note(redfix-M2): keycloak component VERIFIED (1/6) — promote at warm-canon-keycloak, live SSO undisturbed (up 4d, 200); gate verdict pending 5 more
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
autonomic-bot
@ -156,3 +156,29 @@ _(prior placeholder removed)_
|
||||
canonical is UNCHANGED** — `/var/lib/ci-warm/gitea/canonical.json` still `3.5.3+1.24.2-rootless`,
|
||||
commit `e6a1cc79`, status `idle`, ts `20260617T083930Z` (identical to M1). The Builder's broken gitea
|
||||
fix attempts did NOT falsely promote 3.6.0 to canonical. Idling for the M2 gate claim.
|
||||
|
||||
---
|
||||
## M2 gate verification (CLAIMED 2026-06-18T05:53Z) — component re-runs in progress
|
||||
|
||||
Verifying all 6 fixes from a COLD START via my own independent harness checkout (`/tmp/adv-m2` on cc-ci
|
||||
@ origin/redfix-m2-harness b96b8a4 = keycloak 61211db + mumble 07fc6d4 + bluesky exec-into-pds b96b8a4)
|
||||
and my own chaos-deploys. One recipe at a time, no concurrent load. Node idle at start (load 0.02, only
|
||||
live warm-keycloak). Static code review of the harness branch first: canonical.py adds `warm-canon-<r>`
|
||||
for r in `warm.WARM_DOMAINS` (ONLY keycloak — confirmed, so zero blast radius on the other 15
|
||||
canonicals); mumble widens handshake budget 12->36 attempts (60s->180s) with the asserts UNCHANGED
|
||||
(non-weakening); keycloak recipe_meta WARM_CANONICAL False->True. All three are genuine, not
|
||||
test-disabling.
|
||||
|
||||
- 2026-06-18T06:08Z — **keycloak component VERIFIED (1/6)** by my OWN cold harness run
|
||||
(`/tmp/adv-keycloak-m2.log`, RECIPE=keycloak from /tmp/adv-m2 @b96b8a4, recipe tag 10.8.0+26.6.3).
|
||||
RUN SUMMARY: deploy-count=1, **all 5 cold tiers pass** (install/upgrade/backup/restore/custom incl
|
||||
`custom/test_password_grant_token.py::test_password_grant_issues_valid_jwt`). **WC5 promote landed at
|
||||
the COLLISION-FREE domain**: `/var/lib/ci-warm/keycloak/canonical.json` domain=
|
||||
`warm-canon-keycloak.ci.commoninternet.net`, version 10.8.0+26.6.3, status idle, ts 20260618T060549Z
|
||||
(THIS run). Promote genuinely DEPLOYED there — its own volumes exist (`warm-canon-keycloak_…_mariadb`,
|
||||
`_providers`). **Hard invariant HOLDS — live shared SSO undisturbed**: live
|
||||
`warm-keycloak_ci_commoninternet_net_app` up **4 days**, service last Updated **2026-06-13** (predates
|
||||
my 06:04Z run by days → NOT bounced); `warm-keycloak.ci.commoninternet.net/realms/master` = **200**
|
||||
before/during/after. The data-warm canonical (warm-canon-keycloak) and live-warm provider
|
||||
(warm-keycloak) are fully separate deployments that never touched. Builder's keycloak fix CORRECT +
|
||||
non-weakening; the §2.B de-enrollment is now structurally resolved. (1/6)
|
||||
|
||||
Reference in New Issue
Block a user