proxmox-install: fetch prebuilt bundle from Gitea package registry
Drops the per-install Go toolchain dance + source build. The installer
now just curls the bundle from
${REGISTRY_URL}/api/packages/${PACKAGE_OWNER}/generic/vetting/${VETTING_VERSION}/vetting-bundle.tar.gz,
extracts it, and hands off to the bundled install.sh with explicit
--binary / --agent-binary paths so the in-bundle layout is picked up.
Default version is `latest` (rolling alias, overwritten by release.yml
on each push to main). Pin via `VETTING_VERSION=sha-abc1234 curl ... |
bash` when rolling back or testing a specific commit.
Removes the `apt install build-essential git` + Go toolchain download
+ templ install + `make orchestrator-linux agent-linux` path — the CI
workflow already produced all of that. Install time on a cold LXC
drops from minutes to under a minute, and live-image kernel/initrd
now arrive with every install instead of requiring a separate WSL
build.
Also rewrites docs/operations.md's install section around the
one-liner, keeps the `make release` + scp path as the offline
fallback, and swaps the upgrade section to just "rerun the one-liner."
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+47
-28
@@ -11,32 +11,50 @@ Target: a Debian/Ubuntu LXC on the Proxmox host that holds the cluster
|
||||
you're vetting for. The LXC must be on the same L2 segment as the
|
||||
repaired nodes so DHCP and WoL work.
|
||||
|
||||
### One-shot release bundle (recommended)
|
||||
### One-liner install (recommended)
|
||||
|
||||
On your dev workstation (Linux, or WSL on Windows):
|
||||
Every push to `main` kicks off a Gitea Actions run that builds a full
|
||||
release bundle (orchestrator + agent + live image + install scripts +
|
||||
pinned iPXE SHAs) and publishes it to the Gitea package registry. The
|
||||
LXC installer fetches the prebuilt tarball — no source clone, no Go
|
||||
toolchain, no `make`, no WSL.
|
||||
|
||||
On the LXC:
|
||||
|
||||
```
|
||||
make release
|
||||
curl -fsSL https://gitea.thewrightserver.net/josh/Vetting/raw/branch/main/deploy/proxmox-install.sh \
|
||||
| sudo bash
|
||||
```
|
||||
|
||||
Produces `bin/vetting-bundle-<sha>.tar.gz` containing the orchestrator
|
||||
binary, agent binary, live image (`vmlinuz` + `initrd.img`), install
|
||||
scripts, `vetting.service`, the production yaml, and the pinned iPXE
|
||||
SHA256 file.
|
||||
|
||||
Ship it to the LXC:
|
||||
To pin a specific build instead of the rolling `latest`:
|
||||
|
||||
```
|
||||
VETTING_VERSION=sha-abc1234 curl -fsSL .../proxmox-install.sh | sudo bash
|
||||
```
|
||||
|
||||
`proxmox-install.sh` curls the bundle from
|
||||
`${REGISTRY_URL}/api/packages/${PACKAGE_OWNER}/generic/vetting/${VETTING_VERSION}/vetting-bundle.tar.gz`,
|
||||
extracts it, and hands off to the bundled `install.sh` for the base
|
||||
install (user, binaries, config, systemd unit).
|
||||
|
||||
If you don't need PXE (e.g. host-mode reporter only, no automated
|
||||
live-boots), you can stop here — edit `/etc/vetting/vetting.yaml` to
|
||||
tune `server.bind` / `public_url`, then
|
||||
`sudo systemctl enable --now vetting`.
|
||||
|
||||
### Offline / air-gapped install
|
||||
|
||||
If the LXC can't reach the registry, build the tarball locally and
|
||||
`scp` it across:
|
||||
|
||||
```
|
||||
make release # on a Linux/WSL workstation
|
||||
scp bin/vetting-bundle-<sha>.tar.gz lxc:/tmp/
|
||||
ssh lxc 'cd /tmp && tar xzf vetting-bundle-*.tar.gz'
|
||||
ssh lxc 'cd /tmp/vetting-bundle-<sha> && sudo ./install.sh'
|
||||
ssh lxc 'cd /tmp && tar xzf vetting-bundle-*.tar.gz \
|
||||
&& cd vetting-bundle-* && sudo ./install.sh'
|
||||
```
|
||||
|
||||
`install.sh` does the base install (user, binaries, config, systemd
|
||||
unit). If you don't need PXE (e.g. host-mode reporter only, no
|
||||
automated live-boots), you can stop here — edit
|
||||
`/etc/vetting/vetting.yaml` to tune `server.bind` / `public_url`,
|
||||
then `sudo systemctl enable --now vetting`.
|
||||
Same bundle layout either way.
|
||||
|
||||
### PXE enablement
|
||||
|
||||
@@ -90,9 +108,9 @@ silently when a host first PXE-boots.
|
||||
`pxe-setup.sh` is idempotent — safe to re-run. Pass `--force` to
|
||||
overwrite a hand-edited `pxe:` block.
|
||||
|
||||
### Manual install (no release tarball)
|
||||
### Dev-loop install (from a source checkout)
|
||||
|
||||
For dev-loop iteration on the LXC itself:
|
||||
For iterating on the orchestrator without waiting for a CI publish:
|
||||
|
||||
1. On your workstation: `make orchestrator-linux && make agent-linux`
|
||||
2. Copy the repo tree (or just `bin/` + `deploy/`) onto the LXC
|
||||
@@ -197,14 +215,15 @@ auth is independent and keeps working either way.
|
||||
|
||||
## Upgrading
|
||||
|
||||
1. `make orchestrator-linux` on your workstation.
|
||||
2. `scp bin/vetting-linux-amd64 lxc:/tmp/vetting.new`
|
||||
3. On the LXC:
|
||||
```
|
||||
sudo systemctl stop vetting
|
||||
sudo install -m 0755 /tmp/vetting.new /usr/local/bin/vetting
|
||||
sudo systemctl start vetting
|
||||
```
|
||||
Rerun the registry-fetch one-liner on the LXC:
|
||||
|
||||
The DB migration runs at startup and is append-only — no manual schema
|
||||
work unless a release's notes call it out.
|
||||
```
|
||||
curl -fsSL https://gitea.thewrightserver.net/josh/Vetting/raw/branch/main/deploy/proxmox-install.sh \
|
||||
| sudo bash
|
||||
sudo systemctl restart vetting
|
||||
```
|
||||
|
||||
Pin to a specific build with `VETTING_VERSION=sha-abc1234` if you
|
||||
need to roll back or test a commit. The DB migration runs at startup
|
||||
and is append-only — no manual schema work unless a release's notes
|
||||
call it out.
|
||||
|
||||
Reference in New Issue
Block a user