Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build Rails app for production environment #10

Merged
merged 1 commit into from
Feb 7, 2022
Merged

Build Rails app for production environment #10

merged 1 commit into from
Feb 7, 2022

Conversation

NathanielRN
Copy link
Contributor

@NathanielRN NathanielRN commented Feb 4, 2022
edited

Description

In our Soak Tests, we found out that a Rails app instrumented with OTel Ruby in development mode will use an unbounded amount of memory when receiving several requests.

CloudWatch showed a development Rails app using 11 GB of memory after just 2 hours:

image

We asked on the OTel Ruby CNCF Slack channel and got the great feedback that we should use a production environment.

This PR does that, and when we did that the Memory Usage was less than 1 GB after 5 hours:

image (1)

However, to allow for a production environment, the rails app requires a "secret_base_key". Otherwise it will spam the log output with warnings which is really troublesome.

To solve this, we added dummy credentials which don't do anything. Because this is an example, we directly commit the security credentials in the Dockerfile but this is NOT GOOD PRACTICE FOR REAL PRODUCTION ENVIRONMENTS. We allow it to be like this because we want this demo example to work.

You can confirm the credentials work and view the encoded contents of by doing the following command:

$ cd sample-apps/manual-instrumentation/ruby-on-rails
$ RAILS_MASTER_KEY=<KEY_IN_SAMPLE-APP_DOCKERFILE> bin/rails credentials:edit

This will show the following contents:

# NOTE: DO NOT USE THIS IN PRODUCTION ENVIRONMENTS, WE ONLY SET THIS TO SIMULATE A REAL RAILS APP.

# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies.
secret_key_base: DO_NOT_STORE_A_SECRET_THIS_IS_JUST_FOR_AN_EXAMPLE

We cannot use something like RAILS_MASTER_KEY=BOGUS_KEY but the tests immediately fail to start the app 馃槙:

app_1 | 2022-02-04 22:18:51 +0000 Rack app ("GET /outgoing-http-call" - (172.18.0.4)): #<ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage>

@srprash
Copy link

srprash commented Feb 5, 2022

Thanks for figuring this out and making it work!
Just out of curiosity, if the RAILS_MASTER_KEY is just a dummy credential, does it need to be in a certain format to work or can we simply replace it with something like "dummy_credential"?

@NathanielRN
Copy link
Contributor Author

@srprash Thanks for that prompt!!

I actually did test this with something like RAILS_MASTER_KEY=BOGUS_KEY but the tests immediately fail to start the app 馃槙:

app_1             | 2022-02-04 22:18:51 +0000 Rack app ("GET /outgoing-http-call" - (172.18.0.4)): #<ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage>

It's a good idea to post this in the README and PR description though so I've done that!

srprash
srprash approved these changes Feb 7, 2022
View reviewed changes
Copy link

@srprash srprash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@NathanielRN NathanielRN merged commit 2c825b5 into main Feb 7, 2022
@NathanielRN NathanielRN deleted the build-rails-app-for-production branch February 7, 2022 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srprash srprash srprash approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@NathanielRN @srprash