248 lines
17 KiB
Plaintext
248 lines
17 KiB
Plaintext
# TSYSDevStack SupportStack Demo Builder
|
|
|
|
## Objective
|
|
Create an out-of-the-box, localhost-bound only, ephemeral Docker volume-only demonstration version of the SupportStack components documented in the docs/VendorList-SupportStack.md file.
|
|
|
|
## MVP Test Run Objective
|
|
Create a proof of concept with docker-socket-proxy, homepage, and wakaapi components that demonstrate proper homepage integration via Docker Compose labels. This MVP will serve as a validation of the full approach before proceeding with the complete stack implementation.
|
|
|
|
## Architecture Requirements
|
|
- All Docker artifacts must be prefixed with `tsysdevstack-supportstack-demo-`
|
|
- This includes containers, networks, volumes, and any other Docker artifacts
|
|
- Example: `tsysdevstack-supportstack-demo-homepage`, `tsysdevstack-supportstack-demo-network`, etc.
|
|
- Run exclusively on localhost (localhost binding only)
|
|
- Ephemeral volumes only (no persistent storage)
|
|
- Resource limits set for single-user demo capacity
|
|
- No external network access (localhost bound only)
|
|
- Components: docker-socket-proxy, portainer, homepage as foundational elements
|
|
- All artifacts must go into artifacts/SupportStack directory to keep the directory well organized and avoid cluttering the root directory
|
|
- Homepage container needs direct access to Docker socket for labels to auto-populate (not through proxy)
|
|
- Docker socket proxy is for other containers that need Docker access but don't require direct socket access
|
|
- Portainer can use docker-socket-proxy for read-only access, but homepage needs direct socket access
|
|
- All containers need proper UID/GID mapping for security
|
|
- Docker group GID must be mapped properly for containers using Docker socket
|
|
- Non-Docker socket using containers should use invoking UID/GID
|
|
|
|
## Development Methodology
|
|
- Strict Test Driven Development (TDD) process
|
|
- Write test → Execute test → Test fails → Write minimal code to pass test
|
|
- 75%+ code coverage requirement
|
|
- 100% test pass requirement
|
|
- Component-by-component development approach
|
|
- Complete one component before moving to the next
|
|
- Apply TDD for every change, no matter how surgical
|
|
- Test changes right after implementation as atomically as possible
|
|
- Each fix or modification should be accompanied by a specific test to verify the issue
|
|
- Ensure all changes are validated immediately after implementation
|
|
|
|
## MVP Component Development Sequence (Test Run) ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
1. **MVP**: docker-socket-proxy, homepage, wakaapi (each must fully satisfy Definition of Done before proceeding) ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
- docker-socket-proxy: Enable Docker socket access for containers that need it (not homepage) ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
- homepage: Configure to access Docker socket directly for automatic label discovery ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
- wakaapi: Integrate with homepage using proper labels ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
- All services must utilize Docker Compose labels to automatically show up in homepage ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
- Implement proper service discovery for homepage integration using gethomepage labels ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
- Ensure all components are properly labeled with homepage integration labels ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
- Implement proper startup ordering using depends_on with health checks ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
- Homepage container requires direct Docker socket access for automatic service discovery ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
- Docker socket proxy provides controlled access for other containers ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
- All containers must have proper UID/GID mapping for security ✅ COMPLETED ✅ MVP FULLY IMPLEMENTED AND TESTED
|
|
|
|
## Component Completion Validation ✅ MVP COMPLETED
|
|
- Each component must pass health checks for 5 consecutive minutes before moving to the next ✅ MVP COMPLETED
|
|
- All tests must pass with 100% success rate before moving to the next component ✅ MVP COMPLETED
|
|
- Resource utilization must be within specified limits before moving to the next component ✅ MVP COMPLETED
|
|
- Integration tests with previously completed components must pass before moving forward ✅ MVP COMPLETED
|
|
- Homepage must automatically detect and display all services with proper labels ✅ MVP COMPLETED
|
|
- Specific validation checkpoints after each service deployment:
|
|
- docker-socket-proxy: Validate Docker socket access and network connectivity to Docker daemon ✅ COMPLETED
|
|
- homepage: Validate homepage starts and can connect to Docker socket directly, verify UI is accessible ✅ COMPLETED
|
|
- wakaapi: Validate service starts and can be integrated into homepage with proper labels ✅ COMPLETED
|
|
- Each service must be validated in homepage dashboard after integration ✅ MVP COMPLETED
|
|
- Detailed homepage integration validation steps:
|
|
- Verify service appears in homepage dashboard with correct name and icon ✅ MVP COMPLETED
|
|
- Confirm service status shows as healthy in homepage ✅ MVP COMPLETED
|
|
- Validate service URL in homepage correctly links to the service ✅ MVP COMPLETED
|
|
- Verify service group assignment in homepage is correct ✅ MVP COMPLETED
|
|
- Check that any configured widgets appear properly in homepage ✅ MVP COMPLETED
|
|
- Homepage must automatically discover services via Docker labels without manual configuration ✅ MVP COMPLETED
|
|
- Validate Docker socket connectivity for automatic service discovery ✅ MVP COMPLETED
|
|
- Confirm homepage can access and display service status information ✅ MVP COMPLETED
|
|
- Update STATUS.md with validation results for each component ✅ MVP COMPLETED
|
|
|
|
## Technical Specifications
|
|
- No Bitnami images allowed
|
|
- Use official or trusted repository images only:
|
|
- docker-socket-proxy: tecnativa/docker-socket-proxy (pinned version tag)
|
|
- homepage: gethomepage/homepage (pinned version tag)
|
|
- wakaapi: ghcr.io/ekkinox/wakaapi (pinned version tag)
|
|
- Implement Docker Compose orchestration
|
|
- Use Docker named volumes for ephemeral storage
|
|
- Implement proper resource limits in docker-compose.yml: CPU: 0.5-1.0 cores per service, Memory: 128MB-512MB per service (variable based on service type), Disk: 1GB per service for ephemeral volumes
|
|
- Implement comprehensive health checks for all services with appropriate intervals and timeouts
|
|
- All services must be on a shared Docker network named: tsysdevstack_supportstack_network
|
|
- Implement proper networking (internal only)
|
|
- All ports bound to localhost (127.0.0.1) with specific port assignments:
|
|
- docker-socket-proxy: Internal network only, no external ports exposed
|
|
- homepage: Port 4000 (localhost only) - configurable via environment variable
|
|
- wakaapi: Port 4001 (localhost only) - configurable via environment variable
|
|
- All environment variables must be pre-set in tsysdevstack-supportstack-demo-Settings file (single settings file for simplicity in demo)
|
|
- All docker compose files (one per component) should be prefixed with: tsysdevstack-supportstack-demo-DockerCompose-
|
|
- All docker compose files should use environment variables for everything (variables will be set in tsysdevstack-supportstack-demo-Settings file)
|
|
- Health checks must validate service readiness before proceeding with dependent components
|
|
- Health check endpoints must be accessible only from internal network
|
|
- Health check configurations must be parameterized via environment variables
|
|
- All services must utilize Docker Compose labels to automatically show up in homepage
|
|
- Implement proper homepage integration labels for automatic service discovery using gethomepage/homepage labels:
|
|
- Required: homepage.group, homepage.name, homepage.icon
|
|
- Optional: homepage.href, homepage.description, homepage.widget.type, homepage.widget.url, homepage.widget.key, homepage.widget.fields, homepage.weight
|
|
- Homepage integration must include proper naming, icons, and status indicators
|
|
- Use pinned image tags rather than 'latest' for all container images
|
|
- Run containers as non-root users where possible
|
|
- Enable read-only filesystems where appropriate
|
|
- Implement security scanning during build process (for demo, secrets via environment variables are acceptable)
|
|
- Define network policies for internal communication only
|
|
- Use depends_on with health checks to ensure proper startup ordering of services
|
|
- Use SQLite for every service that will support it to avoid heavier databases where possible
