally on host (`/etc/docker/daemon.json`) — set up to route all container logs automatically to Graylog
+- Zabbix → Mattermost webhook alert channel (`#ops-alerts`) not yet configured
+- Keycloak OIDC realm clients for Nextcloud and Mattermost not yet wired end-to-end
+
+---
+
 ## [1.41.0] — 2026-03-11
 
 ### Fixed — Sprint 47: Local Docker Test Runner Failures (All 3 Phases)
 
@@ -194,6 +194,23 @@ See the full list of [26 repositories](https://github.com/orgs/it-stack-dev/repo
 
 ---
 
+## Cloud Lab Deployment (Live — March 2026)
+
+> **12 services are currently running** on a single Azure VM as a live demo/lab environment.
+
+| Property | Value |
+|----------|-------|
+| VM | `lab-single` — Standard_D4s_v4 (4 vCPU / 16 GB RAM) |
+| Public IP | `4.154.17.25` |
+| Region | West US 2 |
+| Status | ✅ Running — auto-shuts down 22:00 UTC |
+
+**Live services:** Keycloak · Nextcloud (57 apps) · Mattermost · SuiteCRM · Odoo · Snipe-IT · Jitsi Meet · Taiga · Zabbix · Graylog · Traefik · docker-mailserver
+
+See [docs/05-guides/18-azure-lab-deployment.md](docs/05-guides/18-azure-lab-deployment.md) — **Current Live Deployment** section — for all ports, credentials, compose commands, and cost breakdown.
+
+---
+
 ## Project Status
 
 | Phase | Description | Status |
@@ -207,17 +224,19 @@ See the full list of [26 repositories](https://github.com/orgs/it-stack-dev/repo
 | 6 | Lab 01–06 Docker Compose + test scripts — all 20 modules (120 labs) | ✅ Complete — 120/120 PASS on Azure |
 | 7 | SSO integrations tested (FreeIPA→Keycloak→all 9 services) | ✅ Complete — 35/35 PASS on Azure |
 | 8 | Production readiness (Security · Monitoring · Backup · DR · Capacity) | ✅ Complete |
+| Cloud | Single-VM Azure lab — 12/20 services live on 4.154.17.25 | ✅ Live — March 2026 |
 | 9 | Phase 5: Kubernetes / Helm deployment | 🔲 Next |
 
 ---
 
 ## Getting Started
 
-1. **Browse** the docs at https://it-stack-dev.github.io/it-stack-docs/
-2. **Read** [docs/05-guides/01-master-index.md](docs/05-guides/01-master-index.md) for the full documentation map  
-3. **Deploy on real hardware** using the [Hardware Deployment Guide](docs/05-guides/19-hardware-deployment-guide.md)
-4. **Track progress** in [docs/IT-STACK-TODO.md](docs/IT-STACK-TODO.md)
-5. **Troubleshoot** using the [Production Troubleshooting Guide](docs/05-guides/21-production-troubleshooting.md)
+1. **Deploy now** — follow [docs/05-guides/00-quick-start-deploy.md](docs/05-guides/00-quick-start-deploy.md) for cloud (Azure) or on-prem step-by-step setup
+2. **Browse** the docs at https://it-stack-dev.github.io/it-stack-docs/
+3. **Read** [docs/05-guides/01-master-index.md](docs/05-guides/01-master-index.md) for the full documentation map
+4. **Walk through the UI** — see [docs/05-guides/22-gui-walkthrough.md](docs/05-guides/22-gui-walkthrough.md) for every service with credentials
+5. **Track progress** in [docs/IT-STACK-TODO.md](docs/IT-STACK-TODO.md)
+6. **Troubleshoot** using the [Production Troubleshooting Guide](docs/05-guides/21-production-troubleshooting.md)
 
