search

Sage-Bionetworks / sagebio-collaboration-portal

Collaboration Portal developed by Sage Bionetworks
1 stars 0 forks source link

Fix docker/CodeDeploy deployment #591

Closed tschaffter closed 4 years ago

tschaffter commented 4 years ago

The CodeDeploy instance is currently down with a 502 error. Several docker image dependencies have been updated recently. One error observed is the portal being unable to create a connection with mongoDB through SSL.

tschaffter commented 4 years ago 
Thomass-MacBook-Pro:PHCCollaborationPortal tschaffter$ source envvars-prod && docker-compose -f docker-compose.yml up
Creating phccp-neo4j ... done
Creating phccp-mongo ... done
Creating phccp-prov  ... done
Creating phccp       ... done
Attaching to phccp-mongo, phccp-neo4j, phccp-prov, phccp
phccp-mongo    | 2019-10-18T18:25:46.322+0000 W  CONTROL  [main] Option: sslMode is deprecated. Please use tlsMode instead.
phccp-mongo    | 2019-10-18T18:25:46.323+0000 W  CONTROL  [main] Option: sslPEMKeyFile is deprecated. Please use tlsCertificateKeyFile instead.
phccp-neo4j    | Active database: graph.db
phccp-mongo    | 2019-10-18T18:25:46.323+0000 F  CONTROL  [main] Failed global initialization: BadValue: net.ssl.mode is not allowed when net.tls.mode is specified
phccp-neo4j    | Directories in use:
phccp-neo4j    |   home:         /var/lib/neo4j
phccp-neo4j    |   config:       /var/lib/neo4j/conf
phccp-neo4j    |   logs:         /logs
phccp-neo4j    |   plugins:      /var/lib/neo4j/plugins
phccp-neo4j    |   import:       /var/lib/neo4j/import
phccp-neo4j    |   data:         /var/lib/neo4j/data
phccp-neo4j    |   certificates: /var/lib/neo4j/certificates
phccp-neo4j    |   run:          /var/lib/neo4j/run
phccp-neo4j    | Starting Neo4j.
phccp-mongo exited with code 1
phccp          | 
phccp          | > phccp@1.0.0-alpha.12 start /usr/src/app
phccp          | > node server
phccp          | 
phccp-neo4j    | 2019-10-18 18:25:50.854+0000 INFO  ======== Neo4j 3.5.11 ========
phccp-neo4j    | 2019-10-18 18:25:50.872+0000 INFO  Starting...
phccp          | Using Primus App plugin
phccp          | domain https://localhost
phccp-neo4j    | 2019-10-18 18:25:52.945+0000 INFO  Initiating metrics...
phccp-neo4j    | 2019-10-18 18:25:56.004+0000 INFO  Sending metrics to CSV file at /var/lib/neo4j/metrics
phccp-neo4j    | 2019-10-18 18:25:57.315+0000 INFO  Bolt enabled on 0.0.0.0:7687.
phccp-prov     |  * Serving Flask app "synprov.config" (lazy loading)
phccp-prov     |  * Environment: production
phccp-prov     |    WARNING: This is a development server. Do not use it in a production deployment.
phccp-prov     |    Use a production WSGI server instead.
phccp-prov     |  * Debug mode: off
phccp-prov     | INFO:werkzeug: * Running on http://0.0.0.0:8080/ (Press CTRL+C to quit)
phccp-neo4j    | 2019-10-18 18:25:59.048+0000 WARN  Server thread metrics not available (missing neo4j.server.threads.jetty.all)
phccp-neo4j    | 2019-10-18 18:25:59.052+0000 WARN  Server thread metrics not available (missing neo4j.server.threads.jetty.idle)
phccp-neo4j    | 2019-10-18 18:26:01.153+0000 INFO  Started.
phccp-neo4j    | 2019-10-18 18:26:01.561+0000 INFO  Mounted REST API at: /db/manage
phccp-neo4j    | 2019-10-18 18:26:01.929+0000 INFO  Server thread metrics have been registered successfully
phccp-neo4j    | 2019-10-18 18:26:03.263+0000 INFO  Remote interface available at http://localhost:7474/
phccp          | (node:18) DeprecationWarning: current Server Discovery and Monitoring engine is deprecated, and will be removed in a future version. To use the new Server Discover and Monitoring engine, pass option { useUnifiedTopology: true } to the MongoClient constructor.
phccp          | MongoDB connection error: MongoNetworkError: failed to connect to server [phccp-mongo:27017] on first connect [MongoNetworkError: getaddrinfo ENOTFOUND phccp-mongo phccp-mongo:27017]
phccp          | npm ERR! code ELIFECYCLE
phccp          | npm ERR! errno 255
phccp          | npm ERR! phccp@1.0.0-alpha.12 start: `node server`
phccp          | npm ERR! Exit status 255
phccp          | npm ERR! 
phccp          | npm ERR! Failed at the phccp@1.0.0-alpha.12 start script.
phccp          | npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
phccp          | 
phccp          | npm ERR! A complete log of this run can be found in:
phccp          | npm ERR!     /root/.npm/_logs/2019-10-18T18_26_05_334Z-debug.log
phccp exited with code 255
tschaffter commented 4 years ago 
2019-10-18T18:25:46.323+0000 F  CONTROL  [main] Failed global initialization: BadValue: net.ssl.mode is not allowed when net.tls.mode is specified
tschaffter commented 4 years ago

