2
0
This repository has been archived on 2020-07-19. You can view files and clone it, but cannot push or open issues or pull requests.
sentry-onpremise/sentry.conf.py

318 lines
9.5 KiB
Python
Raw Normal View History

2016-02-11 22:54:57 +01:00
# This file is just Python, with a touch of Django which means
# you can inherit and tweak settings to your hearts content.
# For Docker, the following environment variables are supported:
# SENTRY_POSTGRES_HOST
# SENTRY_POSTGRES_PORT
# SENTRY_DB_NAME
# SENTRY_DB_USER
# SENTRY_DB_PASSWORD
2016-05-23 19:10:25 +02:00
# SENTRY_RABBITMQ_HOST
# SENTRY_RABBITMQ_USERNAME
# SENTRY_RABBITMQ_PASSWORD
# SENTRY_RABBITMQ_VHOST
2016-02-11 22:54:57 +01:00
# SENTRY_REDIS_HOST
2016-11-07 18:12:32 +01:00
# SENTRY_REDIS_PASSWORD
2016-02-11 22:54:57 +01:00
# SENTRY_REDIS_PORT
# SENTRY_REDIS_DB
# SENTRY_MEMCACHED_HOST
# SENTRY_MEMCACHED_PORT
# SENTRY_FILESTORE_DIR
# SENTRY_SERVER_EMAIL
# SENTRY_EMAIL_HOST
# SENTRY_EMAIL_PORT
# SENTRY_EMAIL_USER
# SENTRY_EMAIL_PASSWORD
# SENTRY_EMAIL_USE_TLS
2016-05-23 19:10:25 +02:00
# SENTRY_ENABLE_EMAIL_REPLIES
# SENTRY_SMTP_HOSTNAME
2016-02-11 22:54:57 +01:00
# SENTRY_MAILGUN_API_KEY
# SENTRY_SINGLE_ORGANIZATION
# SENTRY_SECRET_KEY
# SLACK_CLIENT_ID
# SLACK_CLIENT_SECRET
# SLACK_VERIFICATION_TOKEN
2016-11-07 18:12:32 +01:00
# GITHUB_APP_ID
# GITHUB_API_SECRET
# BITBUCKET_CONSUMER_KEY
# BITBUCKET_CONSUMER_SECRET
2016-02-11 22:54:57 +01:00
from sentry.conf.server import * # NOQA
import os
import os.path
CONF_ROOT = os.path.dirname(__file__)
2016-05-23 19:10:25 +02:00
postgres = env('SENTRY_POSTGRES_HOST') or (env('POSTGRES_PORT_5432_TCP_ADDR') and 'postgres')
2016-02-11 22:54:57 +01:00
if postgres:
DATABASES = {
'default': {
'ENGINE': 'sentry.db.postgres',
'NAME': (
2016-05-23 19:10:25 +02:00
env('SENTRY_DB_NAME')
or env('POSTGRES_ENV_POSTGRES_USER')
2016-02-11 22:54:57 +01:00
or 'postgres'
),
'USER': (
2016-05-23 19:10:25 +02:00
env('SENTRY_DB_USER')
or env('POSTGRES_ENV_POSTGRES_USER')
2016-02-11 22:54:57 +01:00
or 'postgres'
),
'PASSWORD': (
2016-05-23 19:10:25 +02:00
env('SENTRY_DB_PASSWORD')
or env('POSTGRES_ENV_POSTGRES_PASSWORD')
2016-02-11 22:54:57 +01:00
or ''
),
'HOST': postgres,
'PORT': (
2016-05-23 19:10:25 +02:00
env('SENTRY_POSTGRES_PORT')
2016-02-11 22:54:57 +01:00
or ''
),
'OPTIONS': {
'autocommit': True,
},
},
}
# You should not change this setting after your database has been created
# unless you have altered all schemas first
SENTRY_USE_BIG_INTS = True
# If you're expecting any kind of real traffic on Sentry, we highly recommend
# configuring the CACHES and Redis settings
###########
# General #
###########
# Instruct Sentry that this install intends to be run by a single organization
# and thus various UI optimizations should be enabled.
SENTRY_SINGLE_ORGANIZATION = env('SENTRY_SINGLE_ORGANIZATION', True)
2016-02-11 22:54:57 +01:00
#########
# Redis #
#########
# Generic Redis configuration used as defaults for various things including:
# Buffers, Quotas, TSDB
2016-05-23 19:10:25 +02:00
redis = env('SENTRY_REDIS_HOST') or (env('REDIS_PORT_6379_TCP_ADDR') and 'redis')
2016-02-11 22:54:57 +01:00
if not redis:
raise Exception('Error: REDIS_PORT_6379_TCP_ADDR (or SENTRY_REDIS_HOST) is undefined, did you forget to `--link` a redis container?')
