From ceea8f0572b93c5fc0e16ca33356b467a2badd09 Mon Sep 17 00:00:00 2001 From: "A. F. Dudley" Date: Tue, 10 Mar 2026 06:37:45 +0000 Subject: [PATCH] fix: restart playbook preserves SSH agent and clears stale PV claimRefs Two fixes for biscayne-restart.yml: 1. ansible_become_flags: "-E" on the restart task preserves SSH_AUTH_SOCK through sudo so laconic-so can git pull the stack repo. 2. After restart, clear claimRef on any Released PVs. laconic-so restart deletes the namespace (cascading to PVCs) then recreates, but the PVs retain stale claimRefs that prevent new PVCs from binding. Co-Authored-By: Claude Opus 4.6 --- playbooks/biscayne-restart.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/playbooks/biscayne-restart.yml b/playbooks/biscayne-restart.yml index fa6becd6..3bab69e8 100644 --- a/playbooks/biscayne-restart.yml +++ b/playbooks/biscayne-restart.yml @@ -87,9 +87,31 @@ {{ laconic_so }} deployment --dir {{ deployment_dir }} restart + vars: + # -E preserves SSH_AUTH_SOCK through sudo so laconic-so can git pull + ansible_become_flags: "-E" register: restart_result changed_when: true + # laconic-so restart deletes the namespace (dropping PVCs) then recreates. + # PVs survive but enter Released state with stale claimRefs. Clear them + # so the new PVCs can bind. + - name: Clear stale claimRefs on Released PVs + ansible.builtin.shell: + cmd: >- + set -o pipefail && + kubectl get pv -o json | + python3 -c " + import json, subprocess, sys; + pvs = json.load(sys.stdin)['items']; + [subprocess.run(['kubectl', 'patch', 'pv', pv['metadata']['name'], + '--type=json', '-p=[{\"op\":\"remove\",\"path\":\"/spec/claimRef\"}]'], + check=True) for pv in pvs if pv['status'].get('phase') == 'Released'] + " + executable: /bin/bash + changed_when: true + failed_when: false + # ---- verify -------------------------------------------------------------- - name: Wait for pod running ansible.builtin.command: >