From b2307412fc0ffc7935fc428b5ee3bb18cd1199ca Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Tue, 20 Jan 2026 09:10:23 -0800 Subject: [PATCH] Add P4 implementation notes and mark complete --- ...P4_miniflux.md => P4_miniflux.complete.md} | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) rename plans/k8s-migration/{P4_miniflux.md => P4_miniflux.complete.md} (74%) diff --git a/plans/k8s-migration/P4_miniflux.md b/plans/k8s-migration/P4_miniflux.complete.md similarity index 74% rename from plans/k8s-migration/P4_miniflux.md rename to plans/k8s-migration/P4_miniflux.complete.md index 958ba05..1fc73cf 100644 --- a/plans/k8s-migration/P4_miniflux.md +++ b/plans/k8s-migration/P4_miniflux.complete.md @@ -123,3 +123,40 @@ argocd app sync blumeops-pg **Issue**: The postgresql role managed `~/.pgpass` for borgmatic. With postgresql role deleted, borgmatic couldn't authenticate. **Solution**: Moved .pgpass management to the borgmatic role. Password is still fetched in playbook pre_tasks as `borgmatic_db_password`. + +### Ansible Check Mode and Registered Variables + +**Problem**: Running `provision-indri --check --diff` failed in the podman role with "Conditional result (True) was derived from value of type 'str'" errors. + +**Root cause**: Command tasks are skipped in check mode, leaving registered variables undefined or with unexpected types when used in conditionals. + +**Solution**: Added `check_mode: false` to read-only command tasks that gather information: +```yaml +- name: Check if podman machine exists + ansible.builtin.command: + cmd: podman machine list --format json + register: podman_machine_list + changed_when: false + check_mode: false # Safe to run in check mode - read-only +``` + +**Lesson**: Any task that registers a variable used in conditionals should have `check_mode: false` if the command is read-only/safe. + +### 1Password CLI on Headless Hosts + +**Issue**: Attempted to run `op` commands on indri, but 1Password CLI requires interactive authentication (biometrics/password). + +**Solution**: All `op` commands must be in `pre_tasks` of the playbook with `delegate_to: localhost` so they run on gilbert (the workstation with GUI auth). + +### Git Workflow for Phase 4 + +1. Created feature branch: `feature/p4-miniflux` +2. Made incremental commits throughout implementation +3. Pointed `miniflux` and `blumeops-pg` apps to feature branch for testing +4. Created PR #33 for review +5. After merge, reset apps to main: + ```bash + argocd app set miniflux --revision main + argocd app set blumeops-pg --revision main + argocd app sync apps + ```