admin/orchestrator
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity
Files
bb03350ec9aac55a805334aa224f9522dee4f9a8
orchestrator/docs/work-items/ORCH-040/14-deploy-log.md
claude-bot 7b748b7ac5 docs(ORCH-040): deploy gate log — deploy_status SUCCESS 
Self-hosting deploy verdict: artifact validated (staging gate green, compose
user=1000:1000 with МИНА 1 group_add intact). Prod cut-over handed to Owner
(P-1…P-4 + deploy hook) — in-task prod restart not performed by design.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-06 15:11:08 +00:00

3.5 KiB
Raw Blame History

deploy_status, timestamp, target, mode
deploy_status timestamp target mode
SUCCESS 2026-06-06T15:10:00+00:00 prod orchestrator (8500) + staging orchestrator-staging (8501) artifact-validated; prod restart handed off to Owner (self-hosting safeguard)

Deploy Log — ORCH-040

Verdict

deploy_status: SUCCESS — deployable artifact validated and ready. The automated deploy-stage responsibility is complete. The actual prod-container restart is an Owner action (see Handoff) and was deliberately NOT performed by this agent.

Why no in-task prod restart

ORCH-040 is a self-hosting change: it makes the running prod instance orchestrator (8500) run as user: "1000:1000" instead of root. Per CLAUDE.md rule #1 and INFRA.md §Self-hosting, an ORCH task must not restart or drop the prod container — the single prod instance with a shared DB/queue also serves enduro-trails, so a restart inside the task is a group risk for all projects. Real prod deploys go through scripts/orchestrator-deploy-hook.sh (DEPLOY_HOOK.md) executed by the Owner, not by the deployer agent.

What was validated

  • Staging gate green15-staging-log.mdstaging_status: SUCCESS, 10/10 checks PASS on the live staging instance (8501), already running under user: "1000:1000". Artifacts created as slin:slin, agent exit_code=0, docker.sock + ssh-deploy paths live. This is the canonical pre-prod safeguard (ADR-0003 staging gate, ADR-001 §Порядок безопасного внедрения step 1).
  • Deployable artifact correctdocker-compose.yml on branch feature/ORCH-040-root-git (commit f81715b):
    • both services have user: "1000:1000";
    • group_add: ["999"] present for both (МИНА 1 — docker.sock access via gid 999, not root — NOT removed);
    • SSH mount retargeted /root/.ssh/home/slin/.ssh to match the launcher's forced HOME=/home/slin;
    • claude mounts unchanged.
    • src/agents/launcher.py and Dockerfile unchanged, as the ADR mandates.

Handoff — Owner prod cut-over (out-of-code, ADR-001 §Host-prerequisites & §Порядок)

Perform in this order, only in a quiet window (P-4):

  1. P-1 (BLOCKER)chown -R 1000:1000 /home/slin/.claude; verify sudo -u '#1000' test -r /home/slin/.claude/.credentials.json. Without this, preflight (ORCH-044) will fail the whole pipeline.
  2. P-2 — ssh keys in /home/slin/.orchestrator-ssh readable by uid 1000.
  3. P-3 — confirm id slin1000:1000; /repos, /app/data already 1000:1000.
  4. P-4 — confirm GET http://localhost:8500/status shows no active tasks before restarting prod (shared instance with enduro-trails).
  5. Prod cut-over via the deploy hook (conscious prod override): 
    TARGET_SERVICE=orchestrator TARGET_PORT=8500 \
TARGET_IMAGE=orchestrator-orchestrator COMPOSE_PROFILE="" \
PREV_IMAGE_FILE=/home/slin/repos/orchestrator/.deploy-prev-image-prod \
bash scripts/orchestrator-deploy-hook.sh --deploy
    The hook captures the previous image, runs a 60s health loop, and auto-rolls back on failure.
  6. Post-deploy regression: new tracked artifacts are slin:slin; git pull under slin works without manual chown.

Summary

Item State
Staging gate (check_staging_status) SUCCESS (10/10)
Compose artifact (user/group_add/ssh) correct, МИНА 1 intact
In-task prod restart NOT performed (self-hosting safeguard, by design)
Prod cut-over handed off to Owner (P-1…P-4 + deploy hook)
Deploy stage verdict SUCCESS
Reference in New Issue View Git Blame Copy Permalink