· 6 years ago · Apr 10, 2019, 02:30 PM
1# This file is just Python, with a touch of Django which means
2# you can inherit and tweak settings to your hearts content.
3
4# For Docker, the following environment variables are supported:
5# SENTRY_POSTGRES_HOST
6# SENTRY_POSTGRES_PORT
7# SENTRY_DB_NAME
8# SENTRY_DB_USER
9# SENTRY_DB_PASSWORD
10# SENTRY_RABBITMQ_HOST
11# SENTRY_RABBITMQ_USERNAME
12# SENTRY_RABBITMQ_PASSWORD
13# SENTRY_RABBITMQ_VHOST
14# SENTRY_REDIS_HOST
15# SENTRY_REDIS_PASSWORD
16# SENTRY_REDIS_PORT
17# SENTRY_REDIS_DB
18# SENTRY_MEMCACHED_HOST
19# SENTRY_MEMCACHED_PORT
20# SENTRY_FILESTORE_DIR
21# SENTRY_SERVER_EMAIL
22# SENTRY_EMAIL_HOST
23# SENTRY_EMAIL_PORT
24# SENTRY_EMAIL_USER
25# SENTRY_EMAIL_PASSWORD
26# SENTRY_EMAIL_USE_TLS
27# SENTRY_ENABLE_EMAIL_REPLIES
28# SENTRY_SMTP_HOSTNAME
29# SENTRY_MAILGUN_API_KEY
30# SENTRY_SINGLE_ORGANIZATION
31# SENTRY_SECRET_KEY
32# SLACK_CLIENT_ID
33# SLACK_CLIENT_SECRET
34# SLACK_VERIFICATION_TOKEN
35# GITHUB_APP_ID
36# GITHUB_API_SECRET
37# BITBUCKET_CONSUMER_KEY
38# BITBUCKET_CONSUMER_SECRET
39from sentry.conf.server import * # NOQA
40
41import os
42import os.path
43
44CONF_ROOT = os.path.dirname(__file__)
45
46postgres = env('SENTRY_POSTGRES_HOST') or (env('POSTGRES_PORT_5432_TCP_ADDR') and 'postgres')
47if postgres:
48 DATABASES = {
49 'default': {
50 'ENGINE': 'sentry.db.postgres',
51 'NAME': (
52 env('SENTRY_DB_NAME')
53 or env('POSTGRES_ENV_POSTGRES_USER')
54 or 'postgres'
55 ),
56 'USER': (
57 env('SENTRY_DB_USER')
58 or env('POSTGRES_ENV_POSTGRES_USER')
59 or 'postgres'
60 ),
61 'PASSWORD': (
62 env('SENTRY_DB_PASSWORD')
63 or env('POSTGRES_ENV_POSTGRES_PASSWORD')
64 or ''
65 ),
66 'HOST': postgres,
67 'PORT': (
68 env('SENTRY_POSTGRES_PORT')
69 or ''
70 ),
71 'OPTIONS': {
72 'autocommit': True,
73 },
74 },
75 }
76
77# You should not change this setting after your database has been created
78# unless you have altered all schemas first
79SENTRY_USE_BIG_INTS = True
80
81# If you're expecting any kind of real traffic on Sentry, we highly recommend
82# configuring the CACHES and Redis settings
83
84###########
85# General #
86###########
87
88# Instruct Sentry that this install intends to be run by a single organization
89# and thus various UI optimizations should be enabled.
90SENTRY_SINGLE_ORGANIZATION = env('SENTRY_SINGLE_ORGANIZATION', True)
91
92#########
93# Redis #
94#########
95
96# Generic Redis configuration used as defaults for various things including:
97# Buffers, Quotas, TSDB
98
99redis = env('SENTRY_REDIS_HOST') or (env('REDIS_PORT_6379_TCP_ADDR') and 'redis')
100if not redis:
101 raise Exception('Error: REDIS_PORT_6379_TCP_ADDR (or SENTRY_REDIS_HOST) is undefined, did you forget to `--link` a redis container?')
102
103redis_password = env('SENTRY_REDIS_PASSWORD') or ''
104redis_port = env('SENTRY_REDIS_PORT') or '6379'
105redis_db = env('SENTRY_REDIS_DB') or '0'
106
107SENTRY_OPTIONS.update({
108 'redis.clusters': {
109 'default': {
110 'hosts': {
111 0: {
112 'host': redis,
113 'password': redis_password,
114 'port': redis_port,
115 'db': redis_db,
116 },
117 },
118 },
119 },
120})
121
122#########
123# Cache #
124#########
125
126# Sentry currently utilizes two separate mechanisms. While CACHES is not a
127# requirement, it will optimize several high throughput patterns.
