I've started a new ruby 3.1.2 + Rails 7.0.4 app and I'm deploying from Ubuntu 22.04 to Debian 11. I'm using capistrano, nginx, passenger, rbenv as part of my stack.
The error I'm getting when deploying is;
00:04 deploy:assets:precompile
01 $HOME/.rbenv/bin/rbenv exec bundle exec rake assets:precompile
01 rake aborted!
01 ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage
01 /var/www/profile/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.4/lib/active_support/message_encryptor.rb:209:in `rescue in _decrypt'
01 /var/www/profile/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.4/lib/active_support/message_encryptor.rb:186:in `_decrypt'
01 /var/www/profile/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.4/lib/active_support/message_encryptor.rb:160:in `decrypt_and_verify'
01 /var/www/profile/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.4/lib/active_support/messages/rotator.rb:22:in `decrypt_and_verify'
01 /var/www/profile/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.4/lib/active_support/encrypted_file.rb:104:in `decrypt'
01 /var/www/profile/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.4/lib/active_support/encrypted_file.rb:66:in `read'
01 /var/www/profile/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.4/lib/active_support/encrypted_configuration.rb:21:in `read'
01 /var/www/profile/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.4/lib/active_support/encrypted_configuration.rb:33:in `config'
01 /var/www/profile/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.4/lib/active_support/encrypted_configuration.rb:48:in `options'
I've tried the following to fix it so far;
Created credentials using bin/rails credentials:edit
(commit, and deploy)
Created a production key and copied it over to production and configured capistrano to link that in
Configure production to use master key instead of production.key. I first removed the production.key I created in the last step, copied over my master.key to production shared area and added to linked_files to copy that in. This also failed.
Tried changing key generator hash from SHA256 to SHA1 (also didn't work) with the following
config.active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA1
Recreating credentials.yml.enc and master.key again from scratch and copying over the master.key to production and redeploying, also fails.
Update #1: Tried using production.key instead
I've tried creating a production key and I still get the same error on deploying.
Steps taken on my development box were;
$ rails secret
$ EDITOR=mg rails credentials:edit
$ rails credentials:edit --environment production
$ RAILS_ENV=production rails c
$ scp config/credentials/production.key 10.1.1.6:/var/www/profile/shared/config/credentials/
$ git add .
$ git ca -m 'Add production encrypted file'
Added the following to my deploy.rb
append :linked_files, 'config/credentials/production.key'
Then deployed
$ cap production deploy
I checked the release after deploy on the server and the production key file was properly linked from my shared config credentials area.
Update #2: Create production.yml.enc on production server
Just to test I logged into the production server and did the following commands;
Created production.yml.enc
$ cd /var/www/profile/releases/20221221021047
$ rm config/credentials/production.*
$ EDITOR=mg rails credentials:edit -e production
Test with rails console which wasn't working before, this now worked
$ RAILS_ENV=production rails c
Back on development box, I copied the new key from production, commited and deployed.
$ scp 10.1.1.6:/var/www/profile/releases/20221221021047/config/credentials/production.yml.enc ~/code/profile/config/credentials
$ git commit -am 'Updated production encrypted yaml with server generated one'
$ cap production deploy
Now I don't get the error on deploy (I still get it through nginx even after restarting nginx). It doesn't feel like this is the correct way to do this.
Update #3: remove .rbenv-vars file
I noticed that the documentation I was following got me to create a .rbenv-vars file on the production system. This was creating issues on my deploy. I remove the file and then I could create the production file and copy the production.key over and it now works, even in nginx.
- [X] DEV: Create production.yml.enc on dev and commit
: $ rm config/credentials/production.yml.enc
: $ scp config/credentials/production.key 10.1.1.6:/var/www/profile/shared/config/credentials/
: $ rake secret
: $ rails credentials:edit --environment production
Enter in 'secret_key_base: <secret numbers from rake secret command>'
: $ g ca -m 'updated production encrypted file with secret again'
: $ cap production deploy
Related
I have to deploy a Rails API to AWS EC2.
I'm following this tutorial: https://gorails.com/deploy/ubuntu/18.04#ruby
But I'm getting stuck on:
01 $HOME/.rbenv/bin/rbenv exec rake db:migrate
01 rake aborted!
