diff --git a/.github/workflows/epicmorg.advanced.images.yml b/.github/workflows/epicmorg.advanced.images.yml index 5d557235e..b19352d48 100644 --- a/.github/workflows/epicmorg.advanced.images.yml +++ b/.github/workflows/epicmorg.advanced.images.yml @@ -29,6 +29,9 @@ jobs: - name: "Build and Deploy Advanced Teamcity Server Image:" run: cd linux/advanced/teamcity/server && pwd && make build && make deploy + - name: "Build and Deploy Advanced Sentry Image:" + run: cd linux/advanced/sentry/latest && pwd && make build && make deploy + # - name: "Build and Deploy Advanced Redash Images:" # run: cd linux/advanced/redash && pwd && make sync && make patch && make build && make deploy diff --git a/CHANGELOG.md b/CHANGELOG.md index ae7087d4a..ff886dd7d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # Changelog ## 2023 +* `feb-mar` + * added new `sentry` advanced image * `jan` * added new `jira` releases * added new `bitbucket` releases diff --git a/Makefile b/Makefile index f5e620521..1ada3ee52 100644 --- a/Makefile +++ b/Makefile @@ -78,6 +78,9 @@ advanced-teamcity-server-images: advanced-redash-images: cd `pwd`/linux/advanced/redash && pwd && make sync && make patch && make build && make deploy +advanced-sentry-images: + cd `pwd`/linux/advanced/sentry/latest && pwd && make sync && make patch && make build && make deploy + advanced-zabbix-images: cd `pwd`/linux/advanced/zabbix/latest/agent && pwd && make build && make deploy cd `pwd`/linux/advanced/zabbix/latest/agent2 && pwd && make build && make deploy diff --git a/linux/advanced/sentry/latest/Dockerfile b/linux/advanced/sentry/latest/Dockerfile new file mode 100644 index 000000000..77a6be6c7 --- /dev/null +++ b/linux/advanced/sentry/latest/Dockerfile @@ -0,0 +1,9 @@ +FROM sentry + +RUN apt-get update && \ + apt-get install -y --no-install-recommends sudo gcc libsasl2-dev libldap2-dev libssl-dev + +RUN pip install sentry-ldap-auth + +RUN sudo -i -u sentry pip install sentry-ldap-auth + diff --git a/linux/advanced/sentry/latest/Makefile b/linux/advanced/sentry/latest/Makefile new file mode 100644 index 000000000..9ef622aa9 --- /dev/null +++ b/linux/advanced/sentry/latest/Makefile @@ -0,0 +1,19 @@ +all: app + +app: + make build + make deploy + make clean + +build: + docker-compose build --compress --parallel --progress plain + +deploy: + docker-compose push + +clean: + docker container prune -f + docker image prune -f + docker network prune -f + docker volume prune -f + docker system prune -af diff --git a/linux/advanced/sentry/latest/docker-compose.yml b/linux/advanced/sentry/latest/docker-compose.yml new file mode 100644 index 000000000..8c3a213dc --- /dev/null +++ b/linux/advanced/sentry/latest/docker-compose.yml @@ -0,0 +1,6 @@ +version: '3.9' +services: + app: + image: "epicmorg/sentry:latest" + build: + context: . diff --git a/linux/advanced/sentry/latest/sentry.conf.py b/linux/advanced/sentry/latest/sentry.conf.py new file mode 100644 index 000000000..c3e44661a --- /dev/null +++ b/linux/advanced/sentry/latest/sentry.conf.py @@ -0,0 +1,60 @@ +############# +# LDAP auth # +############# + +import ldap +from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType + +AUTH_LDAP_SERVER_URI = 'ldap://freeipa.example.com:389' + +AUTH_LDAP_BIND_DN = 'krbprincipalname=sentry/freeipa.example.com@EXAMPLE.COM,cn=services,cn=accounts,dc=example,dc=com' + +AUTH_LDAP_BIND_PASSWORD = 'qwerty123' + +AUTH_LDAP_USER_SEARCH = LDAPSearch( + 'cn=users,cn=accounts,dc=example,dc=com', + ldap.SCOPE_SUBTREE, '(uid=%(user)s)', +) + +AUTH_LDAP_GROUP_SEARCH = LDAPSearch( + "cn=groups,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)" +) + +AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType() +AUTH_LDAP_REQUIRE_GROUP = None +AUTH_LDAP_DENY_GROUP = None + +AUTH_LDAP_USER_ATTR_MAP = { + "first_name": "givenname", + "last_name": "sn", + "email": "mail" +} + +AUTH_LDAP_FIND_GROUP_PERMS = False +AUTH_LDAP_CACHE_GROUPS = True +AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600 + +AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = 'Sentry' +AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member' +AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True +AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False + +AUTH_LDAP_SENTRY_USERNAME_FIELD = 'cn' +SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', ) + +AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + ( + 'sentry_ldap_auth.backend.SentryLdapBackend', +) + +# optional, for debugging +import logging +logger = logging.getLogger('django_auth_ldap') +logger.addHandler(logging.StreamHandler()) +logger.addHandler(logging.FileHandler('/var/log/sentry_ldap.log')) +logger.setLevel('DEBUG') + +LOGGING['overridable'] = ['sentry', 'django_auth_ldap'] +LOGGING['loggers']['django_auth_ldap'] = { + 'handlers': ['console'], + 'level': 'DEBUG' +}