fix(relay): Fix failed to write credentials (#450)

docker-compose.yml

@@ -178,11 +178,11 @@ services:
   relay:
     << : *restart_policy
     image: "us.gcr.io/sentryio/relay:latest"
-    command: 'run --config /etc/relay'
     volumes:
       - type: bind
+        read_only: true
         source: ./relay
-        target: /etc/relay
+        target: /work/.relay
     depends_on:
       - kafka
       - redis

install.sh

@@ -64,7 +64,7 @@ if [ "$RAM_AVAILABLE_IN_DOCKER" -lt "$MIN_RAM" ]; then
     exit 1
 fi
 
-#SSE4.2 required by Clickhouse (https://clickhouse.yandex/docs/en/operations/requirements/) 
+#SSE4.2 required by Clickhouse (https://clickhouse.yandex/docs/en/operations/requirements/)
 SUPPORTS_SSE42=$(docker run --rm busybox grep -c sse4_2 /proc/cpuinfo || :);
 if (($SUPPORTS_SSE42 == 0)); then
     echo "FAIL: The CPU your machine is running on does not support the SSE 4.2 instruction set, which is required for one of the services Sentry uses (Clickhouse). See https://git.io/JvLDt for more info."
@@ -178,9 +178,20 @@ if [ ! -f "$RELAY_CREDENTIALS_JSON" ]; then
     echo ""
     echo "Generating Relay credentials..."
 
-    $dcr --user $(id -u) relay --config /etc/relay credentials generate --overwrite
-    chmod a+r $RELAY_CREDENTIALS_JSON
+    # We need the ugly hack below as `relay generate credentials` tries to read the config and the credentials
+    # even with the `--stdout` and `--overwrite` flags and then errors out when the credentials file exists but
+    # not valid JSON.
+    $dcr --no-deps --entrypoint /bin/bash relay -c "cp /work/.relay/config.yml /tmp/config.yml && /bin/relay --config /tmp credentials generate > /dev/null && cat /tmp/credentials.json" > "$RELAY_CREDENTIALS_JSON"
     CREDENTIALS=$(sed -n 's/^.*"public_key"[[:space:]]*:[[:space:]]*"\([a-zA-Z0-9_-]\{1,\}\)".*$/\1/p' "$RELAY_CREDENTIALS_JSON")
+    if [ -z "$CREDENTIALS" ]; then
+      >&2 echo "FAIL: Cannot read credentials back from $RELAY_CREDENTIALS_JSON."
+      >&2 echo "      Please ensure this file is readable and contains valid credentials."
+      >&2 echo ""
+      exit 1
+    else
+      echo "Relay credentials written to $RELAY_CREDENTIALS_JSON"
+    fi
+
     CREDENTIALS="SENTRY_RELAY_WHITELIST_PK = [\"$CREDENTIALS\"]"
 
     if grep -xq SENTRY_RELAY_WHITELIST_PK "$SENTRY_CONFIG_PY"; then
@@ -191,8 +202,10 @@ if [ ! -f "$RELAY_CREDENTIALS_JSON" ]; then
         exit 1
     fi
 
-     echo "" >> "$SENTRY_CONFIG_PY"
-     echo "$CREDENTIALS" >> "$SENTRY_CONFIG_PY"
+    echo "" >> "$SENTRY_CONFIG_PY"
+    echo "$CREDENTIALS" >> "$SENTRY_CONFIG_PY"
+    echo "Relay public key written to $SENTRY_CONFIG_PY"
+    echo ""
 fi
 
 cleanup

relay/config.yml

@@ -3,9 +3,8 @@ relay:
   upstream: "http://web:9000/"
   host: 0.0.0.0
   port: 3000
-#logging:
-#  # Available logging levels: TRACE, DEBUG, INFO, WARN, ERROR
-#  level: WARN
+logging:
+ level: WARN
 processing:
   enabled: true
   kafka_config: