2026-03-20 10:13:49 +00:00
|
|
|
//! Podman container management via the REST API unix socket.
|
|
|
|
|
//!
|
|
|
|
|
//! Connects to the rootless Podman API at /run/user/{UID}/podman/podman.sock.
|
|
|
|
|
//! All operations are non-blocking async via tokio + hyper.
|
|
|
|
|
//! Falls back to CLI only for image pulls (long-running streaming operations).
|
|
|
|
|
|
Update archipelago: API, auth, container, parmanode, performance, security
- API handler, RPC, and server updates
- Auth and coding rules
- Container data manager, dev orchestrator, health monitor, podman client
- Parmanode script runner
- Performance resource manager
- Security container policies and secrets manager
- Add build scripts and documentation
2026-01-27 22:27:17 +00:00
|
|
|
use crate::manifest::AppManifest;
|
2026-01-24 22:01:51 +00:00
|
|
|
use anyhow::{Context, Result};
|
2026-03-20 10:13:49 +00:00
|
|
|
use hyper::{Body, Request, Uri};
|
2026-01-24 22:01:51 +00:00
|
|
|
use serde::{Deserialize, Serialize};
|
2026-06-11 00:33:24 -04:00
|
|
|
use std::path::{Path, PathBuf};
|
2026-01-24 22:01:51 +00:00
|
|
|
use thiserror::Error;
|
2026-03-20 10:13:49 +00:00
|
|
|
use tokio::net::UnixStream;
|
|
|
|
|
|
|
|
|
|
const API_VERSION: &str = "v4.0.0";
|
2026-04-02 01:28:11 +01:00
|
|
|
const DEFAULT_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(60);
|
2026-03-20 10:13:49 +00:00
|
|
|
const LONG_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(120);
|
2026-01-24 22:01:51 +00:00
|
|
|
|
|
|
|
|
#[derive(Debug, Error)]
|
|
|
|
|
pub enum PodmanError {
|
2026-03-20 10:13:49 +00:00
|
|
|
#[error("Podman API error: {0}")]
|
|
|
|
|
ApiError(String),
|
2026-01-24 22:01:51 +00:00
|
|
|
#[error("Container not found: {0}")]
|
|
|
|
|
NotFound(String),
|
2026-03-20 10:13:49 +00:00
|
|
|
#[error("Podman socket not available: {0}")]
|
|
|
|
|
SocketUnavailable(String),
|
2026-01-24 22:01:51 +00:00
|
|
|
#[error("IO error: {0}")]
|
|
|
|
|
Io(#[from] std::io::Error),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[derive(Debug, Clone, Serialize, Deserialize)]
|
|
|
|
|
pub struct ContainerStatus {
|
|
|
|
|
pub id: String,
|
|
|
|
|
pub name: String,
|
|
|
|
|
pub state: ContainerState,
|
2026-03-20 10:13:49 +00:00
|
|
|
pub health: Option<String>,
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
pub exit_code: Option<i32>,
|
security+feat: v1.3.0 — pentest remediation, container reliability, UI overhaul
Security (33 pentest findings addressed):
- CRITICAL: backend binds 127.0.0.1, path traversal in tor.rs/dwn fixed
- HIGH: federation requires signatures, XSS login redirect, RBAC viewer restricted
- HIGH: tar slip prevention, S3 SSRF validation, backup ID validation
- MEDIUM: remember-me random secret, TOTP session rotation, password re-auth
- LOW: CSP unsafe-inline removed, CORS dev-only, onion/webhook validation
Container reliability:
- Memory limits on all 37 containers (OOM prevention)
- Exited vs stopped state distinction with health-aware status badges
- Crash recovery coordination (no more restart cascade)
- User-stopped tracking survives reboots
- Tiered boot recovery (databases → core → services → apps)
UI:
- Wallet TransactionsModal, health-aware app status badges
- Restart button on containers, exited/crashed red state
- Mesh view overhaul, glass button updates, BaseModal/ToggleSwitch
- Apps sticky header removed, dev faucet, mutable mock wallet
Infrastructure:
- LND REST port 8080 exposed over Tor (LND Connect fix)
- Nginx cookie_session fix, deploy script Tor config updated
- Dev environment: podman auto-start, boot mode simulation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 12:44:31 +00:00
|
|
|
pub started_at: Option<String>,
|
2026-01-24 22:01:51 +00:00
|
|
|
pub image: String,
|
|
|
|
|
pub created: String,
|
|
|
|
|
pub ports: Vec<String>,
|
2026-03-20 10:13:49 +00:00
|
|
|
pub lan_address: Option<String>,
|
security+feat: v1.3.0 — pentest remediation, container reliability, UI overhaul
Security (33 pentest findings addressed):
- CRITICAL: backend binds 127.0.0.1, path traversal in tor.rs/dwn fixed
- HIGH: federation requires signatures, XSS login redirect, RBAC viewer restricted
- HIGH: tar slip prevention, S3 SSRF validation, backup ID validation
- MEDIUM: remember-me random secret, TOTP session rotation, password re-auth
- LOW: CSP unsafe-inline removed, CORS dev-only, onion/webhook validation
Container reliability:
- Memory limits on all 37 containers (OOM prevention)
- Exited vs stopped state distinction with health-aware status badges
- Crash recovery coordination (no more restart cascade)
- User-stopped tracking survives reboots
- Tiered boot recovery (databases → core → services → apps)
UI:
- Wallet TransactionsModal, health-aware app status badges
- Restart button on containers, exited/crashed red state
- Mesh view overhaul, glass button updates, BaseModal/ToggleSwitch
- Apps sticky header removed, dev faucet, mutable mock wallet
Infrastructure:
- LND REST port 8080 exposed over Tor (LND Connect fix)
- Nginx cookie_session fix, deploy script Tor config updated
- Dev environment: podman auto-start, boot mode simulation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 12:44:31 +00:00
|
|
|
}
|
|
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
|
|
|
|
|
pub enum ContainerState {
|
|
|
|
|
Created,
|
|
|
|
|
Running,
|
2026-05-13 15:09:22 -04:00
|
|
|
Stopping,
|
2026-01-24 22:01:51 +00:00
|
|
|
Stopped,
|
|
|
|
|
Exited,
|
|
|
|
|
Paused,
|
|
|
|
|
Unknown(String),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<&str> for ContainerState {
|
|
|
|
|
fn from(s: &str) -> Self {
|
|
|
|
|
match s.to_lowercase().as_str() {
|
2026-06-11 00:24:32 -04:00
|
|
|
"created" | "initialized" => ContainerState::Created,
|
2026-01-24 22:01:51 +00:00
|
|
|
"running" => ContainerState::Running,
|
2026-06-11 00:24:32 -04:00
|
|
|
"stopping" | "removing" => ContainerState::Stopping,
|
2026-01-24 22:01:51 +00:00
|
|
|
"stopped" => ContainerState::Stopped,
|
|
|
|
|
"exited" => ContainerState::Exited,
|
|
|
|
|
"paused" => ContainerState::Paused,
|
|
|
|
|
other => ContainerState::Unknown(other.to_string()),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-20 10:13:49 +00:00
