-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Add serverless support #1
base: main
Are you sure you want to change the base?
Conversation
If the step to build it your self is a preferred step, then might i suggest to put this behind a feature flag? |
I think it would be wise to offer this option as a feature-flag, thanks for the suggestion! Furthermore, I'd suggest that this repo here will provide the guides and tools, terraform examples and built "ready-to-deploy" releases. https://github.com/dani-garcia/vaultwarden could place a small link here. Open for all kind of suggestions :) PS: EFS Integation works flawlessly, and thanks to JWT, Lambda concurrency is no issue either 🎉 |
- Updated GitHub actions - Fixed an issue with testing MSRV (It didn't)
Update GitHub Workflow
Because of some changes in the packages of Debian we need to add an extra package to request it also to install
Fix arm builds
Just wanted to give a quick update; basic integration is all fine, including mysql and postgres, however there are concurrency issues as sqlite is clearly not designed for network shares. Processes that write to the DB (time-consuming ones, such as logins and registers) can easily interfere with each other, leaving the database blocked until concurrency normalises. "Problematic actions"
Typical error messages that will appear on the Web Vault / Mobile clients include
As said, as a workaround it is enough to wait some time but this can be a real show-stopper if you need credentials right at this moment. The current standing is that it should be "just fine" for a small personal server, maybe even small orgs, but it cannot relied upon for bigger use-cases. For that, rewriting all the database parts to DynamoDB would be needed, for which I have created issue #2 I'll be checking dynarust and dynomite in the next two weeks as a first step to determine how much work is needed; the goal would still be to provide some "patch" or small additions/modifications such that it can be merged into vaultwarden. I'll extend the Readme such that interested users are aware of this pitfall at the moment. |
Would it be worth considering merging this in now and adding DynamoDB as a feature by itself? |
Thanks for raising the question. I have tested the serverless solution with my personal vault for several weeks two months ago. Unfortunately, I can not recommend merging this back to vaultwarden at the moment as the usage of this feature would potentially harm users. Due to the concurrency of AWS Lambda instances, the network share with the sqlite file will be mounted on different instances. Whenever a write / sync to the sqlite file happens, we risk corrupting it as other instances might be trying to do the same thing at the same time. While AWS claims, that locking on EFS supported, I have been able to successfully race these locks while they were propagating and corrupted several databases this way. |
Have you seen any issues when using MySQL or PG? |
I haven't tested it but that should work fine. |
Serversless apps are great, no need to manage the ec2 instance, and I already have a RDS for internal tooling etc, so this will be perfect. |
Todo
additionally