Why my release don't get env vars?

zoedsoupe · December 29, 2020, 7:44pm

I’m following these two tutorials:

And I can create a release without so much effort, however, creating a .env file and then sourcing it doesn’t get effect…

My solution was to declare each env var manually, on one-line shot and run migrations and start the app.

Am I doing something wrong?

NobbZ · December 29, 2020, 9:29pm

Do you export from the .env file?

zoedsoupe · December 30, 2020, 9:50pm

Yeah I exported!

NobbZ · December 30, 2020, 9:51pm

Can you then please tell more about your process?

How does your Dockerfile look like? Your entrypoint script? Your relevant config files?

zoedsoupe · December 30, 2020, 9:56pm

The problem was that I was using System.fetch_env!/1, so all env vars weren’t loading on compile time… Changing to System.get_env/2 solved the issue!

However I’m getting two new problem now:

1 - When I create a release with MIX_ENV=prod mix release and then run _build/prod/rel/conts/bin/conts eval Conts.Release.migrate I get the following error:

** (RuntimeError) connect raised KeyError exception: key :database not found.

This is my runtime.exs:

import Config

secret_key_base = System.get_env("SECRET_KEY_BASE")
session_cookie_name = System.get_env("SESSION_COOKIE_NAME")
session_cookie_signing_salt = System.get_env("SESSION_COOKIE_SIGNING_SALT")
session_cookie_encryption_salt = System.get_env("SESSION_COOKIE_ENCRYPTION_SALT")

app_port = String.to_integer(System.get_env("PORT", "4000"))
app_hostname = System.get_env("HOST", "localhost")

db_url = System.get_env("DB_URL")
pool_size = String.to_integer(System.get_env("POOL_SIZE", "10"))

config :conts, Conts.Repo,
  adapter: Ecto.Adapters.Postgres,
  url: db_url,
  pool_size: pool_size,
  ssl: false

config :conts, ContsWeb.Endpoint,
  load_from_system_env: true,
  http: [:inet6, port: {:system, "PORT"}],
  secret_key_base: secret_key_base,
  session_cookie_name: session_cookie_name,
  session_cookie_signing_salt: session_cookie_signing_salt,
  session_cookie_encryption_salt: session_cookie_encryption_salt

config :conts,
  app_port: app_port

config :conts,
  app_hostname: app_hostname

The strange part is that if I set :show_sensitive_data_on_connection_error to true, this is the output:

** (KeyError) key :database not found in: [pool_index: 1, types: Postgrex.DefaultTypes, hostname: "localhost", username: "matthew", port: 5432, repo: Conts.Repo, telemetry_prefix: [:conts, :repo], otp_app: :conts, timeout: 15000, adapter: Ecto.Adapters.Postgres, show_sensitive_data_on_connection_error: true, ssl: false, pool_size: 2, pool: DBConnection.ConnectionPool]

Why the :username is getting my system’s username? I don’t even set that anywhere…

2 - When I run mix test, I got this error on controllers: ** (ArgumentError) cookie store expects conn.secret_key_base to be set

However, on test env the secret_key_base wasn’t set by default?

this is my config.exs:

# This file is responsible for configuring your application
# and its dependencies with the aid of the Mix.Config module.
#
# This configuration file is loaded before any dependency and
# is restricted to this project.

# General application configuration
use Mix.Config

config :conts,
  ecto_repos: [Conts.Repo],
  generators: [binary_id: true]

# Configures the endpoint
config :conts, ContsWeb.Endpoint,
  url: [host: "localhost"],
  secret_key_base: "JqlSibgU/Ykrwvzz1ByJn2xayNDJlXkuBzmqHIW2yILDXSI3IHB2VbTqde/sIQw4",
  render_errors: [view: ContsWeb.ErrorView, accepts: ~w(html json), layout: false],
  pubsub_server: Conts.PubSub,
  live_view: [signing_salt: "LvrsHaeP"]

# Configures Elixir's Logger
config :logger, :console,
  format: "$time $metadata[$level] $message\n",
  metadata: [:request_id]

