recover

start.sh

@@ -9,22 +9,35 @@ log() {
     echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
 }
 
-### 🔹 Generate secrets if not set
-log "🔑 Checking and generating secrets..."
-export AIRFLOW__WEBSERVER__SECRET_KEY="${AIRFLOW__WEBSERVER__SECRET_KEY:-$(openssl rand -hex 32)}"
-export AIRFLOW__WEBSERVER__COOKIE_SECRET="${AIRFLOW__WEBSERVER__COOKIE_SECRET:-$(openssl rand -hex 32)}"
-log "✅ Generated AIRFLOW__WEBSERVER__SECRET_KEY and COOKIE_SECRET"
+# Générer des secrets si non définis
+if [[ -z "$AIRFLOW__WEBSERVER__SECRET_KEY" ]]; then
+    export AIRFLOW__WEBSERVER__SECRET_KEY=$(openssl rand -hex 32)
+fi
+
+if [[ -z "$AIRFLOW__WEBSERVER__COOKIE_SECRET" ]]; then
+    export AIRFLOW__WEBSERVER__COOKIE_SECRET=$(openssl rand -hex 32)
+fi
+
+echo "🔑 Generated AIRFLOW__WEBSERVER__SECRET_KEY and COOKIE_SECRET"
 
-### 🔹 Ensure required system commands exist
 log "🔍 Checking required system commands..."
-for cmd in pgrep ss; do
-    if ! command -v "$cmd" &>/dev/null; then
-        log "❌ $cmd not found! Installing..."
-        apt-get update && apt-get install -y procps iproute2
-    fi
-done
+if ! command -v pgrep &>/dev/null; then
+    log "❌ pgrep not found! Installing..."
+    apt-get update && apt-get install -y procps
+fi
+
+if ! command -v ss &>/dev/null; then
+    log "❌ ss not found! Installing iproute2..."
+    apt-get update && apt-get install -y iproute2
+fi
 
-### 🔹 Authenticate using Google Cloud Service Account Key
+### 🔹 Ensure `gcloud` is installed
+if ! command -v gcloud &>/dev/null; then
+    log "❌ ERROR: Google Cloud SDK (gcloud) is not installed. Exiting..."
+    exit 1
+fi
+
+### 🔹 Authenticate using Google Service Account Key
 if [[ -n "${GOOGLE_APPLICATION_CREDENTIALS_CONTENT:-}" ]]; then
     log "🔐 Setting up Google Cloud credentials..."
     echo "$GOOGLE_APPLICATION_CREDENTIALS_CONTENT" > /opt/airflow/hf-airflow-key.json
@@ -40,34 +53,46 @@ else
     exit 1
 fi
 
-### 🔹 Fetch GCP Project ID
+### 🔹 Fetch GCP Project ID Directly
 log "🔍 Fetching GCP_PROJECT_ID..."
-GCP_PROJECT_ID=$(gcloud secrets versions access latest --secret=gcp-project-id --project=jedha2024 2>/dev/null | tr -d ' \r\n')
+RAW_GCP_PROJECT_ID=$(gcloud secrets versions access latest --secret=gcp-project-id --project=jedha2024 2>/dev/null)
+
+# Ensure clean formatting (remove spaces, newlines)
+GCP_PROJECT_ID=$(echo "$RAW_GCP_PROJECT_ID" | tr -d '\r' | tr -d '\n' | tr -d ' ')
 
 if [[ -z "$GCP_PROJECT_ID" || ! "$GCP_PROJECT_ID" =~ ^[a-zA-Z0-9-]+$ ]]; then
     log "❌ ERROR: GCP_PROJECT_ID is missing or invalid ('$GCP_PROJECT_ID'). Exiting..."
     exit 1
 fi
+
+log "✅ Retrieved GCP_PROJECT_ID: $GCP_PROJECT_ID"
 export GCP_PROJECT_ID
+
 gcloud config set project "$GCP_PROJECT_ID"
-log "✅ Retrieved GCP_PROJECT_ID: $GCP_PROJECT_ID"
 
 ### 🔹 Fetch Other Required Secrets
-for secret in gcp-zone airflow-db-url; do
-    log "🔍 Fetching $secret..."
-    var_name=$(echo "$secret" | tr '-' '_')  # Remplace uniquement le "-" par "_"
-    value=$(gcloud secrets versions access latest --secret="$secret" --project="$GCP_PROJECT_ID" 2>/dev/null)
-    export "$var_name"="$value"  # Stocke la valeur brute, sans la modifier
-    log "✅ Retrieved $var_name"
-done
+log "🔍 Fetching GCP_ZONE..."
+RAW_GCP_ZONE=$(gcloud secrets versions access latest --secret=gcp-zone --project="$GCP_PROJECT_ID" 2>/dev/null)
+GCP_ZONE=$(echo "$RAW_GCP_ZONE" | tr -d '\r' | tr -d '\n' | tr -d ' ')
+log "✅ Retrieved GCP_ZONE: $GCP_ZONE"
+
+log "🔍 Fetching AIRFLOW_DB_URL..."
+RAW_AIRFLOW_DB_URL=$(gcloud secrets versions access latest --secret=airflow-db-url --project="$GCP_PROJECT_ID" 2>/dev/null)
+AIRFLOW_DB_URL=$(echo "$RAW_AIRFLOW_DB_URL" | tr -d '\r' | tr -d '\n' | tr -d ' ')
+log "✅ Retrieved AIRFLOW_DB_URL."
 
+export GCP_ZONE
+export AIRFLOW_DB_URL
 
-### 🔹 Extract Service Account Email
+### 🔹 Extract Service Account Email from JSON
+log "🔍 Extracting service account email from credentials JSON..."
 SERVICE_ACCOUNT_EMAIL=$(jq -r '.client_email' /opt/airflow/hf-airflow-key.json)
+
 if [[ -z "$SERVICE_ACCOUNT_EMAIL" || "$SERVICE_ACCOUNT_EMAIL" == "null" ]]; then
     log "❌ ERROR: Failed to extract service account email from credentials JSON. Exiting..."
     exit 1
 fi
+
 export SERVICE_ACCOUNT_EMAIL
 log "✅ Retrieved SERVICE_ACCOUNT_EMAIL: $SERVICE_ACCOUNT_EMAIL"
 
@@ -79,10 +104,11 @@ GCP_APIS=(
     "secretmanager.googleapis.com"
     "iam.googleapis.com"
 )
+
 for API in "${GCP_APIS[@]}"; do
     gcloud services enable "$API" --project="$GCP_PROJECT_ID" &
 done
-wait
+wait  # Ensure all API enabling requests complete
 log "✅ All required GCP APIs are enabled."
 
 ### 🔹 Airflow Database Setup
@@ -99,35 +125,65 @@ log "🔹 Setting Airflow variables..."
 airflow variables set GCP_PROJECT_ID "$GCP_PROJECT_ID"
 airflow variables set GCP_ZONE "$GCP_ZONE"
 airflow variables set SERVICE_ACCOUNT_EMAIL "$SERVICE_ACCOUNT_EMAIL"
+
 log "✅ Airflow variables set."
 
+### 🔹 Wait for Airflow Variables to Be Available
+log "🕒 Waiting for Airflow variables to be set..."
+REQUIRED_VARS=("GCP_PROJECT_ID" "GCP_ZONE" "SERVICE_ACCOUNT_EMAIL")
+
+for VAR in "${REQUIRED_VARS[@]}"; do
+    until [[ "$(airflow variables get "$VAR" 2>/dev/null)" != "" ]]; do
+        log "⏳ Waiting for $VAR to be available..."
+        sleep 5
+    done
+    log "✅ $VAR is set."
+done
+
+#python /opt/airflow/csrf_fix.py &
+#log "✅ CSRF fix applied."
+
+#python /opt/airflow/csrf_debug.py &
+#log "✅ CSRF debug applied."
+
+echo "Checking if CSRF token exists in session..."
+python /opt/airflow/csrf_debug.py &
+
+echo "Enabling CSRF token in headers..."
+export AIRFLOW__WEBSERVER__CSRF_HEADER_NAME="X-CSRF-Token"
+
 ### 🚀 Start Airflow Services
-log "🛠 Starting Airflow webserver..."
-exec airflow webserver --debug --port 7860 --host 0.0.0.0 &> /opt/airflow/logs/webserver.log &
-sleep 5
 
-log "🛠 Starting Airflow scheduler..."
-exec airflow scheduler &> /opt/airflow/logs/scheduler.log &
+log "🛠 Manually testing Airflow webserver startup..."
+airflow webserver --debug &
+sleep 5  # Attendre un peu
+pgrep -fa "airflow"
+
+sleep 5  # Small delay before starting scheduler
+airflow scheduler > /dev/null 2>&1 &
 log "✅ Airflow services started."
 
-### 🔹 Verify Airflow is Running
+# 🕒 Wait for Airflow to start before running debug commands
+log "⏳ Waiting for Airflow to stabilize..."
 sleep 10
+
+### 🔹 Check if Airflow is Running
 log "🛠 Checking if Airflow processes are running..."
-if pgrep -fa "airflow" &>/dev/null; then
+if pgrep -fa "airflow" > /opt/airflow/logs/airflow_processes.log; then
     log "✅ Airflow processes detected!"
 else
     log "❌ No running Airflow processes found!"
 fi
 
-### 🔹 Verify Airflow Webserver Port
+### 🔹 Check if Airflow Webserver is Listening
 log "🛠 Checking if Airflow is listening on port 7860..."
-if ss -tulnp | grep ":7860" &>/dev/null; then
+if ss -tulnp | grep ":7860" > /opt/airflow/logs/airflow_ports.log 2>/dev/null; then
     log "✅ Airflow is listening on port 7860!"
 else
     log "❌ No process found on port 7860!"
 fi
 
-### 🔹 Fetch Last Logs
+### 🔹 Inspect Available Airflow Logs
 log "🛠 Checking available Airflow logs..."
 ls -lah /opt/airflow/logs/ > /opt/airflow/logs/available_logs.log
 
@@ -139,10 +195,14 @@ else
     log "❌ No Airflow logs found!"
 fi
 
-### 🔹 Test Set-Cookie Header
+### 🔹 Test if Set-Cookie Header is Being Sent
 log "🛠 Testing Set-Cookie header..."
 curl -i http://127.0.0.1:7860 | grep Set-Cookie | tee /opt/airflow/logs/set_cookie.log || log "❌ No Set-Cookie found!"
 
-### 🔹 Keep Logs Visible
+log "🛠 Checking Airflow webserver logs..."
+ls -lah /opt/airflow/logs/webserver/
+cat /opt/airflow/logs/webserver/*.log | tee /opt/airflow/logs/latest_webserver.log || log "❌ No Webserver logs found!"
+
+### 🔹 Keep Logs Visible in Hugging Face Spaces
 log "🛠 Keeping logs visible for debugging..."
 tail -f /opt/airflow/logs/webserver.log