I took another look at this issue, I'm starting to think a full disk encryption setup would make more sense instead of encFS directories, something similar to https://github.com/TheReal1604/disk-encryption-hetzner/blob/master/ubuntu/ubuntu_swraid_lvm_luks.md
Done, deleted the GKE resources, as well as the VM instances, volumes and snapshots. The billing page is showing a €2.37 bill for June for now, that should be the last charge
I also took a look at https://gitea.kosmos.org/kosmos/gitea.kosmos.org, I think we can delete the entire repo, it is all specific to the instance we were running on GKE
I copied your question to #147 and answered it there. Is this PR good to merge?
Copied this question from the PR:
As we're importing a database dump, the /home/git/.ssh/authorized_keys file on centaurus will be empty at first, this admin task generates the content of the file with users’ public key. It is then managed by Gitea, so new keys are automatically added, deleted keys deleted, etc
Yes, that's obvious from the original post. But what is this task? It is just English text in your post, but is it a script somewhere? How is it run?
Originally this was a maintenance task executed from the Gitea admin dashboard, so a link on https://gitea.kosmos.org/admin
I have found a better way, this is also available as a script, I have added the line to the checklist above:
$ sudo su - git -c "/usr/local/bin/gitea admin regenerate keys --config /etc/gitea/app.ini"
Copied from the PR:
I think we can finally migrate away Gitea to Centaurus (with the DB on Andromeda as the master). Tomorrow I will check everything on Andromeda and Centaurus, then we can pick a time and date to do the switch. It will involve a DNS switch, in preparation for this I have just lowered the TTL on gitea.kosmos.org down to 300s, the lowest Gandi supports. It was previously set to 1800s.
Here are my notes for the dump/import:
Perform a dump
From https://discourse.gitea.io/t/migrate-gitea-db-from-mariadb-to-postgresql/2072/3
$ kubectl exec gitea-server-5d57fc877d-ghvps -n default -- /app/gitea/gitea dump -d postgres -c /data/gitea/conf/app.ini -f /data/gitea/gitea-dump.zip
$ kubectl cp gitea-server-5d57fc877d-ghvps:/data/gitea/gitea-dump.zip gitea-dump.zip
$ kubectl exec gitea-server-5d57fc877d-ghvps -n default -- /bin/rm /data/gitea/gitea-dump.zip
Import the dump
on Andromeda:
$ sudo su - postgres -c "psql gitea < gitea-db.sql"
on Centaurus:
SCP and unzip gitea-dump.zip
$ scp gitea-dump.zip centaurus.kosmos.org:
$ ssh centaurus.kosmos.org
$ sudo systemctl stop gitea
$ mkdir dump; mv gitea-dump.zip dump; cd dump; unzip gitea-dump.zip; sudo cp -R repositories /home/git/gitea-repositories
# Copy the content of `data`:
$ sudo cp -R dump/data/sessions /var/lib/gitea/
$ sudo cp -R dump/data/indexers /var/lib/gitea/data/
$ sudo cp -R dump/data/attachments /var/lib/gitea/data/
$ sudo cp -R dump/data/avatars /var/lib/gitea/data/
$ sudo cp -R dump/data/repo-avatars /var/lib/gitea/data/
$ sudo rm -rf /var/lib/gitea/data/queues; sudo cp -R dump/data/queues /var/lib/gitea/data/
$ sudo chown -R git:git /var/lib/gitea/data/
$ sudo systemctl start gitea
Log in, run Update the '.ssh/authorized_keys' file with Gitea SSH keys on
http://gitea.kosmos.org/admin so the users' public keys are copied to the /home/git/.ssh/authorized_key file
I think the only thing that is not clear to me is:
Log in, run Update the '.ssh/authorized_keys' file with Gitea SSH keys on http://gitea.kosmos.org/admin
As we're importing a database dump, the /home/git/.ssh/authorized_keys file on centaurus will be empty at first, this admin task generates the content of the file with users' public key. It is then managed by Gitea, so new keys are automatically added, deleted keys deleted, etc
Also, are you sure the deployment should be part of the cookbook PR? We agreed that only master is being deployed to production, and I also don't see how the cookbook PR should include an entire production migration to begin with. The work done for that is different than for the cookbook code.
That's right, I will move this checklist to the issue instead
I think we can finally migrate away Gitea to Centaurus (with the DB on Andromeda as the master). Tomorrow I will check everything on Andromeda and Centaurus, then we can pick a time and date to do the switch. It will involve a DNS switch, in preparation for this I have just lowered the TTL on gitea.kosmos.org down to 300s, the lowest Gandi supports. It was previously set to 1800s.
Here are my notes for the dump/import:
Perform a dump
From https://discourse.gitea.io/t/migrate-gitea-db-from-mariadb-to-postgresql/2072/3
$ kubectl exec gitea-server-5d57fc877d-ghvps -n default -- /app/gitea/gitea dump -d postgres -c /data/gitea/conf/app.ini -f /data/gitea/gitea-dump.zip
$ kubectl cp gitea-server-5d57fc877d-ghvps:/data/gitea/gitea-dump.zip gitea-dump.zip
$ kubectl exec gitea-server-5d57fc877d-ghvps -n default -- /bin/rm /data/gitea/gitea-dump.zip
Import the dump
on Andromeda:
$ sudo su - postgres -c "psql gitea < gitea-db.sql"
on Centaurus:
SCP and unzip gitea-dump.zip
$ scp gitea-dump.zip centaurus.kosmos.org:
$ ssh centaurus.kosmos.org
$ sudo systemctl stop gitea
$ mkdir dump; mv gitea-dump.zip dump; cd dump; unzip gitea-dump.zip; sudo cp -R repositories /home/git/gitea-repositories
# Copy the content of `data`:
$ sudo cp -R dump/data/sessions /var/lib/gitea/
$ sudo cp -R dump/data/indexers /var/lib/gitea/data/
$ sudo cp -R dump/data/attachments /var/lib/gitea/data/
$ sudo cp -R dump/data/avatars /var/lib/gitea/data/
$ sudo cp -R dump/data/repo-avatars /var/lib/gitea/data/
$ sudo rm -rf /var/lib/gitea/data/queues; sudo cp -R dump/data/queues /var/lib/gitea/data/
$ sudo chown -R git:git /var/lib/gitea/data/
$ sudo systemctl start gitea
Log in, run Update the '.ssh/authorized_keys' file with Gitea SSH keys on
http://gitea.kosmos.org/admin so authorized SSH keys work for everyone
