Page MenuHomePhabricator

D12708.id42360.diff
No OneTemporary

D12708.id42360.diff

diff --git a/docs/nix_keyserver_deployment.md b/docs/nix_keyserver_deployment.md
--- a/docs/nix_keyserver_deployment.md
+++ b/docs/nix_keyserver_deployment.md
@@ -37,6 +37,10 @@
- `COMM_DATABASE_USER`: The username the keyserver uses to connect to MariaDB. Replace `<MariaDB user>` with your desired username.
- `COMM_DATABASE_PASSWORD`: Corresponding password for the above user. Replace `<MariaDB password>` with your desired password.
+### Primary / secondary configuration
+
+- `COMM_NODE_ROLE`: Specifies whether a node is primary or secondary. Currently only used for multi-node keyservers, and as such is irrelevant to the Docker Compose workflow described here.
+
### Identity service configuration
- `COMM_JSONCONFIG_secrets_user_credentials`: Credentials for authenticating against the Identity service. Replace `<user>` and `<password>` with any values. In the future, they will need to be actual credentials registered with the Identity service.
diff --git a/keyserver/src/keyserver.js b/keyserver/src/keyserver.js
--- a/keyserver/src/keyserver.js
+++ b/keyserver/src/keyserver.js
@@ -88,17 +88,22 @@
const isCPUProfilingEnabled = process.env.KEYSERVER_CPU_PROFILING_ENABLED;
const areEndpointMetricsEnabled =
process.env.KEYSERVER_ENDPOINT_METRICS_ENABLED;
+ const isPrimaryNode = process.env.COMM_NODE_ROLE
+ ? process.env.COMM_NODE_ROLE === 'primary'
+ : true;
if (cluster.isMaster) {
- const didMigrationsSucceed: boolean = await migrate();
- if (!didMigrationsSucceed) {
- // The following line uses exit code 2 to ensure nodemon exits
- // in a dev environment, instead of restarting. Context provided
- // in https://github.com/remy/nodemon/issues/751
- process.exit(2);
+ if (isPrimaryNode) {
+ const didMigrationsSucceed: boolean = await migrate();
+ if (!didMigrationsSucceed) {
+ // The following line uses exit code 2 to ensure nodemon exits
+ // in a dev environment, instead of restarting. Context provided
+ // in https://github.com/remy/nodemon/issues/751
+ process.exit(2);
+ }
}
- if (shouldDisplayQRCodeInTerminal) {
+ if (shouldDisplayQRCodeInTerminal && isPrimaryNode) {
try {
const aes256Key = crypto.randomBytes(32).toString('hex');
const ed25519Key = await getContentSigningKey();
@@ -131,12 +136,15 @@
// commServicesAccessToken. In the future, this will be necessary for
// many keyserver operations.
const identityInfo = await verifyUserLoggedIn();
- // We don't await here, as Tunnelbroker communication is not needed for
- // normal keyserver behavior yet. In addition, this doesn't return
- // information useful for other keyserver functions.
- ignorePromiseRejections(createAndMaintainTunnelbrokerWebsocket(null));
- if (process.env.NODE_ENV === 'development') {
- await createAuthoritativeKeyserverConfigFiles(identityInfo.userId);
+
+ if (isPrimaryNode) {
+ // We don't await here, as Tunnelbroker communication is not needed
+ // for normal keyserver behavior yet. In addition, this doesn't
+ // return information useful for other keyserver functions.
+ ignorePromiseRejections(createAndMaintainTunnelbrokerWebsocket(null));
+ if (process.env.NODE_ENV === 'development') {
+ await createAuthoritativeKeyserverConfigFiles(identityInfo.userId);
+ }
}
} catch (e) {
console.warn(

File Metadata

Mime Type
text/plain
Expires
Wed, Dec 25, 3:46 AM (5 h, 15 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2701452
Default Alt Text
D12708.id42360.diff (3 KB)

Event Timeline