You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Fix Loki config: add delete_request_store for retention in Loki 3.0
- Fix Grafana/Loki data dir permissions (UID 472/10001) in bootstrap
- Fix create-app-credentials.sh: use --entrypoint sh for minio/mc container
- Mark Phase 5.5 complete in roadmap
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: docs/roadmap.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -80,7 +80,7 @@ Add the operational foundation required before opening the platform to self-host
80
80
81
81
**Done when:** Platform operator can view health of all running apps, restore from a backup, and receive alerts when a container is unhealthy or disk is >80% full. Each app has isolated credentials.
82
82
83
-
**Status:**In progress. Infrastructure scripts and bootstrap changes implemented. Pending server deployment and verification.
83
+
**Status:**Complete. All 7 platform services running (postgres, redis, minio, caddy, loki, promtail, grafana). Per-app credentials provisioned for todo-app, hello-world, and starter-app. Cron jobs installed (backup, alerts, image updates). Grafana accessible at ops.anulectra.com.
Copy file name to clipboardExpand all lines: infrastructure/create-app-credentials.sh
+13-31Lines changed: 13 additions & 31 deletions
Original file line number
Diff line number
Diff line change
@@ -79,30 +79,11 @@ if [ -z "${MINIO_ROOT_USER:-}" ] || [ -z "${MINIO_ROOT_PASSWORD:-}" ]; then
79
79
exit 1
80
80
fi
81
81
82
-
# Set MinIO alias
83
-
info "Configuring MinIO client..."
84
-
docker run --rm --network towlion minio/mc aliassetlocal http://minio:9000 "$MINIO_ROOT_USER""$MINIO_ROOT_PASSWORD">/dev/null 2>&1
85
-
86
-
# Create bucket
87
-
info "Creating MinIO bucket: ${APP_NAME}-uploads..."
88
-
if docker run --rm --network towlion minio/mc mb "local/${APP_NAME}-uploads" --ignore-existing 2>&1| grep -q "Bucket created successfully";then
89
-
info "Bucket created successfully"
90
-
else
91
-
warn "Bucket '${APP_NAME}-uploads' may already exist"
92
-
fi
93
-
94
-
# Create MinIO user
82
+
# MinIO setup: bucket, user, policy (all in one container to preserve alias)
95
83
MINIO_USER="${APP_NAME}-user"
96
-
info "Creating MinIO user: ${MINIO_USER}..."
97
-
if docker run --rm --network towlion minio/mc admin user add local"${MINIO_USER}""${S3_PASSWORD}"2>&1| grep -q "Added user";then
98
-
info "MinIO user created successfully"
99
-
else
100
-
warn "MinIO user '${MINIO_USER}' may already exist, password not updated"
101
-
fi
84
+
info "Setting up MinIO: bucket, user, and policy for ${APP_NAME}..."
102
85
103
-
# Create scoped policy
104
-
info "Creating MinIO policy for ${APP_NAME}..."
105
-
POLICY_JSON=$(cat <<EOF
86
+
POLICY_JSON=$(cat <<PEOF
106
87
{
107
88
"Version": "2012-10-17",
108
89
"Statement": [
@@ -121,17 +102,18 @@ POLICY_JSON=$(cat <<EOF
121
102
}
122
103
]
123
104
}
124
-
EOF
105
+
PEOF
125
106
)
126
107
127
-
# Write policy to temp location and create it
128
-
docker run --rm --network towlion -v /tmp:/tmp minio/mc sh -c "echo '$POLICY_JSON' > /tmp/${APP_NAME}-policy.json && mc alias set local http://minio:9000 $MINIO_ROOT_USER$MINIO_ROOT_PASSWORD >/dev/null 2>&1 && mc admin policy create local ${APP_NAME}-policy /tmp/${APP_NAME}-policy.json">/dev/null 2>&1
129
-
info "MinIO policy created"
130
-
131
-
# Attach policy to user
132
-
info "Attaching policy to user..."
133
-
docker run --rm --network towlion minio/mc sh -c "mc alias set local http://minio:9000 $MINIO_ROOT_USER$MINIO_ROOT_PASSWORD >/dev/null 2>&1 && mc admin policy attach local ${APP_NAME}-policy --user ${MINIO_USER}">/dev/null 2>&1
134
-
info "Policy attached successfully"
108
+
docker run --rm --network towlion --entrypoint sh minio/mc -c "
109
+
mc alias set local http://minio:9000 '${MINIO_ROOT_USER}' '${MINIO_ROOT_PASSWORD}' >/dev/null 2>&1
110
+
mc mb local/${APP_NAME}-uploads --ignore-existing 2>/dev/null || true
111
+
mc admin user add local '${MINIO_USER}' '${S3_PASSWORD}' 2>/dev/null || true
112
+
echo '${POLICY_JSON}' > /tmp/policy.json
113
+
mc admin policy create local ${APP_NAME}-policy /tmp/policy.json 2>/dev/null || true
114
+
mc admin policy attach local ${APP_NAME}-policy --user '${MINIO_USER}' 2>/dev/null || true
0 commit comments