Atualizações/Reconstruções falham devido ao fim do suporte do MaxMind DB

Pessoal,

Espero que alguém possa ajudar aqui. Não tive problemas com atualizações do meu fórum, que está rodando em um container Docker na EC2, há mais de 12 meses.

Tentei:

• Limpeza do launcher, mas não há problemas com espaço em disco
• Último git pull
• Várias recompilações do aplicativo
• Até tentei um discourse-setup e estava pensando em fazer um restore do banco de dados
• Reinício do servidor
• apt-get update; apt-get upgrade

Aqui está o final do log:

Concluída a compressão de todos os arquivos JS: 88,88 segundos
rake aborted!
SocketError: Falha ao abrir conexão TCP para geolite.maxmind.com:443 (getaddrinfo: Nenhum endereço associado ao nome de host)
/var/www/discourse/lib/final_destination.rb:411:in `safe_session'
/var/www/discourse/lib/final_destination.rb:362:in `safe_get'
/var/www/discourse/lib/final_destination.rb:131:in `get'
/var/www/discourse/lib/file_helper.rb:51:in `download'
/var/www/discourse/lib/discourse_ip_info.rb:30:in `mmdb_download'
/var/www/discourse/lib/tasks/assets.rake:220:in `block (3 levels) in <top (required)>'
/var/www/discourse/lib/tasks/assets.rake:219:in `each'
/var/www/discourse/lib/tasks/assets.rake:219:in `block (2 levels) in <top (required)>'

Causado por:

SocketError: getaddrinfo: Nenhum endereço associado ao nome de host

/var/www/discourse/lib/final_destination.rb:411:in `safe_session'
/var/www/discourse/lib/final_destination.rb:362:in `safe_get'
/var/www/discourse/lib/final_destination.rb:131:in `get'
/var/www/discourse/lib/file_helper.rb:51:in `download'
/var/www/discourse/lib/discourse_ip_info.rb:30:in `mmdb_download'
/var/www/discourse/lib/tasks/assets.rake:220:in `block (3 levels) in <top (required)>'
/var/www/discourse/lib/tasks/assets.rake:219:in `each'
/var/www/discourse/lib/tasks/assets.rake:219:in `block (2 levels) in <top (required)>'

Tarefas: TOP => assets:precompile

(Veja o rastreamento completo executando a tarefa com --trace)

I, [2019-12-30T18:56:27.608998 #1] INFO -- : Baixando MaxMindDB...
Comprimindo Javascript e Gerando Source Maps
I, [2019-12-30T18:56:27.633923 #1] INFO -- : Encerrando processos assíncronos
I, [2019-12-30T18:56:27.637383 #1] INFO -- : Enviando INT para HOME=/var/lib/postgresql USER=postgres exec chpst -u postgres:postgres:ssl-cert -U postgres:postgres:ssl-cert /usr/lib/postgresql/10/bin/postmaster -D /etc/postgresql/10/main pid: 49
I, [2019-12-30T18:56:27.639770 #1] INFO -- : Enviando TERM para exec chpst -u redis -U redis /usr/bin/redis-server /etc/redis/redis.conf pid: 166
166:signal-handler (1577732187) Recebeu SIGTERM agendando desligamento...
2019-12-30 18:56:27.639 UTC [49] LOG: recebida solicitação de desligamento rápido
2019-12-30 18:56:27.654 UTC [49] LOG: abortando quaisquer transações ativas
166:M 30 Dec 2019 18:56:27.666 # Usuário solicitou desligamento...
166:M 30 Dec 2019 18:56:27.694 * Salvando o snapshot final do RDB antes de sair.
2019-12-30 18:56:27.702 UTC [49] LOG: processo worker: lançador de replicação lógica (PID 58) saiu com código de saída 1
2019-12-30 18:56:27.711 UTC [53] LOG: desligando
2019-12-30 18:56:27.819 UTC [49] LOG: sistema de banco de dados desligado
166:M 30 Dec 2019 18:56:27.885 * Banco de dados salvo no disco
166:M 30 Dec 2019 18:56:27.886 # Redis agora está pronto para sair, tchau tchau...

