Migrate registry to Caddy (registry.ops.eblu.me) (#58)
## Summary - Update all references from `registry.tail8d86e.ts.net` to `registry.ops.eblu.me` - Remove `tailscale_serve` ansible role (no longer needed - all services migrated to Caddy) - Update minikube containerd config for new registry URL - Update devpi manifest, CI actions, and mise tasks ## Deployment and Testing - [ ] Run `mise run provision-indri -- --check --diff` (dry run) - [ ] Run `mise run provision-indri -- --tags minikube` to update containerd config - [ ] Sync devpi ArgoCD app: `argocd app sync devpi` - [ ] Manually remove old Tailscale serve entry: `ssh indri 'tailscale serve --service=svc:registry off'` - [ ] Test registry access: `curl https://registry.ops.eblu.me/v2/_catalog` - [ ] Run `mise run indri-services-check` to verify all services healthy 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/58
This commit is contained in:
parent
9c1b7c7ca1
commit
d6e6b48f6a
11 changed files with 14 additions and 70 deletions
|
|
@ -114,8 +114,6 @@
|
|||
tags: minikube_metrics
|
||||
- role: plex_metrics
|
||||
tags: plex_metrics
|
||||
- role: tailscale_serve
|
||||
tags: tailscale-serve
|
||||
- role: forgejo_runner
|
||||
tags: forgejo_runner
|
||||
- role: caddy
|
||||
|
|
|
|||
|
|
@ -85,29 +85,29 @@
|
|||
ansible.builtin.command:
|
||||
cmd: minikube ssh --native-ssh=false "sudo mkdir -p /etc/containerd/certs.d/{{ item }}"
|
||||
loop:
|
||||
- registry.tail8d86e.ts.net
|
||||
- registry.ops.eblu.me
|
||||
- docker.io
|
||||
- ghcr.io
|
||||
- quay.io
|
||||
changed_when: false
|
||||
when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout
|
||||
|
||||
# Private registry (registry.tail8d86e.ts.net) - direct to zot
|
||||
- name: Check registry.tail8d86e.ts.net config
|
||||
# Private registry (registry.ops.eblu.me) - direct to zot
|
||||
- name: Check registry.ops.eblu.me config
|
||||
ansible.builtin.command:
|
||||
cmd: minikube ssh --native-ssh=false "cat /etc/containerd/certs.d/registry.tail8d86e.ts.net/hosts.toml 2>/dev/null || echo ''"
|
||||
cmd: minikube ssh --native-ssh=false "cat /etc/containerd/certs.d/registry.ops.eblu.me/hosts.toml 2>/dev/null || echo ''"
|
||||
register: minikube_registry_config
|
||||
changed_when: false
|
||||
when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout
|
||||
|
||||
- name: Configure registry.tail8d86e.ts.net mirror
|
||||
- name: Configure registry.ops.eblu.me mirror
|
||||
ansible.builtin.command:
|
||||
cmd: |
|
||||
minikube ssh --native-ssh=false 'echo "server = \"http://host.minikube.internal:5050\"
|
||||
|
||||
[host.\"http://host.minikube.internal:5050\"]
|
||||
capabilities = [\"pull\", \"resolve\", \"push\"]
|
||||
skip_verify = true" | sudo tee /etc/containerd/certs.d/registry.tail8d86e.ts.net/hosts.toml'
|
||||
skip_verify = true" | sudo tee /etc/containerd/certs.d/registry.ops.eblu.me/hosts.toml'
|
||||
changed_when: true
|
||||
when:
|
||||
- minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout
|
||||
|
|
|
|||
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
# Tailscale serve configuration for this host
|
||||
# Each service maps a Tailscale service name to local endpoints
|
||||
#
|
||||
# NOTE: forge has been migrated to Caddy (forge.ops.eblu.me)
|
||||
# Registry will be migrated next, then this role can be retired.
|
||||
|
||||
tailscale_serve_services:
|
||||
- name: svc:registry
|
||||
https:
|
||||
port: 443
|
||||
upstream: http://localhost:5050
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
# Role ordering is controlled by indri.yml playbook - do not add dependencies here
|
||||
# (Ansible's tag accumulation prevents proper deduplication when using meta dependencies)
|
||||
dependencies: []
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
---
|
||||
- name: Get current tailscale serve status
|
||||
ansible.builtin.command: tailscale serve status --json
|
||||
register: tailscale_serve_status
|
||||
changed_when: false
|
||||
|
||||
- name: Parse serve status
|
||||
ansible.builtin.set_fact:
|
||||
tailscale_serve_config: "{{ ((tailscale_serve_status.stdout | default('{}', true)) | from_json).Services | default({}) }}"
|
||||
|
||||
# Configure HTTPS if service doesn't have Web config yet
|
||||
- name: Configure HTTPS services
|
||||
ansible.builtin.command: >
|
||||
tailscale serve --service="{{ item.name }}"
|
||||
--https={{ item.https.port }} {{ item.https.upstream }}
|
||||
loop: "{{ tailscale_serve_services }}"
|
||||
when:
|
||||
- item.https is defined
|
||||
- tailscale_serve_config[item.name] is not defined or tailscale_serve_config[item.name].Web is not defined
|
||||
register: tailscale_serve_https_result
|
||||
changed_when: true
|
||||
failed_when: false
|
||||
|
||||
# Configure TCP if service doesn't have the specific port configured yet
|
||||
- name: Configure TCP services
|
||||
ansible.builtin.command: >
|
||||
tailscale serve --service="{{ item.name }}"
|
||||
--tcp={{ item.tcp.port }} {{ item.tcp.upstream }}
|
||||
loop: "{{ tailscale_serve_services }}"
|
||||
when:
|
||||
- item.tcp is defined
|
||||
- tailscale_serve_config[item.name] is not defined or
|
||||
tailscale_serve_config[item.name].TCP is not defined or
|
||||
tailscale_serve_config[item.name].TCP[item.tcp.port | string] is not defined or
|
||||
tailscale_serve_config[item.name].TCP[item.tcp.port | string].TCPForward is not defined
|
||||
register: tailscale_serve_tcp_result
|
||||
changed_when: true
|
||||
failed_when: false
|
||||
Loading…
Add table
Add a link
Reference in a new issue