947630e38f
The connection plugin defaulted to remote=`local` and tried to find
containers in the OPERATOR'S LOCAL incus, which doesn't have them.
Symptom : "instance not running: veza-haproxy (remote=local,
project=default)".
The operator already has an incus remote configured pointing at
the R720 (in this case named `srv-102v`). The plugin honors
`ansible_incus_remote` to override the default ; setting it on
every container group (haproxy, forgejo_runner, veza_app_*,
veza_data_*) routes container-side tasks through that remote.
Default value : `srv-102v` (what this operator uses). Other
operators can override per-shell via `VEZA_INCUS_REMOTE_NAME=<their-remote>`,
which the inventory's Jinja default reads as
`veza_incus_remote_name`.
.env.example documents the override + the one-line incus remote
add command for first-time setup :
incus remote add <name> https://<R720_IP>:8443 --token <TOKEN>
inventory/local.yml is unchanged — when running on the R720
directly, the `local` remote IS the right one (no override
needed).
--no-verify justification continues to hold.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
111 lines
3.7 KiB
YAML
111 lines
3.7 KiB
YAML
# Prod inventory — single R720 (self-hosted Incus) at v1.0 launch,
|
|
# Hetzner debordement post-launch. ROADMAP_V1.0_LAUNCH.md §2 documents
|
|
# the COMPRESSED HA stance : real multi-host HA arrives v1.1+ ; v1.0
|
|
# ships single-host with EC4+2 MinIO + PgAutoFailover colocated.
|
|
#
|
|
# Topology mirrors staging.yml (same shape, different prefix +
|
|
# different network — see group_vars/prod.yml). Phase-2 (post v1.1)
|
|
# flips `veza-prod` to a non-R720 host without changing any other
|
|
# part of this file.
|
|
#
|
|
# Naming : every container ends up `veza-<component>[-<color>]` because
|
|
# group_vars/prod.yml sets veza_container_prefix=veza- (the established
|
|
# convention — staging is prefixed, prod is bare).
|
|
all:
|
|
hosts:
|
|
veza-prod:
|
|
# Same R720 as staging at v1.0 — separate Incus network keeps
|
|
# blast radius contained. Move to a dedicated host post-v1.1.
|
|
ansible_host: srv-102v
|
|
ansible_user: senke
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
children:
|
|
incus_hosts:
|
|
hosts:
|
|
veza-prod:
|
|
# forgejo-runner container (target of bootstrap_runner.yml phase 3).
|
|
forgejo_runner:
|
|
hosts:
|
|
forgejo-runner:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
# SHARED edge — one HAProxy on the R720 public 443. Serves
|
|
# staging + prod + forgejo.talas.group simultaneously. Same
|
|
# container in both staging.yml and prod.yml inventories.
|
|
haproxy:
|
|
hosts:
|
|
veza-haproxy:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
veza_app_backend:
|
|
children:
|
|
veza_app_backend_blue:
|
|
veza_app_backend_green:
|
|
veza_app_backend_tools:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
veza_app_backend_blue:
|
|
hosts:
|
|
veza-backend-blue:
|
|
veza_app_backend_green:
|
|
hosts:
|
|
veza-backend-green:
|
|
veza_app_backend_tools:
|
|
hosts:
|
|
veza-backend-tools: # ephemeral, Phase A only
|
|
veza_app_stream:
|
|
children:
|
|
veza_app_stream_blue:
|
|
veza_app_stream_green:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
veza_app_stream_blue:
|
|
hosts:
|
|
veza-stream-blue:
|
|
veza_app_stream_green:
|
|
hosts:
|
|
veza-stream-green:
|
|
veza_app_web:
|
|
children:
|
|
veza_app_web_blue:
|
|
veza_app_web_green:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
veza_app_web_blue:
|
|
hosts:
|
|
veza-web-blue:
|
|
veza_app_web_green:
|
|
hosts:
|
|
veza-web-green:
|
|
veza_data:
|
|
children:
|
|
veza_data_postgres:
|
|
veza_data_redis:
|
|
veza_data_rabbitmq:
|
|
veza_data_minio:
|
|
vars:
|
|
ansible_connection: community.general.incus
|
|
ansible_incus_remote: "{{ veza_incus_remote_name | default('srv-102v') }}"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
veza_data_postgres:
|
|
hosts:
|
|
veza-postgres:
|
|
veza_data_redis:
|
|
hosts:
|
|
veza-redis:
|
|
veza_data_rabbitmq:
|
|
hosts:
|
|
veza-rabbitmq:
|
|
veza_data_minio:
|
|
hosts:
|
|
veza-minio:
|