FALHA
--------------------
Pups::ExecError: cd /var/www/discourse && su discourse -c 'bundle exec rake assets:precompile' falhou com retorno #<Process::Status: pid 507 exit 1>
Localização da falha: /pups/lib/pups/exec_command.rb:112:in `spawn'
exec falhou com os parâmetros {"cd"=>"$home", "hook"=>"assets_precompile", "cmd"=>["su discourse -c 'bundle exec rake assets:precompile'"]}
fcf17d793c27c4e87616420ead222cc3f4a9fc163f239a5542b1c9a092579b30

** FALHA NO BOOTSTRAP ** por favor, role para cima e procure por mensagens de erro anteriores, pode haver mais de uma.
./discourse-doctor pode ajudar a diagnosticar o problema.

Realmente espero que alguém possa esclarecer isso.

Obrigado a todos.

In case anyone wants to continue using the last files published under the old license, I have saved all of them to archive.org.

All files are created by MaxMind and distributed under the Creative Commons Attribution-ShareAlike 4.0 International License.

Archive of info-page (Screenshot)

We now support the officially supported way of obtaining databases per:

If you wish to get regular MaxMind updates you will have to head to GeoLite sign up | MaxMind to register an account and generate a license key.

Then you would amend your container to include it in the env: section:

env:
   DISCOURSE_MAXMIND_LICENSE_KEY: ...key here...

The fix ensures there is no time bomb anymore. If we have no license key we will never try to download the files.

We are discussing with MaxMind the possibility of bundling the updated DBs in our new base images. There are 2 alternatives here for self hosters depending on the outcome:

1. No IP resolution on user profile page and admin page until you add a license

2. Stale IP resolution for up to N days since you got a base image (aka did ./launcher rebuild app )

It is very likely (1) will be the self-hoster outcome.

We are also investigating other alternatives here, but our hands are pretty tied.

I am pretty against adding functionality to core that does IP lookups via a web service cause that exposes information to a third party. There are only 2 real big alternatives out there and both require registration.

@sam I have a small feature request, can a setting be added to admin panel to add the maxmind license key?

Unlikely in the near future, this is a global setting, per site in a Multisite makes no sense

Anybody else getting this error when trying to sign up to maxmind account?

no-account1446×240 20.1 KB

I can confirm that we were able to sign up for an account without issue. You’ll need to reach out to MaxMind for support with account issues, nothing we can help with here.

I’m trying to upgrade from 2.3.8 o 2.3.9 but nothing works.

The relevant error, as far as I can tell, is the one discussed in this topic.

rake aborted!
SocketError: Failed to open TCP connection to geolite.maxmind.com:443 (getaddrinfo: Name or service not known)

In my app.yml I’ve tried values 30, 100, and 0 for that env flag:

DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: 0

But it never seems to make any difference (I wonder if it’s being properly recognized).

What else could I try?

Thanks to everyone who worked on the quick fix the past few weeks. Had to do the same thing with Matomo, which was much more painful (manual).

That brings me to my question: Where all is the MaxMind data used? Just in cases of admins looking at users’ IP addresses? Something else I’m not thinking of?

Obviously already have the MM account but wondering if it’s worth the effort to do with any urgency.

It does geographical lookups of ip numbers. I’ve done a bunch of installs and upgrades lately without setting an API key and rebuilds work fine. (current version is beta 10)

Also it’s not that hard to get a key to download the database.

I’m hoping to update discourse-setup to all for the key next week.

Correct, it is used for user IP lookup by admins. Also for the “recently used devices” list in user preferences, and for admin alerts when a new signin is detected to their account from a different location.

Sorry for the intrusion, but I wanted to ask whether it is planned to keep the ability to have the IP lookup disabled. It seems to me that forcing admins to subscribe to a third party service is not a good idea. Myself I already have a license key for other uses, so I am speaking in a general sense here.

If you don’t enter a license key, then it will be disabled. There is nothing forcing admins to set it up.

Also, just in case there is any confusion, Discourse never sends IP addresses to a third party. Discourse downloads an entire database of IP locations from MaxMind, and then does the lookup internally.

Great, thanks for the clarification!

Revising this … this was backported to stable.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.