feat: Integrate Tailscale health monitoring into setup

Matthew Valancy · claude · Matthew Valancy · commit 9981b5be58bb · 2025-11-15T22:55:32.000-08:00
Adds automatic Tailscale health monitoring to GraphDone Core development and production environments.

Changes:
- scripts/setup-tailscale-monitor.sh - Standalone installer (96 lines)
  - Creates health check script with 5-second timeout detection
  - Installs systemd service and timer for 5-minute checks
  - Auto-restarts tailscaled when frozen/unresponsive
  - Logs all events to /var/log/tailscale-health.log

- tools/setup.sh - Auto-detection and installation
  - Detects if Tailscale is installed during environment setup
  - Automatically runs monitoring setup if Tailscale present
  - Gracefully skips if Tailscale not installed
  - Provides manual setup instructions if sudo unavailable

- docs/infrastructure/tailscale-monitoring.md - Complete documentation
  - Installation (automatic and manual)
  - Verification and troubleshooting
  - Configuration options
  - Integration with GraphDone architecture

This prevents the "zombie Tailscale" issue where daemon runs but hangs, blocking connectivity. Critical for demo instances, multi-server deployments, and developer experience.

Related: GraphDone-Devops/monitoring/tailscale

Co-Authored-By: Claude &lt;noreply@anthropic.com&gt;
diff --git a/docs/infrastructure/tailscale-monitoring.md b/docs/infrastructure/tailscale-monitoring.md
@@ -0,0 +1,198 @@
+# Tailscale Health Monitoring
+
+## Overview
+
+GraphDone Core includes automatic Tailscale health monitoring to ensure reliable mesh networking across all instances.
+
+## Problem
+
+Tailscale can enter a "zombie" state where:
+- The daemon process runs but doesn't respond
+- Commands like `tailscale status` hang indefinitely
+- DNS resolution fails (hostnames become unreachable)
+- Network connectivity is lost across the mesh
+
+This requires manual intervention to restart the service.
+
+## Solution
+
+Automated health monitoring that:
+- ✅ Checks Tailscale every 5 minutes
+- ✅ Detects hangs using timeout (not just process checks)
+- ✅ Auto-restarts when unresponsive
+- ✅ Logs all events for debugging
+- ✅ Requires zero manual intervention
+
+## Installation
+
+### Automatic (Recommended)
+
+The monitoring is automatically set up when you run:
+
+```bash
+./tools/setup.sh
+```
+
+If Tailscale is installed, the script will detect it and offer to set up monitoring.
+
+### Manual Installation
+
+If you need to install it manually:
+
+```bash
+sudo bash ./scripts/setup-tailscale-monitor.sh
+```
+
+## Verification
+
+Check if monitoring is running:
+
+```bash
+sudo systemctl status tailscale-health-monitor.timer
+```
+
+View monitoring logs:
+
+```bash
+sudo cat /var/log/tailscale-health.log
+```
+
+Check next scheduled run:
+
+```bash
+systemctl list-timers tailscale-health-monitor.timer
+```
+
+## How It Works
+
+### Health Check Logic
+
+Every 5 minutes, the monitor:
+
+1. Runs `timeout 5s tailscale status`
+2. If successful → Logs "healthy" and exits
+3. If timeout → Restarts `tailscaled` service
+4. Verifies restart was successful
+5. Logs all actions with timestamps
+
+### Files Installed
+
+```
+/usr/local/bin/tailscale-health-monitor.sh         # Health check script
+/etc/systemd/system/tailscale-health-monitor.service  # Systemd service
+/etc/systemd/system/tailscale-health-monitor.timer    # 5-minute timer
+/var/log/tailscale-health.log                      # Event log
+```
+
+### Systemd Timer Configuration
+
+```ini
+[Timer]
+OnBootSec=2min       # First check 2 minutes after boot