|
|
- For services requiring databases, prefer lightweight SQLite over PostgreSQL, MySQL, or other heavy database systems
|
|
- Only use heavier databases when SQLite is not supported or inadequate for the service requirements
|
|
- When using SQLite, implement proper volume management for database files using Docker volumes
|
|
- Ensure SQLite databases are properly secured with appropriate file permissions and encryption where needed
|
|
- Avoid external database dependencies when SQLite can meet the service requirements
|
|
- For database-backed services, configure SQLite as the default database engine in environment variables
|
|
- When migrating from heavier databases to SQLite, ensure data integrity and performance are maintained
|
|
- Implement proper backup strategies for SQLite databases using Docker volume snapshots
|
|
- Homepage container requires direct Docker socket access (not through proxy) for automatic label discovery
|
|
- Docker socket proxy provides controlled access for other containers that need Docker access
|
|
- Portainer can use docker-socket-proxy for read-only access
|
|
- All containers must have proper UID/GID mapping for security
|
|
- Docker group GID must be mapped for containers using Docker socket
|
|
- Homepage container must have Docker socket access for labels to auto-populate
|
|
|
|
## Stack Control
|
|
- All control of the stack should go into a script called tsysdevstack-supportstack-demo-Control.sh
|
|
- The script should take the following arguments: start/stop/uninstall/update/test
|
|
- Ensure script is executable and contains error handling
|
|
- Script must handle UID/GID mapping for non-Docker socket using containers
|
|
- Script must map host Docker GID to containers using Docker socket
|
|
- Script should warn about Docker socket access requirements for homepage
|
|
|
|
## Component Definition of Done
|
|
- All health checks pass consistently for each component
|
|
- docker-socket-proxy: HTTP health check on / (internal only)
|
|
- homepage: HTTP health check on /api/health (internal only)
|
|
- wakaapi: HTTP health check on /health (internal only)
|
|
- Test suite passes with 100% success rate (unit, integration, e2e)
|
|
- Code coverage of >75% for each component
|
|
- Resource limits properly implemented and validated (CPU: 0.5-1.0 cores, Memory: 128MB-512MB, Disk: 1GB per service)
|
|
- All services properly bound to localhost only
|
|
- Proper error handling and logging implemented (with retry logic and exponential backoff)
|
|
- Documentation and configuration files created
|
|
- Component successfully starts, runs, and stops without manual intervention
|
|
- Component properly integrates with other components without conflicts
|
|
- Automated self-recovery mechanisms implemented for common failure scenarios
|
|
- Performance benchmarks met for single-user demo capacity (apply reasonable defaults based on service type)
|
|
- Security scans completed and passed (run as non-root, read-only filesystems where appropriate)
|
|
- No hard-coded values; all configuration via environment variables
|
|
- All dependencies properly specified and resolved using depends_on with health checks
|
|
- Component properly labeled with homepage integration labels (homepage.group, homepage.name, homepage.icon, etc.)
|
|
- Container uses pinned image tags rather than 'latest'
|
|
- Services validate properly in homepage after integration
|
|
- Homepage container has direct Docker socket access for automatic service discovery
|
|
- Homepage automatically discovers and displays services with proper labels
|
|
- Homepage validates Docker socket connectivity and service discovery
|
|
- All homepage integration labels are properly applied and validated
|
|
- Services appear in homepage with correct grouping, naming, and icons
|
|
- Homepage container has direct Docker socket access for automatic label discovery
|
|
- Docker socket proxy provides access for other containers that need Docker access
|
|
- Proper UID/GID mapping implemented for all containers
|
|
- Docker group GID properly mapped for containers using Docker socket
|
|
- All warnings addressed and resolved during implementation
|
|
|
|
## Testing Requirements
|
|
- Unit tests for each component configuration
|
|
- Integration tests for component interactions
|
|
- End-to-end tests for the complete stack
|
|
- Performance tests to validate resource limits
|
|
- Security tests for localhost binding
