diff --git a/CLAUDE.md b/CLAUDE.md index a1e4987..901f677 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -55,13 +55,16 @@ ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius -m raw \ # Modify config option ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius,edge,sentinel -m lineinfile -a "path=/home/podman/ppf/config.ini line='ssl_only = 1' insertafter='ssl_first'" -# Restart workers (dynamic UID discovery) +# Restart workers via compose ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius,edge,sentinel -m raw \ - -a "uid=\$(id -u podman) && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman restart ppf-worker" + -a "uid=\$(id -u podman) && cd /home/podman/ppf && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman-compose restart" ``` ## Full Deployment Procedure +All hosts use `podman-compose` with `compose.yml` for container management. +Rsync deploys code; compose handles restart. + ### Step 1: Validate Syntax Locally ```bash @@ -74,13 +77,17 @@ for f in *.py; do python3 -m py_compile "$f" && echo "OK: $f"; done ```bash cd /opt/ansible && source venv/bin/activate -# Deploy to ODIN (root ppf/ directory) +# Deploy to ODIN (root ppf/ directory + compose.master.yml as compose.yml) ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m synchronize \ - -a "src=/home/user/git/ppf/ dest=/home/podman/ppf/ rsync_opts='--include=*.py,--include=servers.txt,--exclude=*'" + -a "src=/home/user/git/ppf/ dest=/home/podman/ppf/ rsync_opts='--include=*.py,--include=servers.txt,--include=Dockerfile,--exclude=*'" +ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m copy \ + -a "src=/home/user/git/ppf/compose.master.yml dest=/home/podman/ppf/compose.yml owner=podman group=podman" -# Deploy to WORKERS (ppf/src/ subdirectory) +# Deploy to WORKERS (ppf/src/ subdirectory + compose.worker.yml as compose.yml) ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius,edge,sentinel -m synchronize \ - -a "src=/home/user/git/ppf/ dest=/home/podman/ppf/src/ rsync_opts='--include=*.py,--include=servers.txt,--exclude=*'" + -a "src=/home/user/git/ppf/ dest=/home/podman/ppf/src/ rsync_opts='--include=*.py,--include=servers.txt,--include=Dockerfile,--exclude=*'" +ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius,edge,sentinel -m copy \ + -a "src=/home/user/git/ppf/compose.worker.yml dest=/home/podman/ppf/compose.yml owner=podman group=podman" # CRITICAL: Fix ownership on ALL hosts (rsync uses ansible user, containers need podman) ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin,cassius,edge,sentinel -m raw \ @@ -92,25 +99,21 @@ ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin,cassius,edge,sentinel -m raw \ ### Step 3: Restart Services ```bash -# Restart ODIN (UID 1005) -ansible odin -m raw \ - -a "cd /tmp && XDG_RUNTIME_DIR=/run/user/1005 runuser -u podman -- podman restart ppf" +# Restart ODIN via compose +ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m raw \ + -a "uid=\$(id -u podman) && cd /home/podman/ppf && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman-compose restart" -# Restart WORKERS (dynamic UID discovery) -ansible cassius,edge,sentinel -m raw \ - -a "uid=\$(id -u podman) && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman restart ppf-worker" +# Restart WORKERS via compose +ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius,edge,sentinel -m raw \ + -a "uid=\$(id -u podman) && cd /home/podman/ppf && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman-compose restart" ``` ### Step 4: Verify All Running ```bash -# Check odin (UID 1005) -ansible odin -m raw \ - -a "cd /tmp && XDG_RUNTIME_DIR=/run/user/1005 runuser -u podman -- podman ps" - -# Check workers (dynamic UID discovery) -ansible cassius,edge,sentinel -m raw \ - -a "uid=\$(id -u podman) && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman ps --format '{{.Names}} {{.Status}}'" +# Check all hosts via compose +ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin,cassius,edge,sentinel -m raw \ + -a "uid=\$(id -u podman) && cd /home/podman/ppf && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman-compose ps" ``` ## Podman User IDs @@ -155,7 +158,7 @@ threads = 35 timeout = 9 ssl_first = 1 # Try SSL handshake first ssl_only = 0 # Set to 1 to skip secondary check on SSL failure -checktype = head # Secondary check type: head, irc, judges +checktype = head # Secondary check: head, irc, judges, none (SSL-only) ``` ### Config Options @@ -166,7 +169,7 @@ checktype = head # Secondary check type: head, irc, judges ├───────────────┼─────────┼────────────────────────────────────────────────────┤ │ ssl_first │ 1 │ Try SSL handshake first, fallback to checktype │ ssl_only │ 0 │ Skip secondary check when SSL fails (faster) -│ checktype │ head │ Secondary check: head, irc, judges +│ checktype │ head │ Secondary check: head, irc, judges, none/false │ threads │ 20 │ Number of test threads │ timeout │ 15 │ Socket timeout in seconds └───────────────┴─────────┴────────────────────────────────────────────────────┘ @@ -248,10 +251,11 @@ sudo -u podman podman system reset --force Odin likely running old code. Redeploy to odin: ```bash -ansible odin -m synchronize \ +ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m synchronize \ -a "src=/home/user/git/ppf/ dest=/home/podman/ppf/ rsync_opts='--include=*.py,--include=servers.txt,--exclude=*'" -ansible odin -m raw -a "chown -R podman:podman /home/podman/ppf/" -ansible odin -m raw -a "cd /tmp; sudo -u podman podman restart ppf" +ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m raw -a "chown -R podman:podman /home/podman/ppf/" +ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m raw \ + -a "uid=\$(id -u podman) && cd /home/podman/ppf && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman-compose restart" ``` ### Worker Keeps Crashing