Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore!: stop writing on root file system #671

Merged
merged 5 commits into from
Aug 14, 2023
Merged

chore!: stop writing on root file system #671

merged 5 commits into from
Aug 14, 2023
+67 −59

Conversation

oleobal
Copy link
Collaborator

@oleobal oleobal commented Jun 13, 2023
edited

Description

(this PR replaces #657 because I messed up my branches, sorry)

Writing on the root filesystem fails when readOnlyRootFilesystem is set, which is the case in some environments, such as OpenShift. This PR fixes this.

Since SECRET_KEY is now stored in a secret, it should also mostly fix "Given token is not valid for any token type" errors, which were due to application restart where SECRET_KEY was regenerated and users had to refresh their tokens (which were signed with the old SECRET_KEY)

Reverts most changes from #668 >_>

Fixes FL-1000

Checklist

  • changelog was updated with notable changes
  • documentation was updated

@linear
Copy link

linear bot commented Jun 13, 2023

FL-1000 Stop writing on root filesystem

@oleobal oleobal mentioned this pull request Jun 13, 2023
Closed
2 tasks
@oleobal
Copy link
Collaborator Author

oleobal commented Jun 13, 2023

/e2e

@Owlfred
Copy link

Owlfred commented Jun 13, 2023
edited

End to end tests: ✔️ SUCCESS

Yay! 🎉

@oleobal oleobal marked this pull request as ready for review June 14, 2023 09:45
@oleobal oleobal requested a review from a team as a code owner June 14, 2023 09:45
@oleobal oleobal marked this pull request as draft June 14, 2023 09:46
@oleobal oleobal marked this pull request as ready for review June 30, 2023 09:10
@oleobal
Copy link
Collaborator Author

oleobal commented Jun 30, 2023

/e2e --help

@Owlfred
Copy link

Owlfred commented Jun 30, 2023 

Usage: /e2e [options] [help]

/e2e may appear anywhere as long as it is on its own line

Options:
  --refs <value>                                         Extra refs (branch or tag) with format REPO=GIT_REF,REPO=GIT_REF.
  Supported repositories: hlf-k8s, orchestrator, substra-backend, substra-frontend, substra-tools, substrafl, substra, substra-tests, substra-ci.
  Example: /e2e --refs substra-backend=some_branch,orchestrator=some_tag (default: {})
  --tests-to-run, --tests <tests-to-run>                 Comma-separated list of tests to run. Valid options: sdk,substrafl,frontend or NONE. (default: "sdk")
  --benchmarks-to-run, --benchmarks <benchmarks-to-run>  Comma-separated list of workflows tests to run. Valid options: mnist, camelyon or NONE. (default: "NONE")
  --orchestrator-mode, --mode <orchestrator-mode>        Comma-separated list of orchestrator modes to run tests for. Valid options: standalone,distributed (default: "standalone,distributed")
  -h, --help                                             display help for command

@oleobal
Copy link
Collaborator Author

oleobal commented Jun 30, 2023

/e2e --tests sdk,substrafl,frontend

@Owlfred
Copy link

Owlfred commented Jun 30, 2023
edited

End to end tests: ❌ FAILURE

Jobs status:

  • Tests Benchmark: ⏭️
  • Tests Distributed:
  • Tests Standalone:

Sorry, try again.

@oleobal oleobal force-pushed the chore/read-only-root-fs branch 2 times, most recently from 38c47cb to 10c2fb1 Compare July 17, 2023 15:25
@oleobal oleobal mentioned this pull request Jul 17, 2023
Merged
2 tasks
@oleobal
Copy link
Collaborator Author

oleobal commented Jul 17, 2023

/e2e --tests sdk,substrafl,frontend

@Owlfred
Copy link

Owlfred commented Jul 17, 2023
edited

End to end tests: ❌ FAILURE

Jobs status:

  • Camelyon: ⏭️
  • Distributed / distributed-sdk,substrafl,frontend:
  • MNIST: ⏭️
  • Standalone / standalone-sdk,substrafl,frontend:

“Boy, that escalated quickly.” ― Ron Burgundy, Anchorman: The Legend of Ron Burgundy

@oleobal
Copy link
Collaborator Author

oleobal commented Jul 18, 2023

/e2e --tests sdk,frontend

@Owlfred
Copy link

Owlfred commented Jul 18, 2023
edited

End to end tests: ❌ FAILURE

Jobs status:

  • Camelyon: ⏭️
  • Distributed / distributed-sdk,frontend:
  • MNIST: ⏭️
  • Standalone / standalone-sdk,frontend:

Too bad.

