chore: get websocket service to start in docker-compose #28135
Conversation
Upon start up, the superset-websocket service requires a config.json that contains a secret key (much like we set a SECRET_KEY up for flask on the python side). In normal operation, the administrator needs to provide such a file by copying and altering `superset-websocket/config.example.json`. For `docker-compose`, now that we're 100% clear in our docs and files that our provided setup should not be used for production, we want to provide a dummy config file so that the service can start, as opposed to the confusion of starting a service that crashes upon start and spits a wall of confusing JSON. Note that I've also: - improved the error message for when the secret is too simple - copied the example file into `docker/superset-websocket/config.json` - altered the password with a dummy secret
|
|
||
| if (startServer && opts.jwtSecret.startsWith('CHANGE-ME')) { | ||
| console.warn( | ||
| 'WARNING: it appears you secret in your config.json is insecure', |
There was a problem hiding this comment.
On our first attempt to tackle the default SECRET_KEY issue, we did a similar thing on the Flask backend, and it was proven that many admins ignore these warnings even when the log warning is a large banner.
Can we do it in such a way that is a specific config for docker-compose only? docker/.env holds many secret defaults but it's only used by docker-compose
There was a problem hiding this comment.
The way I did things here this file in the repo ./docker/superset-websocket/config.json is only mounted in docker-compose. If you go raw docker or helm it wouldn't get picked up.
For clarity though now I wonder if we should create a new docker/compose folder for things meant only for docker-compose to use (?). Currently it's mostly resources for docker-compose, but some things might be reused in Dockerfile as entrypoints or by Helm(?)
There was a problem hiding this comment.
oh right, my comment was too early in the morning ;)
docker/compose seems like a good idea
There was a problem hiding this comment.
ok I'll try and untangle as much as possible prior to merging
mistercrunch
added
🏷️ bot
When starting vanilla docker-compose, this shows up ->
What's happening is upon start up, the superset-websocket service requires a config.json that contains a secret key (much like we set a SECRET_KEY up for flask on the python side). In normal operation, the administrator needs to provide such a file by copying and altering
superset-websocket/config.example.json.For
docker-compose, now that we're 100% clear in our docs and files that our provided setup should not be used for production, we want to provide a dummy config file so that the service can start, as opposed to the confusion of starting a service that crashes upon start and spits a wall of confusing JSON.Note that I've also:
docker/superset-websocket/config.json