From 0f873433bae80dae09256ddb10c3d5a5985be44d Mon Sep 17 00:00:00 2001 From: notplants <@notplants> Date: Tue, 2 Jun 2026 07:31:49 +0000 Subject: [PATCH 1/5] chore: upgrade to 0.8.0+3.5.0 --- compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/compose.yml b/compose.yml index 79edcd7..142fd71 100644 --- a/compose.yml +++ b/compose.yml @@ -3,7 +3,7 @@ version: "3.8" services: app: - image: bitnami/discourse:3.3.1 + image: bitnamilegacy/discourse:3.5.0 networks: - proxy - internal @@ -43,7 +43,7 @@ services: #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=0.7.0+3.3.1" + - "coop-cloud.${STACK_NAME}.version=0.8.0+3.5.0" healthcheck: test: "ruby -e \"require 'uri'; require 'net/http'; uri = URI('http://localhost:3000/srv/status'); res = Net::HTTP.get_response(uri); if res.is_a?(Net::HTTPSuccess) then exit (0) else exit (1) end\"" interval: 30s @@ -52,7 +52,7 @@ services: start_period: 5m db: - image: postgres:13 + image: postgres:16 networks: - internal secrets: @@ -84,7 +84,7 @@ services: - 'redis_data:/data' sidekiq: - image: bitnami/discourse:3.3.1 + image: bitnamilegacy/discourse:3.5.0 networks: - proxy - internal -- 2.49.0 From ec7bbdf786ba82fd9e24bd0c3e989d98ee2f264b Mon Sep 17 00:00:00 2001 From: notplants <@notplants> Date: Tue, 2 Jun 2026 07:50:05 +0000 Subject: [PATCH 2/5] fix(backup): add pg_backup.sh + proper backup/restore hooks, 20m start_period --- abra.sh | 1 + compose.yml | 14 ++++++++++---- pg_backup.sh | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 4 deletions(-) create mode 100755 pg_backup.sh diff --git a/abra.sh b/abra.sh index 1c66304..def0c38 100644 --- a/abra.sh +++ b/abra.sh @@ -1 +1,2 @@ export DB_ENTRYPOINT_VERSION=v1 +export PG_BACKUP_VERSION=v1 diff --git a/compose.yml b/compose.yml index 142fd71..b2e7473 100644 --- a/compose.yml +++ b/compose.yml @@ -49,7 +49,7 @@ services: interval: 30s timeout: 10s retries: 6 - start_period: 5m + start_period: 20m db: image: postgres:16 @@ -63,6 +63,9 @@ services: - source: db_entrypoint target: /docker-entrypoint.sh mode: 0555 + - source: pg_backup + target: /pg_backup.sh + mode: 0555 entrypoint: /docker-entrypoint.sh environment: - POSTGRES_HOST_AUTH_METHOD=trust @@ -72,9 +75,9 @@ services: deploy: labels: backupbot.backup: "true" - backupbot.backup.pre-hook: "bash -c 'PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup.sql'" - backupbot.backup.post-hook: "rm -rf /tmp/backup.sql" - backupbot.backup.path: "/tmp/backup.sql" + backupbot.backup.pre-hook: "/pg_backup.sh backup" + backupbot.backup.volumes.postgresql_data.path: "backup.sql" + backupbot.restore.post-hook: "/pg_backup.sh restore" redis: image: redis:7.4-alpine @@ -132,3 +135,6 @@ configs: name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION} file: entrypoint.postgres.sh.tmpl template_driver: golang + pg_backup: + name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION} + file: pg_backup.sh diff --git a/pg_backup.sh b/pg_backup.sh new file mode 100755 index 0000000..5a2e6d8 --- /dev/null +++ b/pg_backup.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +# Postgres backup/restore hook for the discourse `db` service. Invoked by backupbot-two via: +# backupbot.backup.pre-hook = "/pg_backup.sh backup" +# backupbot.backup.volumes.postgresql_data.path = "backup.sql" +# backupbot.restore.post-hook = "/pg_backup.sh restore" +# Backup dumps the DB to backup.sql (gzip) inside the postgresql_data volume; backupbot archives it. +# Restore reimports it. Discourse (the rails app + sidekiq) keeps many TCP connections open to the DB +# and reconnects within milliseconds, so a one-shot pg_terminate_backend is NOT enough: restore must +# first block all non-local connections at the pg_hba level (so the app cannot reconnect and interfere +# mid-reimport), then FORCE-drop, recreate, and deterministically reimport the dump, then restore +# pg_hba. (Mirrors the proven matrix-synapse restore hook.) The previous recipe shipped a pg_dump +# backup but NO restore hook — a file-level restore did not reload into the running postgres, so a +# restored backup silently kept the live (un-restored) state. cc-ci caught this: a seeded ci_marker row +# was gone after restore. Same pattern as the immich / mattermost-lts / ghost recipe-PRs. + +set -e + +BACKUP_FILE='/var/lib/postgresql/data/backup.sql' +export PGPASSWORD=$(cat "${POSTGRES_PASSWORD_FILE:-/run/secrets/db_password}") +DB_USER="${POSTGRES_USER:-discourse}" +DB_NAME="${POSTGRES_DB:-discourse}" + +function backup { + pg_dump -U "$DB_USER" "$DB_NAME" | gzip > "$BACKUP_FILE" +} + +function restore { + cd /var/lib/postgresql/data/ + + # Block all non-local connections so the running discourse app + sidekiq cannot reconnect and + # interfere with the drop/recreate/reimport (a one-shot pg_terminate_backend is not enough — the + # app reconnects within ms over TCP). Restored on exit. + restore_hba() { + cat pg_hba.conf.bak > pg_hba.conf + rm -f pg_hba.conf.bak + su postgres -c 'pg_ctl reload' + } + cp pg_hba.conf pg_hba.conf.bak + echo 'local all all trust' > pg_hba.conf + su postgres -c 'pg_ctl reload' + trap restore_hba EXIT INT TERM + + # Terminate lingering local sessions, then FORCE-drop + recreate + deterministic reimport. + psql -U "$DB_USER" -d postgres -c \ + "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname='${DB_NAME}' AND pid<>pg_backend_pid();" + psql -U "$DB_USER" -d postgres -c "DROP DATABASE ${DB_NAME} WITH (FORCE);" + createdb -U "$DB_USER" "$DB_NAME" + gunzip -c "$BACKUP_FILE" | psql -U "$DB_USER" -d "$DB_NAME" -1 -v ON_ERROR_STOP=1 -f - +} + +$@ -- 2.49.0 From 5091fd999e6fc8943f025cb6d7e0588871a437cc Mon Sep 17 00:00:00 2001 From: notplants <@notplants> Date: Tue, 2 Jun 2026 15:09:18 -0400 Subject: [PATCH 3/5] improved comments --- pg_backup.sh | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/pg_backup.sh b/pg_backup.sh index 5a2e6d8..382a1d2 100755 --- a/pg_backup.sh +++ b/pg_backup.sh @@ -1,18 +1,6 @@ #!/bin/bash -# Postgres backup/restore hook for the discourse `db` service. Invoked by backupbot-two via: -# backupbot.backup.pre-hook = "/pg_backup.sh backup" -# backupbot.backup.volumes.postgresql_data.path = "backup.sql" -# backupbot.restore.post-hook = "/pg_backup.sh restore" -# Backup dumps the DB to backup.sql (gzip) inside the postgresql_data volume; backupbot archives it. -# Restore reimports it. Discourse (the rails app + sidekiq) keeps many TCP connections open to the DB -# and reconnects within milliseconds, so a one-shot pg_terminate_backend is NOT enough: restore must -# first block all non-local connections at the pg_hba level (so the app cannot reconnect and interfere -# mid-reimport), then FORCE-drop, recreate, and deterministically reimport the dump, then restore -# pg_hba. (Mirrors the proven matrix-synapse restore hook.) The previous recipe shipped a pg_dump -# backup but NO restore hook — a file-level restore did not reload into the running postgres, so a -# restored backup silently kept the live (un-restored) state. cc-ci caught this: a seeded ci_marker row -# was gone after restore. Same pattern as the immich / mattermost-lts / ghost recipe-PRs. +# Postgres backup/restore hook for the discourse `db` service. set -e @@ -29,8 +17,7 @@ function restore { cd /var/lib/postgresql/data/ # Block all non-local connections so the running discourse app + sidekiq cannot reconnect and - # interfere with the drop/recreate/reimport (a one-shot pg_terminate_backend is not enough — the - # app reconnects within ms over TCP). Restored on exit. + # interfere with the drop/recreate/reimport. Restored on exit. restore_hba() { cat pg_hba.conf.bak > pg_hba.conf rm -f pg_hba.conf.bak @@ -41,11 +28,16 @@ function restore { su postgres -c 'pg_ctl reload' trap restore_hba EXIT INT TERM - # Terminate lingering local sessions, then FORCE-drop + recreate + deterministic reimport. + # terminate any lingering local sessions before recreate + # see https://stackoverflow.com/questions/5108876/kill-a-postgresql-session-connection psql -U "$DB_USER" -d postgres -c \ "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname='${DB_NAME}' AND pid<>pg_backend_pid();" + + # drop database and then recreate it psql -U "$DB_USER" -d postgres -c "DROP DATABASE ${DB_NAME} WITH (FORCE);" createdb -U "$DB_USER" "$DB_NAME" + + # reimport data gunzip -c "$BACKUP_FILE" | psql -U "$DB_USER" -d "$DB_NAME" -1 -v ON_ERROR_STOP=1 -f - } -- 2.49.0 From b0f9ae743af31b7d78f7d24bd40dc9213736516d Mon Sep 17 00:00:00 2001 From: notplants <@notplants> Date: Tue, 2 Jun 2026 20:05:44 +0000 Subject: [PATCH 4/5] fix(db): switch postgres image to pgvector/pgvector:pg17 + bump PG_BACKUP_VERSION --- abra.sh | 2 +- compose.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/abra.sh b/abra.sh index def0c38..8cac4ed 100644 --- a/abra.sh +++ b/abra.sh @@ -1,2 +1,2 @@ export DB_ENTRYPOINT_VERSION=v1 -export PG_BACKUP_VERSION=v1 +export PG_BACKUP_VERSION=v2 diff --git a/compose.yml b/compose.yml index b2e7473..c258e1b 100644 --- a/compose.yml +++ b/compose.yml @@ -52,7 +52,7 @@ services: start_period: 20m db: - image: postgres:16 + image: pgvector/pgvector:pg17 networks: - internal secrets: -- 2.49.0 From 7ae7b0f76efb2988c1e54956348dc9eeb7812e0b Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 5 Jun 2026 02:03:34 +0000 Subject: [PATCH 5/5] chore: upgrade to 0.9.0+3.5.0 --- compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose.yml b/compose.yml index c258e1b..019885e 100644 --- a/compose.yml +++ b/compose.yml @@ -43,7 +43,7 @@ services: #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=0.8.0+3.5.0" + - "coop-cloud.${STACK_NAME}.version=0.9.0+3.5.0" healthcheck: test: "ruby -e \"require 'uri'; require 'net/http'; uri = URI('http://localhost:3000/srv/status'); res = Net::HTTP.get_response(uri); if res.is_a?(Net::HTTPSuccess) then exit (0) else exit (1) end\"" interval: 30s @@ -80,7 +80,7 @@ services: backupbot.restore.post-hook: "/pg_backup.sh restore" redis: - image: redis:7.4-alpine + image: redis:8.0-alpine networks: - internal volumes: -- 2.49.0