From b3d6a540c1ee2ca34f6d5845049d1f3b4f483f8b Mon Sep 17 00:00:00 2001 From: Teodor Calin Date: Thu, 2 Jul 2026 16:17:07 +0300 Subject: [PATCH] fix(ops): snapshot.sh reads peer_auth_token from config for /admin/checkpoint Once cluster.peer_auth_token is set, /admin/checkpoint returns 401 without a Bearer, silently breaking the 4-hourly GCS snapshot timer AND the self-updater pre-restart snapshot. Read the token from cosift.json when COSIFT_ADMIN_TOKEN is unset (matches harvesters + cosift-compact.sh). Co-Authored-By: Claude Fable 5 --- scripts/snapshot.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/snapshot.sh b/scripts/snapshot.sh index 5d3ef81..596436b 100644 --- a/scripts/snapshot.sh +++ b/scripts/snapshot.sh @@ -11,8 +11,14 @@ set -euo pipefail ADMIN_URL="${COSIFT_ADMIN_URL:-http://127.0.0.1:7777}" -ADMIN_TOKEN="${COSIFT_ADMIN_TOKEN:-}" CONFIG="${COSIFT_CONFIG:-/home/ubuntu/cosift.json}" +ADMIN_TOKEN="${COSIFT_ADMIN_TOKEN:-}" +# /admin/checkpoint is gated by cluster.peer_auth_token. When the token isn't +# passed via env, read it from the config so scheduled snapshots keep working +# once the token is set (matches the harvesters + cosift-compact.sh). +if [[ -z "$ADMIN_TOKEN" ]]; then + ADMIN_TOKEN="$(python3 -c "import json,sys;print(json.load(open(sys.argv[1])).get('cluster',{}).get('peer_auth_token',''))" "$CONFIG" 2>/dev/null || true)" +fi BUCKET="${COSIFT_GCS_BUCKET:-gs://pilot-cosift-index}" KEEP="${COSIFT_KEEP:-14}"