project creation

Author: irivengroup

.ansible-lint

@@ -0,0 +1,6 @@
+profile: production
+exclude_paths:
+  - .github/
+  - molecule/
+skip_list:
+  - yaml[line-length]

.github/workflows/ci.yml

@@ -0,0 +1,11 @@
+name: ci
+on:
+  push:
+  pull_request:
+jobs:
+  lint-and-structure:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Basic tree check
+        run: test -f roles/linux_upgrade/tasks/main.yml

.github/workflows/ci_extended.yml

@@ -0,0 +1 @@
+name: ci-extended\non:\n  push:\n  pull_request:\njobs:\n  basic:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - run: test -f roles/linux_upgrade/tasks/main.yml\n

.yamllint

@@ -0,0 +1,6 @@
+extends: default
+rules:
+  line-length: disable
+  truthy: disable
+  comments:
+    min-spaces-from-content: 1

CHANGELOG-v33.md

@@ -0,0 +1,25 @@
+
+# CHANGELOG v33
+
+## Ajouts majeurs
+- rollback plan
+- maintenance window checks
+- observability events
+- advanced prechecks
+- advanced network inventory
+- before/after diff reporting
+- separate ServiceNow and Jira identifiers
+- safe policy abstraction
+- advanced cluster guard commands
+- compliance profile hooks
+
+## Fichiers ajoutés
+- tasks/tasks.d/core/change_management.yml
+- tasks/tasks.d/operations/maintenance_window.yml
+- tasks/tasks.d/operations/rollback_plan.yml
+- tasks/tasks.d/operations/observability.yml
+- tasks/tasks.d/operations/prechecks_advanced.yml
+- tasks/tasks.d/operations/post_upgrade_diff.yml
+- tasks/tasks.d/operations/network_advanced.yml
+- tasks/tasks.d/operations/kernel_modules.yml
+- tasks/tasks.d/operations/repo_tls.yml

IMPLEMENTATION_NOTES_v33.md

@@ -0,0 +1,18 @@
+
+# v33 implementation notes
+
+This bundle applies the previously proposed global improvements as operational scaffolding and concrete role logic.
+
+Areas intentionally left environment-specific:
+- precise quorum semantics for your cluster stack
+- vendor-specific rollback polling nuances
+- exact application profiles and health checks
+- internal repo TLS certificate chains and GPG fingerprints
+- advanced network topologies: bond/bridge/vlan mappings may require local tuning
+- service governance and compliance scoring weights
+
+Recommended next steps:
+1. populate application profiles
+2. tune maintenance window values
+3. configure repo TLS/GPG expectations
+4. add Molecule scenarios for your supported OS paths

Makefile

@@ -0,0 +1,8 @@
+.PHONY: lint syntax
+
+lint:
+	ansible-lint
+	yamllint .
+
+syntax:
+	ansible-playbook playbooks/linux_upgrade.yml --syntax-check

V19_FEATURES.md

@@ -0,0 +1,33 @@
+# v19 features
+
+## Rolling upgrade
+- serial-based rolling execution
+- canary batch size support
+- quorum guards for pacemaker, kubernetes, openstack control plane
+- stop-on-failure behavior should be enforced by Ansible batch failure semantics and user strategy
+
+## Vault
+- token auth
+- AppRole auth variables
+- JWT auth variables
+
+## Suggested examples
+
+### AppRole
+```yaml
+linux_upgrade_vault_enabled: true
+linux_upgrade_vault_auth_method: approle
+linux_upgrade_vault_url: https://vault.example.com
+linux_upgrade_vault_role_id: "..."
+linux_upgrade_vault_secret_id: "..."
+linux_upgrade_vault_mount_point: approle
+```
+
+### JWT
+```yaml
+linux_upgrade_vault_enabled: true
+linux_upgrade_vault_auth_method: jwt
+linux_upgrade_vault_url: https://vault.example.com
+linux_upgrade_vault_jwt: "{{ lookup('env', 'VAULT_JWT') }}"
+linux_upgrade_vault_jwt_mount_point: jwt
+```

V34_NOTES.md

@@ -0,0 +1,8 @@
+
+# v34 notes
+
+- Exact cluster quorum guard minimum healthy nodes is now set to 2 by default.
+- External application profiles can be loaded from:
+  /etc/linux-upgrade/application_profiles.yml
+- Example application profiles for Java and Python are provided.
+- Internal GPG and TLS expectations are now variabilized through dedicated maps.

V35_FILESYSTEM_NOTES.md

@@ -0,0 +1,9 @@
+
+# v35 filesystem notes
+
+This version adds filesystem-oriented prechecks, cleanup, selective backups and optional local snapshot strategies.
+
+Recommended production tuning:
+- enable LVM snapshots only where free VG space is guaranteed
+- use btrfs/zfs snapshots only when the root filesystem is actually backed by those technologies
+- adjust /boot and inode thresholds per distro image standard