ops(sol): add offline canary recovery path
All checks were successful
deploy-trade-r001-canary / apply (push) Successful in 6m45s

This commit is contained in:
mpabi
2026-04-12 19:25:55 +02:00
parent c76eb7d5f3
commit 1acb8d403e
7 changed files with 212 additions and 4 deletions

View File

@@ -1,8 +1,10 @@
#!/usr/bin/env bash
set -euo pipefail
DEFAULT_SOURCE_DIR="${HOME}/.local/share/trade-bootstrap/sol/trade-r001-canary-secrets"
SOURCE_HOST="${SOURCE_HOST:-mevnode_bot}"
SOURCE_NAMESPACE="${SOURCE_NAMESPACE:-trade-staging}"
SOURCE_DIR="${SOURCE_DIR:-}"
TARGET_HOST="${TARGET_HOST:-mevnode}"
PG_VERSION="${PG_VERSION:-16}"
@@ -14,7 +16,15 @@ ssh_target() {
ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@"
}
SRC_SECRET_JSON="$(ssh_source "sudo k3s kubectl -n ${SOURCE_NAMESPACE} get secret trade-postgres -o json")"
if [ -z "$SOURCE_DIR" ] && [ -d "$DEFAULT_SOURCE_DIR" ]; then
SOURCE_DIR="$DEFAULT_SOURCE_DIR"
fi
if [ -n "$SOURCE_DIR" ]; then
SRC_SECRET_JSON="$(cat "${SOURCE_DIR}/trade-postgres.json")"
else
SRC_SECRET_JSON="$(ssh_source "sudo k3s kubectl -n ${SOURCE_NAMESPACE} get secret trade-postgres -o json")"
fi
POSTGRES_USER="$(printf '%s' "$SRC_SECRET_JSON" | jq -r '.data.POSTGRES_USER' | base64 -d)"
POSTGRES_PASSWORD="$(printf '%s' "$SRC_SECRET_JSON" | jq -r '.data.POSTGRES_PASSWORD' | base64 -d)"
POSTGRES_DB="$(printf '%s' "$SRC_SECRET_JSON" | jq -r '.data.POSTGRES_DB' | base64 -d)"