Bug #5663
closed
[Documentation] Use "...puts rand()..." instead of "rake secret" in apiserver/workbench install instructions
Description
apps/workbench/config/application.yml.example should put "foobar" into secret_token, instead of "~" "rake secret" should work without a secret_token configured -- the instructions say to run "$ rake secret" to generate secret_token, but "$ rake secret" does not work unless you have something in the field already.
$ rake secret rake aborted! Refusing to start in development mode with missing configuration. The following configuration settings must be specified in config/application.yml: * secret_token
http://doc.arvados.org/install/install-workbench-app.html
https://arvados.org/projects/arvados/wiki/Hacking_Workbench
(a bigger story is to write up doc: how to start workbench instance from scratch to connect to existing api servers)
Updated by Brett Smith about 9 years ago
- Subject changed from application.yml.example for workench -- secret_token field causes "rake secret" to fail to [Workbench] Can't run "rake secret" without a secret_token already set
- Category set to Workbench
- Story points set to 0.5
It's worth checking whether the API server has the same problem, and addressing it there if so.
Updated by Tom Clegg about 9 years ago
Putting "foobar" in the default config is not acceptable because it allows the application to start up with secret set to a well known string. The current setup where secret_token is nil in the default config, and the default config is invalid, is all correct -- the bug is only that "rake secret" refuses to run when the configuration is incomplete/invalid. Unlike app startup and other rake tasks, "rake secret" actually should run when configuration is incomplete.
Other possible solutions:
"rake secret" just prints a string of random characters. There are lots of other ways to do that. We could change the instructions to say "tr -dc a-z </dev/urandom | head -c64; echo" or "ruby -e 'puts rand(2**400).to_s(36)'" instead of "rake secret".
We could bypass the check for that particular config variable (or any configs, for that matter) in the special case of "rake secret".
Perhaps it would also work to never check whether secret_token is nil in our generic nil-config-preventing code. This would be acceptable if Rails itself already refuses to start up without it.
Updated by Tom Clegg about 9 years ago
- Target version changed from Bug Triage to Arvados Future Sprints
Updated by Tom Clegg about 9 years ago
- Subject changed from [Workbench] Can't run "rake secret" without a secret_token already set to [Documentation] Use "...puts rand()..." instead of "rake secret" in apiserver/workbench install instructions
Updated by Tom Clegg about 9 years ago
- Target version changed from Arvados Future Sprints to 2015-05-20 sprint
Updated by Tom Clegg about 9 years ago
- Assigned To set to Radhika Chippada
- Target version changed from 2015-05-20 sprint to 2015-04-29 sprint
- Story points changed from 0.5 to 0.0
Updated by Radhika Chippada about 9 years ago
- Status changed from New to In Progress
- Category changed from Workbench to Documentation
Updated by Radhika Chippada about 9 years ago
Notes:
- Updated API and Workbench documentation to use "puts rand" instead of "rake secret"
- Also updated SSO guide to use "puts rand" in place of "rake secret"
- While at it, I also updated the index.html. Minor update to make the left hand side of the table to use the same display style as the right hand side with titles. I think the page looks more balanced with this.
Updated by Radhika Chippada almost 9 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
Applied in changeset arvados|commit:2054cdb05d79a3c45e8346661adc81062c383b16.