Page MenuHomeDevCentral
Files F3754463

D2885.id7355.diff
No OneTemporary
Actions

D2885.id7355.diff
View Options

diff --git a/_modules/credentials.py b/_modules/credentials.py
--- a/_modules/credentials.py
+++ b/_modules/credentials.py
@@ -117,6 +117,29 @@
return get_password(key, prefix)
+# -------------------------------------------------------------
+# Helpers for Sentry credentials
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def get_sentry_credentials():
+ return {
+ realm: _get_sentry_realm_credentials(realm)
+ for realm in __pillar__.get("sentry_realms", [])
+ }
+
+
+def _get_sentry_realm_credentials(realm):
+ credentials = __pillar__["sentry_realms"][realm]["credentials"]
+ secret_db = read_secret(credentials["postgresql"])
+
+ return {
+ "SENTRY_DB_USER": secret_db["username"],
+ "SENTRY_DB_PASSWORD": secret_db["password"],
+ "SENTRY_SECRET_KEY": get_password(credentials["secret_key"]),
+ }
+
+
def get_sentry_dsn(args):
if _are_credentials_hidden():
return "credential for " + args["credential"]
diff --git a/pillar/paas/docker/docker-002/sentry.sls b/pillar/paas/docker/docker-002/sentry.sls
--- a/pillar/paas/docker/docker-002/sentry.sls
+++ b/pillar/paas/docker/docker-002/sentry.sls
@@ -154,22 +154,50 @@
#
sentry:
- sentry_web_1:
+ sentry_web:
app_port: 26080
host: sentry.nasqueron.org
-
- # As an instance is divided between a web, a cron and a worker
- # containers, we need an identified to share a data volume.
+ command: run web
realm: nasqueron
network: sentry
- sentry_worker:
- sentry_worker_1:
+ sentry_worker:
+ command: run worker
realm: nasqueron
network: sentry
- sentry_cron:
sentry_cron:
+ command: run cron
+ realm: nasqueron
+ network: sentry
+
+ sentry_ingest_consumer:
+ command: run ingest-consumer --all-consumer-types
+ realm: nasqueron
+ network: sentry
+
+ sentry_ingest_replay_recordings:
+ command: run ingest-replay-recordings
+ realm: nasqueron
+ network: sentry
+
+ sentry_post_process_forwarder_errors:
+ command: run post-process-forwarder --entity errors
+ realm: nasqueron
+ network: sentry
+
+ sentry_post_process_forwarder_transations:
+ command: run post-process-forwarder --entity transactions--commit-log-topic=snuba-transactions-commit-log --synchronize-commit-group transactions_group
+ realm: nasqueron
+ network: sentry
+
+ sentry_consumer_events:
+ command: run query-subscription-consumer --commit-batch-size 1 --topic events-subscription-results
+ realm: nasqueron
+ network: sentry
+
+ sentry_consumer_transactions:
+ command: run query-subscription-consumer --commit-batch-size 1 --topic transactions-subscription-results
realm: nasqueron
network: sentry
@@ -185,3 +213,18 @@
kafka.server: WARN
kafka.zookeeper: WARN
state.change.logger: WARN
+
+sentry_realms:
+ nasqueron:
+ services:
+ memcached: sentry_memcached
+ postgresql: sentry_db
+ redis: sentry_redis
+ smtp: sentry_smtp
+ snuba: sentry_snuba_api
+ credentials:
+ secret_key: nasqueron.sentry.app_key
+ postgresql: nasqueron.sentry.postgresql
+
+ hostname: sentry.nasqueron.org
+ email_from: noreply@sentry.nasqueron.org
diff --git a/pillar/saas/sentry.sls b/pillar/saas/sentry.sls
deleted file mode 100644
--- a/pillar/saas/sentry.sls
+++ /dev/null
@@ -1,21 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Sentry instances
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Nasqueron
-# Created: 2018-11-10
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-# -------------------------------------------------------------
-# Sentry realms
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-sentry_realms:
- nasqueron:
- links:
- postgresql: sentry_db
- redis: sentry_redis
- smtp: sentry_smtp
- credential: nasqueron.sentry.app_key
- email_from: no-reply@sentry.nasqueron.org
- host: sentry.nasqueron.org
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -29,7 +29,6 @@
- paas.docker
- saas.jenkins
- saas.phpbb
- - saas.sentry
db-A-001:
- dbserver.cluster-A
diff --git a/roles/paas-docker/containers/sentry.sls b/roles/paas-docker/containers/sentry.sls
--- a/roles/paas-docker/containers/sentry.sls
+++ b/roles/paas-docker/containers/sentry.sls
@@ -12,7 +12,7 @@
# Data directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for realm, args in pillar['sentry_realms'].items() %}
+{% for realm, realm_args in pillar['sentry_realms'].items() %}
/srv/sentry/{{ realm }}:
file.directory:
@@ -20,15 +20,15 @@
- group: 999
- makedirs: True
-/srv/sentry/{{ realm }}/bin/sentry:
- file.managed:
