feat: upsert the first storage node record with env var (#2087)

Also insert Sync 1.5 service with MySQL migration, and updated some docs.

Closes STOR-487

Author: chenba

Cargo.lock

@@ -95,6 +95,8 @@ The following configuration options are available.
 
 | Env Var | Default Value | Description |
 | --- | --- | --- |
+| <span id="SYNC_TOKENSERVER__INIT_NODE_URL"></span>SYNC_TOKENSERVER__INIT_NODE_URL | None | The storage node URL, protocol + host, to insert into the `nodes` table on startup. This is the origin where the service is hosted, e.g. "http://localhost:8000". |
+| <span id="SYNC_TOKENSERVER__INIT_NODE_CAPACITY"></span>SYNC_TOKENSERVER__INIT_NODE_CAPACITY | 100000 | The storage node capacity of the server specified by `SYNC_TOKENSERVER__INIT_NODE_URL`. Only used if `SYNC_TOKENSERVER__INIT_NODE_URL` is set. |
 | <span id="SYNC_TOKENSERVER__ENABLED"></span>SYNC_TOKENSERVER__ENABLED | false | Enable tokenserver service |
 | <span id="SYNC_TOKENSERVER__RUN_MIGRATIONS"></span>SYNC_TOKENSERVER__RUN_MIGRATIONS | false | Run DB migrations on startup |
 | <span id="SYNC_TOKENSERVER__NODE_TYPE"></span>SYNC_TOKENSERVER__NODE_TYPE | spanner | Storage backend type reported in token response for telemetry. Valid values: "mysql", "postgres", "spanner" |

docs/src/config.md

@@ -46,6 +46,7 @@ services:
       SYNC_TOKENSERVER__RUN_MIGRATIONS: "true"
       SYNC_TOKENSERVER__FXA_EMAIL_DOMAIN: "api.accounts.firefox.com"
       SYNC_TOKENSERVER__FXA_OAUTH_SERVER_URL: "https://oauth.accounts.firefox.com"
+      SYNC_TOKENSERVER__INIT_NODE_URL: "${SYNC_TOKENSERVER__INIT_NODE_URL:-http://localhost:8000}"
     restart: unless-stopped
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8000/__heartbeat__"]
@@ -56,9 +57,10 @@ services:
 ```
 
 Note that multiple values will be read from the environment:
-- `SYNC_MASTER_SECRET`: a secret used in cryptographic operationsk a passphrase or random character string, e.g. `use_your_own_secret_4d3d3d3d`
-- `SYNC_SYNCSTORAGE__DATABASE_URL`: database URL for syncstorage, e.g. `mysql://sync:test@example.io/syncstorage` or `postgres://testo:@localhost/syncdb`
-- `SYNC_TOKENSERVER__DATABASE_URL`: database URL for tokenserver, e.g. `mysql://sync:test@example.io/tokenserver` or `postgres://testo:@localhost/syncdb`
+- [`SYNC_MASTER_SECRET`](../config.md#SYNC_MASTER_SECRET): a secret used in cryptographic operations, a passphrase or random character string, e.g. `use_your_own_secret_4d3d3d3d`
+- [`SYNC_SYNCSTORAGE__DATABASE_URL`](../config.md#SYNC_SYNCSTORAGE__DATABASE_URL): database URL for syncstorage, e.g. `mysql://sync:test@example.io/syncstorage` or `postgres://testo:@localhost/syncdb`
+- [`SYNC_TOKENSERVER__DATABASE_URL`](../config.md#SYNC_TOKENSERVER__DATABASE_URL): database URL for tokenserver, e.g. `mysql://sync:test@example.io/tokenserver` or `postgres://testo:@localhost/syncdb`
+- [`SYNC_TOKENSERVER__INIT_NODE_URL`](../config.md#SYNC_TOKENSERVER__INIT_NODE_URL): the storage node URL (defaults to `http://localhost:8000`).  Replace with the actual URL where clients will access the sync server.
 
 The values can be directly written into the yaml as well.
 
@@ -68,46 +70,13 @@ Next, start the service with `docker compose`:
 SYNC_MASTER_SECRET=use_your_own_secret_4d3d3d3d \
 SYNC_SYNCSTORAGE__DATABASE_URL="mysql://sync:test@example.io/syncstorage" \
 SYNC_TOKENSERVER__DATABASE_URL="mysql://sync:test@example.io/tokenserver" \
+SYNC_TOKENSERVER__INIT_NODE_URL="http://localhost:8000" \
 docker compose -f docker-compose.yaml up -d
 ```
 
-### Database Bootstrapping
-
-After starting the service on a clean, uninitialized database, some bootstrapping records need to be inserted.
-
-For MySQL, run
-```sql
-INSERT INTO tokenserver.services (service, pattern) VALUES ('sync-1.5', '{node}/1.5/{uid}');
-
-INSERT INTO tokenserver.nodes (service, node, available, current_load, capacity, downed, backoff)
-VALUES (
-  (SELECT id FROM services WHERE service = 'sync-1.5'),
-  'http://localhost:8000',
-  1, 0, 1000, 0, 0
-);
-```
-
-For PostgreSQL, run
-```sql
-INSERT INTO nodes (service, node, available, current_load, capacity, downed, backoff)
-VALUES (
-  (SELECT id FROM services WHERE service = 'sync-1.5'),
-  'http://localhost:8000',
-  1, 0, 1000, 0, 0
-);
-```
-
-Note that `http://localhost:8000` above needs to be replaced with the actual
-service URL.
-
-Restart the service with 
-```sh
-docker compose -f docker-compose.yaml restart
-```
-
 ## Docker Compose, One-Shot with PostgreSQL
 
-Alternatively, the database can be started through `docker compose` as well.  The real service URL can be set with the `NODE_URL` environment variable.
+Alternatively, the database can be started through `docker compose` as well. The real service URL can be set with the `INIT_NODE_URL` environment variable.
 
 Save the yaml below into a file, e.g. `docker-compose.one-shot.yaml`.
 
@@ -131,6 +100,7 @@ services:
       SYNC_TOKENSERVER__FXA_OAUTH_SERVER_URL: "https://oauth.accounts.firefox.com"
       SYNC_HUMAN_LOGS: "${SYNC_HUMAN_LOGS:-false}"
       RUST_LOG: "${RUST_LOG:-info}"
+      SYNC_TOKENSERVER__INIT_NODE_URL: "${SYNC_TOKENSERVER__INIT_NODE_URL:-http://localhost:8000}"
     depends_on:
       postgres:
         condition: service_healthy
@@ -159,32 +129,6 @@ services:
       start_period: 30s
     restart: unless-stopped
 
-  # insert record for the storage node
-  bootstrap:
-    image: postgres:18
-    container_name: syncserver-bootstrap
-    environment:
-      PGHOST: postgres
-      PGPORT: 5432
-      PGUSER: sync
-      PGPASSWORD: sync
-      PGDATABASE: syncserver
-      NODE_URL: "${NODE_URL:-http://localhost:8000}"
-    depends_on:
-      syncserver:
-        condition: service_healthy
-    command: >
-      sh -c "
-      echo 'Waiting for migrations to complete...';
-      sleep 5;
-      echo 'Inserting storage node record...';
-      psql -c \"INSERT INTO nodes (service, node, available, current_load, capacity, downed, backoff)
-               VALUES ((SELECT id FROM services WHERE service = 'sync-1.5'), '\$\${NODE_URL}', 1, 0, 1000, 0, 0)
-               ON CONFLICT (service, node) DO NOTHING;\";
-      echo 'DB bootstrap complete';
-      "
-    restart: "no"
-
 volumes:
   postgres_data:
     driver: local
@@ -194,7 +138,7 @@ Next, start the service with `docker compose`:
 
 ```sh
 SYNC_MASTER_SECRET=use_your_own_secret_4d3d3d3d \
-NODE_URL=http://localhost:8000 \
+SYNC_TOKENSERVER__INIT_NODE_URL=http://localhost:8000 \
 docker compose -f docker-compose.one-shot.yaml up -d
 ```
 

docs/src/how-to/how-to-run-with-docker.md

@@ -69,6 +69,9 @@ pub trait Db {
     /// Show database uptime status and health as boolean.
     async fn check(&mut self) -> DbResult<results::Check>;
 
+    /// Insert an initial Sync 1.5 node record.  Does nothing when there is a conflict.
+    async fn insert_sync15_node(&mut self, params: params::Sync15Node) -> DbResult<()>;
+
     /// Get Node ID based on service_id and node string.
     async fn get_node_id(&mut self, params: params::GetNodeId) -> DbResult<results::GetNodeId>;
 

tokenserver-db-common/src/lib.rs

@@ -126,3 +126,12 @@ pub struct RemoveNode {
 
 #[cfg(debug_assertions)]
 pub type SpannerNodeId = Option<i32>;
+
+pub struct Sync15Node {
+    pub node: String,
+    pub capacity: i32,
+}
+
+impl Sync15Node {
+    pub const SERVICE_NAME: &str = "sync-1.5";
+}

tokenserver-db-common/src/params.rs

@@ -18,6 +18,7 @@ url = "2.5"
 
 [dev-dependencies]
 env_logger.workspace = true
+temp-env.workspace = true
 
 syncserver-settings = { path = "../syncserver-settings" }
 

tokenserver-db/Cargo.toml

@@ -113,6 +113,10 @@ impl Db for MockDb {
         Ok(results::GetServiceId::default())
     }
 
+    async fn insert_sync15_node(&mut self, _params: params::Sync15Node) -> Result<(), DbError> {
+        Ok(())
+    }
+
     fn metrics(&self) -> &Metrics {
         static METRICS: LazyLock<Metrics> = LazyLock::new(Metrics::noop);
         &METRICS

tokenserver-db/src/mock.rs

@@ -399,6 +399,88 @@ async fn post_user() -> DbResult<()> {
     Ok(())
 }
 
+#[tokio::test]
+async fn test_init_sync15_node() -> DbResult<()> {
+    temp_env::async_with_vars(
+        [
+            (
+                "SYNC_TOKENSERVER__INIT_NODE_URL",
+                Some("https://testo.example.gg"),
+            ),
+            ("SYNC_TOKENSERVER__INIT_NODE_CAPACITY", Some("38383")),
+        ],
+        async {
+            let pool = db_pool().await?;
+            let mut db = pool.get().await?;
+
+            let service_id = db
+                .get_service_id(params::GetServiceId {
+                    service: params::Sync15Node::SERVICE_NAME.to_owned(),
+                })
+                .await?
+                .id;
+
+            let node_id = db
+                .get_node_id(params::GetNodeId {
+                    service_id,
+                    node: "https://testo.example.gg".to_owned(),
+                })
+                .await?
+                .id;
+
+            let node = db.get_node(params::GetNode { id: node_id }).await?;
+
+            assert_eq!(node.node, "https://testo.example.gg");
+            assert_eq!(node.capacity, 38383);
+            assert_eq!(node.available, 1);
+            assert_eq!(node.current_load, 0);
+
+            Ok(())
+        },
+    )
+    .await
+}
+
+#[tokio::test]
+async fn test_init_sync15_node_with_default_capacity() -> DbResult<()> {
+    temp_env::async_with_vars(
+        [
+            (
+                "SYNC_TOKENSERVER__INIT_NODE_URL",
+                Some("https://testo.example.gg"),
+            ),
+            ("SYNC_TOKENSERVER__INIT_NODE_CAPACITY", None::<&str>),
+        ],
+        async {
+            let pool = db_pool().await?;
+            let mut db = pool.get().await?;
+
+            let service_id = db
+                .get_service_id(params::GetServiceId {
+                    service: params::Sync15Node::SERVICE_NAME.to_owned(),
+                })
+                .await?
+                .id;
+
+            let node_id = db
+                .get_node_id(params::GetNodeId {
+                    service_id,
+                    node: "https://testo.example.gg".to_owned(),
+                })
+                .await?
+                .id;
+
+            let node = db.get_node(params::GetNode { id: node_id }).await?;
+
+            assert_eq!(node.node, "https://testo.example.gg");
+            assert_eq!(node.capacity, 100000);
+
+            Ok(())
+        },
+    )
+    .await
+}
+
 #[tokio::test]
 async fn get_node_id() -> DbResult<()> {
     let pool = db_pool().await?;
@@ -1352,28 +1434,5 @@ async fn db_pool() -> DbResult<Box<dyn DbPool>> {
     )?;
     pool.init().await?;
 
-    if settings.tokenserver.database_url.starts_with("mysql://") {
-        // Ensure the "sync-1.5" service
-        // TODO: tokenserver-mysql's migration should add this service
-        // entry for us (if possible)
-        let mut db = pool.get().await?;
-        let service = "sync-1.5".to_owned();
-        let result = db
-            .get_service_id(params::GetServiceId {
-                service: service.clone(),
-            })
-            .await;
-        if let Err(e) = result {
-            if !e.is_diesel_not_found() {
-                return Err(e);
-            }
-            db.post_service(params::PostService {
-                service,
-                pattern: "{node}/1.5/{uid}".to_owned(),
-            })
-            .await?;
-        }
-    }
-
     Ok(pool)
 }

tokenserver-db/src/tests.rs

@@ -0,0 +1 @@
+DELETE FROM services WHERE service = 'sync-1.5';

tokenserver-mysql/migrations/2026-02-26-185317-0000_add_sync15_service/down.sql

@@ -0,0 +1,3 @@
+-- The standard Sync service entry
+INSERT IGNORE INTO services (service, pattern) VALUES
+    ('sync-1.5', '{node}/1.5/{uid}');