* fix(profiling): Ingest profile file path
`ingest-profiles` is now using vroomrs to ingest profiles instead of writing
through vroom. For self-hosted, we need to make sure filestore for profiles is
properly configured so vroom can find the ingested profiles.
* feat: move profiling data to seaweedfs
* feat: review from Sentry
* Apply suggestions from code review
Co-authored-by: Burak Yigit Kaya <byk@sentry.io>
* ref: volume migration tests
* ref: execute file creation from vroom container
* fix: brainfart
* debug
* hack
* more debug
* now I know what I'm missing out
* explicitly state feature complete
* try to pull vroom image
* should only run when COMPOSE_PROFILES is feature complete
* using run invoked weed instead of empty shell
* execute the upload script from vroom container
* execute apt command as root
* gonna sleep
* missing endgroup
* missing sh
* directly execute s3cmd and do 'wc' outside out the container
* why did other test start failing
* manual cleanup
* vroom is not a persistent volume
* what about not removing the seaweed volume
---------
Co-authored-by: Reinaldy Rafli <github@reinaldyrafli.com>
Co-authored-by: Burak Yigit Kaya <byk@sentry.io>
* Remove symbolicator volume creation command
* Remove symbolicator volume
* Create sentry-symbolicator on docker compose up
* Pass volume name to remove_command
* Remove sentry-symbolicator from unit test
* feat: Use S3 node store with garage
* lol, fix bash
* moar bash
* lol
* hate bash
* fix moar bash
* Add healthcheck to garage service
Co-authored-by: Reinaldy Rafli <aldy505@proton.me>
* revert +x
* fix healthcheck, fix config
* add env var for garage size
* use better compression level
* simpler garage config
* add migration support
* feat: use seaweedfs as nodestore backend (#3842)
* feat: seaweedfs as s3 nodestore backend
* fix: 'server' was missing for seaweed
* feat: remove minimum volume free space
* feat: specify hostname on ip
* fix: grpc port on seaweed should be `-{service}.port.grpc` instead of `-{service}.grpcPort`
* fix: wrong access key & secret key; use localhost for internal comms
* fix: create index directory
* test: add sentry-seaweedfs volume into expected volumes
* debug: aaaaaaaaaaaaaaaaaaaaaaarrrrggggggghhhhhhhhhhhhhhh
* test: correct ordering for expected volumes
* chore: seaweedfs healthcheck to multiple urls
See https://stackoverflow.com/a/14578575/3153224
* chore: add swap for arm64 runners
* ci: debug memory issues for arm64 runners
* ci: turn off swapfile first
Turns out the arm64 runners already have 3GB of swap
* feat: nodestore config update behind a prompt/flag
* feat: set s3 lifecycle policy
* fix: seaweed is a busybox
* fix: try xml policy
* fix: go back to simplified json
* Revert "fix: go back to simplified json"
This reverts commit 2f1575dfe33db6f781b09d09b01f5382716b8826.
* chore: reword debug lifecycle policy
* fix: don't pollute APPLY_AUTOMATIC_CONFIG_UPDATES variable
---------
Co-authored-by: Reinaldy Rafli <github@reinaldyrafli.com>
* Add patch for pgbouncer
* pgcat over pgbouncer
* Add patch for .env file
* Apply patches and add initial pgcat tolm file
* feat: hardcode pgcat image
* Fixes from review
* Align usernames defaults
* Remove postgres from default depends_on; Covered by pgcat by extension
* Set user and password - pgcat maybe doesnt support host auth trust
* Pool name maybe has to match, for some reason
* Use healthcheck from pgcat PR
* Reduce pool size, leave some for healthchecks and other clients running
* Start pgcat for bash scripts with postgres
* Update docker-compose.yml
* Use pgbouncer
* Revert to TRUST method
* fix(enhancement): ensure correct ownership check before setting permissions of profiles
* fix(enhancement): search for permissions on docker container instead of host and combine it in one command for performance enhancement
Resolves#3882
* fix(enhancement): search for permissions on docker container instead of host
* Revert "fix(vroom): Explicitly set PROFILES_DIR for upcoming change (#3759)"
This reverts commit e07445d6be41793165316a3e077ebec343740530.
It also very importantly changes where we mount the profiles volume which fixes the issue. Our theory is as follows:
1. Vroom Dockerfile had a line doing `mkdirp /var/lib/sentry-profiles` at image build time. This makes the directory owned by `root`
2. When we mount over that directory, and change permissions we can store the permissions changes _in_ the directory but not the directory itself
3. So when we start the vroom image with the new mount, the contents are owned by `vroom` but the main directory is still owned by `root`. This is also why [this approach](a23a4e3952) worked as the entrypoint script did this at the start of every container instance.
---------
Co-authored-by: Burak Yigit Kaya <byk@sentry.io>
Sentry Admin Script always fail because of missing import of lib script.
### Legal Boilerplate
Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.
With #3595, we now check both `docker-compose` and `docker compose` versions so this patch removes the implicit fallback to `docker-compose` for `$dc_base` and makes it explicit.
In this version, there's a new `--pull` argument for `docker compose run` which we will start leveraging, especially with `sentry-admin` command.
Should come with a slight speed boost.
Just starting up services for Snuba or Sentry migrations takes up to a minute sometimes and we do this even when there are no migrations, just because one of the Sentry or Snuba migrations change. This patch splits the caches up so only the necessary one runs, saving further time. It also uses the `LATEST_TAG` as the cache key for upgrade tests as the image versions or data will never change for a certain tag once it is release.
I think we split these actions in the past due to some lack of options for them to work together properly. Right now looks like `bootstrap` would automatically migrate and propagates the `force` flag.
`geoipupdate` is not used by any other service nor it is needed for any
service to run. Moreover, it is a one-shot command, causing
`docker compose up --wait` to fail when it exits with a non-zero status.
This happens when one has not yet set up their credentials and they may
choose to never do this.
This PR removes `geoipupdate` from the `docker-compose.yml` file and
moves the command directly into the geoip related script. One may run
this whenever they want to update their GeoIP database.
This PR needs an accompanying docs change.
Since we download JS SDKs in a for loop which invokes a separate docker container for each `curl` run, we seem to be triggering some sort of a DoS protection. And rightfully so as the old method causes TCP and TLS churn although we advertise we support HTTP/1.1 and HTTP/2.
This patch does a few things:
1. Uses `curl`s globbing support to download all files in one go, maxing TCP and TLS reuse. This should fix the DoS protection
2. Uses `curl`'s `--compress` option to make things even more efficient
3. Uses `curl`'s `--create-dirs` to save 1 docker container run per version for creating the directory
4. Removes the `-I` `HEAD` checks in favor of a `-f` fail option combined with `|| true` which makes curl fail and not write the output on a non-200 response while still allowing the script to succeed
5. To make sure the above approach works, it adds a file size test, requiring all downloaded files to be larger than 1kB
Hopefully fixes https://github.com/getsentry/sentry/issues/22715#issuecomment-2458066842
### Legal Boilerplate
Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.
