From a4c0dfcf1146fa00912039cbfe65d317b255cc29 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Thu, 11 Jun 2026 17:18:10 +0000 Subject: [PATCH] =?UTF-8?q?probe(dstamp):=20blast-radius=20sweep=20?= =?UTF-8?q?=E2=80=94=204=20enrolled=20recipes=20have=20failure=5Faction=3D?= =?UTF-8?q?rollback+start-first;=20keycloak/n8n=20latent=20but=20currently?= =?UTF-8?q?=20PASS;=20assert=5Fupgrade=5Fconverged=20covers=20all=20withou?= =?UTF-8?q?t=20overlay;=20drone=20has=20no=20upgrade=20tier?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- BACKLOG-dstamp.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/BACKLOG-dstamp.md b/BACKLOG-dstamp.md index 4f2f883..b694bef 100644 --- a/BACKLOG-dstamp.md +++ b/BACKLOG-dstamp.md @@ -48,3 +48,26 @@ trigger); `lifecycle.assert_upgrade_converged` closes the wait_healthy blind spo Minor race window in `assert_upgrade_converged` (first poll could see "none" before Docker starts the roll) is covered: with stop-first, a post-race rollback also fails `wait_healthy`. No blocker. Formal verdict awaits Builder's `claim(dstamp)` commit. + +**Blast-radius sweep @2026-06-11T17:4x:** + +All 24 enrolled recipes swept for `failure_action: rollback` + `order: start-first` in `compose.yml`: + +| Recipe | failure_action | order | ccci overlay | upgrade tests | recent upgrade | risk | +|-----------|---------------|-------------|--------------|---------------|----------------|------| +| discourse | rollback | start-first | YES (fixed) | yes | FIXED | fixed | +| drone | rollback | start-first | no | NO tests | n/a | latent, no CI exposure | +| keycloak | rollback | start-first | no | yes | PASS L4 | latent, low (JVM, lighter than Rails) | +| n8n | rollback | start-first | no | yes | PASS L4 | latent, low (Node.js) | +| traefik | rollback | STOP-first | no | no | n/a | SAFE | +| all others | none or absent | — | — | — | — | not at risk | + +`assert_upgrade_converged` (added in 0cc31a5) provides a general harness backstop: if any +recipe's rolling update rolls back or pauses, the upgrade is failed HONESTLY for all recipes +— not just discourse. So keycloak/n8n are already covered by the harness fix even without +overlay changes. + +Recommended overlay addition for keycloak if/when OOM symptoms appear: +`deploy.update_config.order: stop-first` (same pattern as discourse). Not urgent — current +host load shows no rollback symptom for keycloak/n8n and they're lighter apps than discourse. +drone has no upgrade tier in cc-ci; no action needed there.