Sentry deployment and finishing

#rely:

1. say again
2. postgresql
3. python

Sentry is an application developed by python. It runs using the python uWSG framework. After installing sentry, remember to disable the /admin path on the nginx proxy, otherwise the background management entry of uwsg will leak the specific installation information address:

https://docs.sentry.io/server/installation/
#redis的启动
su - redis                                               
redis-server /etc/redis.conf

#postgresql is a project migration and uses version 9.6, so you need to install yum yourself

systemctl restart postgresql-9.6
#使用的材料地址
https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7.2-x86_64/repodata/repomd.xml
https://www.postgresql.org/download/linux/redhat/

After the db is ready, it must be initialized first

postgresql-setup initdb
/usr/pgsql-9.6/bin下也会有一个专用的命令
/usr/pgsql-9.6/bin/initdb -D /data/www/db
可以这样去指定一个目录来进行初始化

Both redis and pgsql must be operated by their respective users. The default user of pgsql is postgres

After the initialization is completed, pay attention to two files: postgresql.conf #equivalent to mysql's my.cnf configuration file pg_hba.conf #user remote access control configuration file, if this file is not good, pgsql cannot be connected remotely

User creation for pgsql

CREATE USER dbuser WITH PASSWORD 'password';   #创建用户dbuser并设置密码
CREATE DATABASE sentry OWNER dbuser;  #创建库sentry并指定拥有者给dbuser
GRANT ALL PRIVILEGES ON DATABASE sentry TO dbuser;  #授权dbuser可以对sentry库进行任何操作
修改密码的语句
alter user dbuser with password 'password';

Pgsql login is tricky, you have to switch to the postgers user first, and then run pgsql (I don’t know why it is called psql) Send a pgsql data import and export operation statement

导出DB数据到file文件
pg_dump -h $host -p $port sentry  -W  > file
从file导入数据到DB
psql -U dbuser -h $yourhost -p $port -W  -d sentry -f file 

#After redis and DB are done, the most direct way to install sentry is to use pip to install and specify the version

pip install sentry==your-version

pre-installation dependencies

yum install python-setuptools python-devel  libxslt1-devel  gcc libffi-devel libjpeg-devel libxml2-devel libxslt-devel libyaml-devel   libpqxx-devel

pip installation

wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py

After installation, you can view the version of sentry like this

sentry --version
sentry --help   #查看所有支持的命令

#Start sentry There are three things to start sentry, web worker cron, it is said to be indispensable, but I think you can start the web first, and the last two can be added.

How to start:

sentry run web
sentry run worker
sentry run cron

But, before starting, you need to produce the configuration file of sentry, which is the initialization mentioned in the document

sentry init
sentry  upgrade   

After running, two files will be created in the current directory. The config.yml
sentry.conf.py upgrade command is used to create the required tables in pgsql

Fill in the address and password of redis and pgsql according to your own configuration to run the web

[Unit]
Description=Sentry Main Service
After=network.target

[Service]
Type=simple
User=sentry
Group=sentry
WorkingDirectory=/data/www/sentry
Environment=SENTRY_CONF=/etc/sentry
ExecStart=/usr/bin/sentry run web

[Install]
WantedBy=multi-user.targe

Start sentry.service, you can put systemd to start the service

In addition, pay attention to creating a new sentry account as much as possible, and use the specified ordinary account to start the service.

Regarding the configuration of nginx, nginx proxy service to sentry will be more flexible

  server {
    listen   80;
    server_name sentry.com;
    access_log  /logs/nginx/sentry_access.log main;
    error_log   /logs/nginx/sentry_error.log;

    return 301 https://$server_name$request_uri;
  }

server {
	listen 443 ssl;
	server_name sentry.com;

	access_log  /logs/nginx/sentry_access.log main;
	error_log   /logs/nginx/sentry_error.log;

	ssl_certificate      /etc/nginx/ca/sentry.cer;
	ssl_certificate_key  /etc/nginx/ca/sentry.key;
	
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:128m;
	ssl_session_timeout 10m;

	proxy_set_header   Host                 $http_host;
	proxy_set_header   X-Forwarded-Proto    $scheme;
	proxy_set_header   X-Forwarded-For      $remote_addr;
	proxy_redirect     off;
	
	keepalive_timeout 0;
	proxy_read_timeout 5s;
	proxy_send_timeout 5s;
	send_timeout 5s;
	resolver_timeout 5s;
	client_body_timeout 5s;
	client_max_body_size 5m;
	client_body_buffer_size 100k;
	
	location /admin/ {
		deny all;
	}
	location / {
		proxy_pass        http://localhost:$sentry-port;
		add_header Strict-Transport-Security "max-age=31526000";
	}
	
	location ^~  /auth/login/ {
		allow $your-ip-address; 
		deny all;
		proxy_pass        http://localhost:$sentry-port/auth/login/;
        add_header Strict-Transport-Security "max-age=31536000";
	}
}

#About the error

Please wait while we load an obnoxious amount of JavaScript.

You may need to disable adblocking extensions to load Sentry.

I have found a lot of information about this error. One of them said to execute sentry django collectstatic to generate static related files. Anyway, the core meaning is that js and css static resources cannot be loaded. If the file cannot be found, use the above method to generate it. Found, considering the access permission problem of static, nginx uses nobody user, sentry is sentry user, and the intermediate tmp file and static file should encounter permission problems more or less.

sentry repair

This command is very useful and can fix some simple data errors, but it may not be fixed

There is also a remaining problem. After the sentry data is migrated, the old data in the new instance will be lost. I don’t know what happened.