一、背景
由于线上需要统一身份认证,针对sentry,我们有两种办法,一是进入容器进行安装ldap;二是#SENTRY_IMAGE=getsentry/sentry:nightly 更换为已集成ldap的容器。
当然,官网还有很多安装办法,比如在requirements.txt文件中追加sentry-ldap-auth,我在centos6下,试过此方法,报错gcc不存在。建议进入容器安装ldap。
pip install sentry-ldap-auth
报错详情:
root@b936f6497ba6:/# pip install python-ldap
Collecting python-ldap
Downloading python-ldap-3.3.1.tar.gz (379 kB)
|████████████████████████████████| 379 kB 397 kB/s
Requirement already satisfied: pyasn1>=0.3.7 in /usr/local/lib/python3.6/site-packages (from python-ldap) (0.4.8)
Requirement already satisfied: pyasn1_modules>=0.1.5 in /usr/local/lib/python3.6/site-packages (from python-ldap) (0.2.8)
Building wheels for collected packages: python-ldap
Building wheel for python-ldap (setup.py) ... error
ERROR: Command errored out with exit status 1:
command: /usr/local/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"'; __file__='"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-85szugbq
cwd: /tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/
Complete output (79 lines):
running bdist_wheel
running build
running build_py
creating build
creating build/lib.linux-x86_64-3.6
copying Lib/ldapurl.py -> build/lib.linux-x86_64-3.6
copying Lib/ldif.py -> build/lib.linux-x86_64-3.6
creating build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/__init__.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/async.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/asyncsearch.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/cidict.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/compat.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/constants.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/dn.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/filter.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/functions.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/ldapobject.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/logger.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/modlist.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/pkginfo.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/resiter.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/sasl.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/syncrepl.py -> build/lib.linux-x86_64-3.6/ldap
creating build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/__init__.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/deref.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/libldap.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/openldap.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/pagedresults.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/ppolicy.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/psearch.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/pwdpolicy.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/readentry.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/sessiontrack.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/simple.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/sss.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/vlv.py -> build/lib.linux-x86_64-3.6/ldap/controls
creating build/lib.linux-x86_64-3.6/ldap/extop
copying Lib/ldap/extop/__init__.py -> build/lib.linux-x86_64-3.6/ldap/extop
copying Lib/ldap/extop/dds.py -> build/lib.linux-x86_64-3.6/ldap/extop
copying Lib/ldap/extop/passwd.py -> build/lib.linux-x86_64-3.6/ldap/extop
creating build/lib.linux-x86_64-3.6/ldap/schema
copying Lib/ldap/schema/__init__.py -> build/lib.linux-x86_64-3.6/ldap/schema
copying Lib/ldap/schema/models.py -> build/lib.linux-x86_64-3.6/ldap/schema
copying Lib/ldap/schema/subentry.py -> build/lib.linux-x86_64-3.6/ldap/schema
copying Lib/ldap/schema/tokenizer.py -> build/lib.linux-x86_64-3.6/ldap/schema
creating build/lib.linux-x86_64-3.6/slapdtest
copying Lib/slapdtest/__init__.py -> build/lib.linux-x86_64-3.6/slapdtest
copying Lib/slapdtest/_slapdtest.py -> build/lib.linux-x86_64-3.6/slapdtest
running egg_info
writing Lib/python_ldap.egg-info/PKG-INFO
writing dependency_links to Lib/python_ldap.egg-info/dependency_links.txt
writing requirements to Lib/python_ldap.egg-info/requires.txt
writing top-level names to Lib/python_ldap.egg-info/top_level.txt
reading manifest file 'Lib/python_ldap.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
no previously-included directories found matching 'Doc/.build'
adding license file 'LICENCE'
writing manifest file 'Lib/python_ldap.egg-info/SOURCES.txt'
creating build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/README -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/ca.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/ca.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/client.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/client.key -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/client.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/gencerts.sh -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/gennssdb.sh -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/server.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/server.key -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/server.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
running build_ext
building '_ldap' extension
creating build/temp.linux-x86_64-3.6
creating build/temp.linux-x86_64-3.6/Modules
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -DHAVE_SASL -DHAVE_TLS -DHAVE_LIBLDAP_R -DHAVE_LIBLDAP_R -DLDAPMODULE_VERSION=3.3.1 -DLDAPMODULE_AUTHOR=python-ldap project -DLDAPMODULE_LICENSE=Python style -IModules -I/usr/local/include/python3.6m -c Modules/LDAPObject.c -o build/temp.linux-x86_64-3.6/Modules/LDAPObject.o
unable to execute 'gcc': No such file or directory
