32 Commits

Author	SHA1	Message	Date
MichaelFisher1997	fc4eb1bc6e	fix: add heuristic SSH inventory fallback for generic hostnames ... When Proxmox guest-agent IPs are empty and SSH discovery returns duplicate generic hostnames (e.g. flex), assign remaining missing nodes from unmatched SSH-reachable IPs in deterministic order. Also emit SSH-reachable IP diagnostics on failure.	2026-03-04 23:07:45 +00:00
MichaelFisher1997	f0093deedc	fix: avoid assigning control-plane VIP as node SSH address ... Exclude the configured VIP suffix from subnet scans and prefer non-VIP IPs when multiple SSH endpoints resolve to the same node. This prevents cp-1 being discovered as .250 and later failing SSH commands against the floating VIP.	2026-03-04 19:26:37 +00:00
MichaelFisher1997	b4265a649e	fix: map SSH-discovered nodes by VMID when hostnames are generic ... Some freshly cloned VMs still report template/generic hostnames during discovery. Probe DMI product serial over SSH and map it to Terraform VMIDs so cp-2/cp-3/wk-2 can be resolved even before hostname reconciliation.	2026-03-03 22:16:35 +00:00
MichaelFisher1997	9ae8eb6134	fix: make SSH inventory discovery more reliable on CI ... Increase default SSH timeout, reduce scan concurrency, and add a second slower scan pass to avoid transient misses on busy runners. Also print discovered hostnames to improve failure diagnostics when node-name matching fails.	2026-03-03 21:08:29 +00:00
MichaelFisher1997	6fecfb3ee6	refactor: add Python bootstrap controller with resumable state ... Introduce a clean orchestration layer in nixos/kubeadm/bootstrap/controller.py and slim rebuild-and-bootstrap.sh into a thin wrapper. The controller now owns preflight, rebuild, init, CNI install, join, and verify stages with persisted checkpoints on cp-1 plus a local state copy for CI debugging.	2026-03-03 00:09:10 +00:00
MichaelFisher1997	190dc2e095	fix: restore compatibility with older nixos-rebuild sudo flag ... Use --use-remote-sudo in rebuild script since the runner's nixos-rebuild does not support --sudo yet.	2026-03-02 22:30:38 +00:00
MichaelFisher1997	a81799a2b5	fix: stabilize kubeadm bootstrap and reduce Proxmox plan latency ... Move kubeadm reset ahead of kube-vip manifest generation, use super-admin.conf during bootstrap for kube-vip, and restore admin.conf after init. Also switch nixos-rebuild to --sudo and make QEMU guest agent optional so Terraform plan can skip slow guest-agent refreshes when it is not installed.	2026-03-02 22:09:10 +00:00
MichaelFisher1997	d42e83358c	fix: mask kubelet before rebuild, unmask in kubeadm helpers ... - Mask kubelet service entirely before nixos-rebuild to prevent systemd from restarting it during switch - Unmask kubelet in th-kubeadm-init/join scripts before starting	2026-03-02 12:44:40 +00:00
MichaelFisher1997	ab5cc8b01d	fix: disable lingering kubelet service before node rebuild	2026-03-02 10:08:27 +00:00
MichaelFisher1997	9b03cec23e	fix: correctly propagate remote command exit status	2026-03-02 00:52:24 +00:00
MichaelFisher1997	fd7be1a428	fix: require admin kubeconfig before skipping cp init	2026-03-01 23:42:56 +00:00
MichaelFisher1997	f9e7356f94	fix: make cp-1 init detection and join token generation robust	2026-03-01 21:56:59 +00:00
MichaelFisher1997	a5f0f0a420	fix: recover when admin kubeconfig is missing on primary control plane	2026-03-01 20:58:44 +00:00
MichaelFisher1997	661fbc2ff4	fix: use admin kubeconfig for final cluster node check	2026-03-01 20:31:57 +00:00
MichaelFisher1997	3fa227d7c9	feat: add SSH-based fallback for kubeadm IP inventory	2026-03-01 19:28:15 +00:00
MichaelFisher1997	718a9930e8	fix: fail fast when terraform node IP outputs are empty	2026-03-01 18:01:09 +00:00
MichaelFisher1997	7ec1ce92cf	fix: auto-detect kube-vip interface and tighten SSH fallback	2026-03-01 17:34:09 +00:00
MichaelFisher1997	88db11292d	fix: fallback SSH user per host during bootstrap steps	2026-03-01 13:34:15 +00:00
MichaelFisher1997	760d0e8b5b	perf: speed up first bootstrap with fast-mode defaults	2026-03-01 03:33:42 +00:00
MichaelFisher1997	dad409a5b7	fix: restore use-remote-sudo for nixos-rebuild compatibility	2026-02-28 23:20:12 +00:00
MichaelFisher1997	45e818b113	fix: enable nix-command for remote gc and use --sudo	2026-02-28 22:55:15 +00:00
MichaelFisher1997	f5d9eba9d0	feat: parallelize worker rebuilds with retry and timeout	2026-02-28 22:15:48 +00:00
MichaelFisher1997	327c07314c	fix: reclaim remote nix store space before rebuild	2026-02-28 21:24:26 +00:00
MichaelFisher1997	3b5d04dda2	fix: force bash for remote kubeadm commands	2026-02-28 21:06:35 +00:00
MichaelFisher1997	ba912810d1	fix: preconfigure remote nix trusted-users before rebuild	2026-02-28 20:25:50 +00:00
MichaelFisher1997	5c037d9a99	fix: prefer root SSH for deploy and trust micqdf in nix	2026-02-28 20:03:26 +00:00
MichaelFisher1997	244887e9c2	fix: auto-detect SSH login user for node operations	2026-02-28 19:25:48 +00:00
MichaelFisher1997	c94c1f61d8	fix: force explicit SSH identity for kubeadm remote operations	2026-02-28 17:16:31 +00:00
MichaelFisher1997	046de9b3d4	fix: preseed known_hosts for kubeadm SSH operations	2026-02-28 17:07:43 +00:00
MichaelFisher1997	5669305e59	feat: make kubeadm workflows auto-scale with terraform outputs	2026-02-28 16:43:22 +00:00
MichaelFisher1997	f341816112	feat: run kubeadm reconcile after terraform apply on master	2026-02-28 16:39:04 +00:00
MichaelFisher1997	9fe845b53d	feat: add repeatable kubeadm rebuild and reset scripts	2026-02-28 16:24:45 +00:00