From 1af14dde8ad8cf05c01cd9b9d8d46a419a69c925 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 20 Jan 2021 01:39:09 +0300 Subject: [PATCH 01/16] ref: Stop building local images for Sentry services We used to build local images for Sentry services to be able to include required plugins in the image. With this change we instead do this in a custom entrypoint script and use the volume `/data` to store the plugins permanently. This should resolve many issues people have around building local images and pushing them to places like private repositories or swarm clusters. This is not 100% compatible with the old way but it should still be a mostly transparent change to many folks. --- docker-compose.yml | 8 +++----- sentry/.dockerignore | 5 ----- sentry/Dockerfile | 7 ------- sentry/entrypoint.sh | 10 ++++++++++ 4 files changed, 13 insertions(+), 17 deletions(-) delete mode 100644 sentry/.dockerignore delete mode 100644 sentry/Dockerfile create mode 100755 sentry/entrypoint.sh diff --git a/docker-compose.yml b/docker-compose.yml index d25e0544981..1e598796e3f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,11 +3,7 @@ x-restart-policy: &restart_policy restart: unless-stopped x-sentry-defaults: &sentry_defaults <<: *restart_policy - build: - context: ./sentry - args: - - SENTRY_IMAGE - image: sentry-onpremise-local + image: "$SENTRY_IMAGE" depends_on: - redis - postgres @@ -21,7 +17,9 @@ x-sentry-defaults: &sentry_defaults - snuba-replacer - symbolicator - kafka + entrypoint: "/etc/sentry/entrypoint.sh" environment: + PYTHONUSERBASE: "/data/custom-packages" SENTRY_CONF: "/etc/sentry" SNUBA: "http://snuba-api:1218" # Leaving the value empty to just pass whatever is set diff --git a/sentry/.dockerignore b/sentry/.dockerignore deleted file mode 100644 index 693a7e07165..00000000000 --- a/sentry/.dockerignore +++ /dev/null @@ -1,5 +0,0 @@ -# Ignore everything -* - -# Only allow requirements.txt -!/requirements.txt diff --git a/sentry/Dockerfile b/sentry/Dockerfile deleted file mode 100644 index f9484f295b2..00000000000 --- a/sentry/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -ARG SENTRY_IMAGE -FROM ${SENTRY_IMAGE} - -COPY . /usr/src/sentry - -# Hook for installing additional plugins -RUN if [ -s /usr/src/sentry/requirements.txt ]; then pip install -r /usr/src/sentry/requirements.txt; fi diff --git a/sentry/entrypoint.sh b/sentry/entrypoint.sh new file mode 100755 index 00000000000..8e1d477254b --- /dev/null +++ b/sentry/entrypoint.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -e + +if [[ -s /etc/sentry/requirements.txt ]] && grep -qv '^\s*$\|^\s*\#' /etc/sentry/requirements.txt; then + echo "Installing additional dependencies..." + pip install --user -r /etc/sentry/requirements.txt + echo "" +fi + +source /docker-entrypoint.sh From cf44b8814a302a5b90c44c79626667746f39eb8d Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 20 Jan 2021 18:38:41 +0300 Subject: [PATCH 02/16] fix one last place --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 1e598796e3f..d84b215f757 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -217,7 +217,7 @@ services: build: context: ./cron args: - BASE_IMAGE: "sentry-onpremise-local" + BASE_IMAGE: "$SENTRY_IMAGE" command: '"0 0 * * * gosu sentry sentry cleanup --days $SENTRY_EVENT_RETENTION_DAYS"' nginx: <<: *restart_policy From 315dcdddab1b4af6b75c1156d27c960920760a2a Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 20 Jan 2021 19:17:34 +0300 Subject: [PATCH 03/16] fix default