From 24ed4037fa3994534eee7d474d6a072ba387ccd2 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Jul 2026 09:25:04 +0800 Subject: [PATCH] fix(runner): use user pressure guard for non110 keepalive [skip ci] --- docs/LOGBOOK.md | 16 ++++++++++++++++ .../install-awoooi-non110-runner-user-service.sh | 2 +- ..._install_awoooi_non110_runner_user_service.py | 10 ++++++---- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 22baa532..4c32c9c2 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -12,6 +12,22 @@ **邊界**:只改 public Gitea queue readback parser / tests / LOGBOOK;未讀 token / secret / `.env` / raw sessions / SQLite / auth;未使用 GitHub / `gh` / GitHub API;未 workflow_dispatch;未新增 host write、未重啟主機、未 restart Docker / Nginx / K3s / DB / firewall。 +## 2026-07-01 — 09:23 non-110 pressure guard user-level path correction + +**照主線修正的問題**: +- 188 live apply 讀回 `/usr/local/bin/awoooi-wait-host-web-build-pressure.sh` 不存在;嘗試用 `sudo -n` 安裝時回 `sudo: a password is required`,證明 user-level runner installer 不應預設依賴 root `/usr/local/bin`。 +- `ops/runner/install-awoooi-non110-runner-user-service.sh` 將 `PRESSURE_GUARD` 預設改為 `${RUNNER_HOME}/.local/bin/awoooi-wait-host-web-build-pressure.sh`,維持 fail-closed:guard 缺失時 runner / autostart / keepalive 不得啟動。 +- 測試改為依 `RUNNER_HOME` 計算 guard path,避免再次把 root-only 路徑寫死進 user service installer。 +- 188 已安裝 user-level guard 到 `/home/ollama/.local/bin/awoooi-wait-host-web-build-pressure.sh`,one-shot 回 `no host web/build/smoke pressure detected`;重新 apply installer 後讀回 `pressure_guard=/home/ollama/.local/bin/awoooi-wait-host-web-build-pressure.sh`、`SERVICE_START_PERFORMED=0`、`runner_token_read=false`、`raw_runner_registration_read=false`。 + +**驗證**: +- `python3.11 -m pytest ops/runner/test_install_awoooi_non110_runner_user_service.py ops/runner/test_check_awoooi_non110_runner_readiness.py ops/runner/test_cd_controlled_runtime_profile.py -q` 通過(43 passed)。 +- `bash -n ops/runner/install-awoooi-non110-runner-user-service.sh ops/runner/check-awoooi-non110-runner-readiness.sh scripts/ci/wait-host-web-build-pressure.sh` 通過。 +- `python3.11 ops/runner/guard-gitea-runner-pressure.py --root .` 通過。 +- `git diff --check` 通過。 + +**邊界**:未讀 secret / token / `.env` / raw sessions / SQLite / auth;未讀 `.runner` 內容;未使用 GitHub / `gh` / GitHub API;未 workflow_dispatch;未重啟主機、未 restart Docker / Nginx / K3s / DB / firewall。 + ## 2026-07-01 — 09:18 non-110 runner runtime re-enable / queue no-matching cleared **照主線修正的問題**: diff --git a/ops/runner/install-awoooi-non110-runner-user-service.sh b/ops/runner/install-awoooi-non110-runner-user-service.sh index 8083f940..0a1c51fc 100755 --- a/ops/runner/install-awoooi-non110-runner-user-service.sh +++ b/ops/runner/install-awoooi-non110-runner-user-service.sh @@ -27,7 +27,7 @@ CPU_QUOTA="${CPU_QUOTA:-200%}" MEMORY_HIGH="${MEMORY_HIGH:-6G}" MEMORY_MAX="${MEMORY_MAX:-8G}" TASKS_MAX="${TASKS_MAX:-512}" -PRESSURE_GUARD="${PRESSURE_GUARD:-/usr/local/bin/awoooi-wait-host-web-build-pressure.sh}" +PRESSURE_GUARD="${PRESSURE_GUARD:-${RUNNER_HOME}/.local/bin/awoooi-wait-host-web-build-pressure.sh}" PRESSURE_GUARD_ATTEMPTS="${PRESSURE_GUARD_ATTEMPTS:-1}" PRESSURE_GUARD_SLEEP_SECONDS="${PRESSURE_GUARD_SLEEP_SECONDS:-0}" diff --git