Record Pi compose deployment

This commit is contained in:
Курнат Андрей
2026-06-08 20:11:16 +03:00
parent 43caef7a6a
commit 458831c83c
+4 -2
View File
@@ -42,7 +42,9 @@ Date: 2026-06-08.
- Current QSfera server is already running on that Pi as `qsfera-cloud-server:rpi5-local`, with `Arch=arm64`, bind-mounted config/data under `/mnt/data/qsfera/cloud-server`, and loopback port `127.0.0.1:9200`.
- `https://qsfera.kusoft.xyz/status.php` returned HTTP `200` during the check.
- The Pi root filesystem is nearly full: `/dev/mmcblk0p2` reported `57G` size, `52G` used, `2.4G` available, `96%` use. `/mnt/data` reported `916G` size, `18G` used, `853G` available, `2%` use.
- This is deployable on the Pi, but I do not count it as fully production-ready yet because the running image is a local/dev build (`qsfera-cloud-server:rpi5-local`, external status reports `edition: dev`) rather than a pinned production release image.
- Before switching the Pi server to compose, config/data were backed up to `/mnt/data/qsfera/backups/cloud-server-before-compose-20260608-200921.tar.gz`. The archive was created with `sudo tar`, had size `213M`, and `tar -tzf` completed successfully.
- The Pi server now runs through `/mnt/data/qsfera/cloud-server/src/docker-compose.rpi5.yml` with `docker compose`. `docker compose ps` reported `qsfera-cloud-server` as `Up` and `healthy`, still bound to `127.0.0.1:9200`.
- This is now compose-managed on the Pi, but I do not count it as fully production-ready yet because the running image is still a local/dev build (`qsfera-cloud-server:rpi5-local`, external status reports `edition: dev`) rather than a pinned production release image.
## Android Argus Publication Check
@@ -59,7 +61,7 @@ Date: 2026-06-08.
- Decide the rollout policy for any devices that installed the debug-signed Argus `1.3.5` APK. The production-signed `1.3.6` APK is the correct current release, but installed debug-signed clients will not satisfy the app's own signer-digest check for an in-place update.
- Fill production domains, ACME email, admin passwords, Keycloak passwords, and storage secrets from a secret manager. Do not commit real values.
- Run `./validate-production-env.sh .env` and then `docker compose config` for `Server/devtools/deployments/qsfera_full` with a filled production `.env`; Docker CLI is not available in this local environment, so compose rendering is not locally verified.
- For the Pi deployment, switch the running service from the direct Docker container to `Server/docker-compose.rpi5.yml` only after backing up `/mnt/data/qsfera/cloud-server/config` and `/mnt/data/qsfera/cloud-server/data`.
- For the Pi deployment, build or pull a pinned production QSfera image instead of the current local/dev `qsfera-cloud-server:rpi5-local` image.
- Provide real Windows signing secrets in CI: `QSFERA_DESKTOP_SIGN_PACKAGE=True` and `QSFERA_DESKTOP_CODESIGN_CERTIFICATE` with the Craft-compatible signing certificate reference.
- Configure and verify the desktop updater endpoint via `APPLICATION_UPDATE_URL`; `Desktop/scripts/validate-production-release.ps1` confirms update notifications are enabled but cannot prove a live update feed without that URL.