bogdan / LocalAuthority
LocalAuthority / README.md
bogdan Mature registry source contract
0425f33 a day ago History
2 contributors
94 lines | 3.732kb

Madagascar Local Authority

Local authority for Madagascar hosts, DNS manifests, work orders, and host certificates.

The development checkout lives locally at:

/Users/bogdan/Documents/Workspaces/Xdev/Madagascar/LocalAuthority

The canonical GitPrep repository is:

git@192.168.2.102:repositories/bogdan/LocalAuthority.git

The runtime instance lives on jumper and remains the local source for operational registry data:

  • var/host-manager.sqlite - runtime source of truth for host registry and Work Orders
  • config/hosts.yaml - finished host registry export and seed for new databases
  • config/work-orders.yaml - seed/snapshot export for confirmable operational changes
  • scripts/host_manager.pl - Perl-only web app
  • scripts/sync_local_hosts.sh - resolver configuration action for jumper and as01, sourced from the runtime DB on jumper
  • scripts/ca_manager.sh - local OpenSSL CA helper for host certificates

The public xdev.ro zone is maintained in the separate DNS public-zone repository.

Runtime path:

/usr/local/xdev-host-manager

Secrets live outside git in /etc/xdev/host-manager.env.

The product name is Madagascar Local Authority. The technical service, Unix user, repository path, and environment files still use host-manager.

The web UI is OTP-protected for all registry data, downloads, exports, and writes. Automation should consume generated exports with dedicated read-only access, not unauthenticated HTTP.

For agent/operator context, see:

Local development and live testing

Work on application code locally. Do not leave changes parked in a dirty working tree; commit small, coherent changes so they cannot be lost during deploy, reset, or context switches.

cd /Users/bogdan/Documents/Workspaces/Xdev/Madagascar/LocalAuthority
git status --short
git add ...
git commit -m "Describe the change"

For live testing, push the committed code to the runtime checkout on jumper:

git push jumper-runtime HEAD:main

The jumper receive hook validates the Perl scripts, restarts host-manager, writes BUILD, and checks /healthz.

For archival/canonical history, push the same commits to GitPrep:

git push origin main

scripts/deploy_to_jumper.sh remains available as an explicit rsync deploy tool, but the normal development loop is commit plus push: jumper-runtime for live testing, origin/GitPrep for archive and sharing.

config/ is not deployed by default. The live source of truth is var/host-manager.sqlite; hosts.yaml is the finished host export/seed and work-orders.yaml is a compatibility seed/snapshot. Deploy config only when intentionally replacing seed/export files:

scripts/deploy_to_jumper.sh --include-config

The default internal domain is madagascar.xdev.ro. Short aliases are derived automatically from FQDNs, so autonas01.madagascar.xdev.ro also publishes autonas01 without declaring it separately.

Name removals with operational impact go through a Work Order. A WO records intent first; the operational checklist must be completed before confirmation can update the SQLite registry, mark the WO as confirmed, and queue resolver sync. Resolver sync remains an explicit operator action and reads runtime records from the jumper database.

The local host CA stores private material outside git under var/ca. Initialize it on jumper with:

sudo scripts/ca_manager.sh init
Gitprep Version v2.6.2 build on Mojolicious
DBViewer