fix #2812 - removed setting EXTRACTION_PATH as /root/node_modules/

on web_server start check if JWT_SECRET and MONGO_SSL_USER are missing from .env and present in process.env. if so then rewrite it to .env fix #2812 - regenerate missing JWT_SECRET and MONGO_SSL_USER added logs in upgrade_wrapper extract JWT_SECRET from old environment variabes look for JWT_SECRET in upgrade.sh vars fixed comment add logs add logs fix print to .env fix .env in web server instead of upgrade.sh removed log message moved set_process_name
noobaa · Mar 27, 2017 · 34cb335 · 34cb335
1 parent b2d8e03
commit 34cb335
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 10 deletions.
diff --git a/src/deploy/NVA_build/fix_mongo_ssl.sh b/src/deploy/NVA_build/fix_mongo_ssl.sh
@@ -4,9 +4,14 @@ if [ ! -d /etc/mongo_ssl/ ]; then
   mkdir /etc/mongo_ssl/
   . ${CORE_DIR}/src/deploy/NVA_build/setup_mongo_ssl.sh
   chmod 400 -R /etc/mongo_ssl
-  local client_subject=`openssl x509 -in /etc/mongo_ssl/client.pem -inform PEM -subject -nameopt RFC2253 | grep subject | awk '{sub("subject= ",""); print}'`
-  echo "MONGO_SSL_USER=${client_subject}" >> ${CORE_DIR}/.env
+  client_subject=`openssl x509 -in /etc/mongo_ssl/client.pem -inform PEM -subject -nameopt RFC2253 | grep subject | awk '{sub("subject= ",""); print}'`
   # add bash script to run mongo shell with authentications
   echo "mongo --ssl --sslPEMKeyFile /etc/mongo_ssl/client.pem --sslCAFile /etc/mongo_ssl/root-ca.pem --sslAllowInvalidHostnames -u \"${client_subject}\" --authenticationMechanism MONGODB-X509 --authenticationDatabase \"\\\$external\" \"\$@\"" > /usr/bin/mongors
   chmod +x /usr/bin/mongors
 fi
+
+if grep -q MONGO_SSL_USER /root/node_modules/noobaa-core/.env; then
+  client_subject=`openssl x509 -in /etc/mongo_ssl/client.pem -inform PEM -subject -nameopt RFC2253 | grep subject | awk '{sub("subject= ",""); print}'`
+  echo "MONGO_SSL_USER=${client_subject}" >> /root/node_modules/noobaa-core/.env
+fi
+
diff --git a/src/deploy/NVA_build/upgrade.sh b/src/deploy/NVA_build/upgrade.sh
@@ -3,14 +3,18 @@
 # redirect the output log file to syslog (http://urbanautomaton.com/blog/2014/09/09/redirecting-bash-script-output-to-syslog)
 exec 1> >(logger -t UPGRADE -p local0.warn) 2>&1
 
+EXTRACTION_PATH="/tmp/test/"
+
+#TODO do we want to load base on /tmp/test? maybe load common_funcs differenetly
 if [ -d /tmp/test/ ]; then
-  EXTRACTION_PATH="/tmp/test/"
+  COMMON_FUNCS_PATH="/tmp/test/"
 else
-  EXTRACTION_PATH="/root/node_modules"
+  COMMON_FUNCS_PATH="/root/node_modules"
 fi
 
-. ${EXTRACTION_PATH}/noobaa-core/src/deploy/NVA_build/deploy_base.sh
-. ${EXTRACTION_PATH}noobaa-core/src/deploy/NVA_build/common_funcs.sh
+
+. ${COMMON_FUNCS_PATH}/noobaa-core/src/deploy/NVA_build/deploy_base.sh
+. ${COMMON_FUNCS_PATH}noobaa-core/src/deploy/NVA_build/common_funcs.sh
 
 PACKAGE_FILE_NAME="new_version.tar.gz"
 WRAPPER_FILE_NAME="upgrade_wrapper.sh"
@@ -140,7 +144,6 @@ function check_latest_version {
 }
 
 function extract_package {
-  EXTRACTION_PATH="/root/node_modules"
   #Clean previous extracted package
   rm -rf ${EXTRACTION_PATH}*
   #Create path and extract package
@@ -174,6 +177,7 @@ function extract_package {
   # fi
 }
 
+
 function do_upgrade {
   #Update packages before we stop services, minimize downtime, limit run time for yum update so it won't get stuck
   timeout --signal=SIGINT 360 cat <( packages_upgrade )

diff --git a/src/server/web_server.js b/src/server/web_server.js
@@ -4,7 +4,8 @@
 // load .env file before any other modules so that it will contain
 // all the arguments even when the modules are loading.
 console.log('loading .env file');
-require('../util/dotenv').load();
+const dotenv = require('../util/dotenv');
+dotenv.load();
 
 //If test mode, use Istanbul for coverage
 for (let i = 0; i < process.argv.length; ++i) {
@@ -53,9 +54,39 @@ const rootdir = path.join(__dirname, '..', '..');
 const dev_mode = (process.env.DEV_MODE === 'true');
 const app = express();
 
+dbg.set_process_name('WebServer');
+
+// hacky fix for issue #2812 - check if JWT_SECRET and MONGO_SSL_USER are missing
+// in .env but exists in environment variables. if so write it to .env
+let env_obj = dotenv.parse();
+if (!env_obj.JWT_SECRET) {
+    dbg.warn('JWT_SECRET is missing in .env file.');
+    if (process.env.JWT_SECRET) {
+        dbg.warn('JWT_SECRET found in process.env, writing to .env file. JWT_SECRET =', process.env.JWT_SECRET);
+        dotenv.set({
+            key: 'JWT_SECRET',
+            value: process.env.JWT_SECRET
+        });
+    } else {
+        dbg.error('JWT_SECRET is missing from .env and from process.env - users and agents will not be able to connect!!!!');
+    }
+}
+if (!env_obj.MONGO_SSL_USER) {
+    dbg.warn('MONGO_SSL_USER is missing in .env file.');
+    if (process.env.MONGO_SSL_USER) {
+        dbg.warn('MONGO_SSL_USER found in process.env, writing to .env file. MONGO_SSL_USER =', process.env.MONGO_SSL_USER);
+        dotenv.set({
+            key: 'MONGO_SSL_USER',
+            value: process.env.MONGO_SSL_USER
+        });
+    } else {
+        dbg.error('MONGO_SSL_USER is missing from .env and process.env - server will not be able to join or form a cluster');
+    }
+}
+
+
 system_store.once('load', account_server.ensure_support_account);
 
-dbg.set_process_name('WebServer');
 mongo_client.instance().connect();
 
 //Set KeepAlive to all http/https agents in webserver

diff --git a/src/util/dotenv.js b/src/util/dotenv.js
@@ -82,7 +82,10 @@ module.exports = {
      * @param {String|Buffer} src - source to be parsed
      * @returns {Object}
      */
-    parse: function(src) {
+    parse: function(src_param) {
+        let src = src_param || fs.readFileSync('.env', {
+            encoding: 'utf8'
+        });
         var obj = {};
         var idx = 0;