diff --git a/pillar/paas/docker/docker-002/sentry.sls b/pillar/paas/docker/docker-002/sentry.sls
index ebec57c..ced85c1 100644
--- a/pillar/paas/docker/docker-002/sentry.sls
+++ b/pillar/paas/docker/docker-002/sentry.sls
@@ -1,98 +1,109 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Service: Sentry
# -------------------------------------------------------------
docker_networks:
sentry:
subnet: 172.18.3.0/24
docker_images:
- library/postgres
- library/redis:3.2-alpine
- library/sentry
- tianon/exim4
+ - yandex/clickhouse-server:20.3.9.70
docker_containers:
#
# Core services used by Sentry
#
exim:
sentry_smtp:
mailname: mx.sentry.nasqueron.org
network: sentry
memcached:
sentry_memcached:
version: 1.6.9-alpine
network: sentry
redis:
sentry_redis:
network: sentry
postgresql:
sentry_db:
credential: nasqueron.sentry.postgresql
#
# Kafka instance
#
zookeeper:
sentry_zookeeper:
version: 5.5.0
network: sentry
kafka:
sentry_kafka:
version: 5.5.0
zookeeper: sentry_zookeeper
network: sentry
topics:
- ingest-attachments
- ingest-transactions
- ingest-events
- ingest-replay-recordings
+ #
+ # ClickHouse
+ #
+ clickhouse:
+ sentry_clickhouse:
+ version: 20.3.9.70
+ network: sentry
+ config: sentry.xml
+ max_memory_ratio: 0.2
+
#
# Services maintained by Sentry
#
sentry:
sentry_web_1:
app_port: 26080
host: sentry.nasqueron.org
# As an instance is divided between a web, a cron and a worker
# containers, we need an identified to share a data volume.
realm: nasqueron
network: sentry
sentry_worker:
sentry_worker_1:
realm: nasqueron
network: sentry
sentry_cron:
sentry_cron:
realm: nasqueron
network: sentry
# -------------------------------------------------------------
# Services configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
kakfa_loggers:
kafka.cluster: WARN
kafka.controller: WARN
kafka.coordinator: WARN
kafka.log: WARN
kafka.server: WARN
kafka.zookeeper: WARN
state.change.logger: WARN
diff --git a/roles/paas-docker/containers/clickhouse.sls b/roles/paas-docker/containers/clickhouse.sls
new file mode 100644
index 0000000..01d53fa
--- /dev/null
+++ b/roles/paas-docker/containers/clickhouse.sls
@@ -0,0 +1,74 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+
+{% for instance, container in pillar['docker_containers']['clickhouse'].items() %}
+{% set image = salt['paas_docker.get_image']("yandex/clickhouse-server", container) %}
+
+# -------------------------------------------------------------
+# Data directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/clickhouse/{{ instance }}:
+ file.directory:
+ - makedirs: True
+
+{% for subdir in ['lib', 'log'] %}
+/srv/clickhouse/{{ instance }}/{{ subdir }}:
+ file.directory:
+ - user: 101
+ - group: 101
+{% endfor %}
+
+/srv/clickhouse/{{ instance }}/{{ container['config'] }}:
+ file.managed:
+ - source: salt://roles/paas-docker/containers/files/clickhouse/{{ instance }}/{{ container['config'] }}
+ - user: 101
+ - group: 101
+
+{% if has_selinux %}
+selinux_context_{{ instance }}_clickhouse_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/clickhouse/{{ instance }}
+ - sel_type: container_file_t
+
+selinux_context_{{ instance }}_clickhouse_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/clickhouse/{{ instance }}
+{% endif %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: {{ image }}
+ - binds:
+ - /srv/clickhouse/{{ instance }}/lib:/var/lib/clickhouse
+ - /srv/clickhouse/{{ instance }}/log:/var/log/clickhouse-server
+ - /srv/clickhouse/{{ instance }}/{{ container['config'] }}:/etc/clickhouse-server/config.d/{{ container['config'] }}
+ - environment:
+ # Should be increased if search returns incomplete results
+ MAX_MEMORY_USAGE_RATIO: {{ container['max_memory_ratio'] | default(0.3) }}
+ - ulimits:
+ - nofile=262144:262144
+ - healthcheck:
+ Test: http_proxy='' wget -nv -t1 --spider 'http://localhost:8123/' || exit 1
+ Interval: 30000000000
+{% if 'network' in container %}
+ - networks:
+ - {{ container['network'] }}
+{% endif %}
+ - cap_add:
+ - SYS_NICE
+ - NET_ADMIN
+ - IPC_LOCK
+{% endfor %}
diff --git a/roles/paas-docker/containers/files/clickhouse/sentry_clickhouse/sentry.xml b/roles/paas-docker/containers/files/clickhouse/sentry_clickhouse/sentry.xml
new file mode 100644
index 0000000..8741278
--- /dev/null
+++ b/roles/paas-docker/containers/files/clickhouse/sentry_clickhouse/sentry.xml
@@ -0,0 +1,32 @@
+<!--
+#
+# ClickHouse configuration - Sentry
+#
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Forked from: getsentry/self-hosted/master/clickhouse/config.xml
+# Source file: roles/paas-docker/containers/files/clickhouse/sentry_clickhouse/sentry.xml
+# _____________________________________________________________
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+-->
+
+<yandex>
+ <max_server_memory_usage_to_ram_ratio>
+ <include from_env="MAX_MEMORY_USAGE_RATIO"/>
+ </max_server_memory_usage_to_ram_ratio>
+
+ <logger>
+ <level>information</level>
+ <console>1</console>
+ </logger>
+
+ <merge_tree>
+ <enable_mixed_granularity_parts>1</enable_mixed_granularity_parts>
+ </merge_tree>
+</yandex>