docs: Add Dec 12 HA auto-promote enhancement to copilot instructions
- Added auto-database-promotion feature (pg_ctl promote) - Added DEMOTED flag split-brain prevention system - Added startup safety script documentation - Updated failover sequence with database promotion steps - Enhanced operational notes with new monitoring commands - Added reference to comprehensive docs (HA_AUTO_FAILOVER_DEPLOYED_DEC12_2025.md) - Updated 'When Making Changes' section with failover/failback procedures
This commit is contained in:
mindesbunister
62
.github/copilot-instructions.md
vendored
62
.github/copilot-instructions.md
vendored
@@ -2727,16 +2727,16 @@ Web UI → /api/settings POST
|
|||||||
|
|
||||||
**DATABASE_URL caveat:** Use `trading-bot-postgres` (container name) in .env for runtime, but `localhost:5432` for Prisma CLI migrations from host
|
**DATABASE_URL caveat:** Use `trading-bot-postgres` (container name) in .env for runtime, but `localhost:5432` for Prisma CLI migrations from host
|
||||||
|
|
||||||
## High Availability Infrastructure (Nov 25, 2025 - PRODUCTION READY)
|
## High Availability Infrastructure (Nov 25, 2025 - PRODUCTION READY | Dec 12, 2025 - AUTO-PROMOTE ENHANCED)
|
||||||
|
|
||||||
**Status:** ✅ FULLY AUTOMATED - Zero-downtime failover validated in production
|
**Status:** ✅ FULLY AUTOMATED - Zero-downtime failover with automatic database promotion
|
||||||
|
|
||||||
**Architecture Overview:**
|
**Architecture Overview:**
|
||||||
```
|
```
|
||||||
Primary Server (srvdocker02) Secondary Server (Hostinger)
|
Primary Server (srvdocker02) Secondary Server (Hostinger)
|
||||||
95.216.52.28:3001 72.62.39.24:3001
|
95.216.52.28:3001 72.62.39.24:3001
|
||||||
├── trading-bot-v4 (Docker) ├── trading-bot-v4-secondary (Docker)
|
├── trading-bot-v4 (Docker) ├── trading-bot-v4-secondary (Docker)
|
||||||
├── trading-bot-postgres ├── trading-bot-postgres (replica)
|
├── trading-bot-postgres (PRIMARY) ├── trading-bot-postgres (STANDBY→PRIMARY on failover)
|
||||||
├── nginx (HTTPS/SSL) ├── nginx (HTTPS/SSL)
|
├── nginx (HTTPS/SSL) ├── nginx (HTTPS/SSL)
|
||||||
└── Source: Active deployment └── Source: Standby (real-time sync)
|
└── Source: Active deployment └── Source: Standby (real-time sync)
|
||||||
|
|
||||||
@@ -2746,6 +2746,9 @@ Primary Server (srvdocker02) Secondary Server (Hostinger)
|
|||||||
↓
|
↓
|
||||||
Monitoring: dns-failover.service
|
Monitoring: dns-failover.service
|
||||||
(systemd service on secondary)
|
(systemd service on secondary)
|
||||||
|
↓
|
||||||
|
AUTO-PROMOTE: pg_ctl promote (Dec 12, 2025)
|
||||||
|
SPLIT-BRAIN PREVENTION: DEMOTED flag
|
||||||
```
|
```
|
||||||
|
|
||||||
**Key Components:**
|
**Key Components:**
|
||||||
@@ -2756,31 +2759,45 @@ Primary Server (srvdocker02) Secondary Server (Hostinger)
|
|||||||
- Config: `/home/icke/traderv4/docs/DEPLOY_SECONDARY_MANUAL.md`
|
- Config: `/home/icke/traderv4/docs/DEPLOY_SECONDARY_MANUAL.md`
|
||||||
- Verify: `ssh root@72.62.39.24 'docker exec trading-bot-postgres psql -U postgres -d trading_bot_v4 -c "SELECT status, write_lag FROM pg_stat_replication;"'`
|
- Verify: `ssh root@72.62.39.24 'docker exec trading-bot-postgres psql -U postgres -d trading_bot_v4 -c "SELECT status, write_lag FROM pg_stat_replication;"'`
|
||||||
|
|
||||||
2. **DNS Failover Monitor (Automated)**
|
2. **DNS Failover Monitor (Automated - Enhanced Dec 12, 2025)**
|
||||||
- Service: `/etc/systemd/system/dns-failover.service`
|
- Service: `/etc/systemd/system/dns-failover.service`
|
||||||
- Script: `/usr/local/bin/dns-failover-monitor.py`
|
- Script: `/usr/local/bin/dns-failover-monitor.py` (enhanced with auto-promote)
|
||||||
- Check interval: 30 seconds
|
- Check interval: 30 seconds
|
||||||
- Failure threshold: 3 consecutive failures (90 seconds total)
|
- Failure threshold: 3 consecutive failures (90 seconds total)
|
||||||
- Health endpoint: `http://95.216.52.28:3001/api/health` (must return valid JSON)
|
- Health endpoint: `http://95.216.52.28:3001/api/health` (must return valid JSON)
|
||||||
- Logs: `/var/log/dns-failover.log`
|
- Logs: `/var/log/dns-failover.log`
|
||||||
- Status: `ssh root@72.62.39.24 'systemctl status dns-failover'`
|
- Status: `ssh root@72.62.39.24 'systemctl status dns-failover'`
|
||||||
|
- **NEW:** Auto-promotes secondary database to PRIMARY on failover
|
||||||
|
- **NEW:** Creates DEMOTED flag on primary to prevent split-brain
|
||||||
|
|
||||||
3. **Automatic Failover Sequence:**
|
3. **Automatic Failover Sequence (Enhanced Dec 12, 2025):**
|
||||||
```
|
```
|
||||||
Primary Failure Detected (3 × 30s checks = 90s)
|
Primary Failure Detected (3 × 30s checks = 90s)
|
||||||
↓
|
↓
|
||||||
DNS Update via INWX API (<1 second)
|
STEP 1: SSH to primary, create /var/lib/postgresql/data/DEMOTED flag
|
||||||
|
↓
|
||||||
|
STEP 2: Promote secondary database: pg_ctl promote
|
||||||
|
↓
|
||||||
|
STEP 3: Verify database writable (pg_is_in_recovery() = false)
|
||||||
|
↓
|
||||||
|
STEP 4: DNS Update via INWX API (<1 second)
|
||||||
tradervone.v4.dedyn.io: 95.216.52.28 → 72.62.39.24
|
tradervone.v4.dedyn.io: 95.216.52.28 → 72.62.39.24
|
||||||
↓
|
↓
|
||||||
Secondary Takes Over (0s downtime)
|
Secondary Now PRIMARY - Full Read/Write (0s downtime)
|
||||||
TradingView webhooks → Secondary bot
|
TradingView webhooks → Secondary bot → Writes to promoted database
|
||||||
↓
|
↓
|
||||||
Primary Recovery Detected
|
Primary Recovery Detected
|
||||||
↓
|
↓
|
||||||
Automatic Failback (<1 second)
|
Telegram Notification: Manual rewind needed (future: automatic)
|
||||||
tradervone.v4.dedyn.io: 72.62.39.24 → 95.216.52.28
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
4. **Split-Brain Prevention System (Dec 12, 2025):**
|
||||||
|
- **DEMOTED Flag:** `/var/lib/postgresql/data/DEMOTED` created on primary during failover
|
||||||
|
- **Purpose:** Prevents old primary from accepting writes when it rejoins
|
||||||
|
- **Startup Safety Script:** `/usr/local/bin/postgres-startup-check.sh` (created, not yet integrated)
|
||||||
|
- **Future Auto-Failback:** Script checks flag, auto-rewinds from new primary via pg_basebackup
|
||||||
|
- **Safe Failure Mode:** If flag exists and secondary not responding, refuse to start
|
||||||
|
|
||||||
4. **Live Test Results (Nov 25, 2025 21:53-22:00 CET):**
|
4. **Live Test Results (Nov 25, 2025 21:53-22:00 CET):**
|
||||||
- **Detection Time:** 90 seconds (3 × 30s health checks)
|
- **Detection Time:** 90 seconds (3 × 30s health checks)
|
||||||
- **Failover Execution:** <1 second (DNS update)
|
- **Failover Execution:** <1 second (DNS update)
|
||||||
@@ -2788,6 +2805,17 @@ Primary Server (srvdocker02) Secondary Server (Hostinger)
|
|||||||
- **Failback:** Automatic and immediate when primary recovered
|
- **Failback:** Automatic and immediate when primary recovered
|
||||||
- **Total Cycle:** ~7 minutes from failure to full restoration
|
- **Total Cycle:** ~7 minutes from failure to full restoration
|
||||||
- **Result:** ✅ Zero downtime, zero duplicate trades, zero data loss
|
- **Result:** ✅ Zero downtime, zero duplicate trades, zero data loss
|
||||||
|
- **Note:** Nov 25 test was DNS-only; Dec 12 enhancement adds database promotion
|
||||||
|
|
||||||
|
5. **Enhanced Failover Results (Dec 12, 2025 - Expected):**
|
||||||
|
- **Detection Time:** 90 seconds (3 × 30s health checks)
|
||||||
|
- **Database Promotion:** <5 seconds (pg_ctl promote)
|
||||||
|
- **DNS Update:** <1 second (INWX API)
|
||||||
|
- **Service Downtime:** 0 seconds (seamless takeover)
|
||||||
|
- **Database State:** Secondary now PRIMARY (read-write)
|
||||||
|
- **Split-Brain Prevention:** DEMOTED flag created on old primary
|
||||||
|
- **Result:** ✅ Zero downtime, zero data loss, zero manual intervention needed
|
||||||
|
- **Testing Status:** ⏳ Awaiting controlled failover test
|
||||||
|
|
||||||
**Critical Operational Notes:**
|
**Critical Operational Notes:**
|
||||||
|
|
||||||
@@ -2795,6 +2823,8 @@ Primary Server (srvdocker02) Secondary Server (Hostinger)
|
|||||||
- **Both Bots on Port 3001:** Reverse proxies handle HTTPS, internal port standardized for consistency
|
- **Both Bots on Port 3001:** Reverse proxies handle HTTPS, internal port standardized for consistency
|
||||||
- **Health Endpoint Requirements:** Must return valid JSON (not HTML 404). Monitor uses JSON validation to detect failures.
