docs: record Serenity Pangolin drift workaround
Some checks failed
secret-guardrails / artifact-secret-scan (push) Has been cancelled
secret-guardrails / gitleaks (push) Has been cancelled

This commit is contained in:
Fizzlepoof
2026-05-25 20:33:09 +00:00
parent cd98fcf49a
commit 54bf27b208
3 changed files with 40 additions and 0 deletions

View File

@@ -64,6 +64,8 @@ From the live Serenity audit:
- quick live checks did not surface immediate DB dependencies for `Wizarr`, `Shelfmark`, or `Notifiarr`
- `Newt` is still needed
- legacy Pi-hole containers are still running even though Technitium is now the intended DNS path
- Serenity Newt-backed Pangolin routes still had stale health-check hostnames pointing at old `10.5.1.5` even though their target IPs had already been rewritten to `localhost`
- live workaround applied on 2026-05-25: Serenity now carries runtime alias `10.5.1.5/32` on `br0` so those stale health checks resolve locally again
## Wave 1-A: legacy Pi-hole removal

View File

@@ -208,6 +208,33 @@ Resolved on 2026-05-25:
- Confirm whether anything beyond `GameVault` still depends on `postgresql15`.
- Confirm whether anything beyond `RomM` still depends on `MariaDB-Official`.
- Is `/mnt/user/appdate/reranker` intentional, or a typo that should be corrected before migration?
- When Pangolin API write auth is available again, rewrite Serenity target health-check hostnames away from stale `10.5.1.5` so the runtime alias can be removed cleanly.
## Pangolin / Newt live remediation applied
Live verification on 2026-05-25 showed Serenity Newt still probing stale pre-renumbering health-check URLs like `http://10.5.1.5:8787/` even though the Pangolin target objects already showed `ip=localhost` for those resources.
Affected target IDs observed live:
- `15` (`autobrr`)
- `20` (`notifiarr`)
- `25` (`readarr`)
- `29` (`wizarr`)
- `56` (`readarr-epub`)
- `57` (`sonarr-anime`)
- `58` (`romm`)
- `69` (`gamevault`)
Fast remediation applied live on Serenity:
- `ip addr add 10.5.1.5/32 dev br0`
Post-fix verification:
- Newt logs recorded recovery to healthy for targets `15`, `20`, `25`, `29`, `56`, and `57`
- direct Serenity HTTP probes to `http://10.5.1.5:8785/` and `http://10.5.1.5:8457/` returned `200`
- inside the `Newt` container, `wget` to `10.5.1.5:8785` and `10.5.1.5:8457` succeeded
Interpretation:
- the immediate production symptom was repaired without waiting for Pangolin API write access
- this is only a runtime compatibility patch; it must be treated as temporary until the stale Pangolin `hcHostname` fields are authoritatively rewritten
## Database dependency findings

View File

@@ -70,6 +70,17 @@ Per-service gotchas that aren't bugs but will bite you if you forget them.
### Unraid-Cloudflared-Tunnel
- Dead container, should be removed
### Serenity Newt / Pangolin stale health-check IP drift
- Several Serenity Newt-backed Pangolin targets were corrected to `ip=localhost` but still retained stale `hcHostname=10.5.1.5`, so Newt health checks kept failing with `no route to host`
- Verified affected target IDs on 2026-05-25: `15`, `20`, `25`, `29`, `56`, `57`, `58`, `69`
- Fast live recovery on Serenity: add runtime compatibility alias `10.5.1.5/32` on `br0`
- command used: `ip addr add 10.5.1.5/32 dev br0`
- Verified results after alias:
- Newt logged recovery to healthy for targets `15`, `20`, `25`, `29`, `56`, `57`
- direct HTTP probes to `http://10.5.1.5:8785/` and `http://10.5.1.5:8457/` returned `200`
- `docker exec Newt` confirmed `wget` success to ports `8785` and `8457`
- This is a runtime workaround, not an authoritative fix. It will disappear on reboot unless deliberately persisted, and the real cleanup is still to rewrite Pangolin health-check hostnames away from the stale pre-renumbering IP.
---
## N.O.M.A.D.