128
129memcached = env('SENTRY_MEMCACHED_HOST') or (env('MEMCACHED_PORT_11211_TCP_ADDR') and 'memcached')
130if memcached:
131 memcached_port = (
132 env('SENTRY_MEMCACHED_PORT')
133 or '11211'
134 )
135 CACHES = {
136 'default': {
137 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
138 'LOCATION': [memcached + ':' + memcached_port],
139 'TIMEOUT': 3600,
140 }
141 }
142
143# A primary cache is required for things such as processing events
144SENTRY_CACHE = 'sentry.cache.redis.RedisCache'
145
146#########
147# Queue #
148#########
149
150# See https://docs.getsentry.com/on-premise/server/queue/ for more
151# information on configuring your queue broker and workers. Sentry relies
152# on a Python framework called Celery to manage queues.
153
154rabbitmq = env('SENTRY_RABBITMQ_HOST') or (env('RABBITMQ_PORT_5672_TCP_ADDR') and 'rabbitmq')
155
156if rabbitmq:
157 BROKER_URL = (
158 'amqp://' + (
159 env('SENTRY_RABBITMQ_USERNAME')
160 or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_USER')
161 or 'guest'
162 ) + ':' + (
163 env('SENTRY_RABBITMQ_PASSWORD')
164 or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_PASS')
165 or 'guest'
166 ) + '@' + rabbitmq + '/' + (
167 env('SENTRY_RABBITMQ_VHOST')
168 or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_VHOST')
169 or '/'
170 )
171 )
172else:
173 BROKER_URL = 'redis://:' + redis_password + '@' + redis + ':' + redis_port + '/' + redis_db
174
175
176###############
177# Rate Limits #
178###############
179
180# Rate limits apply to notification handlers and are enforced per-project
181# automatically.
182
183SENTRY_RATELIMITER = 'sentry.ratelimits.redis.RedisRateLimiter'
184
185##################
186# Update Buffers #
187##################
188
189# Buffers (combined with queueing) act as an intermediate layer between the
190# database and the storage API. They will greatly improve efficiency on large
191# numbers of the same events being sent to the API in a short amount of time.
192# (read: if you send any kind of real data to Sentry, you should enable buffers)
193
194SENTRY_BUFFER = 'sentry.buffer.redis.RedisBuffer'
195
196##########
197# Quotas #
198##########
199
200# Quotas allow you to rate limit individual projects or the Sentry install as
201# a whole.
202
203SENTRY_QUOTAS = 'sentry.quotas.redis.RedisQuota'
204
205########
206# TSDB #
207########
208
209# The TSDB is used for building charts as well as making things like per-rate
210# alerts possible.
211
212SENTRY_TSDB = 'sentry.tsdb.redis.RedisTSDB'
213
214###########
215# Digests #
216###########
217
218# The digest backend powers notification summaries.
219
220SENTRY_DIGESTS = 'sentry.digests.backends.redis.RedisBackend'
221
222################
223# File storage #
224################
225
226# Uploaded media uses these `filestore` settings. The available
227# backends are either `filesystem` or `s3`.
228
229SENTRY_OPTIONS['filestore.backend'] = 'filesystem'
230SENTRY_OPTIONS['filestore.options'] = {
231 'location': env('SENTRY_FILESTORE_DIR'),
232}
233
234##############
235# Web Server #
236##############
237
238# If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto
239# header and set `SENTRY_USE_SSL=1`
240
241if env('SENTRY_USE_SSL', False):
242 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
243 SESSION_COOKIE_SECURE = True
244 CSRF_COOKIE_SECURE = True
245 SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
246
247SENTRY_WEB_HOST = '0.0.0.0'
248SENTRY_WEB_PORT = 9000
249SENTRY_WEB_OPTIONS = {
250 # 'workers': 3, # the number of web workers
251}
252
253###############
254# Mail Server #
255###############
256
257
258email = env('SENTRY_EMAIL_HOST') or (env('SMTP_PORT_25_TCP_ADDR') and 'smtp')
259if email:
260 SENTRY_OPTIONS['mail.backend'] = 'smtp'
261 SENTRY_OPTIONS['mail.host'] = email
262 SENTRY_OPTIONS['mail.password'] = env('SENTRY_EMAIL_PASSWORD') or ''
263 SENTRY_OPTIONS['mail.username'] = env('SENTRY_EMAIL_USER') or ''
264 SENTRY_OPTIONS['mail.port'] = int(env('SENTRY_EMAIL_PORT') or 25)
