Context: when package update fails after remove-old-container but before reconcile-recreate, the rollback path in update.rs tries to restart the old container by name. If the container is already gone (removed in step 3 of the update), rollback fails silently and the node is left with no live container for that app but on-disk data still intact. This is exactly the state .228 ended up in after the reconcile-script-missing bug killed bitcoin-knots and lnd. Reconcile was designed to only repair existing containers for optional apps (SPEC_OPTIONAL=true): it skips "not installed" entries on the assumption that the install RPC creates them. That safety check is correct for normal operation but blocks recovery when an optional-marked container has been destroyed by a failed update. Fix: add --create-missing flag that overrides the SPEC_OPTIONAL skip. When set, reconcile treats absent containers exactly the same as broken containers — it creates them from the canonical spec using the existing on-disk data directory. Narrow-scope override; the default behaviour is unchanged. Updated --help to document all four flags. Verified on .228: after the failed bitcoin-core update took out both bitcoin-knots and lnd, running reconcile --container=bitcoin-knots --create-missing --force (as the archipelago user, not root — podman is rootless) brought bitcoin-knots back using the pruned chainstate at /var/lib/archipelago/bitcoin. Repeated for lnd. All containers now running; electrumx reconnecting; UIs recovering. Does NOT fix the underlying update-flow rollback hole (rollback should be able to re-create a container from spec, not just restart by name). That is a separate commit — this flag is the manual recovery tool plus the primitive the improved rollback will call.
19 KiB
Executable File
19 KiB
Executable File