API Key and Container Health

API Key and Container Health

by Harley Calvert -
Number of replies: 2

In the trampgeek/jobeinabox:latest, if I set 

$require_api_keys = true

the containers become unhealthy. I've got two VMs setup using Oracle Cloud Infrastructure's Free Tier, and I've got a load balancer. Each VM runs one container. When the containers become unhealthy, the "Backend sets" health turns "Critical" and I get "502 Bad Gateway" error. 

I tried building my own image by doing a git clone https://github.com/trampgeek/jobeinabox.git then commenting out two lines in the Dockerfile: 

  • # HEALTHCHECK --interval=1m --timeout=2s \
  • #    CMD /usr/bin/python3 /var/www/html/jobe/minimaltest.py || exit 1

Now, I don't get the unhealthy or the 502, but the API key has no effect. So now, when I've got:

  • $require_api_keys = true

CodeRunner quiz questions get assessed even if I've got no key or the wrong key. 

What can I do?


In reply to Harley Calvert

Re: API Key and Container Health

by Richard Lobb -
Thanks for posting, Harley. I'm not surprised that the healthcheck fails - minimal test.py doesn't include an API_KEY. So commenting out those two lines is appropriate. But the fact that the API_KEY still didn't work was a bug in Jobe. I've just pushed an update to Jobe (v2.2.2) to fix. If you rebuild your container, it should work - please check and report back.

I'm a bit curious to know, though, why you're using API keys. Usually the safe way to protect Jobe is to firewall it to accept only requests from your Moodle server. API keys are for the (hopefully extremely rare) situation when you're prepared to accept requests from anywhere. AFAIK, API keys are rarely used.
In reply to Richard Lobb

Re: API Key and Container Health

by Harley Calvert -
Yes, it works!

We're in a testing and discussion phase with management and other people. I've been pushing for this since 2021, but the old management didn't seem interested. New management is interested. However, the business that maintains Moodle for us quoted $20,000 for CodeRunner and Jobe. We've gone back and said, "What if we run Jobe?" So, we're presenting two functioning Jobe solutions, one on-premises and another in the cloud. 

Last year, I had my Diploma students deploy Moodle and CodeRunner in the cloud. MySQL as a PaaS database in one private subnet, Jobe in another private subnet, and Moodle in a public subnet. We did it all with Oracle Free Tier and OpenTofu. It was like their capstone project. 

Thanks for all your work.