fix: container orchestration stability, AIUI inclusion, lnd-ui port, version 1.3.0
Container stability: - Merge scan results instead of full replacement (prevents UI flapping) - Absence threshold: 3 consecutive missed scans before removing from state - container-list RPC uses cached scanner state for consistency - Increased Podman API timeout 30s → 60s (scanner + health monitor) - Keep crashed containers visible as "exited" instead of podman rm -f - Resolve host-gateway IP via ip route (podman 4.3.x compatibility) ISO build fixes: - AIUI web app inclusion: searches 5 paths + CI step to copy from build server - Claude API proxy: systemctl enable with symlink fallback - AIUI nginx: try_files =404 (was /aiui/index.html redirect loop) - Build version set to 1.3.0 Container fixes: - lnd-ui: nginx listens on 8080 (was 80, Permission denied in rootless) - first-boot: image-versions.sh sourced from correct path with validation - first-boot: host-gateway resolved to actual gateway IP Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
@@ -18,7 +18,20 @@
|
||||
LOG="/var/log/archipelago-first-boot.log"
|
||||
|
||||
# Source pinned image versions (single source of truth)
|
||||
source /opt/archipelago/image-versions.sh 2>/dev/null || true
|
||||
# ISO copies to scripts/ subdir; also check the direct path for manual installs
|
||||
source /opt/archipelago/scripts/image-versions.sh 2>/dev/null \
|
||||
|| source /opt/archipelago/image-versions.sh 2>/dev/null \
|
||||
|| source /home/archipelago/archy/scripts/image-versions.sh 2>/dev/null \
|
||||
|| true
|
||||
|
||||
# Verify image-versions loaded — fail loudly if not
|
||||
if [ -z "$ARCHY_REGISTRY" ] || [ -z "$BITCOIN_KNOTS_IMAGE" ]; then
|
||||
log "FATAL: image-versions.sh not loaded — checked:"
|
||||
log " /opt/archipelago/scripts/image-versions.sh"
|
||||
log " /opt/archipelago/image-versions.sh"
|
||||
log " /home/archipelago/archy/scripts/image-versions.sh"
|
||||
log "Container creation will fail. Check ISO build."
|
||||
fi
|
||||
|
||||
# Source shared utility library
|
||||
SCRIPT_DIR_FBC="$(cd "$(dirname "$0")" && pwd)"
|
||||
@@ -38,6 +51,12 @@ DOCKER="runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/1000 podman"
|
||||
TARGET_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
|
||||
[ -z "$TARGET_IP" ] && TARGET_IP="127.0.0.1"
|
||||
|
||||
# Resolve host-gateway for --add-host (podman 4.3.x doesn't support "host-gateway")
|
||||
# Use the default gateway IP from the podman network, falling back to host LAN IP
|
||||
HOST_GATEWAY=$(ip route show default 2>/dev/null | awk '/default/ {print $3}' | head -1)
|
||||
[ -z "$HOST_GATEWAY" ] && HOST_GATEWAY="$TARGET_IP"
|
||||
ADD_HOST_FLAG="--add-host=host.containers.internal:${HOST_GATEWAY}"
|
||||
|
||||
log() { echo "$(date '+%Y-%m-%d %H:%M:%S') $*" | tee -a "$LOG"; }
|
||||
|
||||
# Ensure Tor is running for hidden services (LND connect, Electrumx, etc.)
|
||||
@@ -368,7 +387,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -qE 'bitcoin-knots|arch
|
||||
if $DOCKER run -d --name bitcoin-knots --restart unless-stopped \
|
||||
--health-cmd="bitcoin-cli -rpcuser=\$BITCOIN_RPC_USER -rpcpassword=\$BITCOIN_RPC_PASS getblockchaininfo || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
|
||||
--memory=$(mem_limit bitcoin-knots) --network archy-net \
|
||||
--add-host host.containers.internal:host-gateway \
|
||||
$ADD_HOST_FLAG \
|
||||
--cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
|
||||
--security-opt no-new-privileges:true \
|
||||
-p 8332:8332 -p 8333:8333 -p 28332:28332 -p 28333:28333 \
|
||||
@@ -608,7 +627,7 @@ LNDCONF
|
||||
$DOCKER run -d --name lnd --restart unless-stopped \
|
||||
--health-cmd="curl -sf --insecure https://localhost:8080/v1/getinfo || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
|
||||
--memory=$(mem_limit lnd) --network archy-net \
|
||||
--add-host host.containers.internal:host-gateway \
|
||||
$ADD_HOST_FLAG \
|
||||
--cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE --cap-add NET_RAW \
|
||||
--security-opt no-new-privileges:true \
|
||||
-p 9735:9735 -p 10009:10009 -p 8080:8080 \
|
||||
@@ -990,9 +1009,9 @@ for ui in bitcoin-ui lnd-ui; do
|
||||
case $ui in
|
||||
# UI containers use --network host so they can proxy to localhost services
|
||||
# (Bitcoin RPC at 127.0.0.1:8332, backend at 127.0.0.1:5678)
|
||||
# Internal nginx ports: bitcoin-ui=8334, electrs-ui=50002, lnd-ui=80 (mapped via nginx to 8081)
|
||||
# Internal nginx ports: bitcoin-ui=8334, electrs-ui=50002, lnd-ui=8080 (host 8081)
|
||||
bitcoin-ui) PORT_ARG=""; NET_ARG="--network host" ;;
|
||||
lnd-ui) PORT_ARG="-p 8081:80"; NET_ARG="" ;; # exception: port 80 conflicts with host nginx on host network
|
||||
lnd-ui) PORT_ARG="-p 8081:8080"; NET_ARG="" ;; # nginx inside listens on 8080 (no NET_BIND_SERVICE needed)
|
||||
electrs-ui) PORT_ARG=""; NET_ARG="--network host" ;;
|
||||
esac
|
||||
CONTAINER_NAME="archy-$ui"
|
||||
|
||||
Reference in New Issue
Block a user