Add restore test scaffolding for Vaultwarden
This commit is contained in:
@@ -0,0 +1,97 @@
|
||||
# Vaultwarden Restore Runbook
|
||||
|
||||
## Vorbedingungen
|
||||
|
||||
- Borg-Quelle ist verfuegbar
|
||||
- Secret-Datei vorhanden: `/mnt/user/appdata/secrets/vaultwarden_admin_token.txt`
|
||||
- Testpfade unter `/mnt/user/backups/restore-lab/` und `/mnt/user/backups/restore-reports/` sind freigegeben
|
||||
|
||||
## Platzhalter
|
||||
|
||||
- `ARCHIVE_NAME`: Borg-Archiv fuer den Restore-Test
|
||||
- `REPORT_DATE`: z. B. `2026-05-06`
|
||||
- `BORG_REPO`: Host-Borg-Repo, z. B. das produktive `critical_infra`
|
||||
- `BORG_PASSPHRASE`: wie im bestehenden Host-Setup
|
||||
|
||||
## Ablauf
|
||||
|
||||
1. Testpfade vorbereiten
|
||||
|
||||
```bash
|
||||
mkdir -p /mnt/user/backups/restore-lab/vaultwarden/data
|
||||
mkdir -p /mnt/user/backups/restore-reports
|
||||
rm -rf /mnt/user/backups/restore-lab/vaultwarden/data/*
|
||||
```
|
||||
|
||||
2. Vaultwarden-Daten aus Borg in das Restore-Lab extrahieren
|
||||
|
||||
Archiv zuerst pruefen:
|
||||
|
||||
```bash
|
||||
export BORG_REPO='...'
|
||||
export BORG_PASSPHRASE='...'
|
||||
borg list "$BORG_REPO"
|
||||
```
|
||||
|
||||
Restore in das Testziel:
|
||||
|
||||
```bash
|
||||
cd /mnt/user/backups/restore-lab/vaultwarden
|
||||
borg extract "$BORG_REPO" "::ARCHIVE_NAME" local/appdata/vaultwarden
|
||||
mv /mnt/user/backups/restore-lab/vaultwarden/local/appdata/vaultwarden /mnt/user/backups/restore-lab/vaultwarden/data
|
||||
rmdir /mnt/user/backups/restore-lab/vaultwarden/local/appdata
|
||||
rmdir /mnt/user/backups/restore-lab/vaultwarden/local
|
||||
```
|
||||
|
||||
Wenn das Archiv den Pfad anders ablegt, zuerst mit `borg list "$BORG_REPO" "::ARCHIVE_NAME"` den exakten Eintrag pruefen.
|
||||
|
||||
Zielpfad nach dem Restore:
|
||||
|
||||
```text
|
||||
/mnt/user/backups/restore-lab/vaultwarden/data
|
||||
```
|
||||
|
||||
3. Testcontainer starten
|
||||
|
||||
```bash
|
||||
docker compose -f /mnt/user/services/homelab/ops/restore-tests/vaultwarden-compose.test.yml up -d
|
||||
```
|
||||
|
||||
4. Smoke-Test
|
||||
|
||||
```bash
|
||||
curl -I http://127.0.0.1:18080
|
||||
docker logs restoretest-vaultwarden --tail 50
|
||||
```
|
||||
|
||||
Minimal erfolgreich:
|
||||
|
||||
- HTTP-Antwort kommt
|
||||
- Login-Seite ist erreichbar
|
||||
- Vaultwarden-Daten liegen im Restore-Lab vor
|
||||
|
||||
5. Testcontainer wieder stoppen
|
||||
|
||||
```bash
|
||||
docker compose -f /mnt/user/services/homelab/ops/restore-tests/vaultwarden-compose.test.yml down
|
||||
```
|
||||
|
||||
6. Report schreiben
|
||||
|
||||
Ziel:
|
||||
|
||||
```text
|
||||
/mnt/user/backups/restore-reports/vaultwarden-REPORT_DATE.md
|
||||
```
|
||||
|
||||
7. Testdaten nach erfolgreichem Lauf bereinigen
|
||||
|
||||
```bash
|
||||
rm -rf /mnt/user/backups/restore-lab/vaultwarden/data
|
||||
```
|
||||
|
||||
## Festgelegte Entscheidungen
|
||||
|
||||
- Testdaten werden nach erfolgreichem Lauf geloescht.
|
||||
- `ntfy` wird nicht im ersten echten Lauf eingebunden.
|
||||
- `ntfy` folgt spaeter, wenn der manuelle Basisablauf stabil verifiziert ist.
|
||||
Reference in New Issue
Block a user