Page MenuHomePhabricator

[keyserver] configure separation of primary secondary logic
ClosedPublic

Authored by will on Jul 9 2024, 7:21 PM.
Tags
None
Referenced Files
F3527123: D12708.id42446.diff
Tue, Dec 24, 3:46 AM
F3527122: D12708.id42359.diff
Tue, Dec 24, 3:46 AM
F3527121: D12708.id42360.diff
Tue, Dec 24, 3:46 AM
F3527120: D12708.id42188.diff
Tue, Dec 24, 3:46 AM
F3527103: D12708.id.diff
Tue, Dec 24, 3:46 AM
F3527090: D12708.diff
Tue, Dec 24, 3:46 AM
Unknown Object (File)
Tue, Dec 3, 9:32 AM
Unknown Object (File)
Tue, Nov 26, 3:57 PM
Subscribers

Details

Summary

This introduces COMM_NODE_ROLE which specifies whether a node is a primary or secondary node.

Certain logic in keyserver/src/keyserver.js should only be performed by a primary node. This includes:

  • run the migration
  • establish tunnelbroker connection
  • print the QR Code
  • create authoritative keyserver config files

Both secondary and primary nodes should still perform:

  • have the master process create fork processes
  • route express traffic
  • verify the user is logged in

Depends on D12691

Test Plan

Confirmed through logs that secondary nodes didn't establish tunnelbroker connection.
Will test further if migration is primary only later in stack with migration script

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

will requested review of this revision.Jul 9 2024, 7:39 PM
ashoat added inline comments.
docs/nix_keyserver_deployment.md
40–42 ↗(On Diff #42188)

Wouldn't have thought to update this doc given it's focused on the Docker Compose workflow. But I guess it doesn't hurt

Let's make these edits though

keyserver/src/keyserver.js
93–99 ↗(On Diff #42188)

I think a ternary expression would be both more readable and more concise here:

const isPrimaryNode = process.env.COMM_NODE_ROLE
  ? process.env.COMM_NODE_ROLE === 'primary'
  : true;
112 ↗(On Diff #42188)

We'll probably end up reworking this logic at a later point...

I think we should probably start with verifyUserLoggedIn, and only if it fails should we consider displaying the QR code in the terminal

But shouldDisplayQRCodeInTerminal is hardcoded to false right now so it doesn't really matter

We can probably rethink this once we update shouldDisplayQRCodeInTerminal. cc @varun

This revision is now accepted and ready to land.Jul 10 2024, 10:23 AM
keyserver/src/keyserver.js
112 ↗(On Diff #42188)

@varun just landed D12618, which touches this logic. You'll want to rebase