SHARE
TWEET

Untitled

a guest Apr 2nd, 2019 151 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # This file is just Python, with a touch of Django which means
  2. # you can inherit and tweak settings to your hearts content.
  3.  
  4. # For Docker, the following environment variables are supported:
  5. #  SENTRY_MYSQL_HOST
  6. #  SENTRY_MYSQL_PORT
  7. #  SENTRY_DB_NAME
  8. #  SENTRY_DB_USER
  9. #  SENTRY_DB_PASSWORD
  10. #  SENTRY_RABBITMQ_HOST
  11. #  SENTRY_RABBITMQ_USERNAME
  12. #  SENTRY_RABBITMQ_PASSWORD
  13. #  SENTRY_RABBITMQ_VHOST
  14. #  SENTRY_REDIS_HOST
  15. #  SENTRY_REDIS_PASSWORD
  16. #  SENTRY_REDIS_PORT
  17. #  SENTRY_REDIS_DB
  18. #  SENTRY_MEMCACHED_HOST
  19. #  SENTRY_MEMCACHED_PORT
  20. #  SENTRY_FILESTORE_DIR
  21. #  SENTRY_SERVER_EMAIL
  22. #  SENTRY_EMAIL_HOST
  23. #  SENTRY_EMAIL_PORT
  24. #  SENTRY_EMAIL_USER
  25. #  SENTRY_EMAIL_PASSWORD
  26. #  SENTRY_EMAIL_USE_TLS
  27. #  SENTRY_ENABLE_EMAIL_REPLIES
  28. #  SENTRY_SMTP_HOSTNAME
  29. #  SENTRY_MAILGUN_API_KEY
  30. #  SENTRY_SINGLE_ORGANIZATION
  31. #  SENTRY_SECRET_KEY
  32. #  SLACK_CLIENT_ID
  33. #  SLACK_CLIENT_SECRET
  34. #  SLACK_VERIFICATION_TOKEN
  35. #  GITHUB_APP_ID
  36. #  GITHUB_API_SECRET
  37. #  BITBUCKET_CONSUMER_KEY
  38. #  BITBUCKET_CONSUMER_SECRET
  39. from sentry.conf.server import *  # NOQA
  40.  
  41. import os
  42. import os.path
  43.  
  44. CONF_ROOT = os.path.dirname(__file__)
  45.  
  46. mysql = env('SENTRY_MYSQL_HOST')
  47. if mysql:
  48.     DATABASES = {
  49.         'default': {
  50.             'ENGINE': 'django.db.backends.mysql',
  51.             'NAME': (
  52.                 env('SENTRY_DB_NAME')
  53.                 or 'sentry'
  54.             ),
  55.             'USER': (
  56.                 env('SENTRY_DB_USER')
  57.                 or 'sentry'
  58.             ),
  59.             'PASSWORD': (
  60.                 env('SENTRY_DB_PASSWORD')
  61.                 or ''
  62.             ),
  63.             'HOST': mysql,
  64.             'PORT': (
  65.                 env('SENTRY_MYSQL_PORT')
  66.                 or '3306'
  67.             ),
  68.             'OPTIONS': {
  69.                 'autocommit': True,
  70.             },
  71.         },
  72.     }
  73.  
  74. # You should not change this setting after your database has been created
  75. # unless you have altered all schemas first
  76. SENTRY_USE_BIG_INTS = True
  77.  
  78. # If you're expecting any kind of real traffic on Sentry, we highly recommend
  79. # configuring the CACHES and Redis settings
  80.  
  81. ###########
  82. # General #
  83. ###########
  84.  
  85. # Instruct Sentry that this install intends to be run by a single organization
  86. # and thus various UI optimizations should be enabled.
  87. SENTRY_SINGLE_ORGANIZATION = env('SENTRY_SINGLE_ORGANIZATION', True)
  88.  
  89. #########
  90. # Redis #
  91. #########
  92.  
  93. # Generic Redis configuration used as defaults for various things including:
  94. # Buffers, Quotas, TSDB
  95.  
  96. redis = env('SENTRY_REDIS_HOST') or (env('REDIS_PORT_6379_TCP_ADDR') and 'redis')
  97. if not redis:
  98.     raise Exception('Error: REDIS_PORT_6379_TCP_ADDR (or SENTRY_REDIS_HOST) is undefined, did you forget to `--link` a redis container?')
  99.  
  100. redis_password = env('SENTRY_REDIS_PASSWORD') or ''
  101. redis_port = env('SENTRY_REDIS_PORT') or '6379'
  102. redis_db = env('SENTRY_REDIS_DB') or '0'
  103.  
