CentOS7下部署Sentry(不使用Docker)

本文讲介绍Sentry(一个开源的实时错误报告工具)在CentOS7下如何搭建。安装使用的是epel库,如果你没有安装,请先运行。

1
yum install epel-release -y

开始安装

  1. 更新本机yum组件
1
yum update
  1. 安装所有需要的依赖组件
1
yum install wget python-setuptools.noarch python2-pip.noarch python-devel.x86_64 libxslt.x86_64 libxslt-devel.x86_64 libxml2 libxml2-devel.x86_64 libzip libzip-devel libffi.x86_64 libffi-devel.x86_64 openssl-libs.x86_64 libpqxx libpqxx-devel libyaml libyaml-devel libjpeg libjpeg-devel libpng libpng12 libpng12-devel libpng-devel net-tools gcc gcc-c++
  1. Sentry使用的是Postgresql,

首先安装Postgresql,

1
yum install postgresql-server.x86_64 postgresql-contrib

初始化,设置开机运行并启动进程,

1
2
3
postgresql-setup initdb
systemctl enable postgresql.service
systemctl start postgresql.service
  1. 安装并运行redis
1
2
3
yum install redis
systemctl enable redis.service
systemctl start redis.service
  1. 安装supervisor,这里先不要启动守护进程,稍后我们还需要写一些配置文件
1
2
yum install supervisor
systemctl enable supervisord.service
  1. 更新pip
1
pip install --upgrade pip
  1. 安装virtualenv
1
pip install -U virtualenv
  1. 创建Sentry所需要的数据库
1
2
3
4
5
6
7
su - postgres
psql template1
create user sentry with password '密码';
alter user sentry with superuser;
create database sentrydb with owner sentry;
\q
exit
  1. 添加一个用户sentry,用于sentry的管理
1
useradd sentry
  1. 切换到sentry用户
1
su - sentry
  1. 创建一个Python的Virtual Eenvironment,并切换到这个环境下
1
2
virtualenv /data/sentry
source /data/sentry/bin/activate
  1. 安装sentry,这里加U的意思是如果已经安装就更新
1
pip install -U sentry
  1. 初始化sentry
1
/data/sentry/bin/sentry init
  1. 更新sentry的配置文件,这里只列举关键的部分,具体配置可以参考下官方文档,比如邮件服务器等…

/home/sentry/.sentry/sentry.conf.py

1
2
3
4
5
6
7
8
9
10
11
12
DATABASES = {
'default': {
'ENGINE': 'sentry.db.postgres',
'NAME': 'sentrydb',
'USER': 'sentry',
'PASSWORD': 'your_password',
'HOST': '127.0.0.1',
'PORT': '5432',
'AUTOCOMMIT': True,
'ATOMIC_REQUESTS': False,
}
}

/home/sentry/.sentry/config.yml

1
2
3
4
5
6
redis.clusters:
default:
hosts:
0:
host: 127.0.0.1
port: 6379
  1. 更新 pg_hba.conf 文件,并重启Postgresql服务

/var/lib/pgsql/data/pg_hba.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
# TYPE  DATABASE        USER            ADDRESS                 METHOD
local all postgres peer
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 ident
#host replication postgres ::1/128 ident

重启,

1
systemctl restart postgresql.service
  1. 运行Sentry upgrade命令,这里会询问一些问题,并创建一个管理账号
1
2
/home/sentry/sentry_app/bin/sentry upgrade
exit
  1. 修改 supervisor 配置文件 /etc/supervisord.conf
1
2
3
...
files = supervisord.d/*.conf
...

然后把 sentry 的 supervisor 配置放到 /etc/supervisord.d 路径中,内容如下,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[program:sentry-web]
directory=/data/sentry/
environment=SENTRY_CONF="/home/sentry/.sentry"
command=/data/sentry/bin/sentry --config=/home/sentry/.sentry run web
autostart=true
autorestart=true
redirect_stderr=true
user=sentry
stdout_logfile=syslog
stderr_logfile=syslog

[program:sentry-worker]
directory=/data/sentry/
environment=SENTRY_CONF="/home/sentry/.sentry"
command=/data/sentry/bin/sentry --config=/home/sentry/.sentry run worker
autostart=true
autorestart=true
redirect_stderr=true
user=sentry
stdout_logfile=syslog
stderr_logfile=syslog
startsecs=1
startretries=3
stopsignal=TERM
stopwaitsecs=10
stopasgroup=false
killasgroup=true

[program:sentry-cron]
directory=/data/sentry/
environment=SENTRY_CONF="/home/sentry/.sentry"
command=/data/sentry/bin/sentry --config=/home/sentry/.sentry run cron
autostart=true
autorestart=true
redirect_stderr=true
user=sentry
stdout_logfile=syslog
stderr_logfile=syslog

[group:sentry]
programs=sentry-web,sentry-worker,sentry-cron

启动 supervisor 进程,

1
systemctl start supervisord.service

这里我给 sentry 的几个进程分了一个组,如果需要重启 sentry 的所有进程,执行下面命令即可。

1
supervisorctl restart sentry:*

现在可以通过 http://127.0.0.1:9000 来访问 Sentry 了。

使用HTTPS

如果使用 nginx,想要使用强制 https 访问,配置如下,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
upstream sentry {
keepalive 1024;
server 0.0.0.0:9000 max_fails=2 fail_timeout=10m;
}

server {
listen 80;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name yoursentry.com;

ssl_certificate /etc/nginx/ssl/yoursentry.crt;
ssl_certificate_key /etc/nginx/ssl/yoursentry.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:128m;
ssl_session_timeout 10m;

location / {
proxy_pass http://sentry;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;

# keepalive + raven.js is a disaster
keepalive_timeout 30;

proxy_read_timeout 10s;
proxy_send_timeout 10s;
send_timeout 10s;
resolver_timeout 10s;
client_body_timeout 10s;

# buffer larger messages
client_max_body_size 10m;
client_body_buffer_size 100k;

add_header Strict-Transport-Security "max-age=31536000";
}
}

疑难解决

  1. Sentry所使用的 svg 图片浏览器不显示,打开直接下载文件?

首先检查nginx配置中的 mime.types 是否有这一行,没有的话加上。

1
2
3
4
5
types {
...
image/svg+xml svg svgz;
...
}

尝试不要通过反向代理,使用curl -I查看资源访问的Content-Type,如果不是image/svg+xml,比如返回application/octet-stream,可以用以下两个方法解决,

指定ussgimime.types路径,

1
uwsgi --ini uwsgi.ini --mimefile /etc/mime.types

安装mailcap来产生/etc/mime.types文件(推荐使用此方法)

1
yum install mailcap -y