Revert "fix(vroom): Explicitly set PROFILES_DIR for upcoming change" (#3760)

* Revert "fix(vroom): Explicitly set PROFILES_DIR for upcoming change (#3759)" This reverts commit e07445d6be. It also very importantly changes where we mount the profiles volume which fixes the issue. Our theory is as follows: 1. Vroom Dockerfile had a line doing `mkdirp /var/lib/sentry-profiles` at image build time. This makes the directory owned by `root` 2. When we mount over that directory, and change permissions we can store the permissions changes _in_ the directory but not the directory itself 3. So when we start the vroom image with the new mount, the contents are owned by `vroom` but the main directory is still owned by `root`. This is also why [this approach](a23a4e3952) worked as the entrypoint script did this at the start of every container instance. --------- Co-authored-by: Burak Yigit Kaya <byk@sentry.io>
2026-02-06 10:57:17 +00:00 · 2025-06-17 13:26:01 -07:00 · 2025-06-17 13:26:01 -07:00 · 019d372df2
commit 019d372df2
parent e07445d6be
5 changed files with 16 additions and 13 deletions
--- a/.env
+++ b/.env
@ -14,7 +14,7 @@ SNUBA_IMAGE=getsentry/snuba:nightly
 RELAY_IMAGE=getsentry/relay:nightly
 SYMBOLICATOR_IMAGE=getsentry/symbolicator:nightly
 TASKBROKER_IMAGE=getsentry/taskbroker:nightly
-VROOM_IMAGE=getsentry/vroom:a8e9e04
+VROOM_IMAGE=getsentry/vroom:nightly
 HEALTHCHECK_INTERVAL=30s
 HEALTHCHECK_TIMEOUT=1m30s
 HEALTHCHECK_RETRIES=10
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -131,11 +131,7 @@ services:
      # Using default user "postgres" from sentry/sentry.conf.example.py or value of POSTGRES_USER if provided
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres}"]
    command:
-      [
-        "postgres",
-        "-c",
-        "max_connections=${POSTGRES_MAX_CONNECTIONS:-100}",
-      ]
+      ["postgres", "-c", "max_connections=${POSTGRES_MAX_CONNECTIONS:-100}"]
    environment:
      POSTGRES_HOST_AUTH_METHOD: "trust"
    volumes:
@ -511,10 +507,10 @@ services:
    environment:
      SENTRY_KAFKA_BROKERS_PROFILING: "kafka:9092"
      SENTRY_KAFKA_BROKERS_OCCURRENCES: "kafka:9092"
-      PROFILES_DIR: "/var/lib/sentry-profiles"
+      SENTRY_BUCKET_PROFILES: file:///var/vroom/sentry-profiles
      SENTRY_SNUBA_HOST: "http://snuba-api:1218"
    volumes:
-      - sentry-vroom:/var/lib/sentry-profiles
+      - sentry-vroom:/var/vroom/sentry-profiles
    depends_on:
      kafka:
        <<: *depends_on-healthy
@ -529,13 +525,12 @@ services:
        BASE_IMAGE: "$VROOM_IMAGE"
    entrypoint: "/entrypoint.sh"
    environment:
-      PROFILES_DIR: "/var/lib/sentry-profiles"
      # Leaving the value empty to just pass whatever is set
      # on the host system (or in the .env file)
      SENTRY_EVENT_RETENTION_DAYS:
-    command: '"0 0 * * * find $PROFILES_DIR -type f -mtime +$SENTRY_EVENT_RETENTION_DAYS -delete"'
+    command: '"0 0 * * * find /var/vroom/sentry-profiles -type f -mtime +$SENTRY_EVENT_RETENTION_DAYS -delete"'
    volumes:
-      - sentry-vroom:/var/lib/sentry-profiles
+      - sentry-vroom:/var/vroom/sentry-profiles
    profiles:
      - feature-complete

--- a/install.sh
+++ b/install.sh
@ -38,6 +38,7 @@ source install/update-docker-images.sh
 source install/build-docker-images.sh
 source install/bootstrap-snuba.sh
 source install/upgrade-postgres.sh
+source install/ensure-correct-permissions-profiles-dir.sh
 source install/set-up-and-migrate-database.sh
 source install/geoip.sh
 source install/setup-js-sdk-assets.sh
--- a/install/ensure-correct-permissions-profiles-dir.sh
+++ b/install/ensure-correct-permissions-profiles-dir.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+# TODO: Remove this after the next hard-stop
+
+echo "${_group}Ensuring correct permissions on profiles directory ..."
+$dcr --no-deps --entrypoint /bin/bash --user root vroom -c 'chown -R vroom:vroom /var/vroom/sentry-profiles && chmod -R o+rwx /var/vroom/sentry-profiles'
+echo "${_endgroup}"
--- a/optional-modifications/patches/external-kafka/docker-compose.yml.patch
+++ b/optional-modifications/patches/external-kafka/docker-compose.yml.patch
@ -120,10 +120,10 @@
 +      SENTRY_KAFKA_SASL_MECHANISM: ${KAFKA_SASL_MECHANISM:-}
 +      SENTRY_KAFKA_SASL_USERNAME: ${KAFKA_SASL_USERNAME:-}
 +      SENTRY_KAFKA_SASL_PASSWORD: ${KAFKA_SASL_PASSWORD:-}
-       SENTRY_BUCKET_PROFILES: file://localhost//var/lib/sentry-profiles
+       SENTRY_BUCKET_PROFILES: file:///var/vroom/sentry-profiles
       SENTRY_SNUBA_HOST: "http://snuba-api:1218"
     volumes:
-       - sentry-vroom:/var/lib/sentry-profiles
+       - sentry-vroom:/var/vroom/sentry-profiles
 -    depends_on:
 -      kafka:
 -        <<: *depends_on-healthy