In docker-compose.yml, the following replacement allows the portal to start.

command: mongod --port ${MONGODB_PORT} --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem

by 

command: mongod --port ${MONGODB_PORT} --tlsMode requireTLS --tlsCertificateKeyFile /etc/ssl/mongodb.pem
tschaffter commented 4 years ago

The portal is now working with the following configuration (see commit ).

# MONGODB
export MONGO_PORT=27017
export MONGO_INITDB_ROOT_USERNAME=admin
export MONGO_INITDB_ROOT_PASSWORD=password
## Configuring for the portal
export MONGO_INITDB_DATABASE=phccp
export MONGO_USERNAME=app
export MONGO_PASSWORD=app123

# PORTAL
export NODE_ENV=production
export CLIENT_PORT=
export PORT=443
export DOMAIN=https://localhost

## Session secret
export SESSION_SECRET=phccp-secret

## Configuring SSL
export SSL_KEY=`cat ./certs/server.key`
export SSL_CERT=`cat ./certs/server.cert`

## Configuring connection with MongoDB
export MONGODB_PROTOCOL=mongodb
export MONGODB_IP=localhost
export MONGODB_PORT=${MONGO_PORT}
export MONGODB_PATH=/${MONGO_INITDB_DATABASE}
export MONGODB_USER=${MONGO_USERNAME}
export MONGODB_PASSWORD=${MONGO_PASSWORD}
export MONGODB_SSL=true
export MONGODB_SSL_VALIDATE=false  # Set to false when using self-signed certificate
export MONGODB_SSL_CA=  # Content of CA's certificate
export MONGODB_SSL_KEY=`cat ./certs/server.key`  # Content of the key (default: read ./certs/server.key)
export MONGODB_SSL_CERT=`cat ./certs/server.cert`  # Content of the certificate (default: read ./certs/server.cert)

## Initialization (credentials works with local and SSO auth strategies)
export APP_INIT_ADMIN_EMAIL=thomas.schaffter@sagebase.org
export APP_INIT_ADMIN_PASSWORD=admin
export APP_INIT_DB_SEED_NAME=default

## Enabling local authentication
export AUTH_LOCAL=true

## Enabling Google OAuth 2.0
export OAUTH_GOOGLE_ID=
export OAUTH_GOOGLE_SECRET=

## Enabling Google SAML
export SAML_GOOGLE_ENTRY_POINT=
export SAML_GOOGLE_ISSUER=

## Enabling Microsoft Azure AD OpenID Connect (demo)
export AZUREAD_OPENIDCONNECT_IDENTITY_METADATA=
export AZUREAD_OPENIDCONNECT_CLIENT_ID=
export AZUREAD_OPENIDCONNECT_CLIENT_SECRET=

## Enabling Roche Azure AD
export ROCHE_AZURE_AD_IDENTITY_METADATA=
export ROCHE_AZURE_AD_CLIENT_ID=
export ROCHE_AZURE_AD_CLIENT_SECRET=

# NEO4J
export NEO4J_USERNAME=neo4j
export NEO4J_PASSWORD=neo4jpassword

# PROVENANCE
export PROVENANCE_API_SERVER_PROTOCOL=http
export PROVENANCE_API_SERVER_IP=localhost
export PROVENANCE_API_SERVER_PORT=8080
export PROVENANCE_API_SERVER_PATH=/rest/v1
tschaffter commented 4 years ago

CodeDeploy works fine again after implementing https://github.com/Sage-Bionetworks/PHCCollaborationPortal/issues/591#issuecomment-543878268.

https://github.com/Sage-Bionetworks/phccp-aws-infra/pull/10