 ---
 
 
@@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+# Apply the three Docker runner fixes to lab scripts on Azure VM
+set -e
+
+echo "=== Fix 1: Zammad nginx — curl → wget ==="
+python3 - << 'PYEOF'
+import re
+
+with open('/home/itstack/lab-phase2.sh', 'r') as f:
+    content = f.read()
+
+old = 'test: ["CMD-SHELL", "curl -sf -o /dev/null -w \'%{http_code}\' http://localhost:80/ | grep -qE \'^[23]\'"]'
+new = 'test: ["CMD-SHELL", "wget -q -O /dev/null http://localhost:80/ && echo OK || exit 1"]'
+
+if old in content:
+    content = content.replace(old, new)
+    with open('/home/itstack/lab-phase2.sh', 'w') as f:
+        f.write(content)
+    print("FIXED: curl replaced with wget in Zammad nginx healthcheck")
+elif 'wget -q -O /dev/null http://localhost:80/' in content:
+    print("ALREADY FIXED: wget already present in Zammad nginx healthcheck")
+else:
+    # Try regex approach
+    pattern = r'test: \["CMD-SHELL", "curl[^"]*localhost:80/[^"]*"\]'
+    match = re.search(pattern, content)
+    if match:
+        content = re.sub(pattern, 'test: ["CMD-SHELL", "wget -q -O /dev/null http://localhost:80/ && echo OK || exit 1"]', content)
+        with open('/home/itstack/lab-phase2.sh', 'w') as f:
+            f.write(content)
+        print(f"FIXED via regex: replaced '{match.group()}'")
+    else:
+        print(f"WARNING: Could not locate curl healthcheck. Current healthcheck lines:")
+        for i, line in enumerate(content.split('\n')):
+            if 'localhost:80' in line or ('zammad' in line.lower() and 'health' in line.lower()):
+                print(f"  line {i+1}: {line.strip()}")
+PYEOF
+
+echo ""
+echo "=== Fix 2: FreePBX — wait_healthy 40x30 → 60x30 (20min → 30min) ==="
+python3 - << 'PYEOF'
+with open('/home/itstack/lab-phase3.sh', 'r') as f:
+    content = f.read()
+
+old = 'wait_healthy "$app" 40 30'
+new = 'wait_healthy "$app" 60 30'
+
+if old in content:
+    count = content.count(old)
+    content = content.replace(old, new)
+    with open('/home/itstack/lab-phase3.sh', 'w') as f:
+        f.write(content)
+    print(f"FIXED: FreePBX wait extended to 30min ({count} occurrence(s) replaced)")
+elif 'wait_healthy "$app" 60 30' in content:
+    print("ALREADY FIXED: FreePBX wait is already 60x30")
+else:
+    print("WARNING: wait_healthy pattern not found. Searching for FreePBX wait...")
+    for i, line in enumerate(content.split('\n')):
+        if 'wait_healthy' in line and ('freepbx' in line.lower() or 'app' in line):
+            print(f"  line {i+1}: {line.strip()}")
+PYEOF
+
+echo ""
+echo "=== Fix 3: Snipe-IT — wait_healthy 24x10 → 48x10 (4min → 8min) ==="
+python3 - << 'PYEOF'
+with open('/home/itstack/lab-phase4.sh', 'r') as f:
+    content = f.read()
+
+old = 'wait_healthy "$app" 24 10'
+new = 'wait_healthy "$app" 48 10'
+
+if old in content:
+    count = content.count(old)
+    content = content.replace(old, new)
+    with open('/home/itstack/lab-phase4.sh', 'w') as f:
+        f.write(content)
+    print(f"FIXED: Snipe-IT wait extended to 8min ({count} occurrence(s) replaced)")
+elif 'wait_healthy "$app" 48 10' in content:
+    print("ALREADY FIXED: Snipe-IT wait is already 48x10")
+else:
+    print("WARNING: wait_healthy pattern not found. Searching for snipeit wait...")
+    for i, line in enumerate(content.split('\n')):
+        if 'wait_healthy' in line and ('snipe' in line.lower() or 'app' in line):
+            print(f"  line {i+1}: {line.strip()}")
+PYEOF
+
+echo ""
+echo "=== Verification ==="
+echo "phase2 nginx healthcheck:"
+grep -n 'localhost:80' ~/lab-phase2.sh | head -3
+
+echo "phase3 freepbx wait:"
+grep -n 'wait_healthy.*app' ~/lab-phase3.sh | head -3
+
+echo "phase4 snipeit wait:"
+grep -n 'wait_healthy.*app' ~/lab-phase4.sh | grep -i snipe | head -3
+# Fallback: show all app waits in snipeit section
+grep -n 'wait_healthy.*app' ~/lab-phase4.sh | head -5
+
+echo ""
+echo "ALL FIXES APPLIED SUCCESSFULLY"