coulomb/railiance-cluster
2
0
Fork 0
Code Issues Pull Requests Actions 1 Projects Releases Wiki Activity

feat(boundary): remove OS-hardening overlap; add k3s baseline workplan

Browse Source 
Per ADR-002 (railiance-hosts/docs/adr/ADR-002-repo-boundary-hosts-vs-bootstrap.md):
- ansible/harden.yml: replaced with tombstone pointing to railiance-hosts
- ansible/bootstrap.yml: remove `import_playbook: harden.yml`; add
  pre-condition comment; OS hardening is no longer this repo's concern
- docs/first_host.md: rewritten to reflect 3-step flow:
  converge railiance-hosts → railiance-bootstrap k3s install → smoke test
- workplans/RAIL-BS-WP-0002-k3s-baseline.md: new workplan for k3s +
  Helm + Kubernetes platform baseline; linked to repo goal 70ab2379

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Bernd Worsch
2026-03-09 19:53:22 +01:00
parent 1d759508ac
commit 783c8cebbd
4 changed files with 219 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
docs/first_host.md
View File

@@ -1,22 +1,39 @@
# First Railiance Host — Provider Guide
# First Railiance Host — Setup Guide
## 1) Generate SSH key
```
bin/railiance gen-ssh-key
## Prerequisites
The target server must be a converged `railiance-hosts` node before running
anything from this repo. The OS baseline (SSH hardening, UFW, fail2ban, SOPS
agent) is owned by `railiance-hosts`.
**Step 0 — Converge the host OS (railiance-hosts)**
```bash
# In railiance-hosts/
make converge # apply OS baseline roles
make verify # confirm all Goss assertions pass
```
## 2) Choose a VM
Ubuntu 24.04 LTS, 2 vCPU, 48GB RAM, 60+GB SSD, open 22/80/443.
See `railiance-hosts/docs/adr/ADR-002-repo-boundary-hosts-vs-bootstrap.md`
for the boundary definition between the two repos.
## 3) Cloud-init
```
bin/railiance cloudinit > user-data.yaml
---
## Kubernetes bootstrap (this repo)
### 1) Inventory
Add the host to `ansible/hosts.ini` (gitignored — recreate on each machine):
```ini
[hosteurope]
92.205.62.239 ansible_user=tegwick
```
## 4) Seed
Copy Spore or clone directly, then run seed script on the host.
### 2) Install k3s
```bash
ansible-playbook -i ansible/hosts.ini ansible/bootstrap.yml
```
## 5) Bootstrap (optional now)
```
ansible-playbook -i ansible/inventory/hosts.ini ansible/bootstrap.yml
### 3) Smoke test
```bash
tests/smoke_kube.sh
```