01 ArgumentError: Missing secret_key_base for 'production' environment, set this string with rails credentials:edit
when cap production deploy
How should I generate the key?
Where should I put it?
What I do I have to config to this get working?
Need details that I not finding anywhere.
Thanks in advance!
Solved by rails new app
Copying master.key and credentials.yml.enc to my app
Commiting to repo
Added this line to config/deploy.rb:
set :linked_files, %w{config/master.key}
copy manualy the key to my ec2 on path/to/app/shared/config/master.key
And this problem was solved
I'm having some issues with Elastic Beanstalk environment variables which I want to set from credstash.
option_settings:
- namespace: aws:elasticbeanstalk:application:environment
option_name: SECRET_KEY_BASE
value: $(credstash --region eu-west-1 -t credstash get test.secret_key_base)
I have specified that credstash should be installed from Python:
packages:
python:
credstash: []
However, when I deploy asset precompilation fails (rake assets:precompile).
The EB health page shows that application deployment failed.
/opt/elasticbeanstalk/support/envvars: line 5: credstash: command not found
...
+ su -s /bin/bash -c 'bundle exec rake assets:precompile' webapp
`/home/webapp` is not a directory.
Bundler will use `/tmp/bundler/home/webapp' as your home directory temporarily.
rake aborted!
ArgumentError: `secret_key_base` for production environment must be a type of String`
secret_key_base is set to ENV['SECRET_KEY_BASE'] in secrets.yml, so it should contain the value from credstash. However, due to the credstash: command not found output, I'm guessing credstash was not installed or is not on the path for some reason.
Does anyone have any idea what could be going on here?
The answer was to set RAILS_SKIP_ASSET_COMPILATION to true. This will skip the /opt/elasticbeanstalk/hooks/appdeploy/pre/11_asset_compilation.sh hook, which runs before credstash is installed.
Instead I included this in a .config file:
container_commands:
01_assets_compile:
command: bundle exec rake assets:precompile RAILS_ENV=production
This will precompile the assets on each container, when credstash will be installed.
I have migrated my Ruby on Rails application from Rails 5.1.2 to Rails 5.2.0 to use the encrypted secrets. Application is successfully deployed to Digital Ocean Ubuntu Server. But when I go in browser to access, it shows the following log.
ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage
/home/deploy/apps/GeekyCricket/shared/bundle/ruby/2.4.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:206:in `rescue in _decrypt'
/home/deploy/apps/GeekyCricket/shared/bundle/ruby/2.4.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:184:in `_decrypt'
/home/deploy/apps/GeekyCricket/shared/bundle/ruby/2.4.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:157:in `decrypt_and_verify'
/home/deploy/apps/GeekyCricket/shared/bundle/ruby/2.4.0/gems/activesupport-5.2.0/lib/active_support/messages/rotator.rb:21:in `decrypt_and_verify'
/home/deploy/apps/GeekyCricket/shared/bundle/ruby/2.4.0/gems/activesupport-5.2.0/lib/active_support/encrypted_file.rb:79:in `decrypt'
/home/deploy/apps/GeekyCricket/shared/bundle/ruby/2.4.0/gems/activesupport-5.2.0/lib/active_support/encrypted_file.rb:42:in `read'
/home/deploy/apps/GeekyCricket/shared/bundle/ruby/2.4.0/gems/activesupport-5.2.0/lib/active_support/encrypted_configuration.rb:21:in `read'
/home/deploy/apps/GeekyCricket/shared/bundle/ruby/2.4.0/gems/activesupport-5.2.0/lib/active_support/encrypted_configuration.rb:33:in `config'
/home/deploy/apps/GeekyCricket/shared/bundle/ruby/2.4.0/gems/activesupport-5.2.0/lib/active_support/encrypted_configuration.rb:38:in `options'
/home/deploy/apps/GeekyCricket/shared/bundle/ruby/2.4.0/gems/activesupport-5.2.0/lib/active_support/core_ext/module/delegation.rb:271:in `method_missing'
(erb):12:in `<main>'
I have added encrypted secrets using rails credentials:edit, which creates config/credentials.yml.enc and master.key.
