feat(sentry10): Make on-premise work for Sentry 10 (#220)

2019-11-12 02:18:59 +03:00
parent e2b7c743af
commit 5d064c2224
17 changed files with 489 additions and 468 deletions
--- a/sentry/Dockerfile
+++ b/sentry/Dockerfile
@ -0,0 +1,18 @@
+ARG SENTRY_IMAGE
+FROM ${SENTRY_IMAGE:-getsentry/sentry:latest}
+
+WORKDIR /usr/src/sentry
+
+# Add WORKDIR to PYTHONPATH so local python files don't need to be installed
+ENV PYTHONPATH /usr/src/sentry
+COPY . /usr/src/sentry
+
+# Hook for installing additional plugins
+RUN if [ -s requirements.txt ]; then pip install -r requirements.txt; fi
+
+# Hook for installing a local app as an addon
+RUN if [ -s setup.py ]; then pip install -e .; fi
+
+# Hook for staging in custom configs
+RUN if [ -s sentry.conf.py ]; then cp sentry.conf.py $SENTRY_CONF/; fi \
+	&& if [ -s config.yml ]; then cp config.yml $SENTRY_CONF/; fi
--- a/sentry/config.example.yml
+++ b/sentry/config.example.yml
@ -0,0 +1,69 @@
+# While a lot of configuration in Sentry can be changed via the UI, for all
+# new-style config (as of 8.0) you can also declare values here in this file
+# to enforce defaults or to ensure they cannot be changed via the UI. For more
+# information see the Sentry documentation.
+
+###############
+# Mail Server #
+###############
+
+# mail.backend: 'smtp'  # Use dummy if you want to disable email entirely
+mail.host: 'smtp'
+# mail.port: 25
+# mail.username: ''
+# mail.password: ''
+# mail.use-tls: false
+# The email address to send on behalf of
+# mail.from: 'root@localhost'
+
+# If you'd like to configure email replies, enable this.
+# mail.enable-replies: true
+
+# When email-replies are enabled, this value is used in the Reply-To header
+# mail.reply-hostname: ''
+
+# If you're using mailgun for inbound mail, set your API key and configure a
+# route to forward to /api/hooks/mailgun/inbound/
+# Also don't forget to set `mail.enable-replies: true` above.
+# mail.mailgun-api-key: ''
+
+###################
+# System Settings #
+###################
+
+# If this file ever becomes compromised, it's important to regenerate your a new key
+# Changing this value will result in all current sessions being invalidated.
+# A new key can be generated with `$ sentry config generate-secret-key`
+system.secret-key: '!!changeme!!'
+
+# The ``redis.clusters`` setting is used, unsurprisingly, to configure Redis
+# clusters. These clusters can be then referred to by name when configuring
+# backends such as the cache, digests, or TSDB backend.
+# redis.clusters:
+#   default:
+#     hosts:
+#       0:
+#         host: 127.0.0.1
+#         port: 6379
+
+################
+# File storage #
+################
+
+# Uploaded media uses these `filestore` settings. The available
+# backends are either `filesystem` or `s3`.
+
+filestore.backend: 'filesystem'
+filestore.options:
+  location: '/var/lib/sentry/files'
+
+# filestore.backend: 's3'
+# filestore.options:
+#   access_key: 'AKIXXXXXX'
+#   secret_key: 'XXXXXXX'
+#   bucket_name: 's3-bucket-name'
+
+system.internal-url-prefix: 'http://web:9000'
+symbolicator.enabled: true
+symbolicator.options:
+  url: "http://symbolicator:3021"
--- a/sentry/requirements.example.txt
+++ b/sentry/requirements.example.txt
@ -0,0 +1 @@
+# Add plugins here
--- a/sentry/sentry.conf.example.py
+++ b/sentry/sentry.conf.example.py
@ -0,0 +1,223 @@
+# This file is just Python, with a touch of Django which means
+# you can inherit and tweak settings to your hearts content.
+
+from sentry.conf.server import *  # NOQA
+
+DATABASES = {
+    "default": {
+        "ENGINE": "sentry.db.postgres",
+        "NAME": "postgres",
+        "USER": "postgres",
+        "PASSWORD": "",
+        "HOST": "postgres",
+        "PORT": "",
+    }
+}
+
+# You should not change this setting after your database has been created
+# unless you have altered all schemas first
+SENTRY_USE_BIG_INTS = True
+
+# If you're expecting any kind of real traffic on Sentry, we highly recommend
+# configuring the CACHES and Redis settings
+
+###########
+# General #
+###########
+
+# Instruct Sentry that this install intends to be run by a single organization
+# and thus various UI optimizations should be enabled.
+SENTRY_SINGLE_ORGANIZATION = True
+
+#########
+# Redis #
+#########
+
+# Generic Redis configuration used as defaults for various things including:
+# Buffers, Quotas, TSDB
+
+SENTRY_OPTIONS["redis.clusters"] = {
+    "default": {
+        "hosts": {0: {"host": "redis", "password": "", "port": "6379", "db": "0"}}
+    }
+}
+
+#########
+# Queue #
+#########
+
+# See https://docs.getsentry.com/on-premise/server/queue/ for more
+# information on configuring your queue broker and workers. Sentry relies
+# on a Python framework called Celery to manage queues.
