• Jérome Perrin's avatar
    turnserver: workaround zero-knowledge.read limitation · 969e31cd
    Jérome Perrin authored
    slapos.cookbook:zero-knowledge.read has this limitation that because it
    reads the secret file on __init__, ie. before any other parts are
    installed, the value cannot be read the first time.
    On first slapos node instance run, the generated turnserver-config has
    an empty secret, it's only after the second execution that the secret is
    generated. What happens is:
     - first run:
       - read-secret __init__ cannot find the file and does not override
         secret
       - turnserver-config uses the default ${read-secret:secret} (empty
         string)
       - gen-secret install creates the secret file
     - second run
       - read-secret __init__ finds the file and override secret with the
         value read from the file.
       - turnserver-config uses the overriden ${read-secret:secret} (good
         secret)
    
    This was not a problem before, because some frontend promise were
    always failing, so we processed this partition several time, but now it
    is succesfully processed the first time.
    
    To workadound this, we prevent turnserver from starting if secret is
    empty, then promise will fail, instance will be processed a second time
    and then turnserver will run with a secret.
    969e31cd
instance-turnserver.cfg.jinja2.in 4.85 KB