foundation/documentation/decisions
Andreas Niemann 2e11fd2448 docs(adr): ADR-007 — control-plane ops via remote.Command (docker-exec over SSH)
Internal service ports (Postgres 5432, Vault 8200, RustFS 9000) are not
published off-host (CONTRACT_003), so the operator's Pulumi process cannot
reach them to run init/role/bucket/admin steps. Adopt @pulumi/command
remote.Command over the existing SSH path, acting through `docker exec`, for
every in-VM control-plane operation in Wave 2: idempotent, readiness-gated,
secrets passed on stdin (never inlined — the provider echoes the command on
error; D2). The vendored fetch()-based VaultInitialization is kept for
Layer-1, not used by the egg; the olsitec-core init→capture→unseal pattern is
reused, only the mechanism adapts to the remote VM.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 21:10:34 +02:00
..
ADR_004_layered_platform_foundation.md chore: scaffold olsitec-foundation mono-repo 2026-06-30 17:10:46 +02:00
ADR_005_repo_topology.md chore: scaffold olsitec-foundation mono-repo 2026-06-30 17:10:46 +02:00
ADR_006_bootstrap_composition_model.md feat(bootstrap): shared docker provider + foundation-net precursor (ADR-006) 2026-06-30 18:18:40 +02:00
ADR_007_control_plane_ops_remote_command.md docs(adr): ADR-007 — control-plane ops via remote.Command (docker-exec over SSH) 2026-06-30 21:10:34 +02:00