← Runbook

Incidents (SAFE)

1) Toujours commencer par

sudo /usr/local/sbin/sanity-check-daily.sh

2) Si un service est KO

docker compose ls -a
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Image}}"
docker logs --tail=120 <service>

3) TLS / 401 (Traefik)

curl -fsSIk https://traefik.lab.ker-ianh.fr/dashboard/ | sed -n '1,12p'
curl -fsSIk https://home.lab.ker-ianh.fr | sed -n '1,12p'

4) n8n LAB lent / down

docker logs --tail=120 lab-n8n
docker logs --tail=120 lab-db
docker exec lab-db pg_isready -U lab -d lab >/dev/null 2>&1 && echo "DB OK" || echo "DB KO"

5) Zéro secrets

❌ Interdit : docker inspect ... Env / printenv / cat .env / sops -d (en clair)
✅ Autorisé : docker logs (SAFE) / docker ps / docker compose ls / curl -I