Set Puma Process Tag #2291
Merged
Set Puma Process Tag #2291
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
micahlee
force-pushed
the
onyx-9564-puma-process-id
branch
from
2888597
to
ed45f02
Compare
8 tasks
![codeclimate[bot]](https://avatars.githubusercontent.com/in/9403?s=60&v=4){kind=small}
| cmd = "ps -ef | grep puma | grep -v grep | grep -v cluster | " \ | ||
| "grep conjur | awk '{print $2}' | tr -d '\n'" | ||
| stdout, _ = @command_runner.capture2(cmd) | ||
| cmd ="ps -ef | " + |
There was a problem hiding this comment.
Prefer string interpolation to string concatenation.
There was a problem hiding this comment.
i think this is ok because it lets us add comments on each line to explain it.
There was a problem hiding this comment.
You may be able to use backslashes at the end of each line to make this go away. I don't think code climate counts this as concatenation.
There was a problem hiding this comment.
@jtuttle, I couldn't figure out how to use \ and have comments in between. Is there a trick to this I couldn't find?
There was a problem hiding this comment.
Ah shoot, no you're right that probably doesn't work. Might just have to approve the CC warning on this one.
orenbm
reviewed
Jun 24, 2021
| "grep puma | " + | ||
| # Filter to only puma process for the Conjur API Server. This tag | ||
| # is defined in the `config/puma.rb`. | ||
| "grep '[Conjur API Server]' | " + |
There was a problem hiding this comment.
this worked for me only like this "grep '\\[Conjur API Server\\]' | ". The current grep will catch any line that has any letter of Conjur API Server as the brackets act as regex square brackets.
There was a problem hiding this comment.
@micahlee i pushed this change so i can build a Conjur on RHEL instance and verified that updating /etc/conjur/config/conjur.yml and adding authenticators works:
➜ dap-package git:(verify-puma-tag) ✗ ssh -i ~/oren-aws.pem ec2-user@ec2-18-206-81-135.compute-1.amazonaws.com
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Thu Jun 24 09:02:40 2021 from 194.90.225.101
[ec2-user@ip-172-31-70-43 ~]$
[ec2-user@ip-172-31-70-43 ~]$
[ec2-user@ip-172-31-70-43 ~]$ sudo su
[root@ip-172-31-70-43 ec2-user]# evoke configuration apply
Conjur server reboot initiated. New configuration will be applied.
[root@ip-172-31-70-43 ec2-user]#
[root@ip-172-31-70-43 ec2-user]#
[root@ip-172-31-70-43 ec2-user]# curl -k https://localhost/info
{
"release": "12.2.0+Conjur.RHEL.CA",
"version": "5.14.1",
"services": {
"possum": {
"name": "conjur-possum",
"version": "1.11.7.32_f060df58",
"arch": "x86_64"
},
"evoke": {
"name": "conjur-evoke",
"version": "5.21.0.0_8546dc3",
# -----------------------------
"arch": "x86_64"
},
"ui": {
"name": "conjur-ui",
"version": "2.13.1.0_204e265c",
"arch": "x86_64"
}
},
"container": "ip-172-31-70-43.ec2.internal",
"role": "master",
"configuration": {
"conjur": {
"role": "master",
"account": "oren",
"hostname": "Oren-oren-1-lb-93042339.us-east-1.elb.amazonaws.com",
"master_altnames": [
"Oren-oren-1-lb-93042339.us-east-1.elb.amazonaws.com",
"ec2-18-206-81-135.compute-1.amazonaws.com",
"ec2-44-192-19-138.compute-1.amazonaws.com",
"ec2-35-175-120-54.compute-1.amazonaws.com"
],
"debug": true,
"cluster_name": "cluster_oren",
"cluster_master": "ec2-18-206-81-135.compute-1.amazonaws.com",
"cluster_members": "ec2-18-206-81-135.compute-1.amazonaws.com=http://ec2-18-206-81-135.compute-1.amazonaws.com:2380,ec2-35-175-120-54.compute-1.amazonaws.com=http://ec2-35-175-120-54.compute-1.amazonaws.com:2380,ec2-44-192-19-138.compute-1.amazonaws.com=http://ec2-44-192-19-138.compute-1.amazonaws.com:2380",
"cluster_machine_name": "ec2-18-206-81-135.compute-1.amazonaws.com",
"cluster_machine_address": "ec2-18-206-81-135.compute-1.amazonaws.com",
"cluster_ttl": 300,
"cluster_interval": 1
}
},
"authenticators": {
"installed": [
"authn",
"authn-azure",
"authn-gcp",
"authn-iam",
"authn-k8s",
"authn-ldap",
"authn-oidc"
],
"configured": [
"authn"
],
"enabled": [
"authn"
]
}
}[root@ip-172-31-70-43 ec2-user]# vi /etc/conjur/config/conjur.yml
[root@ip-172-31-70-43 ec2-user]# evoke configuration apply
Conjur server reboot initiated. New configuration will be applied.