  104. SENTRY_OPTIONS.update({
  105.     'redis.clusters': {
  106.         'default': {
  107.             'hosts': {
  108.                 0: {
  109.                     'host': redis,
  110.                     'password': redis_password,
  111.                     'port': redis_port,
  112.                     'db': redis_db,
  113.                 },
  114.             },
  115.         },
  116.     },
  117. })
  118.  
  119. #########
  120. # Cache #
  121. #########
  122.  
  123. # Sentry currently utilizes two separate mechanisms. While CACHES is not a
  124. # requirement, it will optimize several high throughput patterns.
  125.  
  126. memcached = env('SENTRY_MEMCACHED_HOST') or (env('MEMCACHED_PORT_11211_TCP_ADDR') and 'memcached')
  127. if memcached:
  128.     memcached_port = (
  129.         env('SENTRY_MEMCACHED_PORT')
  130.         or '11211'
  131.     )
  132.     CACHES = {
  133.         'default': {
  134.             'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
  135.             'LOCATION': [memcached + ':' + memcached_port],
  136.             'TIMEOUT': 3600,
  137.         }
  138.     }
  139.  
  140. # A primary cache is required for things such as processing events
  141. SENTRY_CACHE = 'sentry.cache.redis.RedisCache'
  142.  
  143. #########
  144. # Queue #
  145. #########
  146.  
  147. # See https://docs.getsentry.com/on-premise/server/queue/ for more
  148. # information on configuring your queue broker and workers. Sentry relies
  149. # on a Python framework called Celery to manage queues.
  150.  
  151. rabbitmq = env('SENTRY_RABBITMQ_HOST') or (env('RABBITMQ_PORT_5672_TCP_ADDR') and 'rabbitmq')
  152.  
  153. if rabbitmq:
  154.     BROKER_URL = (
  155.         'amqp://' + (
  156.             env('SENTRY_RABBITMQ_USERNAME')
  157.             or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_USER')
  158.             or 'guest'
  159.         ) + ':' + (
  160.             env('SENTRY_RABBITMQ_PASSWORD')
  161.             or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_PASS')
  162.             or 'guest'
  163.         ) + '@' + rabbitmq + '/' + (
  164.             env('SENTRY_RABBITMQ_VHOST')
  165.             or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_VHOST')
  166.             or '/'
  167.         )
  168.     )
  169. else:
  170.     BROKER_URL = 'redis://:' + redis_password + '@' + redis + ':' + redis_port + '/' + redis_db
  171.  
  172.  
  173. ###############
  174. # Rate Limits #
  175. ###############
  176.  
  177. # Rate limits apply to notification handlers and are enforced per-project
  178. # automatically.
  179.  
  180. SENTRY_RATELIMITER = 'sentry.ratelimits.redis.RedisRateLimiter'
  181.  
  182. ##################
  183. # Update Buffers #
  184. ##################
  185.  
  186. # Buffers (combined with queueing) act as an intermediate layer between the
  187. # database and the storage API. They will greatly improve efficiency on large
  188. # numbers of the same events being sent to the API in a short amount of time.
  189. # (read: if you send any kind of real data to Sentry, you should enable buffers)
  190.  
  191. SENTRY_BUFFER = 'sentry.buffer.redis.RedisBuffer'
  192.  
  193. ##########
  194. # Quotas #
  195. ##########
  196.  
  197. # Quotas allow you to rate limit individual projects or the Sentry install as
  198. # a whole.
  199.  
  200. SENTRY_QUOTAS = 'sentry.quotas.redis.RedisQuota'
  201.  
  202. ########
  203. # TSDB #
  204. ########
  205.  
  206. # The TSDB is used for building charts as well as making things like per-rate
  207. # alerts possible.
  208.  
  209. SENTRY_TSDB = 'sentry.tsdb.redis.RedisTSDB'
  210.  
  211. ###########
  212. # Digests #
  213. ###########
  214.  
  215. # The digest backend powers notification summaries.
  216.  
  217. SENTRY_DIGESTS = 'sentry.digests.backends.redis.RedisBackend'
  218.  
  219. ################
  220. # File storage #
  221. ################
  222.  
  223. # Uploaded media uses these `filestore` settings. The available
  224. # backends are either `filesystem` or `s3`.
  225.  
  226. SENTRY_OPTIONS['filestore.backend'] = 'filesystem'
  227. SENTRY_OPTIONS['filestore.options'] = {
  228.     'location': env('SENTRY_FILESTORE_DIR'),
  229. }
  230.  
  231. ##############
  232. # Web Server #
  233. ##############
  234.  
  235. # If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto
  236. # header and set `SENTRY_USE_SSL=1`
  237.  
