rhymepurple

joined 2 years ago
[–] [email protected] 1 points 1 month ago

Yes, I am using PersistentVolumes. I have played around with different tools that have backup/snapshot abilities, but I haven't seen a way to integrate that functionality with a CD tool. I'm sure if I spent enough time working through things, I may be able to put together something that allows the CD tool to take a snapshot. However, I think that having it handle rollbacks would be a bit too much for me to handle without assistance.

[–] [email protected] 1 points 1 month ago (2 children)

Thanks for the reply! I am currently looking to do this for a Kubernetes cluster running various services to more reliably (and frequently) perform upgrades with automated rollbacks when necessary. At some point in the future, it may include services I am developing, but at the moment that is not the intended use case.

I am not currently familiar enough with the CI/CD pipeline (currently Renovatebot and ArgoCD) to reliably accomplish automated rollbacks, but I believe I can get everything working with the exception of rolling back a data backup (especially for upgrades that contain backwards incompatible database changes). In terms of storage, I am open to using various selfhosted services/platforms even if it means drastically changing the setup (eg - moving from TrueNAS to Longhorn, moving from Ceph to Proxmox, etc.) if it means I can accomplish this without a noticeable performance degradation to any of the services.

I understand that it can be challenging (or maybe impossible) to reliably generate backups while the services are running. I also understand that the best way to do this for databases would be to stop the service and perform a database dump. However, I'm not too concerned with losing <10 seconds of data (or however long the backup jobs take) if the backups can be performed in a way that does not result in corrupted data. Realistically, the most common use cases for the rollbacks would be invalid Kubernetes resources/application configuration as a result of the upgrade or the removal/change of a feature that I depend on.

 

cross-posted from: https://lemmy.ml/post/16693054

Is there a feature in a CI/CD pipeline that creates a snapshot or backup of a service's data prior to running a deployment? The steps of a ideal workflow that I am searching for are similar to:

  1. CI tool identifies new version of service and creates a pull request
  2. Manually merge pull request
  3. CD tool identifies changes to Git repo
    1. CD tool creates data snapshot and/or data backup
    2. CD tool deploys update
  4. Issue with deployment identified that requires rollback
    1. Git repo reverted to prior commit and/or Git repo manually modified to prior version of service
    2. CD tool identifies the rolled back version
      1. (OPTIONAL) CD tool creates data snapshot and/or data backup
      2. CD tool reverts to snapshot taken prior to upgrade
      3. CD tool deploys service to prior version per the Git repo
  5. (OPTIONAL) CD tool prunes data snapshot and/or data backup based on provided parameters (eg - delete snapshots after _ days, only keep 3 most recently deployed snapshots, only keep snapshots for major version releases, only keep one snapshot for each latest major, minor, and patch version, etc.)
1
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
 

Is there a feature in a CI/CD pipeline that creates a snapshot or backup of a service's data prior to running a deployment? The steps of a ideal workflow that I am searching for are similar to:

  1. CI tool identifies new version of service and creates a pull request
  2. Manually merge pull request
  3. CD tool identifies changes to Git repo
    1. CD tool creates data snapshot and/or data backup
    2. CD tool deploys update
  4. Issue with deployment identified that requires rollback
    1. Git repo reverted to prior commit and/or Git repo manually modified to prior version of service
    2. CD tool identifies the rolled back version
      1. (OPTIONAL) CD tool creates data snapshot and/or data backup
      2. CD tool reverts to snapshot taken prior to upgrade
      3. CD tool deploys service to prior version per the Git repo
  5. (OPTIONAL) CD tool prunes data snapshot and/or data backup based on provided parameters (eg - delete snapshots after _ days, only keep 3 most recently deployed snapshots, only keep snapshots for major version releases, only keep one snapshot for each latest major, minor, and patch version, etc.)
[–] [email protected] 4 points 1 month ago (1 children)

There are several proprietary options (many/most of which you cannot host). Looking for Amazon Wishlist alternatives should help in putting together a list of potential options. Some additional projects which are open source and selfhostable that you could also start with include:

[–] [email protected] 2 points 2 months ago (1 children)

Everything I mentioned works for LAN services as long as you have a domain name. You shouldn't even need to point the domain name to any IP addresses to get it working. As long as you use a domain registrar that respects your privacy appropriately, you should be able to set things up with a good amount of privacy.

Yes, you can do wildcard certificates through Let's Encrypt. If you use one of the reverse proxies I mentioned, the reverse proxy will create the wildcard certificates and maintain them for you. However, you will likely need to use a DNS challenge. Doing so isn't necessarily difficult. You will likely need to generate an API key or something similar at the domain registrar or DNS service you're using. The process will likely vary depending on what DNS service/company you are using.

[–] [email protected] 21 points 2 months ago (12 children)

Congrats on getting everything working - it looks great!

One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you're running your services behind Wireguard so there isn't too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you're more likely to run into issues with services not running on HTTPS.

The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won't know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).

[–] [email protected] -1 points 3 months ago

Raspberry Pi + PiHole + PiVPN = Network Gateway Drug

Although, PiVPN is winding down so you might want to find something different instead. Setting up a regular Wireguard VPN isn't so bad, but it may be simpler to setup a Tailscale Tailnet.

[–] [email protected] 1 points 3 months ago

I was looking for a free opensource sharing plateform first

What type of sharing platform are you looking for? A git repo? A single file sharing service? A code/text snippet sharing service? Something else?

There are many options available. Some have free, public instances available for use. Others require you to self host the service. Regardless, you're not stuck using Github just to share your user.js file.

[–] [email protected] 1 points 3 months ago

the only sites I give permenant cookie exception are my selfhosted services

This is what I was referring to. How are you accomplishing this?

I'm still looking for the switches to block all new requests asking to access microphone, location, notification

I can't help with this at the moment, but if you're still struggling with this I can provide the lines required to disable these items. However, I don't know how to do this with exceptions (ie allowing your self hosted sites to use that functionality, but block all other sites). At minimum though you could require Firefox to ask you every time a site wants to use something. This may get repetitive for things like your self hosted sites if you have everything clearing when you exit Firefox.

[–] [email protected] 8 points 3 months ago (2 children)

Didn't look at the repo thoroughly, but I can appreciate the work that went into this.

  • Is there any reason you went this route instead of just using an user-overrides.js file for the standard arkenfox user.js file?
  • Does the automatic dark theme require enabling any fingerprintable settings (beyond just possobly determining the theme of the OS/browser)?
  • How are you handling exceptions for sites? I assumed it would be in the user.js file, but didn't notice anything in particular handling specific URLs differently.
[–] [email protected] 3 points 4 months ago (1 children)

https://github.com/owntracks/android

The F-Droid version (which is available on IzzyOnDroid's repo) utilizes OSM. You'll need a server to sync the data to though and it likely does not have all of the features that Life360 has.

[–] [email protected] 4 points 6 months ago (1 children)

How do you use your Beelink? More specifically what OS (and maybe core/most used apps) do you have installed? How do you interact with it (eg - wireless keyboard/mouse, USB IR receiver, etc.)?

Any downside to this approach compared to using the Smart TV/Android TV/Apple TV features?

[–] [email protected] 23 points 6 months ago

Calls made from speakers and Smart Displays will not show up with a caller ID unless you’re using Duo.

Is it possible to use Duo still? Google knows it discontinued/merged Duo with Google Meet nearly 18 months ago, right?

view more: next ›