a/ops/runner/test_install_awoooi_non110_runner_user_service.py b/ops/runner/test_install_awoooi_non110_runner_user_service.py index 1010f946..898f41d4 100644 --- a/ops/runner/test_install_awoooi_non110_runner_user_service.py +++ b/ops/runner/test_install_awoooi_non110_runner_user_service.py @@ -95,13 +95,14 @@ def test_apply_with_existing_registration_does_not_start_runner(tmp_path: Path) assert "secret-token-like-content" not in result.stdout unit_dir = tmp_path / "home/.config/systemd/user" + pressure_guard = tmp_path / "home/.local/bin/awoooi-wait-host-web-build-pressure.sh" service = unit_dir / "awoooi-non110-runner.service" rollback = unit_dir / "awoooi-non110-runner-rollback.service" autostart = unit_dir / "awoooi-non110-runner-autostart.service" keepalive_service = unit_dir / "awoooi-non110-runner-keepalive.service" keepalive_timer = unit_dir / "awoooi-non110-runner-keepalive.timer" service_text = service.read_text(encoding="utf-8") - assert "ExecStartPre=/usr/bin/test -x /usr/local/bin/awoooi-wait-host-web-build-pressure.sh" in service_text + assert f"ExecStartPre=/usr/bin/test -x {pressure_guard}" in service_text assert "HOST_WEB_BUILD_PRESSURE_ATTEMPTS=1" in service_text assert "HOST_WEB_BUILD_PRESSURE_SLEEP_SECONDS=0" in service_text rollback_text = rollback.read_text(encoding="utf-8") @@ -114,7 +115,7 @@ def test_apply_with_existing_registration_does_not_start_runner(tmp_path: Path) encoding="utf-8" ) keepalive_service_text = keepalive_service.read_text(encoding="utf-8") - assert "ExecStart=/usr/bin/test -x /usr/local/bin/awoooi-wait-host-web-build-pressure.sh" in keepalive_service_text + assert f"ExecStart=/usr/bin/test -x {pressure_guard}" in keepalive_service_text assert "HOST_WEB_BUILD_PRESSURE_ATTEMPTS=1" in keepalive_service_text assert "HOST_WEB_BUILD_PRESSURE_SLEEP_SECONDS=0" in keepalive_service_text assert "ExecStart=/usr/bin/systemctl --user daemon-reload" in keepalive_service_text @@ -123,7 +124,7 @@ def test_apply_with_existing_registration_does_not_start_runner(tmp_path: Path) in keepalive_service_text ) assert "OnUnitInactiveSec=15s" in keepalive_timer.read_text(encoding="utf-8") - assert "pressure_guard=/usr/local/bin/awoooi-wait-host-web-build-pressure.sh" in result.stdout + assert f"pressure_guard={pressure_guard}" in result.stdout log = (tmp_path / "systemctl.log").read_text(encoding="utf-8") assert "enable --now awoooi-non110-runner-autostart.path" not in log @@ -142,10 +143,11 @@ def test_enable_starts_runner_and_keepalive_without_printing_registration( runner_dir = tmp_path / "home/act-runner-awoooi" assert (runner_dir / ".awoooi-non110-runner-enabled").exists() + pressure_guard = tmp_path / "home/.local/bin/awoooi-wait-host-web-build-pressure.sh" service_text = ( tmp_path / "home/.config/systemd/user/awoooi-non110-runner.service" ).read_text(encoding="utf-8") - assert "ExecStartPre=/usr/bin/test -x /usr/local/bin/awoooi-wait-host-web-build-pressure.sh" in service_text + assert f"ExecStartPre=/usr/bin/test -x {pressure_guard}" in service_text assert "HOST_WEB_BUILD_PRESSURE_ATTEMPTS=1" in service_text log = (tmp_path / "systemctl.log").read_text(encoding="utf-8") assert "enable --now awoooi-non110-runner-keepalive.timer" in log