mc/metacircular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update work log: master deployed, agents upgraded

Browse Source 
- Both agent certs reissued with Tailscale DNS names + internal names + IPs
- Both agents upgraded to v0.10.0 (edge routing RPCs, v2 proto fields)
- mcp-master v0.10.0 deployed on rift with TLS, MCIAS identity, and
  bootstrap node config
- CLI config switched to Tailscale DNS names with [master] section
- End-to-end tested: deploy, undeploy, ps all work through the master

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-04-02 17:31:59 -07:00
parent 96abb87740
commit 6a6c5a0c8e
1 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
SVC_WORK.md
View File

@@ -80,9 +80,56 @@ mc-proxy v1.2.1-2-g82fce41-dirty
l7 git.metacircular.net → 127.0.0.1:3000 l7 git.metacircular.net → 127.0.0.1:3000
``` ```
## Agent Cert Reissue (2026-04-02)
Both agent certs reissued with comprehensive SANs:
**Rift agent** (`/srv/mcp/certs/cert.pem`):
- DNS: `rift.scylla-hammerhead.ts.net`, `mcp-agent.svc.mcp.metacircular.net`
- IP: `100.95.252.120`, `192.168.88.181`
**Svc agent** (`/srv/mcp/certs/cert.pem`):
- DNS: `svc.scylla-hammerhead.ts.net`, `svc.svc.mcp.metacircular.net`
- IP: `100.106.232.4`
Both agents upgraded to v0.10.0 (Phase 2 edge routing RPCs + v2 proto fields).
## MCP Master Deployment (2026-04-02)
**Binary**: `/srv/mcp-master/mcp-master` (v0.10.0) on rift
**Config**: `/srv/mcp-master/mcp-master.toml`
**Database**: `/srv/mcp-master/master.db`
**Certs**: `/srv/mcp-master/certs/{cert,key,ca}.pem`
- SAN: `rift.scylla-hammerhead.ts.net`, `mcp-master.svc.mcp.metacircular.net`, IP `100.95.252.120`
**Service token**: `/srv/mcp-master/mcias-token` (MCIAS identity: `mcp-master`, expires 2027-04-03)
**Listen**: `100.95.252.120:9555`
**Bootstrap nodes**: rift (master), svc (edge)
**Status**: Running via `doas` (ad-hoc). NixOS read-only /etc prevents
direct systemd unit creation — needs NixOS config update for persistent
service.
**Tested**:
- `mcp deploy mcq` → master places on rift, forwards to agent ✓
- `mcp undeploy mcq` → master forwards to agent, cleans up placement ✓
- `mcp ps` → fleet-wide status through agents ✓
- `mcp node list` → both nodes visible with versions ✓
## CLI Config Changes (vade)
Updated `~/.config/mcp/mcp.toml`:
- Added `[master]` section: `address = "rift.scylla-hammerhead.ts.net:9555"`
- All node addresses switched to Tailscale DNS names
- Added CA cert path
## Known Limitations ## Known Limitations
- ~~mc-proxy socket permissions will reset on restart~~ **FIXED**: mc-proxy - ~~mc-proxy socket permissions will reset on restart~~ **FIXED**: mc-proxy
now creates the socket with 0660 (was 0600). Committed to mc-proxy master. now creates the socket with 0660 (was 0600). Committed to mc-proxy master.
- Master runs ad-hoc via `doas` on rift. Needs NixOS systemd config for
persistent service (rift has read-only /etc).
- DNS registration not configured on master (MCNS config omitted for now).
- Edge routing not yet tested end-to-end through master (svc cert provisioning
not configured).
- The TLS cert was issued from the local CA directly, not via Metacrypt API. - The TLS cert was issued from the local CA directly, not via Metacrypt API.
Should be re-issued via Metacrypt once the agent has cert provisioning. Should be re-issued via Metacrypt once the agent has cert provisioning.
- Container runtime is set to `podman` but podman is not installed on svc - Container runtime is set to `podman` but podman is not installed on svc