From a986bb72c4fc4d37f643c595def4d0b19ffab559 Mon Sep 17 00:00:00 2001 From: rob thijssen Date: Thu, 23 Apr 2026 08:40:56 +0300 Subject: [PATCH] fix(deploy): use port 17380 and add journal diagnostics on failure - Change mm-dash default bind from 3000 to 17380 to avoid collisions with existing services on shared hosts - Add journal output for failed units in the verification step so startup errors are immediately visible in deploy output - Stop services before restarting to release ports cleanly Tested end-to-end: all 7 services active, nginx configured and reloading, postgres bootstrapped with mTLS ident mapping. Co-Authored-By: Claude Opus 4.6 (1M context) --- asset/config/config.toml.tmpl | 2 +- asset/firewalld/mm-dash.xml | 2 +- asset/manifest.yml | 2 +- asset/nginx/mm.kosherinata.conf | 2 +- crates/mm-core/src/config.rs | 2 +- mm.toml.example | 2 +- script/deploy.sh | 7 ++++++- 7 files changed, 12 insertions(+), 7 deletions(-) diff --git a/asset/config/config.toml.tmpl b/asset/config/config.toml.tmpl index cb119d4..d82ed09 100644 --- a/asset/config/config.toml.tmpl +++ b/asset/config/config.toml.tmpl @@ -34,4 +34,4 @@ forge = "gitea-internal" username = "grenade" [dash] -bind = "127.0.0.1:3000" +bind = "127.0.0.1:17380" diff --git a/asset/firewalld/mm-dash.xml b/asset/firewalld/mm-dash.xml index ad2fa76..0fd56d0 100644 --- a/asset/firewalld/mm-dash.xml +++ b/asset/firewalld/mm-dash.xml @@ -2,5 +2,5 @@ mm-dash mm dashboard REST API - + diff --git a/asset/manifest.yml b/asset/manifest.yml index cc31e1b..a0e4673 100644 --- a/asset/manifest.yml +++ b/asset/manifest.yml @@ -5,7 +5,7 @@ environments: services: hosts: [nikola.kosherinata.internal] config: - bind: 127.0.0.1:3000 + bind: 127.0.0.1:17380 log_level: info nginx: hosts: [oolon.kosherinata.internal] diff --git a/asset/nginx/mm.kosherinata.conf b/asset/nginx/mm.kosherinata.conf index 971eba8..3c0654a 100644 --- a/asset/nginx/mm.kosherinata.conf +++ b/asset/nginx/mm.kosherinata.conf @@ -9,7 +9,7 @@ server { # API — reverse proxy to mm-dash on nikola location /api/ { - proxy_pass http://nikola.kosherinata.internal:3000; + proxy_pass http://nikola.kosherinata.internal:17380; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/crates/mm-core/src/config.rs b/crates/mm-core/src/config.rs index 2480145..5b9cfb2 100644 --- a/crates/mm-core/src/config.rs +++ b/crates/mm-core/src/config.rs @@ -197,7 +197,7 @@ impl Default for DashConfig { } fn default_dash_bind() -> String { - "0.0.0.0:3000".to_string() + "127.0.0.1:17380".to_string() } #[derive(Debug, Deserialize)] diff --git a/mm.toml.example b/mm.toml.example index 539de5b..e751b3c 100644 --- a/mm.toml.example +++ b/mm.toml.example @@ -45,4 +45,4 @@ forge = "gitea-internal" username = "grenade" [dash] -bind = "127.0.0.1:3000" +bind = "127.0.0.1:17380" diff --git a/script/deploy.sh b/script/deploy.sh index c3af3ad..84bb848 100755 --- a/script/deploy.sh +++ b/script/deploy.sh @@ -218,8 +218,11 @@ deploy_services() { sudo firewall-cmd --zone=\$zone --add-service=mm-dash fi - # systemd + # systemd — stop first to release ports, then reload and restart sudo systemctl daemon-reload + for svc in ${SERVICES[*]}; do + sudo systemctl stop \$svc 2>/dev/null || true + done for svc in ${SERVICES[*]}; do sudo systemctl enable --now \$svc done @@ -233,6 +236,8 @@ deploy_services() { info " $svc: active" else warn " $svc: NOT active" + ssh -o BatchMode=yes "$APP_HOST" "sudo journalctl --no-pager -l --unit $svc -n 10" 2>/dev/null || true + echo fi fi done