6fb92466cb
T6 — worker supravegheat:
- app/worker/healthcheck.py: probe pe heartbeat-ul din DB (beat invechit -> exit 1).
Prinde worker-ul agatat (proces viu, beat inghetat) pe care restart:always nu-l
vede. Cablat ca healthcheck pe serviciul worker in compose.
- sidecar autoheal: restarteaza efectiv containerul unhealthy (compose simplu doar
marcheaza, nu restarteaza la unhealthy).
T7 — deploy:
- tools/backup.py: backup ONLINE via Connection.backup (WAL nu se copiaza sigur cu
cp); --keep N roteste snapshot-urile.
- .env.example documenteaza env-urile; volum persistent numit deja in compose.
Fix critic (split api/worker in 2 containere): AUTOPASS_CREDS_KEY trebuie PARTAJATA
api<->worker, altfel worker nu decripteaza creds-urile criptate de API -> submission
blocate. Acum impusa in compose (${...:?} -> fail explicit daca lipseste).
.gitignore: exceptie !.env.example.
5 teste noi (tests/test_deploy.py). 100 pass total.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
22 lines
852 B
Plaintext
22 lines
852 B
Plaintext
# Gateway RAR AUTOPASS — variabile de mediu (copiaza in .env; .env NU se comite).
|
|
# Compose citeste .env automat. Prefix AUTOPASS_ pentru toate.
|
|
|
|
# --- CRITIC: cheie criptare creds RAR (Fernet) ---
|
|
# PARTAJATA intre api si worker (API cripteaza, worker decripteaza). Genereaza:
|
|
# python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
|
|
AUTOPASS_CREDS_KEY=
|
|
|
|
# --- Auth API-key ---
|
|
# true = orice /v1/* cere cheie valida (prod). false = dev (fara cheie -> cont id=1).
|
|
AUTOPASS_REQUIRE_API_KEY=false
|
|
|
|
# --- Worker ---
|
|
# Send catre RAR. false = nu trimite (default, sigur pentru probe). true = end-to-end.
|
|
AUTOPASS_WORKER_SEND_ENABLED=false
|
|
# Dev: foloseste creds <test> din settings.xml cand submission-ul nu are creds criptate.
|
|
AUTOPASS_WORKER_USE_TEST_CREDS=false
|
|
|
|
# --- RAR ---
|
|
# test | prod
|
|
AUTOPASS_RAR_ENV=test
|