# Use Jason for JSON parsing in Phoenix
config :phoenix, :json_library, Jason

if Mix.env() != :prod do
  config :git_hooks,
    auto_install: true,
    verbose: true,
    hooks: [
      pre_commit: [
        tasks: [
          {:cmd, "mix format"},
          {:cmd, "mix credo --strict"}
        ]
      ],
      pre_push: [
        verbose: false,
        tasks: [
          {:cmd, "mix dialyzer"},
          {:cmd, "mix test"},
          {:cmd, "echo 'success!'"}
        ]
      ]
    ]
end

# Mailing configs
email_domain = "boosting.tech"

config :conts, Conts.Mailing,
  adapter: Bamboo.LocalAdapter,
  open_email_in_browser_url: "http://localhost:4000/sent_emails"

# Pow
config :conts, :pow,
  user: Conts.Accounts.User,
  repo: Conts.Repo,
  extensions: [PowResetPassword, PowEmailConfirmation],
  web_module: ContsWeb,
  controller_callbacks: Pow.Extension.Phoenix.ControllerCallbacks,
  mailer_backend: Conts.Mailing,
  web_module_mailer: Conts

# Conts custom configs

config :conts, mailing_default_from_name: "Sistema Conts"
config :conts, mailing_default_from_email: "noreplyconts@boosting.tech"

# Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above.
import_config "#{Mix.env()}.exs"

Other files:

Dockerfile:

# Set global arg for multistage
ARG DB_URL

FROM elixir:1.11.2-alpine AS builder

RUN apk add --no-cache yarn build-base

RUN mkdir /app
WORKDIR /app

ARG DB_URL
ARG SECRET_KEY_BASE
ARG SESSION_COOKIE_NAME
ARG SESSION_COOKIE_SIGNING_SALT
ARG SESSION_COOKIE_ENCRYPTION_SALT

# Mix env
ENV MIX_ENV=prod \
    DB_URL=$DB_URL \
    SECRET_KEY_BASE=$SECRET_KEY_BASE \
    SESSION_COOKIE_NAME=$SESSION_COOKIE_NAME \
    SESSION_COOKIE_SIGNING_SALT=$SESSION_COOKIE_SIGNING_SALT \
    SESSION_COOKIE_ENCRYPTION_SALT=$SESSION_COOKIE_ENCRYPTION_SALT 

# Cache elixir deps
ADD mix.exs mix.lock ./
RUN mix local.rebar
RUN mix local.hex --force
RUN mix do deps.get, deps.compile

# Same with node deps
COPY assets assets
RUN yarn --cwd assets

COPY lib lib
COPY config config
COPY priv priv

# Run frontend build, compile, and digest assets
RUN yarn --cwd assets deploy && \
    cd - && \
    mix do compile, phx.digest

RUN mix release

# ---- Application Stage ----
FROM alpine AS app

ARG DB_URL

ENV MIX_ENV=prod \
    DB_URL=$DB_URL \
    SHELL=/bin/fish

# Intall needed packages
RUN apk --no-cache upgrade && \
    apk add --no-cache openssl \
      ncurses-libs postgresql-client fish

# Copy over the build artifact from the previous step and create a non root user
RUN adduser -D -h /home/app app
WORKDIR /home/app
COPY --from=builder /app/_build .
RUN chown -R app: ./prod
USER app

COPY entrypoint.sh .

# Run the Phoenix app
CMD ["./entrypoint.sh"]

entrypoint.sh:

#!/bin/sh
# Docker entrypoint script.

# Wait until Postgres is ready
while ! pg_isready -q -d $DB_URL 
do
  echo "$(date) - waiting for database to start"
  sleep 2
done

echo "Connected to the database"

./prod/rel/conts/bin/conts eval Conts.Release.migrate

./prod/rel/conts/bin/conts start

NobbZ · December 30, 2020, 10:06pm

What is DB_URL in the system environment?

