Accessing wobserver


#1

I run a private deployment of bors and as an admin I’d like to access the observer web page, but it always replies with ‘Not allowed’.

Can someone explain how to set it up and access it?
I’ve noticed there’s a section in the config with a security key populated using some random bytes, but I’m not sure how to/if I should use that to unlock the wobserver functionality.

Thanks


#2

Does the dashboard show an “Admin” button under your user menu?


#3

Yes it does, if I click it I get to the admin page where the Observer button is.
If I click Observer it then loads a webapp, but gives “not allowed”


#4

Are you running it in Heroku, Docker, or something else?


#5

We run it from Docker using the docker image built from the repo around end of February 2018.
Should the link from the admin page just work? or do I need any extra permission, whitelist ip address, etc?

It might very well be that we’ve missed something in the deployment, I will double check on Monday when I’m back at the office.

Btw, the need for wobserver comes from sporadic bors ‘hanging’: it will still respond to ping, but not initiate any try or r+. We could not find anything obvious in the logs besides some crashes, but they seem unrelated, so I was hoping that wobserver could help.

Thanks for your support and thanks for making bors, we :heart: it


#6

The admin page should just work.


#7

Could you try it with a newer image? I can’t reproduce it with a current Docker image, and apparently updated the wobserver version back in April, so that might help.


#8

We just deployed bors-ng from latest master (commit https://github.com/bors-ng/bors-ng/commit/2d465e27caac59ba3945f54c3ba10594b7cf329a) but I still get 403:


#9

That explains everything:

  • wobserver normally uses websocket, but falls back on polling an API endpoint if that fails

  • you’ve got bors behind a proxy that doesn’t support websocket

  • wobserver uses its own authentication key separate from the normal one for its websocket and API endpoint, rather than using bors’s own cookie, but the router was still enforcing it


#10

right you are, I did not think of websockets! I’ll reconfigure the nginx reverse proxy to support ws.

Thanks a lot for the help here,
Umberto


#11

Thank you for helping find an obscure deployment-related bug. It’s supposed to work without websockets, just not as efficient.