fix: address whole-branch review (anchor pin regexp, ADR-016 backup note, verify comment)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
c09b7fe6a5
commit
a483f4e55c
3 changed files with 3 additions and 3 deletions
|
|
@ -116,7 +116,7 @@ allocated for it.
|
||||||
address as a mesh-independent secondary path, so a mesh/coordinator outage never
|
address as a mesh-independent secondary path, so a mesh/coordinator outage never
|
||||||
blocks on-LAN SSH and Ansible stays off the mesh (Security; Recovery & operations).
|
blocks on-LAN SSH and Ansible stays off the mesh (Security; Recovery & operations).
|
||||||
- The mesh survives a homelab outage because the coordinator is off-site on `askari`,
|
- The mesh survives a homelab outage because the coordinator is off-site on `askari`,
|
||||||
with its management datastore backed up encrypted off `askari` and peers keeping
|
with its management datastore **intended** to be backed up encrypted off `askari` (not yet built — see the Availability amendment / R8) and peers keeping
|
||||||
last-known config through a brief coordinator outage (Recovery & operations).
|
last-known config through a brief coordinator outage (Recovery & operations).
|
||||||
- Choosing NetBird over plain OPNsense WireGuard, Tailscale, Tailscale+Headscale, an
|
- Choosing NetBird over plain OPNsense WireGuard, Tailscale, Tailscale+Headscale, an
|
||||||
on-cluster coordinator, a `ubongo` subnet router, and a standalone IdP gains
|
on-cluster coordinator, a `ubongo` subnet router, and a standalone IdP gains
|
||||||
|
|
|
||||||
|
|
@ -111,6 +111,6 @@
|
||||||
- name: Assert the coordinator FQDN is pinned to the fixture IP (DNS-resilience / R8)
|
- name: Assert the coordinator FQDN is pinned to the fixture IP (DNS-resilience / R8)
|
||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- "'203.0.113.9 netbird.askari.wingu.me' in (_etchosts.content | b64decode)"
|
- "'203.0.113.9 netbird.askari.wingu.me' in (_etchosts.content | b64decode)" # slurp content is always base64
|
||||||
fail_msg: "base__mesh_coordinator_pin did not render the /etc/hosts coordinator pin"
|
fail_msg: "base__mesh_coordinator_pin did not render the /etc/hosts coordinator pin"
|
||||||
success_msg: "coordinator FQDN pinned in /etc/hosts"
|
success_msg: "coordinator FQDN pinned in /etc/hosts"
|
||||||
|
|
|
||||||
|
|
@ -68,7 +68,7 @@
|
||||||
- name: Pin the NetBird coordinator FQDN in /etc/hosts (DNS-resilience, ADR-016 availability / R8)
|
- name: Pin the NetBird coordinator FQDN in /etc/hosts (DNS-resilience, ADR-016 availability / R8)
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/hosts
|
path: /etc/hosts
|
||||||
regexp: '\s{{ _coordinator_fqdn | regex_escape }}$'
|
regexp: '^\S+\s+{{ _coordinator_fqdn | regex_escape }}\s*$'
|
||||||
line: "{{ base__mesh_coordinator_pin }} {{ _coordinator_fqdn }}"
|
line: "{{ base__mesh_coordinator_pin }} {{ _coordinator_fqdn }}"
|
||||||
state: present
|
state: present
|
||||||
# /etc/hosts is bind-mounted in the Docker Molecule container (atomic rename → EBUSY);
|
# /etc/hosts is bind-mounted in the Docker Molecule container (atomic rename → EBUSY);
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue