feat(it-ops): live inventory, drift API, Keycloak IT role, portal sync hint

- Add scripts/it-ops (Proxmox collector, IPAM drift, export orchestrator) - Add sankofa-it-read-api stub with optional CORS and refresh - Add systemd examples for read API, weekly inventory export, timer - Add live-inventory-drift GitHub workflow (dispatch + weekly) - Add IT controller spec, runbooks, Keycloak ensure-it-admin-role script - Note IT_READ_API env on portal sync completion output Made-with: Cursor
2026-04-09 01:20:00 -07:00
parent 4eead3e53f
commit 61841b8291
14 changed files with 1384 additions and 0 deletions
--- a/.github/workflows/live-inventory-drift.yml
+++ b/.github/workflows/live-inventory-drift.yml
@@ -0,0 +1,29 @@
+# Live Proxmox guest inventory + drift vs config/ip-addresses.conf.
+# GitHub-hosted runners usually cannot reach 192.168.11.x; workflow still produces
+# drift.json with seed_unreachable. Use a self-hosted LAN runner or run locally:
+#   bash scripts/it-ops/export-live-inventory-and-drift.sh
+name: Live inventory and IPAM drift
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '25 6 * * 1'
+
+jobs:
+  drift:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Export live inventory (LAN optional)
+        run: bash scripts/it-ops/export-live-inventory-and-drift.sh
+        continue-on-error: true
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: live-inventory-drift
+          path: |
+            reports/status/live_inventory.json
+            reports/status/drift.json