From c4585fa71f9accb161caf1ff826e2063f8203763 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20D=C3=BCwel?= Date: Tue, 29 Jan 2019 14:34:41 +0100 Subject: [PATCH 01/12] use S3 signature version 4 by default (some aws regions do not support v2 anymore) --- roles/sentry/templates/sentry_yml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/sentry/templates/sentry_yml.j2 b/roles/sentry/templates/sentry_yml.j2 index ab4d1df..4e78b06 100644 --- a/roles/sentry/templates/sentry_yml.j2 +++ b/roles/sentry/templates/sentry_yml.j2 @@ -62,6 +62,7 @@ redis.clusters: filestore.backend: 's3' filestore.options: bucket_name: '{{ sentry_files_bucket_name }}' + signature_version: 's3v4' {% else %} filestore.backend: 'filesystem' filestore.options: From 787ac16effccc8fb64abe8147497747595ecc3e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julien=20Jouvent-Hall=C3=A9?= Date: Tue, 6 Aug 2019 13:25:00 -0400 Subject: [PATCH 02/12] increase client_max_body_size in nginx config uploading large (2m) proguard map files to sentry fails with the message `413 Request Entity Too Large` increasing the client_max_body_size value to 10m should solve the issue. --- roles/sentry/templates/nginx-sentry.conf.j2 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/sentry/templates/nginx-sentry.conf.j2 b/roles/sentry/templates/nginx-sentry.conf.j2 index 1f50bc7..ebd2498 100644 --- a/roles/sentry/templates/nginx-sentry.conf.j2 +++ b/roles/sentry/templates/nginx-sentry.conf.j2 @@ -10,6 +10,9 @@ server { ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + # increased upload max size + client_max_body_size 10m; + server_name {{sentry_url}}; location / { @@ -21,4 +24,4 @@ server { proxy_set_header X-Forwarded-Proto $scheme; add_header Strict-Transport-Security "max-age=31536000"; } -} \ No newline at end of file +} From 19efe7288a45e2534009fac9fdeec4e1f937ba63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Schaal?= <46002149+joel-schaal@users.noreply.github.com> Date: Thu, 4 Feb 2021 22:12:55 -0500 Subject: [PATCH 03/12] bootstrap ansible with python3 --- site.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site.yml b/site.yml index 45c0e9b..8a718fb 100644 --- a/site.yml +++ b/site.yml @@ -11,7 +11,7 @@ - name: Update apt packages raw: apt-get update - name: Install python - raw: apt-get install python-minimal aptitude -y + raw: apt-get install python3 aptitude -y - name: Gather facts action: setup become: yes @@ -28,7 +28,7 @@ - name: Update apt packages raw: apt-get update - name: Install python - raw: apt-get install python-minimal aptitude -y + raw: apt-get install python3 aptitude -y - name: Gather facts action: setup become: yes # become sudo From af322be761d2782ead60e8e66158df80d366825b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Schaal?= <46002149+joel-schaal@users.noreply.github.com> Date: Thu, 4 Feb 2021 22:27:03 -0500 Subject: [PATCH 04/12] Use python3 variant for libs --- roles/common/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index cb92acf..771f3b3 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -11,10 +11,10 @@ with_items: - autoconf - build-essential - - python-setuptools - - python-software-properties - - python-dev - - python-pip + - python3-setuptools + - python3-software-properties + - python3-dev + - python3-pip - libncurses-dev # CIS CAT secuirty configurations @@ -397,4 +397,4 @@ apt: name=telnet state=absent update_cache=yes tags: - cis_cat_security - - disable_telnet \ No newline at end of file + - disable_telnet From f8d44e44d59a2ccf55f301a4e30dcb20db502534 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Schaal?= <46002149+joel-schaal@users.noreply.github.com> Date: Thu, 4 Feb 2021 22:28:19 -0500 Subject: [PATCH 05/12] disable apport "a la 20.04" --- roles/common/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 771f3b3..68604a0 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -299,7 +299,7 @@ - x_window - name: disable apport - lineinfile: dest=/etc/init/apport.conf regexp="^env enabled" line="env enabled=0" + lineinfile: dest=/etc/default/apport regexp="^enabled" line="enabled=0" become: true tags: - cis_cat_security From 432c2691efc1cb1b7df35c2c082279eafafa98a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Schaal?= <46002149+joel-schaal@users.noreply.github.com> Date: Thu, 4 Feb 2021 22:35:28 -0500 Subject: [PATCH 06/12] add missing libs to compile xmlsec otherwise we end up with errors like https://www.reddit.com/r/djangolearning/comments/gx9fnx/unable_to_install_xmlsec_on_ubuntu/ --- roles/sentry/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/sentry/defaults/main.yml b/roles/sentry/defaults/main.yml index 6006ad2..14d0bbb 100644 --- a/roles/sentry/defaults/main.yml +++ b/roles/sentry/defaults/main.yml @@ -4,6 +4,8 @@ other_python_pkgs: - libffi-dev - libjpeg-dev - libxml2-dev + - libxmlsec1-dev + - libxmlsec1-openssl - libxslt-dev - libyaml-dev - libpq-dev @@ -18,4 +20,4 @@ other_python_pkgs: - libblas-dev - liblapack-dev - libatlas-base-dev - - python-passlib + - python3-passlib From ea9e438b8df5fe1a1ff3e617af3bd4e14923e148 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Schaal?= <46002149+joel-schaal@users.noreply.github.com> Date: Thu, 4 Feb 2021 22:38:14 -0500 Subject: [PATCH 07/12] various fixes --- roles/sentry/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sentry/tasks/main.yml b/roles/sentry/tasks/main.yml index fa0973a..fc4104c 100644 --- a/roles/sentry/tasks/main.yml +++ b/roles/sentry/tasks/main.yml @@ -7,7 +7,7 @@ - python - name: Install all relevant files for server - pip: name={{item}} executable=pip + pip: name={{item}} executable=pip3 with_items: - urllib3 - pyopenssl @@ -18,7 +18,7 @@ - python - name: install python mysql bindings for mysql commands - apt: name=python-mysqldb state=installed + apt: name=python-mysqldb state=present tags: - python From 8c36b7f792975930841f8bf1e0e96ee138e8de4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Schaal?= <46002149+joel-schaal@users.noreply.github.com> Date: Fri, 5 Feb 2021 15:11:26 -0500 Subject: [PATCH 08/12] forgot mysql python3 --- roles/sentry/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sentry/tasks/main.yml b/roles/sentry/tasks/main.yml index fa0973a..303f6eb 100644 --- a/roles/sentry/tasks/main.yml +++ b/roles/sentry/tasks/main.yml @@ -18,7 +18,7 @@ - python - name: install python mysql bindings for mysql commands - apt: name=python-mysqldb state=installed + apt: name=python3-mysqldb state=installed tags: - python From d94b86101b1be3657b8fff66b67e78e583964ddf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Schaal?= <46002149+joel-schaal@users.noreply.github.com> Date: Fri, 5 Feb 2021 15:24:44 -0500 Subject: [PATCH 09/12] use proper python for mysql --- roles/sentry/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sentry/tasks/main.yml b/roles/sentry/tasks/main.yml index fc4104c..fcb5f32 100644 --- a/roles/sentry/tasks/main.yml +++ b/roles/sentry/tasks/main.yml @@ -18,7 +18,7 @@ - python - name: install python mysql bindings for mysql commands - apt: name=python-mysqldb state=present + apt: name=python3-mysqldb state=present tags: - python From 6044fb96400369190de3d41628d59c96220ef794 Mon Sep 17 00:00:00 2001 From: sel-aaraj <45242315+sel-aaraj@users.noreply.github.com> Date: Fri, 5 Feb 2021 17:53:27 -0500 Subject: [PATCH 10/12] Reinstall the right version --- roles/sentry/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/sentry/tasks/main.yml b/roles/sentry/tasks/main.yml index fcb5f32..f98ca1a 100644 --- a/roles/sentry/tasks/main.yml +++ b/roles/sentry/tasks/main.yml @@ -67,6 +67,7 @@ pip: name: sentry virtualenv: /www/sentry/ve + version: 8.0.0 tags: sentry - name: Install Sentry GitHub auth From 40eba510b0bdf80f3f1f49c6550b0364859c5eca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julien=20Jouvent-Hall=C3=A9?= Date: Fri, 5 Feb 2021 21:51:23 -0500 Subject: [PATCH 11/12] set sentry version to 9.1.2 9.1.2 is the version that most likely is the version we used at the time of creation (2019) --- roles/sentry/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sentry/tasks/main.yml b/roles/sentry/tasks/main.yml index f98ca1a..8dcd5e8 100644 --- a/roles/sentry/tasks/main.yml +++ b/roles/sentry/tasks/main.yml @@ -67,7 +67,7 @@ pip: name: sentry virtualenv: /www/sentry/ve - version: 8.0.0 + version: 9.1.2 tags: sentry - name: Install Sentry GitHub auth From c077d94cee3e1932eaa4a2dc5290af29d121e80b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julien=20Jouvent-Hall=C3=A9?= Date: Sun, 7 Feb 2021 23:42:14 -0500 Subject: [PATCH 12/12] remove vesion restriction --- roles/sentry/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/sentry/tasks/main.yml b/roles/sentry/tasks/main.yml index 8dcd5e8..fcb5f32 100644 --- a/roles/sentry/tasks/main.yml +++ b/roles/sentry/tasks/main.yml @@ -67,7 +67,6 @@ pip: name: sentry virtualenv: /www/sentry/ve - version: 9.1.2 tags: sentry - name: Install Sentry GitHub auth