Tonbo Artifacts

Day-2 operations

Re-mounting after restarts, rotating credentials, basic ops.

Re-mount on container restart

A daemonized mount survives until the host or container is recycled. On a fresh boot, re-mount as part of the entrypoint:

#!/bin/bash
# fly app entrypoint, EC2 cloud-init, Kubernetes initContainer, etc.
set -euo pipefail

mkdir -p /mnt/work

# Workspace credentials are cached in ~/.config/artifacts/byo-credentials
# from the original `workspace create`. Mount uses the cache automatically.
artifacts mount cases /mnt/work

# At this point /mnt/work is ready; safe to start your real workload.
exec your-real-entrypoint "$@"

artifacts mount returns when FUSE is up, so no sleep N && mount | grep polling is needed.

If the container starts as a fresh user without ~/.config/artifacts/, you need either:

  • ARTIFACTS_S3_ACCESS_KEY_ID + ARTIFACTS_S3_SECRET_ACCESS_KEY env vars wired in from your secrets manager, OR
  • a service token (see Service tokens) and a one-shot artifacts storage set to populate the cache before mount.

Rotate bucket credentials

Your Tigris (or AWS) AK/SK rotated. Update the cache:

artifacts storage set \
    --access-key-id <new-ak> \
    --secret-access-key <new-sk>

Existing mounts on this host keep using the previous credentials in memory until the next mount-session issuance, so they don't break mid-flight. New mounts pick up the new creds.

For a forced re-issue:

artifacts unmount /mnt/work
artifacts mount cases /mnt/work

List your workspaces

artifacts workspace list
artifacts --format json workspace list | jq .

Inspect a workspace

artifacts workspace show cases

Includes the storage block (bucket / endpoint / region), the workspace identifier, the JuiceFS volume name, and the on-server status (active / pending_format / deleting / deleted).

Tear down

artifacts unmount /mnt/work
artifacts workspace delete cases --yes

Cleans the per-workspace metadata in Tonbo's Redis. Bucket chunks are not touched. That's your data; you own it.

To free bucket storage:

aws s3 rm s3://panta-cases/ --recursive --endpoint-url https://fly.storage.tigris.dev

(Adjust to whatever bucket / endpoint your workspace pointed at.)

Health checks

The orchestrator exposes a public liveness probe:

curl -fsS https://artifacts.tonbo.dev/healthz
# ok

Per-mount metrics live in <mountpoint>/.stats:

grep -E '^(juicefs_fuse_ops_io_total|juicefs_object_request_data_bytes_GET|juicefs_blockcache_hits)' \
    /mnt/work/.stats

A first-class artifacts status and artifacts stats (workspace-wide 1h/24h/7d aggregates) are coming once the telemetry pipeline lands.