- - source: salt://roles/paas-docker/containers/files/sentry/sentry.sh.jinja
- - template: jinja
- - mode: 755
- - makedirs: True
- - context:
- links: {{ args['links'] }}
- credential_key: {{ args['credential'] }}
+/srv/sentry/{{ realm }}/data:
+ file.directory:
+ - user: 999
+ - group: 999
+
+/srv/sentry/{{ realm }}/data/files:
+ file.directory:
+ - user: 999
+ - group: 999
{% if has_selinux %}
selinux_context_{{ realm }}_sentry_data:
@@ -47,51 +47,54 @@
# Web application
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+{% set realms_credentials = salt["credentials.get_sentry_credentials"]() %}
+
{% for instance, container in pillar['docker_containers']['sentry'].items() %}
-{% set args = pillar['sentry_realms'][container['realm']] %}
+{% set realm = container['realm'] %}
+{% set realm_args = pillar['sentry_realms'][realm] %}
+{% set credentials = realms_credentials[realm] %}
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- - image: library/sentry
- - binds: &binds /srv/sentry/{{ container['realm'] }}:/var/lib/sentry/files
- - links: &links
- - {{ args['links']['postgresql'] }}:postgres
- - {{ args['links']['redis'] }}:redis
- - {{ args['links']['smtp'] }}:smtp
- - environment: &env
- - SENTRY_SECRET_KEY: {{ salt['credentials.get_token'](args['credential']) }}
- - SENTRY_FILESTORE_DIR:
- - SENTRY_USE_SSL: 1
- - SENTRY_SERVER_EMAIL: {{ args['email_from'] }}
- - SENTRY_FILESTORE_DIR: /var/lib/sentry/files
- - ports:
- - 80
- - port_bindings:
- - {{ container['app_port'] }}:9000
+ - image: getsentry/sentry:nightly
+ - command: {{ container["command"] }}
+ - binds:
+ - /srv/sentry/{{ realm }}/data:/data
+ - /srv/geoip:/geoip:ro
+ - environment:
+ # From gentry/self-hosted for modern environment
+ - PYTHONUSERBASE: /data/custom-packages
-{% endfor %}
+ - SENTRY_POSTGRES_HOST: {{ realm_args["services"]["postgresql"] }}
+ - SENTRY_DB_USER: {{ credentials["SENTRY_DB_USER"] }}
+ - SENTRY_DB_PASSWORD: {{ credentials["SENTRY_DB_PASSWORD"] }}
-# -------------------------------------------------------------
-# Services containers
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ - SENTRY_REDIS_HOST: {{ realm_args["services"]["redis"] }}
-{% for service in ['worker', 'cron'] %}
-{% for instance, container in pillar['docker_containers']['sentry_' + service].items() %}
+ - SENTRY_MEMCACHED_HOST: {{ realm_args["services"]["memcached"] }}
-{% set args = pillar['sentry_realms'][container['realm']] %}
+ - SENTRY_EMAIL_HOST: {{ realm_args["services"]["smtp"] }}
+ - SENTRY_SMTP_HOSTNAME: {{ realm_args["hostname"] }}
+ - SENTRY_SERVER_EMAIL: {{ realm_args['email_from'] }}
-{{ instance }}:
- docker_container.running:
- - detach: True
- - interactive: True
- - image: library/sentry
- - binds: *binds
- - links: *links
- - environment: *env
- - command: run {{ service }}
+ - SNUBA: http://{{ realm_args["services"]["snuba"] }}:1218
+
+ - SENTRY_EVENT_RETENTION_DAYS: 90
+
+ # Legacy from 2016 configuration
+ - SENTRY_SECRET_KEY: {{ credentials["SENTRY_SECRET_KEY"] }}
+ - SENTRY_USE_SSL: 1
+ - SENTRY_FILESTORE_DIR: /data/files
+ {% if "app_port" in container %}
+ - ports:
+ - 9000
+ - port_bindings:
+ - {{ container['app_port'] }}:9000
+ {% endif %}
+ - networks:
+ - {{ container['network'] }}
-{% endfor %}
{% endfor %}
diff --git a/roles/paas-docker/containers/sentry_cron.sls b/roles/paas-docker/containers/sentry_cron.sls
deleted file mode 100644
--- a/roles/paas-docker/containers/sentry_cron.sls
+++ /dev/null
@@ -1,10 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Provision Docker engine
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Nasqueron
-# Created: 2020-02-14
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-# This section is intentionally left blank.
-# Containers are provided by sentry.sls
diff --git a/roles/paas-docker/containers/sentry_worker.sls b/roles/paas-docker/containers/sentry_worker.sls
deleted file mode 100644
--- a/roles/paas-docker/containers/sentry_worker.sls
+++ /dev/null
@@ -1,10 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Provision Docker engine
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Nasqueron
-# Created: 2020-02-14
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-# This section is intentionally left blank.
-# Containers are provided by sentry.sls

File Metadata

Mime Type
text/plain
Expires
Tue, Nov 19, 07:35 (22 h, 10 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2252176
Default Alt Text
D2885.id7355.diff (9 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator