From ddfc154a994e45f2f561a0a52c19138484e328ce Mon Sep 17 00:00:00 2001 From: master <> Date: Thu, 9 Apr 2026 10:57:32 +0300 Subject: [PATCH] =?UTF-8?q?fix:=20QA=20preflight=20fixes=20=E2=80=94=20sta?= =?UTF-8?q?le=20routes,=20missing=20hosts,=20policy=20URL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add workflow + release-orchestrator to hosts file - Fix scheduler policy URL: policy.stella-ops.local → policy-engine.stella-ops.local - Fix gateway stale routes: doctor-scheduler → scheduler, vulnexplorer → findings - Remove stale "policy" from RequiredMicroservices (merged into policy-engine) Co-Authored-By: Claude Opus 4.6 (1M context) --- .../docker-compose.stella-services.yml | 79 ++++++++++--------- devops/compose/hosts.stellaops.local | 4 +- devops/compose/router-gateway-local.json | 1 - .../appsettings.json | 4 +- 4 files changed, 47 insertions(+), 41 deletions(-) diff --git a/devops/compose/docker-compose.stella-services.yml b/devops/compose/docker-compose.stella-services.yml index 93acad4ed..8e760ace9 100644 --- a/devops/compose/docker-compose.stella-services.yml +++ b/devops/compose/docker-compose.stella-services.yml @@ -989,14 +989,16 @@ services: # jobengine and jobengine-worker removed. # Release endpoints -> release-orchestrator service (Slot 47) # Workflow orchestration -> workflow service (Slot 46) - # Scheduler remains in Slot 14 (scheduler-web / scheduler-worker) + # Scheduler remains in Slot 19 (scheduler-web; worker merged in) # --- Slot 18: TaskRunner (REMOVED) ------------------------------------------ # taskrunner-web and taskrunner-worker deleted; task_runner_id DB columns left as nullable legacy - # --- Slot 19: Scheduler ---------------------------------------------------- + # --- Slot 19: Scheduler (web + embedded worker) ---------------------------- + # Worker BackgroundServices now run embedded in the web process (Scheduler:Worker:Embedded=true). + # Set Scheduler__Worker__Embedded=false and restore scheduler-worker for K8s split deployments. scheduler-web: - <<: *resources-medium + <<: *resources-heavy image: stellaops/scheduler-web:dev container_name: stellaops-scheduler-web restart: unless-stopped @@ -1006,64 +1008,67 @@ services: ConnectionStrings__Default: "${STELLAOPS_POSTGRES_CONNECTION}" ConnectionStrings__Redis: "cache.stella-ops.local:6379" Scheduler__Authority__Enabled: "false" - # Worker options are validated even in web mode + # Embedded worker mode (all 8 BackgroundServices in this process) + Scheduler__Worker__Embedded: "true" scheduler__queue__Kind: "Redis" scheduler__queue__Redis__ConnectionString: "cache.stella-ops.local:6379" Scheduler__Storage__Postgres__Scheduler__ConnectionString: "${STELLAOPS_POSTGRES_CONNECTION}" Scheduler__Storage__Postgres__Scheduler__SchemaName: "scheduler" - Scheduler__Worker__Runner__Scanner__BaseAddress: "http://scanner.stella-ops.local" + Scheduler__Worker__Runner__Scanner__BaseAddress: "${SCHEDULER_SCANNER_BASEADDRESS:-http://scanner.stella-ops.local}" Scheduler__Worker__Graph__Cartographer__BaseAddress: "http://graph.stella-ops.local" Scheduler__Worker__Graph__SchedulerApi__BaseAddress: "http://scheduler.stella-ops.local" - Scheduler__Worker__Policy__Api__BaseAddress: "http://policy.stella-ops.local" + Scheduler__Worker__Policy__Api__BaseAddress: "http://policy-engine.stella-ops.local" + # Surface environment (merged from scheduler-worker) + SURFACE_FS_ENDPOINT: "http://s3.stella-ops.local:8333" Router__Enabled: "${SCHEDULER_ROUTER_ENABLED:-true}" Router__Messaging__ConsumerGroup: "scheduler" volumes: - ${STELLAOPS_CERT_VOLUME} tmpfs: - /plugins:mode=1777 + - /var/lib/stellaops/surface:mode=1777 ports: - "127.1.0.19:80:80" networks: stellaops: aliases: - scheduler.stella-ops.local + - scheduler-worker.stella-ops.local frontdoor: {} healthcheck: test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"] <<: *healthcheck-tcp labels: *release-labels - scheduler-worker: - <<: *resources-medium - image: stellaops/scheduler-worker:dev - container_name: stellaops-scheduler-worker - restart: unless-stopped - environment: - <<: [*kestrel-cert, *gc-medium] - # Queue config (Redis transport) - scheduler__queue__Kind: "Redis" - scheduler__queue__Redis__ConnectionString: "cache.stella-ops.local:6379" - # Persistence config (section: Scheduler:Storage, subsection: Postgres:Scheduler) - Scheduler__Storage__Postgres__Scheduler__ConnectionString: "${STELLAOPS_POSTGRES_CONNECTION}" - Scheduler__Storage__Postgres__Scheduler__SchemaName: "scheduler" - # Worker config - Scheduler__Worker__Runner__Scanner__BaseAddress: "${SCHEDULER_SCANNER_BASEADDRESS:-http://scanner.stella-ops.local}" - Scheduler__Worker__Graph__Cartographer__BaseAddress: "http://graph.stella-ops.local" - Scheduler__Worker__Graph__SchedulerApi__BaseAddress: "http://scheduler.stella-ops.local" - Scheduler__Worker__Policy__Api__BaseAddress: "http://policy.stella-ops.local" - # Surface environment - SURFACE_FS_ENDPOINT: "http://s3.stella-ops.local:8333" - volumes: - - ${STELLAOPS_CERT_VOLUME} - tmpfs: - - /var/lib/stellaops/surface:mode=1777 - networks: - stellaops: - aliases: - - scheduler-worker.stella-ops.local - healthcheck: - <<: *healthcheck-worker - labels: *release-labels + # scheduler-worker: MERGED into scheduler-web (Scheduler:Worker:Embedded=true) + # Uncomment and set Scheduler__Worker__Embedded=false on scheduler-web for K8s split. + # scheduler-worker: + # <<: *resources-medium + # image: stellaops/scheduler-worker:dev + # container_name: stellaops-scheduler-worker + # restart: unless-stopped + # environment: + # <<: [*kestrel-cert, *gc-medium] + # scheduler__queue__Kind: "Redis" + # scheduler__queue__Redis__ConnectionString: "cache.stella-ops.local:6379" + # Scheduler__Storage__Postgres__Scheduler__ConnectionString: "${STELLAOPS_POSTGRES_CONNECTION}" + # Scheduler__Storage__Postgres__Scheduler__SchemaName: "scheduler" + # Scheduler__Worker__Runner__Scanner__BaseAddress: "${SCHEDULER_SCANNER_BASEADDRESS:-http://scanner.stella-ops.local}" + # Scheduler__Worker__Graph__Cartographer__BaseAddress: "http://graph.stella-ops.local" + # Scheduler__Worker__Graph__SchedulerApi__BaseAddress: "http://scheduler.stella-ops.local" + # Scheduler__Worker__Policy__Api__BaseAddress: "http://policy-engine.stella-ops.local" + # SURFACE_FS_ENDPOINT: "http://s3.stella-ops.local:8333" + # volumes: + # - ${STELLAOPS_CERT_VOLUME} + # tmpfs: + # - /var/lib/stellaops/surface:mode=1777 + # networks: + # stellaops: + # aliases: + # - scheduler-worker.stella-ops.local + # healthcheck: + # <<: *healthcheck-worker + # labels: *release-labels # --- Slot 20: Graph API ---------------------------------------------------- graph-api: diff --git a/devops/compose/hosts.stellaops.local b/devops/compose/hosts.stellaops.local index 05a6e4f53..17f05b636 100644 --- a/devops/compose/hosts.stellaops.local +++ b/devops/compose/hosts.stellaops.local @@ -23,7 +23,9 @@ 127.1.0.14 