ADR-005: control node bootstrap is bare-metal Debian on ubongo

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sjat 2026-06-05 09:40:15 +02:00
parent 15779be086
commit 1064716d49

View file

@ -51,11 +51,12 @@ for the end-to-end commands and `docs/runbooks/new-host.md` for the full procedu
## Control node bootstrapping ## Control node bootstrapping
The control node is a special case — it runs Terraform and Ansible, so it cannot The control node is a special case — it runs Terraform and Ansible, so it cannot
be created by the Terraform it hosts (chicken-and-egg). It is the one documented be created by the Terraform it hosts (chicken-and-egg). It is `ubongo`, a dedicated
exception to Terraform-owned VM existence (see ADR-009). The control node requires: **physical** machine outside the cluster, and the one documented exception to
Terraform-owned VM existence (see ADR-009 and ADR-015). The control node requires:
1. Manual VM provisioning — clone this cloud-init template by hand (Proxmox UI or 1. Manual OS provisioning — install Debian 13 on the physical box by hand (it is not
`qm clone`), since Terraform is not yet available to do it a Proxmox guest, so there is no template to clone)
2. Manual setup of the Ansible environment: 2. Manual setup of the Ansible environment:
```bash ```bash
git clone <repo> ~/ansible git clone <repo> ~/ansible
@ -68,9 +69,10 @@ exception to Terraform-owned VM existence (see ADR-009). The control node requir
``` ```
3. After that, the control node can manage all other hosts normally 3. After that, the control node can manage all other hosts normally
The control node itself is listed in `inventories/production/hosts.yml` under `ubongo` is listed in `inventories/production/hosts.yml` under the `control` group
a `control` group and can be managed for baseline config (SSH, firewall, updates) and can be managed for baseline config (SSH, firewall, updates) but not for the
but not for the `docker_host` role (it does not run services). `docker_host` role (it does not run services). Hardware target and recovery model
are in ADR-015.
## Decision ## Decision