[DEBUG] 운영 DB 백업 GCS 업로드 실패 수정#610
Merged
Merged
Conversation
Upload backups through the GCS JSON media API with the VM metadata token so the backup path only needs object creation and does not depend on gcloud cp destination reads or per-user Cloud SDK config. Keep systemd smoke failures blocking so deploys surface broken backups with HTTP response details.\n\nConstraint: Production IAM must not be changed via Terraform apply during this fix.\nRejected: Granting roles/storage.objectAdmin or objectUser | broader backup object read/delete permissions than the upload path needs.\nConfidence: medium\nScope-risk: narrow\nDirective: Do not reintroduce gcloud storage cp unless the backup service account is intentionally granted the read permissions that command may require.\nTested: bash -n scripts/install_backup_systemd.sh scripts/run_db_backup.sh scripts/backup_db.sh scripts/deploy.sh; git diff --check; urlencode function smoke; terraform -chdir=terraform validate\nNot-tested: Live production GCS upload; requires main deploy on GCE metadata credentials.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
❤️ 기능 설명
운영 DB 백업 smoke test가 dump 파일 생성 후 GCS 업로드 단계에서 실패하던 문제를 수정합니다.
현재 로그상
mysqldump와 gzip 파일 생성은 성공했고, 이후 업로드 단계에서 service가 exit 1로 종료됩니다.기존 업로드는
gcloud storage cp를 사용했는데, 이 경로는 VM 서비스 계정의 object create 권한만으로는 목적지 확인/read 동작이나 Cloud SDK 사용자 설정에 걸릴 수 있습니다.변경 사항:
gcloud storage cp대신 GCE metadata server access token + GCS JSON media upload API로 직접 업로드ifGenerationMatch=0을 사용해 기존 백업 객체 overwrite 방지google-cloud-cli설치 의존 제거,curl만 보장Terraform 변경 및
terraform apply는 없습니다.Swagger/API 변경은 없는 운영 배포 스크립트 수정입니다.
연결된 issue
관련 issue: #607
🩷 Approve 하기 전 확인해주세요!
✅ 체크리스트
테스트 결과:
bash -n scripts/install_backup_systemd.sh scripts/run_db_backup.sh scripts/backup_db.sh scripts/deploy.sh git diff --check bash -c 'source /tmp/urlencode-fn.sh; test "$(urlencode "prod/2026/06/cockple-test.sql.gz")" = "prod%2F2026%2F06%2Fcockple-test.sql.gz"' terraform -chdir=terraform validate검증 결과: 통과