Fix bootstrap script #623
Fix bootstrap script #623
Conversation
|
@Resonious please review this |
There was a problem hiding this comment.
@davidsiaw Change makes sense but I think there's a small error. Let me know if I'm just seeing things wrong 😆
| {key: "SECRET_KEY_BASE", value: SecureRandom.hex(64), secret: true}, | ||
| {key: "SECRET_KEY_BASE", value: secret_key_base, secret: true}, |
There was a problem hiding this comment.
I may be crazy, but it looks to me like this secret_key_base local variable is defined in the task bcn:bootstrap, and right here it is being used by the task bcn:bootstrap:remote. Those are different Ruby scopes so I suspect this line here will error out.
We can probably just keep the inline call to SecureRandom.hex(64) here, right?
There was a problem hiding this comment.
Oh yeah. That is odd. I wonder why this worked... It may have been because the variable was re-evaluated. You're right. It can just be the same key base here too.
A small change to Rails 5.2 meant that running rake tasks now checks for the presence of
SECRET_KEY_BASEall the time. This probably wasn't the case when the script was first written.This PR fixes the bootstrap script so it runs properly. Before, the script just dies with a cryptic message
Further investigation (reading the logs sent to cloudwatch logs) revealed it was lacking the secret key base. (Also pretty cryptic)
The way our bootstrap script works may be obsolete. In the future we will need to generate the
credentials.yml.encfile and store it on S3 to be downloaded by containers before running rails and set theRAILS_MASTER_KEYenv var on all instances.