diff --git a/site-modules/profile/manifests/sentry.pp b/site-modules/profile/manifests/sentry.pp index dc21e719..40deee61 100644 --- a/site-modules/profile/manifests/sentry.pp +++ b/site-modules/profile/manifests/sentry.pp @@ -1,145 +1,167 @@ # Deploy a Sentry instance class profile::sentry { include profile::docker include profile::docker_compose $onpremise_dir = '/var/lib/sentry-onpremise' $onpremise_repo = 'https://forge.softwareheritage.org/source/getsentry-onpremise.git' $onpremise_repo_branch = 'softwareheritage' vcsrepo {$onpremise_dir: ensure => latest, provider => 'git', source => $onpremise_repo, revision => $onpremise_repo_branch, notify => [ File_Line['sentry_environment_kafka'], Exec['run sentry-onpremise install.sh'], ], } -> file {$onpremise_dir: ensure => directory, owner => 'root', group => 'root', mode => '0700', } $requirements_file = "${onpremise_dir}/sentry/requirements.txt" $config_yml = "${onpremise_dir}/sentry/config.yml" $config_py = "${onpremise_dir}/sentry/sentry.conf.py" $relay_credentials_json = "${onpremise_dir}/relay/credentials.json" + $relay_config_yml = "${onpremise_dir}/relay/config.yml" + $symbolicator_config_yml = "${onpremise_dir}/symbolicator/config.yml" file {$requirements_file: ensure => present, owner => 'root', group => 'root', mode => '0644', content => template('profile/sentry/requirements.txt.erb'), require => Vcsrepo[$onpremise_dir], notify => Exec['run sentry-onpremise install.sh'], } # variables for config.yml $admin_email = lookup('sentry::admin_email') $secret_key = lookup('sentry::secret_key') $vhost_name = lookup('sentry::vhost::name') $mail_host = lookup('sentry::mail::host') $mail_from = lookup('sentry::mail::from') file {$config_yml: ensure => present, owner => 'root', group => 'root', mode => '0644', content => template('profile/sentry/config.yml.erb'), require => Vcsrepo[$onpremise_dir], notify => Exec['run sentry-onpremise install.sh'], } + file {$relay_config_yml: + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => template('profile/sentry/relay.yml.erb'), + require => Vcsrepo[$onpremise_dir], + notify => Exec['run sentry-onpremise install.sh'], + } + + file {$symbolicator_config_yml: + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => template('profile/sentry/symbolicator.yml.erb'), + require => Vcsrepo[$onpremise_dir], + notify => Exec['run sentry-onpremise install.sh'], + } + ##### # variables for sentry.conf.py # postgresql $postgres_host = lookup('sentry::postgres::host') $postgres_port = lookup('sentry::postgres::port') $postgres_dbname = lookup('sentry::postgres::dbname') $postgres_user = lookup('sentry::postgres::user') $postgres_password = lookup('sentry::postgres::password') # relay $relay_public_key = lookup('sentry::relay::public_key') ##### file {$config_py: ensure => present, owner => 'root', group => 'root', mode => '0644', content => template('profile/sentry/sentry.conf.py.erb'), require => Vcsrepo[$onpremise_dir], notify => Exec['run sentry-onpremise install.sh'], } $relay_secret_key = lookup('sentry::relay::secret_key') $relay_id = lookup('sentry::relay::id') file {$relay_credentials_json: ensure => present, owner => 'root', group => 'root', mode => '0644', content => template('profile/sentry/relay_credentials.json.erb'), require => Vcsrepo[$onpremise_dir], notify => Exec['run sentry-onpremise install.sh'], } file_line {'sentry_environment_kafka': ensure => absent, path => "${onpremise_dir}/.env", match => '^DEFAULT_BROKERS=', match_for_absence => true, multiple => true, require => Vcsrepo[$onpremise_dir], notify => Exec['run sentry-onpremise install.sh'], } $onpremise_flag = "${onpremise_dir}-installed" $onpremise_log = "/var/log/sentry-onpremise-install.log" exec {'check sentry-onpremise install flag': command => 'true', unless => "bash -c '[[ \"$(cat ${onpremise_flag})\" = \"$(git rev-parse HEAD)\" ]]'", cwd => $onpremise_dir, path => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin:/bin'], notify => Exec['run sentry-onpremise install.sh'], } exec {'run sentry-onpremise install.sh': command => "rm -f ${onpremise_flag}; (./install.sh && git rev-parse HEAD > ${onpremise_flag}) | tee -a ${onpremise_log}", timeout => 0, provider => shell, cwd => $onpremise_dir, path => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin:/bin'], environment => ["CI=yes"], refreshonly => true, require => [ Class['profile::docker'], Package['docker-compose'], File[$requirements_file, $config_yml, $config_py], ], notify => Exec['start sentry-onpremise docker compose'], } exec {'start sentry-onpremise docker compose': command => 'docker-compose up -d', timeout => 0, cwd => $onpremise_dir, path => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin:/bin'], refreshonly => true, require => [ Class['profile::docker'], Package['docker-compose'], File[$requirements_file, $config_yml, $config_py], ], } } diff --git a/site-modules/profile/templates/sentry/relay.yml.erb b/site-modules/profile/templates/sentry/relay.yml.erb new file mode 100644 index 00000000..f954252d --- /dev/null +++ b/site-modules/profile/templates/sentry/relay.yml.erb @@ -0,0 +1,15 @@ +# Managed by puppet (module profile::sentry), changes will be lost + +--- +relay: + upstream: "http://web:9000/" + host: 0.0.0.0 + port: 3000 +logging: + level: WARN +processing: + enabled: true + kafka_config: + - {name: "bootstrap.servers", value: "kafka:9092"} + - {name: "message.max.bytes", value: 50000000} #50MB or bust + redis: redis://redis:6379 diff --git a/site-modules/profile/templates/sentry/symbolicator.yml.erb b/site-modules/profile/templates/sentry/symbolicator.yml.erb new file mode 100644 index 00000000..4d3760fd --- /dev/null +++ b/site-modules/profile/templates/sentry/symbolicator.yml.erb @@ -0,0 +1,11 @@ +# Managed by puppet (module profile::sentry), changes will be lost +# See: https://getsentry.github.io/symbolicator/#configuration + +--- +cache_dir: "/data" +bind: "0.0.0.0:3021" +logging: + level: "warn" +metrics: + statsd: null +sentry_dsn: null # TODO: Automatically fill this with the internal project DSN