coulomb/railiance-cluster
2
0
Fork 0
Code Issues Pull Requests Actions 2 Projects Releases Wiki Activity
42 Commits 1 Branch 0 Tags
359d5b8b5bc3d71dac2784c272fc565da94117fe
Commit Graph

11 Commits

Author SHA1 Message Date
Bernd Worsch
359d5b8b5b bug(gitea): report pgpool CrashLoopBackOff on HA failover + D3 testing policy
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details 
Add RAIL-BS-WP-0003 documenting the 2026-03-10 incident where a PostgreSQL
HA failover caused pgpool to enter CrashLoopBackOff due to a missing
pgpool-password key in the gitea-postgresql-ha-postgresql secret — a bug
present since initial deployment but hidden by the lack of any pod restart.

Add Decision D3: HA and failover scenarios must be tested before a workplan
is considered done. Any HA component deployment requires a passing failover
test script in tests/ and complete Helm values before status = completed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 13:03:36 +00:00
Bernd Worsch
871c31a95d chore(workplan): mark WP-0002 completed — all tasks done 2026-03-10 
State Hub update pending: tunnel was offline during this session.
Run from local machine: cd ~/the-custodian/state-hub && make tunnel HOST=tegwick@92.205.130.254

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 09:44:39 +00:00
tegwick
ac13e94324 chore(workplan): pin k3s version to v1.35.1+k3s1
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 00:54:29 +01:00
tegwick
5891f1a881 chore(workplan): update WP-0002 references after repo rename 
- railiance-hosts → railiance-infra throughout
- ADR-002 → ADR-003 boundary reference
- Remove 'railiance-apps decision pending' note (resolved)

Tasks T01–T05 unchanged — all still todo.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 00:52:07 +01:00
tegwick
01903a17bb chore(rename): railiance-bootstrap → railiance-cluster 
Update all operational references to reflect the new repo name per
ADR-003 (OAS S2 Cluster Runtime). Historical text in docs preserved.
Gitea remote URL updated locally (Gitea repo rename is a manual step).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 00:34:21 +01:00
tegwick
783c8cebbd feat(boundary): remove OS-hardening overlap; add k3s baseline workplan 
Per ADR-002 (railiance-hosts/docs/adr/ADR-002-repo-boundary-hosts-vs-bootstrap.md):
- ansible/harden.yml: replaced with tombstone pointing to railiance-hosts
- ansible/bootstrap.yml: remove `import_playbook: harden.yml`; add
  pre-condition comment; OS hardening is no longer this repo's concern
- docs/first_host.md: rewritten to reflect 3-step flow:
  converge railiance-hosts → railiance-bootstrap k3s install → smoke test
- workplans/RAIL-BS-WP-0002-k3s-baseline.md: new workplan for k3s +
  Helm + Kubernetes platform baseline; linked to repo goal 70ab2379

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 19:53:22 +01:00
tegwick
1d759508ac Workplan belonged to railiance-hosts
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details
2026-03-08 23:30:12 +01:00
tegwick
19661ca0c6 feat(bootstrap): add HostEurope hardening playbook and workplan
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details 
- workplans/RAIL-BS-WP-0002-hosteurope-bootstrap.md: new workplan for
  Secure Single-Server Bootstrap at HostEurope (repo goal d7092599).
  T01-T03 done; T04+T05 require ansible on a box with network access to
  92.205.62.239 (hosts.ini is gitignored — recreate on new box).

- ansible/harden.yml: new playbook — disables root/password SSH auth,
  enables UFW (allow 22/tcp 6443/tcp 8472/udp, deny-all default),
  installs fail2ban with SSH jail, sets HISTCONTROL=ignorespace.

- ansible/bootstrap.yml: import_playbook harden.yml runs before k3s.

- ansible/hosts.ini.example: add [hosteurope] group template.

- QUICKSTART.md: document two-stage bootstrap (harden → k3s).

- CLAUDE.md: add goal_guidance handling to session protocol
  (needs_workplan + alignment_warnings).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-08 22:50:51 +01:00
tegwick
d83bc1049f added dependency workplan
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details
2026-03-04 19:40:32 +01:00
tegwick
c60f678756 docs(workplan): mark RAIL-BS-WP-0001 completed
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details 
All four tasks done; SBOM ingested 13 packages.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 20:23:05 +01:00
tegwick
44428655d2 feat(sbom): add workplan RAIL-BS-WP-0001 — fix Ansible dep management
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details 
State Hub SBOM assessment identified a gap: no lockfile exists for the
Ansible control-node pip dependencies, making the repo unrepresentable
in the SBOM inventory.

4-task workplan to reach SBOM Level 3 (Ingested):
- T01: audit control-node pip deps
- T02: create pyproject.toml + uv.lock for ansible (+ transitive tree)
- T03: ingest into State Hub
- T04: create ansible/requirements.yml (even if empty, to be explicit)

State Hub task: 5f8cade5-119c-42e8-ba93-e9d0478650e4
Workstream: phase-0-operational-baseline (59155efb)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 19:29:20 +01:00