[root@ip-172-31-70-43 ec2-user]# curl -k https://localhost/info
{
"release": "12.2.0+Conjur.RHEL.CA",
"version": "5.14.1",
"services": {
"possum": {
"name": "conjur-possum",
"version": "1.11.7.32_f060df58",
"arch": "x86_64"
},
"evoke": {
"name": "conjur-evoke",
"version": "5.21.0.0_8546dc3",
"arch": "x86_64"
},
"ui": {
"name": "conjur-ui",
"version": "2.13.1.0_204e265c",
"arch": "x86_64"
}
},
"container": "ip-172-31-70-43.ec2.internal",
"role": "master",
"configuration": {
"conjur": {
"role": "master",
"account": "oren",
"hostname": "Oren-oren-1-lb-93042339.us-east-1.elb.amazonaws.com",
"master_altnames": [
"Oren-oren-1-lb-93042339.us-east-1.elb.amazonaws.com",
"ec2-18-206-81-135.compute-1.amazonaws.com",
"ec2-44-192-19-138.compute-1.amazonaws.com",
"ec2-35-175-120-54.compute-1.amazonaws.com"
],
"debug": true,
"cluster_name": "cluster_oren",
"cluster_master": "ec2-18-206-81-135.compute-1.amazonaws.com",
"cluster_members": "ec2-18-206-81-135.compute-1.amazonaws.com=http://ec2-18-206-81-135.compute-1.amazonaws.com:2380,ec2-35-175-120-54.compute-1.amazonaws.com=http://ec2-35-175-120-54.compute-1.amazonaws.com:2380,ec2-44-192-19-138.compute-1.amazonaws.com=http://ec2-44-192-19-138.compute-1.amazonaws.com:2380",
"cluster_machine_name": "ec2-18-206-81-135.compute-1.amazonaws.com",
"cluster_machine_address": "ec2-18-206-81-135.compute-1.amazonaws.com",
"cluster_ttl": 300,
"cluster_interval": 1
}
},
"authenticators": {
"installed": [
"authn",
"authn-azure",
"authn-gcp",
"authn-iam",
"authn-k8s",
"authn-ldap",
"authn-oidc"
],
"configured": [
"authn"
],
"enabled": [
"authn-oidc/oren"
]
}
}
[root@ip-172-31-70-43 ec2-user]# cat /etc/conjur/config/conjur.yml
# -----------------------------
# Conjur configuration file
# -----------------------------
#
# This file configures Conjur settings in YAML format. These settings generally
# consist of lines in the form:
#
# name: value
#
# Comments are introduced with "#" anywhere on a line.
#
# The commented-out settings shown in this file represent the default values.
#
# These configuration values are loaded by the Conjur process at startup and can
# be overridden by providing environment variables of the same name prefixed by
# CONJUR. For example, you can override the trusted_proxies value from this
# file by setting CONJUR_TRUSTED_PROXIES in the environment.
# Trusted proxies ensures that DAP can properly source client IP addresses.
#
# This setting should be a list of IP addresses and/or IP address ranges in CIDR
# notation. For example:
#
# trusted_proxies:
# - 192.168.1.1
# - 127.0.0.1
# trusted_proxies: []
authenticators:
- authn-oidc/oren
# This is a placeholder key to allow AnywayConfig to parse this sample config
# file consisting only of comments. Once the following PR is merged and
# released, this will no longer be necessary:
# https://github.com/palkan/anyway_config/pull/83
_:
orenbm
suggested changes
Jun 24, 2021
jtuttle
previously approved these changes
Jun 24, 2021
orenbm
force-pushed
the
onyx-9564-puma-process-id
branch
2 times, most recently
from
d6488b2
to
2965092
Compare
orenbm
previously approved these changes
Jun 24, 2021
This allows us to reliably identify the Conjur API server process to restart when reloading the Conjur config.
micahlee
force-pushed
the
onyx-9564-puma-process-id
branch
from
2965092
to
1747480
Compare
|
Code Climate has analyzed commit 1747480 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 90.6% (0.0% change). View more on Code Climate. |
orenbm
approved these changes
Jun 24, 2021
jtuttle
approved these changes
Jun 24, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This PR updates the puma config to explicitly set the process tag, rather than defaulting to the directory name of the application. This allows us to reliably identify the process to restart it when reloading the Conjur configuration.
What ticket does this PR close?
Resolves ONYX-9564
Checklists
Change log
Test coverage
Documentation
READMEs) were updated in this PR, and/or there is a follow-on issue to update docs, orAPI Changes