> **Disclaimer:** The following text is an AI-generated log and summary of a > session deploying Cozystack on a Talos cluster. All work was done in a > background manner by `claude-code` and `Swamp`, and I only had to approve some > steps here and there and add a hint about the ISO boot order issue. ## What Worked Well with Swamp 1. Extension models are powerful — The @talos/node model with applyConfig, bootstrap, health, patchConfig, reboot methods made the entire Talos lifecycle manageable. Adding patchConfig and retry logic was straightforward. 2. Model methods for step-by-step execution — Running swamp model method run tapok-cp-1 applyConfig --input '{...}' was reliable and gave clear JSON output with success/failure status. 3. libvirt models — unraid-vms and unraid-storage worked well for VM management (start/stop/resize/attach-disk) and storage pool/volume management. 4. Retry logic in talosctl helper — The isTransientError() pattern with configurable retries saved the bootstrap phase (which needed ~20 retries over 5 minutes). ## Issues / Areas for Improvement 1. Workflow idempotency is hard — The full workflow failed repeatedly because: - start fails if VM is already running - poolDefine fails if pool exists - volCreate fails if volume exists - Required allowFailure: true + completed conditions everywhere, making the YAML verbose 2. Workflow can't resume from a specific job — After the first run succeeded through job 5 but failed on job 6, we couldn't skip the completed jobs. Had to create a separate phase2 workflow. 3. ISO boot order issue — The biggest time sink. After Talos installed to disk, the cdrom ISO was still first in boot order. After stop/start, VMs booted the ISO instead of the installed disk, causing all nodes to be unreachable. Fix: detach ISO after first successful boot. 4. virsh setvcpus --maximum missing — Had to add the maximum parameter to the libvirt model mid-session. 5. virsh attach-disk --persistent vs --config — --persistent only works on running VMs, --config for stopped VMs. Had to add the config parameter. 6. Cozystack ConfigMap bundle naming — The docs say paas-full but v1.1.0 uses isp-full, default, etc. Also needed to manually create a Package CR — the operator doesn't auto-create it from the ConfigMap. ## Step-by-Step Deployment Guide 1. WIPE & BOOT - Stop all VMs: virsh destroy tapok-* - Wipe boot disks: qemu-img create -f qcow2 10G - Start VMs (boot from Talos ISO): virsh start tapok-* - Wait for port 50000 (maintenance mode) 2. PROVISION TALOS - Apply controlplane configs (insecure): talosctl apply-config --insecure --file controlplane.yaml - Apply worker configs (insecure): talosctl apply-config --insecure --file worker.yaml - Wait for nodes to install and reboot 3. BOOTSTRAP - Bootstrap etcd on cp-1: talosctl bootstrap - Wait for cluster health: talosctl health --wait-timeout 10m 4. DRBD EXTENSION - Patch all nodes with drbd-patch.yaml: talosctl patch machineconfig --patch-file drbd-patch.yaml - Rolling reboot: reboot one node, wait for health, repeat 5. DETACH ISO (critical!) - Stop all VMs - Detach cdrom: virsh detach-disk sda --config 6. ATTACH LINSTOR STORAGE - Create storage pool: virsh pool-define-as / pool-build / pool-start - Create 100G qcow2 volumes per node - Attach as vdb: virsh attach-disk --config 7. START VMs - Start all VMs (now boot from disk, no ISO) - Wait for cluster health 8. INSTALL COZYSTACK - helm upgrade --install cozystack oci://ghcr.io/cozystack/cozystack/cozy-installer --namespace cozy-system --create-namespace - Apply platform ConfigMap (bundle-name: isp-full) - Create Package CR: kubectl apply -f package.yaml (name must match PackageSource) - Wait for Cilium → cert-manager → dashboard chain 9. ACCESS DASHBOARD - https://dashboard. (after ingress/metallb/cert-manager are ready)