sjat
f83d68d7a0
Adds base__mesh_coordinator_pin (default empty = no-op). When set + base__mesh_enabled, a lineinfile task writes "<ip> <fqdn>" to /etc/hosts so a managed mesh host survives a local-DNS hiccup (the 2026-06-18 incident class). FQDN derived from base__mesh_management_url via regex_replace (no community.general). Gated on base__mesh_enabled | bool and pin length; the coordinator host (askari/offsite_hosts) stays exempt. Production pin wired for ubongo (77.42.120.136). Molecule dns_servers fix included (Docker/NetBird DNS incompatibility). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| production | ||
| staging | ||
| README.md | ||
inventories/
Ansible inventories, one directory per environment (staging/, production/).
Defines which hosts exist and their group membership; group_vars/ and host_vars/
hold per-group and per-host configuration.
hosts.ymlis generated from Terraform outputs bymake tf-inventory— do not hand-edit. The control node is the one manual exception.offsite.yml(inproduction/) is a second generated inventory file, written bymake tf-inventory-offsitefrom the offsite Terraform env; it holds theoffsite_hostsgroup (askari). Ansible merges it withhosts.yml, so both can declare the same group names harmlessly (the offsite generator emits all four groups, most empty).- Host groups:
all,control,docker_hosts,proxmox_hosts,offsite_hosts. - Terraform→inventory data flow and the data contract: ADR-009.
- Addressing conventions (subnets, ranges): ADR-007.
- Layout and host groups: see CLAUDE.md ("Inventory structure").