Merge pull request #87 from mikkovihonen/fix/packaging-fixes

FIX packaging and performance

Author: mikkovihonen

CHANGELOG.md

@@ -6,6 +6,60 @@ Versioning follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html) 
 [docs/ways-of-working.md](docs/ways-of-working.md) for the version number scheme and
 release process.
 
+## [0.5.5-beta] - 2026-04-13
+
+### Fixed
+- RPM package upgrade failed when pip tried to install both the old and new
+  quadletman wheels simultaneously — during RPM upgrade `%post` runs before old
+  package files are removed, so the `quadletman-*.whl` glob matched two wheels;
+  fixed by using a version-specific glob (`quadletman-%{pkg_version}-*.whl`)
+- All 9 volume file-operation API routes (browse, get, save, upload, delete,
+  mkdir, chmod, archive, restore) operated on the current working directory
+  instead of returning an error when called on a Podman-managed (quadlet) volume
+  — `qm_host_path` is empty for quadlet volumes and `resolve_safe_path("")`
+  resolves to CWD; the UI hid the buttons but the API was unprotected
+- Archive restore (`volume_restore`) always chowned extracted files to the
+  compartment root user, ignoring the volume's `qm_owner_uid` — now delegates
+  to `volume_manager.chown_volume_dir` which respects the helper user
+- Deleting a quadlet-managed volume only tried to remove a host directory
+  (which doesn't exist); now correctly removes the `.volume` unit file and
+  reloads systemd
+- `sync_helper_users` only considered container UID maps when deciding which
+  helper users to keep — deleting a container could delete a helper user still
+  needed by a volume with `qm_owner_uid`; volume owner UIDs are now included
+- Updating the owner UID of a quadlet-managed volume failed because
+  `update_volume_owner` unconditionally tried to `chown` a host directory that
+  does not exist for Podman-managed named volumes; the `chown` is now skipped
+  when `qm_use_quadlet` is true
+- Files uploaded, saved, or created in volumes with a custom owner UID were owned
+  by the compartment root user (`qm-{id}`) instead of the volume's configured
+  helper user (`qm-{id}-N`) — `save_file`, `upload_file`, and `mkdir_entry` now
+  resolve the correct owner based on the volume's `qm_owner_uid`
+
+### Changed
+- Compartment start/stop/restart/resync operations are now queued and executed
+  in the background — the HTTP request returns 202 immediately instead of
+  blocking for 1-60+ seconds; a per-compartment worker drains the queue
+  sequentially; the existing ViewPoller picks up status changes automatically
+- Individual container start/stop operations are also queued — previously these
+  blocked the HTTP request and timed out after 30s during image pulls
+- Slow container starts (image pulls, heavy init) no longer time out — queued
+  operations use `lifecycle_operation_timeout` (default 10 min) instead of the
+  30s `subprocess_timeout`
+- Dashboard and compartment detail polling now uses batched `systemctl show`
+  and `systemctl status` calls — one subprocess per type per compartment
+  instead of one per container; `_is_unit_enabled` filesystem checks replaced
+  with the `UnitFileState` property already returned by `systemctl show`,
+  eliminating 2 additional `sudo test` subprocess calls per container
+- Connection monitor and process monitor are now disabled by default for new
+  compartments — existing compartments are not affected (migration 0013)
+
+### Added
+- Compartment shell bottom sheet now shows a user selector with the compartment
+  root user and all helper users; selecting a helper user opens a bash shell
+  running as that user (e.g. `qm-{id}-1000`), matching the UID that owns the
+  volume inside the container
+
 ## [0.5.4-beta] - 2026-04-13
 
 ### Fixed

packaging/rpm/quadletman.spec

@@ -144,11 +144,14 @@ systemctl stop %{name}.service 2>/dev/null || :
 # Recreate venv on every install/upgrade so the Python version always matches.
 rm -rf "$VENV"
 python3 -m venv "$VENV"
+# Use the version-specific glob — during RPM upgrade %%post runs before old
+# package files are removed, so a bare quadletman-*.whl glob would match both
+# the old and new wheels and pip would fail with a version conflict.
 if ! "$VENV/bin/pip" install --quiet --no-cache-dir --disable-pip-version-check \
-    "$WHEEL_DIR"/quadletman-*.whl; then
+    "$WHEEL_DIR"/quadletman-%{pkg_version}-*.whl; then
     echo "ERROR: pip install failed — quadletman will not start." >&2
     echo "Ensure internet access is available and retry with:" >&2
-    echo "  $VENV/bin/pip install $WHEEL_DIR/quadletman-*.whl" >&2
+    echo "  $VENV/bin/pip install $WHEEL_DIR/quadletman-%{pkg_version}-*.whl" >&2
 fi
 
 # Restore SELinux contexts on compiled extensions so they can be dlopen'd.

quadletman/alembic/versions/0013_disable_monitors_by_default.py

@@ -0,0 +1,32 @@
+"""disable_monitors_by_default
+
+Revision ID: 0013
+Revises: 0012
+Create Date: 2026-04-13
+
+Change the server_default for connection_monitor_enabled and
+process_monitor_enabled from "1" (True) to "0" (False) so new
+compartments have monitoring disabled by default.  Existing rows
+are not modified — only the default for future INSERTs changes.
+"""
+
+from collections.abc import Sequence
+
+from alembic import op
+
+revision: str = "0013"
+down_revision: str | None = "0012"
+branch_labels: str | Sequence[str] | None = None
+depends_on: str | Sequence[str] | None = None
+
+
+def upgrade() -> None:
+    with op.batch_alter_table("compartments") as batch_op:
+        batch_op.alter_column("connection_monitor_enabled", server_default="0")
+        batch_op.alter_column("process_monitor_enabled", server_default="0")
+
+
+def downgrade() -> None:
+    with op.batch_alter_table("compartments") as batch_op:
+        batch_op.alter_column("connection_monitor_enabled", server_default="1")
+        batch_op.alter_column("process_monitor_enabled", server_default="1")

