From d063f0136eb511594214c7f98d8bf230782b6c94 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Tue, 2 Jun 2026 05:38:09 +0000 Subject: [PATCH 01/10] chore: upgrade to 4.0.0+v2.1.5 --- compose.yml | 9 +++++---- release/4.0.0+v2.1.5 | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+), 4 deletions(-) create mode 100644 release/4.0.0+v2.1.5 diff --git a/compose.yml b/compose.yml index d20575c..44d89bc 100644 --- a/compose.yml +++ b/compose.yml @@ -3,7 +3,7 @@ version: "3.8" services: app: - image: plausible/analytics:v2.0.0 + image: ghcr.io/plausible/community-edition:v2.1.5 command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run" depends_on: - db @@ -11,6 +11,7 @@ services: environment: - BASE_URL=https://$DOMAIN - SECRET_KEY_BASE + - TOTP_VAULT_KEY - DATABASE_URL=postgres://plausible:plausible@${STACK_NAME}_db:5432/plausible - SMTP_HOST_ADDR - MAILER_EMAIL @@ -32,9 +33,9 @@ services: - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - - coop-cloud.${STACK_NAME}.version=3.0.1+v2.0.0 + - coop-cloud.${STACK_NAME}.version=4.0.0+v2.1.5 db: - image: postgres:13.12 + image: postgres:16 configs: - source: db_entrypoint target: /docker-entrypoint.sh @@ -59,7 +60,7 @@ services: backupbot.restore.post-hook: sh -c 'gzip -d /postgres.dump.gz && pg_restore --clean -U "$$POSTGRES_USER" --dbname="$$PLAUSIBLE_DB" < /postgres.dump && rm -f /postgres.dump' plausible_events_db: - image: clickhouse/clickhouse-server:23.4.2.11-alpine + image: clickhouse/clickhouse-server:24.3.3.102-alpine volumes: - event-data:/var/lib/clickhouse entrypoint: /custom-entrypoint.sh diff --git a/release/4.0.0+v2.1.5 b/release/4.0.0+v2.1.5 new file mode 100644 index 0000000..9b4bb78 --- /dev/null +++ b/release/4.0.0+v2.1.5 @@ -0,0 +1,19 @@ +⚠ OPERATOR ACTION REQUIRED ⚠ + +This major version upgrade changes: + +1. TOTP_VAULT_KEY is now REQUIRED. Generate with: + openssl rand -base64 32 + Add to your app environment config before deploying. + +2. Plausible image moved from Docker Hub (plausible/analytics) + to GitHub Container Registry (ghcr.io/plausible/community-edition). + +3. PostgreSQL upgraded from 13 → 16 (major version jump). + The recipe handles this automatically via pg_upgrade on first boot. + Take a volume backup before upgrading! + +4. ClickHouse upgraded from 23.4 → 24.3 (data-compatible upgrade). + +See upstream upgrade notes: +https://github.com/plausible/analytics/releases/tag/v2.1.0 -- 2.49.0 From 0b08d7ed1192f38b3312f0b52a6a949ba444d858 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Tue, 2 Jun 2026 06:50:21 +0000 Subject: [PATCH 02/10] chore: upgrade to 4.0.0+v2.1.5 --- abra.sh | 1 + clickhouse-ipv4-only.xml | 3 +++ compose.yml | 5 +++++ release/4.0.0+v2.1.5 | 19 ------------------- 4 files changed, 9 insertions(+), 19 deletions(-) create mode 100644 clickhouse-ipv4-only.xml delete mode 100644 release/4.0.0+v2.1.5 diff --git a/abra.sh b/abra.sh index ea81aaa..0de2fd9 100644 --- a/abra.sh +++ b/abra.sh @@ -1,4 +1,5 @@ export CLICKHOUSE_CONF_VERSION=v2 export CLICKHOUSE_USER_CONF_VERSION=v2 +export CLICKHOUSE_IPV4_ONLY_VERSION=v1 export DB_ENTRYPOINT_VERSION=v1 export CLICKHOUSE_ENTRYPOINT_VERSION=v2 diff --git a/clickhouse-ipv4-only.xml b/clickhouse-ipv4-only.xml new file mode 100644 index 0000000..7eb0a5c --- /dev/null +++ b/clickhouse-ipv4-only.xml @@ -0,0 +1,3 @@ + + 0.0.0.0 + diff --git a/compose.yml b/compose.yml index 44d89bc..30f7544 100644 --- a/compose.yml +++ b/compose.yml @@ -69,6 +69,8 @@ services: target: /etc/clickhouse-server/config.d/logging.xml - source: clickhouse-user-config target: /etc/clickhouse-server/users.d/clickhouse-user-config.xml + - source: clickhouse-ipv4-only + target: /etc/clickhouse-server/config.d/ipv4-only.xml - source: clickhouse_entrypoint target: /custom-entrypoint.sh mode: 0555 @@ -103,6 +105,9 @@ configs: name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION} file: entrypoint.postgres.sh.tmpl template_driver: golang + clickhouse-ipv4-only: + name: ${STACK_NAME}_clickhouse_ipv4_only_${CLICKHOUSE_IPV4_ONLY_VERSION} + file: clickhouse-ipv4-only.xml clickhouse_entrypoint: name: ${STACK_NAME}_clickhouse_entrypoint_${CLICKHOUSE_ENTRYPOINT_VERSION} file: entrypoint.clickhouse.sh diff --git a/release/4.0.0+v2.1.5 b/release/4.0.0+v2.1.5 deleted file mode 100644 index 9b4bb78..0000000 --- a/release/4.0.0+v2.1.5 +++ /dev/null @@ -1,19 +0,0 @@ -⚠ OPERATOR ACTION REQUIRED ⚠ - -This major version upgrade changes: - -1. TOTP_VAULT_KEY is now REQUIRED. Generate with: - openssl rand -base64 32 - Add to your app environment config before deploying. - -2. Plausible image moved from Docker Hub (plausible/analytics) - to GitHub Container Registry (ghcr.io/plausible/community-edition). - -3. PostgreSQL upgraded from 13 → 16 (major version jump). - The recipe handles this automatically via pg_upgrade on first boot. - Take a volume backup before upgrading! - -4. ClickHouse upgraded from 23.4 → 24.3 (data-compatible upgrade). - -See upstream upgrade notes: -https://github.com/plausible/analytics/releases/tag/v2.1.0 -- 2.49.0 From ca89e2024e59e839347d1e8617e8fd18c29c5e49 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 5 Jun 2026 04:36:59 +0000 Subject: [PATCH 03/10] chore: upgrade to 4.0.0+v2.0.0 --- abra.sh | 1 - clickhouse-ipv4-only.xml | 3 --- compose.yml | 14 ++++---------- 3 files changed, 4 insertions(+), 14 deletions(-) delete mode 100644 clickhouse-ipv4-only.xml diff --git a/abra.sh b/abra.sh index 0de2fd9..ea81aaa 100644 --- a/abra.sh +++ b/abra.sh @@ -1,5 +1,4 @@ export CLICKHOUSE_CONF_VERSION=v2 export CLICKHOUSE_USER_CONF_VERSION=v2 -export CLICKHOUSE_IPV4_ONLY_VERSION=v1 export DB_ENTRYPOINT_VERSION=v1 export CLICKHOUSE_ENTRYPOINT_VERSION=v2 diff --git a/clickhouse-ipv4-only.xml b/clickhouse-ipv4-only.xml deleted file mode 100644 index 7eb0a5c..0000000 --- a/clickhouse-ipv4-only.xml +++ /dev/null @@ -1,3 +0,0 @@ - - 0.0.0.0 - diff --git a/compose.yml b/compose.yml index 30f7544..e1f5436 100644 --- a/compose.yml +++ b/compose.yml @@ -3,7 +3,7 @@ version: "3.8" services: app: - image: ghcr.io/plausible/community-edition:v2.1.5 + image: plausible/analytics:v2.0.0 command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run" depends_on: - db @@ -11,7 +11,6 @@ services: environment: - BASE_URL=https://$DOMAIN - SECRET_KEY_BASE - - TOTP_VAULT_KEY - DATABASE_URL=postgres://plausible:plausible@${STACK_NAME}_db:5432/plausible - SMTP_HOST_ADDR - MAILER_EMAIL @@ -33,9 +32,9 @@ services: - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - - coop-cloud.${STACK_NAME}.version=4.0.0+v2.1.5 + - coop-cloud.${STACK_NAME}.version=4.0.0+v2.0.0 db: - image: postgres:16 + image: postgres:14.18 configs: - source: db_entrypoint target: /docker-entrypoint.sh @@ -60,7 +59,7 @@ services: backupbot.restore.post-hook: sh -c 'gzip -d /postgres.dump.gz && pg_restore --clean -U "$$POSTGRES_USER" --dbname="$$PLAUSIBLE_DB" < /postgres.dump && rm -f /postgres.dump' plausible_events_db: - image: clickhouse/clickhouse-server:24.3.3.102-alpine + image: clickhouse/clickhouse-server:23.4.2.11-alpine volumes: - event-data:/var/lib/clickhouse entrypoint: /custom-entrypoint.sh @@ -69,8 +68,6 @@ services: target: /etc/clickhouse-server/config.d/logging.xml - source: clickhouse-user-config target: /etc/clickhouse-server/users.d/clickhouse-user-config.xml - - source: clickhouse-ipv4-only - target: /etc/clickhouse-server/config.d/ipv4-only.xml - source: clickhouse_entrypoint target: /custom-entrypoint.sh mode: 0555 @@ -105,9 +102,6 @@ configs: name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION} file: entrypoint.postgres.sh.tmpl template_driver: golang - clickhouse-ipv4-only: - name: ${STACK_NAME}_clickhouse_ipv4_only_${CLICKHOUSE_IPV4_ONLY_VERSION} - file: clickhouse-ipv4-only.xml clickhouse_entrypoint: name: ${STACK_NAME}_clickhouse_entrypoint_${CLICKHOUSE_ENTRYPOINT_VERSION} file: entrypoint.clickhouse.sh -- 2.49.0 From fbe0475ddb192bd632c6c340aaeb0e89f116edd0 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 5 Jun 2026 05:05:50 +0000 Subject: [PATCH 04/10] chore: upgrade to 4.0.0+v2.0.0 --- compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose.yml b/compose.yml index e1f5436..ff4de11 100644 --- a/compose.yml +++ b/compose.yml @@ -12,6 +12,7 @@ services: - BASE_URL=https://$DOMAIN - SECRET_KEY_BASE - DATABASE_URL=postgres://plausible:plausible@${STACK_NAME}_db:5432/plausible + - CLICKHOUSE_DATABASE_URL=http://${STACK_NAME}_plausible_events_db:8123/plausible_events_db - SMTP_HOST_ADDR - MAILER_EMAIL - SMTP_HOST_PORT -- 2.49.0 From 71234e23e0dc41fdbc0e8396ff9ade90889ea8b8 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 5 Jun 2026 05:36:21 +0000 Subject: [PATCH 05/10] chore: upgrade to 4.0.0+v2.0.0 --- abra.sh | 2 +- entrypoint.clickhouse.sh | 53 +++++++++++++++++++++++++++++++++------- 2 files changed, 45 insertions(+), 10 deletions(-) diff --git a/abra.sh b/abra.sh index ea81aaa..11df4d5 100644 --- a/abra.sh +++ b/abra.sh @@ -1,4 +1,4 @@ export CLICKHOUSE_CONF_VERSION=v2 export CLICKHOUSE_USER_CONF_VERSION=v2 export DB_ENTRYPOINT_VERSION=v1 -export CLICKHOUSE_ENTRYPOINT_VERSION=v2 +export CLICKHOUSE_ENTRYPOINT_VERSION=v3 diff --git a/entrypoint.clickhouse.sh b/entrypoint.clickhouse.sh index 48f7ac7..f8c49c4 100644 --- a/entrypoint.clickhouse.sh +++ b/entrypoint.clickhouse.sh @@ -1,6 +1,21 @@ #!/bin/bash +# clickhouse entrypoint (cc-ci Q4.7b hardening — recipe-PR for recipe-maintainers/plausible). +# +# clickhouse-backup is the BACKUP tool (backupbot pre/post-hooks: `clickhouse-backup create/restore`). +# It is NOT required for clickhouse-SERVER (`/entrypoint.sh`) to run. The published recipe fetched it +# with `set -ex` + a single silenced no-retry wget to ephemeral /tmp, so ANY transient failure of the +# 22 MB GitHub download (rate-limit / network) exited the container BEFORE the server started → swarm +# restarted it → re-downloaded → amplified the throttle → crash-loop → deploy timeout (cc-ci Q4.7). +# +# Hardening (no behaviour change when the download succeeds first try): +# - cache the binary on the PERSISTENT clickhouse data volume (/var/lib/clickhouse) so it is fetched +# at most once and reused on every container restart (no re-download amplification); +# - retry with backoff; +# - NEVER let a download failure block the server start (best-effort: the server comes up, backup/ +# restore degrade until the next successful fetch); +# - un-silenced so a failure is diagnosable in `docker service logs`. -set -ex +set -e CLICKHOUSE_BACKUP_VERSION=2.4.2 @@ -17,13 +32,33 @@ elif [[ $ARCH =~ "x86_64" ]]; then ARCH="amd64" fi -wget \ - --quiet \ - --continue \ - --no-clobber \ - --output-document=/tmp/clickhouse-backup.tar.gz \ - "https://github.com/AlexAkulov/clickhouse-backup/releases/download/v${CLICKHOUSE_BACKUP_VERSION}/clickhouse-backup-linux-${ARCH}.tar.gz" 2>/dev/null +CACHE_DIR=/var/lib/clickhouse/.ccci-bin +CACHED="${CACHE_DIR}/clickhouse-backup" +BIN=/usr/local/bin/clickhouse-backup +URL="https://github.com/AlexAkulov/clickhouse-backup/releases/download/v${CLICKHOUSE_BACKUP_VERSION}/clickhouse-backup-linux-${ARCH}.tar.gz" -tar -xf /tmp/clickhouse-backup.tar.gz --directory=/usr/local/bin --strip-components=3 +install_clickhouse_backup() { + mkdir -p "$CACHE_DIR" + if [ -x "$CACHED" ]; then + cp -f "$CACHED" "$BIN" + echo "clickhouse-backup: restored from persistent cache ($CACHED)" + return 0 + fi + for attempt in 1 2 3 4 5; do + if wget --continue --output-document=/tmp/clickhouse-backup.tar.gz "$URL" \ + && tar -xf /tmp/clickhouse-backup.tar.gz --directory=/usr/local/bin --strip-components=3; then + cp -f "$BIN" "$CACHED" 2>/dev/null || true + echo "clickhouse-backup: downloaded + cached (attempt ${attempt})" + return 0 + fi + echo "clickhouse-backup: fetch attempt ${attempt} failed; backing off $((attempt * 10))s" >&2 + sleep $((attempt * 10)) + done + echo "clickhouse-backup: fetch FAILED after retries — starting clickhouse-server WITHOUT the backup tool (backup/restore unavailable until a later restart fetches it)" >&2 + return 1 +} -/entrypoint.sh +# Best-effort: the server MUST start even if the backup-tool fetch fails (it is not a server dependency). +install_clickhouse_backup || true + +exec /entrypoint.sh -- 2.49.0 From 2ab49fab62ad49311184c21db3ef86b1d7bb4476 Mon Sep 17 00:00:00 2001 From: notplants <@notplants> Date: Tue, 9 Jun 2026 15:10:07 +0000 Subject: [PATCH 06/10] =?UTF-8?q?fix(clickhouse):=20require=20backup=20too?= =?UTF-8?q?l=20=E2=80=94=20abort=20if=20fetch=20fails=20after=20retries?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make the clickhouse-backup install REQUIRED: if it cannot be fetched after all retries the entrypoint aborts (non-zero exit, set -e) and clickhouse-server is not started, so the deploy fails loudly rather than coming up without backup/restore capability. --- entrypoint.clickhouse.