diff --git a/config.yml b/config.yml new file mode 100644 index 0000000..2606666 --- /dev/null +++ b/config.yml @@ -0,0 +1,4 @@ +# While a lot of configuration in Sentry can be changed via the UI, for all +# new-style config (as of 8.0) you can also declare values here in this file +# to enforce defaults or to ensure they cannot be changed via the UI. For more +# information see the Sentry documentation. diff --git a/sentry.conf.py b/sentry.conf.py new file mode 100644 index 0000000..33a787f --- /dev/null +++ b/sentry.conf.py @@ -0,0 +1,253 @@ +# This file is just Python, with a touch of Django which means +# you can inherit and tweak settings to your hearts content. + +# For Docker, the following environment variables are supported: +# SENTRY_POSTGRES_HOST +# SENTRY_POSTGRES_PORT +# SENTRY_DB_NAME +# SENTRY_DB_USER +# SENTRY_DB_PASSWORD +# SENTRY_REDIS_HOST +# SENTRY_REDIS_PORT +# SENTRY_REDIS_DB +# SENTRY_MEMCACHED_HOST +# SENTRY_MEMCACHED_PORT +# SENTRY_FILESTORE_DIR +# SENTRY_SERVER_EMAIL +# SENTRY_EMAIL_HOST +# SENTRY_EMAIL_PORT +# SENTRY_EMAIL_USER +# SENTRY_EMAIL_PASSWORD +# SENTRY_EMAIL_USE_TLS +# SENTRY_MAILGUN_API_KEY +# SENTRY_SINGLE_ORGANIZATION +# SENTRY_SECRET_KEY +from sentry.conf.server import * # NOQA +from sentry.utils.types import Bool + +import os +import os.path + +CONF_ROOT = os.path.dirname(__file__) + +postgres = os.environ.get('SENTRY_POSTGRES_HOST') or (os.environ.get('POSTGRES_PORT_5432_TCP_ADDR') and 'postgres') +if postgres: + DATABASES = { + 'default': { + 'ENGINE': 'sentry.db.postgres', + 'NAME': ( + os.environ.get('SENTRY_DB_NAME') + or os.environ.get('POSTGRES_ENV_POSTGRES_USER') + or 'postgres' + ), + 'USER': ( + os.environ.get('SENTRY_DB_USER') + or os.environ.get('POSTGRES_ENV_POSTGRES_USER') + or 'postgres' + ), + 'PASSWORD': ( + os.environ.get('SENTRY_DB_PASSWORD') + or os.environ.get('POSTGRES_ENV_POSTGRES_PASSWORD') + or '' + ), + 'HOST': postgres, + 'PORT': ( + os.environ.get('SENTRY_POSTGRES_PORT') + or '' + ), + 'OPTIONS': { + 'autocommit': True, + }, + }, + } + +# You should not change this setting after your database has been created +# unless you have altered all schemas first +SENTRY_USE_BIG_INTS = True + +# If you're expecting any kind of real traffic on Sentry, we highly recommend +# configuring the CACHES and Redis settings + +########### +# General # +########### + +# Instruct Sentry that this install intends to be run by a single organization +# and thus various UI optimizations should be enabled. +SENTRY_SINGLE_ORGANIZATION = Bool(os.environ.get('SENTRY_SINGLE_ORGANIZATION', True)) + +######### +# Redis # +######### + +# Generic Redis configuration used as defaults for various things including: +# Buffers, Quotas, TSDB + +redis = os.environ.get('SENTRY_REDIS_HOST') or (os.environ.get('REDIS_PORT_6379_TCP_ADDR') and 'redis') +if not redis: + raise Exception('Error: REDIS_PORT_6379_TCP_ADDR (or SENTRY_REDIS_HOST) is undefined, did you forget to `--link` a redis container?') + +redis_port = os.environ.get('SENTRY_REDIS_PORT') or '6379' +redis_db = os.environ.get('SENTRY_REDIS_DB') or '0' + +SENTRY_REDIS_OPTIONS = { + 'hosts': { + 0: { + 'host': redis, + 'port': redis_port, + 'db': redis_db, + }, + }, +} + +######### +# Cache # +######### + +# Sentry currently utilizes two separate mechanisms. While CACHES is not a +# requirement, it will optimize several high throughput patterns. + +memcached = os.environ.get('SENTRY_MEMCACHED_HOST') or (os.environ.get('MEMCACHED_PORT_11211_TCP_ADDR') and 'memcached') +if memcached: + memcached_port = ( + os.environ.get('SENTRY_MEMCACHED_PORT') + or '11211' + ) + CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': [memcached + ':' + memcached_port], + 'TIMEOUT': 3600, + } + } + +# A primary cache is required for things such as processing events +SENTRY_CACHE = 'sentry.cache.redis.RedisCache' +SENTRY_CACHE_OPTIONS = SENTRY_REDIS_OPTIONS + +######### +# Queue # +######### + +# See https://docs.getsentry.com/on-premise/server/queue/ for more +# information on configuring your queue broker and workers. Sentry relies +# on a Python framework called Celery to manage queues. + +CELERY_ALWAYS_EAGER = False +BROKER_URL = 'redis://' + redis + ':' + redis_port + '/' + redis_db + +############### +# Rate Limits # +############### + +# Rate limits apply to notification handlers and are enforced per-project +# automatically. + +SENTRY_RATELIMITER = 'sentry.ratelimits.redis.RedisRateLimiter' + +################## +# Update Buffers # +################## + +# Buffers (combined with queueing) act as an intermediate layer between the +# database and the storage API. They will greatly improve efficiency on large +# numbers of the same events being sent to the API in a short amount of time. +# (read: if you send any kind of real data to Sentry, you should enable buffers) + +SENTRY_BUFFER = 'sentry.buffer.redis.RedisBuffer' + +########## +# Quotas # +########## + +# Quotas allow you to rate limit individual projects or the Sentry install as +# a whole. + +SENTRY_QUOTAS = 'sentry.quotas.redis.RedisQuota' + +######## +# TSDB # +######## + +# The TSDB is used for building charts as well as making things like per-rate +# alerts possible. + +SENTRY_TSDB = 'sentry.tsdb.redis.RedisTSDB' + +########### +# Digests # +########### + +# The digest backend powers notification summaries. + +SENTRY_DIGESTS = 'sentry.digests.backends.redis.RedisBackend' + +################ +# File storage # +################ + +# Any Django storage backend is compatible with Sentry. For more solutions see +# the django-storages package: https://django-storages.readthedocs.org/en/latest/ + +SENTRY_FILESTORE = 'django.core.files.storage.FileSystemStorage' +SENTRY_FILESTORE_OPTIONS = { + 'location': os.environ['SENTRY_FILESTORE_DIR'], +} + +############## +# Web Server # +############## + +# If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto +# header and set `SENTRY_USE_SSL=1` + +if Bool(os.environ.get('SENTRY_USE_SSL', False)): + SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') + SESSION_COOKIE_SECURE = True + CSRF_COOKIE_SECURE = True + +SENTRY_WEB_HOST = '0.0.0.0' +SENTRY_WEB_PORT = 9000 +SENTRY_WEB_OPTIONS = { + # 'workers': 3, # the number of web workers +} + +############### +# Mail Server # +############### + +# For more information check Django's documentation: +# https://docs.djangoproject.com/en/1.6/topics/email/ + +email = os.environ.get('SENTRY_EMAIL_HOST') or (os.environ.get('SMTP_PORT_25_TCP_ADDR') and 'smtp') +if email: + EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' + EMAIL_HOST = email + EMAIL_HOST_PASSWORD = os.environ.get('SENTRY_EMAIL_PASSWORD') or '' + EMAIL_HOST_USER = os.environ.get('SENTRY_EMAIL_USER') or '' + EMAIL_PORT = int(os.environ.get('SENTRY_EMAIL_PORT') or 25) + EMAIL_USE_TLS = Bool(os.environ.get('SENTRY_EMAIL_USE_TLS', False)) +else: + EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' + +# The email address to send on behalf of +SERVER_EMAIL = os.environ.get('SENTRY_SERVER_EMAIL') or 'root@localhost' + +# If you're using mailgun for inbound mail, set your API key and configure a +# route to forward to /api/hooks/mailgun/inbound/ +MAILGUN_API_KEY = os.environ.get('SENTRY_MAILGUN_API_KEY') or '' + +# If this value ever becomes compromised, it's important to regenerate your +# SENTRY_SECRET_KEY. Changing this value will result in all current sessions +# being invalidated. +SECRET_KEY = os.environ.get('SENTRY_SECRET_KEY') +if not SECRET_KEY: + raise Exception('Error: SENTRY_SECRET_KEY is undefined, run `generate-secret-key` and set to -e SENTRY_SECRET_KEY') + +if len(SECRET_KEY) < 32: + print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') + print('!! CAUTION !!') + print('!! Your SECRET_KEY is potentially insecure. !!') + print('!! We recommend at least 32 characters long. !!') + print('!! Regenerate with `generate-secret-key`. !!') + print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')