quadletman/alembic/versions/0014_add_operations_table.py

@@ -0,0 +1,50 @@
+"""add_operations_table
+
+Revision ID: 0014
+Revises: 0013
+Create Date: 2026-04-13
+
+Adds an operations table for queued lifecycle operations (start/stop/restart/resync).
+"""
+
+from collections.abc import Sequence
+
+import sqlalchemy as sa
+from alembic import op
+
+revision: str = "0014"
+down_revision: str | None = "0013"
+branch_labels: str | Sequence[str] | None = None
+depends_on: str | Sequence[str] | None = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "operations",
+        sa.Column("id", sa.Text(), nullable=False),
+        sa.Column("compartment_id", sa.Text(), nullable=False),
+        sa.Column("op_type", sa.Text(), nullable=False),
+        sa.Column("status", sa.Text(), nullable=False, server_default="pending"),
+        sa.Column("payload", sa.Text(), nullable=False, server_default="{}"),
+        sa.Column("result", sa.Text(), nullable=False, server_default="{}"),
+        sa.Column("submitted_by", sa.Text(), nullable=False),
+        sa.Column("session_id", sa.Text(), nullable=False),
+        sa.Column(
+            "submitted_at",
+            sa.Text(),
+            nullable=False,
+            server_default=sa.text("(strftime('%Y-%m-%dT%H:%M:%SZ', 'now'))"),
+        ),
+        sa.Column("started_at", sa.Text(), nullable=True),
+        sa.Column("completed_at", sa.Text(), nullable=True),
+        sa.PrimaryKeyConstraint("id"),
+        sa.ForeignKeyConstraint(["compartment_id"], ["compartments.id"], ondelete="CASCADE"),
+    )
+    op.create_index("ix_operations_compartment", "operations", ["compartment_id"])
+    op.create_index("ix_operations_status", "operations", ["status"])
+
+
+def downgrade() -> None:
+    op.drop_index("ix_operations_status")
+    op.drop_index("ix_operations_compartment")
+    op.drop_table("operations")

quadletman/config/settings.py

@@ -37,6 +37,7 @@ class Settings(BaseModel):
     image_update_check_interval: int = 21600  # seconds between image update checks (6 hours)
     subprocess_timeout: int = 30  # default timeout for systemctl/podman commands
     image_pull_timeout: int = 300  # timeout for image pull and auto-update
+    lifecycle_operation_timeout: int = 600  # timeout for queued lifecycle ops (start/stop/restart)
     webhook_timeout: int = 10  # timeout for webhook HTTP POST delivery
     webhook_max_retries: int = 3  # max webhook delivery attempts (exponential backoff)
     poll_interval: int = 30  # seconds between container state polls
@@ -70,6 +71,7 @@ class Settings(BaseModel):
     _MINIMUM_BOUNDS: dict[str, int] = {
         "subprocess_timeout": 1,
         "image_pull_timeout": 1,
+        "lifecycle_operation_timeout": 30,
         "webhook_timeout": 1,
         "webhook_max_retries": 1,
         "poll_interval": 5,

quadletman/db/orm.py

@@ -61,10 +61,10 @@ class CompartmentRow(Base):
         server_default=func.strftime("%Y-%m-%dT%H:%M:%SZ", "now"),
     )
     connection_monitor_enabled: Mapped[bool] = mapped_column(
-        Boolean, nullable=False, default=True, server_default="1"
+        Boolean, nullable=False, default=False, server_default="0"
     )
     process_monitor_enabled: Mapped[bool] = mapped_column(
-        Boolean, nullable=False, default=True, server_default="1"
+        Boolean, nullable=False, default=False, server_default="0"
     )
     connection_history_retention_days: Mapped[int | None] = mapped_column(Integer, nullable=True)
     agent_last_seen: Mapped[str | None] = mapped_column(Text, nullable=True)
@@ -763,6 +763,36 @@ class SystemEventRow(Base):
     )
 
 
+# ---------------------------------------------------------------------------
+# operations (lifecycle operation queue)
+# ---------------------------------------------------------------------------
+
+
+class OperationRow(Base):
+    __tablename__ = "operations"
+
+    id: Mapped[str] = mapped_column(Text, primary_key=True)
+    compartment_id: Mapped[str] = mapped_column(
+        Text, ForeignKey("compartments.id", ondelete="CASCADE"), nullable=False, index=True
+    )
+    op_type: Mapped[str] = mapped_column(Text, nullable=False)
+    status: Mapped[str] = mapped_column(
+        Text, nullable=False, default="pending", server_default="pending"
+    )
+    payload: Mapped[str] = mapped_column(Text, nullable=False, default="{}", server_default="{}")
+    result: Mapped[str] = mapped_column(Text, nullable=False, default="{}", server_default="{}")
+    submitted_by: Mapped[str] = mapped_column(Text, nullable=False)
+    session_id: Mapped[str] = mapped_column(Text, nullable=False)
+    submitted_at: Mapped[str] = mapped_column(
+        Text,
+        nullable=False,
+        default=_utcnow,
+        server_default=func.strftime("%Y-%m-%dT%H:%M:%SZ", "now"),
+    )
+    started_at: Mapped[str | None] = mapped_column(Text, nullable=True)
+    completed_at: Mapped[str | None] = mapped_column(Text, nullable=True)
+
+
 # ---------------------------------------------------------------------------
 # secrets
 # ---------------------------------------------------------------------------