[ops] Disaster recovery for heronu demo VM — runtime state dump + /data snapshot to object storage #161

New issue

Closed

opened 2026-04-24 03:33:32 +00:00 by mik-tf · 1 comment

mik-tf commented 2026-04-24 03:33:32 +00:00

Owner

Copy link

Why

The heronu demo VM (TF Grid freefarm node 1) holds ~12 hours of hand-patching and demo data. If the VM dies, the Mycelium route flaps for days, or the node is reclaimed, recovery today means redoing the entire patch cycle from scratch — even with the development_mik_nu_demo branches now pushed (see #160).

Runtime state that IS NOT in git:

• hero_proc action get <name> --format yaml for every action — env vars, script paths, restart policies, health checks. Some carry the AIBROKER_API_ENDPOINT, HERO_AGENT_ROUTING_MODE, FORGEJO_TOKEN config that makes the demo work.
• /home/driver/hero/var/** — OSIS data (business, calendar, projects, media, identity across 5 contexts), hero_books namespaces (hero=163 docs, geomind=1733+ docs indexing), embedder HNSW indexes, hero_foundry webdav content.
• /home/driver/code/docs_* — 4 cloned doc libraries (~800 MB).
• Seeded OSIS records with schema-migrated data (30 projects + all business + calendar + media across contexts).
• ~/hero/var/agent/mcp.json trimmed to hero_books only.

None of this is reconstructible from the code alone — it's either the result of out-of-band operator commands (hero_proc action set) or of a destructive seed-migration flow.

What Tier 1 disaster recovery looks like

Two artifacts, generated periodically, stored outside the VM:

1. Runtime state dump (weekly or post-deploy, ~1 MB)

A single JSON blob capturing:

{
  "heronu_snapshot": "2026-04-24T03:30:00Z",
  "hero_proc": {
    "<action>": { "env": {...}, "script": "...", "health_checks": [...] },
    ...
  },
  "libraries_txt": "hero https://...\ngeomind https://...\n...",
  "mcp_json": { ... },
  "context_list": ["default", "geomind", "incubaid", "root", "threefold"],
  "patches_applied": {
    "<repo>": { "branch": "development_mik_nu_demo", "head_commit": "<sha>" },
    ...
  }
}

Commit this to lhumina_code/demo_state (new repo) or push to an S3-compatible bucket. A recovery script reads it, runs hero_proc action set for each entry, checks out the recorded commits on the new VM.

2. Data tarball (daily, ~2-5 GB compressed)

tar -czf heronu-data-<date>.tar.gz -C /data/home/driver \
  hero/var/osisdb hero/var/embedder/data hero/var/books \
  hero/var/hero_foundry/webdav hero/var/agent/workspace

Push to TF Grid QSFS (preferred, native) or an S3-compatible bucket reachable via Mycelium. Size will drop significantly once embedder HNSW indexes are excluded and re-generatable from source.

3. Recovery runbook (on docs_hero/ops/disaster_recovery.md)

Step-by-step: new VM via existing Terraform, apt install system deps from a fixed list, git clone all repos at recorded commits, download + extract data tarball, replay hero_proc action dump, verify with smoke tests.

Why this is cheap and high-leverage

• Effort: ~4-6 hours to write the dump script + store+retrieve tooling + runbook. Under a day.
• Ongoing cost: zero after automation (cron).
• Bus factor: drops from 1 (the current operator) to any engineer who can read the runbook.
• Doesn't preclude Tier 2/3 later: state dump and data tarball remain useful even once declarative IaC lands.

Concrete deliverables

• scripts/ops/dump_demo_state.sh — generates the state JSON described above
• scripts/ops/backup_demo_data.sh — daily tar+push of /data/home/driver/hero/var/
• scripts/ops/restore_demo.sh — idempotent replay onto a fresh VM
• docs_hero/ops/disaster_recovery.md — operator runbook
• Verify end-to-end by running restore on a sacrificial TF Grid VM and confirming AI Assistant grounds on docs_hero queries

Related

• #160 — consolidated demo state and remaining work
• #148 — nu-demo architecture index

Signed-off-by: mik-tf

## Why The heronu demo VM (TF Grid freefarm node 1) holds ~12 hours of hand-patching and demo data. If the VM dies, the Mycelium route flaps for days, or the node is reclaimed, recovery today means redoing the entire patch cycle from scratch — even with the development_mik_nu_demo branches now pushed (see [#160](https://forge.ourworld.tf/lhumina_code/home/issues/160)). Runtime state that IS NOT in git: - `hero_proc action get <name> --format yaml` for every action — env vars, script paths, restart policies, health checks. Some carry the AIBROKER_API_ENDPOINT, HERO_AGENT_ROUTING_MODE, FORGEJO_TOKEN config that makes the demo work. - `/home/driver/hero/var/**` — OSIS data (business, calendar, projects, media, identity across 5 contexts), hero_books namespaces (hero=163 docs, geomind=1733+ docs indexing), embedder HNSW indexes, hero_foundry webdav content. - `/home/driver/code/docs_*` — 4 cloned doc libraries (~800 MB). - Seeded OSIS records with schema-migrated data (30 projects + all business + calendar + media across contexts). - `~/hero/var/agent/mcp.json` trimmed to hero_books only. None of this is reconstructible from the code alone — it's either the result of out-of-band operator commands (`hero_proc action set`) or of a destructive seed-migration flow. ## What Tier 1 disaster recovery looks like Two artifacts, generated periodically, stored outside the VM: ### 1. Runtime state dump (weekly or post-deploy, ~1 MB) A single JSON blob capturing: ``` { "heronu_snapshot": "2026-04-24T03:30:00Z", "hero_proc": { "<action>": { "env": {...}, "script": "...", "health_checks": [...] }, ... }, "libraries_txt": "hero https://...\ngeomind https://...\n...", "mcp_json": { ... }, "context_list": ["default", "geomind", "incubaid", "root", "threefold"], "patches_applied": { "<repo>": { "branch": "development_mik_nu_demo", "head_commit": "<sha>" }, ... } } ``` Commit this to `lhumina_code/demo_state` (new repo) or push to an S3-compatible bucket. A recovery script reads it, runs `hero_proc action set` for each entry, checks out the recorded commits on the new VM. ### 2. Data tarball (daily, ~2-5 GB compressed) ``` tar -czf heronu-data-<date>.tar.gz -C /data/home/driver \ hero/var/osisdb hero/var/embedder/data hero/var/books \ hero/var/hero_foundry/webdav hero/var/agent/workspace ``` Push to TF Grid QSFS (preferred, native) or an S3-compatible bucket reachable via Mycelium. Size will drop significantly once embedder HNSW indexes are excluded and re-generatable from source. ### 3. Recovery runbook (on `docs_hero/ops/disaster_recovery.md`) Step-by-step: new VM via existing Terraform, `apt install` system deps from a fixed list, git clone all repos at recorded commits, download + extract data tarball, replay hero_proc action dump, verify with smoke tests. ## Why this is cheap and high-leverage - **Effort:** ~4-6 hours to write the dump script + store+retrieve tooling + runbook. Under a day. - **Ongoing cost:** zero after automation (cron). - **Bus factor:** drops from 1 (the current operator) to any engineer who can read the runbook. - **Doesn't preclude Tier 2/3 later:** state dump and data tarball remain useful even once declarative IaC lands. ## Concrete deliverables - [ ] `scripts/ops/dump_demo_state.sh` — generates the state JSON described above - [ ] `scripts/ops/backup_demo_data.sh` — daily tar+push of `/data/home/driver/hero/var/` - [ ] `scripts/ops/restore_demo.sh` — idempotent replay onto a fresh VM - [ ] `docs_hero/ops/disaster_recovery.md` — operator runbook - [ ] Verify end-to-end by running restore on a sacrificial TF Grid VM and confirming AI Assistant grounds on docs_hero queries ## Related - [#160](https://forge.ourworld.tf/lhumina_code/home/issues/160) — consolidated demo state and remaining work - [#148](https://forge.ourworld.tf/lhumina_code/home/issues/148) — nu-demo architecture index Signed-off-by: mik-tf

mik-tf referenced this issue 2026-04-24 13:29:01 +00:00

[ops] Fresh TF Grid VM Mycelium route propagation takes 15+ min — make publicip=true the nu-shell deploy default #165

mik-tf referenced this issue 2026-04-24 16:31:58 +00:00

[nu-demo] hero_books PDF export needs Chromium — Ubuntu 24 ships chromium-browser as snap-wrapper which fails on TF Grid VMs #177

mik-tf referenced this issue from a commit 2026-04-24 16:48:08 +00:00

feat(hero_demo): nu-shell deployment runbook + README + TF rootfs_size/gateway_node

mik-tf referenced this issue 2026-04-25 00:16:21 +00:00

[ops] Docker on TF Grid VM needs btrfs storage driver — overlayfs fails on whiteout files #181

mik-tf referenced this issue 2026-04-25 00:21:11 +00:00

[ops] Docker on TF Grid VM needs btrfs storage driver — overlayfs fails on whiteout files #181

mik-tf referenced this issue from lhumina_code/hero_demo 2026-04-28 12:21:01 +00:00

[ops] Disaster recovery for heronu demo VM — runtime state dump + /data snapshot to object storage #29

mik-tf commented 2026-04-28 12:21:02 +00:00

Author

Owner

Copy link

Moved to hero_demo#29 — see lhumina_code/hero_demo#29

Moved to hero_demo#29 — see https://forge.ourworld.tf/lhumina_code/hero_demo/issues/29

mik-tf closed this issue 2026-04-28 12:21:02 +00:00

mik-tf referenced this issue from lhumina_code/hero_demo 2026-04-28 12:21:17 +00:00

[ops] Fresh TF Grid VM Mycelium route propagation takes 15+ min — make publicip=true the nu-shell deploy default #33

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

development

main

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/home#161

No description provided.