From b4e86a7c362da54b061c2dc21378cdfcdfb1835e Mon Sep 17 00:00:00 2001
From: Steve Brasier <33413598+sjpb@users.noreply.github.com>
Date: Wed, 9 Jul 2025 12:05:14 +0100
Subject: [PATCH 1/2] Update production.md docs

---
 docs/production.md | 25 +++++++++----------------
 1 file changed, 9 insertions(+), 16 deletions(-)

diff --git a/docs/production.md b/docs/production.md
index cf36779cb..c3601088b 100644
--- a/docs/production.md
+++ b/docs/production.md
@@ -57,12 +57,13 @@ and referenced from the `site` and `production` environments, e.g.:
     ```
 
     Note that:
-        - Environment-specific variables (`cluster_name`) should be hardcoded
-          into the cluster module block.
-        - Environment-independent variables (e.g. maybe `cluster_net` if the
-          same is used for staging and production) should be set as *defaults*
-          in `environments/site/tofu/variables.tf`, and then don't need to
-          be passed in to the module.
+    
+    - Environment-specific variables (`cluster_name`) should be hardcoded
+      into the cluster module block.
+    - Environment-independent variables (e.g. maybe `cluster_net` if the
+      same is used for staging and production) should be set as *defaults*
+      in `environments/site/tofu/variables.tf`, and then don't need to
+      be passed in to the module.
 
 - Vault-encrypt secrets. Running the `generate-passwords.yml` playbook creates
   a secrets file at `environments/$ENV/inventory/group_vars/all/secrets.yml`.
@@ -120,22 +121,14 @@ and referenced from the `site` and `production` environments, e.g.:
   set the "attach" options and run `tofu apply` again - this should show there
   are no changes planned.
 
-- Enable `etc_hosts` templating:
-
-    ```yaml
-    # environments/site/inventory/groups:
-    [etc_hosts:children]
-    cluster
-    ```
-
 - Configure Open OnDemand - see [specific documentation](openondemand.md).
 
 - Remove the `demo_user` user from `environments/$ENV/inventory/group_vars/all/basic_users.yml`
 
 - Consider whether having (read-only) access to Grafana without login is OK. If not, remove `grafana_auth_anonymous` in `environments/$ENV/inventory/group_vars/all/grafana.yml`
 
-- If floating IPs are required for login nodes, modify the OpenTofu configurations
-  appropriately.
+- If floating IPs are required for login nodes, create these in OpenStack and add the IPs into
+  the OpenTofu `login` definition.
 
 - Consider whether mapping of baremetal nodes to ironic nodes is required. See
   [PR 485](https://github.com/stackhpc/ansible-slurm-appliance/pull/485).

From d5405e0dcafc6b94e20928106a19e39a2da02808 Mon Sep 17 00:00:00 2001
From: Steve Brasier <33413598+sjpb@users.noreply.github.com>
Date: Wed, 9 Jul 2025 12:29:33 +0100
Subject: [PATCH 2/2] Fix tofu module instructions

---
 docs/production.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/production.md b/docs/production.md
index c3601088b..78162d92c 100644
--- a/docs/production.md
+++ b/docs/production.md
@@ -48,8 +48,14 @@ and referenced from the `site` and `production` environments, e.g.:
 
     ```
     ...
+    variable "environment_root" {
+      type = string
+      description = "Path to environment root, automatically set by activate script"
+    }
+
     module "cluster" {
         source = "../../site/tofu/"
+        environment_root = var.environment_root
 
         cluster_name = "foo"
         ...