diff --git a/Makefile b/Makefile index 15ca2fb..60a7c98 100644 --- a/Makefile +++ b/Makefile @@ -136,20 +136,48 @@ ansible-bootstrap: ## Run base bootstrap play (users, ssh, ufw, sops-agent, cust provision-custodian-agent: ## Deploy custodian agent SSH key to all managed hosts @python3 -c "import yaml; d=yaml.safe_load(open('ansible/inventory/group_vars/all.yaml')); k=d.get('custodian_agent_pubkey',''); exit(0 if k else 1)" \ || (echo "ERROR: custodian_agent_pubkey is empty. Run: cd ~/the-custodian && make custodian-keygen"; exit 1) - cd ansible && ansible-playbook playbooks/bootstrap.yaml -u $(SSH_USER) \ - --tags custodian_agent \ - --extra-vars "@inventory/group_vars/all.yaml" + cd ansible && ansible-playbook playbooks/custodian-agent.yaml -u $(SSH_USER) -provision-custodian-agent-host: ## Deploy custodian agent key to one host: make provision-custodian-agent-host HOST=railiance01 - @test -n "$(HOST)" || (echo "Usage: make provision-custodian-agent-host HOST="; exit 1) - cd ansible && ansible-playbook playbooks/bootstrap.yaml -u $(SSH_USER) \ - --limit "$(HOST)" \ - --tags custodian_agent \ - --extra-vars "@inventory/group_vars/all.yaml" +provision-custodian-agent-host: ## Deploy custodian agent key to one host: make provision-custodian-agent-host HOST=Railiance01 + @test -n "$(HOST)" || (echo "Usage: make provision-custodian-agent-host HOST=Railiance01"; exit 1) + cd ansible && ansible-playbook playbooks/custodian-agent.yaml -u $(SSH_USER) \ + --limit "$(HOST)" # ---- Orchestration ---- apply: tf-fmt tf-apply ansible-bootstrap ## Provision via Terraform then converge via Ansible +deploy-stack: ## Print the full S1→S5 ordered deploy sequence (operator follows each step) + @echo "" + @echo "╔══════════════════════════════════════════════════════════════╗" + @echo "║ Railiance Stack — Full Deploy Sequence ║" + @echo "║ See docs/deploy-stack.md for full runbook ║" + @echo "╚══════════════════════════════════════════════════════════════╝" + @echo "" + @echo "PRE-CONDITIONS" + @echo " [ ] SSH key: ~/.ssh/id_ops" + @echo " [ ] SOPS key: ~/.config/sops/age/keys.txt (or SOPS_AGE_KEY)" + @echo " [ ] ops-bridge: bridge up state-hub-coulombcore k3s-api-coulombcore" + @echo "" + @echo "S1 — Infrastructure Substrate (this repo)" + @echo " make tf-plan && make tf-apply # provision server (skip if exists)" + @echo " ssh tegwick@92.205.130.254 'cd ~/railiance-infra/ansible && ansible-playbook playbooks/bootstrap.yaml -c local --become -l CoulombCore'" + @echo " make verify" + @echo "" + @echo "S2 — Cluster Runtime (railiance-cluster)" + @echo " ssh tegwick@92.205.130.254 'cd ~/railiance-cluster && make converge && make smoke'" + @echo "" + @echo "S3 — Platform Services (railiance-platform)" + @echo " ssh tegwick@92.205.130.254 'cd ~/railiance-platform && make db-deploy && make valkey-deploy'" + @echo "" + @echo "S4 — Developer Enablement (no workplan yet — ArgoCD already at cluster)" + @echo " (no steps required)" + @echo "" + @echo "S5 — Workloads (railiance-apps)" + @echo " ssh tegwick@92.205.130.254 'cd ~/railiance-apps && make gitea-deploy'" + @echo " ssh tegwick@92.205.130.254 'cd ~/railiance-apps && make state-hub-deploy' # T09" + @echo "" + @echo " Full runbook: docs/deploy-stack.md" + # ---- Utilities ---- doctor: ## Check tools and basic repo setup @bash -ceu ' \ diff --git a/ansible/playbooks/custodian-agent.yaml b/ansible/playbooks/custodian-agent.yaml new file mode 100644 index 0000000..eff77ce --- /dev/null +++ b/ansible/playbooks/custodian-agent.yaml @@ -0,0 +1,16 @@ +--- +# Minimal playbook — only deploys the Custodian automation SSH key. +# Use this instead of bootstrap.yaml when you only need key injection: +# +# cd ~/railiance-infra/ansible +# ansible-playbook playbooks/custodian-agent.yaml -u tegwick --limit Railiance01 +# +# Or via Makefile from repo root: +# make provision-custodian-agent-host HOST=Railiance01 + +- hosts: all + become: true + vars_files: + - ../inventory/group_vars/all.yaml + roles: + - role: custodian_agent