2016-11-07 18:12:32 +01:00
redis_password = env('SENTRY_REDIS_PASSWORD') or ''
2016-05-23 19:10:25 +02:00
redis_port = env('SENTRY_REDIS_PORT') or '6379'
redis_db = env('SENTRY_REDIS_DB') or '0'
2016-02-11 22:54:57 +01:00
2016-05-23 19:10:25 +02:00
SENTRY_OPTIONS.update({
'redis.clusters': {
'default': {
'hosts': {
0: {
'host': redis,
2016-11-07 18:12:32 +01:00
'password': redis_password,
2016-05-23 19:10:25 +02:00
'port': redis_port,
'db': redis_db,
},
},
2016-02-11 22:54:57 +01:00
},
},
2016-05-23 19:10:25 +02:00
})
2016-02-11 22:54:57 +01:00
#########
# Cache #
#########
# Sentry currently utilizes two separate mechanisms. While CACHES is not a
# requirement, it will optimize several high throughput patterns.
2016-05-23 19:10:25 +02:00
memcached = env('SENTRY_MEMCACHED_HOST') or (env('MEMCACHED_PORT_11211_TCP_ADDR') and 'memcached')
2016-02-11 22:54:57 +01:00
if memcached:
memcached_port = (
2016-05-23 19:10:25 +02:00
env('SENTRY_MEMCACHED_PORT')
2016-02-11 22:54:57 +01:00
or '11211'
)
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': [memcached + ':' + memcached_port],
'TIMEOUT': 3600,
}
}
# A primary cache is required for things such as processing events
SENTRY_CACHE = 'sentry.cache.redis.RedisCache'
#########
# Queue #
#########
# See https://docs.getsentry.com/on-premise/server/queue/ for more
# information on configuring your queue broker and workers. Sentry relies
# on a Python framework called Celery to manage queues.
2016-05-23 19:10:25 +02:00
rabbitmq = env('SENTRY_RABBITMQ_HOST') or (env('RABBITMQ_PORT_5672_TCP_ADDR') and 'rabbitmq')
if rabbitmq:
BROKER_URL = (
'amqp://' + (
env('SENTRY_RABBITMQ_USERNAME')
or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_USER')
or 'guest'
) + ':' + (
env('SENTRY_RABBITMQ_PASSWORD')
or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_PASS')
or 'guest'
) + '@' + rabbitmq + '/' + (
env('SENTRY_RABBITMQ_VHOST')
or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_VHOST')
or '/'
)
)
else:
2016-11-07 18:12:32 +01:00
BROKER_URL = 'redis://:' + redis_password + '@' + redis + ':' + redis_port + '/' + redis_db
2016-05-23 19:10:25 +02:00
2016-02-11 22:54:57 +01:00
###############
# Rate Limits #
###############
# Rate limits apply to notification handlers and are enforced per-project
# automatically.
SENTRY_RATELIMITER = 'sentry.ratelimits.redis.RedisRateLimiter'
##################
# Update Buffers #
##################
# Buffers (combined with queueing) act as an intermediate layer between the
# database and the storage API. They will greatly improve efficiency on large
# numbers of the same events being sent to the API in a short amount of time.
# (read: if you send any kind of real data to Sentry, you should enable buffers)
SENTRY_BUFFER = 'sentry.buffer.redis.RedisBuffer'
##########
# Quotas #
##########
# Quotas allow you to rate limit individual projects or the Sentry install as
# a whole.
SENTRY_QUOTAS = 'sentry.quotas.redis.RedisQuota'
########
# TSDB #
########
# The TSDB is used for building charts as well as making things like per-rate
# alerts possible.
SENTRY_TSDB = 'sentry.tsdb.redis.RedisTSDB'
###########
# Digests #
###########
# The digest backend powers notification summaries.
SENTRY_DIGESTS = 'sentry.digests.backends.redis.RedisBackend'
