feat(profiling): Run profiling on self-hosted

[phacops]

This PR aims to add support for profiling on self-hosted.

Fixes #1838.

[aldy505]

I don't see any configuration for integrating it with the web or snuba containers? Or is it meant to be just like this? I'd like to try it on my own server 😄

[phacops]

@aldy505 Good point, I added those.

[phacops]

We might need to wait for getsentry/snuba#4195.

[aldy505]

Actually I'm a bit curious about the SENTRY_DSN environment variable that can be applied to snuba and vroom container. If they're left empty, I suppose no error message will be sent to the internal project of people's self-hosted instance.

Vroom's defined here: https://github.com/getsentry/vroom/blob/c2cf9653f5bb9b2e4a02f0548956b790547e9048/cmd/vroom/config.go#L8

[aldy505]

Should these be added to the list of sentry image's depends_on field?

Here:

self-hosted/docker-compose.yml

Lines 39 to 50 in 8aa571c

	snuba-consumer:
	<<: *depends_on-default
	snuba-outcomes-consumer:
	<<: *depends_on-default
	snuba-sessions-consumer:
	<<: *depends_on-default
	snuba-transactions-consumer:
	<<: *depends_on-default
	snuba-subscription-consumer-events:
	<<: *depends_on-default
	snuba-subscription-consumer-transactions:
	<<: *depends_on-default

[phacops]

I added vroom as a depends_on since web needs to POST to vroom, but then the consumers only depends on kafka technically. I think it's good like this.

[hubertdeng123]

Will profiling be released under CalVer? If so, would need to add VROOM to

self-hosted/scripts/bump-version.sh

Line 10 in 1fa7734

sed -i -e "s/^\(SENTRY\|SNUBA\|RELAY\|SYMBOLICATOR\)_IMAGE=\([^:]\+\):.\+\$/\1_IMAGE=\2:$NEW_VERSION/" .env

[phacops]

Actually I'm a bit curious about the SENTRY_DSN environment variable that can be applied to snuba and vroom container. If they're left empty, I suppose no error message will be sent to the internal project of people's self-hosted instance.

That's correct, the Sentry SDK won't be activated and nothing will be sent. I was expecting the user to pass the right DSN via an environment variable. Do you know how other services are handling that?

[aldy505]

That's correct, the Sentry SDK won't be activated and nothing will be sent. I was expecting the user to pass the right DSN via an environment variable. Do you know how other services are handling that?

We might as well need to ping @hubertdeng123 for help.

There is an "internal" project that should've been set up during the first install of Sentry, but I don't know on how to acquire the DSN and put it into the environment variable / configuration that can be consumed by Snuba and Vroom.

[hubertdeng123]

There is an "internal" project that should've been set up during the first install of Sentry, but I don't know on how to acquire the DSN and put it into the environment variable / configuration that can be consumed by Snuba and Vroom.

Snuba is very similar, retrieves SENTRY_DSN from the environment. I've never played around with it before but it should just be possible to put it into the configuration through the docker-compose.yml file. I don't think this is a large concern for this PR though. For the record, looks like a DSN for the internal project can be shown by going to /settings/${org}/projects/internal/keys/

[aldy505]

Snuba is very similar, retrieves SENTRY_DSN from the environment. I've never played around with it before but it should just be possible to put it into the configuration through the docker-compose.yml file. I don't think this is a large concern for this PR though. For the record, looks like a DSN for the internal project can be shown by going to /settings/${org}/projects/internal/keys/

I guess we can skip that one for now?

[hubertdeng123]

I guess we can skip that one for now?

Yep

[hubertdeng123]

got it, safe to remove then

[BYK]

🚀

[chadwhitacre]

Let's hold off on merging until we cut 23.5.2 (related to inc-389).

[hubertdeng123]

23.5.2 is out now, this can be merged now

[aldy505]

Just a little bit more..

Note about the exposed port: if you don't specify it as exposed port, that port will still be opened to other containers. Having a new exposed ports might cause a vulnerability for people who didn't set up a proper OS firewall.

[aldy505]

LGTM!