-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs(self-hosted): external storage #10884
Merged
hubertdeng123
merged 9 commits into
getsentry:master
from
aldy505:docs/self-hosted/external-storage
Oct 1, 2024
Merged
Changes from all commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
dc671a7
docs(self-hosted): external storage
aldy505 790cba9
Apply suggestions from code review
aldy505 7e48e0e
Merge remote-tracking branch 'origin/master' into docs/self-hosted/ex…
aldy505 ad1cf1c
feat(self-hosted): specify details on handling object retention for e…
aldy505 85847b3
docs(self-hosted): better set up guide for gcs
aldy505 f792e65
Update external-storage.mdx
aldy505 34c2e68
Update external-storage.mdx
aldy505 8b37b6f
add warning that external storage docs are unmaintained
hubertdeng123 54ac44a
Merge branch 'master' into docs/self-hosted/external-storage
hubertdeng123 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,122 @@ | ||
| --- | ||
| title: Self Hosted External Storage | ||
| sidebar_title: External Storage | ||
| sidebar_order: 90 | ||
| --- | ||
|
|
||
| In some cases, storing Sentry data on-disk is not really something people can do. Sometimes, it's better to offload it into some bucket storage (like AWS S3 or Google Cloud Storage). | ||
|
|
||
| <Alert title="Important" level="warning"> | ||
| The docs below are contributed by the community. Sentry does not officially provide support for external storage backends that extend beyond our typical docker compose setup. Follow these guidelines at your own risk as these docs are not maintained nor kept up to date! | ||
| </Alert> | ||
| <Alert title="Note" level="info"> | ||
| After changing configuration files, re-run the <code>./install.sh</code> script, to rebuild and restart the containers. See the <Link to="/self-hosted/#configuration">configuration section</Link> for more information. | ||
| </Alert> | ||
|
|
||
| ## Sentry | ||
|
|
||
| Sentry has an abstraction called "filestore" that handles storing attachments, sourcemaps (release artifacts), and replays. Filestore configuration for Sentry should be configured on the `sentry/config.yml` file. | ||
|
|
||
| **Important:** `sentry cleanup` command won't delete files that is stored on an external storage such as GCS or S3. You will have to configure your own cleanup mechanism by utilizing your storage provider's object retention configuration. This should be set accordingly to the `SENTRY_EVENTS_RETENTION_DAYS`, although you can set it as a different value than what's set on the Docker Compose file. | ||
|
|
||
| ### Google Cloud Storage backend | ||
|
|
||
| The configuration for GCS backend is pointed to `sentry.filestore.gcs.GoogleCloudStorage`. You will need to set `GOOGLE_APPLICATION_CREDENTIALS` environment variable. For more information, refer to the [Google Cloud documentation for setting up authentication](https://cloud.google.com/storage/docs/reference/libraries#setting_up_authentication). | ||
|
|
||
| On your `sentry/config.yml` file, you will need to set the following: | ||
|
|
||
| ```yaml | ||
| filestore.backend: "gcs" | ||
| filestore.options: | ||
| bucket_name: "..." | ||
| ``` | ||
|
|
||
| If you set up via service account key, you will need to configure your `docker-compose.yml` file with the following: | ||
|
|
||
| ```yaml | ||
| x-sentry-defaults: &sentry-defaults | ||
| # ... | ||
| environment: | ||
| # The rest of the environment variables | ||
| GOOGLE_APPLICATION_CREDENTIALS: "/run/secrets/service_account.json" | ||
| volumes: | ||
| # The rest of the volumes | ||
| - "/path/to/service_account.json:/run/secrets/service_account.json:ro" | ||
| ``` | ||
|
|
||
| ### S3 backend | ||
|
|
||
| <Alert title="Warning" level="warning"> | ||
| Although S3 support is available, it is not thoroughly tested and is not used by Sentry SaaS. Therefore, it is experimental and not officially supported. | ||
| </Alert> | ||
|
|
||
| The configuration for S3-compatible backend is pointed to `sentry.filestore.s3.S3Boto3Storage`. | ||
|
|
||
| On your `sentry/config.yml` file, you will need to set the following: | ||
|
|
||
| ```yaml | ||
| filestore.backend: 's3' | ||
| filestore.options: | ||
| bucket_acl: 'private' | ||
| default_acl: 'private' | ||
| access_key: '<REDACTED>' | ||
| secret_key: '<REDACTED>' | ||
| bucket_name: 'my-bucket' | ||
| region_name: 'auto' | ||
| endpoint_url: 'https://<REDACTED>' # If you're not using AWS. | ||
| addressing_style: 'path' # For regular AWS S3, use "auto" or "virtual". For other S3-compatible API like MinIO or Ceph, use "path". | ||
| signature_version: 's3v4' | ||
| ``` | ||
|
|
||
| Refer to [botocore configuration](https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html) for valid configuration values. | ||
|
|
||
| ## Vroom | ||
|
|
||
| Vroom is the service that handles profiling. By default the data for profiling is saved on the local filesystem. On self-hosted deployments, this should be done by overriding the `SENTRY_BUCKET_PROFILES` environment variable. It's also possible that additional environment variables should be added, depending on the backend of choice. | ||
|
|
||
| **Important:** `sentry cleanup` command won't delete files that is stored on an external storage such as GCS or S3. You will have to configure your own cleanup mechanism by utilizing your storage provider's object retention configuration. This should be set accordingly to the `SENTRY_EVENTS_RETENTION_DAYS`, although you can set it as a different value than what's set on the Docker Compose file. | ||
|
|
||
| ### Google Cloud Storage backend | ||
|
|
||
| You will need to set `GOOGLE_APPLICATION_CREDENTIALS` environment variable. For more information, refer to the [Google Cloud documentation for setting up authentication](https://cloud.google.com/storage/docs/reference/libraries#setting_up_authentication). | ||
|
|
||
| On your `docker-compose.yml` file, you will need to add the following (this assumes you are setting up via service account file): | ||
|
|
||
| ```yaml | ||
| services: | ||
| vroom: | ||
| environment: | ||
| # The rest of the environment variables | ||
| SENTRY_BUCKET_PROFILES: "gs://my-bucket" | ||
| GOOGLE_APPLICATION_CREDENTIALS: "/run/secrets/service_account.json" | ||
| volumes: | ||
| # The rest of the volumes | ||
| - "/path/to/service_account.json:/run/secrets/service_account.json:ro" | ||
| ``` | ||
|
|
||
| ### S3 backend | ||
|
|
||
| <Alert title="Warning" level="warning"> | ||
| Although S3 support is available, it is not thoroughly tested and is not used by Sentry SaaS. Therefore, it is experimental and not officially supported. | ||
| </Alert> | ||
|
|
||
| On your `docker-compose.yml` file, you will need to add the following: | ||
|
|
||
| ```yaml | ||
| services: | ||
| vroom: | ||
| environment: | ||
| # The rest of the environment variables | ||
| SENTRY_BUCKET_PROFILES: "s3://my-bucket?awssdk=v1®ion=us-west-1&endpoint=amazonaws.com" | ||
| # For other S3-compatible APIs | ||
| SENTRY_BUCKET_PROFILES: "s3://my-bucket?awssdk=v1®ion=any-region&endpoint=minio.yourcompany.com&s3ForcePathStyle=true&disableSSL" | ||
| AWS_ACCESS_KEY: "foobar" | ||
| AWS_SECRET_KEY: "foobar" | ||
| AWS_SESSION_TOKEN: "foobar" # (optional) | ||
| ``` | ||
|
|
||
| Further explanation on the query string options: | ||
| - `region`: The AWS region for requests. | ||
| - `endpoint`: The endpoint URL (hostname only or fully qualified URI). | ||
| - `disableSSL`: A value of "true" disables SSL when sending requests. | ||
| - `s3ForcePathStyle`: A value of "true" forces the request to use path-style addressing. | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see two S3 backend sections here. Should these be combined?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No. It's for different services, should resides on a different bucket.