fix(smoke): bump smoke-VM RAM to 8 GiB + make cores/memory configurable
pollux (192.168.178.165) wedged at the network level during an end-to-end install test today — mkinitcpio on a 4 GiB smoke VM + the cached 1.5 GB ISO + a busy runner container pushed the host into OOM, taking pveproxy and the SSH path down with it. Recovered by physical reset. Smoke VM now defaults to 8192 MiB / 2 vCPU, configurable via PVE_TEST_VM_MEMORY / PVE_TEST_VM_CORES. Host has 64 GiB, so one smoke VM at 8 GiB is well within headroom. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
d567317538
commit
522ea06cd0
2 changed files with 10 additions and 3 deletions
|
|
@ -14,7 +14,7 @@ This project uses calendar versioning: `YY.N-stage` (e.g. `26.0-alpha` = 2026, r
|
||||||
- **Local HTTPS via Caddy `tls internal`** on port 443. Caddy generates a per-box local root CA on first start; the Caddyfile now serves both `:80` and `:443` from the same routes. HTTP stays on by default — no regression for users who haven't trusted the CA yet. New "Local HTTPS" section in `/settings` shows the CA's SHA-256 fingerprint, offers a one-click download of `rootCA.crt`, links to the per-OS install guide at `/https-install/`, and exposes an opt-in "force HTTPS" toggle that only unhides itself once the current browser has already trusted the cert (so enabling it can't lock the user out of the settings page). Backend: `GET /api/furtka/https/status` and `POST /api/furtka/https/force` in `furtka.https`. The force toggle drops a Caddy import snippet into `/etc/caddy/furtka.d/redirect.caddyfile` and reloads Caddy; reload failure automatically rolls the snippet state back so a bad config can't wedge the next service start.
|
- **Local HTTPS via Caddy `tls internal`** on port 443. Caddy generates a per-box local root CA on first start; the Caddyfile now serves both `:80` and `:443` from the same routes. HTTP stays on by default — no regression for users who haven't trusted the CA yet. New "Local HTTPS" section in `/settings` shows the CA's SHA-256 fingerprint, offers a one-click download of `rootCA.crt`, links to the per-OS install guide at `/https-install/`, and exposes an opt-in "force HTTPS" toggle that only unhides itself once the current browser has already trusted the cert (so enabling it can't lock the user out of the settings page). Backend: `GET /api/furtka/https/status` and `POST /api/furtka/https/force` in `furtka.https`. The force toggle drops a Caddy import snippet into `/etc/caddy/furtka.d/redirect.caddyfile` and reloads Caddy; reload failure automatically rolls the snippet state back so a bad config can't wedge the next service start.
|
||||||
- **Impressum + Datenschutzerklärung on furtka.org** (both DE and EN) covering §5 DDG and Art. 13 GDPR. Linked from the site footer on every page; bilingual with DE as the legally binding version.
|
- **Impressum + Datenschutzerklärung on furtka.org** (both DE and EN) covering §5 DDG and Art. 13 GDPR. Linked from the site footer on every page; bilingual with DE as the legally binding version.
|
||||||
- **Auto-deploy of furtka.org on push-to-main.** New `.forgejo/workflows/deploy-site.yml` runs on the self-hosted runner (which *is* forge-runner-01 — the webserver host), so the deploy is just a local rsync + `hugo --minify` into `/var/www/furtka.org/`. No SSH, no secrets. Manual `website/deploy.sh` remains for out-of-band deploys.
|
- **Auto-deploy of furtka.org on push-to-main.** New `.forgejo/workflows/deploy-site.yml` runs on the self-hosted runner (which *is* forge-runner-01 — the webserver host), so the deploy is just a local rsync + `hugo --minify` into `/var/www/furtka.org/`. No SSH, no secrets. Manual `website/deploy.sh` remains for out-of-band deploys.
|
||||||
- **Post-build smoke VM on Proxmox test host 192.168.178.165.** Every `build-iso` run boots the freshly built ISO in a throwaway VM on pollux, then curls `:5000` to confirm the webinstaller is alive. VMs in VMID range 9000–9099 tagged with the commit SHA; last 5 kept for post-mortem debugging. Optional `workflow_dispatch` "Smoke latest ISO" re-tests the cached ISO in ~2 min without rebuilding. Step-level `continue-on-error` means a VM-side flake doesn't mark the ISO build red.
|
- **Post-build smoke VM on Proxmox test host 192.168.178.165.** Every `build-iso` run boots the freshly built ISO in a throwaway VM on pollux (8 GiB RAM / 2 vCPU — the 4 GB default OOM-ed the host during mkinitcpio), then curls `:5000` to confirm the webinstaller is alive. VMs in VMID range 9000–9099 tagged with the commit SHA; last 5 kept for post-mortem debugging. Optional `workflow_dispatch` "Smoke latest ISO" re-tests the cached ISO in ~2 min without rebuilding. Step-level `continue-on-error` means a VM-side flake doesn't mark the ISO build red.
