Need help with sentry-docker?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

slafs
198 Stars 54 Forks 150 Commits 9 Opened issues

Description

my approach for dockerizing Sentry

Services available

!
?

Need anything else?

Contributors list

Sentry in Docker

Maintenance

Since Sentry now officially supports installation via Docker - this repository will no longer be updated.

More info on Sentry's Docker installation https://docs.sentry.io/server/installation/docker/.

Warning about build tags

Latest changes introduced some new build tags:

  • 8.0 - current stable version (8.0.X)
  • 7.7 - old stable version (7.7.4) - no longer updated
  • 7.6 - old stable version (7.6.2) - no longer updated
  • 7.5 - old stable version (7.5.6) - no longer updated
  • 7.4 - old stable version (7.4.3) - no longer updated
  • 7.3 - old stable version (7.3.2) - no longer updated
  • 7.2 - old stable version (7.2.0) - no longer updated
  • 7.1 - old stable version (7.1.4) - no longer updated
  • 7.0 - older stable version (7.0.2) - no longer updated
  • 6.4 - even older stable version (6.4.4) - no longer updated
  • dev - current master on github (infrequent builds)
  • latest (the default one used earlier) - is now the same as 8.0

if you want to keep your builds same as before update your Dockerfiles and change

FROM slafs/sentry
to
FROM slafs/sentry:6.4
.

Requirements Status

This is my approach for running Sentry inside Docker. Almost everything here is configurable via environment variables (including DATABASES and CACHES settings). It can be easily configured to run with redis (cache, buffers and celery broker), postgres database, LDAP and REMOTE_USER authentication backends.

Quickstart

to run a Sentry instance with default settings (with sqlite, locmem cache and no celery) run:

docker run -d --name=sentry --volume=/tmp/sentry:/data -p 80:9000 -e SECRET_KEY=randomvalue -e SENTRY_URL_PREFIX=http://sentry.mydomain.com slafs/sentry

You can visit now http://sentry.mydomain.com (assuming

sentry.mydomain.com
is mapped to your docker host) and login with default credentials (username
admin
and password
admin
) and create your first team and project.

Your sqlite database file and gunicorn logs are available in

/tmp/sentry
directory.

Contributing

Try not to fork this repo just to create your own Docker image with some minor tweak. Please open an issue on GitHub and maybe we can include your use case directly within this image :).

You can even write a test case for your feature ;). See CONTRIBUTING.md.

Also feel free to give feedback and comments about this image in general.

Advanced usage

Copy the file with environment variables

environment.example
e.g
cp environment.example environment
and after tweaking some values run sentry like this
docker run -d --name=sentry --volume=/tmp/sentry:/data -p 80:9000 --env-file=environment slafs/sentry

ENTRYPOINT
for this image is a little wrapper script around default
sentry
executable. Default
CMD
is
start
which runs
upgrade
command (initializes and upgrades the database) and creates a default administrator (superuser) and then runs a http service (as in
sentry --config=... start
).

All commands and args are passed to the

sentry
executable. This means
docker run [docker options] slafs/sentry --help

refers to running:

sentry --config=/conf/sentry.conf.py --help

inside the container.

Admin user

You can specify a username, password and email address to create an initial sentry administrator.

Add those variables to your environment file

SENTRY_ADMIN_USERNAME=slafs
SENTRY_ADMIN_PASSWORD=mysecretpass
[email protected]

See django docs for details about

createsuperuser
command.

The default administrator username is

admin
with password
admin
(and
[email protected]
as email adress).

Postgres

It is recommended to run your sentry instance with PostgreSQL database. To link your sentry instance with a postgres container you can do it like this:

  1. Pull an official PostgreSQL image:
    docker pull postgres
    (if you haven't already).
  2. Run postgres container (from the official Docker image):
    docker run -d --name=postgres_container postgres
    .
  3. Add
    DATABASE_URL=postgres://postgres:@postgresdb/postgres
    to environment file.
  4. Run sentry with linked postgres container:
    docker run -d --name=sentry --volume=/tmp/sentry:/data -p 80:9000 --env-file=environment --link=postgres_container:postgresdb slafs/sentry

Notice that an alias for your linked postgres container (

postgresdb
) is the same as a postgres host in
DATABASE_URL
variable.

DATABASE_URL
is a value that is parsed by an external app called dj-database-url.

Redis

Redis container can be used to improve sentry performance in number of ways. It can be used as a:

  • cache backend,
  • sentry buffers,
  • celery broker.