265 SENTRY_OPTIONS['mail.use-tls'] = env('SENTRY_EMAIL_USE_TLS', False)
266else:
267 SENTRY_OPTIONS['mail.backend'] = 'dummy'
268
269# The email address to send on behalf of
270# SENTRY_OPTIONS['mail.from'] = env('SENTRY_SERVER_EMAIL') or 'root@localhost'
271
272# If you're using mailgun for inbound mail, set your API key and configure a
273# route to forward to /api/hooks/mailgun/inbound/
274SENTRY_OPTIONS['mail.mailgun-api-key'] = env('SENTRY_MAILGUN_API_KEY') or ''
275
276# If you specify a MAILGUN_API_KEY, you definitely want EMAIL_REPLIES
277if SENTRY_OPTIONS['mail.mailgun-api-key']:
278 SENTRY_OPTIONS['mail.enable-replies'] = True
279else:
280 SENTRY_OPTIONS['mail.enable-replies'] = env('SENTRY_ENABLE_EMAIL_REPLIES', False)
281
282if SENTRY_OPTIONS['mail.enable-replies']:
283 SENTRY_OPTIONS['mail.reply-hostname'] = env('SENTRY_SMTP_HOSTNAME') or ''
284
285#####################
286# SLACK INTEGRATION #
287#####################
288slack = env('SLACK_CLIENT_ID') and env('SLACK_CLIENT_SECRET')
289if slack:
290 SENTRY_OPTIONS['slack.client-id'] = env('SLACK_CLIENT_ID')
291 SENTRY_OPTIONS['slack.client-secret'] = env('SLACK_CLIENT_SECRET')
292 SENTRY_OPTIONS['slack.verification-token'] = env('SLACK_VERIFICATION_TOKEN') or ''
293
294# If this value ever becomes compromised, it's important to regenerate your
295# SENTRY_SECRET_KEY. Changing this value will result in all current sessions
296# being invalidated.
297secret_key = env('SENTRY_SECRET_KEY')
298if not secret_key:
299 raise Exception('Error: SENTRY_SECRET_KEY is undefined, run `generate-secret-key` and set to -e SENTRY_SECRET_KEY')
300
301if 'SENTRY_RUNNING_UWSGI' not in os.environ and len(secret_key) < 32:
302 print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
303 print('!! CAUTION !!')
304 print('!! Your SENTRY_SECRET_KEY is potentially insecure. !!')
305 print('!! We recommend at least 32 characters long. !!')
306 print('!! Regenerate with `generate-secret-key`. !!')
307 print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
308
309SENTRY_OPTIONS['system.secret-key'] = secret_key
310
311if 'GITHUB_APP_ID' in os.environ:
312 GITHUB_EXTENDED_PERMISSIONS = ['repo']
313 GITHUB_APP_ID = env('GITHUB_APP_ID')
314 GITHUB_API_SECRET = env('GITHUB_API_SECRET')
315
316if 'BITBUCKET_CONSUMER_KEY' in os.environ:
317 BITBUCKET_CONSUMER_KEY = env('BITBUCKET_CONSUMER_KEY')
318 BITBUCKET_CONSUMER_SECRET = env('BITBUCKET_CONSUMER_SECRET')
319
320SENTRY_FEATURES['auth:register'] = False
321SENTRY_BEACON = False
322
323########
324# LDAP #
325########
326
327import sys
328reload(sys)
329sys.setdefaultencoding('utf8')
330import ldap
331
332from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType
333
334AUTH_LDAP_ALWAYS_UPDATE_USER = True
335AUTH_LDAP_SERVER_URI = env('SENTRY_LDAP_SERVER_URI')
336AUTH_LDAP_BIND_DN = env('SENTRY_LDAP_BIND_DN')
337AUTH_LDAP_BIND_PASSWORD = env('SENTRY_LDAP_BIND_PASSWORD')
338AUTH_LDAP_USER_SEARCH = LDAPSearch(u"dc=exmo,dc=lan",ldap.SCOPE_SUBTREE,u"(sAMAccountName=%(user)s)"
339)
340
341AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
342 u'',
343 ldap.SCOPE_SUBTREE,
344 u'(objectClass=groupOfUniqueNames)'
345)
346
347AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
348AUTH_LDAP_REQUIRE_GROUP = None
349AUTH_LDAP_DENY_GROUP = None
350
351AUTH_LDAP_USER_ATTR_MAP = {
352 "username": "sAMAccountName",
353 "first_name": u"givenName",
354 "last_name": u"sn",
355 "email": "mail",
356}
357
358AUTH_LDAP_FIND_GROUP_PERMS = False
359AUTH_LDAP_CACHE_GROUPS = True
360AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
361
362AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
363AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
364AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
365AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False
366
367SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )
368
369AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
370 'sentry_ldap_auth.backend.SentryLdapBackend',
371)