From ecccb211aad9702541a227a9d97bde54d5841a9d Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Mon, 27 Apr 2020 20:54:59 +0300 Subject: [PATCH] fix(relay): Fix failed to write credentials (#450) --- docker-compose.yml | 4 ++-- install.sh | 23 ++++++++++++++++++----- relay/config.yml | 5 ++--- 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 61aa2fd..0b5cf0f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -178,11 +178,11 @@ services: relay: << : *restart_policy image: "us.gcr.io/sentryio/relay:latest" - command: 'run --config /etc/relay' volumes: - type: bind + read_only: true source: ./relay - target: /etc/relay + target: /work/.relay depends_on: - kafka - redis diff --git a/install.sh b/install.sh index 179a4e9..33328c0 100755 --- a/install.sh +++ b/install.sh @@ -64,7 +64,7 @@ if [ "$RAM_AVAILABLE_IN_DOCKER" -lt "$MIN_RAM" ]; then exit 1 fi -#SSE4.2 required by Clickhouse (https://clickhouse.yandex/docs/en/operations/requirements/) +#SSE4.2 required by Clickhouse (https://clickhouse.yandex/docs/en/operations/requirements/) SUPPORTS_SSE42=$(docker run --rm busybox grep -c sse4_2 /proc/cpuinfo || :); if (($SUPPORTS_SSE42 == 0)); then echo "FAIL: The CPU your machine is running on does not support the SSE 4.2 instruction set, which is required for one of the services Sentry uses (Clickhouse). See https://git.io/JvLDt for more info." @@ -178,9 +178,20 @@ if [ ! -f "$RELAY_CREDENTIALS_JSON" ]; then echo "" echo "Generating Relay credentials..." - $dcr --user $(id -u) relay --config /etc/relay credentials generate --overwrite - chmod a+r $RELAY_CREDENTIALS_JSON + # We need the ugly hack below as `relay generate credentials` tries to read the config and the credentials + # even with the `--stdout` and `--overwrite` flags and then errors out when the credentials file exists but + # not valid JSON. + $dcr --no-deps --entrypoint /bin/bash relay -c "cp /work/.relay/config.yml /tmp/config.yml && /bin/relay --config /tmp credentials generate > /dev/null && cat /tmp/credentials.json" > "$RELAY_CREDENTIALS_JSON" CREDENTIALS=$(sed -n 's/^.*"public_key"[[:space:]]*:[[:space:]]*"\([a-zA-Z0-9_-]\{1,\}\)".*$/\1/p' "$RELAY_CREDENTIALS_JSON") + if [ -z "$CREDENTIALS" ]; then + >&2 echo "FAIL: Cannot read credentials back from $RELAY_CREDENTIALS_JSON." + >&2 echo " Please ensure this file is readable and contains valid credentials." + >&2 echo "" + exit 1 + else + echo "Relay credentials written to $RELAY_CREDENTIALS_JSON" + fi + CREDENTIALS="SENTRY_RELAY_WHITELIST_PK = [\"$CREDENTIALS\"]" if grep -xq SENTRY_RELAY_WHITELIST_PK "$SENTRY_CONFIG_PY"; then @@ -191,8 +202,10 @@ if [ ! -f "$RELAY_CREDENTIALS_JSON" ]; then exit 1 fi - echo "" >> "$SENTRY_CONFIG_PY" - echo "$CREDENTIALS" >> "$SENTRY_CONFIG_PY" + echo "" >> "$SENTRY_CONFIG_PY" + echo "$CREDENTIALS" >> "$SENTRY_CONFIG_PY" + echo "Relay public key written to $SENTRY_CONFIG_PY" + echo "" fi cleanup diff --git a/relay/config.yml b/relay/config.yml index 9daca52..8700336 100644 --- a/relay/config.yml +++ b/relay/config.yml @@ -3,9 +3,8 @@ relay: upstream: "http://web:9000/" host: 0.0.0.0 port: 3000 -#logging: -# # Available logging levels: TRACE, DEBUG, INFO, WARN, ERROR -# level: WARN +logging: + level: WARN processing: enabled: true kafka_config: