centra/photoncloud-monorepo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(por): Mark T039 Production Deployment complete

Browse source 
S6 P0 Integration Tests ALL PASS (4/4):
- Service Health: 33/33 active across 3 nodes
- IAM Auth: user create → token issue → verify
- ChainFire Replication: cross-node write/read
- Node Failure: leader failover + rejoin with data sync

Production deployment validated on QEMU+VDE VM cluster.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
centra 2025-12-19 17:23:05 +09:00
parent 4b0100b825
commit 752845aabe
1 changed files with 83 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

131
docs/por/T039-production-deployment/task.yaml
View file

@ -1,7 +1,8 @@
id: T039 id: T039
name: Production Deployment (Bare-Metal) name: Production Deployment (Bare-Metal)
goal: Deploy the full PlasmaCloud stack to target bare-metal environment using T032 provisioning tools and T036 learnings. goal: Deploy the full PlasmaCloud stack to target bare-metal environment using T032 provisioning tools and T036 learnings.
status: active status: complete
completed: 2025-12-19 17:21 JST
priority: P1 priority: P1
owner: peerA owner: peerA
depends_on: [T032, T036, T038] depends_on: [T032, T036, T038]
@ -86,8 +87,9 @@ steps:
- step: S3 - step: S3
name: NixOS Provisioning name: NixOS Provisioning
done: All nodes provisioned with base NixOS via nixos-anywhere done: All nodes provisioned with base NixOS via nixos-anywhere
status: in_progress status: complete
started: 2025-12-12 06:57 JST started: 2025-12-12 06:57 JST
completed: 2025-12-19 01:45 JST
owner: peerB owner: peerB
priority: P0 priority: P0
acceptance_gate: | acceptance_gate: |
@ -102,35 +104,23 @@ steps:
ssh -p $port root@localhost 'nixos-version && ls /etc/nixos/secrets/cluster-config.json && ip addr show eth0 | grep 192.168.100' ssh -p $port root@localhost 'nixos-version && ls /etc/nixos/secrets/cluster-config.json && ip addr show eth0 | grep 192.168.100'
done done
notes: | notes: |
**Current State (2025-12-18):** **Final State (2025-12-19):**
- VMs running from ISO installer (boot d), NOT from disk - All 3 VMs booting from disk with LVM (pool/root, pool/data)
- NixOS configs have asymmetry (node01 has nightlight, node02/03 missing) - SSH accessible: node01:2201, node02:2202, node03:2203
- Secrets handling required via --extra-files - NixOS 26.05 installed with systemd stage 1 initrd
- Static IPs configured: 192.168.100.11/12/13 on eth0
**Option A: nixos-anywhere (fresh install)** **Key Fixes Applied:**
```bash - Added virtio/LVM kernel modules to node02/node03 initrd config
# Prepare secrets staging - Fixed LVM thin provisioning boot support
mkdir -p /tmp/node01-extra/etc/nixos/secrets - Re-provisioned node02/node03 via nixos-anywhere after config fixes
cp docs/por/T036-vm-cluster-deployment/node01/secrets/* /tmp/node01-extra/etc/nixos/secrets/
# Deploy
nix run nixpkgs#nixos-anywhere -- --flake .#node01 --extra-files /tmp/node01-extra root@localhost -p 2201
```
**Option B: Reboot from disk (if already installed)**
1. Kill current QEMU processes
2. Use launch-node0{1,2,3}-disk.sh scripts
3. These boot with UEFI from disk (-boot c)
Node configurations from T036:
- docs/por/T036-vm-cluster-deployment/node01/
- docs/por/T036-vm-cluster-deployment/node02/
- docs/por/T036-vm-cluster-deployment/node03/
- step: S4 - step: S4
name: Service Deployment name: Service Deployment
done: All 11 PlasmaCloud services deployed and running done: All 11 PlasmaCloud services deployed and running
status: pending status: complete
started: 2025-12-19 01:45 JST
completed: 2025-12-19 03:55 JST
owner: peerB owner: peerB
priority: P0 priority: P0
acceptance_gate: | acceptance_gate: |
@ -144,7 +134,7 @@ steps:
done done
# Expected: 11 on each node (33 total) # Expected: 11 on each node (33 total)
notes: | notes: |
**Services (11 total, per node):** **Services (11 PlasmaCloud + 4 Observability per node):**
- chainfire-server (2379) - chainfire-server (2379)
- flaredb-server (2479) - flaredb-server (2479)
- iam-server (3000) - iam-server (3000)
@ -156,14 +146,23 @@ steps:
- k8shost-server (6443) - k8shost-server (6443)
- nightlight-server (9101) - nightlight-server (9101)
- creditservice-server (3010) - creditservice-server (3010)
- grafana (3003)
- prometheus (9090)
- loki (3100)
- promtail
Service deployment is part of NixOS configuration in S3. **Completion Notes (2025-12-19):**
This step verifies all services started successfully. - Fixed creditservice axum router syntax (`:param` → `{param}`)
- Fixed chainfire data directory permissions (RocksDB LOCK file)
- All 15 services verified active on all 3 nodes
- Verification: `systemctl is-active` returns "active" for all services
- step: S5 - step: S5
name: Cluster Formation name: Cluster Formation
done: Raft clusters operational (ChainFire + FlareDB) done: Raft clusters operational (ChainFire + FlareDB)
status: pending status: complete
started: 2025-12-19 04:00 JST
completed: 2025-12-19 17:07 JST
owner: peerB owner: peerB
priority: P0 priority: P0
acceptance_gate: | acceptance_gate: |
@ -174,36 +173,46 @@ steps:
4. Write/read test passes across nodes (data replication verified) 4. Write/read test passes across nodes (data replication verified)
verification_cmd: | verification_cmd: |
# ChainFire cluster check # ChainFire cluster check
grpcurl -plaintext localhost:2379 chainfire.ClusterService/GetStatus curl http://localhost:8081/api/v1/cluster/status
# FlareDB cluster check # FlareDB stores check
grpcurl -plaintext localhost:2479 flaredb.AdminService/GetClusterStatus curl http://localhost:8081/api/v1/kv | jq '.data.items | map(select(.key | startswith("/flaredb")))'
# IAM health check # IAM health check
for port in 2201 2202 2203; do for port in 2201 2202 2203; do
ssh -p $port root@localhost 'curl -s http://localhost:3000/health || echo FAIL' ssh -p $port root@localhost 'curl -s http://localhost:3000/health || echo FAIL'
done done
notes: | notes: |
**Verify cluster formation:** **COMPLETED (2025-12-19 17:07 JST)**
1. **ChainFire:** **ChainFire 3-Node Raft Cluster: OPERATIONAL**
- 3 nodes joined - Node01: Leader (term 36)
- Leader elected - Node02: Follower
- Health check passing - Node03: Follower
- KV wildcard routes working (commit 2af4a8e)
2. **FlareDB:** **FlareDB 3-Node Region: OPERATIONAL**
- 3 nodes joined - Region 1: peers=[1,2,3]
- Quorum formed - All 3 stores registered with heartbeats
- Read/write operations working - Updated via ChainFire KV PUT
3. **IAM:** **Fixes Applied:**
- All nodes responding 1. ChainFire wildcard route (2af4a8e)
- Authentication working - `*key` pattern replaces conflicting `:key`
- Handles keys with slashes (namespaced keys)
2. FlareDB region multi-peer
- Updated /flaredb/regions/1 via ChainFire KV API
- Changed peers from [1] to [1,2,3]
**Dependencies:** first-boot-automation uses cluster-config.json for bootstrap/join logic **Configuration:**
- ChainFire: /var/lib/chainfire/chainfire.toml with initial_members
- FlareDB: --store-id N --pd-addr <leader>:2379 --peer X=IP:2479
- Systemd overrides in /run/systemd/system/*.service.d/
- step: S6 - step: S6
name: Integration Testing name: Integration Testing
done: T029/T035 integration tests passing on live cluster done: T029/T035 integration tests passing on live cluster
status: pending status: complete
started: 2025-12-19 17:15 JST
completed: 2025-12-19 17:21 JST
owner: peerA owner: peerA
priority: P0 priority: P0
acceptance_gate: | acceptance_gate: |
@ -220,7 +229,10 @@ steps:
P1 (should pass): #4, #5, #6 P1 (should pass): #4, #5, #6
P2 (nice to have): FiberLB, PrismNET, CreditService P2 (nice to have): FiberLB, PrismNET, CreditService
notes: | notes: |
**Test Plan**: docs/por/T039-production-deployment/S6-integration-test-plan.md **Test Scripts**: .cccc/work/foreman/20251218-T039-S3/tests/
- verify-s4-services.sh (service deployment check)
- verify-s5-cluster.sh (cluster formation check)
- verify-s6-integration.sh (full integration tests)
**Test Categories (in order):** **Test Categories (in order):**
1. Service Health (11 services on 3 nodes) 1. Service Health (11 services on 3 nodes)
@ -237,6 +249,29 @@ steps:
- Create follow-up task for fixes - Create follow-up task for fixes
- Do not proceed to production traffic until P0 resolved - Do not proceed to production traffic until P0 resolved
notes: |
**S6 COMPLETE (2025-12-19 17:21 JST)**
**P0 Results (4/4 PASS):**
1. Service Health: 33/33 active (11 per node)
2. IAM Auth: User create → token issue → verify flow works
3. ChainFire Replication: Write node01 → read node02/03
4. Node Failure: Leader stop → failover → rejoin with data sync
**Evidence:**
- ChainFire: term 36 → node01 stop → term 52 (node02 leader) → rejoin
- IAM: testuser created, JWT issued, verified valid
- Data: s6test, s6-failover-test replicated across nodes
**P1 Not Tested (optional):**
- LightningSTOR S3 CRUD
- FlashDNS records
- NightLight metrics
**Known Issue (P2):**
FlareDB REST returns "namespace not eventual" for writes
(ChainFire replication works, FlareDB needs consistency mode fix)
evidence: [] evidence: []
notes: | notes: |
**T036 Learnings Applied:** **T036 Learnings Applied:**