Add new relic gem

[rioug]

What? Why?

Related to #10997

It uses the following env varirable to enable new relic agent, setup the licence key and customise application name:

• NEW_RELIC_AGENT_ENABLED
• NEW_RELIC_LICENSE_KEY
• NEW_RELIC_APP_NAME

The agent is disable by default so we can enable new relic for the production server that needs it.

What should we test?

• Set up the license key and application name
• Stage the application
• Play around a little bit with the website
• Check that data is being sent to New Relic

Release notes

Changelog Category: Technical changes

The title of the pull request will be included in the release notes.

[jibees]

👌

[mkllnk]

Great! I would put it in the global group though.

[mkllnk]

Would it hurt to have it in all environments?

I find it increases the chance to catch compatibility bugs early.

[rioug]

It don't think it would. I fixed up the configuration so we don't run the agent by default in Dev. And I realised I forgot to actually test if the configuration was working, which I have now done.

[rioug]

I don't actually know how env variable are set up on each instance, maybe someone more knowledgeable can update the testing note ?

[Matt-Yorkley]

I think we probably want to disable the agent by default if there's no API key present (in development for example). I think this file allows interpolation with erb.

Maybe here we can do something like:

agent_enabled: <%= ENV["NEW_RELIC_LICENSE_KEY"].present? %>

[mkllnk]

Good idea.

[rioug]

the new relic config doesn't allow interpolation any more. I couldn't find a way to disable the agent if the license key is not present, but I updated the config to disable the agent in dev, test and staging.

[mkllnk]

That's a problem. Not every production instance will have a new relic key. Do we set it to false everywhere and then use environment variables to control it instead?

[rioug]

Yes I think that would be a better solution. Do we need to update any documentation around this ?

[mkllnk]

Do we need to update any documentation around this ?

Yes.

• The ofn-install repository has a template for the secrets which needs entries with comments.
• The wiki describes optional services, how to set them up etc. It needs to be mentioned there.

[mkllnk]

How are we going to test changes before they go to production? It would be great to have this on staging as well. And testing locally?

[rioug]

you can override the configuration by setting the env variable NEW_RELIC_AGENT_ENABLED to true

[abdellani]

I have one question:
Will all the instances share the same key? and NEW_RELIC_APP_NAME will variate depending on the instance location. for example: "Open Food Network (AU)", "Open Food Network (UK)" ?

[mkllnk]

That's a good question. In the past we would have set up separate keys but if New Relic supports it then we should use the same key, I think. That we we have all the information in one place.

[rioug]

My understanding is we should be able to use the same license key for all the instances, and set up a different name for each instance so we can differentiate the data. See below:

There is the possibility to create extra license key so we could potentially have a different license key for each instance, all reporting to the same New Relic account. Or have a different user with it's own license key for each instance, but that's probably not needed. It's recommended to create extra license for security reason (key rotation) .
More info here: https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/

[mkllnk]

Okay, I think that we should roll out with the same key and we can rotate later.

[rioug]

I tested this on au-staging while working on : openfoodfoundation/ofn-install#888 , so it should be good to merge unless someone else wants to test it as well.