29 lines
1.3 KiB
Markdown
29 lines
1.3 KiB
Markdown
---
|
|
description: Backup-coverage verification (ADR-022) — proves a service's declared backup state is actually captured.
|
|
---
|
|
|
|
Verify that a service's **declared** backup data (`backup__*`) is actually captured in
|
|
the backup repo, so the verifier and `BACKUP.md` can never disagree (the ADR-021 pattern,
|
|
applied to backups). Argument: a service/role name (e.g. `/check-backup nextcloud`).
|
|
|
|
**Dormant until the backup node exists** (Plan 2/3): with no `fisi` repo to query, this
|
|
command reports `not-yet-available` rather than failing.
|
|
|
|
## Preconditions
|
|
|
|
- `roles/<name>/` carries `backup__*` data (or `backup__state: false` with a reason).
|
|
- The backup node (`fisi`) is reachable and its restic repo exists. If not → report
|
|
`not-yet-available` and stop.
|
|
|
|
## Checks (when live)
|
|
|
|
Load the `backup__*` data for the resolved role, then:
|
|
|
|
| Check | How | Green when |
|
|
|---|---|---|
|
|
| snapshot freshness | `restic snapshots --tag <backup__service> --latest 1` | a snapshot ≤ ~24 h old exists |
|
|
| paths present | the latest snapshot contains every `backup__paths` entry | all declared paths present |
|
|
| dumps present | the snapshot contains every `backup__dumps[*].dest` | all declared dumps present |
|
|
| integrity | `restic check --read-data-subset` (sampled) | no errors |
|
|
|
|
Report per-check pass/fail; a stateless role (`backup__state: false`) reports `n/a (stateless)`.
|