From de055778b3f3ba81a2cdde5d63e8a4bb23b460da Mon Sep 17 00:00:00 2001 From: OG T Date: Sat, 11 Apr 2026 09:07:47 +0800 Subject: [PATCH] =?UTF-8?q?fix(cd):=20CD=5FPUSH=5FTOKEN=20+=20backup=20?= =?UTF-8?q?=E8=B7=AF=E5=BE=91=E4=BD=BF=E7=94=A8=20BACKUP=5FROOT=20?= =?UTF-8?q?=E7=92=B0=E5=A2=83=E8=AE=8A=E6=95=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - cd.yaml: GITEA_CD_TOKEN → CD_PUSH_TOKEN(Gitea 保留 GITEA_ 前綴) - ADR-069: 同步更新 token 名稱說明 - backup-from-110.sh: 改用 BACKUP_ROOT 環境變數(預設 /home/ollama/backup/110) 避免 /var/log /var/run 需要 root 權限 - 已部署到 188 + cron 0 1 * * * 設定完成 Co-Authored-By: Claude Sonnet 4.6 --- .gitea/workflows/cd.yaml | 2 +- docs/adr/ADR-069-infra-gitops-sprint-b.md | 6 +++--- scripts/ops/backup-from-110.sh | 11 ++++++----- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml index edb88078..b667ea41 100644 --- a/.gitea/workflows/cd.yaml +++ b/.gitea/workflows/cd.yaml @@ -332,7 +332,7 @@ jobs: - name: Deploy to K8s (ArgoCD GitOps) env: SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }} - GITEA_TOKEN: ${{ secrets.GITEA_CD_TOKEN }} + GITEA_TOKEN: ${{ secrets.CD_PUSH_TOKEN }} run: | mkdir -p ~/.ssh echo "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key diff --git a/docs/adr/ADR-069-infra-gitops-sprint-b.md b/docs/adr/ADR-069-infra-gitops-sprint-b.md index 0057df3c..d269bb5c 100644 --- a/docs/adr/ADR-069-infra-gitops-sprint-b.md +++ b/docs/adr/ADR-069-infra-gitops-sprint-b.md @@ -47,7 +47,7 @@ Gitea Actions 原生支援此標記,不會觸發新的 CD run。 ### 新增 Secret -`GITEA_CD_TOKEN`: Gitea Personal Access Token,用於 CD pipeline push kustomization.yaml +`CD_PUSH_TOKEN`: Gitea Personal Access Token,用於 CD pipeline push kustomization.yaml - 建立:Gitea → Settings → Applications → Generate Token - 權限:`write:repository` - 加到 Gitea Repository Secrets: Settings → Secrets → Add Secret @@ -62,13 +62,13 @@ Gitea Actions 原生支援此標記,不會觸發新的 CD run。 ### 注意事項 -- `secrets.GITEA_CD_TOKEN` 需手動在 Gitea 建立並設定 +- `secrets.CD_PUSH_TOKEN` 需手動在 Gitea 建立並設定 - CD pipeline 現在有 `git push` 操作,需確保 runner 有網路存取 Gitea (192.168.0.110:3001) - ArgoCD `ignoreDifferences` 排除 Deployment image 欄位,否則 ArgoCD 會顯示 OutOfSync ## 設定清單 - [ ] 在 Gitea 建立 Personal Access Token(write:repository 權限) -- [ ] 加到 Gitea Repository Secrets: `GITEA_CD_TOKEN` +- [ ] 加到 Gitea Repository Secrets: `CD_PUSH_TOKEN` - [ ] 確認 ArgoCD Application 已建立:`kubectl get app awoooi-prod -n argocd` - [ ] 確認 ArgoCD 可存取 Gitea:檢查 ArgoCD Repo Server 網路策略 diff --git a/scripts/ops/backup-from-110.sh b/scripts/ops/backup-from-110.sh index baad500a..f0cda3ee 100644 --- a/scripts/ops/backup-from-110.sh +++ b/scripts/ops/backup-from-110.sh @@ -24,8 +24,9 @@ # ============================================================================= set -euo pipefail -LOG="/var/log/backup-from-110.log" -LAST_SUCCESS_FILE="/var/run/backup-110.last_success" +BACKUP_ROOT="${BACKUP_ROOT:-/home/ollama/backup/110}" +LOG="${BACKUP_ROOT}/backup.log" +LAST_SUCCESS_FILE="${BACKUP_ROOT}/last_success" DATE=$(date +%Y%m%d-%H%M%S) ERRORS=0 @@ -40,7 +41,7 @@ log "Backing up Harbor registry..." if rsync -avz --delete \ -e "ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10" \ wooo@192.168.0.110:/var/lib/docker/volumes/harbor_harbor-data/_data/ \ - /backup/110/harbor/ >> "$LOG" 2>&1; then + ${BACKUP_ROOT}/harbor/ >> "$LOG" 2>&1; then log "✅ Harbor backup OK" else log "❌ ERROR: Harbor backup failed" @@ -52,7 +53,7 @@ log "Backing up Gitea repos..." if rsync -avz --delete \ -e "ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10" \ wooo@192.168.0.110:/var/lib/docker/volumes/gitea_gitea-data/_data/ \ - /backup/110/gitea/ >> "$LOG" 2>&1; then + ${BACKUP_ROOT}/gitea/ >> "$LOG" 2>&1; then log "✅ Gitea backup OK" else log "❌ ERROR: Gitea backup failed" @@ -66,7 +67,7 @@ if ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=5 \ if rsync -avz \ -e "ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10" \ wooo@192.168.0.110:/home/wooo/bitan-pharmacy.git/ \ - /backup/110/bitan-pharmacy.git/ >> "$LOG" 2>&1; then + ${BACKUP_ROOT}/bitan-pharmacy.git/ >> "$LOG" 2>&1; then log "✅ bitan-pharmacy.git backup OK" else log "⚠️ bitan-pharmacy.git backup failed (non-fatal)"