feat: Support custom CA roots #1015
Conversation
|
Thanks so much for doing this and also submitting a patch for the docs! |
|
Well also, seeing getsentry/develop#369 reminded me that we now have a CHANGELOG here so it would be great to mention this here with a link to the new docs: https://github.com/getsentry/onpremise/blob/master/CHANGELOG.md |
Did that, rebased and updated all the repos. |
BYK
left a comment
BYK
left a comment
There was a problem hiding this comment.
Looks pretty good, holding until we figure out what to do with sentry/onpremise repo split and tests.
|
Been busy, lost the notifications in the noise. Sorry about that. Going to quickly rebase and double check stuff. |
|
I rebased this now that 21.7.0 is out. |
|
Seeing a test failure: Seeing a weirder test failure locally, not sure what's up. 🤔 |
Mount a certificate folder to local ca storage in containers, and add update command to cron image's entrypoint.
Sorted that out in #1031, rebased again. |
Did a local refactor, and now back to seeing this failure locally. |
|
Alright, I think I've almost wrapped my head around this via the refactor in 600becb. Not quite passing yet but I think I'm close. Gonna pause there for the weekend, will revisit on Monday and see where things stand. The approach seems straightforward, I appreciate the effort to test, would love to get that across the finish line. |
|
Did a little more refactoring, I'm now focused on achieving the same failure in both local and CI. From there I/we can figure out how to fix the failure. :) |
- Match docker-compose file versions - Not getting an error locally with docker-compose 1.29, but I am seeing one in CI where we are pinned to 1.24. - Drop scale usage - `scale` is a v2 construct. Merged v2/v3 support was added in docker-compose 1.27, but we're still pinned to 1.24 in CI.
|
@Spice-King Okay, I've got the same result in CI and local. I'll keep poking at is as I'm able, but if you get to it before I do ... could you try out the latest locally for you and see if you get the same result? My hunch is that I boogered something up in all of my refactoring, hopefully it's a quick fix. :) |
|
P.S. The repro steps are: |
|
@chadwhitacre I have no clue why it's opted to ignore the environment variable when it accepted it before. Spent my while evening on it. I'll prod my work's instance I altered in a crude way using a pile of overrides. Last I checked, it works there. If all less failed, I do have an idea that should work, but is more ham fisted than what I'd have liked. The "It can't be tight if it's a liquid" kind of option on the Tool Expectations chart. |
|
Huzzah! I'm able to manually set up a successful request locally. Will see about test/CI ... |
|
Alright, we're green! @BYK You had some feedback on this approach? |
|
Hrm, 5708586ed0af10c2a9d22fd3de93f3e755aebcd7 passes locally with this diff. 🤔 diff --git a/.env b/.env
index d49dae9..8ba24c3 100644
--- a/.env
+++ b/.env
@@ -3,7 +3,7 @@ SENTRY_EVENT_RETENTION_DAYS=90
# You can either use a port number or an IP:PORT combo for SENTRY_BIND
# See https://docs.docker.com/compose/compose-file/#ports for more
SENTRY_BIND=9000
-SENTRY_IMAGE=getsentry/sentry:nightly
+SENTRY_IMAGE=us.gcr.io/sentryio/sentry:16f56945390034929c159ac0dab81584602eb65c
SNUBA_IMAGE=getsentry/snuba:nightly
RELAY_IMAGE=getsentry/relay:nightly
SYMBOLICATOR_IMAGE=getsentry/symbolicator:nightly |
|
Okay, I think this is good for a final review @chadwhitacre and @Spice-King |
Result of poking and prodding from getsentry/sentry#26851 Documentation for getsentry/self-hosted#1015
3 participants
Mount a certificate folder to local ca storage in containers,
and add update command to cron image's entrypoint.
Result of poking and prodding from getsentry/sentry#26851