+OnUnitActiveSec=5min # Then every 5 minutes
+AccuracySec=1s       # Precise timing
+```
+
+## Log Examples
+
+### Healthy Status
+```
+[2025-11-16 06:15:00] Starting Tailscale health check (GraphDone Core)...
+[2025-11-16 06:15:01] ✓ Tailscale is healthy
+```
+
+### Auto-Recovery
+```
+[2025-11-16 06:20:00] Starting Tailscale health check (GraphDone Core)...
+[2025-11-16 06:20:05] ✗ Tailscale is frozen or unresponsive
+[2025-11-16 06:20:05] Restarting tailscaled service...
+[2025-11-16 06:20:08] ✓ Tailscale successfully restarted
+```
+
+## Troubleshooting
+
+### Timer not running
+
+Enable and start the timer:
+
+```bash
+sudo systemctl enable tailscale-health-monitor.timer
+sudo systemctl start tailscale-health-monitor.timer
+```
+
+### Check for errors
+
+View systemd journal:
+
+```bash
+sudo journalctl -u tailscale-health-monitor.service -n 50
+```
+
+### Manually trigger check
+
+```bash
+sudo systemctl start tailscale-health-monitor.service
+```
+
+### Disable monitoring
+
+```bash
+sudo systemctl stop tailscale-health-monitor.timer
+sudo systemctl disable tailscale-health-monitor.timer
+```
+
+## Integration with GraphDone
+
+This monitoring is critical for GraphDone Core because:
+
+1. **Demo Instances**: Demo servers need reliable mesh connectivity
+2. **Multi-Server Deployments**: Clusters rely on Tailscale for service discovery
+3. **Developer Experience**: Frozen Tailscale blocks local development
+4. **Production Reliability**: Auto-recovery prevents manual intervention
+
+## Configuration
+
+### Modify Check Interval
+
+Edit the timer file:
+
+```bash
+sudo nano /etc/systemd/system/tailscale-health-monitor.timer
+```
+
+Change `OnUnitActiveSec=5min` to desired interval, then:
+
+```bash
+sudo systemctl daemon-reload
+sudo systemctl restart tailscale-health-monitor.timer
+```
+
+### Modify Timeout
+
+Edit the health check script:
+
+```bash
+sudo nano /usr/local/bin/tailscale-health-monitor.sh
+```
+
+Change `TIMEOUT=5` to desired value (in seconds).
+
+## Related Documentation
+
+- [GraphDone DevOps Monitoring](../../../GraphDone-Devops/monitoring/tailscale/README.md)
+- [Tailscale Official Docs](https://tailscale.com/kb/)
+- [Setup Script](../../tools/setup.sh)
+
+## Change Log
+
+### 2025-11-16 - Initial Integration
+- Added Tailscale health monitoring to GraphDone Core
+- Integrated into `tools/setup.sh`
+- Created setup script and documentation
+- Part of core infrastructure capabilities
+
+---
+
+**Status**: Production Ready
+**Maintainer**: GraphDone DevOps
+**Related**: GraphDone-Devops/monitoring/tailscale
diff --git a/scripts/setup-tailscale-monitor.sh b/scripts/setup-tailscale-monitor.sh
@@ -0,0 +1,133 @@
+#!/bin/bash
+# Setup Tailscale Health Monitoring for GraphDone Core
+# Ensures Tailscale auto-recovers from freezes/hangs
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# Colors
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+echo -e "${GREEN}  GraphDone Core - Tailscale Health Monitor Setup${NC}"
+echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+echo ""
+
+# Step 1: Create health monitor script
+echo -e "${YELLOW}Step 1/4: Creating Tailscale health monitor script...${NC}"
+
+sudo tee /usr/local/bin/tailscale-health-monitor.sh > /dev/null << 'EOF'
+#!/bin/bash
+# Tailscale Health Monitor - Auto-restart on freeze
+# Part of GraphDone Core infrastructure
+
+LOG_FILE="/var/log/tailscale-health.log"
+TIMEOUT=5
+
+log() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE"
+}
+
+check_tailscale() {
+    if timeout $TIMEOUT tailscale status > /dev/null 2>&1; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+log "Starting Tailscale health check (GraphDone Core)..."
