wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity

docs(ops): show escrow gaps in reboot quick check [skip ci]

Browse Source
This commit is contained in:
ogt
2026-06-26 06:36:51 +08:00
parent b2945ab9f7
commit bae6423d72
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/LOGBOOK.md
View File

@@ -15,11 +15,13 @@
**完成**
- `scripts/reboot-recovery/post-start-quick-check.sh` public route gate 新增 retry預設 `ROUTE_RETRY_ATTEMPTS=3``ROUTE_RETRY_DELAY_SECONDS=2`
- Retry 後恢復的 route 會列為 `evidence_warn recovered_after_attempt=<n>`;只有連續失敗才算 `BLOCKED`
- Escrow 缺口存在時wrapper 會只讀呼叫 `/backup/scripts/mark-credential-escrow-verified.sh --status` 並列出缺項;不寫 marker、不讀 secret。
- 更新 `FULL-STACK-COLD-START-SOP.md` v1.61、`REBOOT-POST-START-QUICK-CHECK.md` v1.6、recovery workplan 與 `BACKUP-STATUS.md`
**驗證**
- `bash -n scripts/reboot-recovery/post-start-quick-check.sh` 通過。
- Route-only wrapper`PASS=31 WARN=0 BLOCKED=0``RESULT=GREEN`
- Backup-only wrapper`PASS=10 WARN=2 BLOCKED=0`,列出缺 `restic_repository_password``offsite_provider_credentials``break_glass_admin_credentials``dns_registrar_recovery``oauth_ai_provider_recovery`
- Core wrapper with routes skipped`PASS=15 WARN=2 BLOCKED=0`warning split `SERVICE=0 BOUNDARY=1 EVIDENCE=1``RESULT=FULL_STACK_GREEN_DR_ESCROW_BLOCKED`
**做過的命令類型**

2
docs/runbooks/REBOOT-POST-START-QUICK-CHECK.md
View File

@@ -53,6 +53,8 @@ scripts/reboot-recovery/post-start-quick-check.sh --no-color
Public route gate 自 v1.6 起會使用 `ROUTE_RETRY_ATTEMPTS`(預設 `3`)與 `ROUTE_RETRY_DELAY_SECONDS`(預設 `2`)重試。單次 `000` / timeout 若 retry 後恢復,應列為 evidence warning 或 transient route evidence不可直接當成網站仍壞只有連續失敗才是 service blocker。
Credential escrow gate 自 v1.6 起在 `escrow_missing>0` 時,會只讀呼叫 `/backup/scripts/mark-credential-escrow-verified.sh --status` 並列出缺項。這只是 evidence readback不會寫 marker、不會讀密碼、不會降低 DR blocker用途是讓 operator 立即知道缺的是哪幾個非 secret evidence marker。
Wrapper 必須先解析 cold-start summary不可只看 cold-start exit code
- cold-start `BLOCKED>0`wrapper 才可判定 `BLOCKED`

8
scripts/reboot-recovery/post-start-quick-check.sh
View File

@@ -345,6 +345,14 @@ if [[ "$RUN_BACKUP" -eq 1 ]]; then
ok "credential escrow missing is 0"
elif grep -Eq 'escrow_missing=[1-9]|ESCROW_MISSING_COUNT[ =][1-9]' "$backup_tmp"; then
boundary_warn "credential escrow still missing; DR_COMPLETE is forbidden"
escrow_status_tmp="$(mktemp -t post-start-escrow-status.XXXXXX)"
if ssh_read "wooo@192.168.0.110" '/backup/scripts/mark-credential-escrow-verified.sh --status' >"$escrow_status_tmp" 2>&1; then
evidence_warn "credential escrow missing items follow"
else
evidence_warn "credential escrow missing item readback failed"
fi
cat "$escrow_status_tmp"
rm -f "$escrow_status_tmp"
else
evidence_warn "credential escrow count not found"
fi