From ae7fce4b952199550222a4ffdf7a8ec93dfdea1f Mon Sep 17 00:00:00 2001 From: Fizzlepoof Date: Mon, 25 May 2026 20:48:28 +0000 Subject: [PATCH] docs: record Serenity Pangolin healthcheck fix --- docs/planning/SERENITY_CLEANUP_WAVE_1.md | 3 ++- docs/planning/SERENITY_DOCKER_AUDIT.md | 21 +++++++++++++++++++++ docs/troubleshooting/KNOWN_QUIRKS.md | 1 + 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/docs/planning/SERENITY_CLEANUP_WAVE_1.md b/docs/planning/SERENITY_CLEANUP_WAVE_1.md index 65b56c8..092e4c7 100644 --- a/docs/planning/SERENITY_CLEANUP_WAVE_1.md +++ b/docs/planning/SERENITY_CLEANUP_WAVE_1.md @@ -65,7 +65,8 @@ From the live Serenity audit: - `Newt` is still needed - legacy Pi-hole containers are still running even though Technitium is now the intended DNS path - Serenity Newt-backed Pangolin routes still had stale health-check hostnames pointing at old `10.5.1.5` even though their target IPs had already been rewritten to `localhost`/`10.5.30.5` -- a temporary `10.5.1.5/32` alias on `br0` validated the diagnosis, but it was removed because the old IP is no longer allowed on that VLAN; authoritative Pangolin health-check cleanup is still required +- a temporary `10.5.1.5/32` alias on `br0` validated the diagnosis, but it was removed because the old IP is no longer allowed on that VLAN +- authoritative Pangolin cleanup was then completed by rewriting the audited Serenity target set to `10.5.30.5` for both routing and health checks, removing the need for any legacy-IP workaround ## Wave 1-A: legacy Pi-hole removal diff --git a/docs/planning/SERENITY_DOCKER_AUDIT.md b/docs/planning/SERENITY_DOCKER_AUDIT.md index 5c0b5df..1052026 100644 --- a/docs/planning/SERENITY_DOCKER_AUDIT.md +++ b/docs/planning/SERENITY_DOCKER_AUDIT.md @@ -243,6 +243,27 @@ Interpretation: - it is not an acceptable steady-state fix here - the real remaining task is to authoritatively rewrite the stale Pangolin `hcHostname` values away from `10.5.1.5` +## Pangolin / Newt authoritative fix completed + +Follow-up live mutation on 2026-05-25 rewrote the remaining Serenity site targets that were still drifting on stale `10.5.1.5` health checks: +- target `25` (`readarr`) -> `ip=10.5.30.5`, `hcHostname=10.5.30.5`, `hcHealth=healthy` +- target `56` (`readarr-epub`) -> `ip=10.5.30.5`, `hcHostname=10.5.30.5`, `hcHealth=healthy` +- target `57` (`sonarr-anime`) -> `ip=10.5.30.5`, `hcHostname=10.5.30.5`, `hcHealth=healthy` + +Post-fix verification: +- `docker exec Newt wget http://10.5.30.5:8787/`, `:8788/`, and `:8990/` all succeeded from inside Serenity's `Newt` container +- public probes for `readarr.paccoco.com`, `readarr-epub.paccoco.com`, and `sonarr-anime.paccoco.com` all returned the expected Pangolin-auth redirect flow +- live Pangolin API inventory for site `serenity` no longer contains any target with `ip=10.5.1.5` or `hcHostname=10.5.1.5` + +Current steady state for the audited Serenity-hosted Pangolin targets (`15`, `20`, `25`, `29`, `56`, `57`, `58`, `69`): +- all now show `ip=10.5.30.5` +- all now show `hcHostname=10.5.30.5` +- all now report `hcHealth=healthy` + +Rollback / evidence artifacts: +- pre-change backup for targets `56` and `57`: `/home/fizzlepoof/pangolin-target-backup-serenity-hc-authoritative-20260525T204548Z.json` +- post-fix snapshot for audited targets: `/home/fizzlepoof/pangolin-target-snapshot-serenity-post-hc-fix-20260525T204741Z.json` + ## Database dependency findings Live inspection of container environments currently points to: diff --git a/docs/troubleshooting/KNOWN_QUIRKS.md b/docs/troubleshooting/KNOWN_QUIRKS.md index ee08cb9..6a27eec 100644 --- a/docs/troubleshooting/KNOWN_QUIRKS.md +++ b/docs/troubleshooting/KNOWN_QUIRKS.md @@ -77,6 +77,7 @@ Per-service gotchas that aren't bugs but will bite you if you forget them. - That alias was then removed because the old `10.5.1.5` address is no longer allowed on the VLAN - After removal, targets immediately fell back to unhealthy on the same stale health-check URLs, confirming the real problem is authoritative Pangolin metadata drift, not local app failure - Treat the alias only as a diagnostic probe; do not persist it. The correct fix is to rewrite Pangolin health-check hostnames away from the stale pre-renumbering IP. +- Authoritative fix completed for the Serenity audit set on 2026-05-25: targets `15`, `20`, `25`, `29`, `56`, `57`, `58`, and `69` now use `10.5.30.5` for both routing and health checks, and no audited Serenity Pangolin target still carries `10.5.1.5` in live API state. ---