Config and Inventory

Most deployment drift is configuration drift.

Use explicit source-of-truth boundaries.

Canonical locations

  • inventory.yml: host identity and topology
  • group_vars/all/*.yml: global non-secret defaults
  • host_vars/<host>.yml: host-specific non-secrets
  • group_vars/env_<env>/vault.yml: secrets only
  • vars/releases/<release_id>.yml: image refs/pins

Required SynckHub host identity

For each SynckHub inventory host define at least:

  • stack_id
  • public_hostname
  • infra_region

Hard rule

Do not define the same key in multiple places.

If a value appears to be ignored, check higher-precedence files first (especially Vault misuse for non-secrets).

Why this matters

Clean config boundaries are what make rollbacks and post-incident reasoning possible.

Previous
Start Here
Next
Deployment