Page MenuHomePhabricator

Fix log directory permissions in Sentry vagrant role
Closed, ResolvedPublic0 Estimated Story Points

Description

The vagrant role for Sentry creates a separate user; this results in permission problems (e.g. ImproperlyConfigured: Could not write to directory: /vagrant/logs/sentry.mail.log).

Separating permissions by running each service with its own user is a good practice in general but does not work great with Vagrant because some key directories are actually on the host and mounted to the guest via some sharing protocol which varies based on OS and config; setting permissions for these directories is fragile.

@bd808 recommends to run Sentry as www-data.

Related Objects

StatusSubtypeAssignedTask
DeclinedNone
ResolvedTgr
ResolvedGilles
OpenNone
DeclinedNone
DeclinedTgr
ResolvedTgr
ResolvedTgr
Resolvedjlinehan
ResolvedTgr
DeclinedTgr
DeclinedTgr
DeclinedTgr
ResolvedTgr
DeclinedTgr
ResolvedTgr
ResolvedTgr
ResolvedKrinkle
DeclinedNone
OpenNone
ResolvedTgr
DeclinedNone
OpenNone
InvalidNone
DeclinedTgr
ResolvedTgr
Resolvedjcrespo
ResolvedTgr
OpenNone
ResolvedTgr
ResolvedTgr

Event Timeline

Tgr claimed this task.
Tgr raised the priority of this task from to Medium.
Tgr updated the task description. (Show Details)
Tgr added a subscriber: bd808.
Tgr set Security to None.
Tgr edited a custom field.

I think this may only be a problem when using vboxsf instead of nfs. @Tgr, do you have nfs_shares disabled by chance? Disabled is the default if you're running Windows. (Use vagrant config --get nfs_shares to check.)

@Tgr, do you have nfs_shares disabled by chance?

On some boxes, due to T84961 (which happens/happened intermittently). But I think you get issues with NFS as well, just not the same ones. I remember running into problems due to root squashing, for example.

Since the NFS issues may be only tangentially related, I'm not sure what to do about them ATM, but @bd808's suggestion should fix the permissions issue when using vboxsf. I suggest we start there.

Change 193319 had a related patch set uploaded (by Gergő Tisza):
Remove custom users from sentry module, use www-data instead

https://gerrit.wikimedia.org/r/193319

Change 193319 merged by jenkins-bot:
Remove custom users from sentry module, use www-data instead

https://gerrit.wikimedia.org/r/193319

Verified working. Steps to test:

  • enable sentry role
  • run mw.sentry.initRaven(); Raven.captureMessage('foo'); in JS console
  • verify there is a mail file in /vagrant/logs/sentry-mail
Gilles added a subscriber: Gilles.