You can link your sentry instance with a redis container like this:

  1. Pull an official Redis image:
    docker pull redis
    (if you haven't already).
  2. Run redis container (from the official Docker image):
    docker run -d --name=redis_container redis
  3. docker run -d --name=sentry --volume=/tmp/sentry:/data -p 80:9000 --env-file=environment --link=postgres_container:postgresdb --link=redis_container:redis slafs/sentry

If you want to use a different container alias for redis you should add

SENTRY_REDIS_HOST=your_redis_alias
to environment file.

Cache with redis

To use a redis cache backend add

CACHE_URL=hiredis://redis:6379/2
(make sure you won't have a trailing
/
in this setting) to environment file (where
redis
is the alias of your linked redis container). See django-cache-url docs for available formats.

Sentry buffers with redis

To use sentry update buffers with redis you must add

SENTRY_USE_REDIS_BUFFERS=True
to environment file.

If you have many redis containers/hosts you can set a list of those hosts in

SENTRY_REDIS_BUFFERS
variable so they can be used by sentry. Like this:
SENTRY_REDIS_BUFFERS=redis1:6380,redis2:6381
.

See sentry docs for details about redis buffer.

Celery with redis (and postgres)

To use Celery in sentry you must add

CELERY_ALWAYS_EAGER=False
to your environment file and run a celery worker like this:
docker run -d --name=sentry_celery_worker --link=redis_container:redis --link=postgres_container:postgresdb --volume=/tmp/sentry:/data --env-file=environment slafs/sentry celery worker -B

You can also set a different

BROKER_URL
via environment file by adding this:
SENTRY_BROKER_URL=redis://otherredishost:6379/1

You can run as many celery worker containers as you want but remember that only one of them should be run with

-B
option.

If you're using default values for

CELERY_RESULT_SERIALIZER
,
CELERY_TASK_SERIALIZER
and
CELERY_ACCEPT_CONTENT
(default values support
pickle
) you have to set
C_FORCE_ROOT
env var (to say
1
) to be able to run celery as a
root
user. You can avoid this by setting those three to
json
. Refer to Celery's serializer docs for more info about security implications of using
pickle
as a task serialization format.

Time-series storage with redis

To have time-series data you must add

SENTRY_USE_REDIS_TSDB=True
to the environment file.

By default Redis time-series storage will use the Redis connection defined by

SENTRY_REDIS_HOST
and
SENTRY_REDIS_PORT
. Similarly to configuring buffers, you can set
SENTRY_REDIS_TSDBS
to a list of Redis servers:
SENTRY_REDIS_TSDBS=redis1:6379,redis2:6380

Email

You can configure all email settings by environment variables with

SENTRY_
prefix. You have to also change an email backend and set it to
SENTRY_EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend
or something similar.

LDAP

With this image You should be able to easily configure LDAP authentication for your Sentry instance. To enable it add

SENTRY_USE_LDAP=True
to your
environment
file. Then set the needed options by adding env variables with
LDAP_
prefix (see the table below). LDAP authentication backend is provided by django-auth-ldap.

REMOTE_USER

To enable authentication via REMOTEUSER, add ``SENTRYUSEREMOTEUSER=True

to your
environment
file.
See the
AUTHREMOTEUSER_*`` env variables below for further configuration.

Available environment variables

Refer to sentry documentation, django documentation, celery documentation and django-auth-ldap documentation for the meaning of each setting.

Environment variable name

Django/Sentry setting Type Default value Description
SECRETKEY SECRETKEY REQUIRED! set this to something random
SENTRYURLPREFIX SENTRYURLPREFIX REQUIRED! no trailing slash!
DATABASEURL DATABASES sqlite:////data/sentry.db
CACHEURL CACHES locmem://
CELERYALWAYSEAGER CELERYALWAYSEAGER bool True
SENTRYBROKERURL BROKERURL redis://&lt;SENTRY</em>REDIS<em>HOST&gt;:&lt;SENTRY</em>REDIS<em>PORT&gt;/1
CELERYRESULTSERIALIZER CELERYRESULTSERIALIZER
pickle
You may want change it to
json
. See http://docs.celeryproject.org/en/stable/configuration.html#celery-result-serializer
CELERYTASKSERIALIZER CELERYTASKSERIALIZER
pickle
You may want change it to
json
. See http://docs.celeryproject.org/en/stable/configuration.html#celery-task-serializer
CELERYACCEPTCONTENT CELERYACCEPTCONTENT list
pickle,json
Comma separated values. You may want change it to
json
. See http://docs.celeryproject.org/en/stable/configuration.html#celery-accept-content
SENTRYREDISHOST redis
SENTRYREDISPORT int 6379
SENTRYWEBHOST SENTRYWEBHOST 0.0.0.0
SENTRYWEBPORT SENTRYWEBPORT int 9000
SENTRYWORKERS SENTRYWEBOPTIONS['workers'] int 3 the number of gunicorn workers
SENTRYUSEREDISBUFFERS bool False
SENTRYREDISBUFFERS SENTRYREDISOPTIONS['hosts']* list ``<SENTRYREDISHOST>:<SENTRYREDISPORT>
comma separated list of redis hosts (host1:port1,host2:port2,...``)
SENTRYUSEREDISTSDB bool False
SENTRYREDISTSDBS SENTRYTSDBOPTIONS['hosts']* list

