docs: record Serenity Pangolin healthcheck fix
This commit is contained in:
@@ -65,7 +65,8 @@ From the live Serenity audit:
|
||||
- `Newt` is still needed
|
||||
- legacy Pi-hole containers are still running even though Technitium is now the intended DNS path
|
||||
- Serenity Newt-backed Pangolin routes still had stale health-check hostnames pointing at old `10.5.1.5` even though their target IPs had already been rewritten to `localhost`/`10.5.30.5`
|
||||
- a temporary `10.5.1.5/32` alias on `br0` validated the diagnosis, but it was removed because the old IP is no longer allowed on that VLAN; authoritative Pangolin health-check cleanup is still required
|
||||
- a temporary `10.5.1.5/32` alias on `br0` validated the diagnosis, but it was removed because the old IP is no longer allowed on that VLAN
|
||||
- authoritative Pangolin cleanup was then completed by rewriting the audited Serenity target set to `10.5.30.5` for both routing and health checks, removing the need for any legacy-IP workaround
|
||||
|
||||
## Wave 1-A: legacy Pi-hole removal
|
||||
|
||||
|
||||
@@ -243,6 +243,27 @@ Interpretation:
|
||||
- it is not an acceptable steady-state fix here
|
||||
- the real remaining task is to authoritatively rewrite the stale Pangolin `hcHostname` values away from `10.5.1.5`
|
||||
|
||||
## Pangolin / Newt authoritative fix completed
|
||||
|
||||
Follow-up live mutation on 2026-05-25 rewrote the remaining Serenity site targets that were still drifting on stale `10.5.1.5` health checks:
|
||||
- target `25` (`readarr`) -> `ip=10.5.30.5`, `hcHostname=10.5.30.5`, `hcHealth=healthy`
|
||||
- target `56` (`readarr-epub`) -> `ip=10.5.30.5`, `hcHostname=10.5.30.5`, `hcHealth=healthy`
|
||||
- target `57` (`sonarr-anime`) -> `ip=10.5.30.5`, `hcHostname=10.5.30.5`, `hcHealth=healthy`
|
||||
|
||||
Post-fix verification:
|
||||
- `docker exec Newt wget http://10.5.30.5:8787/`, `:8788/`, and `:8990/` all succeeded from inside Serenity's `Newt` container
|
||||
- public probes for `readarr.paccoco.com`, `readarr-epub.paccoco.com`, and `sonarr-anime.paccoco.com` all returned the expected Pangolin-auth redirect flow
|
||||
- live Pangolin API inventory for site `serenity` no longer contains any target with `ip=10.5.1.5` or `hcHostname=10.5.1.5`
|
||||
|
||||
Current steady state for the audited Serenity-hosted Pangolin targets (`15`, `20`, `25`, `29`, `56`, `57`, `58`, `69`):
|
||||
- all now show `ip=10.5.30.5`
|
||||
- all now show `hcHostname=10.5.30.5`
|
||||
- all now report `hcHealth=healthy`
|
||||
|
||||
Rollback / evidence artifacts:
|
||||
- pre-change backup for targets `56` and `57`: `/home/fizzlepoof/pangolin-target-backup-serenity-hc-authoritative-20260525T204548Z.json`
|
||||
- post-fix snapshot for audited targets: `/home/fizzlepoof/pangolin-target-snapshot-serenity-post-hc-fix-20260525T204741Z.json`
|
||||
|
||||
## Database dependency findings
|
||||
|
||||
Live inspection of container environments currently points to:
|
||||
|
||||
@@ -77,6 +77,7 @@ Per-service gotchas that aren't bugs but will bite you if you forget them.
|
||||
- That alias was then removed because the old `10.5.1.5` address is no longer allowed on the VLAN
|
||||
- After removal, targets immediately fell back to unhealthy on the same stale health-check URLs, confirming the real problem is authoritative Pangolin metadata drift, not local app failure
|
||||
- Treat the alias only as a diagnostic probe; do not persist it. The correct fix is to rewrite Pangolin health-check hostnames away from the stale pre-renumbering IP.
|
||||
- Authoritative fix completed for the Serenity audit set on 2026-05-25: targets `15`, `20`, `25`, `29`, `56`, `57`, `58`, and `69` now use `10.5.30.5` for both routing and health checks, and no audited Serenity Pangolin target still carries `10.5.1.5` in live API state.
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user