archy/docker-compose.testnet.yml

148 lines
4.1 KiB
YAML
Raw Normal View History

release(v1.7.41-alpha): post-OTA auto-rollback so a bad release cannot strand the fleet Closes failure mode FM5 from docs/bulletproof-containers.md: the v1.7.38 + v1.7.39 rollouts left every affected node on an unreachable UI (nginx 500) with no recovery path short of SSH. This release adds a self-check guardrail to the update flow. What changed: - apply_update() writes a pending-verify marker with old+new version and a 150s deadline immediately before scheduling the service restart. - verify_pending_update() runs from main.rs startup. If the marker is present and within its freshness window, the new binary waits 15s for nginx + backend to settle, then probes https://127.0.0.1/ every 5s for up to 90s (self-signed certs accepted). - On any probe success within the window, the marker is cleared and nothing else happens. - On window-exhaust, the new binary: 1. Moves the broken /opt/archipelago/web-ui to web-ui.failed.<ts> (quarantined, not deleted, so we can post-mortem). 2. Restores web-ui.bak on top of web-ui. 3. Calls rollback_update() to restore the previous binary. 4. Updates state.current_version to reflect the rollback. 5. systemctl --no-block restart archipelago so the OLD binary boots. - Markers older than 10 minutes are treated as stale and cleared without probing, so a crashed-during-startup marker from weeks ago cannot spontaneously roll back a healthy node on a later reboot. - rollback_update() binary copy now goes through host_sudo instead of tokio::fs::copy, so it escapes the service's ProtectSystem=strict mount namespace. Without this, the rollback silently failed with EROFS on /usr/local/bin and orphaned the rollback - the exact opposite of what auto-rollback is for. Tests: 4 new unit tests in update::tests covering marker round-trip, absent-marker noop, no-panic on verify_pending_update with nothing to verify, and an invariant assert that the 90s probe window stays below the 600s stale threshold. All passing. Side fix: scripts/create-release-manifest.sh was dying with exit 141 (SIGPIPE from tar tvzf pipe head pipe awk) under set -euo pipefail. Replaced with a single awk NR==1 that doesn't short-circuit the upstream pipe, so the release-build flow is idempotent again.
2026-04-22 16:14:35 -04:00
# Archipelago Lightning Testnet Stack (Signet)
# Real Bitcoin signet + LND + ThunderHub for testing Lightning features
#
# Start: docker compose -f docker-compose.testnet.yml up -d
# Stop: docker compose -f docker-compose.testnet.yml down
# Logs: docker compose -f docker-compose.testnet.yml logs -f
#
# First run: signet blockchain syncs in ~10 minutes (~200MB)
# LND wallet auto-created with --noseedbackup (dev only!)
#
# Access:
# ThunderHub: http://localhost:3010 (password: thunderhub)
# LND REST: http://localhost:8080
# LND gRPC: localhost:10009
# Bitcoin RPC: localhost:38332 (user: bitcoin, pass: bitcoinpass)
#
# Get signet coins: https://signetfaucet.com or https://alt.signetfaucet.com
services:
# Bitcoin Core — signet mode (lightweight testnet, ~200MB sync)
bitcoind-signet:
image: lncm/bitcoind:v27.0
container_name: archy-bitcoind-signet
ports:
- "38332:38332" # RPC
- "38333:38333" # P2P
volumes:
- signet-bitcoin-data:/data/.bitcoin
command: |
-signet
-server
-rpcuser=bitcoin
-rpcpassword=bitcoinpass
-rpcallowip=0.0.0.0/0
-rpcbind=0.0.0.0
-rpcport=38332
-txindex=1
-zmqpubrawblock=tcp://0.0.0.0:28332
-zmqpubrawtx=tcp://0.0.0.0:28333
restart: unless-stopped
healthcheck:
test: ["CMD", "bitcoin-cli", "-signet", "-rpcuser=bitcoin", "-rpcpassword=bitcoinpass", "-rpcport=38332", "getblockchaininfo"]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
networks:
- signet-net
# LND — connected to signet bitcoind
lnd-signet:
image: lightninglabs/lnd:v0.17.4-beta
container_name: archy-lnd-signet
ports:
- "9735:9735" # P2P (Lightning)
- "8080:8080" # REST API
- "10009:10009" # gRPC
volumes:
- signet-lnd-data:/root/.lnd
command: |
--bitcoin.active
--bitcoin.signet
--bitcoin.node=bitcoind
--bitcoind.rpchost=bitcoind-signet:38332
--bitcoind.rpcuser=bitcoin
--bitcoind.rpcpass=bitcoinpass
--bitcoind.zmqpubrawblock=tcp://bitcoind-signet:28332
--bitcoind.zmqpubrawtx=tcp://bitcoind-signet:28333
--debuglevel=info
--rpclisten=0.0.0.0:10009
--restlisten=0.0.0.0:8080
--listen=0.0.0.0:9735
--alias=archy-signet
--color=#f7931a
--noseedbackup
--accept-keysend
--gc-canceled-invoices-on-startup
depends_on:
bitcoind-signet:
condition: service_healthy
restart: unless-stopped
healthcheck:
test: ["CMD", "lncli", "--network=signet", "getinfo"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
networks:
- signet-net
# ThunderHub — Lightning node management UI
thunderhub-signet:
image: apotdevin/thunderhub:v0.13.31
container_name: archy-thunderhub-signet
ports:
- "3010:3000"
volumes:
- signet-lnd-data:/lnd-data:ro
- ./testnet/thunderhub-config.yaml:/data/thubConfig.yaml:ro
environment:
ACCOUNT_CONFIG_PATH: /data/thubConfig.yaml
LOG_LEVEL: info
THEME: dark
CURRENCY: BTC
FETCH_PRICES: "false"
FETCH_FEES: "true"
depends_on:
lnd-signet:
condition: service_healthy
restart: unless-stopped
networks:
- signet-net
# Fedimint — signet mode (optional, for ecash testing)
fedimint-signet:
image: fedimint/fedimintd:v0.10.0
container_name: archy-fedimint-signet
platform: linux/amd64
ports:
- "18173:8173" # P2P
- "18174:8174" # API
- "18175:8175" # Guardian UI
volumes:
- signet-fedimint-data:/data
environment:
FM_BITCOIND_URL: http://bitcoind-signet:38332
FM_BITCOIND_USERNAME: bitcoin
FM_BITCOIND_PASSWORD: bitcoinpass
FM_BITCOIN_NETWORK: signet
FM_BIND_P2P: 0.0.0.0:8173
FM_BIND_API: 0.0.0.0:8174
FM_BIND_UI: 0.0.0.0:8175
depends_on:
bitcoind-signet:
condition: service_healthy
restart: unless-stopped
networks:
- signet-net
volumes:
signet-bitcoin-data:
signet-lnd-data:
signet-fedimint-data:
networks:
signet-net:
driver: bridge