Skip to content

fix(wizard): co-located backend binds wrong host:port; SLM frontend missing VITE_API_URL (#3426)#3429

Open
mrveiss wants to merge 1 commit intoDev_new_guifrom
fix/issue-3426
Open

fix(wizard): co-located backend binds wrong host:port; SLM frontend missing VITE_API_URL (#3426)#3429
mrveiss wants to merge 1 commit intoDev_new_guifrom
fix/issue-3426

Conversation

@mrveiss
Copy link
Copy Markdown
Owner

@mrveiss mrveiss commented Apr 3, 2026

Summary

  • Bug 1: _ROLE_INFRA_VARS["backend"] used port 8443 (nginx TLS port) → wizard passed backend_host=<node_ip> and backend_port=8443 as all.vars (highest precedence) → uvicorn started with --host 172.16.168.20 --port 8443 → nginx already holds 8443 → backend fails to bind → /api/health 504
  • Bug 2: _apply_colocation_vars set slm_colocated_frontend=True on the frontend node but not on 00-SLM-Manager → Phase 4c required the host to be in both frontend AND slm_server groups → never fired → SLM frontend built without VITE_API_URL=/slm → login page called /api/auth/login (user backend) instead of /slm/api/auth/login

Changes

setup_wizard.py:

  • _ROLE_INFRA_VARS["backend"]: port 84438001 (internal uvicorn port)
  • _build_infra_vars: use 127.0.0.1 for co-located nodes (IP in local_ips) so services bind to loopback
  • _fetch_inventory_data: return local_ips in tuple
  • _apply_colocation_vars: propagate slm_colocated_frontend=True to 00-SLM-Manager when co-located frontend detected

provision-fleet-roles.yml Phase 4c:

  • Replace fragile group-intersection detection with slm_colocated_frontend | bool (wizard-set) + package.json stat (fallback for standalone runs), gated on slm_server group membership
  • Fix _slm_nginx_rerendered is defined guard (was undefined on non-SLM hosts causing warnings)

Test plan

  • Re-run provisioning via wizard — backend service binds to 127.0.0.1:8001
  • Login at /slm/ works after re-provision (SLM frontend has VITE_API_URL=/slm)
  • Phase 4c fires on 00-SLM-Manager when co-located frontend is deployed
  • Standalone deploy-slm-manager.yml flow: package.json fallback correctly detects co-location

Closes #3426

🤖 Generated with Claude Code

@mrveiss
fix(wizard): co-located backend binds wrong host:port, SLM frontend m…
2e79355 
…issing VITE_API_URL (#3426)

Root cause 1: _ROLE_INFRA_VARS["backend"] used port 8443 (nginx TLS port),
causing backend_host=<node_ip> and backend_port=8443 to be passed as
all.vars extra_vars (highest precedence). The backend role's service
template rendered uvicorn with --host 172.16.168.20 --port 8443; nginx
already holds 8443 so the backend failed to start.

Fix: change port to 8001 (internal uvicorn port) and use 127.0.0.1 for
co-located nodes (IP in local_ips) so uvicorn binds to loopback where
nginx upstream expects it.

Root cause 2: _apply_colocation_vars only set slm_colocated_frontend=True
on the frontend node, never on 00-SLM-Manager. Phase 4c required the host
to be in BOTH frontend AND slm_server groups — 00-SLM-Manager is only in
slm_server, so Phase 4c never fired and the SLM frontend was built without
VITE_API_URL=/slm. Login page then called /api/auth/login (user backend)
instead of /slm/api/auth/login.

Fix: propagate slm_colocated_frontend=True to 00-SLM-Manager when any
co-located frontend is detected. Simplify Phase 4c detection to use the
slm_colocated_frontend var directly (with package.json stat as fallback for
standalone deploy-slm-manager.yml runs), gated on slm_server group membership.
@mrveiss mrveiss mentioned this pull request Apr 3, 2026
Open
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 3, 2026

✅ SSOT Configuration Compliance: Passing

🎉 No hardcoded values detected that have SSOT config equivalents!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrveiss