From 4e1a90032b92f7eb1858bff1757e2937fa183a22 Mon Sep 17 00:00:00 2001 From: Bernd Worsch Date: Tue, 10 Mar 2026 22:33:49 +0000 Subject: [PATCH] fix(backup): elevate sudo in Makefile and guard mkdir after root check - `make backup` now invokes `sudo tools/cmd/railiance-backup-s2` directly - Move `mkdir -p` in railiance-backup-s2 to after the root check so the script emits a clear error instead of a raw permission-denied failure Co-Authored-By: Claude Sonnet 4.6 --- Makefile | 2 +- tools/cmd/railiance-backup-s2 | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 0dad428..dac8ef5 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ INVENTORY ?= ansible/hosts.ini ##@ Safety Net backup: ## Backup k3s etcd + Helm values + kubeconfig (age-encrypted, root required) - tools/cmd/railiance-backup-s2 + sudo tools/cmd/railiance-backup-s2 restore: ## List available backups and print restore guide tools/cmd/railiance-restore-s2 diff --git a/tools/cmd/railiance-backup-s2 b/tools/cmd/railiance-backup-s2 index 6dff215..f05a80c 100755 --- a/tools/cmd/railiance-backup-s2 +++ b/tools/cmd/railiance-backup-s2 @@ -17,7 +17,6 @@ ETCD_SNAP_DIR="/var/lib/rancher/k3s/server/db/snapshots" KEEP=7 TS="$(date -u +%Y%m%dT%H%M%SZ)" -mkdir -p "${BACKUP_DIR}" print_hdr "railiance-cluster backup — ${TS}" # ── Root check ───────────────────────────────────────────────────────────────── @@ -26,6 +25,8 @@ if [[ $EUID -ne 0 ]]; then exit 1 fi +mkdir -p "${BACKUP_DIR}" + # ── 1. k3s etcd snapshot ─────────────────────────────────────────────────────── if k3s etcd-snapshot ls &>/dev/null; then ok "etcd" "taking snapshot…"