Define SMTP settings in secrets file #3695
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
javierm
force-pushed
the
smtp_secrets
branch
2 times, most recently
from
68310b3
to
2e46378
Compare
houndci-bot
reviewed
Oct 16, 2019
javierm
force-pushed
the
smtp_secrets
branch
5 times, most recently
from
7c4cc8b
to
d9a6bfc
Compare
houndci-bot
reviewed
Oct 31, 2019
microweb10
force-pushed
the
smtp_secrets
branch
from
936abfc
to
a1222e8
Compare
javierm
changed the title
houndci-bot
reviewed
Nov 1, 2019
javierm
force-pushed
the
smtp_secrets
branch
2 times, most recently
from
a718672
to
7a2e967
Compare
javierm
changed the title
javierm
changed the title
houndci-bot
reviewed
Nov 2, 2019
| child.is_a?(Psych::Nodes::Scalar) && child.value == Rails.env | ||
| end | ||
|
|
||
| nodes.children[environment_index + 1].children.push(*Psych.parse(settings_to_add.to_yaml).children.first.children) |
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [118/110] (https://rubystyle.guide#80-character-limits)
javierm
changed the title
javierm
force-pushed
the
smtp_secrets
branch
2 times, most recently
from
997fc0a
to
b80154c
Compare
Since SMTP passwords should not be in a file under version control, and they're usually configured in the production.rb file (which is under version control), the natural place to configure it is the secrets.yml file. Until now we were using the capistrano shared folder, but that's a bit inconvenient since changes we've done to the production.rb file (like changing eager_load_paths when we upgraded to Rails 5) won't take effect after a deployment.
javierm
force-pushed
the
smtp_secrets
branch
from
188720a
to
8d3e5bc
Compare
microweb10
approved these changes
Nov 12, 2019
javierm
force-pushed
the
smtp_secrets
branch
from
8d3e5bc
to
667b4de
Compare
Existing installations having their configuration settings in the capistrano shared folder needed this migration. Note we can't just use `YAML.load` because we'd lose the anchors defined in the file. So we have to parse the file the hard way.
this is usually configured in the production.rb file (which is under version control), the natural place to configure it is the secrets.yml file. Until now we were using the capistrano shared folder, but that's a bit inconvenient since changes we've done to the production.rb file (like changing eager_load_paths when we upgraded to Rails 5) won't take effect after a deployment.
javierm
force-pushed
the
smtp_secrets
branch
from
667b4de
to
3e83395
Compare
Existing installations having their configuration settings in the capistrano shared folder needed this migration.
We were copying the current SMTP and SSL settings to the secrets file after overwriting them, but we need to copy them before overwriting them. The workaround I've found is to copy the tasks to the folder of the previous release and execute them there.
While this is not a secret and in theory should be in a file under version control, currently the CONSUL installer disables delayed jobs by default, meaning we were keeping two versions of the delayed jobs configuration file, and some existing configurations have their settings defined in a file in capistrano's `shared` folder. So we're moving existing settings to the secrets file.
Old versions of the installer created this file as root, making it impossible to change it as a regular user. So for old installations we need to make sure we've got write access to this file. We're using `sudo` because in these applications the installer gives `sudo` access to the deploy user, so everything works fine with the default configuration.
javierm
force-pushed
the
smtp_secrets
branch
from
3e83395
to
d7aab4c
Compare
smarques
pushed a commit
to venetochevogliamo/consul
that referenced
this pull request
Apr 29, 2020
Define SMTP settings in secrets file
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
References
Background
Currently, the CONSUL installer replaces the existing
production.rbenvironment file with its own file. This way secrets like SMTP credentials are not included in the repository. However, it's hard to keep both files up to date, and so changes we did to the production environment file when we upgraded to Rails 5 haven't been included in the installer.Objectives
Avoid differences between the
production.rbanddelayed_job_config.rbfiles included in version control and the ones included in the CONSUL installer.Release notes
SMTP, SSL and delayed job activation settings are now configured in the
config/secrets.ymlfile. If, as we strongly recommend, you use capistrano to deploy your code, your current settings will be copied to theconfig/secrets.ymlfile automatically so you won't have to worry about this change 😉. If for some reason you don't use capistrano, either have a look at the task inlib/tasks/secrets.rakeor edit yourconfig/secrets.ymlfile manually.If you've installed CONSUL using the CONSUL installer and you've activated delayed jobs and you've changed your delayed job (that is,
Delayed::Worker) configuration, you might want to edit theconfig/initializers/delayed_job_config.rbfile and adjust your settings.