From 89abd44b76486c263f27618adc2aad0e5725f6c9 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 19 Jan 2022 09:42:46 +0100 Subject: [PATCH] lifecycle: add early check for missing/invalid secret key Signed-off-by: Jens Langhammer --- lifecycle/ak | 5 ++++- lifecycle/wait_for_db.py | 6 ++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lifecycle/ak b/lifecycle/ak index 6e7060d2c..93be4b6ec 100755 --- a/lifecycle/ak +++ b/lifecycle/ak @@ -62,7 +62,10 @@ if [[ "$1" == "server" ]]; then wait_for_db echo "server" > $MODE_FILE # We only set prometheus_multiproc_dir for serer, as with the worker it just fills up the disk - export prometheus_multiproc_dir=/dev/shm/ + # as one file is created per process + # + # Set to TMPDIR instead hardcoded path so this can be used outside docker too + export prometheus_multiproc_dir=$TMPDIR python -m lifecycle.migrate /authentik-proxy elif [[ "$1" == "worker" ]]; then diff --git a/lifecycle/wait_for_db.py b/lifecycle/wait_for_db.py index af157ac46..f466068b4 100755 --- a/lifecycle/wait_for_db.py +++ b/lifecycle/wait_for_db.py @@ -25,6 +25,12 @@ def j_print(event: str, log_level: str = "info", **kwargs): print(dumps(data), file=stderr) +# Sanity check, ensure SECRET_KEY is set before we even check for database connectivity +if CONFIG.y("secret_key") is None or len(CONFIG.y("secret_key")) == 0: + j_print("Secret key missing, check https://goauthentik.io/docs/installation/.") + exit(1) + + while True: try: conn = connect(