cmd, which got cleared with the entrypoint override --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index d84b215f757..d0b1ed5c6c3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,6 +18,7 @@ x-sentry-defaults: &sentry_defaults - symbolicator - kafka entrypoint: "/etc/sentry/entrypoint.sh" + cmd: ["run", "web"] environment: PYTHONUSERBASE: "/data/custom-packages" SENTRY_CONF: "/etc/sentry" From 28f37ad7edf6ec5730da7abeb8d7dbfc029869bc Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 20 Jan 2021 20:39:10 +0300 Subject: [PATCH 04/16] s/cmd/command --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index d0b1ed5c6c3..4a2644c9042 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,7 +18,7 @@ x-sentry-defaults: &sentry_defaults - symbolicator - kafka entrypoint: "/etc/sentry/entrypoint.sh" - cmd: ["run", "web"] + command: ["run", "web"] environment: PYTHONUSERBASE: "/data/custom-packages" SENTRY_CONF: "/etc/sentry" From 608517c6a5b48fe5e4367f67ec5181ab09acd8d8 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 23 Jan 2021 23:00:34 +0300 Subject: [PATCH 05/16] add checksum check to prevent pip call --- sentry/entrypoint.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sentry/entrypoint.sh b/sentry/entrypoint.sh index 8e1d477254b..bf129d9c1ed 100755 --- a/sentry/entrypoint.sh +++ b/sentry/entrypoint.sh @@ -1,9 +1,13 @@ #!/bin/bash set -e -if [[ -s /etc/sentry/requirements.txt ]] && grep -qv '^\s*$\|^\s*\#' /etc/sentry/requirements.txt; then +req_file="/etc/sentry/requirements.txt" +checksum_file="/data/custom-packages/.checksum" + +if [[ -s "$req_file" ]] && ! cat "$req_file" | grep '^[^#[:space:]]' | shasum -s -c "$checksum_file" 2>/dev/null; then echo "Installing additional dependencies..." pip install --user -r /etc/sentry/requirements.txt + cat "$req_file" | grep '^[^#[:space:]]' | shasum > "$checksum_file" echo "" fi From 807629cb78a642a6722cc4cb2f55a811f248dbb0 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 23 Jan 2021 23:02:05 +0300 Subject: [PATCH 06/16] test plugin install --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 794a01d7d0d..fb891aea8b2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,6 +34,8 @@ jobs: ./install.sh ./test.sh echo "Testing in-place upgrade" + # Also test plugin installation here + echo "sentry-auth-oidc" >> sentry/requirements.txt ./install.sh --minimize-downtime ./test.sh From 2b23f4e2a533c9f4a1a3798488ec80a36f0de9b5 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 23 Jan 2021 23:39:39 +0300 Subject: [PATCH 07/16] don't fail when checksum is missing --- sentry/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sentry/entrypoint.sh b/sentry/entrypoint.sh index bf129d9c1ed..ee329c87b02 100755 --- a/sentry/entrypoint.sh +++ b/sentry/entrypoint.sh @@ -4,7 +4,7 @@ set -e req_file="/etc/sentry/requirements.txt" checksum_file="/data/custom-packages/.checksum" -if [[ -s "$req_file" ]] && ! cat "$req_file" | grep '^[^#[:space:]]' | shasum -s -c "$checksum_file" 2>/dev/null; then +if [[ -s "$req_file" ]] && [[ ! -f "$checksum_file" ]] || ! cat "$req_file" | grep '^[^#[:space:]]' | shasum -s -c "$checksum_file" 2>/dev/null; then echo "Installing additional dependencies..." pip install --user -r /etc/sentry/requirements.txt cat "$req_file" | grep '^[^#[:space:]]' | shasum > "$checksum_file" From 498413b2f9f4933f7e144b42b6ac26d8acb473ca Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 23 Jan 2021 23:40:04 +0300 Subject: [PATCH 08/16] dry --- sentry/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sentry/entrypoint.sh b/sentry/entrypoint.sh index ee329c87b02..eaf04f8d47f 100755 --- a/sentry/entrypoint.sh +++ b/sentry/entrypoint.sh @@ -6,7 +6,7 @@ checksum_file="/data/custom-packages/.checksum" if [[ -s "$req_file" ]] && [[ ! -f "$checksum_file" ]] || ! cat "$req_file" | grep '^[^#[:space:]]' | shasum -s -c "$checksum_file" 2>/dev/null; then echo "Installing additional dependencies..." - pip install --user -r /etc/sentry/requirements.txt + pip install --user -r "$req_file" cat "$req_file" | grep '^[^#[:space:]]' | shasum > "$checksum_file" echo "" fi From f04414621dd408462d6e7fcaeeaf9183f189e1f4 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 23 Jan 2021 23:50:27 +0300 Subject: [PATCH 09/16] ensure custom packages dir exists --- sentry/entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sentry/entrypoint.sh b/sentry/entrypoint.sh index eaf04f8d47f..8e7e46be269 100755 --- a/sentry/entrypoint.sh +++ b/sentry/entrypoint.sh @@ -2,10 +2,12 @@ set -e req_file="/etc/sentry/requirements.txt" -checksum_file="/data/custom-packages/.checksum" +plugins_dir="/data/custom-packages" +checksum_file="$plugins_dir/.checksum" if [[ -s "$req_file" ]] && [[ ! -f "$checksum_file" ]] || ! cat "$req_file" | grep '^[^#[:space:]]' | shasum -s -c "$checksum_file" 2>/dev/null; then echo "Installing additional dependencies..." + mkdir -p "$plugins_dir" pip install --user -r "$req_file" cat "$req_file" | grep '^[^#[:space:]]' | shasum > "$checksum_file" echo "" From a769a7657dca9e29e9d3d234e5a9e95b4a7f1384 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 23 Jan 2021 23:51:31 +0300 Subject: [PATCH 10/16] remove obsolete check --- sentry/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sentry/entrypoint.sh b/sentry/entrypoint.sh index 8e7e46be269..55c7e4141a6 100755 --- a/sentry/entrypoint.sh +++ b/sentry/entrypoint.sh @@ -5,7 +5,7 @@ req_file="/etc/sentry/requirements.txt" plugins_dir="/data/custom-packages" checksum_file="$plugins_dir/.checksum" -if [[ -s "$req_file" ]] && [[ ! -f "$checksum_file" ]] || ! cat "$req_file" | grep '^[^#[:space:]]' | shasum -s -c "$checksum_file" 2>/dev/null; then +if [[ -s "$req_file" ]] && ! cat "$req_file" | grep '^[^#[:space:]]' | shasum -s -c "$checksum_file" 2>/dev/null; then echo "Installing additional dependencies..." mkdir -p "$plugins_dir" pip install --user -r "$req_file" From b245fba73240157ab22225edc5c277ca5a5b7c9a Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sun, 24 Jan 2021 00:00:35 +0300 Subject: [PATCH 11/16] remove obsolete pre-build --- install.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/install.sh b/install.sh index 2ce16baa57a..3f17f78e397 100755 --- a/install.sh +++ b/install.sh @@ -237,8 +237,6 @@ echo "${_endgroup}" echo "${_group}Building and tagging Docker images ..." echo "" -# Build the sentry onpremise image first as it is needed for the cron image -$dc build --force-rm web $dc build --force-rm echo "" echo "Docker images built." From 72915b42e6709f9d389e3af87f9f2fa928b43794 Mon Sep 17 00:00:00 2001 From: arusa Date: Fri, 29 Jan 2021 14:14:56 +0100 Subject: [PATCH 12/16] Change MIN_RAM_HARD from 4000 to 3800 (#840) On machines with 4gb the available memory is often a little bit lower than 4000 --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 3f17f78e397..c4ecc7d7841 100755 --- a/install.sh +++ b/install.sh @@ -25,7 +25,7 @@ source ./install/docker-aliases.sh MIN_DOCKER_VERSION='19.03.6' MIN_COMPOSE_VERSION='1.24.1' -MIN_RAM_HARD=4000 # MB +MIN_RAM_HARD=3800 # MB MIN_RAM_SOFT=8000 # MB # Increase the default 10 second SIGTERM timeout From 6bc24336a5fb3ee97f0f266c8d980411df2b46c6 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Fri, 29 Jan 2021 22:16:41 +0300 Subject: [PATCH 13/16] fix(config): extended-permissions is on github-login, not app (#841) Fixes the issue where we set an invalid option, `github-app.extended-permissions`, instead of the correct one, `github-login.extended-permissions`. Some people mentioned this warning earlier but never clearly enough to point that it was coming from our default settings suggestions. --- sentry/config.example.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sentry/config.example.yml b/sentry/config.example.yml index f42be825b23..9595a7354f9 100644 --- a/sentry/config.example.yml +++ b/sentry/config.example.yml @@ -76,7 +76,7 @@ transaction-events.force-disable-internal-project: true # GitHub Integration # ###################### -# github-app.extended-permissions: ['repo'] +# github-login.extended-permissions: ['repo'] # github-app.id: GITHUB_APP_ID # github-app.name: 'GITHUB_APP_NAME' # github-app.webhook-secret: 'GITHUB_WEBHOOK_SECRET' # Use only if configured in GitHub From c4f5a575bc019d3426c1b2b1c472952054e9b322 Mon Sep 17 00:00:00 2001 From: Chad Whitacre Date: Fri, 29 Jan 2021 16:36:20 -0500 Subject: [PATCH 14/16] Deploy action: validate-new-issue.yml (#842) --- .github/workflows/validate-new-issue.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/validate-new-issue.yml b/.github/workflows/validate-new-issue.yml index 78453de6780..c99c9ce0931 100644 --- a/.github/workflows/validate-new-issue.yml +++ b/.github/workflows/validate-new-issue.yml @@ -26,16 +26,18 @@ jobs: # - extra headings in the issue are fine # - order doesn't matter # - case-sensitive tho - function extract-headings { grep '^#' "$1" | sort; } + function extract-headings { { grep '^#' "$1" || echo -n ''; } | sort; } extract-headings <(jq -r .issue.body "$GITHUB_EVENT_PATH") > headings-in-issue for template in $(ls .github/ISSUE_TEMPLATE/*.md 2> /dev/null); do - echo -n "$(basename $template)? " extract-headings "$template" > headings-in-template - if [ -z "$(comm -23 headings-in-template headings-in-issue)" ]; then - echo "👍 💃" + echo -n "$(basename $template)? " + if [ ! -s headings-in-template ]; then + echo "No headers in template. 🤷" + elif [ -z "$(comm -23 headings-in-template headings-in-issue)" ]; then + echo "Match! 👍 💃" exit 0 else - echo "👎" + echo "No match. 👎" fi done From 8ebaf4d879c18f5544023cc4d8c4802735a3d642 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Mon, 1 Feb 2021 16:41:12 +0300 Subject: [PATCH 15/16] ref(requirements): Add min CPU requirement, relax soft RAM (#844) * ref(requirements): Add min CPU requirement, relax soft RAM Adds minimum of 4 CPU cores requirement as anything below will perform quite poorly even on lower loads. Relaxes the soft RAM requirement from 8000 MB to 7800 MB as even when there is 8 GB RAM installed, the system reserves some of it to itself and under reports the amount. * pass on CI with soft limit --- README.md | 1 + install.sh | 12 +++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3985bd7aee7..62c9b46a28a 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ Official bootstrap for running your own [Sentry](https://sentry.io/) with [Docke * Docker 19.03.6+ * Compose 1.24.1+ + * 4 CPU Cores * 8 GB RAM * 20 GB Free Disk Space diff --git a/install.sh b/install.sh index c4ecc7d7841..ab978185b41 100755 --- a/install.sh +++ b/install.sh @@ -26,7 +26,9 @@ source ./install/docker-aliases.sh MIN_DOCKER_VERSION='19.03.6' MIN_COMPOSE_VERSION='1.24.1' MIN_RAM_HARD=3800 # MB -MIN_RAM_SOFT=8000 # MB +MIN_RAM_SOFT=7800 # MB +MIN_CPU_HARD=2 +MIN_CPU_SOFT=4 # Increase the default 10 second SIGTERM timeout # to ensure celery queues are properly drained @@ -108,6 +110,7 @@ echo "${_group}Checking minimum requirements ..." DOCKER_VERSION=$(docker version --format '{{.Server.Version}}') COMPOSE_VERSION=$($dc --version | sed 's/docker-compose version \(.\{1,\}\),.*/\1/') RAM_AVAILABLE_IN_DOCKER=$(docker run --rm busybox free -m 2>/dev/null | awk '/Mem/ {print $2}'); +CPU_AVAILABLE_IN_DOCKER=$(docker run --rm busybox nproc --all); # Compare dot-separated strings - function below is inspired by https://stackoverflow.com/a/37939589/808368 function ver () { echo "$@" | awk -F. '{ printf("%d%03d%03d", $1,$2,$3); }'; } @@ -132,6 +135,13 @@ if [[ "$(ver $COMPOSE_VERSION)" -lt "$(ver $MIN_COMPOSE_VERSION)" ]]; then exit 1 fi +if [[ "$CPU_AVAILABLE_IN_DOCKER" -lt "$MIN_CPU_HARD" ]]; then + echo "FAIL: Required minimum CPU cores available to Docker is $MIN_CPU_HARD, found $CPU_AVAILABLE_IN_DOCKER" + exit 1 +elif [[ "$RAM_AVAILABLE_IN_DOCKER" -lt "$MIN_CPU_SOFT" ]]; then + echo "WARN: Recommended minimum CPU cores available to Docker is $MIN_CPU_SOFT MB, found $CPU_AVAILABLE_IN_DOCKER" +fi + if [[ "$RAM_AVAILABLE_IN_DOCKER" -lt "$MIN_RAM_HARD" ]]; then echo "FAIL: Required minimum RAM available to Docker is $MIN_RAM_HARD MB, found $RAM_AVAILABLE_IN_DOCKER MB" exit 1 From 12986012d707cb9e8339f6872dd58c719726a7ae Mon Sep 17 00:00:00 2001 From: Chad Whitacre Date: Mon, 1 Feb 2021 13:40:48 -0500 Subject: [PATCH 16/16] Deploy action: validate-new-issue.yml (#845) --- .github/workflows/validate-new-issue.yml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/workflows/validate-new-issue.yml b/.github/workflows/validate-new-issue.yml index c99c9ce0931..a134fd60450 100644 --- a/.github/workflows/validate-new-issue.yml +++ b/.github/workflows/validate-new-issue.yml @@ -26,16 +26,25 @@ jobs: # - extra headings in the issue are fine # - order doesn't matter # - case-sensitive tho + # - can't post a template unchanged (ignoring whitespace) function extract-headings { { grep '^#' "$1" || echo -n ''; } | sort; } - extract-headings <(jq -r .issue.body "$GITHUB_EVENT_PATH") > headings-in-issue + jq -r .issue.body "$GITHUB_EVENT_PATH" > issue + extract-headings <(cat issue) > headings-in-issue for template in $(ls .github/ISSUE_TEMPLATE/*.md 2> /dev/null); do + # Strip front matter. https://stackoverflow.com/a/29292490/14946704 + sed -i'' '1{/^---$/!q;};1,/^---$/d' "$template" extract-headings "$template" > headings-in-template echo -n "$(basename $template)? " if [ ! -s headings-in-template ]; then echo "No headers in template. 🤷" elif [ -z "$(comm -23 headings-in-template headings-in-issue)" ]; then echo "Match! 👍 💃" - exit 0 + if diff -Bw "$template" issue > /dev/null; then + echo "... like, an /exact/ match. 😖" + break + else + exit 0 + fi else echo "No match. 👎" fi @@ -48,8 +57,5 @@ jobs: # Might get `gh issue comment` some day - https://github.com/cli/cli/issues/517 echo -n "Commented: " - gh api "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/comments" \ - --method POST \ - --input comment \ - | jq .html_url + gh issue comment ${{ github.event.issue.number }} --body "$(cat comment)" gh issue close ${{ github.event.issue.number }}