From 779fb8917ca8180627bb5d3782aa25b8e9a3cbeb Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 29 May 2026 09:06:43 +0100 Subject: [PATCH] =?UTF-8?q?status(2):=20link=20plan-lasuite-drive-oidc-rob?= =?UTF-8?q?ustness.md=20into=20Q3.2a=20(Step=200=20logs=20=E2=86=92=20Part?= =?UTF-8?q?=20A=20install-time=20OIDC=20vs=20warm=20keycloak=20[deploy=20o?= =?UTF-8?q?nce,=20no=20reconverge,=20real-abra-only]=20=E2=86=92=20Part=20?= =?UTF-8?q?B=20recipe=20PR;=203x-green=20+=20cold-verified=20before=20Q3.2?= =?UTF-8?q?=20claim)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/BACKLOG-2.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/machine-docs/BACKLOG-2.md b/machine-docs/BACKLOG-2.md index d5c50df..4093cc1 100644 --- a/machine-docs/BACKLOG-2.md +++ b/machine-docs/BACKLOG-2.md @@ -81,11 +81,17 @@ Phase plan: `/srv/cc-ci/cc-ci-plan/plan-phase2-recipe-tests.md` RED). Test assertions are all correct (run 1 proved health+MinIO+OIDC green); the flakiness is in the redeploy infra. **Two open issues block a reliable Q3.2 green:** (a) [Q3.2a] flaky OIDC redeploy — see below; (b) upgrade tier disk-blocker (DEFERRED/operator). See JOURNAL-2 2026-05-29. -- [ ] **Q3.2a** — Make lasuite-drive OIDC wiring reliable. The full 12-service `--chaos` redeploy to - apply OIDC env exposes collabora's flaky reconverge (+ transient backend gunicorn-perms / celery - WOPI-404). Fix direction: wire OIDC at INSTALL time (install_steps, no post-deploy redeploy — the - lasuite-docs model) OR make setup_custom_tests redeploy resilient (retry + wait for collabora WOPI - discovery 200 before ready). Then re-run subset to a reliable green before claiming Q3.2. +- [ ] **Q3.2a** — Make lasuite-drive OIDC wiring reliable. **PLAN:** + `cc-ci-plan/plan-lasuite-drive-oidc-robustness.md` (orchestrator, 2026-05-29). The full + 12-service `--chaos` redeploy to apply OIDC env exposes collabora's flaky reconverge (+ transient + backend gunicorn-perms / WOPI-404). Structured as: **Step 0** capture real failure logs first; + **Part A** (cc-ci harness) — create the per-run realm/client in the live-WARM keycloak + set OIDC + env in `.env` BEFORE a single `abra app deploy` (deploy ONCE, NO mid-run `--chaos` reconverge); + REAL abra commands only (no `docker service update/scale` patching); verify full suite green **3× + in a row**. **Part B** — lasuite-drive RECIPE PR (collabora WOPI healthcheck-gating + backend + retry; gunicorn-perms entrypoint fix; lazy/retrying OIDC discovery); "working" ONLY once cc-ci + runs the full suite (incl. upgrade tier, now disk-unblocked) on the PR repeatedly-green + + Adversary cold-verified → operator merges. Q3.2 claimed + this item closed only after A+B green. - [ ] **Q3.3** — lasuite-meet: parity (health_check, oidc_login, meeting_flow, webrtc-media, webrtc-relay) + specific (create-a-room, two-user LiveKit token issuance, ICE-candidate gathering). - [~] **Q3.4** — cryptpad: parity port (health_check) ✓ + 2 NEW recipe-specific