CentOS 7 Docker Sentry 설치 및 설정
관련 컨텐츠: Naver Line Sentry 사내 에러 로그 수집 시스템 구축편
Sentry 설치
# yum install git -y
# sudo yum install -y yum-utils
# sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# sudo yum install docker-ce docker-ce-cli containerd.io
# yum install -y yum-utils device-mapper-persistent-data lvm2
# systemctl start docker && systemctl enable docker
# sudo curl -L "https://github.com/docker/compose/releases/download/1.29.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# sudo chmod +x /usr/local/bin/docker-compose
# docker-compose --version
# cd /usr
# git clone https://github.com/getsentry/onpremise.git docker-sentry
# cd /usr/docker-sentry
# ./install.sh
...
Would you like to create a user accout now ? [Y/n] : y
Email: 이메일
password: 비밀번호
Should this user have Super Admin role? (This grants them all permissions available) [y/N]: y
User created:
Creating missing DSNs
Correcting Group.num_comments counter
...
-----------------------------------------------------------------
You're all done! Run the following command to get Sentry running:
docker-compose up -d
# docker-compose run --rm web upgrade
Starting sentry-self-hosted_clickhouse_1 ... done
Starting sentry-self-hosted_redis_1 ... done
Starting sentry-self-hosted_zookeeper_1 ... done
...
# vim /usr/docker-sentry/sentry/sentry.conf.py
DATABASES = {
"default": {
"ENGINE": "sentry.db.postgres",
"NAME": "postgres",
"USER": "postgres",
"PASSWORD": "비밀번호",
"HOST": "postgres",
"PORT": "",
}
}
30일보다 오래된 이벤트를 제거(기본값 90일)
# vim /usr/docker-sentry/.env
SENTRY_EVENT_RETENTION_DAYS=30
# docker-compose up -d
sentry-self-hosted_memcached_1 is up-to-date
sentry-self-hosted_redis_1 is up-to-date
...
Creating sentry-self-hosted_geoipupdate_1 ... done
Creating sentry-self-hosted_symbolicator-cleanup_1 ... done
Creating sentry-self-hosted_snuba-transactions-cleanup_1 ... done
Creating sentry-self-hosted_snuba-cleanup_1 ... done
Creating sentry-self-hosted_worker_1 ... done
Creating sentry-self-hosted_cron_1 ... done
Creating sentry-self-hosted_subscription-consumer-events_1 ... done
Creating sentry-self-hosted_subscription-consumer-transactions_1 ... done
Creating sentry-self-hosted_post-process-forwarder_1 ... done
Creating sentry-self-hosted_ingest-consumer_1 ... done
Creating sentry-self-hosted_web_1 ... done
Creating sentry-self-hosted_sentry-cleanup_1 ... done
Creating sentry-self-hosted_relay_1 ... done
Creating sentry-self-hosted_nginx_1 ... done
방화벽 설정
# sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address=xxx.xxx.xxx.0/24 port port="9000" protocol="tcp" accept'
# firewall-cmd --permanent --add-service=https
# firewall-cmd --reload
# firewall-cmd --list-all
브라우저에서 접속 해보기
http://sentry-server-ip:9000
Nginx 연동
참고 sentry-domain은 sentry 용으로 발급 받은 도메인입니다.
# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
설치
# yum install -y nginx
설정
# vim /etc/nginx/nginx.conf
user root;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
reset_timedout_connection on;
keepalive_timeout 75s;
gzip off;
server_tokens off;
server_names_hash_bucket_size 64;
types_hash_max_size 2048;
types_hash_bucket_size 64;
client_max_body_size 100m;
proxy_http_version 1.1;
proxy_redirect off;
proxy_buffering off;
proxy_next_upstream error timeout invalid_header http_502 http_503 non_idempotent;
proxy_next_upstream_tries 2;
proxy_set_header Connection '';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $request_id;
proxy_read_timeout 30s;
proxy_send_timeout 5s;
server {
listen 80;
server_name sentry-domain;
access_log off;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sentry-domain;
ssl_certificate /etc/nginx/ssl/my.crt.pem;
ssl_certificate_key /etc/nginx/ssl/my.key.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:9000;
}
}
}
서비스 등록 및 실행
# systemctl enable nginx
# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
User=root
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl start nginx
sentry ssl 설정
# vim /usr/docker-sentry/sentry/config.yml
맨 아래 추가
system.url-prefix: 'https://sentry-domain'
# vim /usr/docker-sentry/sentry/sentry.conf.py
이 부분 주석 해제
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
서비스 재시작
# cd /usr/docker-sentry
# docker-compose stop
# docker-compose up -d
로그 확인
# journalctl -f
# docker-compose logs -f
# docker-compose logs -f sentry
브라우저에서 https 접속
https://sentry-domain
Slack 연동
공식 홈페이지 문서: https://develop.sentry.dev/integrations/slack/?referrer=issue-alert-builder
https://api.slack.com/apps에 접속하여 Slack App을 만듭니다.
sentry에 slack 정보를 저장합니다.