:
comma separated list of redis hosts (
host1:port1,host2:port2,...
)
SENTRYEMAILBACKEND EMAILBACKEND django.core.mail.backends.console.EmailBackend
SENTRYEMAILHOST EMAILHOST localhost
SENTRYEMAILHOSTPASSWORD EMAILHOSTPASSWORD ''
SENTRYEMAILHOSTUSER EMAILHOSTUSER ''
SENTRYEMAILPORT EMAILPORT int 25
SENTRYEMAILUSETLS EMAILUSETLS bool False
SENTRYSERVEREMAIL SERVEREMAIL [email protected]
SENTRYALLOWREGISTRATION SENTRYALLOWREGISTRATION bool False
SENTRYADMINUSERNAME admin username for Sentry's superuser
SENTRYADMINPASSWORD admin password for Sentry's superuser
SENTRYADMINEMAIL SENTRYADMINEMAIL [email protected] email address for Sentry's superuser and a setting as of Sentry 7.3
SENTRYDATADIR
/data
custom location for logs and sqlite database
TWITTERCONSUMERKEY TWITTERCONSUMERKEY ''
TWITTERCONSUMERSECRET TWITTERCONSUMERSECRET ''
FACEBOOKAPPID FACEBOOKAPPID ''
FACEBOOKAPISECRET FACEBOOKAPISECRET ''
GOOGLEOAUTH2CLIENTID GOOGLEOAUTH2CLIENTID ''
GOOGLEOAUTH2CLIENTSECRET GOOGLEOAUTH2CLIENTSECRET ''
GITHUBAPPID GITHUBAPPID ''
GITHUBAPISECRET GITHUBAPISECRET ''
TRELLOAPIKEY TRELLOAPIKEY ''
TRELLOAPISECRET TRELLOAPISECRET ''
BITBUCKETCONSUMERKEY BITBUCKETCONSUMERKEY ''
BITBUCKETCONSUMERSECRET BITBUCKETCONSUMERSECRET ''
SENTRYUSELDAP bool False if set to
False
all other LDAP settings are discarded
LDAPSERVER AUTHLDAPSERVERURI
ldap://localhost
LDAPBINDDN AUTHLDAPBINDDN ''
LDAPBINDPASSWORD AUTHLDAPBINDPASSWORD ''
LDAPUSERDN AUTHLDAPUSERSEARCH* REQUIRED! if you want to use LDAP auth first argument of LDAPSearch (basedn) when searching for users
LDAPUSERFILTER AUTHLDAPUSERSEARCH*
(&(objectClass=inetOrgPerson)(cn=%(user)s))
third argument of LDAPSearch (filterstr) when searching for users
LDAPGROUPDN AUTHLDAPGROUPSEARCH* '' first argument of LDAPSearch (basedn) when searching for groups
LDAPGROUPFILTER AUTHLDAPGROUPSEARCH*
(objectClass=groupOfUniqueNames)
third argument of LDAPSearch (filterstr) when searching for groups
LDAPGROUPTYPE AUTHLDAPGROUPTYPE* '' if set to 'groupOfUniqueNames' then
AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
, if set to 'posixGroup' then
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
.
LDAPREQUIREGROUP AUTHLDAPREQUIREGROUP None
LDAPDENYGROUP AUTHLDAPDENYGROUP None
LDAPMAPFIRSTNAME AUTHLDAPUSERATTRMAP['firstname']
givenName
LDAPMAPLASTNAME AUTHLDAPUSERATTRMAP['lastname']
sn
LDAPMAPMAIL AUTHLDAPUSERATTRMAP['email']
mail
LDAPGROUPACTIVE AUTHLDAPUSERFLAGSBYGROUP['isactive'] ''
LDAPGROUPSTAFF AUTHLDAPUSERFLAGSBYGROUP['isstaff'] ''
LDAPGROUPSUPERUSER AUTHLDAPUSERFLAGSBYGROUP['issuperuser'] ''
LDAPFINDGROUPPERMS AUTHLDAPFINDGROUPPERMS bool False
LDAPCACHEGROUPS AUTHLDAPCACHEGROUPS bool True
LDAPGROUPCACHETIMEOUT AUTHLDAPGROUPCACHETIMEOUT int 3600
LDAPLOGLEVEL
DEBUG
djangoauthldap logger level (other values: NOTSET (to disable), INFO, WARNING, ERROR or CRITICAL)
SENTRYUSEREMOTEUSER bool False use `REMOTEUSER
for authentication; useful if you're behind your own SSO
AUTH_REMOTE_USER_HEADER None if set, this value will be read from the request object instead ofREMOTEUSER
, as described here. For example:
HTTP
XSSOUSERNAME
SENTRY_INITIAL_TEAM convenient in development - creates an initial team inside Sentry DB with the given name
SENTRY_INITIAL_PROJECT convenient in development - creates an initial project for the above team (owner for both is the created admin )
SENTRY_INITIAL_PLATFORM 'python' convenient in development - indicates a platform for the above initial project
SENTRY_INITIAL_KEY convenient in development - updates a key for the above project so you can set DSN in your client. (e.g.
public:secret
)
SENTRY_INITIAL_DOMAINS convenient in development - updates allowed domains for usage with raven-js e.g.
example.com *.example.com
(space separated)
SENTRY_SCRIPTS_DIR convenient in development - required for the wrapper and non Docker scenarios (you can leave this empty)
SENTRY_SECURE_PROXY_SSL_HEADER SECURE_PROXY_SSL_HEADER None when running with SSL set this to 'HTTP_X_FORWARDED_PROTO,https' (comma separated)
SENTRY_USE_X_FORWARDED_HOST USE_X_FORWARDED_HOST bool False when running behind proxy or with SSL set this to 'True'
SENTRY_ALLOW_ORIGIN SENTRY_ALLOW_ORIGIN None allows JavaScript clients to submit cross-domain error reports. (e.g.
"http://foo.example"
SENTRY_BEACON SENTRY_BEACON bool True controls sending statistics to https://www.getsentry.com/remote/beacon/
SENTRY_PUBLIC SENTRY_PUBLIC bool False Should Sentry make all data publicly accessible? This should only be used if you’re installing Sentry behind your company’s firewall.
SENTRY_DOCKER_DO_DB_CHECK any if this variable is set (to any non-empty value) the script (
sentry_run
`) will check if DB is accessible before running migrations/service - helps to avoid nasty race conditions

