website/docs: sys mgmt: document authentik backups/restoration#12943
website/docs: sys mgmt: document authentik backups/restoration#12943tanberry merged 19 commits intogoauthentik:mainfrom
Conversation
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for authentik-storybook canceled.
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #12943 +/- ##
==========================================
+ Coverage 92.68% 92.70% +0.02%
==========================================
Files 793 793
Lines 40347 40364 +17
==========================================
+ Hits 37395 37421 +26
+ Misses 2952 2943 -9
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Depends on #12962 for the Docker container names. |
…d and this is the easiest no-config-change solution that works
You don't need to, we assume in the documentation that a bunch of commands are run from the docker-compose directory. |
|
One thing I forgot to mention, I don't want us to provide specific instructions for backing things up, but instead provide references to our dependencies respective documentation. |
For example, linking the Postgres backup page instead of providing a command? I'm curious, is there any specific reasoning behind this? While this might simplify things for us, it could ultimately create more challenges for the user, particularly those who aren’t as familiar with Postgres or Redis. There’s a risk they could end up relying on commands from unreliable third-party documentation or their own improvised solutions, which could lead to data loss or improper backups due to incorrect usage or poor practices. Wouldn’t it be safer and more effective to direct them to the official dependency documentation and provide commands? |
|
This is a bit like one of my first PRs to authentik: upgrading PG from v12 to 16. We could have linked pg_restore/pg_dump/pg_whateverelse docs but instead we provided a step-by-step with postgres commands. |
Exactly
There is. First, there is the added maintenance for us. Providing specific instructions would mean that we have to maintain those, possibly for multiple versions of postgres (for instance the helm chart and the docker-compose ones don't currently match). It also means that we would need to provide some level of support for issues and questions coming in. We currently don't have that kind of bandwidth. Backing things up (whether it's postgres, redis, files, or whatever else) is never easy and straightforward. Providing commands would make it look like it is, but it isn't. There are many other things to consider, like the fact that we also need to backup users and their password so that on restore. While on the topic of restoration, we would also need to provide additional instructions for that. We also need to consider that using the provided postgres/redis setup with the docker-compose and helm chart is not the way everyone runs authentik. I would much rather have explanations of what needs to be backed up, why it needs to be backed up, and solid pointers to resources explaining how to do it, instead of us trying to "make things up" even though it isn't our expertise.
Not our problem. Seriously. I know it sounds harsh, but if anyone is running an application (authentik or else) and rely on that data without having 1. learned how to do backups and 2. proper setup and testing of said backups, they shouldn't be running that application. Which is why I want us to point people in the right direction, with links to references of the upstream backup documentation for example. |
|
sorry for taking a while to get to this. I've implemented your suggestions in e3292ee . Hope I wasn't too specific or vague on certain points. Restoration docs is also added in b92ab8d If you choose to keep "Restore Notes" (under "Static directories"), wording will probably have to be updated. I'm not proud of my descriptions. |
rissson
left a comment
There was a problem hiding this comment.
Overall a pretty good document. I very much like the way things are laid out and organized
|
was out sick some time this week, I'll get to this next week |
Signed-off-by: Dominic R <dominic@sdko.org>
tanberry
left a comment
There was a problem hiding this comment.
Thank you so much for adding this important bit of How To documentation, @dominic-r !!
Signed-off-by: Dominic R <dominic@sdko.org>
|
Comme toujours, c'est un plaisir! @tanberry |
|
Does losing the Redis data mean that pending emails are lost? For invite email that might be considered permanent data loss |
That's correct. We're working on solutions to avoid those issues |
Depending on far away these solutions are it would be best to correct the documentation to state that losing redis does mean losing irrecoverable state |
* main: (77 commits) web: Ignore Storybook when running codespell. (#13454) core: bump ruff from 0.9.9 to 0.9.10 (#13448) core: bump webauthn from 2.5.1 to 2.5.2 (#13449) website/docs: backup and restore: remove extra period (#13440) website: bump prismjs from 1.29.0 to 1.30.0 in /website (#13456) web: bump prismjs from 1.29.0 to 1.30.0 in /web (#13455) web: admin interface: faster card load (#13331) web/admin: fix display bug for assigned users in application bindings in the wizard (#13435) website: bump the build group across 1 directory with 9 updates (#13442) core: bump django from 5.0.12 to 5.0.13 (#13425) providers/SCIM: fix object exists error for users, attempt to look up user ID in remote system (#13437) website/docs: sys mgmt: document authentik backups/restoration (#12943) website: fix build in docker (#13430) website/integrations: zipline: add (#13257) translate: Updates for file web/xliff/en.xlf in fr (#13431) lifecycle/aws: bump aws-cdk from 2.1002.0 to 2.1003.0 in /lifecycle/aws (#13426) translate: Updates for file web/xliff/en.xlf in zh_CN (#13428) translate: Updates for file web/xliff/en.xlf in zh-Hans (#13429) core, web: update translations (#13423) website: add a better edit this page element (#13391) ...
…data (#13483) * website/docs: ops/backup-restore: add "email invitations" to lost redis data Adds email invitations to the examples of data loss in the Redis section. Resolves #12943 (comment) Signed-off-by: Dominic R <dominic@sdko.org> * i'm blind Signed-off-by: Dominic R <dominic@sdko.org> --------- Signed-off-by: Dominic R <dominic@sdko.org>
* main: web: admin interface: faster card load (#13331) web/admin: fix display bug for assigned users in application bindings in the wizard (#13435) website: bump the build group across 1 directory with 9 updates (#13442) core: bump django from 5.0.12 to 5.0.13 (#13425) providers/SCIM: fix object exists error for users, attempt to look up user ID in remote system (#13437) website/docs: sys mgmt: document authentik backups/restoration (#12943) website: fix build in docker (#13430) website/integrations: zipline: add (#13257)
What?
This PR adds general documentation to backup authentik: the postgres database, the redis instance, and static directories.
Closes
Closes #8411
make website)