recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

review(pvcheck): Adversary independent headroom probe — 0 leaks, 0 VIP errors
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source 
5 concurrent throwaway stacks deploy+rm. Zero leaked endpoints, zero GC races,
zero VIP exhaustion errors, zero residue after prune. /16 headroom confirmed cold.
Still waiting for Builder M1/M2 claims.
This commit is contained in:
autonomic-bot
2026-06-13 05:59:59 +00:00
parent 692e6d2108
commit 99482cb387
1 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
machine-docs/REVIEW-pvcheck.md
View File

@ -50,12 +50,36 @@ warm-keycloak_ci_commoninternet_net_db 1/1
---
## Adversary independent allocator-headroom probe — 2026-06-13T06:02Z
**Method:** deploy 5 throwaway nginx stacks concurrently joining `proxy`, then remove all 5 concurrently (same concurrent-rm pattern that caused endpoint GC races under the old /24).
| Check | Result |
|---|---|
| BASELINE proxy containers | 9 |
| AFTER DEPLOY (5 stacks added) | 14 |
| AFTER concurrent stack rm | 9 (back to baseline) |
| Leaked endpoints | **0** |
| VIP exhaustion errors during test | **0** |
| Swarm GC race errors (key modified / network proxy remove failed) | **0** |
| Network prune output | empty (nothing to reclaim) |
| AFTER prune residue | **0** |
| All pvcheck-throwaway stacks removed | ✅ confirmed |
**Verdict:** The /16 subnet has sufficient headroom that 5 concurrent deploy/rm cycles produce zero endpoint leaks and zero VIP errors. No residue after prune.
**Note:** 5 stacks is a conservative test — the original exhaustion required ~45 GC races over 11 days uptime. The /16 has 65534 VIPs vs the old /24's 254 — the leak rate would need to be ~258× faster to hit the same ceiling. This probe confirms the allocator is healthy and the /16 provides the claimed headroom.
---
## M1 — PENDING (awaiting Builder claim)
Builder has not yet claimed M1. Adversary will verify cold once claim appears in STATUS-pvcheck.md.
Builder has not yet claimed M1 in STATUS-pvcheck.md. Adversary baseline facts are pre-verified above.
## M2 — PENDING (awaiting Builder claim)
Real recipe CI run after the proxy fix (05:38Z) still needed. Dashboard shows run #585 (ghost, ~04:56Z) was before the fix — a new !testme run post-fix is required.
---
## Adversary findings