backup-daily: sudo -u postgres for pg_dump and skip rclone bucket check
- SHA
ea75041562d26344fbcf614fc9d0140dde4455f2- Parents
-
f65b942 - Tree
2375a79
tenseleyflow/shithub
/
ea75041
Browse files
1 changed file
| Status | File | + | - |
|---|---|---|---|
| M |
deploy/postgres/backup-daily.sh
|
7 | 2 |
deploy/postgres/backup-daily.shmodified@@ -21,13 +21,18 @@ NAME="${DB}-${STAMP}.dump" | ||
| 21 | 21 | |
| 22 | 22 | mkdir -p "$LOCAL_DIR" |
| 23 | 23 | |
| 24 | -pg_dump --format=custom --compress=9 --no-owner --no-privileges \ | |
| 24 | +# pg_dump as the postgres user via local-socket peer auth. | |
| 25 | +# Cron runs this script as root; sudo handles the user switch. | |
| 26 | +sudo -u postgres pg_dump --format=custom --compress=9 --no-owner --no-privileges \ | |
| 25 | 27 | --file="$LOCAL_DIR/$NAME" "$DB" |
| 26 | 28 | |
| 27 | 29 | # Verify the dump is structurally sound before we ship it. |
| 28 | 30 | pg_restore --list "$LOCAL_DIR/$NAME" >/dev/null |
| 29 | 31 | |
| 30 | -rclone --config /root/.config/rclone/rclone.conf \ | |
| 32 | +# --s3-no-check-bucket: skip the GetBucketLocation pre-check that | |
| 33 | +# requires a permission our scoped-RW Spaces key doesn't grant. | |
| 34 | +# The actual PUT works fine on a key with bucket-level readwrite. | |
| 35 | +rclone --config /root/.config/rclone/rclone.conf --s3-no-check-bucket \ | |
| 31 | 36 | copyto "$LOCAL_DIR/$NAME" "$BUCKET/daily/$(date -u +%Y/%m/%d)/$NAME" |
| 32 | 37 | |
| 33 | 38 | # Local retention: keep the last 7 dumps; bucket lifecycle handles |