sans-self.org
this repo has no description
Rotate credentials and fix backup SQLite locking
Avoid locking the live databases during backup by copying files
to tmp first, then checkpointing the WAL on the copy. Add preStop
hook for graceful SQLite shutdown on pod eviction.
+9
-2
k8s/pds/admin-password.secret
k8s/pds/admin-password.secret
This is a binary file and will not be displayed.
+9
-2
k8s/pds/backup-cronjob.yaml
+9
-2
k8s/pds/backup-cronjob.yaml
···
55
55
S3_OPTS="--s3-provider Other --s3-access-key-id ${S3_ACCESS_KEY} --s3-secret-access-key ${S3_SECRET_KEY} --s3-endpoint nbg1.your-objectstorage.com --s3-region nbg1 --s3-no-check-bucket --s3-acl private"
56
56
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
57
57
58
-
# Safe SQLite backup for each database
58
+
# Copy databases to tmp first to avoid locking the live files
59
59
for db in /pds/*.sqlite; do
60
60
name=$(basename "$db" .sqlite)
61
-
/tools/sqlite3 "$db" ".backup /tmp/${name}-${TIMESTAMP}.sqlite"
61
+
cp "$db" "/tmp/${name}-raw.sqlite"
62
+
# Also copy WAL/SHM if present so the copy is consistent
63
+
[ -f "${db}-wal" ] && cp "${db}-wal" "/tmp/${name}-raw.sqlite-wal"
64
+
[ -f "${db}-shm" ] && cp "${db}-shm" "/tmp/${name}-raw.sqlite-shm"
65
+
# Checkpoint the copy to fold WAL into main db
66
+
/tools/sqlite3 "/tmp/${name}-raw.sqlite" "PRAGMA wal_checkpoint(TRUNCATE);"
67
+
mv "/tmp/${name}-raw.sqlite" "/tmp/${name}-${TIMESTAMP}.sqlite"
68
+
rm -f "/tmp/${name}-raw.sqlite-wal" "/tmp/${name}-raw.sqlite-shm"
62
69
rclone copyto "/tmp/${name}-${TIMESTAMP}.sqlite" \
63
70
":s3:sans-self-net/pds/db/${name}-${TIMESTAMP}.sqlite" \
64
71
${S3_OPTS}
k8s/pds/jwt.secret
k8s/pds/jwt.secret
This is a binary file and will not be displayed.
k8s/pds/s3-access-key.secret
k8s/pds/s3-access-key.secret
This is a binary file and will not be displayed.
k8s/pds/s3-secret-key.secret
k8s/pds/s3-secret-key.secret
This is a binary file and will not be displayed.