lundi 28 mai 2018

Rails 5.2: GCP deployment fails after starting to use the new encrypted credentials feature

I'm facing quite a strange issue with GCP (Google Cloud Platform) deployments. I've recently updated my Ruby on Rails application to 5.2 (was 5.1.4 previously) and I started using the the encrypted credentials feature (which I believe is amazing, to be honest), but it looks like GCP is not that happy with it.

Here is the traceback that I receive when I deploy (via gcloud from my local workstation and also CircleCI)

Started cloud_sql_proxy.
D, [2018-05-28T16:19:42.241746 #17] DEBUG -- : Cannot load `Rails.application.database_configuration`:
ActiveSupport::MessageEncryptor::InvalidMessage excluded from capture: DSN not set

rake aborted!
ActiveSupport::MessageEncryptor::InvalidMessage: Cannot load `Rails.application.database_configuration`:
ActiveSupport::MessageEncryptor::InvalidMessage
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:206:in `rescue in _decrypt'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:183:in `_decrypt'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:157:in `decrypt_and_verify'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/messages/rotator.rb:21:in `decrypt_and_verify'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/encrypted_file.rb:79:in `decrypt'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/encrypted_file.rb:42:in `read'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/encrypted_configuration.rb:21:in `read'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/encrypted_configuration.rb:33:in `config'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/encrypted_configuration.rb:38:in `options'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/core_ext/module/delegation.rb:271:in `method_missing'
(erb):25:in `<main>'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/application/configuration.rb:172:in `database_configuration'
/app/vendor/bundle/ruby/2.3.0/gems/activerecord-5.2.0/lib/active_record/railtie.rb:133:in `block (2 levels) in <class:Railtie>'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:71:in `instance_eval'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:71:in `block in execute_hook'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:62:in `with_execution_control'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:67:in `execute_hook'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:43:in `block in on_load'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:42:in `each'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:42:in `on_load'
/app/vendor/bundle/ruby/2.3.0/gems/activerecord-5.2.0/lib/active_record/railtie.rb:132:in `block in <class:Railtie>'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/initializable.rb:32:in `instance_exec'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/initializable.rb:32:in `run'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/initializable.rb:61:in `block in run_initializers'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/initializable.rb:60:in `run_initializers'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/application.rb:361:in `initialize!'
/app/config/environment.rb:5:in `<main>'
/app/vendor/bundle/ruby/2.3.0/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:21:in `require'
/app/vendor/bundle/ruby/2.3.0/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:21:in `block in require_with_bootsnap_lfi'
/app/vendor/bundle/ruby/2.3.0/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/loaded_features_index.rb:65:in `register'
/app/vendor/bundle/ruby/2.3.0/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:20:in `require_with_bootsnap_lfi'
/app/vendor/bundle/ruby/2.3.0/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:29:in `require'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/dependencies.rb:283:in `block in require'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/dependencies.rb:249:in `load_dependency'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/dependencies.rb:283:in `require'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/application.rb:337:in `require_environment!'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/application.rb:520:in `block in run_tasks_blocks'
/app/vendor/bundle/ruby/2.3.0/gems/sprockets-rails-3.2.1/lib/sprockets/rails/task.rb:62:in `block (2 levels) in define'
/app/vendor/bundle/ruby/2.3.0/gems/rake-12.3.1/exe/rake:27:in `<top (required)>'
/rbenv/versions/2.3.7/bin/bundle:22:in `load'
/rbenv/versions/2.3.7/bin/bundle:22:in `<main>'

Caused by:
OpenSSL::Cipher::CipherError: key length too short
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:193:in `key='
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:193:in `_decrypt'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:157:in `decrypt_and_verify'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/messages/rotator.rb:21:in `decrypt_and_verify'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/encrypted_file.rb:79:in `decrypt'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/encrypted_file.rb:42:in `read'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/encrypted_configuration.rb:21:in `read'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/encrypted_configuration.rb:33:in `config'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/encrypted_configuration.rb:38:in `options'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/core_ext/module/delegation.rb:271:in `method_missing'
(erb):25:in `<main>'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/application/configuration.rb:172:in `database_configuration'
/app/vendor/bundle/ruby/2.3.0/gems/activerecord-5.2.0/lib/active_record/railtie.rb:133:in `block (2 levels) in <class:Railtie>'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:71:in `instance_eval'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:71:in `block in execute_hook'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:62:in `with_execution_control'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:67:in `execute_hook'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:43:in `block in on_load'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:42:in `each'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/lazy_load_hooks.rb:42:in `on_load'
/app/vendor/bundle/ruby/2.3.0/gems/activerecord-5.2.0/lib/active_record/railtie.rb:132:in `block in <class:Railtie>'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/initializable.rb:32:in `instance_exec'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/initializable.rb:32:in `run'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/initializable.rb:61:in `block in run_initializers'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/initializable.rb:60:in `run_initializers'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/application.rb:361:in `initialize!'
/app/config/environment.rb:5:in `<main>'
/app/vendor/bundle/ruby/2.3.0/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:21:in `require'
/app/vendor/bundle/ruby/2.3.0/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:21:in `block in require_with_bootsnap_lfi'
/app/vendor/bundle/ruby/2.3.0/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/loaded_features_index.rb:65:in `register'
/app/vendor/bundle/ruby/2.3.0/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:20:in `require_with_bootsnap_lfi'
/app/vendor/bundle/ruby/2.3.0/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:29:in `require'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/dependencies.rb:283:in `block in require'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/dependencies.rb:249:in `load_dependency'
/app/vendor/bundle/ruby/2.3.0/gems/activesupport-5.2.0/lib/active_support/dependencies.rb:283:in `require'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/application.rb:337:in `require_environment!'
/app/vendor/bundle/ruby/2.3.0/gems/railties-5.2.0/lib/rails/application.rb:520:in `block in run_tasks_blocks'
/app/vendor/bundle/ruby/2.3.0/gems/sprockets-rails-3.2.1/lib/sprockets/rails/task.rb:62:in `block (2 levels) in define'
/app/vendor/bundle/ruby/2.3.0/gems/rake-12.3.1/exe/rake:27:in `<top (required)>'
/rbenv/versions/2.3.7/bin/bundle:22:in `load'
/rbenv/versions/2.3.7/bin/bundle:22:in `<main>'
Tasks: TOP => environment

The first error (DSN not set) is most likely coming from Sentry, although the DSN was added to the encrypted credentials file and Sentry if configured correctly.

config.dsn = Rails.application.credentials.dig(:sentry, :staging, :raven_dsn)

Second error (Cannot load Rails.application.database_configuration) makes me think that it's something related to database.yml, which works just fine in development and test environments.

default: &default
  adapter: postgresql
  encoding: unicode
  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
  timeout: 5000

development:
  <<: *default
  database: gcpfive_development

test:
  <<: *default
  database: gcpfive_test

staging:
  <<: *default
  username: <%= Rails.application.credentials.dig(:gcsql, :staging, :username) %>
  password: <%= Rails.application.credentials.dig(:gcsql, :staging, :password) %>
  database: <%= Rails.application.credentials.dig(:gcsql, :staging, :database) %>
  host: <%= Rails.application.credentials.dig(:gcsql, :staging, :host) %>

The third error (OpenSSL::Cipher::CipherError: key length too short) hints that maybe the master key is not found during the deploy and maybe that's why it also can't find the Sentry DSN? Has anyone else encountered a similar issue?

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)