+
+rabbitmq_host = None
+if rabbitmq_host:
+    BROKER_URL = "amqp://{username}:{password}@{host}/{vhost}".format(
+        username="guest", password="guest", host=rabbitmq_host, vhost="/"
+    )
+else:
+    BROKER_URL = "redis://:{password}@{host}:{port}/{db}".format(
+        **SENTRY_OPTIONS["redis.clusters"]["default"]["hosts"][0]
+    )
+
+
+#########
+# Cache #
+#########
+
+# Sentry currently utilizes two separate mechanisms. While CACHES is not a
+# requirement, it will optimize several high throughput patterns.
+
+CACHES = {
+    "default": {
+        "BACKEND": "django.core.cache.backends.memcached.MemcachedCache",
+        "LOCATION": ["memcached:11211"],
+        "TIMEOUT": 3600,
+    }
+}
+
+# A primary cache is required for things such as processing events
+SENTRY_CACHE = "sentry.cache.redis.RedisCache"
+
+DEFAULT_KAFKA_OPTIONS = {
+    "bootstrap.servers": "kafka:9092",
+    "message.max.bytes": 50000000,
+    "socket.timeout.ms": 1000,
+}
+
+SENTRY_EVENTSTREAM = "sentry.eventstream.kafka.KafkaEventStream"
+SENTRY_EVENTSTREAM_OPTIONS = {"producer_configuration": DEFAULT_KAFKA_OPTIONS}
+
+KAFKA_CLUSTERS["default"] = DEFAULT_KAFKA_OPTIONS
+
+###############
+# Rate Limits #
+###############
+
+# Rate limits apply to notification handlers and are enforced per-project
+# automatically.
+
+SENTRY_RATELIMITER = "sentry.ratelimits.redis.RedisRateLimiter"
+
+##################
+# Update Buffers #
+##################
+
+# Buffers (combined with queueing) act as an intermediate layer between the
+# database and the storage API. They will greatly improve efficiency on large
+# numbers of the same events being sent to the API in a short amount of time.
+# (read: if you send any kind of real data to Sentry, you should enable buffers)
+
+SENTRY_BUFFER = "sentry.buffer.redis.RedisBuffer"
+
+##########
+# Quotas #
+##########
+
+# Quotas allow you to rate limit individual projects or the Sentry install as
+# a whole.
+
+SENTRY_QUOTAS = "sentry.quotas.redis.RedisQuota"
+
+########
+# TSDB #
+########
+
+# The TSDB is used for building charts as well as making things like per-rate
+# alerts possible.
+
+SENTRY_TSDB = "sentry.tsdb.redissnuba.RedisSnubaTSDB"
+
+#########
+# SNUBA #
+#########
+
+SENTRY_SEARCH = "sentry.search.snuba.SnubaSearchBackend"
+SENTRY_SEARCH_OPTIONS = {}
+SENTRY_TAGSTORE_OPTIONS = {}
+
+###########
+# Digests #
+###########
+
+# The digest backend powers notification summaries.
+
+SENTRY_DIGESTS = "sentry.digests.backends.redis.RedisBackend"
+
+##############
+# Web Server #
+##############
+
+SENTRY_WEB_HOST = "0.0.0.0"
+SENTRY_WEB_PORT = 9000
+SENTRY_WEB_OPTIONS = {
+    "http": "%s:%s" % (SENTRY_WEB_HOST, SENTRY_WEB_PORT),
+    "protocol": "uwsgi",
+    # This is needed to prevent https://git.io/fj7Lw
+    "uwsgi-socket": None,
+    "http-keepalive": True,
+    "memory-report": False,
+    # 'workers': 3,  # the number of web workers
+}
+
+###########
+# SSL/TLS #
+###########
+
+# If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto
+# header and enable the settings below
+
+# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+# SESSION_COOKIE_SECURE = True
+# CSRF_COOKIE_SECURE = True
+# SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
+
+# End of SSL/TLS settings
+
+############
+# Features #
+############
+
+SENTRY_FEATURES["projects:sample-events"] = False
+SENTRY_FEATURES.update(
+    {
+        feature: True
+        for feature in (
+            "organizations:discover",
+            "organizations:events",
+            "organizations:global-views",
+            "organizations:integrations-issue-basic",
+            "organizations:integrations-issue-sync",
+            "organizations:invite-members",
+            "organizations:new-issue-ui",
+            "organizations:repos",
+            "organizations:require-2fa",
+            "organizations:sentry10",
+            "organizations:sso-basic",
+            "organizations:sso-rippling",
+            "organizations:sso-saml2",
+            "organizations:suggested-commits",
+            "projects:custom-inbound-filters",
+            "projects:data-forwarding",
+            "projects:discard-groups",
+            "projects:plugins",
+            "projects:rate-limits",
+            "projects:servicehooks",
+        )
+    }
+)
+
+######################
+# GitHub Integration #
+#####################
+
+# GITHUB_APP_ID = 'YOUR_GITHUB_APP_ID'
+# GITHUB_API_SECRET = 'YOUR_GITHUB_API_SECRET'
+# GITHUB_EXTENDED_PERMISSIONS = ['repo']
+
+#########################
+# Bitbucket Integration #
+########################
+
+# BITBUCKET_CONSUMER_KEY = 'YOUR_BITBUCKET_CONSUMER_KEY'
+# BITBUCKET_CONSUMER_SECRET = 'YOUR_BITBUCKET_CONSUMER_SECRET'