Relay fails to get projects configs

I’m trying to set up self-hosted sentry with a relay connected by kafka. After sending a test event (using python SDK) to the relay I see on logs following error:
2021-06-25T11:14:06Z [relay_server::actors::project_upstream] ERROR: error fetching project states: upstream request returned error 403 Forbidden.
tcpdump says that relay makes a POST /api/0/relays/projectconfigs/?version=2 HTTP/1.1 to upstream with body {"publicKeys":["<project_public_key>"],"fullConfig":true,"noCache":false} but upstream replies with 403 "Relay unauthorized for full config information". In sentry source a see that “fullConfig” can be given only to “internal” relay. Is there a way to register relay as “internal”? As far as I see on relay source it wants fullConfig if processing is enabled.

Relay config:

  mode: managed
  upstream: "<sentry_host>"
  port: 3000
  tls_port: ~
  tls_identity_path: ~
  tls_identity_password: ~
  level: DEBUG
  enabled: true
    - {name: "bootstrap.servers", value: "<host>"}
    - {name: "message.max.bytes", value: 50000000} # 50MB
    - {name: "security.protocol", value: "SASL_SSL"}
    - {name: "sasl.mechanisms", value: "SCRAM-SHA-512"}
    - {name: "sasl.username", value: "<user>"}
    - {name: "sasl.password", value: "<pass>"}
    - {name: "", value: "<crt_path>"}
  redis: redis://:<redis_pass>@<redis_host>:6379/0

If it is possible to put Relay on the same subnet with Sentry, it will automatically register it as a internal relay. Otherwise you need to generate a key pair and add the public key to your file under the SENTRY_RELAY_WHITELIST_PK key:

Eh, just saw the deprecation notice, you can add them to your sentry/config.yml file as follows:

That worked, thanks!
Offtop: why are the settings moved to yml? Settings become static there and it makes it hard to configure sentry from environment.

1 Like

Getting complex settings from env variables become error prone and hard to manage so we are gearing towards static configuration for the things we can. This allows us to define schemas, validate the config statically etc. It is a slow and ongoing process tho and I’m not sure if we ever will be able to get rid of file.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.