error: command 'gcc' failed with exit status 1
----------------------------------------
ERROR: Failed building wheel for python-ldap
Running setup.py clean for python-ldap
Failed to build python-ldap
Installing collected packages: python-ldap
Running setup.py install for python-ldap ... error
ERROR: Command errored out with exit status 1:
command: /usr/local/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"'; __file__='"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-n4r5p73l/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.6m/python-ldap
cwd: /tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/
Complete output (79 lines):
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-3.6
copying Lib/ldapurl.py -> build/lib.linux-x86_64-3.6
copying Lib/ldif.py -> build/lib.linux-x86_64-3.6
creating build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/__init__.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/async.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/asyncsearch.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/cidict.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/compat.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/constants.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/dn.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/filter.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/functions.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/ldapobject.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/logger.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/modlist.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/pkginfo.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/resiter.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/sasl.py -> build/lib.linux-x86_64-3.6/ldap
copying Lib/ldap/syncrepl.py -> build/lib.linux-x86_64-3.6/ldap
creating build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/__init__.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/deref.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/libldap.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/openldap.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/pagedresults.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/ppolicy.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/psearch.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/pwdpolicy.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/readentry.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/sessiontrack.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/simple.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/sss.py -> build/lib.linux-x86_64-3.6/ldap/controls
copying Lib/ldap/controls/vlv.py -> build/lib.linux-x86_64-3.6/ldap/controls
creating build/lib.linux-x86_64-3.6/ldap/extop
copying Lib/ldap/extop/__init__.py -> build/lib.linux-x86_64-3.6/ldap/extop
copying Lib/ldap/extop/dds.py -> build/lib.linux-x86_64-3.6/ldap/extop
copying Lib/ldap/extop/passwd.py -> build/lib.linux-x86_64-3.6/ldap/extop
creating build/lib.linux-x86_64-3.6/ldap/schema
copying Lib/ldap/schema/__init__.py -> build/lib.linux-x86_64-3.6/ldap/schema
copying Lib/ldap/schema/models.py -> build/lib.linux-x86_64-3.6/ldap/schema
copying Lib/ldap/schema/subentry.py -> build/lib.linux-x86_64-3.6/ldap/schema
copying Lib/ldap/schema/tokenizer.py -> build/lib.linux-x86_64-3.6/ldap/schema
creating build/lib.linux-x86_64-3.6/slapdtest
copying Lib/slapdtest/__init__.py -> build/lib.linux-x86_64-3.6/slapdtest
copying Lib/slapdtest/_slapdtest.py -> build/lib.linux-x86_64-3.6/slapdtest
running egg_info
writing Lib/python_ldap.egg-info/PKG-INFO
writing dependency_links to Lib/python_ldap.egg-info/dependency_links.txt
writing requirements to Lib/python_ldap.egg-info/requires.txt
writing top-level names to Lib/python_ldap.egg-info/top_level.txt
reading manifest file 'Lib/python_ldap.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
no previously-included directories found matching 'Doc/.build'
adding license file 'LICENCE'
writing manifest file 'Lib/python_ldap.egg-info/SOURCES.txt'
creating build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/README -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/ca.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/ca.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/client.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/client.key -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/client.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/gencerts.sh -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/gennssdb.sh -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/server.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/server.key -> build/lib.linux-x86_64-3.6/slapdtest/certs
copying Lib/slapdtest/certs/server.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
running build_ext
building '_ldap' extension
creating build/temp.linux-x86_64-3.6
creating build/temp.linux-x86_64-3.6/Modules
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -DHAVE_SASL -DHAVE_TLS -DHAVE_LIBLDAP_R -DHAVE_LIBLDAP_R -DLDAPMODULE_VERSION=3.3.1 -DLDAPMODULE_AUTHOR=python-ldap project -DLDAPMODULE_LICENSE=Python style -IModules -I/usr/local/include/python3.6m -c Modules/LDAPObject.c -o build/temp.linux-x86_64-3.6/Modules/LDAPObject.o
unable to execute 'gcc': No such file or directory
error: command 'gcc' failed with exit status 1
----------------------------------------
ERROR: Command errored out with exit status 1: /usr/local/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"'; __file__='"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-n4r5p73l/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.6m/python-ldap Check the logs for full command output.
二、方法二 -- pip install python-ldap
docker run -it getsentry/sentry:nightly /bin/bash
如果遇到上述的报错,解决问题的步骤见下:
apt-get update
apt-get install build-essential
apt-get install python3-dev
apt-get install libevent-dev
以为是可以了,但是一直不行!!!
于是查看github的issue列表,通过dockerfile文件,得知它的安装命令见下:
apt-get update && apt-get install -y libsasl2-dev python-dev libldap2-dev libssl-dev
pip install python-ldap sentry-ldap-auth
三、方法三 -- requirements.txt
四、方法四 -- 更新docker镜像
.env (配置镜像、端口、数据保留的天数)
COMPOSE_PROJECT_NAME=sentry_onpremise
SENTRY_EVENT_RETENTION_DAYS=10
# You can either use a port number or an IP:PORT combo for SENTRY_BIND
# See https://docs.docker.com/compose/compose-file/#ports for more
SENTRY_BIND=9000
#SENTRY_IMAGE=getsentry/sentry:nightly
SENTRY_IMAGE=guidao02/sentry-ldap:21.6.16
SNUBA_IMAGE=getsentry/snuba:nightly
RELAY_IMAGE=getsentry/relay:nightly
SYMBOLICATOR_IMAGE=getsentry/symbolicator:nightly
WAL2JSON_VERSION=latest
这里使用了dockerhub的镜像guidao02/sentry-ldap:21.6.16,你可以自定义并上传到docker仓库。
五、修改Ldap配置
vi sentry/sentry.conf.py
#############
# LDAP auth #
#############
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType
# ldap服务器,需要更改
AUTH_LDAP_SERVER_URI = 'ldap://172.16.3.28:389'
# 用户名,需要更改
AUTH_LDAP_BIND_DN = 'cn=admin,dc=xxx,dc=com'
# 密码,需要更改
AUTH_LDAP_BIND_PASSWORD = 'xxx'
# 用户检索目录,需要更改
AUTH_LDAP_USER_SEARCH = LDAPSearch(
'ou=people,dc=xxx,dc=com',
ldap.SCOPE_SUBTREE,
'(uid=%(user)s)',
)
# 组织检索目录,需要更改
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
'ou=sentry,ou=group,dc=xxx,dc=com',
ldap.SCOPE_SUBTREE,
'(objectClass=groupOfUniqueNames)'
)
AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None
AUTH_LDAP_USER_ATTR_MAP = {
'name': 'description',
'email': 'mail'
}
AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False
AUTH_LDAP_SENTRY_USERNAME_FIELD = 'cn'
SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )
AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
'sentry_ldap_auth.backend.SentryLdapBackend',
)
# optional, for debugging
import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.addHandler(logging.FileHandler('/tmp/ldap2.log'))
logger.setLevel('DEBUG')
LOGGING['overridable'] = ['sentry', 'django_auth_ldap']
LOGGING['loggers']['django_auth_ldap'] = {
'handlers': ['console'],
'level': 'DEBUG'
}
六、sentry重启
docker-compose down
docker-compose build
docker-compose up -d
网友评论