Page MenuHomePhabricator

Fix log directory permissions in Sentry vagrant role
Closed, ResolvedPublic0 Story Points

Description

The vagrant role for Sentry creates a separate user; this results in permission problems (e.g. ImproperlyConfigured: Could not write to directory: /vagrant/logs/sentry.mail.log).

Separating permissions by running each service with its own user is a good practice in general but does not work great with Vagrant because some key directories are actually on the host and mounted to the guest via some sharing protocol which varies based on OS and config; setting permissions for these directories is fragile.

@bd808 recommends to run Sentry as www-data.

Related Objects

StatusAssignedTask
OpenTgr
ResolvedTgr
ResolvedGilles
OpenNone
OpenNone
OpenTgr
OpenTgr
ResolvedTgr
OpenNone
ResolvedTgr
DeclinedTgr
DeclinedTgr
StalledTgr
ResolvedTgr
StalledTgr
ResolvedTgr
OpenTgr
ResolvedKrinkle
DeclinedNone
OpenTgr
ResolvedTgr
OpenTgr
OpenNone
InvalidNone
StalledTgr
ResolvedTgr
OpenNone
Resolvedjcrespo
ResolvedTgr
OpenNone
ResolvedTgr
ResolvedTgr

Event Timeline

Tgr created this task.Feb 25 2015, 8:04 PM
Tgr updated the task description. (Show Details)
Tgr raised the priority of this task from to Normal.
Tgr claimed this task.
Tgr added a subscriber: bd808.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 25 2015, 8:04 PM
Tgr set Security to None.
Tgr edited a custom field.

I think this may only be a problem when using vboxsf instead of nfs. @Tgr, do you have nfs_shares disabled by chance? Disabled is the default if you're running Windows. (Use vagrant config --get nfs_shares to check.)

Tgr added a comment.Feb 25 2015, 10:56 PM

@Tgr, do you have nfs_shares disabled by chance?

On some boxes, due to T84961 (which happens/happened intermittently). But I think you get issues with NFS as well, just not the same ones. I remember running into problems due to root squashing, for example.

Since the NFS issues may be only tangentially related, I'm not sure what to do about them ATM, but @bd808's suggestion should fix the permissions issue when using vboxsf. I suggest we start there.

Change 193319 had a related patch set uploaded (by Gergő Tisza):
Remove custom users from sentry module, use www-data instead

https://gerrit.wikimedia.org/r/193319

Change 193319 merged by jenkins-bot:
Remove custom users from sentry module, use www-data instead

https://gerrit.wikimedia.org/r/193319

Tgr added a comment.Feb 28 2015, 12:14 AM

Verified working. Steps to test:

  • enable sentry role
  • run mw.sentry.initRaven(); Raven.captureMessage('foo'); in JS console
  • verify there is a mail file in /vagrant/logs/sentry-mail
Gilles closed this task as Resolved.Mar 2 2015, 8:45 AM
Gilles added a subscriber: Gilles.
bd808 moved this task from Backlog to Done on the MediaWiki-Vagrant board.Mar 5 2015, 5:33 PM