From 677e80ad703ff0a2b24fcdfe83449519fd529351 Mon Sep 17 00:00:00 2001 From: Tudor Date: Thu, 26 Mar 2026 16:57:22 +0000 Subject: [PATCH] fix(airflow): generate config before starting processes, set fixed secret key The init container and airflow container have separate filesystems, so airflow.cfg generated by db migrate is not available to the scheduler/ api-server. Without a config file, both processes race to generate their own with different random JWT secret keys. Fix by: 1. Running `airflow config list` first to generate airflow.cfg once 2. Setting a fixed SECRET_KEY via env var (>= 64 bytes for SHA512) 3. Adding sleep 3 so scheduler writes config before api-server starts Co-Authored-By: Claude Opus 4.6 --- docker-compose.portainer.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.portainer.yml b/docker-compose.portainer.yml index 4fb7fd7..6f1dd1c 100644 --- a/docker-compose.portainer.yml +++ b/docker-compose.portainer.yml @@ -188,7 +188,7 @@ services: airflow: image: privaterepo.sitaru.org/tudor/school_compare-pipeline:latest container_name: schoolcompare_airflow - command: bash -c "airflow scheduler & exec airflow api-server --port 8080" + command: bash -c "airflow config list >/dev/null 2>&1 && airflow scheduler & sleep 3 && exec airflow api-server --port 8080" ports: - "8080:8080" environment: @@ -196,6 +196,7 @@ services: AIRFLOW__DATABASE__SQL_ALCHEMY_CONN: postgresql+psycopg2://${DB_USERNAME}:${DB_PASSWORD}@sc_database:5432/${DB_DATABASE_NAME} AIRFLOW__CORE__DAGS_FOLDER: /opt/pipeline/dags AIRFLOW__CORE__LOAD_EXAMPLES: "false" + AIRFLOW__CORE__SECRET_KEY: "school-compare-airflow-secret-key-that-is-long-enough-for-sha512-jwt-signing" AIRFLOW__CORE__SIMPLE_AUTH_MANAGER_USERS: "${AIRFLOW_ADMIN_USER:-admin}:admin" AIRFLOW__LOGGING__BASE_LOG_FOLDER: /opt/airflow/logs PG_HOST: sc_database