archy/docs/INSTALL-SCREENS-DESIGN.md

118 lines
3.2 KiB
Markdown
Raw Normal View History

release(v1.7.41-alpha): post-OTA auto-rollback so a bad release cannot strand the fleet Closes failure mode FM5 from docs/bulletproof-containers.md: the v1.7.38 + v1.7.39 rollouts left every affected node on an unreachable UI (nginx 500) with no recovery path short of SSH. This release adds a self-check guardrail to the update flow. What changed: - apply_update() writes a pending-verify marker with old+new version and a 150s deadline immediately before scheduling the service restart. - verify_pending_update() runs from main.rs startup. If the marker is present and within its freshness window, the new binary waits 15s for nginx + backend to settle, then probes https://127.0.0.1/ every 5s for up to 90s (self-signed certs accepted). - On any probe success within the window, the marker is cleared and nothing else happens. - On window-exhaust, the new binary: 1. Moves the broken /opt/archipelago/web-ui to web-ui.failed.<ts> (quarantined, not deleted, so we can post-mortem). 2. Restores web-ui.bak on top of web-ui. 3. Calls rollback_update() to restore the previous binary. 4. Updates state.current_version to reflect the rollback. 5. systemctl --no-block restart archipelago so the OLD binary boots. - Markers older than 10 minutes are treated as stale and cleared without probing, so a crashed-during-startup marker from weeks ago cannot spontaneously roll back a healthy node on a later reboot. - rollback_update() binary copy now goes through host_sudo instead of tokio::fs::copy, so it escapes the service's ProtectSystem=strict mount namespace. Without this, the rollback silently failed with EROFS on /usr/local/bin and orphaned the rollback - the exact opposite of what auto-rollback is for. Tests: 4 new unit tests in update::tests covering marker round-trip, absent-marker noop, no-panic on verify_pending_update with nothing to verify, and an invariant assert that the 90s probe window stays below the 600s stale threshold. All passing. Side fix: scripts/create-release-manifest.sh was dying with exit 141 (SIGPIPE from tar tvzf pipe head pipe awk) under set -euo pipefail. Replaced with a single awk NR==1 that doesn't short-circuit the upstream pipe, so the release-build flow is idempotent again.
2026-04-22 16:14:35 -04:00
# Archipelago Installer — Screen Designs
Edit these screens to match your vision. I'll implement exactly what you specify.
Each screen is what the user sees at that moment on the console (80 columns wide).
Constraints: bash TUI only (no ncurses). ANSI colors available:
- `\033[1;37m` = bold white, `\033[1;33m` = bold yellow/orange
- `\033[32m` = green, `\033[31m` = red, `\033[37m` = dim gray
- `\033[0m` = reset. Box-drawing chars: ━ ─ │ ╭ ╮ ╰ ╯ ╔ ╗ ╚ ╝ █ ▓ ░ ▌▐
- Spinners possible: ⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏ or ◐◓◑◒ or |/-\
---
## Screen 1: Welcome / Press Enter
```
(clear screen, centered)
a r c h i p e l a g o
━━━━━━━━━━━━━━━━━━━━━
automatic installer
Press Enter to install | Ctrl+C for shell
```
---
## Screen 2: Detecting Disk
```
a r c h i p e l a g o
━━━━━━━━━━━━━━━━━━━━━
[1/7] Checking tools .............. ✓
[2/7] Detecting disks
Found: /dev/sda (465.8G) — TOSHIBA MQ01ACF0
──────────────────────────────────────────
⚠ All data on /dev/sda will be erased.
Press Enter to install | Ctrl+C to cancel
```
---
## Screen 3: Installing (progress)
```
a r c h i p e l a g o
━━━━━━━━━━━━━━━━━━━━━
[1/7] Checking tools .............. ✓
[2/7] Detecting disks ............. ✓
[3/7] Creating partitions ......... ✓
[4/7] Formatting .................. ✓
[5/7] Installing system ........... ✓
[6/7] Encrypting data partition ◐
AES-256-XTS (AES-NI detected)
──────────────────────────────────────────
```
---
## Screen 4: Bootloader
```
a r c h i p e l a g o
━━━━━━━━━━━━━━━━━━━━━
[1/7] Checking tools .............. ✓
[2/7] Detecting disks ............. ✓
[3/7] Creating partitions ......... ✓
[4/7] Formatting .................. ✓
[5/7] Installing system ........... ✓
[6/7] Encrypting data ............. ✓
[7/7] Installing bootloader ....... ✓
──────────────────────────────────────────
```
---
## Screen 5: Complete
```
a r c h i p e l a g o
━━━━━━━━━━━━━━━━━━━━━
Installation Complete
After reboot, open the Web UI from any device:
http://192.168.1.198
SSH: ssh archipelago@192.168.1.198
Password: archipelago
Web Login: password123
──────────────────────────────────────────
>>> REMOVE THE USB DRIVE NOW <<<
Press Enter to reboot
```
---
## Notes for Dorian
- Edit any screen above to match what you want to see
- Add/remove steps, change wording, change layout
- Specify colors per line if you want (e.g. "this line in yellow")
- I can add a spinner animation on the active step
- Box-drawing, progress bars, anything bash can render is fair game
- Once you're happy with the designs I'll implement them exactly