policy-engine.stella-ops.local 127.1.0.14 policy-gateway.stella-ops.local # backwards-compat alias (merged into policy-engine) 127.1.0.16 riskengine.stella-ops.local -127.1.0.17 orchestrator.stella-ops.local +127.1.0.17 orchestrator.stella-ops.local # legacy alias +127.1.0.46 workflow.stella-ops.local +127.1.0.47 release-orchestrator.stella-ops.local # 127.1.0.18 taskrunner.stella-ops.local # REMOVED: TaskRunner service deleted 127.1.0.19 scheduler.stella-ops.local 127.1.0.20 graph.stella-ops.local diff --git a/devops/compose/router-gateway-local.json b/devops/compose/router-gateway-local.json index 159b54c08..4f584128f 100644 --- a/devops/compose/router-gateway-local.json +++ b/devops/compose/router-gateway-local.json @@ -29,7 +29,6 @@ "CheckInterval": "5s", "RequiredMicroservices": [ "platform", - "policy", "policy-engine", "notify", "scanner", diff --git a/src/Router/StellaOps.Gateway.WebService/appsettings.json b/src/Router/StellaOps.Gateway.WebService/appsettings.json index 7c25e979d..e8fc51fc4 100644 --- a/src/Router/StellaOps.Gateway.WebService/appsettings.json +++ b/src/Router/StellaOps.Gateway.WebService/appsettings.json @@ -121,7 +121,7 @@ { "Type": "Microservice", "Path": "^/api/v1/advisory-ai(.*)", "IsRegex": true, "TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai$1" }, { "Type": "Microservice", "Path": "^/api/v1/advisory(.*)", "IsRegex": true, "TranslatesTo": "http://advisoryai.stella-ops.local/api/v1/advisory$1" }, { "Type": "Microservice", "Path": "^/api/v1/vex(.*)", "IsRegex": true, "TranslatesTo": "http://vexhub.stella-ops.local/api/v1/vex$1" }, - { "Type": "Microservice", "Path": "^/api/v1/doctor/scheduler(.*)", "IsRegex": true, "TranslatesTo": "http://doctor-scheduler.stella-ops.local/api/v1/doctor/scheduler$1" }, + { "Type": "Microservice", "Path": "^/api/v1/doctor/scheduler(.*)", "IsRegex": true, "TranslatesTo": "http://scheduler.stella-ops.local/api/v1/scheduler/doctor$1" }, { "Type": "ReverseProxy", "Path": "^/api/v1/registries(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v1/registries$1", "PreserveAuthHeaders": true }, { "Type": "Microservice", "Path": "^/api/v1/jobengine/registry/packs(.*)", "IsRegex": true, "TranslatesTo": "http://packsregistry.stella-ops.local/api/v1/packs$1" }, @@ -152,7 +152,7 @@ { "Type": "Microservice", "Path": "^/api/(compare|change-traces|sbomservice)(.*)", "IsRegex": true, "TranslatesTo": "http://sbomservice.stella-ops.local/api/$1$2" }, { "Type": "Microservice", "Path": "^/api/fix-verification(.*)", "IsRegex": true, "TranslatesTo": "http://scanner.stella-ops.local/api/fix-verification$1" }, { "Type": "Microservice", "Path": "^/api/verdicts(.*)", "IsRegex": true, "TranslatesTo": "http://evidencelocker.stella-ops.local/api/verdicts$1" }, - { "Type": "Microservice", "Path": "^/api/vuln-explorer(.*)", "IsRegex": true, "TranslatesTo": "http://vulnexplorer.stella-ops.local/api/vuln-explorer$1" }, + { "Type": "Microservice", "Path": "^/api/vuln-explorer(.*)", "IsRegex": true, "TranslatesTo": "http://findings.stella-ops.local/api/vuln-explorer$1" }, { "Type": "Microservice", "Path": "^/api/vex(.*)", "IsRegex": true, "TranslatesTo": "http://vexhub.stella-ops.local/api/vex$1" }, { "Type": "Microservice", "Path": "^/api/admin/plans(.*)", "IsRegex": true, "TranslatesTo": "http://registry-token.stella-ops.local/api/admin/plans$1" }, { "Type": "Microservice", "Path": "^/api/admin(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/admin$1" },