################
# File storage #
################
2016-11-07 18:12:32 +01:00
# Uploaded media uses these `filestore` settings. The available
# backends are either `filesystem` or `s3`.
2016-02-11 22:54:57 +01:00
2016-11-07 18:12:32 +01:00
SENTRY_OPTIONS['filestore.backend'] = 'filesystem'
SENTRY_OPTIONS['filestore.options'] = {
2016-05-23 19:10:25 +02:00
'location': env('SENTRY_FILESTORE_DIR'),
2016-02-11 22:54:57 +01:00
}
##############
# Web Server #
##############
# If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto
# header and set `SENTRY_USE_SSL=1`
if env('SENTRY_USE_SSL', False):
2016-02-11 22:54:57 +01:00
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
2016-11-07 18:12:32 +01:00
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
2016-02-11 22:54:57 +01:00
SENTRY_WEB_HOST = '0.0.0.0'
SENTRY_WEB_PORT = 9000
SENTRY_WEB_OPTIONS = {
# 'workers': 3, # the number of web workers
}
###############
# Mail Server #
###############
2016-05-23 19:10:25 +02:00
email = env('SENTRY_EMAIL_HOST') or (env('SMTP_PORT_25_TCP_ADDR') and 'smtp')
2016-02-11 22:54:57 +01:00
if email:
2016-05-23 19:10:25 +02:00
SENTRY_OPTIONS['mail.backend'] = 'smtp'
SENTRY_OPTIONS['mail.host'] = email
SENTRY_OPTIONS['mail.password'] = env('SENTRY_EMAIL_PASSWORD') or ''
SENTRY_OPTIONS['mail.username'] = env('SENTRY_EMAIL_USER') or ''
SENTRY_OPTIONS['mail.port'] = int(env('SENTRY_EMAIL_PORT') or 25)
SENTRY_OPTIONS['mail.use-tls'] = env('SENTRY_EMAIL_USE_TLS', False)
2016-02-11 22:54:57 +01:00
else:
2016-05-23 19:10:25 +02:00
SENTRY_OPTIONS['mail.backend'] = 'dummy'
2016-02-11 22:54:57 +01:00
# The email address to send on behalf of
2016-05-23 19:10:25 +02:00
SENTRY_OPTIONS['mail.from'] = env('SENTRY_SERVER_EMAIL') or 'root@localhost'
2016-02-11 22:54:57 +01:00
# If you're using mailgun for inbound mail, set your API key and configure a
# route to forward to /api/hooks/mailgun/inbound/
2016-05-23 19:10:25 +02:00
SENTRY_OPTIONS['mail.mailgun-api-key'] = env('SENTRY_MAILGUN_API_KEY') or ''
# If you specify a MAILGUN_API_KEY, you definitely want EMAIL_REPLIES
if SENTRY_OPTIONS['mail.mailgun-api-key']:
SENTRY_OPTIONS['mail.enable-replies'] = True
else:
SENTRY_OPTIONS['mail.enable-replies'] = env('SENTRY_ENABLE_EMAIL_REPLIES', False)
2016-05-23 19:10:25 +02:00
if SENTRY_OPTIONS['mail.enable-replies']:
SENTRY_OPTIONS['mail.reply-hostname'] = env('SENTRY_SMTP_HOSTNAME') or ''
2016-02-11 22:54:57 +01:00
#####################
# SLACK INTEGRATION #
#####################
slack = env('SLACK_CLIENT_ID') and env('SLACK_CLIENT_SECRET')
if slack:
SENTRY_OPTIONS['slack.client-id'] = env('SLACK_CLIENT_ID')
SENTRY_OPTIONS['slack.client-secret'] = env('SLACK_CLIENT_SECRET')
SENTRY_OPTIONS['slack.verification-token'] = env('SLACK_VERIFICATION_TOKEN') or ''
2016-02-11 22:54:57 +01:00
# If this value ever becomes compromised, it's important to regenerate your
# SENTRY_SECRET_KEY. Changing this value will result in all current sessions
# being invalidated.
2016-05-23 19:10:25 +02:00
secret_key = env('SENTRY_SECRET_KEY')
if not secret_key:
2016-02-11 22:54:57 +01:00
raise Exception('Error: SENTRY_SECRET_KEY is undefined, run `generate-secret-key` and set to -e SENTRY_SECRET_KEY')
2016-05-23 19:10:25 +02:00
if 'SENTRY_RUNNING_UWSGI' not in os.environ and len(secret_key) < 32:
print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
print('!! CAUTION !!')
print('!! Your SENTRY_SECRET_KEY is potentially insecure. !!')
print('!! We recommend at least 32 characters long. !!')
print('!! Regenerate with `generate-secret-key`. !!')
print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
SENTRY_OPTIONS['system.secret-key'] = secret_key
2016-11-07 18:12:32 +01:00
if 'GITHUB_APP_ID' in os.environ:
GITHUB_EXTENDED_PERMISSIONS = ['repo']
GITHUB_APP_ID = env('GITHUB_APP_ID')
GITHUB_API_SECRET = env('GITHUB_API_SECRET')
if 'BITBUCKET_CONSUMER_KEY' in os.environ:
BITBUCKET_CONSUMER_KEY = env('BITBUCKET_CONSUMER_KEY')
BITBUCKET_CONSUMER_SECRET = env('BITBUCKET_CONSUMER_SECRET')