2
0

fix(relay): Fix failed to write credentials (#450)

This commit is contained in:
Burak Yigit Kaya 2020-04-27 20:54:59 +03:00 committed by GitHub
parent d31f46831e
commit ecccb211aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 10 deletions

View File

@ -178,11 +178,11 @@ services:
relay: relay:
<< : *restart_policy << : *restart_policy
image: "us.gcr.io/sentryio/relay:latest" image: "us.gcr.io/sentryio/relay:latest"
command: 'run --config /etc/relay'
volumes: volumes:
- type: bind - type: bind
read_only: true
source: ./relay source: ./relay
target: /etc/relay target: /work/.relay
depends_on: depends_on:
- kafka - kafka
- redis - redis

View File

@ -64,7 +64,7 @@ if [ "$RAM_AVAILABLE_IN_DOCKER" -lt "$MIN_RAM" ]; then
exit 1 exit 1
fi fi
#SSE4.2 required by Clickhouse (https://clickhouse.yandex/docs/en/operations/requirements/) #SSE4.2 required by Clickhouse (https://clickhouse.yandex/docs/en/operations/requirements/)
SUPPORTS_SSE42=$(docker run --rm busybox grep -c sse4_2 /proc/cpuinfo || :); SUPPORTS_SSE42=$(docker run --rm busybox grep -c sse4_2 /proc/cpuinfo || :);
if (($SUPPORTS_SSE42 == 0)); then if (($SUPPORTS_SSE42 == 0)); then
echo "FAIL: The CPU your machine is running on does not support the SSE 4.2 instruction set, which is required for one of the services Sentry uses (Clickhouse). See https://git.io/JvLDt for more info." echo "FAIL: The CPU your machine is running on does not support the SSE 4.2 instruction set, which is required for one of the services Sentry uses (Clickhouse). See https://git.io/JvLDt for more info."
@ -178,9 +178,20 @@ if [ ! -f "$RELAY_CREDENTIALS_JSON" ]; then
echo "" echo ""
echo "Generating Relay credentials..." echo "Generating Relay credentials..."
$dcr --user $(id -u) relay --config /etc/relay credentials generate --overwrite # We need the ugly hack below as `relay generate credentials` tries to read the config and the credentials
chmod a+r $RELAY_CREDENTIALS_JSON # even with the `--stdout` and `--overwrite` flags and then errors out when the credentials file exists but
# not valid JSON.
$dcr --no-deps --entrypoint /bin/bash relay -c "cp /work/.relay/config.yml /tmp/config.yml && /bin/relay --config /tmp credentials generate > /dev/null && cat /tmp/credentials.json" > "$RELAY_CREDENTIALS_JSON"
CREDENTIALS=$(sed -n 's/^.*"public_key"[[:space:]]*:[[:space:]]*"\([a-zA-Z0-9_-]\{1,\}\)".*$/\1/p' "$RELAY_CREDENTIALS_JSON") CREDENTIALS=$(sed -n 's/^.*"public_key"[[:space:]]*:[[:space:]]*"\([a-zA-Z0-9_-]\{1,\}\)".*$/\1/p' "$RELAY_CREDENTIALS_JSON")
if [ -z "$CREDENTIALS" ]; then
>&2 echo "FAIL: Cannot read credentials back from $RELAY_CREDENTIALS_JSON."
>&2 echo " Please ensure this file is readable and contains valid credentials."
>&2 echo ""
exit 1
else
echo "Relay credentials written to $RELAY_CREDENTIALS_JSON"
fi
CREDENTIALS="SENTRY_RELAY_WHITELIST_PK = [\"$CREDENTIALS\"]" CREDENTIALS="SENTRY_RELAY_WHITELIST_PK = [\"$CREDENTIALS\"]"
if grep -xq SENTRY_RELAY_WHITELIST_PK "$SENTRY_CONFIG_PY"; then if grep -xq SENTRY_RELAY_WHITELIST_PK "$SENTRY_CONFIG_PY"; then
@ -191,8 +202,10 @@ if [ ! -f "$RELAY_CREDENTIALS_JSON" ]; then
exit 1 exit 1
fi fi
echo "" >> "$SENTRY_CONFIG_PY" echo "" >> "$SENTRY_CONFIG_PY"
echo "$CREDENTIALS" >> "$SENTRY_CONFIG_PY" echo "$CREDENTIALS" >> "$SENTRY_CONFIG_PY"
echo "Relay public key written to $SENTRY_CONFIG_PY"
echo ""
fi fi
cleanup cleanup

View File

@ -3,9 +3,8 @@ relay:
upstream: "http://web:9000/" upstream: "http://web:9000/"
host: 0.0.0.0 host: 0.0.0.0
port: 3000 port: 3000
#logging: logging:
# # Available logging levels: TRACE, DEBUG, INFO, WARN, ERROR level: WARN
# level: WARN
processing: processing:
enabled: true enabled: true
kafka_config: kafka_config: