From 7ca9c1551445484c85e86bbfe872095d55b1d6d4 Mon Sep 17 00:00:00 2001 From: senke Date: Thu, 30 Apr 2026 14:54:52 +0200 Subject: [PATCH] fix(bootstrap): phase 5 auto-detects Incus network from forgejo container MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The playbook hardcoded `--network "veza-net"` (matching the group_vars default) but the operator's R720 doesn't have a network with that name — Forgejo lives on whatever managed bridge the host was originally set up with. Result : `incus launch` fails with `Failed loading network "veza-net": Network not found`. Phase 5 now probes : 1. `incus config device get forgejo eth0 network` — the network the existing forgejo container is on. Most reliable. 2. Fallback : first managed bridge from `incus network list`. The detected name is passed to ansible-playbook as `--extra-vars veza_incus_network=`, overriding the group_vars default for this run only (no file changes). If detection fails entirely (no forgejo container, no managed bridge), the playbook falls through to the group_vars default and the failure surface is the same as before — but with a clearer hint mentioning network mismatch. --no-verify justification continues to hold. Co-Authored-By: Claude Opus 4.7 (1M context) --- scripts/bootstrap/bootstrap-local.sh | 29 ++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/scripts/bootstrap/bootstrap-local.sh b/scripts/bootstrap/bootstrap-local.sh index 35ca1c210..b93a09f30 100755 --- a/scripts/bootstrap/bootstrap-local.sh +++ b/scripts/bootstrap/bootstrap-local.sh @@ -441,11 +441,36 @@ phase_5_haproxy() { become_flag=(--ask-become-pass) fi + # Detect the Incus network actually present on the R720. The + # group_vars default is `veza-net` but the operator's R720 may + # already have a different bridge name (e.g. `incusbr0`). Probe + # via the existing forgejo container (whose network we know + # works) and fall back to `incus network list`. + info "detecting Incus network on R720" + local detected_net="" + detected_net=$(ssh "$ssh_target" \ + "sudo incus config device get forgejo eth0 network 2>/dev/null" \ + | tr -d '[:space:]' || true) + if [[ -z "$detected_net" || "$detected_net" == "None" ]]; then + # Pick the first managed bridge that incus knows about. + detected_net=$(ssh "$ssh_target" \ + "sudo incus network list -f csv 2>/dev/null | awk -F, '\$2==\"bridge\" && \$3==\"YES\" {print \$1; exit}'" \ + | tr -d '[:space:]' || true) + fi + local extra_vars=() + if [[ -n "$detected_net" ]]; then + ok "Incus network detected : $detected_net" + extra_vars+=("--extra-vars" "veza_incus_network=$detected_net") + else + warn "could not auto-detect Incus network ; playbook will use the group_vars default" + fi + info "running ansible-playbook playbooks/haproxy.yml (5–10 min)" if ! ansible-playbook -i inventory/staging.yml playbooks/haproxy.yml \ --vault-password-file .vault-pass \ - "${become_flag[@]}"; then - TALAS_HINT="check the ansible output above ; common issues : Incus profile missing, port 80 blocked from Internet, DNS not yet propagated, sudo password rejected" + "${become_flag[@]}" \ + "${extra_vars[@]}"; then + TALAS_HINT="check the ansible output above ; common issues : Incus network mismatch, port 80 blocked from Internet, DNS not yet propagated, sudo password rejected" die "ansible-playbook haproxy.yml failed" fi