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/entrypoint.clickhouse.sh b/entrypoint.clickhouse.sh index f8c49c4..714711c 100644 --- a/entrypoint.clickhouse.sh +++ b/entrypoint.clickhouse.sh @@ -10,10 +10,12 @@ # Hardening (no behaviour change when the download succeeds first try): # - cache the binary on the PERSISTENT clickhouse data volume (/var/lib/clickhouse) so it is fetched # at most once and reused on every container restart (no re-download amplification); -# - retry with backoff; -# - NEVER let a download failure block the server start (best-effort: the server comes up, backup/ -# restore degrade until the next successful fetch); +# - retry with backoff to ride out transient GitHub failures; # - un-silenced so a failure is diagnosable in `docker service logs`. +# +# Policy: clickhouse-backup is REQUIRED. If it cannot be installed after all retries the entrypoint +# aborts (non-zero exit) and the server is NOT started — we deliberately fail the deploy loudly rather +# than come up silently without backup/restore capability. set -e @@ -54,11 +56,12 @@ install_clickhouse_backup() { echo "clickhouse-backup: fetch attempt ${attempt} failed; backing off $((attempt * 10))s" >&2 sleep $((attempt * 10)) done - echo "clickhouse-backup: fetch FAILED after retries — starting clickhouse-server WITHOUT the backup tool (backup/restore unavailable until a later restart fetches it)" >&2 + echo "clickhouse-backup: fetch FAILED after all retries — aborting; clickhouse-server will NOT start (backup tool is required)" >&2 return 1 } -# Best-effort: the server MUST start even if the backup-tool fetch fails (it is not a server dependency). -install_clickhouse_backup || true +# Required: if the backup tool cannot be installed after retries, abort (set -e) so the deploy fails +# loudly instead of coming up without backup/restore capability. +install_clickhouse_backup exec /entrypoint.sh -- 2.49.0 From 09730b0e7c4b0f5d648b44992af4185e07d0125f Mon Sep 17 00:00:00 2001 From: notplants <@notplants> Date: Tue, 9 Jun 2026 15:17:47 +0000 Subject: [PATCH 07/10] feat(db): use pgautoupgrade instead of custom pg_upgrade entrypoint Replace the hand-rolled entrypoint.postgres.sh.tmpl (which apt-installed the old PG binaries and ran initdb + pg_upgrade --link by hand) with the pgautoupgrade/pgautoupgrade:18-alpine image, matching the other recipes. PGDATA is pinned to the legacy /var/lib/postgresql/data so the existing cluster on the volume is upgraded in place rather than re-initialised. Drops the db_entrypoint config and DB_ENTRYPOINT_VERSION. --- abra.sh | 1 - compose.yml | 19 +++++++--------- entrypoint.postgres.sh.tmpl | 44 ------------------------------------- 3 files changed, 8 insertions(+), 56 deletions(-) delete mode 100644 entrypoint.postgres.sh.tmpl diff --git a/abra.sh b/abra.sh index 11df4d5..1a82402 100644 --- a/abra.sh +++ b/abra.sh @@ -1,4 +1,3 @@ export CLICKHOUSE_CONF_VERSION=v2 export CLICKHOUSE_USER_CONF_VERSION=v2 -export DB_ENTRYPOINT_VERSION=v1 export CLICKHOUSE_ENTRYPOINT_VERSION=v3 diff --git a/compose.yml b/compose.yml index ff4de11..705ffab 100644 --- a/compose.yml +++ b/compose.yml @@ -35,21 +35,22 @@ services: - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - coop-cloud.