Do you perhaps have no dockerignore file which contains _build and deps and therefore partial builds slip into your container, which again might cause config values to exist that you do not want to exist?

zoedsoupe · December 30, 2020, 10:10pm

Well, I’m trying to generate the release on my local machine to test, and DB_URL is being set to postgresql://postgres:postgres@localhost/conts_dev

I’m creating the release as:

MIX_ENV=prod DB_URL=postgresql://postgres:postgres@localhost/conts_dev mix release

NobbZ · December 30, 2020, 10:11pm

And how do you run it?

zoedsoupe · December 30, 2020, 10:12pm

runned as: _build/prod/rel/conts/bin/conts eval Conts.Release.migrate

NobbZ · December 30, 2020, 10:15pm

Before that have you explicitely set and exported the DB_URL?

runtime.exs is re read on each start, but not on build at all, so you have to have the environment set on start, not on build.

zoedsoupe · December 30, 2020, 10:17pm

Ok, locally I dind’t export the DB_URL, executing in fish shel: setenv DB_URL postgresql://postgres:postgres@localhost:5432/conts_dev, solves the first problem…

In production (Dockerfile) the DB_URL will be set “globally”, so I won’t get this error!

Than you so much! You accompanying me helps so much (:

But the test problem persists…

axelson · December 30, 2020, 10:19pm

Just wanted to note that the change you made here didn’t actually make the difference you thought it did. Both of those calls are executed at the same time. Which is usually runtime unless you’re using a module attribute or some other compile time facility.

zoedsoupe · December 30, 2020, 10:21pm

Yeah! Now I understand better the compile/runtime thing!

I can create the release as:
MIX_ENV=prod mix release

without any env var such as DB_URL

But when I start the app I need to export or set on one-line!

zoedsoupe · December 30, 2020, 10:23pm

However… You have any idea why my tests are breaking with this error:
** (ArgumentError) cookie store expects conn.secret_key_base to be set?

It seems that on test env the app is retrieving th SECRET_KEY_BASE env var, but this one is only set on runtime.exs

executing tests as:
SECRET_KEY_BASE=xxxxxxx mix test

gives me:

Finished in 41.0 seconds
35 tests, 0 failures

NobbZ · December 30, 2020, 10:41pm

As far as I know, config/test.exs does not set or overwrite the secret_key_base in a default generated application.

So you might have changed some things for a reason or by accident. It does not make (much) sense to read the env during test. If you do not want to hardcode a secret_key_base in config/config.exs (which is still there) you can remove it there and use config/runtime.exs instead to read it from the env, while hardcoding some “well known secret” in config/test.exs.

Or you just don’t touch the value in the test config and use the one from the “main” config as a well known default, that you shouldn’t use in production then though.

zoedsoupe · December 30, 2020, 10:47pm

That’s the problem… I didn’t change nothing for tests neither test.exs

grepping for SECRET_KEY_BASE and secret_key_base gaves me this:

conts git:(deploy)$✘!? elixir:(1.11.0)
ﬦ grep -rnw . -e 'secret_key_base' --exclude-dir deps -I -l
./erl_crash.dump
./config/runtime.exs
./config/config.exs
./assets/node_modules/phoenix/lib/phoenix/endpoint.ex
./assets/node_modules/phoenix/lib/phoenix/socket/transport.ex
./assets/node_modules/phoenix/lib/phoenix/token.ex
./assets/node_modules/phoenix/lib/phoenix/endpoint/supervisor.ex
./_build/prod/rel/conts/releases/0.1.0/runtime.exs
./_build/prod/rel/conts/releases/0.1.0/sys.config
./_build/prod/rel/conts/tmp/conts-0.1.0-20201230182825-2b8b.runtime.config

conts git:(deploy)$✘!? elixir:(1.11.0)
ﬦ grep -rnw . -e 'SECRET_KEY_BASE' --exclude-dir deps -I -l
./config/runtime.exs
./_build/prod/rel/conts/releases/0.1.0/runtime.exs
./deploy/deploy.sh
./deploy/Dockerfile

Which I think is totally fine

I’ll try rollback on one branch! I created a new one called deploy for this case! If everything goes wrong, rollback haha

zoedsoupe · December 30, 2020, 11:12pm

If you get here from google, I strongly advise you to read the entire topic! You’ll learn a lot!

Yeah! Rolling back to another branch solved the test issues…

So summing up:

env var not matter on creating a release with
MIX_ENV=prod mix release

they only matter on starting the release!

Thank you all so much!

NobbZ · December 30, 2020, 11:52pm

It is not that easy. Depending on how and where you read them they might also affect the build.

config/runtime.exs is only evaluated during application boot, therefore its solely runtime config.