· 6 years ago · Apr 02, 2019, 06:06 PM
1# This file is just Python, with a touch of Django which means
2# you can inherit and tweak settings to your hearts content.
3
4# For Docker, the following environment variables are supported:
5# SENTRY_MYSQL_HOST
6# SENTRY_MYSQL_PORT
7# SENTRY_DB_NAME
8# SENTRY_DB_USER
9# SENTRY_DB_PASSWORD
10# SENTRY_RABBITMQ_HOST
11# SENTRY_RABBITMQ_USERNAME
12# SENTRY_RABBITMQ_PASSWORD
13# SENTRY_RABBITMQ_VHOST
14# SENTRY_REDIS_HOST
15# SENTRY_REDIS_PASSWORD
16# SENTRY_REDIS_PORT
17# SENTRY_REDIS_DB
18# SENTRY_MEMCACHED_HOST
19# SENTRY_MEMCACHED_PORT
20# SENTRY_FILESTORE_DIR
21# SENTRY_SERVER_EMAIL
22# SENTRY_EMAIL_HOST
23# SENTRY_EMAIL_PORT
24# SENTRY_EMAIL_USER
25# SENTRY_EMAIL_PASSWORD
26# SENTRY_EMAIL_USE_TLS
27# SENTRY_ENABLE_EMAIL_REPLIES
28# SENTRY_SMTP_HOSTNAME
29# SENTRY_MAILGUN_API_KEY
30# SENTRY_SINGLE_ORGANIZATION
31# SENTRY_SECRET_KEY
32# SLACK_CLIENT_ID
33# SLACK_CLIENT_SECRET
34# SLACK_VERIFICATION_TOKEN
35# GITHUB_APP_ID
36# GITHUB_API_SECRET
37# BITBUCKET_CONSUMER_KEY
38# BITBUCKET_CONSUMER_SECRET
39from sentry.conf.server import * # NOQA
40
41import os
42import os.path
43
44CONF_ROOT = os.path.dirname(__file__)
45
46mysql = env('SENTRY_MYSQL_HOST')
47if mysql:
48 DATABASES = {
49 'default': {
50 'ENGINE': 'django.db.backends.mysql',
51 'NAME': (
52 env('SENTRY_DB_NAME')
53 or 'sentry'
54 ),
55 'USER': (
56 env('SENTRY_DB_USER')
57 or 'sentry'
58 ),
59 'PASSWORD': (
60 env('SENTRY_DB_PASSWORD')
61 or ''
62 ),
63 'HOST': mysql,
64 'PORT': (
65 env('SENTRY_MYSQL_PORT')
66 or '3306'
67 ),
68 'OPTIONS': {
69 'autocommit': True,
70 },
71 },
72 }
73
74# You should not change this setting after your database has been created
75# unless you have altered all schemas first
76SENTRY_USE_BIG_INTS = True
77
78# If you're expecting any kind of real traffic on Sentry, we highly recommend
79# configuring the CACHES and Redis settings
80
81###########
82# General #
83###########
84
85# Instruct Sentry that this install intends to be run by a single organization
86# and thus various UI optimizations should be enabled.
87SENTRY_SINGLE_ORGANIZATION = env('SENTRY_SINGLE_ORGANIZATION', True)
88
89#########
90# Redis #
91#########
92
93# Generic Redis configuration used as defaults for various things including:
94# Buffers, Quotas, TSDB
95
96redis = env('SENTRY_REDIS_HOST') or (env('REDIS_PORT_6379_TCP_ADDR') and 'redis')
97if not redis:
98 raise Exception('Error: REDIS_PORT_6379_TCP_ADDR (or SENTRY_REDIS_HOST) is undefined, did you forget to `--link` a redis container?')
99
100redis_password = env('SENTRY_REDIS_PASSWORD') or ''
101redis_port = env('SENTRY_REDIS_PORT') or '6379'
102redis_db = env('SENTRY_REDIS_DB') or '0'
103
104SENTRY_OPTIONS.update({
105 'redis.clusters': {
106 'default': {
107 'hosts': {
108 0: {
109 'host': redis,
110 'password': redis_password,
111 'port': redis_port,
112 'db': redis_db,
113 },
114 },
115 },
116 },
117})
118
119#########
120# Cache #
121#########
122
123# Sentry currently utilizes two separate mechanisms. While CACHES is not a
124# requirement, it will optimize several high throughput patterns.
125
126memcached = env('SENTRY_MEMCACHED_HOST') or (env('MEMCACHED_PORT_11211_TCP_ADDR') and 'memcached')
127if memcached:
128 memcached_port = (
129 env('SENTRY_MEMCACHED_PORT')
130 or '11211'
131 )
132 CACHES = {
133 'default': {
134 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
135 'LOCATION': [memcached + ':' + memcached_port],
136 'TIMEOUT': 3600,
137 }
138 }
139
140# A primary cache is required for things such as processing events
141SENTRY_CACHE = 'sentry.cache.redis.RedisCache'
142
143#########
144# Queue #
145#########
146
147# See https://docs.getsentry.com/on-premise/server/queue/ for more
148# information on configuring your queue broker and workers. Sentry relies
149# on a Python framework called Celery to manage queues.
150
151rabbitmq = env('SENTRY_RABBITMQ_HOST') or (env('RABBITMQ_PORT_5672_TCP_ADDR') and 'rabbitmq')
152
153if rabbitmq:
154 BROKER_URL = (
155 'amqp://' + (
156 env('SENTRY_RABBITMQ_USERNAME')
157 or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_USER')
158 or 'guest'
159 ) + ':' + (
160 env('SENTRY_RABBITMQ_PASSWORD')
161 or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_PASS')
162 or 'guest'
163 ) + '@' + rabbitmq + '/' + (
164 env('SENTRY_RABBITMQ_VHOST')
165 or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_VHOST')
166 or '/'
167 )
168 )
169else:
170 BROKER_URL = 'redis://:' + redis_password + '@' + redis + ':' + redis_port + '/' + redis_db
171
172
173###############
174# Rate Limits #
175###############
176
177# Rate limits apply to notification handlers and are enforced per-project
178# automatically.
179
180SENTRY_RATELIMITER = 'sentry.ratelimits.redis.RedisRateLimiter'
181
182##################
183# Update Buffers #
184##################
185
186# Buffers (combined with queueing) act as an intermediate layer between the
187# database and the storage API. They will greatly improve efficiency on large
188# numbers of the same events being sent to the API in a short amount of time.
189# (read: if you send any kind of real data to Sentry, you should enable buffers)
190
191SENTRY_BUFFER = 'sentry.buffer.redis.RedisBuffer'
192
193##########
194# Quotas #
195##########
196
197# Quotas allow you to rate limit individual projects or the Sentry install as
198# a whole.
199
200SENTRY_QUOTAS = 'sentry.quotas.redis.RedisQuota'
201
202########
203# TSDB #
204########
205
206# The TSDB is used for building charts as well as making things like per-rate
207# alerts possible.
208
209SENTRY_TSDB = 'sentry.tsdb.redis.RedisTSDB'
210
211###########
212# Digests #
213###########
214
215# The digest backend powers notification summaries.
216
217SENTRY_DIGESTS = 'sentry.digests.backends.redis.RedisBackend'
218
219################
220# File storage #
221################
222
223# Uploaded media uses these `filestore` settings. The available
224# backends are either `filesystem` or `s3`.
225
226SENTRY_OPTIONS['filestore.backend'] = 'filesystem'
227SENTRY_OPTIONS['filestore.options'] = {
228 'location': env('SENTRY_FILESTORE_DIR'),
229}
230
231##############
232# Web Server #
233##############
234
235# If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto
236# header and set `SENTRY_USE_SSL=1`
237
238if env('SENTRY_USE_SSL', False):
239 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
240 SESSION_COOKIE_SECURE = True
241 CSRF_COOKIE_SECURE = True
242 SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
243
244SENTRY_WEB_HOST = '0.0.0.0'
245SENTRY_WEB_PORT = 9000
246SENTRY_WEB_OPTIONS = {
247 # 'workers': 3, # the number of web workers
248}
249
250###############
251# Mail Server #
252###############
253
254
255email = env('SENTRY_EMAIL_HOST') or (env('SMTP_PORT_25_TCP_ADDR') and 'smtp')
256if email:
257 SENTRY_OPTIONS['mail.backend'] = 'smtp'
258 SENTRY_OPTIONS['mail.host'] = email
259 SENTRY_OPTIONS['mail.password'] = env('SENTRY_EMAIL_PASSWORD') or ''
260 SENTRY_OPTIONS['mail.username'] = env('SENTRY_EMAIL_USER') or ''
261 SENTRY_OPTIONS['mail.port'] = int(env('SENTRY_EMAIL_PORT') or 25)
262 SENTRY_OPTIONS['mail.use-tls'] = env('SENTRY_EMAIL_USE_TLS', False)
263else:
264 SENTRY_OPTIONS['mail.backend'] = 'dummy'
