cbalders/homelab-ansible-lxc-meridian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a39323db70fa3e5724c305d7219132169fa49ba7
homelab-ansible-lxc-meridian/deploy.sh
T
Your Name 211d26cc63 litellm: re-index models with local_/proxy_/direct_ prefixes + scaffold OpenAI+Gemini 
Backend-prefix taxonomy so the Open WebUI picker is self-documenting and a
model name can't lie about where it routes:
  local_*  -> Anvil/Ollama (free)        e.g. local_qwen2.5-72b
  proxy_*  -> Claude via Meridian/Max     e.g. proxy_claude-sonnet-4-6
  direct_* -> metered OpenAI/Gemini       e.g. direct_gpt-4o, direct_gemini-2.0-flash

Drops the redundant -max suffix (proxy_ already implies Max). api_base is now
emitted only when a model defines it, so direct_* hit the provider default
endpoint instead of Meridian. direct_* are SCAFFOLDED (no live keys): litellm.env
writes a placeholder so the proxy boots; deploy.sh pulls OPENAI_API_KEY/
GEMINI_API_KEY from Infisical /meridian if present (non-fatal). They 401 until
real keys land.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 12:05:55 -04:00

81 lines
3.6 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# ==============================================================================
# deploy.sh — Deploy Meridian LXC
#
# Usage:
# ./deploy.sh # full deploy
# ./deploy.sh --tags meridian # meridian role only
# ./deploy.sh --tags litellm # litellm role only
# ./deploy.sh -v # verbose output
#
# Secrets:
# LITELLM_MASTER_KEY is pulled from Infisical (/meridian/vault_litellm_master_key)
# on the controller and exported into the env for the playbook to read.
# For Semaphore deploys, set LITELLM_MASTER_KEY as an env var on the template.
# ==============================================================================
set -euo pipefail
HOST_IP="$(grep -E '^[0-9]' inventory.ini | head -1 | awk '{print $1}')"
HOST_USER="$(grep -o 'ansible_user=[^ ]*' inventory.ini | head -1 | cut -d= -f2)"
if [[ -z "${LITELLM_MASTER_KEY:-}" ]]; then
echo "==> Pulling LITELLM_MASTER_KEY from Infisical ..."
LITELLM_MASTER_KEY="$(infisical secrets get vault_litellm_master_key \
--projectId 50062d7c-06ff-4d5c-8ca3-6c0cdba9f270 \
--env prod --path /meridian --plain 2>/dev/null)"
if [[ -z "$LITELLM_MASTER_KEY" ]]; then
echo " ERROR: couldn't fetch LITELLM_MASTER_KEY. Is the infisical CLI logged in?" >&2
exit 1
fi
export LITELLM_MASTER_KEY
fi
# Optional provider keys for direct_* models. Non-fatal: if a key isn't in
# Infisical /meridian yet, litellm.env falls back to a placeholder and the
# direct_* model 401s on call (proxy_* + local_* keep working). Drop the secret
# into Infisical /meridian to activate, then re-deploy.
for keyvar in OPENAI_API_KEY GEMINI_API_KEY; do
if [[ -z "${!keyvar:-}" ]]; then
secret_name="vault_$(echo "$keyvar" | tr '[:upper:]' '[:lower:]')"
val="$(infisical secrets get "$secret_name" \
--projectId 50062d7c-06ff-4d5c-8ca3-6c0cdba9f270 \
--env prod --path /meridian --plain 2>/dev/null || true)"
if [[ -n "$val" ]]; then
echo "==> Pulled ${keyvar} from Infisical (direct_* enabled)."
export "$keyvar=$val"
else
echo "==> ${keyvar} not in Infisical /meridian — direct_* for this provider stays scaffolded (401 until set)."
fi
fi
done
echo "==> Checking connectivity to ${HOST_USER}@${HOST_IP} ..."
if ! ssh -o ConnectTimeout=5 -o BatchMode=yes "${HOST_USER}@${HOST_IP}" true 2>/dev/null; then
echo " Cannot SSH to ${HOST_IP} — refreshing host key ..."
ssh-keygen -R "$HOST_IP" 2>/dev/null || true
ssh-keyscan -H "$HOST_IP" >> ~/.ssh/known_hosts 2>/dev/null
fi
echo "==> Installing Ansible collections ..."
ansible-galaxy collection install -r requirements.yml --force 2>/dev/null
echo "==> Running deploy playbook ..."
ansible-playbook -i inventory.ini site.yml "$@"
echo "==> Verifying ..."
ssh "${HOST_USER}@${HOST_IP}" bash -s <<'VERIFY'
echo "Node: $(node --version 2>/dev/null || echo missing)"
echo "Meridian binary: $(which meridian 2>/dev/null || echo missing)"
echo "Services:"
for svc in meridian litellm; do
printf " %-10s enabled=%s active=%s\n" "$svc" "$(systemctl is-enabled $svc 2>/dev/null)" "$(systemctl is-active $svc 2>/dev/null)"
done
echo "Endpoints:"
curl -sf --max-time 3 http://127.0.0.1:3456/v1/messages -X POST -H 'Content-Type: application/json' -d '{}' >/dev/null 2>&1 \
&& echo " meridian :3456 reachable" || echo " meridian :3456 not responding"
curl -sf --max-time 3 http://127.0.0.1:4000/health/liveliness >/dev/null 2>&1 \
&& echo " litellm :4000 healthy" || echo " litellm :4000 not responding"
VERIFY
echo "==> Done."
Reference in New Issue View Git Blame Copy Permalink