fix: harden sentinel scheduler systemd environment
This commit is contained in:
@@ -59,6 +59,9 @@ const DEFAULT_STALE_MULTIPLIER = 1;
|
||||
const DEFAULT_FETCH_TIMEOUT_MS = 15_000;
|
||||
const HOST_SCHEDULER_INTERVAL_SECONDS = 120;
|
||||
const STATE_DIR = rootPath(".state", "web-probe-sentinel-scheduler");
|
||||
const BUN_EXECUTABLE = existsSync("/usr/bin/bun") ? "/usr/bin/bun" : process.execPath || "bun";
|
||||
const SYSTEMD_PATH = "/root/.local/bin:/root/.bun/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
|
||||
const SYSTEMD_NO_PROXY = noProxyValue();
|
||||
|
||||
await main().catch((error) => {
|
||||
const message = error instanceof Error ? error.stack || error.message : String(error);
|
||||
@@ -168,7 +171,7 @@ function sentinelSchedules(spec: ReturnType<typeof hwlabRuntimeLaneSpecForNode>,
|
||||
|
||||
async function triggerSentinel(options: SchedulerOptions, schedule: SentinelSchedule, before: OverviewSnapshot): Promise<TriggerResult> {
|
||||
const command = [
|
||||
"bun",
|
||||
BUN_EXECUTABLE,
|
||||
"scripts/cli.ts",
|
||||
"web-probe",
|
||||
"sentinel",
|
||||
@@ -261,8 +264,12 @@ After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Environment=HOME=/root
|
||||
Environment=PATH=${SYSTEMD_PATH}
|
||||
Environment=NO_PROXY=${SYSTEMD_NO_PROXY}
|
||||
Environment=no_proxy=${SYSTEMD_NO_PROXY}
|
||||
WorkingDirectory=${repoRoot}
|
||||
ExecStart=/usr/bin/env bun ${join(repoRoot, "scripts", "web-probe-sentinel-scheduler.ts")} run --node ${options.node} --lane ${options.lane} --stale-multiplier ${options.staleMultiplier}
|
||||
ExecStart=${BUN_EXECUTABLE} ${join(repoRoot, "scripts", "web-probe-sentinel-scheduler.ts")} run --node ${options.node} --lane ${options.lane} --stale-multiplier ${options.staleMultiplier}
|
||||
`;
|
||||
const timer = `[Unit]
|
||||
Description=Run UniDesk web-probe sentinel host cadence scheduler for ${options.node}/${options.lane}
|
||||
@@ -336,6 +343,8 @@ function rowFor(schedule: SentinelSchedule, overview: OverviewSnapshot | null, d
|
||||
recorded: trigger.recorded,
|
||||
latestRunIdBefore: trigger.latestRunIdBefore,
|
||||
latestRunIdAfter: trigger.latestRunIdAfter,
|
||||
stdoutTail: trigger.stdoutTail,
|
||||
stderrTail: trigger.stderrTail,
|
||||
},
|
||||
valuesRedacted: true,
|
||||
};
|
||||
@@ -552,3 +561,13 @@ function systemdUnitName(options: SchedulerOptions): string {
|
||||
function safeSegment(value: string): string {
|
||||
return value.toLowerCase().replace(/[^a-z0-9._-]+/gu, "-").replace(/^-+|-+$/gu, "") || "default";
|
||||
}
|
||||
|
||||
function noProxyValue(): string {
|
||||
const raw = process.env.NO_PROXY || process.env.no_proxy || "";
|
||||
const required = ["localhost", "127.0.0.1", "::1", "hyueapi.com", ".hyueapi.com"];
|
||||
const values = raw.split(",").map((item) => item.trim()).filter(Boolean);
|
||||
for (const item of required) {
|
||||
if (!values.includes(item)) values.push(item);
|
||||
}
|
||||
return values.join(",");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user