Copied from the PR:
I think we can finally migrate away Gitea to Centaurus (with the DB on Andromeda as the master). Tomorrow I will check everything on Andromeda and Centaurus, then we can pick a time and date to do the switch. It will involve a DNS switch, in preparation for this I have just lowered the TTL on gitea.kosmos.org down to 300s, the lowest Gandi supports. It was previously set to 1800s.
Here are my notes for the dump/import:
Perform a dump
From https://discourse.gitea.io/t/migrate-gitea-db-from-mariadb-to-postgresql/2072/3
$ kubectl exec gitea-server-5d57fc877d-ghvps -n default -- /app/gitea/gitea dump -d postgres -c /data/gitea/conf/app.ini -f /data/gitea/gitea-dump.zip
$ kubectl cp gitea-server-5d57fc877d-ghvps:/data/gitea/gitea-dump.zip gitea-dump.zip
$ kubectl exec gitea-server-5d57fc877d-ghvps -n default -- /bin/rm /data/gitea/gitea-dump.zip
Import the dump
on Andromeda:
$ sudo su - postgres -c "psql gitea < gitea-db.sql"
on Centaurus:
SCP and unzip gitea-dump.zip
$ scp gitea-dump.zip centaurus.kosmos.org:
$ ssh centaurus.kosmos.org
$ sudo systemctl stop gitea
$ mkdir dump; mv gitea-dump.zip dump; cd dump; unzip gitea-dump.zip; sudo cp -R repositories /home/git/gitea-repositories
# Copy the content of `data`:
$ sudo cp -R dump/data/sessions /var/lib/gitea/
$ sudo cp -R dump/data/indexers /var/lib/gitea/data/
$ sudo cp -R dump/data/attachments /var/lib/gitea/data/
$ sudo cp -R dump/data/avatars /var/lib/gitea/data/
$ sudo cp -R dump/data/repo-avatars /var/lib/gitea/data/
$ sudo rm -rf /var/lib/gitea/data/queues; sudo cp -R dump/data/queues /var/lib/gitea/data/
$ sudo chown -R git:git /var/lib/gitea/data/
$ sudo systemctl start gitea
Log in, run Update the '.ssh/authorized_keys' file with Gitea SSH keys on
http://gitea.kosmos.org/admin so the users' public keys are copied to the /home/git/.ssh/authorized_key file
I think the only thing that is not clear to me is:
Log in, run Update the '.ssh/authorized_keys' file with Gitea SSH keys on http://gitea.kosmos.org/admin
As we're importing a database dump, the /home/git/.ssh/authorized_keys file on centaurus will be empty at first, this admin task generates the content of the file with users' public key. It is then managed by Gitea, so new keys are automatically added, deleted keys deleted, etc
Also, are you sure the deployment should be part of the cookbook PR? We agreed that only master is being deployed to production, and I also don't see how the cookbook PR should include an entire production migration to begin with. The work done for that is different than for the cookbook code.
That's right, I will move this checklist to the issue instead
I think we can finally migrate away Gitea to Centaurus (with the DB on Andromeda as the master). Tomorrow I will check everything on Andromeda and Centaurus, then we can pick a time and date to do the switch. It will involve a DNS switch, in preparation for this I have just lowered the TTL on gitea.kosmos.org down to 300s, the lowest Gandi supports. It was previously set to 1800s.
Here are my notes for the dump/import:
Perform a dump
From https://discourse.gitea.io/t/migrate-gitea-db-from-mariadb-to-postgresql/2072/3
$ kubectl exec gitea-server-5d57fc877d-ghvps -n default -- /app/gitea/gitea dump -d postgres -c /data/gitea/conf/app.ini -f /data/gitea/gitea-dump.zip
$ kubectl cp gitea-server-5d57fc877d-ghvps:/data/gitea/gitea-dump.zip gitea-dump.zip
$ kubectl exec gitea-server-5d57fc877d-ghvps -n default -- /bin/rm /data/gitea/gitea-dump.zip
Import the dump
on Andromeda:
$ sudo su - postgres -c "psql gitea < gitea-db.sql"
on Centaurus:
SCP and unzip gitea-dump.zip
$ scp gitea-dump.zip centaurus.kosmos.org:
$ ssh centaurus.kosmos.org
$ sudo systemctl stop gitea
$ mkdir dump; mv gitea-dump.zip dump; cd dump; unzip gitea-dump.zip; sudo cp -R repositories /home/git/gitea-repositories
# Copy the content of `data`:
$ sudo cp -R dump/data/sessions /var/lib/gitea/
$ sudo cp -R dump/data/indexers /var/lib/gitea/data/
$ sudo cp -R dump/data/attachments /var/lib/gitea/data/
$ sudo cp -R dump/data/avatars /var/lib/gitea/data/
$ sudo cp -R dump/data/repo-avatars /var/lib/gitea/data/
$ sudo rm -rf /var/lib/gitea/data/queues; sudo cp -R dump/data/queues /var/lib/gitea/data/
$ sudo chown -R git:git /var/lib/gitea/data/
$ sudo systemctl start gitea
Log in, run Update the '.ssh/authorized_keys' file with Gitea SSH keys on
http://gitea.kosmos.org/admin so authorized SSH keys work for everyone
I think building from source is out of scope for this PR, but since this is simply deploying a binary it wouldn't be a big task like building a Docker image. I am already moving the URL of the binary to a cookbook attribute so it's easier to override
Another option is to not start the PostgreSQL service on boot and run a script on boot where you input the encrypted volume password and then it starts PostgreSQL
Replication is now running on centaurus. I had to fix the firewall rules to make it work: #167. The data dir for PostgreSQL is also encrypted using encfs: #166. Both are ready to merge