|
|
|
/// Parse health status from podman's Status string (e.g., "Up 5 minutes (healthy)")
|
|
|
|
|
fn parse_health_from_status(status: &str) -> Option<String> {
|
|
|
|
|
if let Some(start) = status.rfind('(') {
|
|
|
|
|
if let Some(end) = status.rfind(')') {
|
|
|
|
|
if start < end {
|
|
|
|
|
return Some(status[start + 1..end].to_string());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
None
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
pub struct PodmanClient {
|
2026-03-20 10:13:49 +00:00
|
|
|
socket_path: PathBuf,
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl PodmanClient {
|
|
|
|
|
pub fn new(user: String) -> Self {
|
2026-03-20 10:13:49 +00:00
|
|
|
// Determine socket path based on user
|
|
|
|
|
let uid = Self::get_uid(&user);
|
|
|
|
|
let socket_path = PathBuf::from(format!("/run/user/{}/podman/podman.sock", uid));
|
|
|
|
|
Self { socket_path }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn get_uid(user: &str) -> u32 {
|
|
|
|
|
// Try to get UID from /etc/passwd
|
|
|
|
|
if let Ok(content) = std::fs::read_to_string("/etc/passwd") {
|
|
|
|
|
for line in content.lines() {
|
|
|
|
|
let parts: Vec<&str> = line.split(':').collect();
|
|
|
|
|
if parts.len() >= 3 && parts[0] == user {
|
|
|
|
|
if let Ok(uid) = parts[2].parse() {
|
|
|
|
|
return uid;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
// Default to 1000 (standard first user)
|
|
|
|
|
1000
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
/// Map container name to its UI launch URL
|
2026-03-18 16:32:39 +00:00
|
|
|
pub fn lan_address_for(name: &str) -> Option<String> {
|
2026-06-11 00:33:24 -04:00
|
|
|
if let Some(url) = manifest_lan_address_for(name) {
|
|
|
|
|
return Some(url);
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-16 12:58:35 +00:00
|
|
|
let url = match name {
|
|
|
|
|
"bitcoin-knots" | "bitcoin-ui" => "http://localhost:8334",
|
2026-05-05 11:29:18 -04:00
|
|
|
"lnd" | "archy-lnd-ui" => "http://localhost:18083",
|
2026-03-16 12:58:35 +00:00
|
|
|
"archy-mempool-web" | "mempool" => "http://localhost:4080",
|
|
|
|
|
"ollama" => "http://localhost:11434",
|
2026-04-02 16:15:04 +01:00
|
|
|
"cryptpad" => "http://localhost:3003",
|
2026-03-16 12:58:35 +00:00
|
|
|
"penpot" => "http://localhost:9001",
|
|
|
|
|
"immich_server" | "immich" => "http://localhost:2283",
|
2026-05-17 17:30:04 -04:00
|
|
|
"nginx-proxy-manager" => "http://localhost:8081",
|
2026-03-16 12:58:35 +00:00
|
|
|
"fedimint-gateway" => "http://localhost:8176",
|
|
|
|
|
"dwn" => "http://localhost:3100",
|
|
|
|
|
"endurain" => "http://localhost:8080",
|
2026-05-19 21:45:17 -04:00
|
|
|
"netbird" => "http://localhost:8087",
|
2026-03-16 12:58:35 +00:00
|
|
|
"electrs" | "archy-electrs-ui" => "http://localhost:50002",
|
|
|
|
|
_ => return None,
|
|
|
|
|
};
|
|
|
|
|
Some(url.to_string())
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-20 10:13:49 +00:00
|
|
|
// ─── API Client ──────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
/// Send a request to the Podman API via unix socket.
|
|
|
|
|
async fn api_request(
|
|
|
|
|
&self,
|
|
|
|
|
method: &str,
|
|
|
|
|
path: &str,
|
|
|
|
|
body: Option<serde_json::Value>,
|
|
|
|
|
timeout: std::time::Duration,
|
|
|
|
|
) -> Result<serde_json::Value> {
|
|
|
|
|
let socket_path = self.socket_path.clone();
|
|
|
|
|
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
// Connect to the unix socket (30s timeout — podman can be slow under load on boot)
|
2026-03-20 10:13:49 +00:00
|
|
|
let stream = tokio::time::timeout(
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
std::time::Duration::from_secs(30),
|
2026-03-20 10:13:49 +00:00
|
|
|
UnixStream::connect(&socket_path),
|
|
|
|
|
)
|
|
|
|
|
.await
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
.map_err(|_| anyhow::anyhow!("Podman socket connection timed out (30s)"))?
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
.context(format!(
|
|
|
|
|
"Cannot connect to Podman socket at {}",
|
|
|
|
|
socket_path.display()
|
|
|
|
|
))?;
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
// Build the hyper client with the unix stream
|
|
|
|
|
let (mut sender, conn) = hyper::client::conn::Builder::new()
|
|
|
|
|
.handshake::<_, Body>(stream)
|
|
|
|
|
.await
|
|
|
|
|
.context("Podman API handshake failed")?;
|
|
|
|
|
|
|
|
|
|
// Spawn the connection handler
|
|
|
|
|
tokio::spawn(async move {
|
|
|
|
|
if let Err(e) = conn.await {
|
|
|
|
|
tracing::debug!("Podman API connection ended: {}", e);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Build the request
|
|
|
|
|
let uri: Uri = format!("/{}/{}", API_VERSION, path.trim_start_matches('/'))
|
|
|
|
|
.parse()
|
|
|
|
|
.context("Invalid API path")?;
|
|
|
|
|
|
|
|
|
|
let req = match method {
|
|
|
|
|
"POST" => {
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
let body_str = match body {
|
|
|
|
|
Some(b) => serde_json::to_string(&b)
|
|
|
|
|
.context("Failed to serialize request body to JSON")?,
|
|
|
|
|
None => String::new(),
|
|
|
|
|
};
|
2026-03-20 10:13:49 +00:00
|
|
|
Request::builder()
|
|
|
|
|
.method("POST")
|
|
|
|
|
.uri(uri)
|
|
|
|
|
.header("Host", "localhost")
|
|
|
|
|
.header("Content-Type", "application/json")
|
|
|
|
|
.body(Body::from(body_str))
|
|
|
|
|
.context("Failed to build POST request")?
|
|
|
|
|
}
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
"DELETE" => Request::builder()
|
|
|
|
|
.method("DELETE")
|
|
|
|
|
.uri(uri)
|
|
|
|
|
.header("Host", "localhost")
|
|
|
|
|
.body(Body::empty())
|
|
|
|
|
.context("Failed to build DELETE request")?,
|
|
|
|
|
_ => Request::builder()
|
|
|
|
|
.method("GET")
|
|
|
|
|
.uri(uri)
|
|
|
|
|
.header("Host", "localhost")
|
|
|
|
|
.body(Body::empty())
|
|
|
|
|
.context("Failed to build GET request")?,
|
2026-03-20 10:13:49 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Send with timeout
|
|
|
|
|
let resp = tokio::time::timeout(timeout, sender.send_request(req))
|
|
|
|
|
.await
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
.map_err(|_| {
|
|
|
|
|
anyhow::anyhow!("Podman API request timed out after {}s", timeout.as_secs())
|
|
|
|
|
})?
|
2026-03-20 10:13:49 +00:00
|
|
|
.context("Podman API request failed")?;
|
|
|
|
|
|
|
|
|
|
let status = resp.status();
|
|
|
|
|
let body_bytes = hyper::body::to_bytes(resp.into_body())
|
|
|
|
|
.await
|
|
|
|
|
.context("Failed to read Podman API response")?;
|
|
|
|
|
|
|
|
|
|
if status == hyper::StatusCode::NOT_FOUND {
|
|
|
|
|
return Err(anyhow::anyhow!("Not found"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !status.is_success() {
|
|
|
|
|
let error_text = String::from_utf8_lossy(&body_bytes);
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
return Err(anyhow::anyhow!(
|
|
|
|
|
"Podman API {} {}: {}",
|
|
|
|
|
status.as_u16(),
|
|
|
|
|
status.canonical_reason().unwrap_or(""),
|
|
|
|
|
error_text
|
|
|
|
|
));
|
2026-03-20 10:13:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Some endpoints return empty body on success (start/stop/restart)
|
|
|
|
|
if body_bytes.is_empty() {
|
|
|
|
|
return Ok(serde_json::json!({"ok": true}));
|
|
|
|
|
}
|
|
|
|
|
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
serde_json::from_slice(&body_bytes).context("Failed to parse Podman API JSON response")
|
2026-03-20 10:13:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Simple POST with no body (start/stop/restart)
|
|
|
|
|
async fn api_post_action(&self, path: &str) -> Result<()> {
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
self.api_request("POST", path, None, DEFAULT_TIMEOUT)
|
|
|
|
|
.await?;
|
2026-03-20 10:13:49 +00:00
|
|
|
Ok(())
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
// ─── Container Operations ────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
pub async fn pull_image(&self, image: &str, _signature: Option<&str>) -> Result<()> {
|
|
|
|
|
// Image pull uses CLI — it's a streaming operation that the API handles differently
|
|
|
|
|
let mut cmd = tokio::process::Command::new("podman");
|
2026-05-01 08:52:29 -04:00
|
|
|
cmd.arg("pull");
|
|
|
|
|
if image_uses_insecure_registry(image) {
|
|
|
|
|
cmd.arg("--tls-verify=false");
|
|
|
|
|
}
|
|
|
|
|
cmd.arg(image);
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
let output = tokio::time::timeout(
|
|
|
|
|
std::time::Duration::from_secs(600), // 10 min for large images
|
|
|
|
|
cmd.output(),
|
|
|
|
|
)
|
|
|
|
|
.await
|
|
|
|
|
.map_err(|_| anyhow::anyhow!("Image pull timed out after 10 minutes"))?
|
|
|
|
|
.context("Failed to execute podman pull")?;
|
|
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
if !output.status.success() {
|
|
|
|
|
let stderr = String::from_utf8_lossy(&output.stderr);
|
|
|
|
|
return Err(anyhow::anyhow!("Failed to pull image: {}", stderr));
|
|
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
Ok(())
|
|
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
pub async fn create_container(&self, manifest: &AppManifest, name: &str) -> Result<String> {
|
2026-03-20 10:13:49 +00:00
|
|
|
// Build the container spec for the API
|
|
|
|
|
let mut port_mappings = Vec::new();
|
2026-01-24 22:01:51 +00:00
|
|
|
for port in &manifest.app.ports {
|
2026-03-20 10:13:49 +00:00
|
|
|
port_mappings.push(serde_json::json!({
|
|
|
|
|
"container_port": port.container,
|
|
|
|
|
"host_port": port.host,
|
|
|
|
|
"protocol": "tcp",
|
|
|
|
|
}));
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
let mut mounts = Vec::new();
|
2026-01-24 22:01:51 +00:00
|
|
|
for volume in &manifest.app.volumes {
|
2026-04-28 15:00:58 -04:00
|
|
|
if volume.volume_type == "tmpfs" {
|
|
|
|
|
let options: Vec<String> = volume
|
|
|
|
|
.tmpfs_options
|
|
|
|
|
.as_deref()
|
|
|
|
|
.unwrap_or("")
|
|
|
|
|
.split(',')
|
|
|
|
|
.map(str::trim)
|
|
|
|
|
.filter(|s| !s.is_empty())
|
|
|
|
|
.map(|s| s.to_string())
|
|
|
|
|
.collect();
|
|
|
|
|
mounts.push(serde_json::json!({
|
|
|
|
|
"destination": volume.target,
|
|
|
|
|
"type": "tmpfs",
|
|
|
|
|
"options": options,
|
|
|
|
|
}));
|
|
|
|
|
} else {
|
|
|
|
|
mounts.push(serde_json::json!({
|
|
|
|
|
"destination": volume.target,
|
|
|
|
|
"source": volume.source,
|
|
|
|
|
"type": "bind",
|
|
|
|
|
"options": volume.options,
|
|
|
|
|
}));
|
|
|
|
|
}
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
let mut env_map = serde_json::Map::new();
|
2026-01-24 22:01:51 +00:00
|
|
|
for env in &manifest.app.environment {
|
2026-03-20 10:13:49 +00:00
|
|
|
if let Some((k, v)) = env.split_once('=') {
|
|
|
|
|
env_map.insert(k.to_string(), serde_json::Value::String(v.to_string()));
|
|
|
|
|
}
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-11 19:06:59 +00:00
|
|
|
|
2026-03-22 03:30:21 +00:00
|
|
|
let cap_add: Vec<String> = manifest.app.security.capabilities.clone();
|
2026-03-20 10:13:49 +00:00
|
|
|
let cap_drop = vec!["ALL".to_string()];
|
2026-03-11 19:06:59 +00:00
|
|
|
|
2026-04-22 17:46:36 -04:00
|
|
|
let image_ref = manifest.app.container.image_ref().ok_or_else(|| {
|
|
|
|
|
anyhow::anyhow!(
|
|
|
|
|
"container config for {} has neither a valid image nor build source",
|
|
|
|
|
manifest.app.id
|
|
|
|
|
)
|
|
|
|
|
})?;
|
|
|
|
|
|
fix: parse_memory_limit accepts Ki/Mi/Gi IEC binary suffixes
The libpod HTTP API path (PodmanClient::create_container) ran manifest
memory_limit values like "128Mi" through parse_memory_limit which
lowercased+trim_end_matches("m"), leaving "128i" which parse::<f64>()
rejected. The resulting None became 0 via .unwrap_or(0), and podman
serialised that into the OCI config as memory.limit:0. At container
start time systemd then rejected MemoryMax=0 with "Value specified in
MemoryMax is out of range".
Silently wrong for every manifest in apps/ that uses Kubernetes-style
suffixes (all of them). Became visible on .228 when Step 9 first
exercised the ProdContainerOrchestrator path for bitcoin-ui and lnd-ui
installs \u2014 the old first-boot-containers.sh bash script used podman
run --memory 128m directly, which podman-the-CLI parses correctly, so
the bug never surfaced before.
Two parts:
- parse_memory_limit now recognises Ki/Mi/Gi/Ti (IEC binary, what k8s
and our manifests use), kB/MB/GB/TB (SI decimal), k/K/m/M/g/G/t/T
(docker shorthand, treated as IEC binary for backwards compat), and
bare byte integers. Filters out zero/negative results.
- create_container omits the memory/cpu fields entirely when the
manifest has no limit or parsing fails, rather than emitting 0. The
libpod API treats absent as unlimited; 0 is "set MemoryMax=0" which
systemd rightly rejects. Defence in depth against the next weird
suffix someone puts in a manifest.
Six regression tests in the new tests module cover IEC, SI, shorthand,
raw bytes, invalid input (empty/garbage/0/negative), and whitespace.
2026-04-23 03:44:23 -04:00
|
|
|
// Build resource_limits conditionally: if the manifest has no memory or
|
|
|
|
|
// cpu limit, OMIT the field entirely rather than sending 0. The podman
|
|
|
|
|
// libpod HTTP API treats `memory.limit: 0` as "set MemoryMax=0" which
|
|
|
|
|
// systemd then rejects at container-start time. Absent = unlimited.
|
|
|
|
|
let mut resource_limits = serde_json::Map::new();
|
|
|
|
|
if let Some(mem_bytes) = manifest
|
|
|
|
|
.app
|
|
|
|
|
.resources
|
|
|
|
|
.memory_limit
|
|
|
|
|
.as_ref()
|
|
|
|
|
.and_then(|m| parse_memory_limit(m))
|
|
|
|
|
{
|
|
|
|
|
resource_limits.insert(
|
|
|
|
|
"memory".to_string(),
|
|
|
|
|
serde_json::json!({ "limit": mem_bytes }),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
if let Some(cpu) = manifest.app.resources.cpu_limit {
|
|
|
|
|
resource_limits.insert(
|
|
|
|
|
"cpu".to_string(),
|
|
|
|
|
serde_json::json!({
|
|
|
|
|
"quota": (cpu as i64) * 100_000,
|
|
|
|
|
"period": 100_000u64,
|
|
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2026-05-01 08:52:29 -04:00
|
|
|
let (net_mode, custom_network) = podman_network_settings(
|
|
|
|
|
manifest.app.container.network.as_deref(),
|
|
|
|
|
manifest.app.security.network_policy.as_str(),
|
|
|
|
|
);
|
2026-04-28 15:00:58 -04:00
|
|
|
|
2026-05-01 08:52:29 -04:00
|
|
|
let mut body = serde_json::json!({
|
2026-03-20 10:13:49 +00:00
|
|
|
"name": name,
|
2026-04-22 17:46:36 -04:00
|
|
|
"image": image_ref,
|
2026-03-20 10:13:49 +00:00
|
|
|
"portmappings": port_mappings,
|
|
|
|
|
"mounts": mounts,
|
|
|
|
|
"env": env_map,
|
2026-04-28 15:00:58 -04:00
|
|
|
"entrypoint": manifest.app.container.entrypoint.clone(),
|
|
|
|
|
"command": manifest.app.container.custom_args.clone(),
|
2026-05-05 11:29:18 -04:00
|
|
|
"hostadd": [
|
|
|
|
|
"host.containers.internal:host-gateway",
|
|
|
|
|
"host.archipelago:10.89.0.1",
|
|
|
|
|
],
|
2026-03-20 10:13:49 +00:00
|
|
|
"devices": manifest.app.devices.iter().map(|d| {
|
|
|
|
|
serde_json::json!({"path": d})
|
|
|
|
|
}).collect::<Vec<_>>(),
|
fix: parse_memory_limit accepts Ki/Mi/Gi IEC binary suffixes
The libpod HTTP API path (PodmanClient::create_container) ran manifest
memory_limit values like "128Mi" through parse_memory_limit which
lowercased+trim_end_matches("m"), leaving "128i" which parse::<f64>()
rejected. The resulting None became 0 via .unwrap_or(0), and podman
serialised that into the OCI config as memory.limit:0. At container
start time systemd then rejected MemoryMax=0 with "Value specified in
MemoryMax is out of range".
Silently wrong for every manifest in apps/ that uses Kubernetes-style
suffixes (all of them). Became visible on .228 when Step 9 first
exercised the ProdContainerOrchestrator path for bitcoin-ui and lnd-ui
installs \u2014 the old first-boot-containers.sh bash script used podman
run --memory 128m directly, which podman-the-CLI parses correctly, so
the bug never surfaced before.
Two parts:
- parse_memory_limit now recognises Ki/Mi/Gi/Ti (IEC binary, what k8s
and our manifests use), kB/MB/GB/TB (SI decimal), k/K/m/M/g/G/t/T
(docker shorthand, treated as IEC binary for backwards compat), and
bare byte integers. Filters out zero/negative results.
- create_container omits the memory/cpu fields entirely when the
manifest has no limit or parsing fails, rather than emitting 0. The
libpod API treats absent as unlimited; 0 is "set MemoryMax=0" which
systemd rightly rejects. Defence in depth against the next weird
suffix someone puts in a manifest.
Six regression tests in the new tests module cover IEC, SI, shorthand,
raw bytes, invalid input (empty/garbage/0/negative), and whitespace.
2026-04-23 03:44:23 -04:00
|
|
|
"resource_limits": resource_limits,
|
2026-03-20 10:13:49 +00:00
|
|
|
"cap_add": cap_add,
|
|
|
|
|
"cap_drop": cap_drop,
|
|
|
|
|
"read_only_filesystem": manifest.app.security.readonly_root,
|
2026-06-11 00:24:32 -04:00
|
|
|
"no_new_privileges": manifest.app.security.no_new_privileges,
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
"restart_policy": "unless-stopped",
|
|
|
|
|
"restart_tries": 5,
|
2026-03-20 10:13:49 +00:00
|
|
|
"netns": {
|
2026-04-28 15:00:58 -04:00
|
|
|
"nsmode": net_mode
|
2026-03-20 10:13:49 +00:00
|
|
|
},
|
|
|
|
|
});
|
2026-05-01 08:52:29 -04:00
|
|
|
if let Some(network) = custom_network {
|
|
|
|
|
body.as_object_mut()
|
|
|
|
|
.expect("container create body is a JSON object")
|
2026-05-05 11:29:18 -04:00
|
|
|
.insert(
|
|
|
|
|
"networks".to_string(),
|
|
|
|
|
serde_json::json!({ network: { "aliases": [name] } }),
|
|
|
|
|
);
|
2026-05-01 08:52:29 -04:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
let result = self
|
|
|
|
|
.api_request("POST", "libpod/containers/create", Some(body), LONG_TIMEOUT)
|
|
|
|
|
.await?;
|
2026-03-20 10:13:49 +00:00
|
|
|
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
let id = result["Id"]
|
|
|
|
|
.as_str()
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
.filter(|s| !s.is_empty())
|
|
|
|
|
.map(|s| s.to_string())
|
|
|
|
|
.context("Podman API returned no container ID — creation may have failed")?;
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
Ok(id)
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
pub async fn start_container(&self, name: &str) -> Result<()> {
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
self.api_post_action(&format!("libpod/containers/{}/start", name))
|
|
|
|
|
.await
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
pub async fn stop_container(&self, name: &str) -> Result<()> {
|
2026-03-20 10:13:49 +00:00
|
|
|
self.api_request(
|
|
|
|
|
"POST",
|
|
|
|
|
&format!("libpod/containers/{}/stop?t=10", name),
|
|
|
|
|
None,
|
|
|
|
|
DEFAULT_TIMEOUT,
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
)
|
|
|
|
|
.await
|
|
|
|
|
.map(|_| ())
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
pub async fn restart_container(&self, name: &str) -> Result<()> {
|
|
|
|
|
self.api_request(
|
|
|
|
|
"POST",
|
|
|
|
|
&format!("libpod/containers/{}/restart?t=10", name),
|
|
|
|
|
None,
|
|
|
|
|
DEFAULT_TIMEOUT,
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
)
|
|
|
|
|
.await
|
|
|
|
|
.map(|_| ())
|
2026-03-20 10:13:49 +00:00
|
|
|
}
|
|
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
pub async fn remove_container(&self, name: &str) -> Result<()> {
|
2026-03-20 10:13:49 +00:00
|
|
|
self.api_request(
|
|
|
|
|
"DELETE",
|
|
|
|
|
&format!("libpod/containers/{}?force=true", name),
|
|
|
|
|
None,
|
|
|
|
|
DEFAULT_TIMEOUT,
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
)
|
|
|
|
|
.await
|
|
|
|
|
.map(|_| ())
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
pub async fn get_container_status(&self, name: &str) -> Result<ContainerStatus> {
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
let data = self
|
|
|
|
|
.api_request(
|
|
|
|
|
"GET",
|
|
|
|
|
&format!("libpod/containers/{}/json", name),
|
|
|
|
|
None,
|
|
|
|
|
DEFAULT_TIMEOUT,
|
|
|
|
|
)
|
|
|
|
|
.await?;
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
let state_str = data["State"]["Status"].as_str().unwrap_or("unknown");
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
let health = data["State"]["Health"]["Status"]
|
|
|
|
|
.as_str()
|
|
|
|
|
.map(|s| s.to_string());
|
2026-03-20 10:13:49 +00:00
|
|
|
let started_at = data["State"]["StartedAt"].as_str().map(|s| s.to_string());
|
|
|
|
|
let container_name = data["Name"].as_str().unwrap_or(name).to_string();
|
|
|
|
|
|
|
|
|
|
// Parse port bindings
|
|
|
|
|
let ports = parse_port_bindings(&data["HostConfig"]["PortBindings"]);
|
|
|
|
|
let lan_address = Self::lan_address_for(&container_name);
|
|
|
|
|
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
let exit_code = data["State"]["ExitCode"].as_i64().map(|c| c as i32);
|
|
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
Ok(ContainerStatus {
|
2026-03-20 10:13:49 +00:00
|
|
|
id: data["Id"].as_str().unwrap_or("").to_string(),
|
|
|
|
|
name: container_name,
|
|
|
|
|
state: ContainerState::from(state_str),
|
|
|
|
|
health,
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
exit_code,
|
2026-03-20 10:13:49 +00:00
|
|
|
started_at,
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
image: data["ImageName"]
|
|
|
|
|
.as_str()
|
2026-03-20 10:13:49 +00:00
|
|
|
.or_else(|| data["Config"]["Image"].as_str())
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
.unwrap_or("")
|
|
|
|
|
.to_string(),
|
2026-03-20 10:13:49 +00:00
|
|
|
created: data["Created"].as_str().unwrap_or("").to_string(),
|
|
|
|
|
ports,
|
|
|
|
|
lan_address,
|
2026-01-24 22:01:51 +00:00
|
|
|
})
|
|
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
pub async fn get_container_logs(&self, name: &str, lines: u32) -> Result<Vec<String>> {
|
2026-03-20 10:13:49 +00:00
|
|
|
// Logs endpoint returns raw text, not JSON — use CLI for this
|
|
|
|
|
let mut cmd = tokio::process::Command::new("podman");
|
2026-01-24 22:01:51 +00:00
|
|
|
cmd.arg("logs")
|
|
|
|
|
.arg("--tail")
|
|
|
|
|
.arg(lines.to_string())
|
|
|
|
|
.arg(name);
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
let output = tokio::time::timeout(DEFAULT_TIMEOUT, cmd.output())
|
2026-01-24 22:01:51 +00:00
|
|
|
.await
|
2026-03-20 10:13:49 +00:00
|
|
|
.map_err(|_| anyhow::anyhow!("Container logs timed out"))?
|
2026-01-24 22:01:51 +00:00
|
|
|
.context("Failed to get container logs")?;
|
2026-03-20 10:13:49 +00:00
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
if !output.status.success() {
|
|
|
|
|
let stderr = String::from_utf8_lossy(&output.stderr);
|
|
|
|
|
return Err(anyhow::anyhow!("Failed to get logs: {}", stderr));
|
|
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
|
|
|
|
// Podman logs go to both stdout and stderr
|
|
|
|
|
let mut all_output = String::from_utf8_lossy(&output.stdout).to_string();
|
|
|
|
|
let stderr = String::from_utf8_lossy(&output.stderr);
|
|
|
|
|
if !stderr.is_empty() {
|
|
|
|
|
all_output.push_str(&stderr);
|
|
|
|
|
}
|
|
|
|
|
Ok(all_output.lines().map(|s| s.to_string()).collect())
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
|
2026-01-24 22:01:51 +00:00
|
|
|
pub async fn list_containers(&self) -> Result<Vec<ContainerStatus>> {
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
let data = self
|
|
|
|
|
.api_request(
|
|
|
|
|
"GET",
|
|
|
|
|
"libpod/containers/json?all=true",
|
|
|
|
|
None,
|
|
|
|
|
DEFAULT_TIMEOUT,
|
|
|
|
|
)
|
|
|
|
|
.await?;
|
|
|
|
|
|
|
|
|
|
let containers = data
|
|
|
|
|
.as_array()
|
2026-03-20 10:13:49 +00:00
|
|
|
.ok_or_else(|| anyhow::anyhow!("Expected array from containers/json"))?;
|
|
|
|
|
|
|
|
|
|
let mut result = Vec::with_capacity(containers.len());
|
|
|
|
|
|
|
|
|
|
for c in containers {
|
|
|
|
|
let name = if let Some(names) = c["Names"].as_array() {
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
names
|
|
|
|
|
.first()
|
|
|
|
|
.and_then(|v| v.as_str())
|
|
|
|
|
.unwrap_or("")
|
|
|
|
|
.to_string()
|
2026-03-20 10:13:49 +00:00
|
|
|
} else {
|
|
|
|
|
c["Names"].as_str().unwrap_or("").to_string()
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let ports = if let Some(ports_array) = c["Ports"].as_array() {
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
ports_array
|
|
|
|
|
.iter()
|
|
|
|
|
.filter_map(|port| {
|
|
|
|
|
let host_port = port["host_port"].as_u64()?;
|
|
|
|
|
let container_port = port["container_port"].as_u64()?;
|
|
|
|
|
let protocol = port["protocol"].as_str().unwrap_or("tcp");
|
|
|
|
|
Some(format!(
|
|
|
|
|
"0.0.0.0:{}->{}/{}",
|
|
|
|
|
host_port, container_port, protocol
|
|
|
|
|
))
|
|
|
|
|
})
|
|
|
|
|
.collect()
|
2026-03-20 10:13:49 +00:00
|
|
|
} else {
|
|
|
|
|
vec![]
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let status_str = c["Status"].as_str().unwrap_or("");
|
|
|
|
|
let health = parse_health_from_status(status_str)
|
|
|
|
|
.or_else(|| c["Health"].as_str().map(|s| s.to_string()));
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
let started_at = c["StartedAt"]
|
|
|
|
|
.as_str()
|
2026-03-20 10:13:49 +00:00
|
|
|
.or_else(|| c["Started"].as_str())
|
|
|
|
|
.map(|s| s.to_string());
|
|
|
|
|
let lan_address = Self::lan_address_for(&name);
|
|
|
|
|
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
let exit_code = c["ExitCode"]
|
|
|
|
|
.as_i64()
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
.or_else(|| c["State"]["ExitCode"].as_i64())
|
|
|
|
|
.map(|c| c as i32);
|
|
|
|
|
|
2026-03-20 10:13:49 +00:00
|
|
|
result.push(ContainerStatus {
|
|
|
|
|
id: c["Id"].as_str().unwrap_or("").to_string(),
|
|
|
|
|
name,
|
|
|
|
|
state: ContainerState::from(c["State"].as_str().unwrap_or("unknown")),
|
|
|
|
|
health,
|
fix: overhaul container lifecycle — recovery, health, uninstall, UI state
Container recovery:
- Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s
- Dependency-aware restarts: won't restart services before their deps
- Reset dependent counters when a dependency recovers
- Handle "created" state containers (were invisible to health monitor)
- Added IndeedHub, mempool-api, mysql to tier system
- Crash recovery: podman start timeout 30s→120s with retry
- Podman client: socket timeout 5s→30s, added restart policy
UI state representation:
- Exit code 0 shows "stopped" (gray), not "crashed" (red)
- Exit code 137 shows "killed (OOM)"
- Non-zero exit shows "crashed" (red)
- Added exit_code field to PackageDataEntry
Install/uninstall fixes:
- Install returns error when container doesn't start (was silent success)
- Post-install hooks awaited instead of fire-and-forget tokio::spawn
- Uninstall: graceful rm before force, volume prune, network cleanup
- Uninstall returns error on partial failure (was 200 OK)
Config consistency:
- DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded)
- Bitcoin: added ZMQ ports 28332/28333 for LND block notifications
- IndeedHub port 7777→8190 (was conflicting with strfry)
- Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0
Performance:
- Metrics collector interval 60s→300s (was duplicating health monitor)
- Podman client: proper error propagation instead of unwrap_or_default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 07:03:57 +01:00
|
|
|
exit_code,
|
2026-03-20 10:13:49 +00:00
|
|
|
started_at,
|
|
|
|
|
image: c["Image"].as_str().unwrap_or("").to_string(),
|
|
|
|
|
created: c["Created"].as_str().unwrap_or("").to_string(),
|
|
|
|
|
ports,
|
|
|
|
|
lan_address,
|
|
|
|
|
});
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-16 12:58:35 +00:00
|
|
|
|
2026-03-20 10:13:49 +00:00
|
|
|
Ok(result)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Check if the Podman socket is available and responding.
|
|
|
|
|
pub async fn health_check(&self) -> bool {
|
chore(ci): rustfmt + clippy clean-up to unblock the Rust CI job
The .github/workflows/ci.yml Rust job runs cargo fmt --check, clippy
with -D warnings, and tests. All three were failing. This commit:
- Applies rustfmt across the tree (the bulk of the diff — untouched
since the last toolchain bump, so a wide sweep was unavoidable).
- Fixes the correctness-level clippy errors:
container/bitcoin_simulator.rs wildcard-in-or-pattern
container/manifest.rs from_str rename to parse (reserved name)
container/podman_client.rs .get(0) -> .first()
container/runtime.rs manual += collapse
archipelago/src/constants.rs doc-comment → module-doc
api/rpc/package/install.rs stray /// comment above a non-item
container/docker_packages.rs redundant field init
streaming/advertisement.rs missing Metric import in tests
tests/orchestration_tests.rs `vec!` in non-Vec contexts
mesh/listener/dispatch.rs unused store_plain_message import
api/rpc/tor/mod.rs and mesh/steganography.rs: push-after-new → vec!
- Quiets wide legacy surfaces with crate-level allows in main.rs for
stylistic lints (too_many_arguments, type_complexity, doc indent,
enum variant prefix, wildcard-in-or, assertions-on-constants,
drop_non_drop, unused_io_amount, ptr_arg) — these fired in dozens
of places with no correctness payoff and have been churning every
toolchain bump.
- Tags intentional-dead-code helpers: wallet/ and streaming/ modules
are WIP, mesh::send_chunked_payload and DM_V1_MARKER are kept for
rollback compatibility, vpn::get_nostr_vpn_status is surface-area
for a not-yet-landed RPC.
cargo fmt --check, cargo clippy --all-targets --all-features
-- -D warnings, and cargo test --all-features now all pass locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 17:23:46 -04:00
|
|
|
self.api_request(
|
|
|
|
|
"GET",
|
|
|
|
|
"libpod/info",
|
|
|
|
|
None,
|
|
|
|
|
std::time::Duration::from_secs(5),
|
|
|
|
|
)
|
|
|
|
|
.await
|
|
|
|
|
.is_ok()
|
2026-03-20 10:13:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-05-01 08:59:11 -04:00
|
|
|
/// Registries we ship with as `--tls-verify=false` because they're internal
|
|
|
|
|
/// HTTP mirrors. Add a host:port here only if it's a controlled mirror that
|
|
|
|
|
/// the fleet trusts and operators won't ever paste a malicious URL into.
|
|
|
|
|
const INSECURE_REGISTRY_HOSTS: &[&str] = &["146.59.87.168:3000"];
|
|
|
|
|
|
2026-05-01 08:52:29 -04:00
|
|
|
pub fn image_uses_insecure_registry(image: &str) -> bool {
|
2026-05-01 08:59:11 -04:00
|
|
|
image
|
|
|
|
|
.split('/')
|
|
|
|
|
.next()
|
|
|
|
|
.is_some_and(|host| INSECURE_REGISTRY_HOSTS.contains(&host))
|
2026-05-01 08:52:29 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn podman_network_settings(
|
|
|
|
|
network: Option<&str>,
|
|
|
|
|
network_policy: &str,
|
|
|
|
|
) -> (&'static str, Option<String>) {
|
|
|
|
|
match network {
|
|
|
|
|
Some("") => ("bridge", None),
|
|
|
|
|
Some("host") => ("host", None),
|
|
|
|
|
Some("bridge") => ("bridge", None),
|
|
|
|
|
Some("none") => ("none", None),
|
|
|
|
|
Some("slirp4netns") => ("slirp4netns", None),
|
2026-06-11 00:24:32 -04:00
|
|
|
Some("pasta") => ("pasta", None),
|
2026-05-01 08:52:29 -04:00
|
|
|
Some("private") => ("private", None),
|
|
|
|
|
Some(custom) => ("bridge", Some(custom.to_string())),
|
|
|
|
|
None if network_policy == "host" => ("host", None),
|
|
|
|
|
None => ("bridge", None),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-20 10:13:49 +00:00
|
|
|
// ─── Helpers ─────────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
fn parse_port_bindings(bindings: &serde_json::Value) -> Vec<String> {
|
|
|
|
|
let mut ports = Vec::new();
|
|
|
|
|
if let Some(obj) = bindings.as_object() {
|
|
|
|
|
for (container_port, host_bindings) in obj {
|
|
|
|
|
if let Some(arr) = host_bindings.as_array() {
|
|
|
|
|
for binding in arr {
|
|
|
|
|
let host_ip = binding["HostIp"].as_str().unwrap_or("0.0.0.0");
|
|
|
|
|
let host_port = binding["HostPort"].as_str().unwrap_or("");
|
|
|
|
|
if !host_port.is_empty() {
|
|
|
|
|
ports.push(format!("{}:{}->{}", host_ip, host_port, container_port));
|
|
|
|
|
}
|
2026-02-01 13:24:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
2026-03-20 10:13:49 +00:00
|
|
|
}
|
|
|
|
|
ports
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-11 00:33:24 -04:00
|
|
|
fn manifest_lan_address_for(container_name: &str) -> Option<String> {
|
|
|
|
|
for apps_dir in manifest_apps_dirs() {
|
|
|
|
|
let Ok(entries) = std::fs::read_dir(apps_dir) else {
|
|
|
|
|
continue;
|
|
|
|
|
};
|
|
|
|
|
for entry in entries.flatten() {
|
|
|
|
|
let path = entry.path().join("manifest.yml");
|
|
|
|
|
let Ok(contents) = std::fs::read_to_string(&path) else {
|
|
|
|
|
continue;
|
|
|
|
|
};
|
|
|
|
|
let Ok(manifest) = AppManifest::parse(&contents) else {
|
|
|
|
|
continue;
|
|
|
|
|
};
|
|
|
|
|
if manifest_runtime_names(&manifest)
|
|
|
|
|
.iter()
|
|
|
|
|
.any(|name| name == container_name)
|
|
|
|
|
{
|
|
|
|
|
if let Some(url) = manifest_primary_interface_url(&manifest) {
|
|
|
|
|
return Some(url);
|
|
|
|
|
}
|
|
|
|
|
if manifest_has_http_health(&manifest) {
|
|
|
|
|
if let Some(port) = manifest
|
|
|
|
|
.app
|
|
|
|
|
.ports
|
|
|
|
|
.iter()
|
|
|
|
|
.find(|port| port.protocol.eq_ignore_ascii_case("tcp"))
|
|
|
|
|
.map(|port| port.host)
|
|
|
|
|
{
|
|
|
|
|
return Some(format!("http://localhost:{port}"));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
None
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn manifest_primary_interface_url(manifest: &AppManifest) -> Option<String> {
|
2026-06-11 00:52:16 -04:00
|
|
|
let main = manifest.app.interfaces.get("main")?;
|
|
|
|
|
if main.interface_type != "ui" {
|
|
|
|
|
return None;
|
|
|
|
|
}
|
|
|
|
|
Some(format!(
|
|
|
|
|
"{}://localhost:{}{}",
|
|
|
|
|
main.protocol, main.port, main.path
|
|
|
|
|
))
|
2026-06-11 00:33:24 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn manifest_has_http_health(manifest: &AppManifest) -> bool {
|
|
|
|
|
manifest
|
|
|
|
|
.app
|
|
|
|
|
.health_check
|
|
|
|
|
.as_ref()
|
|
|
|
|
.is_some_and(|health| health.check_type.eq_ignore_ascii_case("http"))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn manifest_runtime_names(manifest: &AppManifest) -> Vec<String> {
|
|
|
|
|
let mut names = vec![manifest_container_name(manifest)];
|
|
|
|
|
match manifest.app.id.as_str() {
|
|
|
|
|
"bitcoin-ui" | "electrs-ui" | "lnd-ui" => names.push(manifest.app.id.clone()),
|
|
|
|
|
"fedimint" => names.push("fedimintd".to_string()),
|
|
|
|
|
"immich" => names.push("immich_server".to_string()),
|
|
|
|
|
_ => {}
|
|
|
|
|
}
|
|
|
|
|
names
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn manifest_container_name(manifest: &AppManifest) -> String {
|
|
|
|
|
if let Some(v) = manifest.app.extensions.get("container_name") {
|
|
|
|
|
if let Some(s) = v.as_str() {
|
|
|
|
|
if !s.is_empty() {
|
|
|
|
|
return s.to_string();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
match manifest.app.id.as_str() {
|
|
|
|
|
"bitcoin-ui" | "electrs-ui" | "lnd-ui" => format!("archy-{}", manifest.app.id),
|
|
|
|
|
id => id.to_string(),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn manifest_apps_dirs() -> Vec<PathBuf> {
|
|
|
|
|
let mut dirs = Vec::new();
|
|
|
|
|
if let Ok(manifest_dir) = std::env::var("CARGO_MANIFEST_DIR") {
|
|
|
|
|
dirs.push(Path::new(&manifest_dir).join("../../apps"));
|
|
|
|
|
}
|
|
|
|
|
dirs.extend([
|
|
|
|
|
Path::new("apps").to_path_buf(),
|
|
|
|
|
Path::new("/opt/archipelago/apps").to_path_buf(),
|
|
|
|
|
Path::new("/opt/archipelago/web-ui/archipelago-runtime/apps").to_path_buf(),
|
|
|
|
|
]);
|
|
|
|
|
dirs
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-20 10:13:49 +00:00
|
|
|
fn parse_memory_limit(limit: &str) -> Option<i64> {
|
fix: parse_memory_limit accepts Ki/Mi/Gi IEC binary suffixes
The libpod HTTP API path (PodmanClient::create_container) ran manifest
memory_limit values like "128Mi" through parse_memory_limit which
lowercased+trim_end_matches("m"), leaving "128i" which parse::<f64>()
rejected. The resulting None became 0 via .unwrap_or(0), and podman
serialised that into the OCI config as memory.limit:0. At container
start time systemd then rejected MemoryMax=0 with "Value specified in
MemoryMax is out of range".
Silently wrong for every manifest in apps/ that uses Kubernetes-style
suffixes (all of them). Became visible on .228 when Step 9 first
exercised the ProdContainerOrchestrator path for bitcoin-ui and lnd-ui
installs \u2014 the old first-boot-containers.sh bash script used podman
run --memory 128m directly, which podman-the-CLI parses correctly, so
the bug never surfaced before.
Two parts:
- parse_memory_limit now recognises Ki/Mi/Gi/Ti (IEC binary, what k8s
and our manifests use), kB/MB/GB/TB (SI decimal), k/K/m/M/g/G/t/T
(docker shorthand, treated as IEC binary for backwards compat), and
bare byte integers. Filters out zero/negative results.
- create_container omits the memory/cpu fields entirely when the
manifest has no limit or parsing fails, rather than emitting 0. The
libpod API treats absent as unlimited; 0 is "set MemoryMax=0" which
systemd rightly rejects. Defence in depth against the next weird
suffix someone puts in a manifest.
Six regression tests in the new tests module cover IEC, SI, shorthand,
raw bytes, invalid input (empty/garbage/0/negative), and whitespace.
2026-04-23 03:44:23 -04:00
|
|
|
// Supports the Kubernetes-style suffixes used throughout apps/*/manifest.yml
|
|
|
|
|
// (IEC binary: Ki/Mi/Gi/Ti) as well as the shorter docker-style k/m/g/t.
|
|
|
|
|
// Longest suffix matched first so "Mi" isn't mis-matched as "m".
|
|
|
|
|
//
|
|
|
|
|
// Historical bug: we used to lowercase+trim_end_matches('m'), which turned
|
|
|
|
|
// "128Mi" into "128i" → parse::<f64> failed → None → .unwrap_or(0) wrote
|
|
|
|
|
// memory.limit:0 into the OCI spec, which systemd then rejected at start
|
|
|
|
|
// time with "MemoryMax is out of range" on rootless podman. See
|
|
|
|
|
// docs/rust-orchestrator-migration.md Step 9 notes.
|
|
|
|
|
let trimmed = limit.trim();
|
|
|
|
|
if trimmed.is_empty() {
|
|
|
|
|
return None;
|
|
|
|
|
}
|
|
|
|
|
const UNITS: &[(&str, i64)] = &[
|
|
|
|
|
("Ki", 1024),
|
|
|
|
|
("Mi", 1024 * 1024),
|
|
|
|
|
("Gi", 1024 * 1024 * 1024),
|
|
|
|
|
("Ti", 1024i64 * 1024 * 1024 * 1024),
|
|
|
|
|
("kB", 1000),
|
|
|
|
|
("MB", 1_000_000),
|
|
|
|
|
("GB", 1_000_000_000),
|
|
|
|
|
("TB", 1_000_000_000_000),
|
|
|
|
|
("k", 1024),
|
|
|
|
|
("K", 1024),
|
|
|
|
|
("m", 1024 * 1024),
|
|
|
|
|
("M", 1024 * 1024),
|
|
|
|
|
("g", 1024 * 1024 * 1024),
|
|
|
|
|
("G", 1024 * 1024 * 1024),
|
|
|
|
|
("t", 1024i64 * 1024 * 1024 * 1024),
|
|
|
|
|
("T", 1024i64 * 1024 * 1024 * 1024),
|
|
|
|
|
("b", 1),
|
|
|
|
|
("B", 1),
|
|
|
|
|
];
|
|
|
|
|
for (suffix, multiplier) in UNITS {
|
|
|
|
|
if let Some(num) = trimmed.strip_suffix(suffix) {
|
|
|
|
|
let num = num.trim();
|
|
|
|
|
return num
|
|
|
|
|
.parse::<f64>()
|
|
|
|
|
.ok()
|
|
|
|
|
.map(|v| (v * (*multiplier as f64)) as i64)
|
|
|
|
|
.filter(|n| *n > 0);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// No recognised suffix — treat as raw bytes.
|
|
|
|
|
trimmed.parse::<i64>().ok().filter(|n| *n > 0)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
mod tests {
|
|
|
|
|
use super::*;
|
|
|
|
|
|
2026-05-01 08:52:29 -04:00
|
|
|
#[test]
|
|
|
|
|
fn insecure_registry_detection_matches_http_mirrors_only() {
|
|
|
|
|
assert!(image_uses_insecure_registry(
|
|
|
|
|
"146.59.87.168:3000/lfg2025/bitcoin-knots:latest"
|
|
|
|
|
));
|
2026-05-01 08:59:11 -04:00
|
|
|
// The legacy Hetzner mirror at 23.182.128.160 was decommissioned and
|
|
|
|
|
// is no longer trusted — it must NOT bypass TLS even if a stale
|
|
|
|
|
// registry config still references it.
|
|
|
|
|
assert!(!image_uses_insecure_registry(
|
2026-05-01 08:52:29 -04:00
|
|
|
"23.182.128.160:3000/lfg2025/filebrowser:v2.27.0"
|
|
|
|
|
));
|
|
|
|
|
assert!(!image_uses_insecure_registry(
|
|
|
|
|
"git.tx1138.com/lfg2025/bitcoin-knots:latest"
|
|
|
|
|
));
|
|
|
|
|
assert!(!image_uses_insecure_registry(
|
|
|
|
|
"docker.io/library/nginx:latest"
|
|
|
|
|
));
|
2026-05-01 08:59:11 -04:00
|
|
|
// Spoofing immune: an attacker host that prefixes the trusted IP
|
|
|
|
|
// string into its own URL still has the attacker host in the
|
|
|
|
|
// registry-host slot, so it does NOT match.
|
|
|
|
|
assert!(!image_uses_insecure_registry(
|
|
|
|
|
"evil.example:80/146.59.87.168:3000/lfg2025/x:latest"
|
|
|
|
|
));
|
2026-05-01 08:52:29 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn podman_network_settings_uses_networks_map_for_custom_networks() {
|
|
|
|
|
assert_eq!(
|
|
|
|
|
podman_network_settings(Some("archy-net"), "isolated"),
|
|
|
|
|
("bridge", Some("archy-net".to_string()))
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
podman_network_settings(Some("host"), "isolated"),
|
|
|
|
|
("host", None)
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
podman_network_settings(Some(""), "isolated"),
|
|
|
|
|
("bridge", None)
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(podman_network_settings(None, "host"), ("host", None));
|
|
|
|
|
assert_eq!(podman_network_settings(None, "isolated"), ("bridge", None));
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-11 00:33:24 -04:00
|
|
|
#[test]
|
|
|
|
|
fn lan_address_uses_manifest_http_port_for_regular_apps() {
|
|
|
|
|
assert_eq!(
|
|
|
|
|
PodmanClient::lan_address_for("filebrowser").as_deref(),
|
|
|
|
|
Some("http://localhost:8083")
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn lan_address_prefers_manifest_main_interface() {
|
|
|
|
|
assert_eq!(
|
|
|
|
|
PodmanClient::lan_address_for("fedimint").as_deref(),
|
|
|
|
|
Some("http://localhost:8175/")
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn lan_address_does_not_expose_tcp_only_service_ports() {
|
|
|
|
|
assert_eq!(
|
|
|
|
|
PodmanClient::lan_address_for("bitcoin-knots").as_deref(),
|
|
|
|
|
Some("http://localhost:8334")
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
fix: parse_memory_limit accepts Ki/Mi/Gi IEC binary suffixes
The libpod HTTP API path (PodmanClient::create_container) ran manifest
memory_limit values like "128Mi" through parse_memory_limit which
lowercased+trim_end_matches("m"), leaving "128i" which parse::<f64>()
rejected. The resulting None became 0 via .unwrap_or(0), and podman
serialised that into the OCI config as memory.limit:0. At container
start time systemd then rejected MemoryMax=0 with "Value specified in
MemoryMax is out of range".
Silently wrong for every manifest in apps/ that uses Kubernetes-style
suffixes (all of them). Became visible on .228 when Step 9 first
exercised the ProdContainerOrchestrator path for bitcoin-ui and lnd-ui
installs \u2014 the old first-boot-containers.sh bash script used podman
run --memory 128m directly, which podman-the-CLI parses correctly, so
the bug never surfaced before.
Two parts:
- parse_memory_limit now recognises Ki/Mi/Gi/Ti (IEC binary, what k8s
and our manifests use), kB/MB/GB/TB (SI decimal), k/K/m/M/g/G/t/T
(docker shorthand, treated as IEC binary for backwards compat), and
bare byte integers. Filters out zero/negative results.
- create_container omits the memory/cpu fields entirely when the
manifest has no limit or parsing fails, rather than emitting 0. The
libpod API treats absent as unlimited; 0 is "set MemoryMax=0" which
systemd rightly rejects. Defence in depth against the next weird
suffix someone puts in a manifest.
Six regression tests in the new tests module cover IEC, SI, shorthand,
raw bytes, invalid input (empty/garbage/0/negative), and whitespace.
2026-04-23 03:44:23 -04:00
|
|
|
#[test]
|
|
|
|
|
fn parse_memory_limit_iec_binary_suffixes() {
|
|
|
|
|
// Kubernetes-style — this is what apps/*/manifest.yml uses.
|
|
|
|
|
assert_eq!(parse_memory_limit("128Mi"), Some(128 * 1024 * 1024));
|
|
|
|
|
assert_eq!(parse_memory_limit("64Mi"), Some(64 * 1024 * 1024));
|
|
|
|
|
assert_eq!(parse_memory_limit("4Gi"), Some(4i64 * 1024 * 1024 * 1024));
|
|
|
|
|
assert_eq!(parse_memory_limit("512Ki"), Some(512 * 1024));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn parse_memory_limit_shorthand_suffixes() {
|
|
|
|
|
// Docker-style shorthand — treated as IEC binary for backwards compat.
|
|
|
|
|
assert_eq!(parse_memory_limit("128m"), Some(128 * 1024 * 1024));
|
|
|
|
|
assert_eq!(parse_memory_limit("128M"), Some(128 * 1024 * 1024));
|
|
|
|
|
assert_eq!(parse_memory_limit("2g"), Some(2i64 * 1024 * 1024 * 1024));
|
|
|
|
|
assert_eq!(parse_memory_limit("2G"), Some(2i64 * 1024 * 1024 * 1024));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn parse_memory_limit_si_decimal_suffixes() {
|
|
|
|
|
assert_eq!(parse_memory_limit("1MB"), Some(1_000_000));
|
|
|
|
|
assert_eq!(parse_memory_limit("1GB"), Some(1_000_000_000));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn parse_memory_limit_raw_bytes() {
|
|
|
|
|
assert_eq!(parse_memory_limit("134217728"), Some(134_217_728));
|
|
|
|
|
assert_eq!(parse_memory_limit(" 134217728 "), Some(134_217_728));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn parse_memory_limit_invalid_returns_none() {
|
|
|
|
|
// Regression guard: the old implementation returned Some(0) for "128Mi"
|
|
|
|
|
// because lowercase+trim_end_matches('m') left "128i" which parse::<f64>
|
|
|
|
|
// rejected. The new implementation must never return Some(0) or Some of
|
|
|
|
|
// a negative number from any input.
|
|
|
|
|
assert_eq!(parse_memory_limit(""), None);
|
|
|
|
|
assert_eq!(parse_memory_limit(" "), None);
|
|
|
|
|
assert_eq!(parse_memory_limit("abc"), None);
|
|
|
|
|
assert_eq!(parse_memory_limit("0"), None);
|
|
|
|
|
assert_eq!(parse_memory_limit("0Mi"), None);
|
|
|
|
|
assert_eq!(parse_memory_limit("-1Mi"), None);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn parse_memory_limit_tolerates_whitespace_and_fractional() {
|
|
|
|
|
assert_eq!(
|
|
|
|
|
parse_memory_limit(" 1.5Gi "),
|
|
|
|
|
Some((1.5 * (1024.0 * 1024.0 * 1024.0)) as i64)
|
|
|
|
|
);
|
2026-01-24 22:01:51 +00:00
|
|
|
}
|
|
|
|
|
}
|