@oleobal
Copy link
Collaborator Author

oleobal commented Jul 18, 2023

/e2e --tests sdk

just keep removing tests until it passes

@Owlfred
Copy link

Owlfred commented Jul 18, 2023
edited

End to end tests: ❌ FAILURE

Jobs status:

  • Camelyon: ⏭️
  • Distributed / distributed-sdk:
  • MNIST: ⏭️
  • Standalone / standalone-sdk:

“Rien ne sert de courir ; il faut partir à point.” ― Jean de La Fontaine (Le Lièvre et la Tortue)

SdgJlbl
SdgJlbl approved these changes Jul 18, 2023
View reviewed changes
Copy link
Contributor

@SdgJlbl SdgJlbl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@oleobal
Copy link
Collaborator Author

oleobal commented Jul 18, 2023

/e2e --tests sdk

please?

@Owlfred
Copy link

Owlfred commented Jul 18, 2023
edited

End to end tests: ❌ FAILURE

Jobs status:

  • Camelyon: ⏭️
  • Distributed / distributed-sdk:
  • MNIST: ⏭️
  • Standalone / standalone-sdk:

Not this time.

@oleobal oleobal force-pushed the chore/read-only-root-fs branch 2 times, most recently from 6a3a697 to 1318451 Compare July 19, 2023 13:19
@oleobal
Copy link
Collaborator Author

oleobal commented Jul 20, 2023

/e2e --tests sdk,frontend

@Owlfred
Copy link

Owlfred commented Jul 20, 2023
edited

End to end tests: ✔️ SUCCESS

That was easy.

@oleobal oleobal force-pushed the chore/read-only-root-fs branch 2 times, most recently from 92feee4 to 9e21e28 Compare August 14, 2023 15:11
@github-actions github-actions bot added the documentation Improvements or additions to documentation label Aug 14, 2023
@oleobal
Copy link
Collaborator Author

oleobal commented Aug 14, 2023

/e2e --tests sdk,frontend

@Owlfred
Copy link

Owlfred commented Aug 14, 2023
edited

End to end tests: ✔️ SUCCESS

“It’s alive! It’s alive!” ― Henry Frankenstein, Frankenstein

@oleobal
chore(helm): stop writing on root file system
591f073 
Signed-off-by: Olivier Léobal <olivier.leobal@owkin.com>
@oleobal
Remove permission changes from branch
3754247 
Signed-off-by: Olivier Léobal <olivier.leobal@owkin.com>
@oleobal
add SECRET_KEY_LOAD_AND_STORE=False to many deployments
62122e3 
Signed-off-by: Olivier Léobal <olivier.leobal@owkin.com>
@oleobal
Source SECRET_KEY from secret generated at install time
4420b78 
Signed-off-by: Olivier Léobal <olivier.leobal@owkin.com>
@oleobal
fix changelog
20cb5e0 
Signed-off-by: Olivier Léobal <olivier.leobal@owkin.com>
@oleobal oleobal changed the title chore(helm): stop writing on root file system chore: stop writing on root file system Aug 14, 2023
@oleobal oleobal changed the title chore: stop writing on root file system chore!: stop writing on root file system Aug 14, 2023
@oleobal oleobal merged commit d268f66 into main Aug 14, 2023
13 checks passed
@oleobal oleobal deleted the chore/read-only-root-fs branch August 14, 2023 15:52
@Milouu Milouu mentioned this pull request Sep 5, 2023
Merged
Milouu added a commit that referenced this pull request Sep 7, 2023
@Milouu
chore: release 0.41.0 (#725)
9a7259d 
### Added

- New `SECRET_KEY` optional environment variable
([#671](#671))
- `/api-token-auth/` and the associated tokens can now be disabled
through the `EXPIRY_TOKEN_ENABLED` environment variable and
`server.allowImplicitLogin` chart value
([#698](#698))
- Tokens issued by `/api-token-auth/` can now be deleted like other API
tokens, through a `DELETE` request on the `/active-api-tokens` endpoint
([#698](#698))

### Changed

- Increase the number of tasks displayable in frontend workflow
[#697](#697)
- BREAKING: Change the format of many API responses from
`{"message":...}` to `{"detail":...}`
([#705](#705))

### Removed

- BREAKING: `SECRET_KEY_PATH` and `SECRET_KEY_LOAD_AND_STORE`
environment variables
([#671](#671))
- Removed logic for storing `SECRET_KEY` at startup, in order to
increase stability; it should be done at a higher level, i.e. the chart
([#671](#671))

## Fixed

- `/api-token-auth/` sometimes handing out tokens that are about to
expire ([#698](#698))

Signed-off-by: Milouu <milan.roustan@owkin.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SdgJlbl SdgJlbl SdgJlbl approved these changes

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@oleobal @Owlfred @SdgJlbl