diff --git a/docs/decisions/009-provisioning-handoff.md b/docs/decisions/009-provisioning-handoff.md index 872cb9a..0b9cc42 100644 --- a/docs/decisions/009-provisioning-handoff.md +++ b/docs/decisions/009-provisioning-handoff.md @@ -126,12 +126,14 @@ convention only — it no longer implies any difference in how records are writt ## The control-node exception -The control node — the host that runs Terraform and Ansible — is the one VM -Terraform does **not** create. It cannot provision the infrastructure that would -provision itself (chicken-and-egg). It is therefore the single documented exception -to "Terraform owns VM existence": +The control node — the host that runs Terraform and Ansible — is `ubongo`, a +dedicated **physical** machine outside the cluster. It is not a VM at all, so +Terraform genuinely never touches it: it cannot provision the infrastructure that +would provision itself (chicken-and-egg). It is therefore the single documented +exception to "Terraform owns VM existence": -- Provisioned and bootstrapped manually, per the control-node section of ADR-005. +- Provisioned and bootstrapped manually on bare metal, per the control-node section + of ADR-005; rationale, hardware, and recovery model in ADR-015. - Listed in `inventories//hosts.yml` under the `control` group, and managed by Ansible for baseline config only (no `docker_host` role).