docs: update deployment to use podman-compose

CLAUDE.md

@@ -55,13 +55,16 @@ ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius -m raw \
 # Modify config option
 ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius,edge,sentinel -m lineinfile -a "path=/home/podman/ppf/config.ini line='ssl_only = 1' insertafter='ssl_first'"
 
-# Restart workers (dynamic UID discovery)
+# Restart workers via compose
 ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius,edge,sentinel -m raw \
-  -a "uid=\$(id -u podman) && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman restart ppf-worker"
+  -a "uid=\$(id -u podman) && cd /home/podman/ppf && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman-compose restart"
 ```
 
 ## Full Deployment Procedure
 
+All hosts use `podman-compose` with `compose.yml` for container management.
+Rsync deploys code; compose handles restart.
+
 ### Step 1: Validate Syntax Locally
 
 ```bash
@@ -74,13 +77,17 @@ for f in *.py; do python3 -m py_compile "$f" && echo "OK: $f"; done
 ```bash
 cd /opt/ansible && source venv/bin/activate
 
-# Deploy to ODIN (root ppf/ directory)
+# Deploy to ODIN (root ppf/ directory + compose.master.yml as compose.yml)
 ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m synchronize \
-  -a "src=/home/user/git/ppf/ dest=/home/podman/ppf/ rsync_opts='--include=*.py,--include=servers.txt,--exclude=*'"
+  -a "src=/home/user/git/ppf/ dest=/home/podman/ppf/ rsync_opts='--include=*.py,--include=servers.txt,--include=Dockerfile,--exclude=*'"
+ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m copy \
+  -a "src=/home/user/git/ppf/compose.master.yml dest=/home/podman/ppf/compose.yml owner=podman group=podman"
 
-# Deploy to WORKERS (ppf/src/ subdirectory)
+# Deploy to WORKERS (ppf/src/ subdirectory + compose.worker.yml as compose.yml)
 ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius,edge,sentinel -m synchronize \
-  -a "src=/home/user/git/ppf/ dest=/home/podman/ppf/src/ rsync_opts='--include=*.py,--include=servers.txt,--exclude=*'"
+  -a "src=/home/user/git/ppf/ dest=/home/podman/ppf/src/ rsync_opts='--include=*.py,--include=servers.txt,--include=Dockerfile,--exclude=*'"
+ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius,edge,sentinel -m copy \
+  -a "src=/home/user/git/ppf/compose.worker.yml dest=/home/podman/ppf/compose.yml owner=podman group=podman"
 
 # CRITICAL: Fix ownership on ALL hosts (rsync uses ansible user, containers need podman)
 ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin,cassius,edge,sentinel -m raw \
@@ -92,25 +99,21 @@ ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin,cassius,edge,sentinel -m raw \
 ### Step 3: Restart Services
 
 ```bash
-# Restart ODIN (UID 1005)
-ansible odin -m raw \
-  -a "cd /tmp && XDG_RUNTIME_DIR=/run/user/1005 runuser -u podman -- podman restart ppf"
+# Restart ODIN via compose
+ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m raw \
+  -a "uid=\$(id -u podman) && cd /home/podman/ppf && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman-compose restart"
 
-# Restart WORKERS (dynamic UID discovery)
-ansible cassius,edge,sentinel -m raw \
-  -a "uid=\$(id -u podman) && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman restart ppf-worker"
+# Restart WORKERS via compose
+ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible cassius,edge,sentinel -m raw \
+  -a "uid=\$(id -u podman) && cd /home/podman/ppf && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman-compose restart"
 ```
 
 ### Step 4: Verify All Running
 
 ```bash
-# Check odin (UID 1005)
-ansible odin -m raw \
-  -a "cd /tmp && XDG_RUNTIME_DIR=/run/user/1005 runuser -u podman -- podman ps"
-
-# Check workers (dynamic UID discovery)
-ansible cassius,edge,sentinel -m raw \
-  -a "uid=\$(id -u podman) && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman ps --format '{{.Names}} {{.Status}}'"
+# Check all hosts via compose
+ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin,cassius,edge,sentinel -m raw \
+  -a "uid=\$(id -u podman) && cd /home/podman/ppf && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman-compose ps"
 ```
 
 ## Podman User IDs
@@ -155,7 +158,7 @@ threads = 35
 timeout = 9
 ssl_first = 1     # Try SSL handshake first
 ssl_only = 0      # Set to 1 to skip secondary check on SSL failure
-checktype = head  # Secondary check type: head, irc, judges
+checktype = head  # Secondary check: head, irc, judges, none (SSL-only)
 ```
 
 ### Config Options
@@ -166,7 +169,7 @@ checktype = head  # Secondary check type: head, irc, judges
 ├───────────────┼─────────┼────────────────────────────────────────────────────┤
 │ ssl_first     │ 1       │ Try SSL handshake first, fallback to checktype
 │ ssl_only      │ 0       │ Skip secondary check when SSL fails (faster)
-│ checktype     │ head    │ Secondary check: head, irc, judges
+│ checktype     │ head    │ Secondary check: head, irc, judges, none/false
 │ threads       │ 20      │ Number of test threads
 │ timeout       │ 15      │ Socket timeout in seconds
 └───────────────┴─────────┴────────────────────────────────────────────────────┘
@@ -248,10 +251,11 @@ sudo -u podman podman system reset --force
 
 Odin likely running old code. Redeploy to odin:
 ```bash
-ansible odin -m synchronize \
+ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m synchronize \
   -a "src=/home/user/git/ppf/ dest=/home/podman/ppf/ rsync_opts='--include=*.py,--include=servers.txt,--exclude=*'"
-ansible odin -m raw -a "chown -R podman:podman /home/podman/ppf/"
-ansible odin -m raw -a "cd /tmp; sudo -u podman podman restart ppf"
+ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m raw -a "chown -R podman:podman /home/podman/ppf/"
+ANSIBLE_REMOTE_TMP=/tmp/.ansible ansible odin -m raw \
+  -a "uid=\$(id -u podman) && cd /home/podman/ppf && sudo -u podman XDG_RUNTIME_DIR=/run/user/\$uid podman-compose restart"
 ```
 
 ### Worker Keeps Crashing