1c/E2E-TESTME: Builder owns the tailnet swap end-to-end (no signal); record swap steps + execution watch-outs
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@ -324,3 +324,22 @@ localhost); E4 real assertions pass / build success; E5 clean undeploy; E6 repor
|
||||
updated. Evidence→JOURNAL-1c, verdict→STATUS/REVIEW-1c as E2E-TESTME PASS. On fail: clean-room finding
|
||||
→ fix in GIT SOURCE (base/cc-ci-secrets), not the live VM → re-run. Bound: one recipe, one green run.
|
||||
Not started — awaiting orchestrator signal; rebuilt VM stack kept up.
|
||||
|
||||
## 2026-05-27 — E2E-TESTME: Builder now owns the tailnet swap (no orchestrator signal)
|
||||
|
||||
Spec §1 updated (re-read): the Builder performs the swap end-to-end after C4/C5 PASS + rebuilt stack
|
||||
up — NO orchestrator signal. Two reversible `tailscale set --hostname` (ORDER MATTERS):
|
||||
(1) `ssh cc-ci 'tailscale set --hostname=cc-nix-test-orig'` (original aside, KEEP running for swap-back;
|
||||
ssh cc-ci pinned to 100.90.116.4 still hits original); (2) rebuilt throwaway → cc-nix-test (re-derive
|
||||
its current online IP from `tailscale --socket=$HOME/.cc-ci-ts/tailscaled.sock status | grep -i
|
||||
throwaway`). Then cc-nix-test.taila4a0bf.ts.net → rebuilt VM tailnet-wide; gateway auto-follows ~10s.
|
||||
Verify P1+P2 (status shows cc-nix-test→throwaway IP; `curl https://ci.commoninternet.net/` 200
|
||||
ssl_verify=0) → run E2E-TESTME (E1-E6) → swap-back (rebuilt→old name, `ssh cc-ci 'tailscale set
|
||||
--hostname=cc-nix-test'`). Orchestrator just monitors / safety-net.
|
||||
|
||||
**Two execution watch-outs I'll handle at run time** (reasoned, not yet done): (a) the original
|
||||
(cc-nix-test-orig) keeps its bridge polling Gitea with the same token → would duplicate builds/PR
|
||||
comments; pause it during the e2e (`docker service scale ccci-bridge_app=0` on the original, restore
|
||||
after). (b) the rebuilt VM's Drone needs the one-time OAuth bootstrap (install.md §2,
|
||||
scripts/bootstrap-drone-oauth.sh) before it can clone/build — a documented post-step, run it on the
|
||||
rebuilt VM as part of e2e setup. Still gated on C4/C5 PASS (W5) — not started.
|
||||
|
||||
26
STATUS-1c.md
26
STATUS-1c.md
@ -74,13 +74,25 @@ plan's "destroy the throwaway" for that one VM. (Adversary: please do not destro
|
||||
This also settles C6 final sizing = **promote the rebuilt VM**. All other cleanup is normal (Builder's
|
||||
first throwaway already destroyed). See DECISIONS.md Phase-1c.
|
||||
|
||||
### Pending functional-acceptance e2e — E2E-TESTME (operator-gated; do NOT start early)
|
||||
**Authority: `/srv/cc-ci/cc-ci-plan/test-e2e-testme-acceptance.md`** (supersedes any inline wording).
|
||||
MY test to execute; Adversary independently verifies. Gated: runs only after **C4/C5 PASS** AND the
|
||||
orchestrator (P1) renames the rebuilt throwaway → `cc-nix-test` + (P2) confirms the public gateway
|
||||
routes to it + (P3) **SIGNALS** me. Until the signal: keep the rebuilt VM's full stack
|
||||
(traefik+bridge+drone+dashboard) up; do NOT start.
|
||||
Self-check once signalled: `curl https://ci.commoninternet.net/` → `200 ssl_verify=0`.
|
||||
### Pending functional-acceptance e2e — E2E-TESTME (BUILDER owns swap+test; gated on C4/C5 PASS)
|
||||
**Authority: `/srv/cc-ci/cc-ci-plan/test-e2e-testme-acceptance.md`** (supersedes inline wording).
|
||||
MY test to execute end-to-end (incl. the tailnet swap — **no orchestrator signal**); Adversary
|
||||
independently verifies. Gated ONLY on **C4/C5 PASS** + rebuilt VM's full stack up. Sequence:
|
||||
1. **Swap (Builder, 2 reversible `tailscale set --hostname`, ORDER MATTERS):**
|
||||
(a) `ssh cc-ci 'tailscale set --hostname=cc-nix-test-orig'` — original aside, **keep running** (swap-back);
|
||||
`ssh cc-ci` (pinned IP 100.90.116.4) keeps hitting the ORIGINAL.
|
||||
(b) rebuilt throwaway → `cc-nix-test`: re-derive its current online IP
|
||||
(`tailscale --socket=$HOME/.cc-ci-ts/tailscaled.sock status | grep -i throwaway`), then
|
||||
`ssh -i …/vm_ssh_key -o ProxyCommand='nc -X 5 -x 127.0.0.1:1055 %h %p' root@<ip> 'tailscale set --hostname=cc-nix-test'`.
|
||||
After swap, `cc-nix-test.taila4a0bf.ts.net` → rebuilt VM tailnet-wide (gateway auto-follows ~10s);
|
||||
target !testme/deploys by MagicDNS name, NOT raw IP (raw IP = original).
|
||||
2. **Verify P1+P2:** `tailscale … status | grep cc-nix-test` → throwaway IP; `curl https://ci.commoninternet.net/` → `200 ssl_verify=0`.
|
||||
3. **Run E2E-TESTME** (spec §2; E1–E6 below). **4. Swap-back when done** (reversible): rebuilt VM →
|
||||
its old name, then `ssh cc-ci 'tailscale set --hostname=cc-nix-test'` (restores original; gateway re-follows).
|
||||
Watch-out (handle at execution): the ORIGINAL (cc-nix-test-orig) stays up with its bridge polling
|
||||
Gitea — to avoid duplicate builds/PR-comments, pause its bridge during the e2e (`docker service
|
||||
scale ccci-bridge_app=0` on the original, restore after); and the rebuilt VM's Drone needs the
|
||||
one-time OAuth bootstrap (install.md §2) before it can clone/build.
|
||||
Then: `!testme` as the bot on one fast enrolled recipe (e.g. `custom-html`) and verify the real path.
|
||||
Pass criteria (all): **E1** self-check 200/valid cert on rebuilt VM; **E2** new Drone build via the
|
||||
bridge (run# > baseline, not a manual trigger); **E3** app answers an **EXTERNAL** request at
|
||||
|
||||
Reference in New Issue
Block a user