michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
70e45fb56e63fd5e2dbbfece988d12a9f336ca95
michaelschiemer/deployment/infrastructure/roles/base-security/tasks/fail2ban.yml
Michael Schiemer 9b74ade5b0 feat: Fix discovery system critical issues 
Resolved multiple critical discovery system issues:

## Discovery System Fixes
- Fixed console commands not being discovered on first run
- Implemented fallback discovery for empty caches
- Added context-aware caching with separate cache keys
- Fixed object serialization preventing __PHP_Incomplete_Class

## Cache System Improvements
- Smart caching that only caches meaningful results
- Separate caches for different execution contexts (console, web, test)
- Proper array serialization/deserialization for cache compatibility
- Cache hit logging for debugging and monitoring

## Object Serialization Fixes
- Fixed DiscoveredAttribute serialization with proper string conversion
- Sanitized additional data to prevent object reference issues
- Added fallback for corrupted cache entries

## Performance & Reliability
- All 69 console commands properly discovered and cached
- 534 total discovery items successfully cached and restored
- No more __PHP_Incomplete_Class cache corruption
- Improved error handling and graceful fallbacks

## Testing & Quality
- Fixed code style issues across discovery components
- Enhanced logging for better debugging capabilities
- Improved cache validation and error recovery

Ready for production deployment with stable discovery system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-13 12:04:17 +02:00

143 lines
2.7 KiB
YAML
Raw Blame History

---
# Fail2ban Configuration
- name: Install fail2ban
package:
name: fail2ban
state: present
tags:
- fail2ban
- packages
- name: Create fail2ban configuration directory
file:
path: /etc/fail2ban/jail.d
state: directory
owner: root
group: root
mode: '0755'
tags:
- fail2ban
- directories
- name: Configure fail2ban main settings
template:
src: fail2ban.local.j2
dest: /etc/fail2ban/fail2ban.local
owner: root
group: root
mode: '0644'
backup: true
notify: restart fail2ban
tags:
- fail2ban
- config
- name: Configure fail2ban default jail settings
template:
src: jail.local.j2
dest: /etc/fail2ban/jail.local
owner: root
group: root
mode: '0644'
backup: true
notify: restart fail2ban
tags:
- fail2ban
- config
- jail
- name: Create custom fail2ban jails
template:
src: custom-jails.local.j2
dest: /etc/fail2ban/jail.d/custom-jails.local
owner: root
group: root
mode: '0644'
backup: true
notify: restart fail2ban
tags:
- fail2ban
- jails
- custom
- name: Create custom fail2ban filters
template:
src: "{{ item }}.conf.j2"
dest: "/etc/fail2ban/filter.d/{{ item }}.conf"
owner: root
group: root
mode: '0644'
loop:
- nginx-limit-req
- nginx-http-auth
- php-framework
notify: restart fail2ban
tags:
- fail2ban
- filters
- name: Create fail2ban action for PHP Framework
template:
src: php-framework-action.conf.j2
dest: /etc/fail2ban/action.d/php-framework-notify.conf
owner: root
group: root
mode: '0644'
notify: restart fail2ban
tags:
- fail2ban
- actions
- name: Ensure fail2ban service is enabled and running
service:
name: fail2ban
state: started
enabled: true
tags:
- fail2ban
- service
- name: Check fail2ban status
command: fail2ban-client status
register: fail2ban_status
changed_when: false
tags:
- fail2ban
- status
- name: Display fail2ban jail status
command: fail2ban-client status {{ item.name }}
register: jail_status
changed_when: false
loop: "{{ fail2ban_jails }}"
when: item.enabled | bool
tags:
- fail2ban
- status
- jails
- name: Create fail2ban log rotation
template:
src: fail2ban-logrotate.j2
dest: /etc/logrotate.d/fail2ban
owner: root
group: root
mode: '0644'
tags:
- fail2ban
- logrotate
- name: Configure fail2ban systemd service override
template:
src: fail2ban-override.conf.j2
dest: /etc/systemd/system/fail2ban.service.d/override.conf
owner: root
group: root
mode: '0644'
notify:
- reload systemd
- restart fail2ban
tags:
- fail2ban
- systemd
Reference in New Issue View Git Blame Copy Permalink