1c/E2E-TESTME: Builder owns the tailnet swap end-to-end (no signal); record swap steps + execution watch-outs
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
26
STATUS-1c.md
26
STATUS-1c.md
@ -74,13 +74,25 @@ plan's "destroy the throwaway" for that one VM. (Adversary: please do not destro
|
||||
This also settles C6 final sizing = **promote the rebuilt VM**. All other cleanup is normal (Builder's
|
||||
first throwaway already destroyed). See DECISIONS.md Phase-1c.
|
||||
|
||||
### Pending functional-acceptance e2e — E2E-TESTME (operator-gated; do NOT start early)
|
||||
**Authority: `/srv/cc-ci/cc-ci-plan/test-e2e-testme-acceptance.md`** (supersedes any inline wording).
|
||||
MY test to execute; Adversary independently verifies. Gated: runs only after **C4/C5 PASS** AND the
|
||||
orchestrator (P1) renames the rebuilt throwaway → `cc-nix-test` + (P2) confirms the public gateway
|
||||
routes to it + (P3) **SIGNALS** me. Until the signal: keep the rebuilt VM's full stack
|
||||
(traefik+bridge+drone+dashboard) up; do NOT start.
|
||||
Self-check once signalled: `curl https://ci.commoninternet.net/` → `200 ssl_verify=0`.
|
||||
### Pending functional-acceptance e2e — E2E-TESTME (BUILDER owns swap+test; gated on C4/C5 PASS)
|
||||
**Authority: `/srv/cc-ci/cc-ci-plan/test-e2e-testme-acceptance.md`** (supersedes inline wording).
|
||||
MY test to execute end-to-end (incl. the tailnet swap — **no orchestrator signal**); Adversary
|
||||
independently verifies. Gated ONLY on **C4/C5 PASS** + rebuilt VM's full stack up. Sequence:
|
||||
1. **Swap (Builder, 2 reversible `tailscale set --hostname`, ORDER MATTERS):**
|
||||
(a) `ssh cc-ci 'tailscale set --hostname=cc-nix-test-orig'` — original aside, **keep running** (swap-back);
|
||||
`ssh cc-ci` (pinned IP 100.90.116.4) keeps hitting the ORIGINAL.
|
||||
(b) rebuilt throwaway → `cc-nix-test`: re-derive its current online IP
|
||||
(`tailscale --socket=$HOME/.cc-ci-ts/tailscaled.sock status | grep -i throwaway`), then
|
||||
`ssh -i …/vm_ssh_key -o ProxyCommand='nc -X 5 -x 127.0.0.1:1055 %h %p' root@<ip> 'tailscale set --hostname=cc-nix-test'`.
|
||||
After swap, `cc-nix-test.taila4a0bf.ts.net` → rebuilt VM tailnet-wide (gateway auto-follows ~10s);
|
||||
target !testme/deploys by MagicDNS name, NOT raw IP (raw IP = original).
|
||||
2. **Verify P1+P2:** `tailscale … status | grep cc-nix-test` → throwaway IP; `curl https://ci.commoninternet.net/` → `200 ssl_verify=0`.
|
||||
3. **Run E2E-TESTME** (spec §2; E1–E6 below). **4. Swap-back when done** (reversible): rebuilt VM →
|
||||
its old name, then `ssh cc-ci 'tailscale set --hostname=cc-nix-test'` (restores original; gateway re-follows).
|
||||
Watch-out (handle at execution): the ORIGINAL (cc-nix-test-orig) stays up with its bridge polling
|
||||
Gitea — to avoid duplicate builds/PR-comments, pause its bridge during the e2e (`docker service
|
||||
scale ccci-bridge_app=0` on the original, restore after); and the rebuilt VM's Drone needs the
|
||||
one-time OAuth bootstrap (install.md §2) before it can clone/build.
|
||||
Then: `!testme` as the bot on one fast enrolled recipe (e.g. `custom-html`) and verify the real path.
|
||||
Pass criteria (all): **E1** self-check 200/valid cert on rebuilt VM; **E2** new Drone build via the
|
||||
bridge (run# > baseline, not a manual trigger); **E3** app answers an **EXTERNAL** request at
|
||||
|
||||
Reference in New Issue
Block a user