jmsperu commented on PR #12900: URL: https://github.com/apache/cloudstack/pull/12900#issuecomment-4556471622
Thanks @daviftorres — this is genuinely useful, and I appreciate you putting the operational detail in writing. A few things stand out as patterns this PR's docs should explicitly point operators toward rather than try to replicate in-tree: 1. **Read-only replica as the dump source** — avoids any contention with the live mgmt DB, especially under load. Anything we ship from inside `cloudstack-management` is inherently dumping from the primary, which is the wrong shape for production-scale deployments. 2. **Long-running service with sleep instead of cron** — kills the overlap class of bugs (slow dump + 15-min cron = compounding load) without needing a lock file. Clean. 3. **`mysqldump | gpg --encrypt | mc pipe`** — no plaintext ever lands on disk, write-only credentials, geographic spread with versioning + lifecycle. That's the right shape for compliance-sensitive backups, and it's also exactly the kind of thing we shouldn't try to replicate in a plugin. This is also why the latest revision of this PR makes the DB component **opt-in via `nas.infra.backup.include.database` (default false)** — operators with real backup tooling like yours leave it off, and the configs+certs path (where there's no comparable alternative) ships as the default. I'll add a docs note pointing to patterns like yours as the recommended production approach, with the in-plugin DB option clearly framed as a greenfield/small-deployment convenience rather than a substitute. Really helpful comment — thanks for taking the time to share. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
