Page MenuHomePhabricator
Create Task
Maniphest T90773

Fix log directory permissions in Sentry vagrant role
Closed, ResolvedPublic0 Estimated Story Points
Actions

Description

The vagrant role for Sentry creates a separate user; this results in permission problems (e.g. ImproperlyConfigured: Could not write to directory: /vagrant/logs/sentry.mail.log).

Separating permissions by running each service with its own user is a good practice in general but does not work great with Vagrant because some key directories are actually on the host and mounted to the guest via some sharing protocol which varies based on OS and config; setting permissions for these directories is fragile.

@bd808 recommends to run Sentry as www-data.

Details

SubjectRepoBranchLines +/-
Remove custom users from sentry module, use www-data insteadmediawiki/vagrantmaster+19 -32
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 DeclinedNoneT382 RfC: Server-side Javascript error logging
 ResolvedTgrT524 Interface to display JS error logs
 Resolved GillesT525 Review existing JS error logging solutions
 OpenNoneT106913 Use Sentry on non-production Wikimedia wikis, Toolforge and other sites/tools
 DeclinedNoneT106915 Use Sentry in production
 DeclinedTgrT91649 Deploy Sentry (JavaScript error logging) to production, configured to log only a limited subset of users/pages
 ResolvedTgrT1345 Set up and test Sentry on Labs for JS error logging
 ResolvedTgrT105374 Investigate if the XSS vulnerability addressed in Sentry 7.6.1 affects us
 Resolved jlinehanT88399 Improve Javascript error logging coverage
 ResolvedTgrT78809 Implement module wrapping for Sentry
 DeclinedTgrT85262 Add startup script to automatically wrap asynchronous functions in try..catch
 DeclinedTgrT86058 Find out whether any browser supported by MediaWiki needs TraceKit's "rethrow to window.onerror" logic for stack traces
 DeclinedTgrT92247 Wrap jQuery AJAX callbacks in try..catch via mw.errorLogging
 ResolvedTgrT92701 Test the impact of Javascript error logging on performance
 DeclinedTgrT93392 Make sure async wrapping for Javascript error logging only happens when the call is truly async
 ResolvedTgrT85263 Track module initialization errors in ResourceLoader
 ResolvedTgrT88874 Catch uncaught exceptions with Sentry
 ResolvedKrinkleT93986 mw.track subscribers cannot unsubscribe
 DeclinedNoneT90524 Use source urls in mw.loader.store
 OpenNoneT508 Use CORS-enabled fetch of scripts to avoid same-domain limitations in JS error logging
 ResolvedTgrT507 Measure how many users have CORS-hostile proxies
 DeclinedNoneT88078 Automated tests for Javascript error logging
 DeclinedNoneT526 Add sampling and throttling support to JS error logging
 InvalidNoneT89732 Investigate production and/or beta requirements for Sentry
 DeclinedTgrT93138 Procure hardware for Sentry
 ResolvedTgrT84956 Create basic puppet role for Sentry
 ResolvedjcrespoT112228 Need to run postgresql::user twice to set the password
 ResolvedTgrT94428 Log Javascript errors in UploadWizard funnel flow
 OpenNoneT88072 All multimedia extensions/systems should have a MW-Vagrant role
 ResolvedTgrT84957 Vagrantize Sentry
 ResolvedTgrT90773 Fix log directory permissions in Sentry vagrant role

Event Timeline

Tgr created this task.Feb 25 2015, 8:04 PM
Tgr claimed this task.
Tgr raised the priority of this task from to Medium.
Tgr updated the task description. (Show Details)
Tgr added projects: Multimedia-Sprint-2015-02-25, Sentry, MediaWiki-Vagrant, Multimedia.
Tgr added a subscriber: bd808.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 25 2015, 8:04 PM
Tgr mentioned this in T84957: Vagrantize Sentry.Feb 25 2015, 8:04 PM
Tgr set Security to None.
Tgr edited a custom field.
dduvall subscribed.Feb 25 2015, 9:59 PM

I think this may only be a problem when using vboxsf instead of nfs. @Tgr, do you have nfs_shares disabled by chance? Disabled is the default if you're running Windows. (Use vagrant config --get nfs_shares to check.)

Tgr added a comment.Feb 25 2015, 10:56 PM
In T90773#1067789, @dduvall wrote:

@Tgr, do you have nfs_shares disabled by chance?

On some boxes, due to T84961 (which happens/happened intermittently). But I think you get issues with NFS as well, just not the same ones. I remember running into problems due to root squashing, for example.

dduvall added a comment.Feb 26 2015, 12:23 AM

Since the NFS issues may be only tangentially related, I'm not sure what to do about them ATM, but @bd808's suggestion should fix the permissions issue when using vboxsf. I suggest we start there.

gerritbot subscribed.Feb 27 2015, 1:54 AM

Change 193319 had a related patch set uploaded (by Gergő Tisza):
Remove custom users from sentry module, use www-data instead

https://gerrit.wikimedia.org/r/193319

gerritbot added a project: Patch-For-Review.Feb 27 2015, 1:55 AM
Tgr moved this task from Backlog to Needs code review on the Multimedia-Sprint-2015-02-25 board.Feb 27 2015, 2:56 AM
gerritbot added a comment.Feb 27 2015, 11:40 PM

Change 193319 merged by jenkins-bot:
Remove custom users from sentry module, use www-data instead

https://gerrit.wikimedia.org/r/193319

Tgr moved this task from Needs code review to Ready for testing on the Multimedia-Sprint-2015-02-25 board.Feb 27 2015, 11:41 PM
Tgr added a comment.Feb 28 2015, 12:14 AM

Verified working. Steps to test:

  • enable sentry role
  • run mw.sentry.initRaven(); Raven.captureMessage('foo'); in JS console
  • verify there is a mail file in /vagrant/logs/sentry-mail
Gilles closed this task as Resolved.Mar 2 2015, 8:45 AM
Gilles subscribed.
Tgr mentioned this in rMWVA20f8aef26e75: Remove custom users from sentry module, use www-data instead.Mar 3 2015, 7:49 PM
bd808 moved this task from Backlog to Done on the MediaWiki-Vagrant board.Mar 5 2015, 5:33 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL