From 7b5fd17e5578cabb9c7c956535dff7550f0dcd32 Mon Sep 17 00:00:00 2001 From: sjat Date: Thu, 11 Jun 2026 10:32:24 +0200 Subject: [PATCH] inventory: add ubongo to control group; set ssh-from-control addr Wire the now-built physical control node ubongo (10.20.10.151) into the production control group (the documented manual exception), and activate the dormant base__firewall_control_addr knob (ADR-021 ssh-from-control source). Forward-wiring only: no host has the base role applied yet. Co-Authored-By: Claude Opus 4.8 (1M context) --- inventories/production/group_vars/all/vars.yml | 3 +++ inventories/production/hosts.yml | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/inventories/production/group_vars/all/vars.yml b/inventories/production/group_vars/all/vars.yml index b38232c..50b4f86 100644 --- a/inventories/production/group_vars/all/vars.yml +++ b/inventories/production/group_vars/all/vars.yml @@ -36,3 +36,6 @@ services__base_dir: /opt/services # Unattended upgrades — security patches only base__unattended_upgrades_enabled: true + +# Management plane — activates the dormant ssh-from-control firewall rule +base__firewall_control_addr: "10.20.10.151" # ubongo (control node) LAN address — ADR-021 ssh-from-control source diff --git a/inventories/production/hosts.yml b/inventories/production/hosts.yml index 36ef5de..2ec35b0 100644 --- a/inventories/production/hosts.yml +++ b/inventories/production/hosts.yml @@ -7,7 +7,9 @@ all: children: control: - hosts: {} + hosts: + ubongo: + ansible_host: 10.20.10.151 docker_hosts: hosts: {} proxmox_hosts: