docs(master-plan): WS-F — uninstall-hang root cause fixed + cascade validated

Workstream F now in-progress: the immich/grafana uninstall hang → ghost/stuck-bar/reinstall-block is root-caused (unbounded systemctl/ podman in quadlet::disable_remove) and fixed (71cc9ac4); cascade- uninstall.bats 7/7 on .228. Records the remaining F items + the pending gate-wiring decision. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-26 05:18:39 -04:00 · 2026-06-26 05:18:39 -04:00 · 292a2650df
commit 292a2650df
parent 71cc9ac46a
3 changed files with 18 additions and 75 deletions
--- a/apps/meshtastic/Dockerfile
+++ b/apps/meshtastic/Dockerfile
@ -1,5 +0,0 @@
 # Meshtastic - uses official image
 FROM meshtastic/meshtastic:latest
 # Default configuration is in the image
 # No additional setup needed
--- a/apps/meshtastic/manifest.yml
+++ b/apps/meshtastic/manifest.yml
@ -1,69 +0,0 @@
 app:
  id: meshtastic
  name: Meshtastic
  version: 2-daily-alpine
  description: Open-source mesh networking for LoRa radios. Create decentralized communication networks.
  container:
    image: docker.io/meshtastic/meshtasticd:daily-alpine
    pull_policy: if-not-present
  dependencies:
    - storage: 1Gi
  resources:
    cpu_limit: 1
    memory_limit: 512Mi
    disk_limit: 1Gi
  security:
    capabilities: [NET_ADMIN, SYS_ADMIN]  # Required for LoRa radio access
    readonly_root: false  # Needs write access for device management
    no_new_privileges: true
    user: 1000
    seccomp_profile: default
    network_policy: host  # Requires host network for radio access
    apparmor_profile: meshtastic
  ports:
    - host: 4403
      container: 4403
      protocol: tcp  # Meshtastic TCP API
  devices:
    - /dev/ttyUSB0  # LoRa radio device (if connected)
  volumes:
    - type: bind
      source: /var/lib/archipelago/meshtastic
      target: /var/lib/meshtasticd
      options: [rw]
  files:
    - path: /var/lib/archipelago/meshtastic/config.yaml
      content: |
        General:
          MACAddress: AA:BB:CC:DD:EE:01
        Webserver:
          Port: 4403
  environment:
    - MESHTASTIC_PORT=/dev/ttyUSB0
    - MESHTASTIC_SERIAL=true
  health_check:
    type: cmd
    endpoint: test -f /var/lib/meshtasticd/config.yaml
    interval: 30s
    timeout: 30s
    retries: 5
  networking:
    mesh_enabled: true
    local_network_access: true
  metadata:
    icon: /assets/img/app-icons/meshcore.svg
    category: networking
    tier: recommended
    repo: https://github.com/meshtastic/firmware
--- a/docs/PRODUCTION-MASTER-PLAN.md
+++ b/docs/PRODUCTION-MASTER-PLAN.md
@ -70,7 +70,7 @@ real nodes. Until then, this plan is the priority.
 | C | **Developer-ready external registry** — 3rd-party DID-signed manifests, decentralized Nostr discovery (NIP-78 kind 30078) + trust score, `archy app …` tooling | `marketplace-protocol.md`, `app-developer-guide.md` | design exists; tooling + trust UX pending |
 | D | **Distribution backbone** — signed catalog, BLAKE3 content-addressing, iroh swarm (origin-always-wins) | `dht-distribution-design.md` | phases 0–2 code-complete (worktree) |
 | E | **Production test gate** — 5× lifecycle on **.228**, per-app L1/L2 matrix; multinode is split out → `multinode-testing-plan.md` | `tests/lifecycle/TESTING.md`, `bulletproof-containers.md` | **✅ .228 5×-GREEN (110/110 ×5, 0 not-ok, 2026-06-23)** — but this is DESTRUCTIVE-tier / ~8 core apps only; see §6c for the coverage gaps |
-| F | **Lifecycle perfection — cascade + progress + ALL apps** — extend the gate to uninstall/reinstall (cascade), real install/uninstall progress UI, and EVERY installed app (not just the 8 core). The "insanely-perfect OS/container environment" bar. | §6c (below), `tests/lifecycle/TESTING.md` | **NEW (2026-06-23)** — real bugs already found in manual multinode testing; sequenced after netbird + Phase-3 |
+| F | **Lifecycle perfection — cascade + progress + ALL apps** — extend the gate to uninstall/reinstall (cascade), real install/uninstall progress UI, and EVERY installed app (not just the 8 core). The "insanely-perfect OS/container environment" bar. | §6c (below), `tests/lifecycle/TESTING.md` | **IN PROGRESS (2026-06-26)** — root bug FIXED: uninstall could hang → ghost/stuck-bar/reinstall-block (`71cc9ac4`, unbounded systemctl/podman in `quadlet::disable_remove`); `cascade-uninstall.bats` **7/7 green on .228** w/ binary `ae349a75`. Remaining: wire CASCADE into the canonical gate run, progress-UI truthfulness, all-apps matrix, guardian/IBD state. |
 **Orchestrator architecture** (foundation for A/B): `rust-orchestrator-migration.md`
 (ProdContainerOrchestrator, BootReconciler 30s level-triggered reconcile, adoption
@ -156,10 +156,27 @@ reinstall, install-progress UI, and most apps were never under test.
  Bitcoin finishes initial sync" / "starting"** on that node — verify this is correct
  wait-for-IBD behavior vs a stuck/false state (it's a backend that depends on bitcoin sync).
 **✅ 2026-06-26 — root cause of the immich/grafana uninstall trio FOUND + FIXED (`71cc9ac4`).**
 Single cause: `quadlet::disable_remove()` (first op in uninstall teardown, via companion +
 orchestrator) ran `systemctl --user stop` / `daemon-reload` / `podman rm -f` with **no timeout**.
 On rootless podman a generated unit can wedge "deactivating" while podman hangs → `systemctl stop`
 blocks forever → the spawned uninstall task returns neither Ok nor Err, so (a) `set_uninstall_stage`
 never fires → **frozen full-red bar**, (b) `remove_package_state_entry` never runs → **ghost stuck in
 `Removing`**, (c) the install guard rejects reinstall (`already Removing`). The spawn wrapper already
 reverts state on Err/removes on Ok — only a *hang* stranded it. Fix bounds all three calls
 (stop→`QUADLET_STOP_TIMEOUT` + SIGKILL/reset-failed escalation; daemon-reload→30s; podman rm→timeout).
 **Validated live: `cascade-uninstall.bats` 7/7 on .228** (binary `ae349a75`) — grafana install →
 uninstall (no ghost, data dir gone) → reinstall → running → cleanup. NOTE: proves the happy path +
 no-regression; the original hang was load/timing-induced and not separately reproduced.
 **Workstream F scope — the gate must grow to (in priority order):**
 1. **CASCADE tier in the canonical gate:** uninstall → verify the app is GONE from My Apps /
   `container-list` / package state (no ghost), data preserved per policy, then reinstall →
   verify it returns healthy. Catch the immich/grafana ghost + reinstall-stops bugs.
   *(Test EXISTS + passes — `bats/cascade-uninstall.bats`, gated on `ARCHY_ALLOW_CASCADE_DESTRUCTIVE`;
   `run-gate.sh` still never sets it. DECISION PENDING: run a single cascade pass alongside the 5×
   destructive loop vs. a dedicated cascade gate — do NOT fold uninstall/reinstall into all 5
   iterations, it balloons runtime.)*
 2. **Progress-UI assertions:** install AND uninstall must report monotonic, truthful progress
   (not a stuck full-red bar); a long op must surface a real stage/percentage and a terminal
   success/failure — no silent hang. (Likely both a backend progress-event fix AND a UI fix.)