Skip to content

halos-restore.sh should persist INFLUXDB_ADMIN_USER so the app-config password sync targets the restored user #31

Description

@mairas

Part of #24, follow-up to #27 (Unit 3 restore).

Summary

docs/migrate/halos-restore.sh restores InfluxDB keeping the source admin username (only the org is renamed to marine) and updates INFLUXDB_ADMIN_TOKEN in the app env, but never writes INFLUXDB_ADMIN_USER. The marine InfluxDB app then assumes the user is admin, which no longer matches the restored database.

Consequence

The app env misrepresents the admin username. Combined with the InfluxDB password sync (halos-org/halos-marine-containers#189), a later app-config password change targets a nonexistent admin user and takes InfluxDB offline.

Fix

Where the restore updates the env (near the INFLUXDB_ADMIN_TOKEN write, ~halos-restore.sh:379), also persist the restored username:

INFLUXDB_ADMIN_USER=<source user>

The source user ($user) is already known at halos-restore.sh:359. This keeps the env truthful and lets the password sync target the correct account.

Relationship to #189

Defense-in-depth. The primary fix is hardening the sync to derive the username itself (halos-org/halos-marine-containers#189); doing both is ideal — this one makes the env accurate regardless of how the sync behaves.

Verified

Reproduced on halosdev.local (restored data, user boatadmin, org marine): the env had only INFLUXDB_ADMIN_TOKEN, no INFLUXDB_ADMIN_USER, so the app defaulted to admin while the DB user was boatadmin.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions