diff --git a/.env b/.env index 405bf67..1d99def 100644 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ COMPOSE_PROJECT_NAME=sentry_onpremise SENTRY_EVENT_RETENTION_DAYS=90 -SENTRY_IMAGE=getsentry/sentry:latest -SNUBA_IMAGE=getsentry/snuba:latest -RELAY_IMAGE=getsentry/relay:latest -SYMBOLICATOR_IMAGE=getsentry/symbolicator:eac35a6058c7749bdf20ed219a377e49e02d0b76 +SENTRY_IMAGE=getsentry/sentry:20.7.1 +SNUBA_IMAGE=getsentry/snuba:20.7.1 +RELAY_IMAGE=getsentry/relay:20.7.1 +SYMBOLICATOR_IMAGE=getsentry/symbolicator:06e34ae diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index a82b9ca..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: release -on: - repository_dispatch: - types: [release] - schedule: - # We want the release to be at 10 or 11am Pacific Time - # We also make this an hour after all others such as Sentry, - # Snuba, and Relay to make sure their releases finish. - - cron: '0 18 15 * *' -jobs: - release: - runs-on: ubuntu-latest - name: "Release a new version" - steps: - - id: calver - if: ${{ !github.event.client_payload.version }} - run: | - DATE_PART=$(date +'%y.%-m') - PATCH_VERSION=0 - while curl -sf -o /dev/null "https://api.github.com/repos/$GITHUB_REPOSITORY/git/ref/tags/$DATE_PART.$PATCH_VERSION"; do - (( PATCH_VERSION++ )) - done - echo "::set-output name=version::$DATE_PART.$PATCH_VERSION" - - uses: actions/checkout@v2 - - uses: getsentry/craft@master - if: ${{ !github.event.client_payload.skip_prepare }} - with: - action: prepare - version: ${{ github.event.client_payload.version || steps.calver.outputs.version }} - env: - DRY_RUN: ${{ github.event.client_payload.dry_run }} - GIT_COMMITTER_NAME: getsentry-bot - GIT_AUTHOR_NAME: getsentry-bot - EMAIL: bot@getsentry.com - # Wait until the builds start. Craft should do this automatically - # but it is broken now. - # TODO: Remove this once getsentry/craft#111 is fixed - - run: sleep 10 - - uses: getsentry/craft@master - with: - action: publish - version: ${{ github.event.client_payload.version || steps.calver.outputs.version }} - keep_branch: '--keep-branch' - no_merge: '--no-merge' - env: - DRY_RUN: ${{ github.event.client_payload.dry_run }} - GIT_COMMITTER_NAME: getsentry-bot - GIT_AUTHOR_NAME: getsentry-bot - EMAIL: bot@getsentry.com diff --git a/.gitignore b/.gitignore index b8ee807..447b771 100644 --- a/.gitignore +++ b/.gitignore @@ -81,3 +81,5 @@ sentry/requirements.txt relay/credentials.json relay/config.yml symbolicator/config.yml + +data/ diff --git a/README.md b/README.md index c055c05..fb51b28 100644 --- a/README.md +++ b/README.md @@ -1,66 +1,5 @@ -# Sentry Nightly On-Premise [![Build Status][build-status-image]][build-status-url] +# Sentry On-Premise -Official bootstrap for running your own [Sentry](https://sentry.io/) with [Docker](https://www.docker.com/). +To bootstrap images and data run install.sh -## Requirements - - * Docker 17.05.0+ - * Compose 1.23.0+ - -## Minimum Hardware Requirements: - - * You need at least 2400MB RAM - -## Setup - -To get started with all the defaults, simply clone the repo and run `./install.sh` in your local check-out. - -There may need to be modifications to the included example config files (`sentry/config.example.yml` and `sentry/sentry.conf.example.py`) to accommodate your needs or your environment (such as adding GitHub credentials). If you want to perform these, do them before you run the install script and copy them without the `.example` extensions in the name (such as `sentry/sentry.conf.py`) before running the `install.sh` script. - -The recommended way to customize your configuration is using the files below, in that order: - - * `config.yml` - * `sentry.conf.py` - * `.env` w/ environment variables - -We currently support a very minimal set of environment variables to promote other means of configuration. - -If you have any issues or questions, our [Community Forum](https://forum.sentry.io/c/on-premise) is at your service! Everytime you run the install script, it will generate a log file, `sentry_install_log-.txt` with the output. Sharing these logs would help people diagnose any issues you might be having. - -## Versioning - -If you want to install a specific release of Sentry, use the tags/releases on this repo. - -We continously push the Docker image for each commit made into [Sentry](https://github.com/getsentry/sentry), and other services such as [Snuba](https://github.com/getsentry/snuba) or [Symbolicator](https://github.com/getsentry/symbolicator) to [our Docker Hub](https://hub.docker.com/u/getsentry) and tag the latest version on master as `:latest`. This is also usually what we have on sentry.io and what the install script uses. You can use a custom Sentry image, such as a modified version that you have built on your own, or simply a specific commit hash by setting the `SENTRY_IMAGE` environment variable to that image name before running `./install.sh`: - -```shell -SENTRY_IMAGE=getsentry/sentry:83b1380 ./install.sh -``` - -Note that this may not work for all commit SHAs as this repository evolves with Sentry and its satellite projects. It is highly recommended to check out a version of this repository that is close to the timestamp of the Sentry commit you are installing. - -## Event Retention - -Sentry comes with a cleanup cron job that prunes events older than `90 days` by default. If you want to change that, you can change the `SENTRY_EVENT_RETENTION_DAYS` environment variable in `.env` or simply override it in your environment. If you do not want the cleanup cron, you can remove the `sentry-cleanup` service from the `docker-compose.yml`file. - -## Securing Sentry with SSL/TLS - -If you'd like to protect your Sentry install with SSL/TLS, there are -fantastic SSL/TLS proxies like [HAProxy](http://www.haproxy.org/) -and [Nginx](http://nginx.org/). You'll likely want to add this service to your `docker-compose.yml` file. - -## Updating Sentry - -_You need to be on at least Sentry 9.1.2 to be able to upgrade automatically to the latest version. If you are not, upgrade to 9.1.2 first by checking out the [9.1.2 tag](https://github.com/getsentry/onpremise/tree/9.1.2) on this repo._ - -The included `install.sh` script is meant to be idempotent and to bring you to the latest version. What this means is you can and should run `install.sh` to upgrade to the latest version available. Remember that the output of the script will be stored in a log file, `sentry_install_log-.txt`, which you may share for diagnosis if anything goes wrong. - -## Resources - - * [Documentation](https://docs.sentry.io/development/server/) - * [Bug Tracker](https://github.com/getsentry/onpremise/issues) - * [Community Forums](https://forum.sentry.io/c/on-premise) - - -[build-status-image]: https://api.travis-ci.com/getsentry/onpremise.svg?branch=master -[build-status-url]: https://travis-ci.com/getsentry/onpremise +To start your Sentry instance, run docker-compose up -d diff --git a/docker-compose.yml b/docker-compose.yml index 0ee8b9b..30e1182 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,7 +25,7 @@ x-sentry-defaults: &sentry_defaults SENTRY_CONF: '/etc/sentry' SNUBA: 'http://snuba-api:1218' volumes: - - 'sentry-data:/data' + - './data/sentry-data:/data' - './sentry:/etc/sentry' x-snuba-defaults: &snuba_defaults << : *restart_policy @@ -44,25 +44,24 @@ x-snuba-defaults: &snuba_defaults services: smtp: << : *restart_policy - image: tianon/exim4 - volumes: - - 'sentry-smtp:/var/spool/exim4' - - 'sentry-smtp-log:/var/log/exim4' + image: fgribreau/smtp-to-sendgrid-gateway + environment: + - SENDGRID_API=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 memcached: << : *restart_policy - image: 'memcached:1.5-alpine' + image: 'memcached:1.6-alpine' redis: << : *restart_policy - image: 'redis:5.0-alpine' + image: 'redis:6.0-alpine' volumes: - - 'sentry-redis:/data' + - './data/redis:/data' postgres: << : *restart_policy - image: 'postgres:9.6' + image: 'postgres:12' environment: POSTGRES_HOST_AUTH_METHOD: 'trust' volumes: - - 'sentry-postgres:/var/lib/postgresql/data' + - './data/sentry-postgres:/var/lib/postgresql/data' zookeeper: << : *restart_policy image: 'confluentinc/cp-zookeeper:5.5.0' @@ -72,9 +71,8 @@ services: ZOOKEEPER_LOG4J_ROOT_LOGLEVEL: 'WARN' ZOOKEEPER_TOOLS_LOG4J_LOGLEVEL: 'WARN' volumes: - - 'sentry-zookeeper:/var/lib/zookeeper/data' - - 'sentry-zookeeper-log:/var/lib/zookeeper/log' - - 'sentry-secrets:/etc/zookeeper/secrets' + - './data/zookeeper:/var/lib/zookeeper/data' + - './data/sentry-secrets:/etc/zookeeper/secrets' kafka: << : *restart_policy depends_on: @@ -91,9 +89,8 @@ services: KAFKA_LOG4J_ROOT_LOGLEVEL: 'WARN' KAFKA_TOOLS_LOG4J_LOGLEVEL: 'WARN' volumes: - - 'sentry-kafka:/var/lib/kafka/data' - - 'sentry-kafka-log:/var/lib/kafka/log' - - 'sentry-secrets:/etc/kafka/secrets' + - './data/sentry-kafka:/var/lib/kafka/data' + - './data/sentry-secrets:/etc/kafka/secrets' clickhouse: << : *restart_policy image: 'yandex/clickhouse-server:19.17' @@ -102,8 +99,7 @@ services: soft: 262144 hard: 262144 volumes: - - 'sentry-clickhouse:/var/lib/clickhouse' - - 'sentry-clickhouse-log:/var/log/clickhouse-server' + - './data/clickhouse:/var/lib/clickhouse' snuba-api: << : *snuba_defaults # Kafka consumer responsible for feeding events into Clickhouse @@ -139,7 +135,7 @@ services: << : *restart_policy image: '$SYMBOLICATOR_IMAGE' volumes: - - 'sentry-symbolicator:/data' + - './data/symbolicator:/data' - type: bind read_only: true source: ./symbolicator @@ -154,7 +150,7 @@ services: BASE_IMAGE: '$SYMBOLICATOR_IMAGE' command: '"55 23 * * * gosu symbolicator symbolicator cleanup"' volumes: - - 'sentry-symbolicator:/data' + - './data/symbolicator:/data' web: << : *sentry_defaults cron: @@ -182,7 +178,7 @@ services: << : *restart_policy ports: - '9000:80/tcp' - image: 'nginx:1.16' + image: 'nginx:1' volumes: - type: bind read_only: true @@ -202,24 +198,3 @@ services: depends_on: - kafka - redis -volumes: - sentry-data: - external: true - sentry-postgres: - external: true - sentry-redis: - external: true - sentry-zookeeper: - external: true - sentry-kafka: - external: true - sentry-clickhouse: - external: true - sentry-symbolicator: - external: true - sentry-secrets: - sentry-smtp: - sentry-zookeeper-log: - sentry-kafka-log: - sentry-smtp-log: - sentry-clickhouse-log: diff --git a/install.sh b/install.sh index 9ccef09..99a2dce 100755 --- a/install.sh +++ b/install.sh @@ -21,41 +21,6 @@ RELAY_CONFIG_YML='relay/config.yml' RELAY_CREDENTIALS_JSON='relay/credentials.json' SENTRY_EXTRA_REQUIREMENTS='sentry/requirements.txt' -# Courtesy of https://stackoverflow.com/a/2183063/90297 -trap_with_arg() { - func="$1" ; shift - for sig ; do - trap "$func $sig "'$LINENO' "$sig" - done -} - -DID_CLEAN_UP=0 -# the cleanup function will be the exit point -cleanup () { - if [ "$DID_CLEAN_UP" -eq 1 ]; then - return 0; - fi - DID_CLEAN_UP=1 - - if [ "$1" != "EXIT" ]; then - echo "An error occurred, caught SIG$1 on line $2"; - echo "Cleaning up..." - fi - - $dc stop &> /dev/null -} -trap_with_arg cleanup ERR INT TERM EXIT - - -echo "Checking minimum requirements..." - -DOCKER_VERSION=$(docker version --format '{{.Server.Version}}') -COMPOSE_VERSION=$($dc --version | sed 's/docker-compose version \(.\{1,\}\),.*/\1/') -RAM_AVAILABLE_IN_DOCKER=$(docker run --rm busybox free -m 2>/dev/null | awk '/Mem/ {print $2}'); - -# Compare dot-separated strings - function below is inspired by https://stackoverflow.com/a/37939589/808368 -function ver () { echo "$@" | awk -F. '{ printf("%d%03d%03d", $1,$2,$3); }'; } - # Thanks to https://stackoverflow.com/a/25123013/90297 for the quick `sed` pattern function ensure_file_from_example { if [ -f "$1" ]; then @@ -66,49 +31,6 @@ function ensure_file_from_example { fi } -if [ $(ver $DOCKER_VERSION) -lt $(ver $MIN_DOCKER_VERSION) ]; then - echo "FAIL: Expected minimum Docker version to be $MIN_DOCKER_VERSION but found $DOCKER_VERSION" - exit 1 -fi - -if [ $(ver $COMPOSE_VERSION) -lt $(ver $MIN_COMPOSE_VERSION) ]; then - echo "FAIL: Expected minimum docker-compose version to be $MIN_COMPOSE_VERSION but found $COMPOSE_VERSION" - exit 1 -fi - -if [ "$RAM_AVAILABLE_IN_DOCKER" -lt "$MIN_RAM" ]; then - echo "FAIL: Expected minimum RAM available to Docker to be $MIN_RAM MB but found $RAM_AVAILABLE_IN_DOCKER MB" - exit 1 -fi - -#SSE4.2 required by Clickhouse (https://clickhouse.yandex/docs/en/operations/requirements/) -# On KVM, cpuinfo could falsely not report SSE 4.2 support, so skip the check. https://github.com/ClickHouse/ClickHouse/issues/20#issuecomment-226849297 -IS_KVM=$(docker run --rm busybox grep -c 'Common KVM processor' /proc/cpuinfo || :) -if (($IS_KVM == 0)); then - SUPPORTS_SSE42=$(docker run --rm busybox grep -c sse4_2 /proc/cpuinfo || :) - if (($SUPPORTS_SSE42 == 0)); then - echo "FAIL: The CPU your machine is running on does not support the SSE 4.2 instruction set, which is required for one of the services Sentry uses (Clickhouse). See https://git.io/JvLDt for more info." - exit 1 - fi -fi - -# Clean up old stuff and ensure nothing is working while we install/update -# This is for older versions of on-premise: -$dc -p onpremise down --rmi local --remove-orphans -# This is for newer versions -$dc down --rmi local --remove-orphans - -echo "" -echo "Creating volumes for persistent storage..." -echo "Created $(docker volume create --name=sentry-data)." -echo "Created $(docker volume create --name=sentry-postgres)." -echo "Created $(docker volume create --name=sentry-redis)." -echo "Created $(docker volume create --name=sentry-zookeeper)." -echo "Created $(docker volume create --name=sentry-kafka)." -echo "Created $(docker volume create --name=sentry-clickhouse)." -echo "Created $(docker volume create --name=sentry-symbolicator)." - -echo "" ensure_file_from_example $SENTRY_CONFIG_PY ensure_file_from_example $SENTRY_CONFIG_YML ensure_file_from_example $SENTRY_EXTRA_REQUIREMENTS @@ -126,45 +48,6 @@ if grep -xq "system.secret-key: '!!changeme!!'" $SENTRY_CONFIG_YML ; then echo "Secret key written to $SENTRY_CONFIG_YML" fi -replace_tsdb() { - if ( - [ -f "$SENTRY_CONFIG_PY" ] && - ! grep -xq 'SENTRY_TSDB = "sentry.tsdb.redissnuba.RedisSnubaTSDB"' "$SENTRY_CONFIG_PY" - ); then - tsdb_settings="SENTRY_TSDB = \"sentry.tsdb.redissnuba.RedisSnubaTSDB\" - - # Automatic switchover 90 days after $(date). Can be removed afterwards. - SENTRY_TSDB_OPTIONS = {\"switchover_timestamp\": $(date +%s) + (90 * 24 * 3600)}" - - if grep -q 'SENTRY_TSDB_OPTIONS = ' "$SENTRY_CONFIG_PY"; then - echo "Not attempting automatic TSDB migration due to presence of SENTRY_TSDB_OPTIONS" - else - echo "Attempting to automatically migrate to new TSDB" - # Escape newlines for sed - tsdb_settings="${tsdb_settings//$'\n'/\\n}" - cp "$SENTRY_CONFIG_PY" "$SENTRY_CONFIG_PY.bak" - sed -i -e "s/^SENTRY_TSDB = .*$/${tsdb_settings}/g" "$SENTRY_CONFIG_PY" || true - - if grep -xq 'SENTRY_TSDB = "sentry.tsdb.redissnuba.RedisSnubaTSDB"' "$SENTRY_CONFIG_PY"; then - echo "Migrated TSDB to Snuba. Old configuration file backed up to $SENTRY_CONFIG_PY.bak" - return - fi - - echo "Failed to automatically migrate TSDB. Reverting..." - mv "$SENTRY_CONFIG_PY.bak" "$SENTRY_CONFIG_PY" - echo "$SENTRY_CONFIG_PY restored from backup." - fi - - echo "WARN: Your Sentry configuration uses a legacy data store for time-series data. Remove the options SENTRY_TSDB and SENTRY_TSDB_OPTIONS from $SENTRY_CONFIG_PY and add:" - echo "" - echo "$tsdb_settings" - echo "" - echo "For more information please refer to https://github.com/getsentry/onpremise/pull/430" - fi -} - -replace_tsdb - echo "" echo "Fetching and updating Docker images..." echo "" @@ -229,27 +112,6 @@ echo "Bootstrapping and migrating Snuba..." $dcr snuba-api bootstrap --force echo "" -# Very naively check whether there's an existing sentry-postgres volume and the PG version in it -if [[ $(docker volume ls -q --filter name=sentry-postgres) && $(docker run --rm -v sentry-postgres:/db busybox cat /db/PG_VERSION 2>/dev/null) == "9.5" ]]; then - docker volume rm sentry-postgres-new || true - # If this is Postgres 9.5 data, start upgrading it to 9.6 in a new volume - docker run --rm \ - -v sentry-postgres:/var/lib/postgresql/9.5/data \ - -v sentry-postgres-new:/var/lib/postgresql/9.6/data \ - tianon/postgres-upgrade:9.5-to-9.6 - - # Get rid of the old volume as we'll rename the new one to that - docker volume rm sentry-postgres - docker volume create --name sentry-postgres - # There's no rename volume in Docker so copy the contents from old to new name - # Also append the `host all all all trust` line as `tianon/postgres-upgrade:9.5-to-9.6` - # doesn't do that automatically. - docker run --rm -v sentry-postgres-new:/from -v sentry-postgres:/to alpine ash -c \ - "cd /from ; cp -av . /to ; echo 'host all all all trust' >> /to/pg_hba.conf" - # Finally, remove the new old volume as we are all in sentry-postgres now - docker volume rm sentry-postgres-new -fi - echo "" echo "Setting up database..." if [ $CI ]; then