Migrate devpi from minikube to indri (launchd) (#341)
## Summary Devpi was crash-looping under memory pressure on the minikube StatefulSet, breaking the Python toolchain across the repo (`mise run docs-mikado`, `prek`, every `uv pip install`). It moves to indri as a native LaunchAgent. ## What changed - **New ansible role** `ansible/roles/devpi/`: installs `devpi-server` + `devpi-web` into a uv-managed venv, initializes the server-dir on first run via 1Password root password, runs as a LaunchAgent (`mcquack.eblume.devpi`) bound to `127.0.0.1:3141`. Bootstraps from upstream PyPI (so devpi can install itself on a fresh box). - **Caddy**: `pypi.ops.eblu.me` now proxies to `http://localhost:3141`. - **Playbook**: `indri.yml` gains pre_tasks for the root password and the new role. - **service-versions.yaml**: devpi flipped from `type: argocd` to `type: ansible`. - **ArgoCD**: removed `apps/devpi.yaml` and `manifests/devpi/`. The in-cluster Application, namespace, and PVC have been deleted. - **Docs**: new how-to `docs/how-to/operations/devpi-on-indri.md`; `restart-indri.md` lists devpi in the LaunchAgent stop list. ## Already deployed (live on indri) - Service running: `launchctl list mcquack.eblume.devpi` → PID 53888 - `curl https://pypi.ops.eblu.me/+api` returns 200 ✅ - `mise run docs-mikado` works again ✅ - 1.0G of cached PyPI data was migrated from the PVC to `~erichblume/devpi/server-dir/` - Minikube namespace and PVC fully reclaimed ## Test plan - [ ] `mise run services-check` (after merge) - [ ] CI workflows that use devpi succeed - [ ] No regressions in tools that depend on `pypi.ops.eblu.me` (prek, uv-script tasks, dagger pipelines) ## Context This is the C1 prelude to a planned C2 chain (`mikado/retire-minikube-indri`) to retire minikube on indri entirely. Doing devpi as a standalone C1 was the right call because (a) it was urgent — it was breaking the toolchain — and (b) it shakes out the migration recipe before we commit to a multi-leaf chain. Reviewed-on: #341
This commit is contained in:
parent
f4a24595b1
commit
14ca0160ba
24 changed files with 260 additions and 289 deletions
|
|
@ -37,7 +37,7 @@ acl = tailscale.Acl(
|
|||
|
||||
# indri - Mac Mini M1, primary homelab server
|
||||
# Hosts forge, loki, zot registry, and the k8s control plane.
|
||||
# Other services (grafana, kiwix, devpi, etc.) run in k8s with their own Tailscale devices.
|
||||
# Other services (grafana, kiwix, etc.) run in k8s with their own Tailscale devices.
|
||||
indri = tailscale.get_device(name="indri.tail8d86e.ts.net")
|
||||
indri_tags = tailscale.DeviceTags(
|
||||
"indri-tags",
|
||||
|
|
|
|||
|
|
@ -20,7 +20,8 @@
|
|||
},
|
||||
|
||||
// --- Members: user-facing services only ---
|
||||
// Kiwix, Forge, devpi, Miniflux, PostgreSQL
|
||||
// Kiwix, Forge, Miniflux, PostgreSQL
|
||||
// (devpi moved off-cluster to indri; reachable via Caddy on tag:flyio-target)
|
||||
{
|
||||
"src": ["autogroup:member"],
|
||||
"dst": ["tag:kiwix"],
|
||||
|
|
@ -31,11 +32,6 @@
|
|||
"dst": ["tag:forge"],
|
||||
"ip": ["tcp:443", "tcp:22"],
|
||||
},
|
||||
{
|
||||
"src": ["autogroup:member"],
|
||||
"dst": ["tag:devpi"],
|
||||
"ip": ["tcp:443"],
|
||||
},
|
||||
{
|
||||
"src": ["autogroup:member"],
|
||||
"dst": ["tag:feed"],
|
||||
|
|
@ -152,7 +148,6 @@
|
|||
"tag:grafana": ["autogroup:admin", "tag:blumeops"],
|
||||
"tag:kiwix": ["autogroup:admin", "tag:blumeops"],
|
||||
"tag:forge": ["autogroup:admin", "tag:blumeops"],
|
||||
"tag:devpi": ["autogroup:admin", "tag:blumeops"],
|
||||
"tag:loki": ["autogroup:admin", "tag:blumeops"],
|
||||
"tag:pg": ["autogroup:admin", "tag:blumeops"],
|
||||
"tag:feed": ["autogroup:admin", "tag:blumeops"],
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue