Add rollout rehearsal verification#92
Merged
chrisbliss18 merged 4 commits intov2from Apr 30, 2026
Merged
Conversation
added 4 commits
April 30, 2026 12:46
Create a dedicated no-database rehearsal verifier for the v1-to-v2 rollout flow. The script exercises generated same-server plans, fresh-server plans, guided forward dry-runs, and guided rollback dry-runs, then asserts the critical operator-facing safety details: runtime-host context, fresh-server SSH warnings, hold points, stop/start commands, typed confirmations, rollback gates, and dynamic fleet completion commands. Wire the verifier into make rollout-rehearsal-verify for fast local checks and into make rollout-docs-verify so command output, docs, and generated runbooks cannot drift independently. Update the roadmap with the new rehearsal checklist, document the target in the migration and quick-reference docs, and clarify that pinned cutover-check signoff is per v2 runtime host/range rather than a single fleet-wide command. Validated with make rollout-rehearsal-verify and make rollout-docs-verify.
Mark the VM lab snapshot replay item complete after running make rollout-vm-lab-snapshot-all-smoke against jetmon-deploy-test. The replay covered execute rollback, interrupted resume, post-start rollback, bad SSH, v2 start failure, runtime guard refusals, real activity from the staged service, and failure-gate refusal flows. No docs/tooling mismatch was found during this pass.
Use mktemp for the rehearsal verifier's default workspace instead of a predictable /tmp path, clean that workspace automatically, and fail early when the configured jetmon2 binary is not executable. Custom work directories remain supported for debugging. Tighten operator-facing rollout docs by removing redundant release verification commands, calling out that rollout-docs-verify already builds, tests, vets, checks docs, and runs rehearsal verification, and using normal ordered checklist numbering in the quick reference. Reviewed from sysadmin, security, and engineering perspectives. Validated with bash -n, shellcheck, make rollout-rehearsal-verify, make rollout-docs-verify, and make test-race.
Refuse to overwrite an existing custom ROLLOUT_REHEARSAL_PLAN_FILE unless the caller explicitly opts in with ROLLOUT_REHEARSAL_OVERWRITE_PLAN=1. This prevents a convenience verification script from clobbering a real rollout CSV or a symlinked path by accident. Also clarify in the quick reference and migration runbook that rollout-rehearsal-verify uses a disposable sample bucket plan. It validates documentation and CLI flow alignment, but it does not replace the real host-preflight gate or VM lab rehearsal. Validated with the existing-plan refusal path, bash -n, shellcheck, make rollout-rehearsal-verify, make rollout-docs-verify, and make test-race.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
This adds a focused rehearsal-verification pass for the v1-to-v2 rollout docs and CLI output. The rollout path is intentionally operator-heavy, so the generated plans, guided dry-run output, runtime-host warnings, typed confirmations, rollback commands, and docs need to stay aligned before a production cutover.
What changed
make rollout-rehearsal-verify.scripts/rollout-rehearsal-verify.sh, a no-database verifier for same-server generated rehearsal plans, fresh-server generated rehearsal plans, guided same-server dry-runs, guided fresh-server dry-runs, and guided rollback dry-runs.make rollout-docs-verify.docs/roadmap.md.mktemp, cleaning its default workspace, checking the configured binary, and refusing to overwrite custom plan files withoutROLLOUT_REHEARSAL_OVERWRITE_PLAN=1.host-preflightor VM lab rehearsal.Validation
make rollout-rehearsal-verifymake rollout-docs-verifymake rollout-vm-lab-doctormake rollout-vm-lab-snapshot-all-smokebash -n scripts/rollout-rehearsal-verify.sh scripts/rollout-docs-verify.shshellcheck scripts/rollout-rehearsal-verify.sh scripts/rollout-docs-verify.shROLLOUT_REHEARSAL_PLAN_FILEmake test-race