Fix permission issues
This commit is contained in:
parent
4d959940d9
commit
1ca5f2c591
19
README.md
19
README.md
@ -142,23 +142,26 @@ not being accessed/modified during this process. It is easy to access `yggdrasil
|
|||||||
```sh
|
```sh
|
||||||
/usr/local/sbin/restic-batch --config-dir /etc/restic-batch.d restore
|
/usr/local/sbin/restic-batch --config-dir /etc/restic-batch.d restore
|
||||||
```
|
```
|
||||||
Note that permissions and ownership are restored as a second step once all the content is
|
3. Once restore has completed, `chown -R <user>:<user>` all the restored directories in
|
||||||
restored. Therefore, the files will list `root` as owner during the restoration.
|
`/var/lib/<hostname>/data`. Restic restores the UID information of the host from which the backup
|
||||||
3. Start all the pod services with:
|
was performed which may not match that of the new target machine. Note that permissions and
|
||||||
|
ownership are restored as a second step once all the content is restored. Therefore, the files
|
||||||
|
will list `root` as owner during the restoration.
|
||||||
|
4. Start all the pod services with:
|
||||||
```sh
|
```sh
|
||||||
ansible-playbook --vault-id @vault-keyring-client.py -i inventory/baldur_production playbooks/services_start.yml
|
ansible-playbook --vault-id @vault-keyring-client.py -i inventory/baldur_production playbooks/services_start.yml
|
||||||
```
|
```
|
||||||
Give them some time to download all the images and start.
|
Give them some time to download all the images and start.
|
||||||
4. Once the CPU returns to idling check the state of all the pod services and their `veth`
|
5. Once the CPU returns to idling check the state of all the pod services and their `veth`
|
||||||
interfaces. If necessary restart the affected pod. Sometimes they fail to start (presumably due
|
interfaces. If necessary restart the affected pod. Sometimes they fail to start (presumably due
|
||||||
to issues related to limited CPU and RAM).
|
to issues related to limited CPU and RAM).
|
||||||
5. Boot into a test VM. Ideally, one installed onto a virtual disk since the live system might not
|
6. Boot into a test VM. Ideally, one installed onto a virtual disk since the live system might not
|
||||||
have enough space. A VM is used to make sure that none of the services on the host workstation
|
have enough space. A VM is used to make sure that none of the services on the host workstation
|
||||||
connect to `baldur` by accident.
|
connect to `baldur` by accident.
|
||||||
6. Modify `/etc/hosts` in the VM to point at `baldur` for all relevant domains.
|
7. Modify `/etc/hosts` in the VM to point at `baldur` for all relevant domains.
|
||||||
7. Test each service manually one by one. Use the Flagfox add-on to verify that you are indeed
|
8. Test each service manually one by one. Use the Flagfox add-on to verify that you are indeed
|
||||||
connecting to `baldur`.
|
connecting to `baldur`.
|
||||||
8. Stop all the pod services with:
|
9. Stop all the pod services with:
|
||||||
```sh
|
```sh
|
||||||
ansible-playbook --vault-id @vault-keyring-client.py -i inventory/baldur_production playbooks/services_stop.yml
|
ansible-playbook --vault-id @vault-keyring-client.py -i inventory/baldur_production playbooks/services_stop.yml
|
||||||
```
|
```
|
||||||
|
@ -15,12 +15,14 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--cgroups=no-conmon \
|
--cgroups=no-conmon \
|
||||||
--pod-id-file %t/pod-cloud.pod-id \
|
--pod-id-file %t/pod-cloud.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
|
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||||
|
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||||
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
||||||
--user=0 \
|
--user=0 \
|
||||||
--entrypoint="/bin/bash" \
|
--entrypoint="/bin/bash" \
|
||||||
--name=pod-cloud-chown \
|
--name=pod-cloud-chown \
|
||||||
docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }} \
|
docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }} \
|
||||||
-c "chown -R www-data:www-data /media/external"
|
-c "chown -R www-data:www-data /var/www/html /media/external"
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-chown.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-chown.ctr-id
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user