${STACK_NAME}.version=4.0.0+v2.0.0 db: - image: postgres:14.18 - configs: - - source: db_entrypoint - target: /docker-entrypoint.sh - mode: 0555 - # Custom docker entrypoint to handle major Postgres version upgrades + image: pgautoupgrade/pgautoupgrade:18-alpine volumes: - db-data:/var/lib/postgresql/data - entrypoint: /docker-entrypoint.sh environment: + # pin legacy PGDATA so the existing cluster on the volume is upgraded in place, not re-init'd + - PGDATA=/var/lib/postgresql/data - POSTGRES_USER=plausible - POSTGRES_PASSWORD=plausible - POSTGRES_DB=plausible networks: - internal + healthcheck: + test: ["CMD-SHELL", "pg_isready -U plausible -d plausible"] + interval: 5s + timeout: 5s + retries: 60 deploy: labels: backupbot.backup: "true" @@ -99,10 +100,6 @@ configs: clickhouse-user-config: name: ${STACK_NAME}_clickhouse_user_config_${CLICKHOUSE_USER_CONF_VERSION} file: clickhouse-user-config.xml - db_entrypoint: - name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION} - file: entrypoint.postgres.sh.tmpl - template_driver: golang clickhouse_entrypoint: name: ${STACK_NAME}_clickhouse_entrypoint_${CLICKHOUSE_ENTRYPOINT_VERSION} file: entrypoint.clickhouse.sh diff --git a/entrypoint.postgres.sh.tmpl b/entrypoint.postgres.sh.tmpl deleted file mode 100644 index 8ecc4fe..0000000 --- a/entrypoint.postgres.sh.tmpl +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash - -set -e - -MIGRATION_MARKER=$PGDATA/migration_in_progress -OLDDATA=$PGDATA/old_data -NEWDATA=$PGDATA/new_data - -if [ -e $MIGRATION_MARKER ]; then - echo "FATAL: migration was started but did not complete in a previous run. manual recovery necessary" - exit 1 -fi - -if [ -f $PGDATA/PG_VERSION ]; then - DATA_VERSION=$(cat $PGDATA/PG_VERSION) - - if [ -n "$DATA_VERSION" -a "$PG_MAJOR" != "$DATA_VERSION" ]; then - echo "postgres data version $DATA_VERSION found, but need $PG_MAJOR. Starting migration" - echo "Installing postgres $DATA_VERSION" - sed -i "s/$/ $DATA_VERSION/" /etc/apt/sources.list.d/pgdg.list - apt-get update && apt-get install -y --no-install-recommends \ - postgresql-$DATA_VERSION \ - && rm -rf /var/lib/apt/lists/* - echo "shuffling around" - gosu postgres mkdir $OLDDATA $NEWDATA - chmod 700 $OLDDATA $NEWDATA - mv $PGDATA/* $OLDDATA/ || true - touch $MIGRATION_MARKER - echo "running initdb" - # abuse entrypoint script for initdb by making server error out - gosu postgres bash -c "export PGDATA=$NEWDATA ; /usr/local/bin/docker-entrypoint.sh --invalid-arg || true" - echo "running pg_upgrade" - cd /tmp - gosu postgres pg_upgrade --link -b /usr/lib/postgresql/$DATA_VERSION/bin -d $OLDDATA -D $NEWDATA -U $POSTGRES_USER - cp $OLDDATA/pg_hba.conf $NEWDATA/ - mv $NEWDATA/* $PGDATA - rm -rf $OLDDATA - rmdir $NEWDATA - rm $MIGRATION_MARKER - echo "migration complete" - fi -fi - -/usr/local/bin/docker-entrypoint.sh postgres -- 2.49.0 From 2230238796cc107069c080ab7d224dab4dd9987c Mon Sep 17 00:00:00 2001 From: notplants <@notplants> Date: Tue, 9 Jun 2026 15:37:51 +0000 Subject: [PATCH 08/10] docs: remove stray broken link-reference line in README --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index b3f8f53..b7b4e28 100644 --- a/README.md +++ b/README.md @@ -26,4 +26,3 @@ [`abra`]: https://git.coopcloud.tech/coop-cloud/abra [`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik -p-cloud/traefik -- 2.49.0 From 7690ffbcf476c15049dcebb5ef884b1c7b97e055 Mon Sep 17 00:00:00 2001 From: notplants Date: Tue, 9 Jun 2026 15:41:48 +0000 Subject: [PATCH 09/10] improve comments in entrypoint.clickhouse.sh --- entrypoint.clickhouse.sh | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/entrypoint.clickhouse.sh b/entrypoint.clickhouse.sh index 714711c..8cebd82 100644 --- a/entrypoint.clickhouse.sh +++ b/entrypoint.clickhouse.sh @@ -1,21 +1,12 @@ #!