Docker-compose方式启动Sentry +ldap登录验证
一,安装Docker
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum-config-manager --enable docker-ce-edge
yum -y install docker-ce
systemctl start docker.service
docker --version
配置加速
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://hkoa9dfz.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker.service
二,安装docker-compose
下载:
wget https://github.com/docker/compose/releases/download/1.24.0/docker-compose-Linux-x86_64
chmod +x docker-compose-Linux-x86_64 && mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
查看版本
docker-compose -v
git clone https://github.com/getsentry/onpremise.git
cd onpremise
./install.sh
启动所有服务
docker-compose up -d
验证docker启动状态
docker ps
三,配置ldap统一认证登录
官方自带的ldap插件不支持openldap,用第三方插件,第三方插件在官方提供的docker集成里面安装并不是那么方便
由于用的是docker-compose,重启后docker会销毁重来,如果直接进去系统安装,那么会导致重启后依赖环境丢失,
重新build镜像
Dockerfile如下:
FROM getsentry/sentry:nightly
RUN apt-getupdate &&\
apt-getinstall-y --no-install-recommends gcc libsasl2-dev python-dev libldap2-dev libssl-dev &&\
rm-r /var/lib/apt/lists/*
ENTRYPOINT ["/entrypoint.sh"]
#重新打镜镜
docker build -t getsentry/sentry:new .
[root@suc01:/root/onpremise]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sentry-cleanup-self-hosted-local latest a174b274a692 About an hour ago 1.12GB
getsentry/sentry new 708cb68c8127 3 hours ago 1.12GB
snuba-cleanup-self-hosted-local latest acc60791fd00 4 hours ago 935MB
symbolicator-cleanup-self-hosted-local latest 79dc15c75d19 4 hours ago 189MB
<none> <none> ba0a68c1140a 4 hours ago 452MB
nginx 1.21.6-alpine 51696c87e77e 10 days ago 23.4MB
getsentry/sentry nightly 50aafae28c26 3 months ago 934MB
getsentry/symbolicator nightly 22fb79d6a206 3 months ago 188MB
getsentry/snuba nightly 60c296733972 3 months ago 450MB
postgres 9.6 c5e8774084fa 3 months ago 200MB
busybox latest beae173ccac6 3 months ago 1.24MB
重新构造后有两个选择
1,可以把原镜像打个新的tag,然后把新构造的打原镜像的tag,这样就不用修改.env的配置
2,如果镜像重新打tag,修要修改.env内容,SENTRY_IMAGE=getsentry/sentry:nightly 改成 SENTRY_IMAGE=getsentry/sentry:new
添加如下配置
cd onpremise/目录下
echo “sentry-ldap-auth” >>sentry/requirements.txt
我选后者:
# cat /onpremise/.env
COMPOSE_PROJECT_NAME=sentry-self-hosted
SENTRY_EVENT_RETENTION_DAYS=90
# You can either use a port number or an IP:PORT combo for SENTRY_BIND
# See https://docs.docker.com/compose/compose-file/#ports for more
SENTRY_BIND=9000
# Set SENTRY_MAIL_HOST to a valid FQDN (host/domain name) to be able to send emails!
# SENTRY_MAIL_HOST=example.com
SENTRY_IMAGE=getsentry/sentry:new #修改这里的镜像版本
SNUBA_IMAGE=getsentry/sentry:nightly
RELAY_IMAGE=getsentry/relay:nightly
SYMBOLICATOR_IMAGE=getsentry/symbolicator:nightly
WAL2JSON_VERSION=latest
HEALTHCHECK_INTERVAL=30s
HEALTHCHECK_TIMEOUT=60s
HEALTHCHECK_RETRIES=5
修改onpremise/sentry/sentry.conf.py ,加入LDAP配置
#############
# LDAP auth #
#############
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType
# ldap服务器,需要更改
AUTH_LDAP_SERVER_URI = 'ldap://192.168.3.100:389'
# 用户名,需要更改
AUTH_LDAP_BIND_DN = 'cn=admin,dc=nedy,dc=com'
# 密码,需要更改
AUTH_LDAP_BIND_PASSWORD = 'ER#Bad$2Fish'
# 用户检索目录,需要更改
AUTH_LDAP_USER_SEARCH = LDAPSearch(
'ou=people,dc=eyolo,dc=net',
ldap.SCOPE_SUBTREE,
'(uid=%(user)s)',
)
# 组织检索目录,需要更改
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
'ou=sentry,ou=group,dc=nedy,dc=com',
ldap.SCOPE_SUBTREE,
'(objectClass=groupOfUniqueNames)'
)
AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None
AUTH_LDAP_USER_ATTR_MAP = {
'name': 'description',
'email': 'mail'
}
AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = True
AUTH_LDAP_SENTRY_USERNAME_FIELD = 'cn'
SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )
AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
'sentry_ldap_auth.backend.SentryLdapBackend',
)
# optional, for debugging
import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.addHandler(logging.FileHandler('/tmp/ldap2.log'))
logger.setLevel('DEBUG')
LOGGING['overridable'] = ['sentry', 'django_auth_ldap']
LOGGING['loggers']['django_auth_ldap'] = {
'handlers': ['console'],
'level': 'DEBUG'
}
重启
cd onpremise/目录下
docker-compose down
docker-compose build
docker-compose up -d