Skip to content

Clean up relay credentials generation #1289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
chadwhitacre merged 1 commit into from
Feb 3, 2022
Merged

Clean up relay credentials generation #1289

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ source check-minimum-requirements.sh
source turn-things-off.sh
source create-docker-volumes.sh
source ensure-files-from-examples.sh
source ensure-relay-credentials.sh
source generate-secret-key.sh
source replace-tsdb.sh
source update-docker-images.sh
Expand All @@ -31,6 +32,5 @@ source create-kafka-topics.sh
source upgrade-postgres.sh
source set-up-and-migrate-database.sh
source migrate-file-storage.sh
source relay-credentials.sh
source geoip.sh
source wrap-up.sh
4 changes: 2 additions & 2 deletions install/relay-credentials-test.sh → install/ensure-relay-credentials-test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@ test ! -f $cfg
test ! -f $creds

# Running the install script adds them.
source relay-credentials.sh
source ensure-relay-credentials.sh
test -f $cfg
test -f $creds
test "$(jq -r 'keys[2]' $creds)" = "secret_key"

# If the files exist we don't touch it.
echo GARBAGE > $cfg
echo MOAR GARBAGE > $creds
source relay-credentials.sh
source ensure-relay-credentials.sh
test "$(cat $cfg)" = "GARBAGE"
test "$(cat $creds)" = "MOAR GARBAGE"

Expand Down
34 changes: 34 additions & 0 deletions install/ensure-relay-credentials.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
echo "${_group}Ensuring Relay credentials ..."

RELAY_CONFIG_YML="../relay/config.yml"
RELAY_CREDENTIALS_JSON="../relay/credentials.json"

ensure_file_from_example $RELAY_CONFIG_YML

if [[ -f "$RELAY_CREDENTIALS_JSON" ]]; then
echo "$RELAY_CREDENTIALS_JSON already exists, skipped creation."
else

# There are a couple gotchas here:
#
# 1. We need to use a tmp file because if we redirect output directly to
# credentials.json, then the shell will create an empty file that relay
# will then try to read from (regardless of options such as --stdout or
# --overwrite) and fail because it is empty.
#
# 2. We need to use -T to avoid additional garbage output cluttering
# credentials.json under Docker Compose 1.x and 2.2.3+. Note that the
# long opt --no-tty doesn't exist in Docker Compose 1.

creds="$dcr --no-deps -T relay credentials"
Copy link
Copy Markdown
Member Author

@chadwhitacre chadwhitacre Feb 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aminvakil It looks like there is no --no-tty option in Docker Compose 1, only in 2. That could explain why merging #1251 caused CI to start failing.

$ docker-compose run -T --no-deps relay credentials show      
Creating sentry-self-hosted_relay_run ... done
Credentials:
  relay id: ed128877-ceb6-47e0-8a4e-e3df4bed162f
  public key: EyGAkE-3wBlBQuSbKJLsXdhQWEMsaZIDSnOCvnVE5zo
$
$
$ docker-compose run --no-tty --no-deps relay credentials show
Run a one-off command on a service.

For example:

    $ docker-compose run web python manage.py shell

By default, linked services will be started, unless they are already
running. If you do not want to start linked services, use
`docker-compose run --no-deps SERVICE COMMAND [ARGS...]`.

Usage:
    run [options] [-v VOLUME...] [-p PORT...] [-e KEY=VAL...] [-l KEY=VALUE...] [--]
        SERVICE [COMMAND] [ARGS...]

Options:
    -d, --detach          Detached mode: Run container in the background, print
                          new container name.
    --name NAME           Assign a name to the container
    --entrypoint CMD      Override the entrypoint of the image.
    -e KEY=VAL            Set an environment variable (can be used multiple times)
    -l, --label KEY=VAL   Add or override a label (can be used multiple times)
    -u, --user=""         Run as specified username or uid
    --no-deps             Don't start linked services.
    --rm                  Remove container after run. Ignored in detached mode.
    -p, --publish=[]      Publish a container's port(s) to the host
    --service-ports       Run command with the service's ports enabled and mapped
                          to the host.
    --use-aliases         Use the service's network aliases in the network(s) the
                          container connects to.
    -v, --volume=[]       Bind mount a volume (default [])
    -T                    Disable pseudo-tty allocation. By default `docker-compose run`
                          allocates a TTY.
    -w, --workdir=""      Working directory inside the container
$
$
$ docker-compose --version
docker-compose version 1.29.2, build 5becea4c
$

Copy link
Copy Markdown
Member Author

@chadwhitacre chadwhitacre Feb 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bah ... but in that case why was CI green on #1251? 🤔

$creds generate --stdout > "$RELAY_CREDENTIALS_JSON".tmp
mv "$RELAY_CREDENTIALS_JSON".tmp "$RELAY_CREDENTIALS_JSON"
if ! grep -q Credentials <($creds show); then
# Let's fail early if creds failed, to make debugging easier.
echo "Failed to create relay credentials in $RELAY_CREDENTIALS_JSON."
exit 1
fi
echo "Relay credentials written to $RELAY_CREDENTIALS_JSON."
fi

echo "${_endgroup}"