fix(runner): use user pressure guard for non110 keepalive [skip ci]

This commit is contained in:
Your Name
2026-07-01 09:25:04 +08:00
parent 7bd1b1b2a4
commit 24ed4037fa
3 changed files with 23 additions and 5 deletions

View File

@@ -12,6 +12,22 @@
**邊界**:只改 public Gitea queue readback parser / tests / LOGBOOK未讀 token / secret / `.env` / raw sessions / SQLite / auth未使用 GitHub / `gh` / GitHub API未 workflow_dispatch未新增 host write、未重啟主機、未 restart Docker / Nginx / K3s / DB / firewall。
## 2026-07-01 — 09:23 non-110 pressure guard user-level path correction
**照主線修正的問題**
- 188 live apply 讀回 `/usr/local/bin/awoooi-wait-host-web-build-pressure.sh` 不存在;嘗試用 `sudo -n` 安裝時回 `sudo: a password is required`,證明 user-level runner installer 不應預設依賴 root `/usr/local/bin`
- `ops/runner/install-awoooi-non110-runner-user-service.sh``PRESSURE_GUARD` 預設改為 `${RUNNER_HOME}/.local/bin/awoooi-wait-host-web-build-pressure.sh`,維持 fail-closedguard 缺失時 runner / autostart / keepalive 不得啟動。
- 測試改為依 `RUNNER_HOME` 計算 guard path避免再次把 root-only 路徑寫死進 user service installer。
- 188 已安裝 user-level guard 到 `/home/ollama/.local/bin/awoooi-wait-host-web-build-pressure.sh`one-shot 回 `no host web/build/smoke pressure detected`;重新 apply installer 後讀回 `pressure_guard=/home/ollama/.local/bin/awoooi-wait-host-web-build-pressure.sh``SERVICE_START_PERFORMED=0``runner_token_read=false``raw_runner_registration_read=false`
**驗證**
- `python3.11 -m pytest ops/runner/test_install_awoooi_non110_runner_user_service.py ops/runner/test_check_awoooi_non110_runner_readiness.py ops/runner/test_cd_controlled_runtime_profile.py -q` 通過43 passed
- `bash -n ops/runner/install-awoooi-non110-runner-user-service.sh ops/runner/check-awoooi-non110-runner-readiness.sh scripts/ci/wait-host-web-build-pressure.sh` 通過。
- `python3.11 ops/runner/guard-gitea-runner-pressure.py --root .` 通過。
- `git diff --check` 通過。
**邊界**:未讀 secret / token / `.env` / raw sessions / SQLite / auth未讀 `.runner` 內容;未使用 GitHub / `gh` / GitHub API未 workflow_dispatch未重啟主機、未 restart Docker / Nginx / K3s / DB / firewall。
## 2026-07-01 — 09:18 non-110 runner runtime re-enable / queue no-matching cleared
**照主線修正的問題**

View File

@@ -27,7 +27,7 @@ CPU_QUOTA="${CPU_QUOTA:-200%}"
MEMORY_HIGH="${MEMORY_HIGH:-6G}"
MEMORY_MAX="${MEMORY_MAX:-8G}"
TASKS_MAX="${TASKS_MAX:-512}"
PRESSURE_GUARD="${PRESSURE_GUARD:-/usr/local/bin/awoooi-wait-host-web-build-pressure.sh}"
PRESSURE_GUARD="${PRESSURE_GUARD:-${RUNNER_HOME}/.local/bin/awoooi-wait-host-web-build-pressure.sh}"
PRESSURE_GUARD_ATTEMPTS="${PRESSURE_GUARD_ATTEMPTS:-1}"
PRESSURE_GUARD_SLEEP_SECONDS="${PRESSURE_GUARD_SLEEP_SECONDS:-0}"

View File

@@ -95,13 +95,14 @@ def test_apply_with_existing_registration_does_not_start_runner(tmp_path: Path)
assert "secret-token-like-content" not in result.stdout
unit_dir = tmp_path / "home/.config/systemd/user"
pressure_guard = tmp_path / "home/.local/bin/awoooi-wait-host-web-build-pressure.sh"
service = unit_dir / "awoooi-non110-runner.service"
rollback = unit_dir / "awoooi-non110-runner-rollback.service"
autostart = unit_dir / "awoooi-non110-runner-autostart.service"
keepalive_service = unit_dir / "awoooi-non110-runner-keepalive.service"
keepalive_timer = unit_dir / "awoooi-non110-runner-keepalive.timer"
service_text = service.read_text(encoding="utf-8")
assert "ExecStartPre=/usr/bin/test -x /usr/local/bin/awoooi-wait-host-web-build-pressure.sh" in service_text
assert f"ExecStartPre=/usr/bin/test -x {pressure_guard}" in service_text
assert "HOST_WEB_BUILD_PRESSURE_ATTEMPTS=1" in service_text
assert "HOST_WEB_BUILD_PRESSURE_SLEEP_SECONDS=0" in service_text
rollback_text = rollback.read_text(encoding="utf-8")
@@ -114,7 +115,7 @@ def test_apply_with_existing_registration_does_not_start_runner(tmp_path: Path)
encoding="utf-8"
)
keepalive_service_text = keepalive_service.read_text(encoding="utf-8")
assert "ExecStart=/usr/bin/test -x /usr/local/bin/awoooi-wait-host-web-build-pressure.sh" in keepalive_service_text
assert f"ExecStart=/usr/bin/test -x {pressure_guard}" in keepalive_service_text
assert "HOST_WEB_BUILD_PRESSURE_ATTEMPTS=1" in keepalive_service_text
assert "HOST_WEB_BUILD_PRESSURE_SLEEP_SECONDS=0" in keepalive_service_text
assert "ExecStart=/usr/bin/systemctl --user daemon-reload" in keepalive_service_text
@@ -123,7 +124,7 @@ def test_apply_with_existing_registration_does_not_start_runner(tmp_path: Path)
in keepalive_service_text
)
assert "OnUnitInactiveSec=15s" in keepalive_timer.read_text(encoding="utf-8")
assert "pressure_guard=/usr/local/bin/awoooi-wait-host-web-build-pressure.sh" in result.stdout
assert f"pressure_guard={pressure_guard}" in result.stdout
log = (tmp_path / "systemctl.log").read_text(encoding="utf-8")
assert "enable --now awoooi-non110-runner-autostart.path" not in log
@@ -142,10 +143,11 @@ def test_enable_starts_runner_and_keepalive_without_printing_registration(
runner_dir = tmp_path / "home/act-runner-awoooi"
assert (runner_dir / ".awoooi-non110-runner-enabled").exists()
pressure_guard = tmp_path / "home/.local/bin/awoooi-wait-host-web-build-pressure.sh"
service_text = (
tmp_path / "home/.config/systemd/user/awoooi-non110-runner.service"
).read_text(encoding="utf-8")
assert "ExecStartPre=/usr/bin/test -x /usr/local/bin/awoooi-wait-host-web-build-pressure.sh" in service_text
assert f"ExecStartPre=/usr/bin/test -x {pressure_guard}" in service_text
assert "HOST_WEB_BUILD_PRESSURE_ATTEMPTS=1" in service_text
log = (tmp_path / "systemctl.log").read_text(encoding="utf-8")
assert "enable --now awoooi-non110-runner-keepalive.timer" in log