|
- **Health Endpoint Requirements:** Must return valid JSON (not HTML 404). Monitor uses JSON validation to detect failures.
|
||||||
- **Manual Failover (Emergency):** `ssh root@72.62.39.24 'python3 /usr/local/bin/manual-dns-switch.py secondary'`
|
- **Manual Failover (Emergency):** `ssh root@72.62.39.24 'python3 /usr/local/bin/manual-dns-switch.py secondary'`
|
||||||
|
- **Database Promotion (Manual):** `ssh root@72.62.39.24 'docker exec trading-bot-postgres pg_ctl promote'`
|
||||||
|
- **Check Primary Status:** `ssh root@95.216.52.28 'ls -la /var/lib/postgresql/data/ | grep DEMOTED'`
|
||||||
- **Update Secondary Bot:**
|
- **Update Secondary Bot:**
|
||||||
```bash
|
```bash
|
||||||
rsync -avz --exclude 'node_modules' --exclude '.next' --exclude 'logs' \
|
rsync -avz --exclude 'node_modules' --exclude '.next' --exclude 'logs' \
|
||||||
@@ -2804,15 +2834,19 @@ Primary Server (srvdocker02) Secondary Server (Hostinger)
|
|||||||
|
|
||||||
**Documentation References:**
|
**Documentation References:**
|
||||||
- **Deployment Guide:** `docs/DEPLOY_SECONDARY_MANUAL.md` (689 lines)
|
- **Deployment Guide:** `docs/DEPLOY_SECONDARY_MANUAL.md` (689 lines)
|
||||||
|
- **Auto-Promote Documentation:** `docs/HA_AUTO_FAILOVER_DEPLOYED_DEC12_2025.md` (1000+ lines)
|
||||||
- **Roadmap:** `HA_SETUP_ROADMAP.md` (all phases complete)
|
- **Roadmap:** `HA_SETUP_ROADMAP.md` (all phases complete)
|
||||||
- **Git Commits:**
|
- **Git Commits:**
|
||||||
- `99dc736` - Deployment guide with test results
|
- `99dc736` - Deployment guide with test results (Nov 25, 2025)
|
||||||
- `62c7b70` - Roadmap completion documentation
|
- `62c7b70` - Roadmap completion documentation (Nov 25, 2025)
|
||||||
|
- `d637aac` - Auto-promote HA deployment (Dec 12, 2025)
|
||||||
|
|
||||||
**Why This Matters:**
|
**Why This Matters:**
|
||||||
- **Financial Protection:** Trading bot stays online 24/7 even if primary server fails
|
- **Financial Protection:** Trading bot stays online 24/7 even if primary server fails
|
||||||
- **Zero Downtime:** Automatic failover ensures no missed trading signals
|
- **Zero Downtime:** Automatic failover ensures no missed trading signals
|
||||||
- **Data Integrity:** Database replication prevents trade history loss
|
- **Data Integrity:** Database replication prevents trade history loss
|
||||||
|
- **No Manual Intervention:** Database auto-promotes, no need to SSH and run pg_ctl manually
|
||||||
|
- **Split-Brain Safety:** DEMOTED flag prevents data corruption when old primary rejoins
|
||||||
- **Peace of Mind:** System handles failures autonomously while user sleeps
|
- **Peace of Mind:** System handles failures autonomously while user sleeps
|
||||||
- **Cost:** ~$20-30/month for enterprise-grade 99.9%+ uptime
|
- **Cost:** ~$20-30/month for enterprise-grade 99.9%+ uptime
|
||||||
|
|
||||||
@@ -2822,6 +2856,8 @@ Primary Server (srvdocker02) Secondary Server (Hostinger)
|
|||||||
- **Container Restarts:** Primary can be restarted safely, failover protection active
|
- **Container Restarts:** Primary can be restarted safely, failover protection active
|
||||||
- **Testing:** Use `docker stop trading-bot-v4` on primary to test failover (verified working)
|
- **Testing:** Use `docker stop trading-bot-v4` on primary to test failover (verified working)
|
||||||
- **Monitor Logs:** `ssh root@72.62.39.24 'tail -f /var/log/dns-failover.log'` to watch health checks
|
- **Monitor Logs:** `ssh root@72.62.39.24 'tail -f /var/log/dns-failover.log'` to watch health checks
|
||||||
|
- **After Failover:** Manual pg_rewind needed until startup safety script integrated with Docker
|
||||||
|
- **Verify Replication:** After failback, check `pg_stat_replication` to confirm streaming resumed
|
||||||
|
|
||||||
## Project-Specific Patterns
|
## Project-Specific Patterns
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user