Extending the image

If your use case is out the scope of this generic image, you can extend this image to include your custom packages, configuration etc. and still be able to take advantage of all features here. All you need to do is create your own image based on this one.

For example to install and use a plugin like sentry-github and/or change a setting that isn't managed by this image you can have a following config script

my_custom_settings.py
:
# get all the configuration from the original image
from sentry_docker_conf import *  # noqa

change some settings - for example the port

(of course you can do this also by setting environment variable SENTRY_WEB_PORT)

SENTRY_WEB_PORT = 5000

configure sentry-github

GITHUB_APP_ID = 'GitHub Application Client ID' GITHUB_API_SECRET = 'GitHub Application Client Secret' GITHUB_EXTENDED_PERMISSIONS = ['repo'] ...

and a

Dockerfile
similar to this:
# inherit from this image
FROM slafs/sentry

who's the boss? :)

MAINTAINER me

install your extra dependencies e.g. sentry-github

(there are some dependency issues with redis)

RUN pip install -U sentry-github "redis<2.9.0"

add your custom settings file

ADD my_custom_settings.py /conf/

make sentry_docker_conf module importable from your custom script

ENV PYTHONPATH /conf

use your custom settings file as a default config file for sentry to use

ENV SENTRY_CONF_FILE /conf/my_custom_settings.py

expose the new port

EXPOSE 5000

Build your image:

docker build -t my_custom_sentry_image .

Now you can run your sentry instance just like before but with different image. So for example this:

docker run -d --name=... --volume=... -p 80:9000 -e SECRET_KEY=... -e SENTRY_URL_PREFIX=http://... slafs/sentry

becomes this:

docker run -d --name=... --volume=... -p 80:5000 -e SECRET_KEY=... -e SENTRY_URL_PREFIX=http://... my_custom_sentry_image

Image for development

If you'd like to use a preconfigured image just to be able to use it in your development process (for example to check if your application is properly logging to sentry) you can also create your own image for this.

Following

Dockerfile
should be OK::
# inherit from this image
FROM slafs/sentry

who's the boss? :)

MAINTAINER me

ENV SECRET_KEY somethingsecret ENV SENTRY_URL_PREFIX http://sentry.domain.com

ENV SENTRY_INITIAL_TEAM testteam ENV SENTRY_INITIAL_PROJECT testproject ENV SENTRY_INITIAL_KEY public:secret

RUN /usr/local/bin/sentry_run prepare

Now after building it (like in the above example)

my_custom_sentry_image
can be started without any env variables and you can use
http://public:[email protected]:9000/2
as your
SENTRY_DSN
setting for raven (or other sentry client of your choice).

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.