|
|
- Health check tests for all services
|
|
- Coverage report generation
|
|
- Continuous test execution during development
|
|
- Automated test suite execution for each component before moving to the next
|
|
- End-to-end validation tests after each component integration
|
|
|
|
## Error Resolution Strategy
|
|
- Implement autonomous error detection and resolution
|
|
- Automatic retry mechanisms for transient failures with exponential backoff (base delay of 5s, max 5 attempts)
|
|
- Fallback configurations for compatibility issues
|
|
- Comprehensive logging for debugging
|
|
- Graceful degradation for optional components
|
|
- Automated rollback for failed deployments
|
|
- Self-healing mechanisms for common failure scenarios
|
|
- Automated restart policies with appropriate backoff strategies
|
|
- Deadlock detection and resolution mechanisms
|
|
- Resource exhaustion monitoring and mitigation
|
|
- Automated cleanup of failed component attempts
|
|
- Persistent state recovery mechanisms
|
|
- Fail-safe modes for critical components
|
|
- Circuit breaker patterns for service dependencies
|
|
- Specific timeout values for operations:
|
|
- Docker socket proxy connection timeout: 30 seconds
|
|
- Homepage startup timeout: 60 seconds
|
|
- Wakaapi initialization timeout: 45 seconds
|
|
- Service health check timeout: 10 seconds
|
|
- Docker Compose startup timeout: 120 seconds per service
|
|
- If unable to resolve an issue after multiple attempts, flag it in collab/SupportStack/HUMANHELP.md and move on
|
|
- Maintain running status reports in collab/SupportStack/STATUS.md
|
|
- Use git commit heavily to track progress
|
|
- Push to remote repository whenever a component is fully working/tested/validated
|
|
- Check Docker logs for all containers during startup and health checks to identify issues
|
|
- Monitor container logs continuously for error patterns and failure indicators
|
|
- Implement log analysis for common failure signatures and automatic remediation
|
|
|
|
## Autonomous Operation Requirements
|
|
- Project must be capable of running unattended for 1-2 days without manual intervention
|
|
- All components must implement self-monitoring and self-healing
|
|
- Automated monitoring of resource usage with alerts if limits exceeded
|
|
- All failure scenarios must have automated recovery procedures
|
|
- Consistent state maintenance across all components
|
|
- Automated cleanup of temporary resources
|
|
- Comprehensive logging for troubleshooting without human intervention
|
|
- Built-in validation checks to ensure continued operation
|
|
- Automatic restart of failed services with appropriate retry logic
|
|
- Prevention of resource leaks and proper cleanup on shutdown
|
|
|
|
## Qwen Optimization
|
|
- Structured for autonomous execution
|
|
- Clear task decomposition
|
|
- Explicit success/failure criteria
|
|
- Self-contained instructions
|
|
- Automated validation steps
|
|
- Progress tracking mechanisms
|
|
|
|
## Output Deliverables
|
|
- Directory structure in artifacts/SupportStack
|
|
- Environment variables file: TSYSDevStack-SupportStack-Demo-Settings
|
|
- Control script: TSYSDevStack-SupportStack-Demo-Control.sh (with start/stop/uninstall/update/test arguments)
|
|
- Docker Compose files prefixed with: TSYSDevStack-SupportStack-Demo-DockerCompose-
|
|
- Component configuration files
|
|
- Test suite (unit, integration, e2e)
|
|
- Coverage reports
|
|
- Execution logs
|
|
- Documentation files
|
|
- Health check scripts and configurations
|
|
- Component readiness and liveness check definitions
|
|
- Automated validation scripts for component completion
|
|
- Monitoring and alerting configurations
|
|
|
|
The implementation should work autonomously, handling errors and resolving configuration issues without human intervention while strictly adhering to the TDD process.
|
|
|
|
## Production Considerations
|
|
- For production implementation, additional items will be addressed including:
|
|
- Enhanced monitoring and observability with centralized logging
|
|
- Advanced security measures (secrets management, network policies, etc.)
|
|
- Performance benchmarks and optimization
|
|
- Configuration management with separation of required vs optional parameters
|
|
- Advanced documentation (architecture diagrams, troubleshooting guides, etc.)
|
|
- Production-grade error handling and recovery procedures
|
|
- All deferred items will be tracked in collab/SupportStack/ProdRoadmap.md |