265
266# The email address to send on behalf of
267SENTRY_OPTIONS['mail.from'] = env('SENTRY_SERVER_EMAIL') or 'root@localhost'
268
269# If you're using mailgun for inbound mail, set your API key and configure a
270# route to forward to /api/hooks/mailgun/inbound/
271SENTRY_OPTIONS['mail.mailgun-api-key'] = env('SENTRY_MAILGUN_API_KEY') or ''
272
273# If you specify a MAILGUN_API_KEY, you definitely want EMAIL_REPLIES
274if SENTRY_OPTIONS['mail.mailgun-api-key']:
275 SENTRY_OPTIONS['mail.enable-replies'] = True
276else:
277 SENTRY_OPTIONS['mail.enable-replies'] = env('SENTRY_ENABLE_EMAIL_REPLIES', False)
278
279if SENTRY_OPTIONS['mail.enable-replies']:
280 SENTRY_OPTIONS['mail.reply-hostname'] = env('SENTRY_SMTP_HOSTNAME') or ''
281
282#####################
283# SLACK INTEGRATION #
284#####################
285slack = env('SLACK_CLIENT_ID') and env('SLACK_CLIENT_SECRET')
286if slack:
287 SENTRY_OPTIONS['slack.client-id'] = env('SLACK_CLIENT_ID')
288 SENTRY_OPTIONS['slack.client-secret'] = env('SLACK_CLIENT_SECRET')
289 SENTRY_OPTIONS['slack.verification-token'] = env('SLACK_VERIFICATION_TOKEN') or ''
290
291# If this value ever becomes compromised, it's important to regenerate your
292# SENTRY_SECRET_KEY. Changing this value will result in all current sessions
293# being invalidated.
294secret_key = env('SENTRY_SECRET_KEY')
295if not secret_key:
296 raise Exception('Error: SENTRY_SECRET_KEY is undefined, run `generate-secret-key` and set to -e SENTRY_SECRET_KEY')
297
298if 'SENTRY_RUNNING_UWSGI' not in os.environ and len(secret_key) < 32:
299 print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
300 print('!! CAUTION !!')
301 print('!! Your SENTRY_SECRET_KEY is potentially insecure. !!')
302 print('!! We recommend at least 32 characters long. !!')
303 print('!! Regenerate with `generate-secret-key`. !!')
304 print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
305
306SENTRY_OPTIONS['system.secret-key'] = secret_key
307
308if 'GITHUB_APP_ID' in os.environ:
309 GITHUB_EXTENDED_PERMISSIONS = ['repo']
310 GITHUB_APP_ID = env('GITHUB_APP_ID')
311 GITHUB_API_SECRET = env('GITHUB_API_SECRET')
312
313if 'BITBUCKET_CONSUMER_KEY' in os.environ:
314 BITBUCKET_CONSUMER_KEY = env('BITBUCKET_CONSUMER_KEY')
315 BITBUCKET_CONSUMER_SECRET = env('BITBUCKET_CONSUMER_SECRET')
316
317### Ldap
318
319import sys
320reload(sys)
321sys.setdefaultencoding('utf8')
322import ldap
323
324from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType
325
326AUTH_LDAP_ALWAYS_UPDATE_USER = True
327AUTH_LDAP_SERVER_URI = 'ldap://192.168.100.14:389'
328AUTH_LDAP_BIND_DN = 'sentry'
329AUTH_LDAP_BIND_PASSWORD = 'Qwerty12345'
330AUTH_LDAP_USER_SEARCH = LDAPSearch(u"dc=exmo,dc=lan",ldap.SCOPE_SUBTREE,u"(sAMAccountName=%(user)s)"
331)
332
333AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
334 u'',
335 ldap.SCOPE_SUBTREE,
336 u'(objectClass=groupOfUniqueNames)'
337)
338
339AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
340AUTH_LDAP_REQUIRE_GROUP = None
341AUTH_LDAP_DENY_GROUP = None
342
343AUTH_LDAP_USER_ATTR_MAP = {
344 "username": "sAMAccountName",
345 "first_name": u"givenName",
346 "last_name": u"sn",
347 "email": "mail",
348}
349
350AUTH_LDAP_FIND_GROUP_PERMS = False
351AUTH_LDAP_CACHE_GROUPS = True
352AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
353
354AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
355AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
356AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
357AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False
358
359SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )
360
361AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
362 'sentry_ldap_auth.backend.SentryLdapBackend',
363)
364
365# optional, for debugging
366import logging
367logger = logging.getLogger('django_auth_ldap')
368logger.addHandler(logging.StreamHandler())
369logger.addHandler(logging.FileHandler('/tmp/ldap2.log'))
370logger.setLevel('DEBUG')
371
372LOGGING['overridable'] = ['sentry', 'django_auth_ldap']
373LOGGING['loggers']['django_auth_ldap'] = {
374 'handlers': ['console'],
375 'level': 'DEBUG'
376}