DECNET

anti/DECNET

Fork 0

Commit Graph

Author	SHA1	Message	Date
anti	1b90048715	fix(api): /deckies/deploy becomes additive by default The wizard POSTs only the new decky on each submit. The handler used to treat every INI as the complete desired fleet (config.deckies = INI) so the reconciler tore down prior deckies as orphans — deploying a second Windows workstation silently wiped the first. Add replace_fleet to DeployIniRequest (default false). Default path merges new deckies into existing config and rejects name/IP collisions with 409. replace_fleet=true preserves set-desired-state semantics for CLI / declarative callers. Lifecycle rows are created only for the deckies submitted in the current call, so /deckies/lifecycle?ids=... reflects exactly what this submit deployed. build_deckies_from_ini gains reserved_ips so additive auto-allocation skips IPs already held by the existing fleet.	2026-05-22 18:14:50 -04:00
anti	f775223a83	feat(fleet): reconciler converges JSON ↔ DB ↔ docker Adds decnet.fleet.reconciler — a pure async function plus a long-lived worker — that periodically reconciles the three sources of truth on a DECNET host: 1. decnet-state.json (CLI-canonical fleet record) 2. fleet_deckies table (DB mirror, written by engine.deployer) 3. docker inspect (actual per-container runtime state) Drift handling: * JSON has X, DB doesn't → INSERT (deploy ran with DB offline) * DB has X (this host), JSON doesn't → DELETE (teardown ran with DB offline) * Both have X, docker disagrees → flip state to running/failed/degraded * Docker socket unreachable → leave existing state alone (don't torch every row to torn_down) Cross-host safety: deletions are scoped to host_uuid for the local host; a master that runs both a local fleet and swarm workers will never clobber a peer's slice. CLI: decnet reconcile --once # one-shot, prints counts decnet reconcile [--interval N] # long-lived worker, mirrors # orchestrator's lifecycle (control # listener + heartbeat + tick loop) Promotes decnet/fleet.py → decnet/fleet/ package so the reconciler can live alongside it without name collision (build_deckies_from_ini and all_service_names re-exported unchanged via __init__.py). 14 new tests cover state aggregation rules, all four drift directions, host_uuid scoping, docker-unreachable safety, and worker shutdown via the bus control event.	2026-04-26 21:14:48 -04:00

Author

SHA1

Message

Date

anti

1b90048715

fix(api): /deckies/deploy becomes additive by default

The wizard POSTs only the new decky on each submit. The handler used to
treat every INI as the complete desired fleet (config.deckies = INI) so
the reconciler tore down prior deckies as orphans — deploying a second
Windows workstation silently wiped the first.

Add replace_fleet to DeployIniRequest (default false). Default path
merges new deckies into existing config and rejects name/IP collisions
with 409. replace_fleet=true preserves set-desired-state semantics for
CLI / declarative callers. Lifecycle rows are created only for the
deckies submitted in the current call, so /deckies/lifecycle?ids=...
reflects exactly what this submit deployed.

build_deckies_from_ini gains reserved_ips so additive auto-allocation
skips IPs already held by the existing fleet.

2026-05-22 18:14:50 -04:00

anti

f775223a83

feat(fleet): reconciler converges JSON ↔ DB ↔ docker

Adds decnet.fleet.reconciler — a pure async function plus a long-lived
worker — that periodically reconciles the three sources of truth on a
DECNET host:

  1. decnet-state.json (CLI-canonical fleet record)
  2. fleet_deckies table (DB mirror, written by engine.deployer)
  3. docker inspect (actual per-container runtime state)

Drift handling:
  * JSON has X, DB doesn't       → INSERT (deploy ran with DB offline)
  * DB has X (this host), JSON doesn't → DELETE (teardown ran with DB offline)
  * Both have X, docker disagrees → flip state to running/failed/degraded
  * Docker socket unreachable    → leave existing state alone (don't
                                    torch every row to torn_down)

Cross-host safety: deletions are scoped to host_uuid for the local host;
a master that runs both a local fleet and swarm workers will never
clobber a peer's slice.

CLI:
  decnet reconcile --once            # one-shot, prints counts
  decnet reconcile [--interval N]    # long-lived worker, mirrors
                                     # orchestrator's lifecycle (control
                                     # listener + heartbeat + tick loop)

Promotes decnet/fleet.py → decnet/fleet/ package so the reconciler can
live alongside it without name collision (build_deckies_from_ini and
all_service_names re-exported unchanged via __init__.py).

14 new tests cover state aggregation rules, all four drift directions,
host_uuid scoping, docker-unreachable safety, and worker shutdown via
the bus control event.

2026-04-26 21:14:48 -04:00

2 Commits