0af0a88f6d
Two blockers after the runner gained incus admin and started reaching the new data containers: 1. Debian apt's ansible-core (2.14) is below community.general's minimum, which logged "Collection community.general does not support Ansible version 2.14.18". runner-bake-deps.sh now installs ansible-core via pipx (latest stable) plus the required collections (community.general, community.postgresql, ansible.posix). 2. images:debian/13 — what the data containers are launched from — ships without python3, so every module call to a freshly-launched container hit "Failed to create temporary directory" / UNREACHABLE. Added a single bootstrap play (\`hosts: veza_data\`) that uses the raw module to install python3 + python3-apt before any other Configure-X play touches the targets. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
65 lines
2.1 KiB
Bash
Executable file
65 lines
2.1 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Install the OS packages every deploy.yml job assumes are pre-baked
|
|
# on the forgejo-runner Incus container. Run once per runner; idempotent.
|
|
#
|
|
# Usage (from operator laptop):
|
|
# ssh -t srv-102v 'sudo bash -s' < scripts/bootstrap/runner-bake-deps.sh
|
|
#
|
|
# Or run directly on the R720:
|
|
# sudo bash scripts/bootstrap/runner-bake-deps.sh
|
|
set -euo pipefail
|
|
|
|
PKGS=(
|
|
# tarball compression for build artifacts
|
|
zstd
|
|
# rust musl-static target
|
|
musl-tools
|
|
# rust openssl-sys: pkg-config + libssl-dev for the glibc build,
|
|
# perl + make + gcc (build-essential below) for the vendored
|
|
# openssl-src crate which compiles OpenSSL from source against musl.
|
|
pkg-config
|
|
libssl-dev
|
|
perl
|
|
make
|
|
# python3 + pipx for a recent ansible-core
|
|
# (Debian apt's ansible 2.14 is too old for current community.general,
|
|
# which logs "Collection community.general does not support Ansible
|
|
# version 2.14.18" and fails on connection plugins.)
|
|
python3-psycopg2
|
|
python3-pip
|
|
pipx
|
|
# native node modules (mostly belt-and-braces — current deploy
|
|
# avoids them via NODE_ENV=production, but keep for safety)
|
|
build-essential
|
|
python3-dev
|
|
)
|
|
|
|
echo "→ baking deps onto forgejo-runner container"
|
|
incus exec forgejo-runner -- bash -c "
|
|
set -euo pipefail
|
|
DEBIAN_FRONTEND=noninteractive apt-get update -qq
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ${PKGS[*]}
|
|
"
|
|
|
|
echo
|
|
echo "→ installing ansible-core via pipx (newer than apt)"
|
|
incus exec forgejo-runner -- bash -c '
|
|
set -euo pipefail
|
|
export PIPX_HOME=/opt/pipx
|
|
export PIPX_BIN_DIR=/usr/local/bin
|
|
pipx install --force ansible-core
|
|
/usr/local/bin/ansible --version | head -1
|
|
/usr/local/bin/ansible-galaxy collection install community.general community.postgresql ansible.posix
|
|
'
|
|
|
|
echo
|
|
echo "→ verifying"
|
|
incus exec forgejo-runner -- bash -c '
|
|
for cmd in zstd musl-gcc pkg-config ansible-playbook python3; do
|
|
printf " %-20s " "$cmd:"
|
|
command -v "$cmd" || { echo MISSING ; exit 1 ; }
|
|
done
|
|
'
|
|
|
|
echo
|
|
echo "✓ runner deps baked. Re-run Veza deploy in Forgejo UI."
|