self-hosted icon indicating copy to clipboard operation
self-hosted copied to clipboard
Published 3 weeks ago verified publisher icon getsentry

CPU/RAM Usage Requires superuser classic auth

Open roketag33 opened this issue 1 month ago • 1 comments

Self-Hosted Version

25.11.0

CPU Architecture

x86 64

Docker Version

podman 4.9.4-rhel

Docker Compose Version

podman-compose version 1.5.0

Machine Specification

  • [x] My system meets the minimum system requirements of Sentry

Steps to Reproduce

export http_proxy=*****
export https_proxy=*****

export no_proxy=smtp,memcached,redis,postgres,pgbouncer,kafka,clickhouse,seaweedfs,snuba-api,symbolicator,web,worker,nginx,relay,vroom,taskbroker,172.17.0.0/16,127.0.0.0/8

umask 0002

git clone https://github.com/getsentry/self-hosted.git
cd self-hosted
git checkout 25.11.0
#podman not support --wait 
sed -i 's/$dc up --wait seaweedfs postgres/$dc up -d seaweedfs postgres; sleep 30/' install/bootstrap-s3-nodestore.sh

#we have a problem with this condition
sed -i "s,) != 's3://nodestore', | tr -d '[:space:]') != 's3://nodestore'," install/bootstrap-s3-nodestore.sh
export CONTAINER_ENGINE_PODMAN=1 REPORT_SELF_HOSTED_ISSUES=0
./install.sh
echo 'system.url-prefix: https://sentry.xxx.xxx >> sentry/config.yml
echo -e 'CSRF_TRUSTED_ORIGINS = ["https://sentry.xxx.xxxx"]\nSENTRY_AIR_GAP = True\nSENTRY_BEACON = False' >> sentry/sentry.conf.py
echo -e "SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')\nUSE_X_FORWARDED_HOST = True\nSESSION_COOKIE_SECURE = True\nCSRF_COOKIE_SECURE = True\nSOCIAL_AUTH_REDIRECT_IS_HTTPS = True" >> sentry/sentry.conf.py
podman compose --profile=feature-complete up --force-recreate -d

I open my browser and enter the URL to access the interface. I enter my credentials and log in. I click on the button 'No, I'd prefer to keep CPU/RAM usage private' in the 'CPU/RAM Usage' popup. A 'No, I'd prefer to keep CPU/RAM usage private' popup appears asking for my superuser password. I fill it in with my password.

Image

Expected Result

Once I enter the password, I can start my onboarding.

Actual Result

When I click the 'Continue' button after selecting 'No, I'd prefer to keep CPU/RAM usage private,' a request is sent to /api/0/internal/options/, and I receive a 403 with the following response:

{
  "detail": {
    "code": "superuser-required",
    "message": "You need to re-authenticate for superuser.",
    "extra": {}
  },
  "code": "superuser-required",
  "extra": {},
  "message": "You need to re-authenticate for superuser."
}

However, when the next popup prompts me for my password and I enter it, a request is sent to /api/0/auth/ and I receive a 200 response, indicating that I have the required permissions, as shown in the image below.

Image Image

Event ID

No response

roketag33 avatar Dec 03 '25 16:12 roketag33

Hey @hubertdeng123 can you (or anyone related to this page) take a look?

aldy505 avatar Dec 07 '25 05:12 aldy505

Hello,

I just wanted to follow up regarding the issue I mentioned in my previous message about the 403 error during onboarding in Sentry. Have you had a chance to take a look at it?

For your information, I was able to workaround the issue by adding the following lines to the sentry.conf.py file:

SENTRY_BEACON = False
SENTRY_OPTIONS["beacon.anonymous"] = False
SENTRY_OPTIONS["beacon.record_cpu_ram_usage"] = False

Thank you in advance!

roketag33 avatar Dec 19 '25 09:12 roketag33