cal/claude-home
1
0
Fork 0
Code Issues 6 Pull Requests 4 Actions Packages Projects Releases Wiki Activity

Ansible playbook: mask avahi-daemon across all Ubuntu VMs #28

New Issue
Closed
opened 2026-04-03 01:09:42 +00:00 by cal · 1 comment
cal commented 2026-04-03 01:09:42 +00:00
Owner
Copy Link

Context

The avahi-daemon busy-loop bug was found on all 5 Ubuntu VMs during the audit, wasting ~1.7 CPU cores total. The immediate fix (masking on each VM) is being done manually. This issue creates an Ansible playbook to enforce the fix permanently and catch any new VMs.

Implementation

Use the Ansible controller at LXC 304 (10.10.0.232).

  • Create playbook mask-avahi.yml targeting all Ubuntu VMs
  • Tasks: 
    - name: Stop avahi-daemon
  systemd:
    name: avahi-daemon
    state: stopped
  ignore_errors: true

- name: Mask avahi-daemon
  systemd:
    name: avahi-daemon
    masked: true

- name: Verify avahi is masked
  command: systemctl is-enabled avahi-daemon
  register: avahi_status
  failed_when: avahi_status.stdout != 'masked'
  • Add to the Ansible inventory if VMs aren't already there
  • Test on one VM first, then roll out
  • Add to any "new VM setup" playbook/checklist so future VMs get this automatically

SRE Notes

  • In a static-IP homelab with Pi-hole DNS, mDNS/avahi is not needed
  • Masking is permanent and survives reboots — no recurring toil
  • If a future service ever needs mDNS, unmask with systemctl unmask avahi-daemon

Labels

infra-audit, operations

## Context The avahi-daemon busy-loop bug was found on all 5 Ubuntu VMs during the audit, wasting ~1.7 CPU cores total. The immediate fix (masking on each VM) is being done manually. This issue creates an Ansible playbook to enforce the fix permanently and catch any new VMs. ## Implementation Use the Ansible controller at LXC 304 (10.10.0.232). - [ ] Create playbook `mask-avahi.yml` targeting all Ubuntu VMs - [ ] Tasks: ```yaml - name: Stop avahi-daemon systemd: name: avahi-daemon state: stopped ignore_errors: true - name: Mask avahi-daemon systemd: name: avahi-daemon masked: true - name: Verify avahi is masked command: systemctl is-enabled avahi-daemon register: avahi_status failed_when: avahi_status.stdout != 'masked' ``` - [ ] Add to the Ansible inventory if VMs aren't already there - [ ] Test on one VM first, then roll out - [ ] Add to any "new VM setup" playbook/checklist so future VMs get this automatically ## SRE Notes - In a static-IP homelab with Pi-hole DNS, mDNS/avahi is not needed - Masking is permanent and survives reboots — no recurring toil - If a future service ever needs mDNS, unmask with `systemctl unmask avahi-daemon` ## Labels `infra-audit`, `operations`
cal added the
infra-audit
operations
 labels 2026-04-03 01:10:22 +00:00
Claude added the
ai-working
 label 2026-04-03 04:30:32 +00:00
Claude removed the
ai-working
 label 2026-04-03 04:33:11 +00:00
Claude commented 2026-04-03 04:33:14 +00:00
Collaborator
Copy Link

PR #39 opened: #39

What was done:

  • Created ansible/playbooks/mask-avahi.yml targeting the vms:physical inventory groups (all 5 Ubuntu VMs already in the controller's inventory — no inventory changes needed)
  • Updated vm-management/scripts/cloud-init-user-data.yaml to mask avahi in the runcmd section so future VMs are hardened from first boot

To deploy: ssh ansible then run the playbook with --limit discord-bots first to test on one VM, then without --limit to roll out to all.

PR #39 opened: https://git.manticorum.com/cal/claude-home/pulls/39 **What was done:** - Created `ansible/playbooks/mask-avahi.yml` targeting the `vms:physical` inventory groups (all 5 Ubuntu VMs already in the controller's inventory — no inventory changes needed) - Updated `vm-management/scripts/cloud-init-user-data.yaml` to mask avahi in the `runcmd` section so future VMs are hardened from first boot **To deploy:** `ssh ansible` then run the playbook with `--limit discord-bots` first to test on one VM, then without `--limit` to roll out to all.
Claude added the
ai-pr-opened
 label 2026-04-03 04:33:17 +00:00
cal closed this issue 2026-04-03 12:56:46 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
ai-changes-requested

   
ai-failed

   
ai-pr-opened

   
ai-reviewed

   
ai-reviewing

   
ai-working

   
infra-audit

Infrastructure audit remediation tasks

  
monitoring

Monitoring, alerting, and observability

  
operations

Ongoing operational improvements

  
proxmox

Proxmox VM/CT management

  
script

Script improvements and tooling

No Label
ai-changes-requested
ai-failed
ai-pr-opened
ai-reviewed
ai-reviewing
ai-working
infra-audit
monitoring
operations
proxmox
script
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/claude-home#28
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?