Deployment issues: DB Seed not working + Cannot Generate Code #137
Description
Hi. We're trying to deploy covid shield app in our country. Here is what I'm doing and issues I've encountered, solved so far.
- run
docker-compose up -d mysql key-submission key-retrieval - created custom
credentials.yml.encfile by runningEDITOR=vim rails credentials:editinsideportalcontainer first with default content, nothing added. Saved this file. - run
docker-compose run portal bundle exec rake portal:bootstrap
Here is my first issue. I don't exactly know what is portal:bootstrap doing, but it's giving error on
User Exists? (0.8ms) SELECT 1 AS one FROM `users` WHERE `users`.`username` = BINARY 'admin@covidshield.app' LIMIT 1
part. I've found out bundle exec rake db:seed command is giving the exact same error. (assuming portal:bootstrap calls db:seed under the hood? Because of this error default admin user is not being created.
✗ docker-compose run portal bundle exec rake portal:bootstrap
Creating covid-app_portal_run ... done
D, [2020-11-19T07:51:52.344828 #1] DEBUG -- : (0.4ms) SET NAMES utf8mb4, @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.354371 #1] DEBUG -- : (8.9ms) CREATE DATABASE `portal` DEFAULT CHARACTER SET `utf8mb4`
Created database 'portal'
D, [2020-11-19T07:51:52.356924 #1] DEBUG -- : (0.3ms) SET NAMES utf8mb4, @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.388357 #1] DEBUG -- : (0.5ms) SET NAMES utf8mb4, @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.392390 #1] DEBUG -- : (3.2ms) DROP TABLE IF EXISTS `users` CASCADE
D, [2020-11-19T07:51:52.416082 #1] DEBUG -- : (21.5ms) CREATE TABLE `users` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `username` varchar(255) NOT NULL, `password_digest` varchar(255) NOT NULL, `admin` tinyint(1) DEFAULT FALSE, `locale` varchar(255) DEFAULT 'en', `created_at` datetime(6) NOT NULL, `updated_at` datetime(6) NOT NULL, UNIQUE INDEX `index_users_on_username` (`username`)) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
D, [2020-11-19T07:51:52.434156 #1] DEBUG -- : (16.5ms) CREATE TABLE `schema_migrations` (`version` varchar(255) NOT NULL PRIMARY KEY)
D, [2020-11-19T07:51:52.443309 #1] DEBUG -- : (0.4ms) SELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC
D, [2020-11-19T07:51:52.447647 #1] DEBUG -- : (2.7ms) INSERT INTO `schema_migrations` (version) VALUES (20200516213328)
D, [2020-11-19T07:51:52.466023 #1] DEBUG -- : (15.8ms) CREATE TABLE `ar_internal_metadata` (`key` varchar(255) NOT NULL PRIMARY KEY, `value` varchar(255), `created_at` datetime(6) NOT NULL, `updated_at` datetime(6) NOT NULL)
D, [2020-11-19T07:51:52.469928 #1] DEBUG -- : ActiveRecord::InternalMetadata Load (0.5ms) SELECT `ar_internal_metadata`.* FROM `ar_internal_metadata` WHERE `ar_internal_metadata`.`key` = 'environment' LIMIT 1
D, [2020-11-19T07:51:52.474982 #1] DEBUG -- : (0.2ms) BEGIN
D, [2020-11-19T07:51:52.475372 #1] DEBUG -- : ActiveRecord::InternalMetadata Create (0.3ms) INSERT INTO `ar_internal_metadata` (`key`, `value`, `created_at`, `updated_at`) VALUES ('environment', 'production', '2020-11-19 07:51:52.474211', '2020-11-19 07:51:52.474211')
D, [2020-11-19T07:51:52.478670 #1] DEBUG -- : (3.1ms) COMMIT
D, [2020-11-19T07:51:52.480607 #1] DEBUG -- : ActiveRecord::InternalMetadata Load (0.4ms) SELECT `ar_internal_metadata`.* FROM `ar_internal_metadata` WHERE `ar_internal_metadata`.`key` = 'environment' LIMIT 1
D, [2020-11-19T07:51:52.482804 #1] DEBUG -- : ActiveRecord::InternalMetadata Load (0.4ms) SELECT `ar_internal_metadata`.* FROM `ar_internal_metadata` WHERE `ar_internal_metadata`.`key` = 'schema_sha1' LIMIT 1
D, [2020-11-19T07:51:52.483940 #1] DEBUG -- : (0.2ms) BEGIN
D, [2020-11-19T07:51:52.484474 #1] DEBUG -- : ActiveRecord::InternalMetadata Create (0.4ms) INSERT INTO `ar_internal_metadata` (`key`, `value`, `created_at`, `updated_at`) VALUES ('schema_sha1', '4a4e9a9ca15bfa95f16835c60127dfabe08cfa8d', '2020-11-19 07:51:52.483236', '2020-11-19 07:51:52.483236')
D, [2020-11-19T07:51:52.487360 #1] DEBUG -- : (2.6ms) COMMIT
D, [2020-11-19T07:51:52.489566 #1] DEBUG -- : (0.4ms) SET NAMES utf8mb4, @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.494701 #1] DEBUG -- : (0.2ms) SELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC
D, [2020-11-19T07:51:52.498767 #1] DEBUG -- : (0.2ms) SET NAMES utf8mb4, @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.515822 #1] DEBUG -- : (0.3ms) BEGIN
D, [2020-11-19T07:51:52.516749 #1] DEBUG -- : User Exists? (0.8ms) SELECT 1 AS one FROM `users` WHERE `users`.`username` = BINARY 'admin@covidshield.app' LIMIT 1
D, [2020-11-19T07:51:52.517160 #1] DEBUG -- : (0.2ms) ROLLBACK
D, [2020-11-19T07:51:52.518965 #1] DEBUG -- : (0.2ms) SET NAMES utf8mb4, @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.524151 #1] DEBUG -- : (0.3ms) SET NAMES utf8mb4, @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.524890 #1] DEBUG -- : (0.3ms) SELECT GET_LOCK('402459234364526640', 0)
D, [2020-11-19T07:51:52.526873 #1] DEBUG -- : (0.2ms) SELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC
D, [2020-11-19T07:51:52.527843 #1] DEBUG -- : ActiveRecord::InternalMetadata Load (0.5ms) SELECT `ar_internal_metadata`.* FROM `ar_internal_metadata` WHERE `ar_internal_metadata`.`key` = 'environment' LIMIT 1
D, [2020-11-19T07:51:52.528991 #1] DEBUG -- : (0.3ms) SELECT RELEASE_LOCK('402459234364526640')
D, [2020-11-19T07:51:52.530927 #1] DEBUG -- : (0.3ms) SET NAMES utf8mb4, @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
D, [2020-11-19T07:51:52.532482 #1] DEBUG -- : User Exists? (0.8ms) SELECT 1 AS one FROM `users` WHERE `users`.`username` = 'admin@covidshield.app' LIMIT 1
I've been wandering around code and found out that if I use ENV RAILS_ENV=test I could actually run db:seed without error and actual admin user is being created! So following command is being used for now.
docker-compose run -e RAILS_ENV=test portal bundle exec rake db:seed
-
Time to bring up portal service finally.
docker-compose up -d portal
docker-compose up -d nginx<- has to start nginx after everything setup. Because of nginx config upstream failure errors. -
Right now I'm logged into portal app as admin user. But I cannot generate code, whenever I click Generate Code button it says
There was an error generating a code. Please try again.and printing following error on portal server console.
I, [2020-11-19T08:09:22.877998 #101] INFO -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] Started POST "/keys/generate" for 172.27.0.7 at 2020-11-19 08:09:22 +0000
I, [2020-11-19T08:09:22.880846 #101] INFO -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] Processing by KeysController#generate as */*
I, [2020-11-19T08:09:22.880997 #101] INFO -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] Parameters: {"key"=>{}}
D, [2020-11-19T08:09:22.883929 #101] DEBUG -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 LIMIT 1
I, [2020-11-19T08:09:22.891469 #101] INFO -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] Completed 500 Internal Server Error in 10ms (ActiveRecord: 0.3ms | Allocations: 644)
F, [2020-11-19T08:09:22.891830 #101] FATAL -- : [2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517]
[2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: wrong version number):
[2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517]
[2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] app/controllers/keys_controller.rb:17:in `generate'
[2531ec5e-73b9-4d4e-9a6b-ce3dd20cc517] app/controllers/application_controller.rb:32:in `switch_locale'
Please help us successfully deploy the application. We might be able to save people lives by using this wonderful open source application. Any pointers would be appreciated. Thank you.
Our setup:
version: "2.1"
services:
nginx:
image: nginx:1.18-alpine
container_name: nginx
restart: unless-stopped
ports:
- "127.0.0.1:443:443"
networks:
- covidApp
volumes:
- ./nginx/docker.nginx.conf:/etc/nginx/nginx.conf
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./nginx/dhparam.pem:/etc/nginx/dhparam.pem
- ./nginx/priv.key:/etc/nginx/priv.key
- ./nginx/pub.crt:/etc/nginx/pub.crt
depends_on:
key-submission:
condition: service_started
key-retrieval:
condition: service_started
portal:
condition: service_started
mysql:
image: mysql:8.0 # Using mysql 8.0 , mysql 5.7 was giving error: MySQL import error Unknown collation: 'utf8mb4_0900_ai_ci' when running rake portal:bootstrap
container_name: mysql
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: 8rCQGDRcKQvqHunkgcdPhu7Z7ywfa7qj
MYSQL_DATABASE: covidshield
MYSQL_USER: covidshield
MYSQL_PASSWORD: covidshield
networks:
- covidApp
volumes:
- mysql-data:/var/lib/mysql
healthcheck:
test: ["CMD", "sh", "-c", "mysqladmin ping -u $$MYSQL_USER --password=$$MYSQL_PASSWORD"]
timeout: 20s
retries: 10
key-submission:
image: covidshield/key-submission:latest
container_name: key-submission
restart: unless-stopped
environment:
DATABASE_URL: covidshield:covidshield@tcp(mysql:3306)/covidshield
KEY_CLAIM_TOKEN: "Lt6Ln7mVBLJRcvaY=428" # Lt6Ln7mVBLJRcvaY is random generated? =428 coming from https://github.com/CovidShield/server/issues/58#issuecomment-638252028 this explanation
networks:
- covidApp
ulimits:
nofile:
soft: 100000
hard: 100000
depends_on:
mysql:
condition: service_healthy
key-retrieval:
image: covidshield/key-retrieval:latest
container_name: key-retrieval
restart: unless-stopped
environment:
DATABASE_URL: covidshield:covidshield@tcp(mysql:3306)/covidshield
ECDSA_KEY: 30770201010420b3f18a01b2851013192785b0cde257c196ae85a7bf4b6b06f3e843cb43297b3ba00a06082a8648ce3d030107a144034200048660f9877e486f8e84b192ca868576408c181763e7c7dc4f9925972a78fe191287147dd6af731d85ddb111326a9583ee7b2abb8aad6d6782edb6233e762e804b
RETRIEVE_HMAC_KEY: ad6f9fe54afc3aff7aa160b8b1124638ab166278959b69a2c6ae0d4c6e6d655b # Another random 64 characters?
networks:
- covidApp
depends_on:
mysql:
condition: service_healthy
portal:
image: covidshield/portal:latest
container_name: portal
restart: unless-stopped
environment:
RAILS_MASTER_KEY: WanVQrPa9Nb7Bwr4K9yhmc7yvtUfKCh7
RAILS_ENV: production
RAILS_CREDENTIALS_PATH: /app/config/credentials.yml.enc
DATABASE_URL: "mysql2://root:8rCQGDRcKQvqHunkgcdPhu7Z7ywfa7qj@mysql:3306/portal"
KEY_CLAIM_HOST: "key-submission:8000"
KEY_CLAIM_TOKEN: "Lt6Ln7mVBLJRcvaY=428"
RAILS_SERVE_STATIC_FILES: 1
RAILS_LOG_TO_STDOUT: 1
volumes:
- ./credentials.yml.enc:/app/config/credentials.yml.enc
networks:
- covidApp
depends_on:
mysql:
condition: service_healthy
key-retrieval:
condition: service_started
key-submission:
condition: service_started
volumes:
mysql-data:
networks:
covidApp:
driver: bridge
Nginx config:
upstream portal {
server portal:3000;
}
upstream key-submission {
server key-submission:8000;
}
upstream key-retrieval {
server key-retrieval:8001;
}
server {
listen 443 ssl http2;
server_name covid-app.test;
access_log /var/log/nginx/covid-app.test.acces.log;
error_log /var/log/nginx/covid-app.test.error.log;
ssl_certificate /etc/nginx/pub.crt;
ssl_certificate_key /etc/nginx/priv.key;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
# ssl_stapling on; # Requires nginx >= 1.3.7
# ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://portal;
}
location /claim-key {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://key-submission;
}
location /new-key-claim {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://key-submission;
}
location /upload {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://key-submission;
}
location /retrieve/* {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://key-retrieval;
}
}