From 7997b989358f6d42b57d3699a81c5beaa85fc297 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 29 May 2026 07:47:42 +0100 Subject: [PATCH] =?UTF-8?q?journal(2):=20scouted=20mumble=20(Q4.2)=20?= =?UTF-8?q?=E2=80=94=20first=20non-HTTP=20recipe;=20design=20=3D=20python?= =?UTF-8?q?=20sidecar=20probe=20on=20app=20overlay=20network=20for=20the?= =?UTF-8?q?=20TLS=20protocol=20test;=20enrollment=20plan=20recorded=20for?= =?UTF-8?q?=20next=20tick?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/JOURNAL-2.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/machine-docs/JOURNAL-2.md b/machine-docs/JOURNAL-2.md index 8907d94..c268a70 100644 --- a/machine-docs/JOURNAL-2.md +++ b/machine-docs/JOURNAL-2.md @@ -714,3 +714,34 @@ bug fixed, two open issues (disk-blocker on upgrade tier [DEFERRED/operator]; fl [BACKLOG, needs robustness work]). **Pivoting to lighter recipes for broad Phase-2 progress**; lasuite-drive's OIDC robustness + upgrade-disk return later. Host left clean (all stacks torn down, disk 65%, infra healthy). + +--- + +## 2026-05-29 — Next unit scouted: mumble (Q4.2) — design for the first NON-HTTP recipe + +Pivoted off heavy lasuite-drive to a lighter recipe. mumble: recipe.toml has NO deps, single light +service (mumblevoip/mumble-server:v1.6.870-0) → fast deploys, low disk (avoids the lasuite-drive +heaviness/flakiness). BUT it's the first non-HTTP recipe: raw Mumble protocol over TLS on TCP 64738 +(+ UDP). Reference corpus `/srv/recipe-maintainer/recipe-info/mumble/tests/`: health_check.py (TCP +connect to 64738), mumble_connect.py (pure-stdlib TLS handshake: Version + auth-accepted + +ChannelState + ServerSync + welcome text — portable as-is), web_client.py (HTTPS web UI, needs +`compose.mumbleweb.yml` overlay). + +**Reachability decision (the crux):** cc-ci's traefik is HTTP(S)-only; the recipe declares traefik +TCP/UDP router labels but cc-ci has no :64738 TCP entrypoint, and host→overlay-container-IP isn't +reliably routable. **Chosen approach: run the protocol probe from a throwaway `python:3-slim` +sidecar container attached to the app's overlay network**, connecting to the murmur service by its +swarm DNS name (`app`) on 64738. No traefik change, no host-port publish, no compose-overlay +selection needed — the harness already knows the stack/network name. This becomes a small reusable +harness primitive (`run probe container on app network`) for any future non-HTTP recipe. Record in +DECISIONS.md when implemented. + +**Enrollment plan (next tick):** mirror-check mumble on recipe-maintainers (auto-mirror if absent per +plan §0b); `tests/mumble/recipe_meta.py` (no DEPS; HEALTH via the sidecar TCP probe, not HTTP — +needs a recipe_meta hook or a custom install overlay since the generic HTTP health check won't apply; +likely set CCCI_SKIP_GENERIC or provide a TCP-aware install overlay); port health_check + +mumble_connect as functional tests using the sidecar primitive; ≥2 specifics (protocol handshake + +channel-list presence beyond TCP health); PARITY.md; e2e (light/fast). web_client.py deferred unless +the mumbleweb overlay is enabled. Open question to resolve in code: how the generic install tier +(HTTP health) behaves for a non-HTTP recipe — may need a per-recipe "health kind = tcp" in +recipe_meta consumed by the generic harness.