From 1ee2863fc78e9fc176d1d86c738521e9111a78ad Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sat, 17 Jan 2026 20:44:45 -0800 Subject: [PATCH] Fix zot port and sync config, update plan with implementation details - Change zot port from 5000 to 5050 (macOS ControlCenter uses 5000) - Fix sync config: use destination for namespacing, prefix ** for matching - Update tailscale_serve to use port 5050 - Add zot role to main playbook - Document implementation details in plan Co-Authored-By: Claude Opus 4.5 --- ansible/playbooks/indri.yml | 2 ++ ansible/roles/tailscale_serve/defaults/main.yml | 2 +- ansible/roles/zot/defaults/main.yml | 2 +- ansible/roles/zot/templates/config.json.j2 | 2 +- plans/k8s-migration.md | 8 ++++++++ 5 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ansible/playbooks/indri.yml b/ansible/playbooks/indri.yml index 4645cb4..5796b52 100644 --- a/ansible/playbooks/indri.yml +++ b/ansible/playbooks/indri.yml @@ -99,6 +99,8 @@ tags: devpi - role: devpi_metrics tags: devpi_metrics + - role: zot + tags: zot - role: plex_metrics tags: plex_metrics - role: postgresql diff --git a/ansible/roles/tailscale_serve/defaults/main.yml b/ansible/roles/tailscale_serve/defaults/main.yml index b28dc02..b17b847 100644 --- a/ansible/roles/tailscale_serve/defaults/main.yml +++ b/ansible/roles/tailscale_serve/defaults/main.yml @@ -39,4 +39,4 @@ tailscale_serve_services: - name: svc:registry https: port: 443 - upstream: http://localhost:5000 + upstream: http://localhost:5050 diff --git a/ansible/roles/zot/defaults/main.yml b/ansible/roles/zot/defaults/main.yml index 6335fc0..812ac51 100644 --- a/ansible/roles/zot/defaults/main.yml +++ b/ansible/roles/zot/defaults/main.yml @@ -3,7 +3,7 @@ zot_repo_dir: /Users/erichblume/code/3rd/zot zot_binary: "{{ zot_repo_dir }}/bin/zot-darwin-arm64" zot_data_dir: /Users/erichblume/zot zot_config_dir: /Users/erichblume/.config/zot -zot_port: 5000 +zot_port: 5050 zot_log_dir: /Users/erichblume/Library/Logs # Pull-through cache registries (on-demand sync) diff --git a/ansible/roles/zot/templates/config.json.j2 b/ansible/roles/zot/templates/config.json.j2 index fb5c9fa..7124dc2 100644 --- a/ansible/roles/zot/templates/config.json.j2 +++ b/ansible/roles/zot/templates/config.json.j2 @@ -20,7 +20,7 @@ {% for registry in zot_sync_registries %} { "urls": ["{{ registry.url }}"], - "content": [{"prefix": "{{ registry.name }}/**"}], + "content": [{"prefix": "**", "destination": "/{{ registry.name }}"}], "onDemand": true, "tlsVerify": true }{% if not loop.last %},{% endif %} diff --git a/plans/k8s-migration.md b/plans/k8s-migration.md index 4650719..91917dd 100644 --- a/plans/k8s-migration.md +++ b/plans/k8s-migration.md @@ -324,6 +324,10 @@ ssh indri 'curl -s http://localhost:5000/v2/_catalog' # Expected: {"repositories":["docker.io/library/alpine"]} ``` +**Implementation Details:** +- Changed port from 5000 to 5050 because macOS ControlCenter (AirPlay Receiver) uses port 5000 by default. +- Fixed sync config: use `"content": [{"prefix": "**", "destination": "/{{ registry.name }}"}]` instead of `"prefix": "{{ registry.name }}/**"`. The destination rewrites the local path, while prefix `**` matches all upstream repos. + --- ### Step 0.4: Add Zot to Tailscale Serve @@ -357,6 +361,10 @@ curl -s https://registry.tail8d86e.ts.net/v2/_catalog # Expected: {"repositories":["blumeops/test","docker.io/library/alpine"]} ``` +**Implementation Details:** +- Changed upstream port from 5000 to 5050 (see Step 0.3 implementation details). +- After running `tailscale serve`, the service must be approved in Tailscale admin console at https://login.tailscale.com/admin/services before it becomes accessible. + --- ### Step 0.5: Create Zot Metrics Role