/bin/bash -# clickhouse entrypoint (cc-ci Q4.7b hardening — recipe-PR for recipe-maintainers/plausible). + +# clickhouse-backup is a backup tool (backupbot pre/post-hooks: `clickhouse-backup create/restore`). +# It is a 22 MB GitHub download (rate-limit / network), which can fail to download, and lead to crash loop and download throttling. # -# clickhouse-backup is the BACKUP tool (backupbot pre/post-hooks: `clickhouse-backup create/restore`). -# It is NOT required for clickhouse-SERVER (`/entrypoint.sh`) to run. The published recipe fetched it -# with `set -ex` + a single silenced no-retry wget to ephemeral /tmp, so ANY transient failure of the -# 22 MB GitHub download (rate-limit / network) exited the container BEFORE the server started → swarm -# restarted it → re-downloaded → amplified the throttle → crash-loop → deploy timeout (cc-ci Q4.7). -# -# Hardening (no behaviour change when the download succeeds first try): -# - cache the binary on the PERSISTENT clickhouse data volume (/var/lib/clickhouse) so it is fetched +# to make the download smoother: +# - cache the binary on the persistent clickhouse data volume (/var/lib/clickhouse) so it is fetched # at most once and reused on every container restart (no re-download amplification); -# - retry with backoff to ride out transient GitHub failures; -# - un-silenced so a failure is diagnosable in `docker service logs`. -# -# Policy: clickhouse-backup is REQUIRED. If it cannot be installed after all retries the entrypoint -# aborts (non-zero exit) and the server is NOT started — we deliberately fail the deploy loudly rather -# than come up silently without backup/restore capability. +# - retry with backoff to ride out transient GitHub failures set -e @@ -60,8 +51,7 @@ install_clickhouse_backup() { return 1 } -# Required: if the backup tool cannot be installed after retries, abort (set -e) so the deploy fails -# loudly instead of coming up without backup/restore capability. +#if the backup tool cannot be installed after retries, it aborts (set -e) so the deploy fails install_clickhouse_backup exec /entrypoint.sh -- 2.49.0 From 60a611d1fd61726f023f52e19daefe2e3324b985 Mon Sep 17 00:00:00 2001 From: notplants <@notplants> Date: Tue, 9 Jun 2026 15:43:12 +0000 Subject: [PATCH 10/10] chore: bump recipe to 3.1.0+v2.0.0 (minor, no operator action required) The Postgres major-version upgrade and ClickHouse changes are now handled automatically (pgautoupgrade + resilient entrypoint), so this is a backward-compatible minor bump, not a major one. --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index 705ffab..bdb4c13 100644 --- a/compose.yml +++ b/compose.yml @@ -33,7 +33,7 @@ services: - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - - coop-cloud.${STACK_NAME}.version=4.0.0+v2.0.0 + - coop-cloud.${STACK_NAME}.version=3.1.0+v2.0.0 db: image: pgautoupgrade/pgautoupgrade:18-alpine volumes: -- 2.49.0