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,11 @@
|
||||||
# PVE_TEST_VMID_MAX default 9099
|
# PVE_TEST_VMID_MAX default 9099
|
||||||
# PVE_TEST_KEEP how many past smoke VMs to retain (default 5)
|
# PVE_TEST_KEEP how many past smoke VMs to retain (default 5)
|
||||||
# PVE_TEST_BOOT_TIMEOUT seconds to wait for :5000 (default 180)
|
# PVE_TEST_BOOT_TIMEOUT seconds to wait for :5000 (default 180)
|
||||||
|
# PVE_TEST_VM_MEMORY MiB of RAM for the smoke VM (default 8192). Bumped
|
||||||
|
# from 4096 on 2026-04-18 — mkinitcpio on 4 GB VMs
|
||||||
|
# OOM-ed the pollux host mid-install, pulling pveproxy
|
||||||
|
# + the runner connection down with it.
|
||||||
|
# PVE_TEST_VM_CORES vCPU count for the smoke VM (default 2)
|
||||||
# SMOKE_SHA commit SHA used in name/tag/MAC; defaults to git HEAD
|
# SMOKE_SHA commit SHA used in name/tag/MAC; defaults to git HEAD
|
||||||
#
|
#
|
||||||
# Exits 0 iff the ISO booted and :5000 returned 200. Prunes old VMs + ISOs
|
# Exits 0 iff the ISO booted and :5000 returned 200. Prunes old VMs + ISOs
|
||||||
|
|
@ -37,6 +42,8 @@ VMID_MIN="${PVE_TEST_VMID_MIN:-9000}"
|
||||||
VMID_MAX="${PVE_TEST_VMID_MAX:-9099}"
|
VMID_MAX="${PVE_TEST_VMID_MAX:-9099}"
|
||||||
KEEP="${PVE_TEST_KEEP:-5}"
|
KEEP="${PVE_TEST_KEEP:-5}"
|
||||||
BOOT_TIMEOUT="${PVE_TEST_BOOT_TIMEOUT:-180}"
|
BOOT_TIMEOUT="${PVE_TEST_BOOT_TIMEOUT:-180}"
|
||||||
|
VM_MEMORY="${PVE_TEST_VM_MEMORY:-8192}"
|
||||||
|
VM_CORES="${PVE_TEST_VM_CORES:-2}"
|
||||||
SHA="${SMOKE_SHA:-$(git rev-parse HEAD 2>/dev/null || echo unknownunknown)}"
|
SHA="${SMOKE_SHA:-$(git rev-parse HEAD 2>/dev/null || echo unknownunknown)}"
|
||||||
SHORT_SHA="${SHA:0:12}"
|
SHORT_SHA="${SHA:0:12}"
|
||||||
|
|
||||||
|
|
@ -110,8 +117,8 @@ api --request POST "$API/nodes/$NODE/qemu" \
|
||||||
--data-urlencode "vmid=$VMID" \
|
--data-urlencode "vmid=$VMID" \
|
||||||
--data-urlencode "name=furtka-smoke-${SHORT_SHA}" \
|
--data-urlencode "name=furtka-smoke-${SHORT_SHA}" \
|
||||||
--data-urlencode "tags=furtka;smoke;sha-${SHORT_SHA}" \
|
--data-urlencode "tags=furtka;smoke;sha-${SHORT_SHA}" \
|
||||||
--data-urlencode "cores=2" \
|
--data-urlencode "cores=${VM_CORES}" \
|
||||||
--data-urlencode "memory=4096" \
|
--data-urlencode "memory=${VM_MEMORY}" \
|
||||||
--data-urlencode "bios=ovmf" \
|
--data-urlencode "bios=ovmf" \
|
||||||
--data-urlencode "machine=q35" \
|
--data-urlencode "machine=q35" \
|
||||||
--data-urlencode "ostype=l26" \
|
--data-urlencode "ostype=l26" \
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue