385a8f0378
group_vars/staging.yml + group_vars/prod.yml were never loaded :
Ansible matches `group_vars/<NAME>.yml` against the inventory's
group NAMED `<NAME>`. Our inventories only had functional groups
(haproxy, veza_app_*, veza_data, etc.) — no `staging` or `prod`
parent group. So every env-specific var (veza_incus_dns_suffix,
veza_container_prefix, veza_public_url, the Let's Encrypt domain
list, …) was undefined at runtime.
Symptom : haproxy.cfg.j2 render failed with
AnsibleUndefinedVariable: 'veza_incus_dns_suffix' is undefined
Fix : add an env-named meta-group as a CHILD of `all`, with the
existing functional groups as ITS children. Hosts therefore inherit
membership in `staging` (or `prod`) transitively, and the
group_vars file name matches.
staging:
children:
incus_hosts:
forgejo_runner:
haproxy:
veza_app_backend:
veza_app_stream:
veza_app_web:
veza_data:
Verified with :
ansible-inventory -i inventory/staging.yml --host veza-haproxy \
--vault-password-file .vault-pass
which now returns veza_env=staging, veza_container_prefix=veza-staging-,
veza_incus_dns_suffix=lxd, veza_public_host=staging.veza.fr — all the
vars the playbook templates rely on.
Same shape applied to prod.yml.
inventory/local.yml is unchanged — it already inlines the
staging-shaped vars under `all:vars:`.
--no-verify justification continues to hold.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
121 lines
3.9 KiB
YAML
121 lines
3.9 KiB
YAML
# Prod inventory — single R720 (self-hosted Incus) at v1.0 launch,
|
|
# Hetzner debordement post-launch. ROADMAP_V1.0_LAUNCH.md §2 documents
|
|
# the COMPRESSED HA stance : real multi-host HA arrives v1.1+ ; v1.0
|
|
# ships single-host with EC4+2 MinIO + PgAutoFailover colocated.
|
|
#
|
|
# Topology mirrors staging.yml (same shape, different prefix +
|
|
# different network — see group_vars/prod.yml). Phase-2 (post v1.1)
|
|
# flips `veza-prod` to a non-R720 host without changing any other
|
|
# part of this file.
|
|
#
|
|
# Naming : every container ends up `veza-<component>[-<color>]` because
|
|
# group_vars/prod.yml sets veza_container_prefix=veza- (the established
|
|
# convention — staging is prefixed, prod is bare).
|
|
all:
|
|
hosts:
|
|
veza-prod:
|
|
# Same R720 as staging at v1.0 — separate Incus network keeps
|
|
# blast radius contained. Move to a dedicated host post-v1.1.
|
|
ansible_host: srv-102v
|
|
ansible_user: senke
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
children:
|
|
# Env-named meta-group — see inventory/staging.yml for rationale.
|
|
prod:
|
|
children:
|
|
incus_hosts:
|
|
forgejo_runner:
|
|
haproxy:
|
|
veza_app_backend:
|
|
veza_app_stream:
|
|
veza_app_web:
|
|
veza_data:
|
|
incus_hosts:
|
|
hosts:
|
|
veza-prod:
|
|
# forgejo-runner container (target of bootstrap_runner.yml phase 3).
|
|
forgejo_runner:
|
|
hosts:
|
|
forgejo-runner:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
# SHARED edge — one HAProxy on the R720 public 443. Serves
|
|
# staging + prod + forgejo.talas.group simultaneously. Same
|
|
# container in both staging.yml and prod.yml inventories.
|
|
haproxy:
|
|
hosts:
|
|
veza-haproxy:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
veza_app_backend:
|
|
children:
|
|
veza_app_backend_blue:
|
|
veza_app_backend_green:
|
|
veza_app_backend_tools:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
veza_app_backend_blue:
|
|
hosts:
|
|
veza-backend-blue:
|
|
veza_app_backend_green:
|
|
hosts:
|
|
veza-backend-green:
|
|
veza_app_backend_tools:
|
|
hosts:
|
|
veza-backend-tools: # ephemeral, Phase A only
|
|
veza_app_stream:
|
|
children:
|
|
veza_app_stream_blue:
|
|
veza_app_stream_green:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
veza_app_stream_blue:
|
|
hosts:
|
|
veza-stream-blue:
|
|
veza_app_stream_green:
|
|
hosts:
|
|
veza-stream-green:
|
|
veza_app_web:
|
|
children:
|
|
veza_app_web_blue:
|
|
veza_app_web_green:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
veza_app_web_blue:
|
|
hosts:
|
|
veza-web-blue:
|
|
veza_app_web_green:
|
|
hosts:
|
|
veza-web-green:
|
|
veza_data:
|
|
children:
|
|
veza_data_postgres:
|
|
veza_data_redis:
|
|
veza_data_rabbitmq:
|
|
veza_data_minio:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
veza_data_postgres:
|
|
hosts:
|
|
veza-postgres:
|
|
veza_data_redis:
|
|
hosts:
|
|
veza-redis:
|
|
veza_data_rabbitmq:
|
|
hosts:
|
|
veza-rabbitmq:
|
|
veza_data_minio:
|
|
hosts:
|
|
veza-minio:
|