Page MenuHomePhabricator
Files F2754863

D12708.id42188.diff
No OneTemporary
Actions

D12708.id42188.diff
View Options

diff --git a/docs/nix_keyserver_deployment.md b/docs/nix_keyserver_deployment.md
--- a/docs/nix_keyserver_deployment.md
+++ b/docs/nix_keyserver_deployment.md
@@ -37,6 +37,10 @@
- `COMM_DATABASE_USER`: The username the keyserver uses to connect to MariaDB. Replace `<MariaDB user>` with your desired username.
- `COMM_DATABASE_PASSWORD`: Corresponding password for the above user. Replace `<MariaDB password>` with your desired password.
+### Primary Secondary configuration
+
+- `COMM_NODE_ROLE`: Specifies whether a node is primary or secondary. Currently only used for AWS-hosted keyservers
+
### Identity service configuration
- `COMM_JSONCONFIG_secrets_user_credentials`: Credentials for authenticating against the Identity service. Replace `<user>` and `<password>` with any values. In the future, they will need to be actual credentials registered with the Identity service.
diff --git a/keyserver/src/keyserver.js b/keyserver/src/keyserver.js
--- a/keyserver/src/keyserver.js
+++ b/keyserver/src/keyserver.js
@@ -90,17 +90,26 @@
const isCPUProfilingEnabled = process.env.KEYSERVER_CPU_PROFILING_ENABLED;
const areEndpointMetricsEnabled =
process.env.KEYSERVER_ENDPOINT_METRICS_ENABLED;
+ const isPrimaryNode = (() => {
+ if (process.env.COMM_NODE_ROLE) {
+ return process.env.COMM_NODE_ROLE === 'primary';
+ } else {
+ return true;
+ }
+ })();
if (cluster.isMaster) {
- const didMigrationsSucceed: boolean = await migrate();
- if (!didMigrationsSucceed) {
- // The following line uses exit code 2 to ensure nodemon exits
- // in a dev environment, instead of restarting. Context provided
- // in https://github.com/remy/nodemon/issues/751
- process.exit(2);
+ if (isPrimaryNode) {
+ const didMigrationsSucceed: boolean = await migrate();
+ if (!didMigrationsSucceed) {
+ // The following line uses exit code 2 to ensure nodemon exits
+ // in a dev environment, instead of restarting. Context provided
+ // in https://github.com/remy/nodemon/issues/751
+ process.exit(2);
+ }
}
- if (shouldDisplayQRCodeInTerminal) {
+ if (shouldDisplayQRCodeInTerminal && isPrimaryNode) {
try {
const aes256Key = crypto.randomBytes(32).toString('hex');
const ed25519Key = await getContentSigningKey();
@@ -127,14 +136,18 @@
// commServicesAccessToken. In the future, this will be necessary for
// many keyserver operations.
const identityInfo = await verifyUserLoggedIn();
- // We don't await here, as Tunnelbroker communication is not needed for
- // normal keyserver behavior yet. In addition, this doesn't return
- // information useful for other keyserver functions.
- ignorePromiseRejections(
- createAndMaintainTunnelbrokerWebsocket(identityInfo),
- );
- if (process.env.NODE_ENV === 'development') {
- await createAuthoritativeKeyserverConfigFiles(identityInfo.userId);
+
+ if (isPrimaryNode) {
+ // We don't await here, as Tunnelbroker communication is not needed
+ // for normal keyserver behavior yet. In addition, this doesn't
+ // return information useful for other keyserver functions.
+ ignorePromiseRejections(
+ createAndMaintainTunnelbrokerWebsocket(identityInfo),
+ );
+
+ if (process.env.NODE_ENV === 'development') {
+ await createAuthoritativeKeyserverConfigFiles(identityInfo.userId);
+ }
}
} catch (e) {
console.warn(

File Metadata

Mime Type
text/plain
Expires
Thu, Sep 19, 8:16 PM (9 h, 42 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2142302
Default Alt Text
D12708.id42188.diff (3 KB)

Event Timeline