Closed MikeTheCanuck closed 4 years ago
@DingoEatingFuzz suggests the following medium-term fix:
aws ssm get-parameters --names /production/2018/API/transportation-systems/PROJECT_NAME | jq -r ".Parameters[0].Value"
And
an even better fix (subjectively speaking) is to move this out of bash and into python where we can do better scripting on the output from the ssm commands (including fetching multiple keys at once rather than multiple round trips)
However, we discovered that jq
doesn't ship with this AMI - CloudWatch logs reported:
/code/bin/get-ssm-parameters.sh: line 18: jq: command not found
So @nam20485 will try installing that in the DOCKERFILE.api.production
(for use only in the AWS ECS environment, since that's the only place we're importing Parameter Store values).
We could consider factoring this code snippet into our solution as well from #217.
@MikeTheCanuck @nam20485 Is jq
a widely-known utility? I haven't heard of it till this bug showed up!
By definition the API container has Python; wouldn't we be safer using Python?
well enough known now, and if it gets us past this deploy blocker I'm happy enough
Though #217 might be the right immediate next step once we unblock deploys.
I can't let this go without making an awk
-ward pun though. ;-)
You sed it!
Looks like the fix worked for the disaster-resilience-backend project.
Thus we just need to get the fix replicated to the rest of our 2018 APIs:
fix deployed to transportation systems api is backup: http://service.civicpdx.org/transportation-systems/
fix deployed to:
https://github.com/hackoregon/elections-2018-backend/commit/3825b9885e29fad97dd9770a7a299dd803af8164 attempts to address this for the 2018 Local Elections API.
When running this command in our
get-ssm-parameters.sh
script, it used to obtain exactly the data we're after:POSTGRES_HOST='aws ssm get-parameters --names "$NAMESPACE"/"$PROJECT_CANONICAL_NAME"/POSTGRES_HOST --no-with-decryption --region $EC2_REGION --output text | awk '{print $4}''
Now it returns a response like:
String 54.202.102.48 1
This broke our
awk
parsing (brittle asawk
logic can be), where in CloudWatch logs we'd see this during initialization of the WSGI app:ModuleNotFoundError: No module named '/production/2018/API/transportation-systems/PROJECT_NAME'