+
+if check_tailscale; then
+    log "✓ Tailscale is healthy"
+    exit 0
+else
+    log "✗ Tailscale is frozen or unresponsive"
+    log "Restarting tailscaled service..."
+    systemctl restart tailscaled
+    sleep 3
+    if check_tailscale; then
+        log "✓ Tailscale successfully restarted"
+        exit 0
+    else
+        log "✗ Tailscale restart failed - manual intervention needed"
+        exit 1
+    fi
+fi
+EOF
+
+sudo chmod +x /usr/local/bin/tailscale-health-monitor.sh
+echo -e "${BLUE}✓${NC} Created health monitor script"
+
+# Step 2: Create systemd service
+echo -e "${YELLOW}Step 2/4: Creating systemd service...${NC}"
+
+sudo tee /etc/systemd/system/tailscale-health-monitor.service > /dev/null << 'EOF'
+[Unit]
+Description=Tailscale Health Monitor (GraphDone Core)
+After=tailscaled.service
+Documentation=https://github.com/graphdone/graphdone-core
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/tailscale-health-monitor.sh
+StandardOutput=journal
+StandardError=journal
+User=root
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+echo -e "${BLUE}✓${NC} Created systemd service"
+
+# Step 3: Create systemd timer
+echo -e "${YELLOW}Step 3/4: Creating systemd timer...${NC}"
+
+sudo tee /etc/systemd/system/tailscale-health-monitor.timer > /dev/null << 'EOF'
+[Unit]
+Description=Tailscale Health Monitor Timer (GraphDone Core)
+Requires=tailscale-health-monitor.service
+Documentation=https://github.com/graphdone/graphdone-core
+
+[Timer]
+# Run 2 minutes after boot
+OnBootSec=2min
+# Then every 5 minutes
+OnUnitActiveSec=5min
+# Precise timing
+AccuracySec=1s
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+EOF
+
+echo -e "${BLUE}✓${NC} Created systemd timer"
+
+# Step 4: Enable and start timer
+echo -e "${YELLOW}Step 4/4: Enabling and starting timer...${NC}"
+
+sudo systemctl daemon-reload
+sudo systemctl enable tailscale-health-monitor.timer
+sudo systemctl start tailscale-health-monitor.timer
+
+echo -e "${BLUE}✓${NC} Timer enabled and started"
+
+# Verify installation
+echo ""
+echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+echo -e "${GREEN}  Installation Complete${NC}"
+echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+echo ""
+echo "Verification:"
+sudo systemctl status tailscale-health-monitor.timer --no-pager | head -10
+echo ""
+echo "Log file: /var/log/tailscale-health.log"
+echo "Next check: $(systemctl list-timers tailscale-health-monitor.timer --no-pager | grep tailscale)"
+echo ""
+echo -e "${GREEN}✓ Tailscale health monitoring is now active for GraphDone Core${NC}"
diff --git a/tools/setup.sh b/tools/setup.sh
@@ -253,6 +253,23 @@ echo "📦 Building core package..."
 echo "🏗️  Building all packages..."
 npm run build
 
+# Setup Tailscale health monitoring (if Tailscale is installed)
+if command -v tailscale &> /dev/null; then
+    echo "🔧 Setting up Tailscale health monitoring..."
+    SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+    if [ -f "$SCRIPT_DIR/../scripts/setup-tailscale-monitor.sh" ]; then
+        if sudo -n true 2>/dev/null; then
+            bash "$SCRIPT_DIR/../scripts/setup-tailscale-monitor.sh"
+        else
+            echo "⚠️  Tailscale monitoring requires sudo. Run manually:"
+            echo "   sudo bash $SCRIPT_DIR/../scripts/setup-tailscale-monitor.sh"
+        fi
+    fi
+else
+    echo "ℹ️  Tailscale not installed - skipping health monitoring setup"
+    echo "   (Install Tailscale and run: sudo bash ./scripts/setup-tailscale-monitor.sh)"
+fi
+
 echo "✅ Setup complete!"
 echo ""
 
