Page MenuHomePhabricator
Files F3347262

D12708.id42359.diff
No OneTemporary
Actions

D12708.id42359.diff
View Options

diff --git a/docs/nix_keyserver_deployment.md b/docs/nix_keyserver_deployment.md
--- a/docs/nix_keyserver_deployment.md
+++ b/docs/nix_keyserver_deployment.md
@@ -37,6 +37,10 @@
- `COMM_DATABASE_USER`: The username the keyserver uses to connect to MariaDB. Replace `<MariaDB user>` with your desired username.
- `COMM_DATABASE_PASSWORD`: Corresponding password for the above user. Replace `<MariaDB password>` with your desired password.
+### Primary Secondary configuration
+
+- `COMM_NODE_ROLE`: Specifies whether a node is primary or secondary. Currently only used for AWS-hosted keyservers
+
### Identity service configuration
- `COMM_JSONCONFIG_secrets_user_credentials`: Credentials for authenticating against the Identity service. Replace `<user>` and `<password>` with any values. In the future, they will need to be actual credentials registered with the Identity service.
diff --git a/keyserver/src/keyserver.js b/keyserver/src/keyserver.js
--- a/keyserver/src/keyserver.js
+++ b/keyserver/src/keyserver.js
@@ -88,17 +88,26 @@
const isCPUProfilingEnabled = process.env.KEYSERVER_CPU_PROFILING_ENABLED;
const areEndpointMetricsEnabled =
process.env.KEYSERVER_ENDPOINT_METRICS_ENABLED;
+ const isPrimaryNode = (() => {
+ if (process.env.COMM_NODE_ROLE) {
+ return process.env.COMM_NODE_ROLE === 'primary';
+ } else {
+ return true;
+ }
+ })();
if (cluster.isMaster) {
- const didMigrationsSucceed: boolean = await migrate();
- if (!didMigrationsSucceed) {
- // The following line uses exit code 2 to ensure nodemon exits
- // in a dev environment, instead of restarting. Context provided
- // in https://github.com/remy/nodemon/issues/751
- process.exit(2);
+ if (isPrimaryNode) {
+ const didMigrationsSucceed: boolean = await migrate();
+ if (!didMigrationsSucceed) {
+ // The following line uses exit code 2 to ensure nodemon exits
+ // in a dev environment, instead of restarting. Context provided
+ // in https://github.com/remy/nodemon/issues/751
+ process.exit(2);
+ }
}
- if (shouldDisplayQRCodeInTerminal) {
+ if (shouldDisplayQRCodeInTerminal && isPrimaryNode) {
try {
const aes256Key = crypto.randomBytes(32).toString('hex');
const ed25519Key = await getContentSigningKey();
@@ -131,12 +140,15 @@
// commServicesAccessToken. In the future, this will be necessary for
// many keyserver operations.
const identityInfo = await verifyUserLoggedIn();
- // We don't await here, as Tunnelbroker communication is not needed for
- // normal keyserver behavior yet. In addition, this doesn't return
- // information useful for other keyserver functions.
- ignorePromiseRejections(createAndMaintainTunnelbrokerWebsocket(null));
- if (process.env.NODE_ENV === 'development') {
- await createAuthoritativeKeyserverConfigFiles(identityInfo.userId);
+
+ if (isPrimaryNode) {
+ // We don't await here, as Tunnelbroker communication is not needed
+ // for normal keyserver behavior yet. In addition, this doesn't
+ // return information useful for other keyserver functions.
+ ignorePromiseRejections(createAndMaintainTunnelbrokerWebsocket(null));
+ if (process.env.NODE_ENV === 'development') {
+ await createAuthoritativeKeyserverConfigFiles(identityInfo.userId);
+ }
}
} catch (e) {
console.warn(

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 23, 11:33 AM (15 h, 32 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2570438
Default Alt Text
D12708.id42359.diff (3 KB)

Event Timeline