Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

After upgrading our sentry to 24.9.0 we are facing sentry.auth.system: Trying to use SystemToken from non-internal IP #3353

Open
balaG4046 opened this issue Sep 27, 2024 · 9 comments

Comments

@balaG4046
Copy link

Environment

self-hosted (https://develop.sentry.dev/self-hosted/)

Steps to Reproduce

Hi Team,

We have upgraded our sentry self hosted recently to 24.9.0, we are facing below issue intermittently, once after the restarting the container sentry-self-hosted-web-1 sentry came up,
Error logs

15:06:20 [WARNING] django.request: Unauthorized: /api/0/projects/cds/evolio-masterdata-service/files/dsyms/ (status_code=401 request=<WSGIRequest: GET '/api/0/projects/cds/evolio-masterdata-service/files/dsyms/?debug_id=c80d19dc-4dc3-4765-9532-ea111a4c6061-e8be40ea'>)
15:06:20 [WARNING] django.request: Unauthorized: /api/0/projects/cds/evolio-masterdata-service/files/dsyms/ (status_code=401 request=<WSGIRequest: GET '/api/0/projects/cds/evolio-masterdata-service/files/dsyms/?debug_id=4702619c-5710-adc8-55f3-6ae683edbf5f-694b73fc'>)
15:06:20 [ERROR] sentry.auth.system: Trying to use SystemToken from non-internal IP
15:06:20 [ERROR] sentry.auth.system: Trying to use SystemToken from non-internal IP
15:06:20 [ERROR] sentry.auth.system: Trying to use SystemToken from non-internal IP
15:06:20 [ERROR] sentry.auth.system: Trying to use SystemToken from non-internal IP

Kindly help us with the solution to resolve the issue.

Thanks!

Expected Result

it should work with any issue.

Actual Result

Please find the error logs-

15:06:20 [WARNING] django.request: Unauthorized: /api/0/projects/cds/evolio-masterdata-service/files/dsyms/ (status_code=401 request=<WSGIRequest: GET '/api/0/projects/cds/evolio-masterdata-service/files/dsyms/?debug_id=c80d19dc-4dc3-4765-9532-ea111a4c6061-e8be40ea'>)
15:06:20 [WARNING] django.request: Unauthorized: /api/0/projects/cds/evolio-masterdata-service/files/dsyms/ (status_code=401 request=<WSGIRequest: GET '/api/0/projects/cds/evolio-masterdata-service/files/dsyms/?debug_id=4702619c-5710-adc8-55f3-6ae683edbf5f-694b73fc'>)
15:06:20 [ERROR] sentry.auth.system: Trying to use SystemToken from non-internal IP
15:06:20 [ERROR] sentry.auth.system: Trying to use SystemToken from non-internal IP
15:06:20 [ERROR] sentry.auth.system: Trying to use SystemToken from non-internal IP
15:06:20 [ERROR] sentry.auth.system: Trying to use SystemToken from non-internal IP

Product Area

Issues

Link

No response

DSN

No response

Version

24.9.0

@getsantry
Copy link

getsantry bot commented Sep 27, 2024

Assigning to @getsentry/support for routing ⏲️

@ReneGreen27 ReneGreen27 transferred this issue from getsentry/sentry Sep 30, 2024
@balaG4046
Copy link
Author

hi team, any update here

@aldy505
Copy link
Collaborator

aldy505 commented Oct 8, 2024

Did you modify your Docker network IP range to something that's not in the private IP ranges? See here: https://develop.sentry.dev/self-hosted/troubleshooting/#docker-network-conflicting-ip-address

The easiest solution is just restart your Docker engine. sudo systemctl restart docker

@balaG4046
Copy link
Author

Hi @aldy505
Thanks for your update, we have not modified any ip range, but this issue is coming after we moved to 24.9.0 version, however we are restarting the container to resolve the issue, it would be better if we can permanently fix the issue rather than restarting the container.

Thanks!

@aldy505
Copy link
Collaborator

aldy505 commented Oct 16, 2024

Okay, another guess, do you happen to have these lines on your sentry/sentry.conf.py file?

# Generously adapted from pynetlinux: https://github.com/rlisagor/pynetlinux/blob/e3f16978855c6649685f0c43d4c3fcf768427ae5/pynetlinux/ifconfig.py#L197-L223
def get_internal_network():
import ctypes
import fcntl
import math
import socket
import struct
iface = b"eth0"
sockfd = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
ifreq = struct.pack(b"16sH14s", iface, socket.AF_INET, b"\x00" * 14)
try:
ip = struct.unpack(
b"!I", struct.unpack(b"16sH2x4s8x", fcntl.ioctl(sockfd, 0x8915, ifreq))[2]
)[0]
netmask = socket.ntohl(
struct.unpack(b"16sH2xI8x", fcntl.ioctl(sockfd, 0x891B, ifreq))[2]
)
except IOError:
return ()
base = socket.inet_ntoa(struct.pack(b"!I", ip & netmask))
netmask_bits = 32 - int(round(math.log(ctypes.c_uint32(~netmask).value + 1, 2), 1))
return "{0:s}/{1:d}".format(base, netmask_bits)
INTERNAL_SYSTEM_IPS = (get_internal_network(),)

@balaG4046
Copy link
Author

yes we do have this line in our conf file @aldy505 today also we faced the same issue again, please help us with the solution. is this issue fixed in 24.10.0 ? ref(feedback): 401 for unauth'd POSTs to projectUserReports (getsentry/sentry#79069) ?

@arussell
Copy link

arussell commented Oct 18, 2024

I am also seeing this issue under 24.10.0, get_internal_network() returns WAN IP. Hard coding internal Docker range with INTERNAL_SYSTEM_IPS = ("172.16.0.0/12") and rerunning ./install.sh does not fix the issue, still see the error:

[ERROR] sentry.auth.system: Trying to use SystemToken from non-internal IP

@balaG4046
Copy link
Author

Hi @aldy505
Kindly help me with an update.

Thanks!

@aamarques
Copy link

The same is true here. I can't access account/notifications or account/security.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Waiting for: Product Owner
Status: No status
Development

No branches or pull requests

4 participants