I also have added the master.key file on /app_name/shared/config/ on my ubuntu server, also placed an env variable RAILS_MASTER_KEY. But still getting this error, I don't know what I am missing here.
Solution A and B are different solutions. Just choose which is good for you.
a. Deploy from Continous Integration
1. Edit deploy.rb
set :default_env, {
"RAILS_ENV" => "production",
"RAILS_MASTER_KEY" => ENV["RAILS_MASTER_KEY"]
}
2. Add RAILS_MASTER_KEY as a variable
Travis CI
GitLab CI
b. Usage of master.key
1. Edit deploy.rb
append :linked_files, "config/master.key"
2. Upload master.key with :linked_files
Let's assume our application's root path is /home/deploy/awesome-project. All we need to do is upload the key file to /home/deploy/awesome-project/shared/config/master.key.
I faced the same problem, when deploying for the first time on my DigitalOcean Droplet, every time I ran RAILS_ENV=production cap production deploy:initial it failed complaining this error - ActiveSupport::MessageEncryptor::InvalidMessage
I tried below options which all failed -
removing master.key and credential.yml.enc file and then deploying again.
adding both files again and deploying.
Finally one solution worked, i just added master.key, removing credentials.yml.enc file, committed it and redeployed, and it worked without changing my deploy.rb file
I'm deploying an app on digitalocean following this guide: https://www.digitalocean.com/community/tutorials/deploying-a-rails-app-on-ubuntu-14-04-with-capistrano-nginx-and-puma#prerequisites
When I deploy with cap cap production deploy:initial --trace I keep getting this error
The deploy stops here: 01 ~/.rvm/bin/rvm default do bundle exec rake assets:precompile
01 rake aborted!
01
01 ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::Inva…
01
and when I run bundle exec rake assets:precompile locally I get yarn install v1.7.0
[1/4] 🔍 Resolving packages...
success Already up-to-date.
✨ Done in 0.05s.
I also installed yarn on the ubuntu server. I've made sure my ssh keys on the server are the same as my local ssh keys under ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa
I was thinking it was an SSH issue, but I think it might be something else since I've thoroughly followed online guides on digitalocean and elsewhere.
Any help would be appreciated!
This error was fixed by setting the secret keybase using export.
export SECRET_KEY_BASE="secret key"
To find or set your secret key in rails 5.2 use
rails credentials:edit
or if you haven't set your editor
EDITOR="vim --wait" rails credentials:edit
copy that secret key and then use the export line
I have a script that commits my code to GitHub and I modified it to also run a script on the web server that is supposed to pull the new code, which it does successfully, but then is unable to run the necessary Rails commands like Rake or Bundle. I'm confused because I change to the project directory at the top of the script and git pull runs fine. I even tried putting the Rails command calls inside a subshell with cd /home/rails/ at the top but that still didn't work and neither did specifying the full path to each Rails script. Am I going about this the wrong way or is there a better way to automate these two processes?
Commit script:
git add -A
git commit -m "$1"
git push
ssh root#example.com sh /home/rails/update_script.sh
Update script on server:
service unicorn stop
cd /home/rails/
git pull
rake db:migrate RAILS_ENV=production
rake assets:precompile RAILS_ENV=production
bundle install
service unicorn start
exit
Edit: Oops, forgot the output. Here is the output from the server:
* Stopping Unicorn web server unicorn
...done.
From https://github.com/my_name/example
7e0fee4..17fd564 master -> origin/master
Updating 7e0fee4..17fd564
Fast-forward
fresh.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
/usr/bin/env: ruby: No such file or directory
/usr/bin/env: ruby * Starting Unicorn web server unicorn
: No such file or directory
/usr/bin/env: ruby: No such file or directory
...done.
Maybe you have to add /usr/local/rvm/rubies/ruby-2.1.5/bin to $PATH.
And I think you should run bundle install before running rake tasks.
Try this:
service unicorn stop
cd /home/rails/
git pull
export PATH=$PATH:/usr/local/rvm/rubies/ruby-2.1.5/bin
bundle install
RAILS_ENV=production bundle exec rake db:migrate
RAILS_ENV=production bundle exec rake assets:precompile
service unicorn start
exit