Skip to content

feat(restic): automate appdata restores#261

Merged
edgard merged 5 commits into
masterfrom
codex-restic-live-restore-plan
Jun 25, 2026
Merged

feat(restic): automate appdata restores#261
edgard merged 5 commits into
masterfrom
codex-restic-live-restore-plan

Conversation

@edgard

@edgard edgard commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Owner

Summary

  • Adds task restic:restore and task restic:restore-all wrappers for plan-only or confirmed Kubernetes appdata restores from the shared restic repo.
  • Adds an Ansible-native restic_restore role that infers target PVCs from live Argo CD Application resources and live PVCs, defaults snapshots to latest, and includes Argo-managed nfs-fast appdata by default for full restores.
  • Confirmed restores create a temporary restore job, pause the apps ApplicationSet, disable automated sync on target apps, scale workloads down, delete existing PVC contents under /restore/data/appdata/..., restore with --exclude-xattr '*', then resume workloads and sync policy.
  • Rewrites the restore runbook around the new task entrypoints, including single-app, single-PVC, restore-all, full DR, and CLI fallback guidance.

Test Plan

  • ./.venv/bin/ansible-playbook ansible/tests/restic-restore.yml
  • task fmt
  • task lint
  • git diff --check
  • task restic:restore app=paperless
  • task restic:restore-all

Notes

  • Restore execution remains non-destructive unless confirm_restore=true is passed.
  • The full restore plan intentionally includes platform and media appdata PVCs when they are Argo-managed nfs-fast PVCs, while excluding shared/static storage such as media, restic-repo, and restic-appdata.

edgard added 2 commits June 25, 2026 10:49
@edgard
docs(restic): plan live restore automation
45d1e7d
@edgard
feat(restic): automate appdata restores
5307949 
Add an Ansible-native restore flow so DR and single-app restores can use the shared restic repo without hand-built kubectl sequences. The role plans from live Argo CD/PVC state by default, requires explicit confirmation before destructive work, and preserves the NFS xattr restore guardrail.
@edgard edgard changed the title docs(restic): plan Ansible-native live restores feat(restic): automate appdata restores Jun 25, 2026
edgard added 3 commits June 25, 2026 15:43
@edgard
docs(restic): remove temporary restore plan
54c1752 
Keep the PR focused on the implemented restore role and runbook. The standalone implementation plan was useful while building the feature, but it should not live as permanent docs now that the Ansible workflow is implemented.
@edgard
docs(restic): tighten restore runbook
69ff2ae 
Keep the restore docs focused on the implemented Ansible workflow: preview, confirmed restore, full DR, and fallback constraints. The single-PVC flow is now described as the app restore it actually is, which removes duplicate procedure text.
@edgard
refactor(restic): rename restore role
abf69e2 
Use a general restic role name so future restic operations can live under one Ansible role. Restore-specific variables keep their existing prefix because they describe this role entrypoint's current behavior.
@edgard edgard enabled auto-merge (squash) June 25, 2026 13:47
@edgard edgard merged commit 3a2610b into master Jun 25, 2026
6 checks passed
@edgard edgard deleted the codex-restic-live-restore-plan branch June 25, 2026 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@edgard