# vim /usr/docker-sentry/sentry/config.yml
맨 아래 보면 다음과 같은 항목들이 주석되어 있는데 해제하고 위 그림의 정보를 넣습니다.
slack.client-id: '2180...'
slack.client-secret: '3e31...'
slack.signing-secret: 'f3e12...'
## If legacy-app is True use verfication-token instead of signing-secret
slack.verification-token: 'ZTya...'
system.url-prefix: 'https://sentry-domain'
서비스 재시작
# cd /usr/docker-sentry
# docker-compose stop
# docker-compose up -d
좌측 메뉴에서 Interactivity & Shortcuts를 클릭하고 화면에서 아래와같이 입력합니다.
Request URL: https://sentry-domain/extensions/slack/action/
Options Load URL: https://sentry-domain/extensions/slack/options-load/
좌측 메뉴에서 OAuth & Prermissions를 클릭하고 화면에서 아래와같이 입력합니다.
https://sentry-domain/extensions/slack/setup/
위 화면에서 아래로 스크롤 하면 Scopes 항목을 아래와 같이 입력합니다.
Bot Token Scopes
channels:read
chat:write
chat:write.customize
chat:write.public
commands
groups:read
im:history
im:read
links:read
links:write
team:read
users:read
chat:write
chat:write.customize
chat:write.public
commands
groups:read
im:history
im:read
links:read
links:write
team:read
users:read
User Token Scopes
links:read
users:read
users:read.email
users:read
users:read.email
좌측 메뉴에서 Event Subscriptions를 클릭하고 아래와 같이 입력합니다.
Request URL
https://sentry-domain/extensions/slack/event/
Subscribe to bot events에 다음 추가
link_shared
message.im
message.im
Subscribe to … users에 다음 추가
link_shared
https://sentry-domain
좌측 메뉴 App Home에서 App Display Name을 등록 및 변경할 수 있습니다.
Request URL에 아래와 같이 입력
https://sentry-domain/extensions/slack/commands/
브라우저에서 https://sentry-domain 로 접속하고 Settings - Integrations에서 Slack을 Install합니다.
Alert을 생성합니다.
Spring Application에서 테스트로 Error를 발생 시켜 Sentry로 보내면 Slack으로 메시지가 옵니다.
Sentry Uninstall
# docker-compose down
# docker volume ls
DRIVER VOLUME NAME
local 4abe3bad6ab388237998f4f9ac85d973f58941350421448d0bd8737fe7a48cb7
local dfa7b09bae09d1159bbeb925247474352f018990a00bef5c7fd50b72bf50e06a
local ffa945e73706ade1e189a68bb10fd234ecd50726b8c090afb79ac6ee9be672ee
local sentry-clickhouse
local sentry-data
local sentry-kafka
local sentry-postgres
local sentry-redis
local sentry-self-hosted_sentry-clickhouse-log
local sentry-self-hosted_sentry-kafka-log
local sentry-self-hosted_sentry-secrets
local sentry-self-hosted_sentry-smtp
local sentry-self-hosted_sentry-smtp-log
local sentry-self-hosted_sentry-zookeeper-log
local sentry-symbolicator
local sentry-zookeeper
도커 관련 volume 모두 정리
# docker volume prune
또는 아래와 같이 sentry 관련된 volume을 하나씩 삭제
# docker volume rm sentry-clickhouse sentry-data
#rm -rf sentry 설치디렉토리
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
getsentry/sentry nightly c257cbe96b1e 9 hours ago 1.05GB
getsentry/relay nightly eb6b028e8dcd 11 hours ago 216MB
<none> <none> 929e525b03a6 23 hours ago 1.05GB
...
리스트에서 아래와 같이 하나씩 삭제
# docker rmi -f 이미지ID
또는 이미지 전체 삭제
# docker rmi $(docker images -q)
# systemctl stop docker
댓글남기기