Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deployment issues: DB Seed not working + Cannot Generate Code #137

Open
shinebayar-g opened this issue Nov 19, 2020 · 0 comments
Open

Deployment issues: DB Seed not working + Cannot Generate Code #137

shinebayar-g opened this issue Nov 19, 2020 · 0 comments

Comments

@shinebayar-g
Copy link

Hi. We're trying to deploy covid shield app in our country. Here is what I'm doing and issues I've encountered, solved so far.

  1. run docker-compose up -d mysql key-submission key-retrieval
  2. created custom credentials.yml.enc file by running EDITOR=vim rails credentials:edit inside portal container first with default content, nothing added. Saved this file.
  3. run docker-compose run portal bundle exec rake portal:bootstrap

Here is my first issue. I don't exactly know what is portal:bootstrap doing, but it's giving error on

User Exists? (0.8ms)  SELECT 1 AS one FROM `users` WHERE `users`.`username` = BINARY '[email protected]' LIMIT 1

part. I've found out bundle exec rake db:seed command is giving the exact same error. (assuming portal:bootstrap calls db:seed under the hood? Because of this error default admin user is not being created.

✗ docker-compose run portal bundle exec rake portal:bootstrap
Creating covid-app_portal_run ... done
D, [2020-11-19T07:51:52.344828 #1] DEBUG -- :    (0.4ms)  SET NAMES utf8mb4,  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.354371 #1] DEBUG -- :    (8.9ms)  CREATE DATABASE `portal` DEFAULT CHARACTER SET `utf8mb4`
Created database 'portal'
D, [2020-11-19T07:51:52.356924 #1] DEBUG -- :    (0.3ms)  SET NAMES utf8mb4,  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.388357 #1] DEBUG -- :    (0.5ms)  SET NAMES utf8mb4,  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.392390 #1] DEBUG -- :    (3.2ms)  DROP TABLE IF EXISTS `users` CASCADE
D, [2020-11-19T07:51:52.416082 #1] DEBUG -- :    (21.5ms)  CREATE TABLE `users` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `username` varchar(255) NOT NULL, `password_digest` varchar(255) NOT NULL, `admin` tinyint(1) DEFAULT FALSE, `locale` varchar(255) DEFAULT 'en', `created_at` datetime(6) NOT NULL, `updated_at` datetime(6) NOT NULL, UNIQUE INDEX `index_users_on_username`  (`username`)) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
D, [2020-11-19T07:51:52.434156 #1] DEBUG -- :    (16.5ms)  CREATE TABLE `schema_migrations` (`version` varchar(255) NOT NULL PRIMARY KEY)
D, [2020-11-19T07:51:52.443309 #1] DEBUG -- :    (0.4ms)  SELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC
D, [2020-11-19T07:51:52.447647 #1] DEBUG -- :    (2.7ms)  INSERT INTO `schema_migrations` (version) VALUES (20200516213328)
D, [2020-11-19T07:51:52.466023 #1] DEBUG -- :    (15.8ms)  CREATE TABLE `ar_internal_metadata` (`key` varchar(255) NOT NULL PRIMARY KEY, `value` varchar(255), `created_at` datetime(6) NOT NULL, `updated_at` datetime(6) NOT NULL)
D, [2020-11-19T07:51:52.469928 #1] DEBUG -- :   ActiveRecord::InternalMetadata Load (0.5ms)  SELECT `ar_internal_metadata`.* FROM `ar_internal_metadata` WHERE `ar_internal_metadata`.`key` = 'environment' LIMIT 1
D, [2020-11-19T07:51:52.474982 #1] DEBUG -- :    (0.2ms)  BEGIN
D, [2020-11-19T07:51:52.475372 #1] DEBUG -- :   ActiveRecord::InternalMetadata Create (0.3ms)  INSERT INTO `ar_internal_metadata` (`key`, `value`, `created_at`, `updated_at`) VALUES ('environment', 'production', '2020-11-19 07:51:52.474211', '2020-11-19 07:51:52.474211')
D, [2020-11-19T07:51:52.478670 #1] DEBUG -- :    (3.1ms)  COMMIT
D, [2020-11-19T07:51:52.480607 #1] DEBUG -- :   ActiveRecord::InternalMetadata Load (0.4ms)  SELECT `ar_internal_metadata`.* FROM `ar_internal_metadata` WHERE `ar_internal_metadata`.`key` = 'environment' LIMIT 1
D, [2020-11-19T07:51:52.482804 #1] DEBUG -- :   ActiveRecord::InternalMetadata Load (0.4ms)  SELECT `ar_internal_metadata`.* FROM `ar_internal_metadata` WHERE `ar_internal_metadata`.`key` = 'schema_sha1' LIMIT 1
D, [2020-11-19T07:51:52.483940 #1] DEBUG -- :    (0.2ms)  BEGIN
D, [2020-11-19T07:51:52.484474 #1] DEBUG -- :   ActiveRecord::InternalMetadata Create (0.4ms)  INSERT INTO `ar_internal_metadata` (`key`, `value`, `created_at`, `updated_at`) VALUES ('schema_sha1', '4a4e9a9ca15bfa95f16835c60127dfabe08cfa8d', '2020-11-19 07:51:52.483236', '2020-11-19 07:51:52.483236')
D, [2020-11-19T07:51:52.487360 #1] DEBUG -- :    (2.6ms)  COMMIT
D, [2020-11-19T07:51:52.489566 #1] DEBUG -- :    (0.4ms)  SET NAMES utf8mb4,  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.494701 #1] DEBUG -- :    (0.2ms)  SELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC
D, [2020-11-19T07:51:52.498767 #1] DEBUG -- :    (0.2ms)  SET NAMES utf8mb4,  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.515822 #1] DEBUG -- :    (0.3ms)  BEGIN
D, [2020-11-19T07:51:52.516749 #1] DEBUG -- :   User Exists? (0.8ms)  SELECT 1 AS one FROM `users` WHERE `users`.`username` = BINARY '[email protected]' LIMIT 1
D, [2020-11-19T07:51:52.517160 #1] DEBUG -- :    (0.2ms)  ROLLBACK
D, [2020-11-19T07:51:52.518965 #1] DEBUG -- :    (0.2ms)  SET NAMES utf8mb4,  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.524151 #1] DEBUG -- :    (0.3ms)  SET NAMES utf8mb4,  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.524890 #1] DEBUG -- :    (0.3ms)  SELECT GET_LOCK('402459234364526640', 0)
D, [2020-11-19T07:51:52.526873 #1] DEBUG -- :    (0.2ms)  SELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC
D, [2020-11-19T07:51:52.527843 #1] DEBUG -- :   ActiveRecord::InternalMetadata Load (0.5ms)  SELECT `ar_internal_metadata`.* FROM `ar_internal_metadata` WHERE `ar_internal_metadata`.`key` = 'environment' LIMIT 1
D, [2020-11-19T07:51:52.528991 #1] DEBUG -- :    (0.3ms)  SELECT RELEASE_LOCK('402459234364526640')
D, [2020-11-19T07:51:52.530927 #1] DEBUG -- :    (0.3ms)  SET NAMES utf8mb4,  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.532482 #1] DEBUG -- :   User Exists? (0.8ms)  SELECT 1 AS one FROM `users` WHERE `users`.`username` = '[email protected]' LIMIT 1

I've been wandering around code and found out that if I use ENV RAILS_ENV=test I could actually run db:seed without error and actual admin user is being created! So following command is being used for now.

docker-compose run -e RAILS_ENV=test portal bundle exec rake db:seed

  1. Time to bring up portal service finally.
    docker-compose up -d portal
    docker-compose up -d nginx <- has to start nginx after everything setup. Because of nginx config upstream failure errors.

  2. Right now I'm logged into portal app as admin user. But I cannot generate code, whenever I click Generate Code button it says There was an error generating a code. Please try again. and printing following error on portal server console.

I, [2020-11-19T08:09:22.877998 #101]  INFO -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] Started POST "/keys/generate" for 172.27.0.7 at 2020-11-19 08:09:22 +0000
I, [2020-11-19T08:09:22.880846 #101]  INFO -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] Processing by KeysController#generate as */*
I, [2020-11-19T08:09:22.880997 #101]  INFO -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517]   Parameters: {"key"=>{}}
D, [2020-11-19T08:09:22.883929 #101] DEBUG -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517]   User Load (0.3ms)  SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 LIMIT 1
I, [2020-11-19T08:09:22.891469 #101]  INFO -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] Completed 500 Internal Server Error in 10ms (ActiveRecord: 0.3ms | Allocations: 644)
F, [2020-11-19T08:09:22.891830 #101] FATAL -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517]
[2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: wrong version number):
[2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517]
[2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] app/controllers/keys_controller.rb:17:in `generate'
[2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] app/controllers/application_controller.rb:32:in `switch_locale'

Please help us successfully deploy the application. We might be able to save people lives by using this wonderful open source application. Any pointers would be appreciated. Thank you.

Our setup:

version: "2.1"

services:
  nginx:
    image: nginx:1.18-alpine
    container_name: nginx
    restart: unless-stopped
    ports:
      - "127.0.0.1:443:443"
    networks:
      - covidApp
    volumes:
        - ./nginx/docker.nginx.conf:/etc/nginx/nginx.conf
        - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
        - ./nginx/dhparam.pem:/etc/nginx/dhparam.pem
        - ./nginx/priv.key:/etc/nginx/priv.key
        - ./nginx/pub.crt:/etc/nginx/pub.crt
    depends_on:
      key-submission:
        condition: service_started
      key-retrieval:
        condition: service_started
      portal:
        condition: service_started

  mysql:
    image: mysql:8.0 # Using mysql 8.0 , mysql 5.7 was giving error: MySQL import error Unknown collation: 'utf8mb4_0900_ai_ci' when running rake portal:bootstrap
    container_name: mysql
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 8rCQGDRcKQvqHunkgcdPhu7Z7ywfa7qj
      MYSQL_DATABASE: covidshield
      MYSQL_USER: covidshield
      MYSQL_PASSWORD: covidshield
    networks:
      - covidApp
    volumes:
        - mysql-data:/var/lib/mysql
    healthcheck:
      test: ["CMD", "sh", "-c", "mysqladmin ping -u $$MYSQL_USER --password=$$MYSQL_PASSWORD"]
      timeout: 20s
      retries: 10

  key-submission:
    image: covidshield/key-submission:latest
    container_name: key-submission
    restart: unless-stopped
    environment:
      DATABASE_URL: covidshield:covidshield@tcp(mysql:3306)/covidshield
      KEY_CLAIM_TOKEN: "Lt6Ln7mVBLJRcvaY=428" # Lt6Ln7mVBLJRcvaY is random generated? =428 coming from https://github.com/CovidShield/server/issues/58#issuecomment-638252028 this explanation
    networks:
      - covidApp
    ulimits:
      nofile:
        soft: 100000
        hard: 100000
    depends_on:
      mysql:
        condition: service_healthy

  key-retrieval:
    image: covidshield/key-retrieval:latest
    container_name: key-retrieval
    restart: unless-stopped
    environment:
      DATABASE_URL: covidshield:covidshield@tcp(mysql:3306)/covidshield
      ECDSA_KEY: 30770201010420b3f18a01b2851013192785b0cde257c196ae85a7bf4b6b06f3e843cb43297b3ba00a06082a8648ce3d030107a144034200048660f9877e486f8e84b192ca868576408c181763e7c7dc4f9925972a78fe191287147dd6af731d85ddb111326a9583ee7b2abb8aad6d6782edb6233e762e804b
      RETRIEVE_HMAC_KEY: ad6f9fe54afc3aff7aa160b8b1124638ab166278959b69a2c6ae0d4c6e6d655b # Another random 64 characters?
    networks:
      - covidApp
    depends_on:
      mysql:
        condition: service_healthy

  portal:
    image: covidshield/portal:latest
    container_name: portal
    restart: unless-stopped
    environment:
      RAILS_MASTER_KEY: WanVQrPa9Nb7Bwr4K9yhmc7yvtUfKCh7
      RAILS_ENV: production
      RAILS_CREDENTIALS_PATH: /app/config/credentials.yml.enc
      DATABASE_URL: "mysql2://root:8rCQGDRcKQvqHunkgcdPhu7Z7ywfa7qj@mysql:3306/portal"
      KEY_CLAIM_HOST: "key-submission:8000"
      KEY_CLAIM_TOKEN: "Lt6Ln7mVBLJRcvaY=428"
      RAILS_SERVE_STATIC_FILES: 1
      RAILS_LOG_TO_STDOUT: 1
    volumes:
        - ./credentials.yml.enc:/app/config/credentials.yml.enc
    networks:
      - covidApp
    depends_on:
      mysql:
        condition: service_healthy
      key-retrieval:
        condition: service_started
      key-submission:
        condition: service_started

volumes:
  mysql-data:

networks:
  covidApp:
    driver: bridge

Nginx config:

upstream portal {
    server portal:3000;
}

upstream key-submission {
    server key-submission:8000;
}

upstream key-retrieval {
    server key-retrieval:8001;
}

server {
    listen 443 ssl http2;
    server_name covid-app.test;
    access_log /var/log/nginx/covid-app.test.acces.log;
    error_log /var/log/nginx/covid-app.test.error.log;

    ssl_certificate /etc/nginx/pub.crt;
    ssl_certificate_key /etc/nginx/priv.key;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparam.pem;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
    ssl_session_timeout  10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off; # Requires nginx >= 1.5.9
    # ssl_stapling on; # Requires nginx >= 1.3.7
    # ssl_stapling_verify on; # Requires nginx => 1.3.7
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_pass       http://portal;
    }

    location /claim-key {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_pass       http://key-submission;
    }

    location /new-key-claim {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_pass       http://key-submission;
    }

    location /upload {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_pass       http://key-submission;
    }

    location /retrieve/* {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_pass       http://key-retrieval;
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shinebayar-g