  238. if env('SENTRY_USE_SSL', False):
  239.     SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
  240.     SESSION_COOKIE_SECURE = True
  241.     CSRF_COOKIE_SECURE = True
  242.     SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
  243.  
  244. SENTRY_WEB_HOST = '0.0.0.0'
  245. SENTRY_WEB_PORT = 9000
  246. SENTRY_WEB_OPTIONS = {
  247.     # 'workers': 3,  # the number of web workers
  248. }
  249.  
  250. ###############
  251. # Mail Server #
  252. ###############
  253.  
  254.  
  255. email = env('SENTRY_EMAIL_HOST') or (env('SMTP_PORT_25_TCP_ADDR') and 'smtp')
  256. if email:
  257.     SENTRY_OPTIONS['mail.backend'] = 'smtp'
  258.     SENTRY_OPTIONS['mail.host'] = email
  259.     SENTRY_OPTIONS['mail.password'] = env('SENTRY_EMAIL_PASSWORD') or ''
  260.     SENTRY_OPTIONS['mail.username'] = env('SENTRY_EMAIL_USER') or ''
  261.     SENTRY_OPTIONS['mail.port'] = int(env('SENTRY_EMAIL_PORT') or 25)
  262.     SENTRY_OPTIONS['mail.use-tls'] = env('SENTRY_EMAIL_USE_TLS', False)
  263. else:
  264.     SENTRY_OPTIONS['mail.backend'] = 'dummy'
  265.  
  266. # The email address to send on behalf of
  267. SENTRY_OPTIONS['mail.from'] = env('SENTRY_SERVER_EMAIL') or 'root@localhost'
  268.  
  269. # If you're using mailgun for inbound mail, set your API key and configure a
  270. # route to forward to /api/hooks/mailgun/inbound/
  271. SENTRY_OPTIONS['mail.mailgun-api-key'] = env('SENTRY_MAILGUN_API_KEY') or ''
  272.  
  273. # If you specify a MAILGUN_API_KEY, you definitely want EMAIL_REPLIES
  274. if SENTRY_OPTIONS['mail.mailgun-api-key']:
  275.     SENTRY_OPTIONS['mail.enable-replies'] = True
  276. else:
  277.     SENTRY_OPTIONS['mail.enable-replies'] = env('SENTRY_ENABLE_EMAIL_REPLIES', False)
  278.  
  279. if SENTRY_OPTIONS['mail.enable-replies']:
  280.     SENTRY_OPTIONS['mail.reply-hostname'] = env('SENTRY_SMTP_HOSTNAME') or ''
  281.  
  282. #####################
  283. # SLACK INTEGRATION #
  284. #####################
  285. slack = env('SLACK_CLIENT_ID') and env('SLACK_CLIENT_SECRET')
  286. if slack:
  287.     SENTRY_OPTIONS['slack.client-id'] = env('SLACK_CLIENT_ID')
  288.     SENTRY_OPTIONS['slack.client-secret'] = env('SLACK_CLIENT_SECRET')
  289.     SENTRY_OPTIONS['slack.verification-token'] = env('SLACK_VERIFICATION_TOKEN') or ''
  290.  
  291. # If this value ever becomes compromised, it's important to regenerate your
  292. # SENTRY_SECRET_KEY. Changing this value will result in all current sessions
  293. # being invalidated.
  294. secret_key = env('SENTRY_SECRET_KEY')
  295. if not secret_key:
  296.     raise Exception('Error: SENTRY_SECRET_KEY is undefined, run `generate-secret-key` and set to -e SENTRY_SECRET_KEY')
  297.  
  298. if 'SENTRY_RUNNING_UWSGI' not in os.environ and len(secret_key) < 32:
  299.     print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
  300.     print('!!                    CAUTION                       !!')
  301.     print('!! Your SENTRY_SECRET_KEY is potentially insecure.  !!')
  302.     print('!!    We recommend at least 32 characters long.     !!')
  303.     print('!!     Regenerate with `generate-secret-key`.       !!')
  304.     print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
  305.  
  306. SENTRY_OPTIONS['system.secret-key'] = secret_key
  307.  
  308. if 'GITHUB_APP_ID' in os.environ:
  309.     GITHUB_EXTENDED_PERMISSIONS = ['repo']
  310.     GITHUB_APP_ID = env('GITHUB_APP_ID')
  311.     GITHUB_API_SECRET = env('GITHUB_API_SECRET')
  312.  
  313. if 'BITBUCKET_CONSUMER_KEY' in os.environ:
  314.     BITBUCKET_CONSUMER_KEY = env('BITBUCKET_CONSUMER_KEY')
  315.     BITBUCKET_CONSUMER_SECRET = env('BITBUCKET_CONSUMER_SECRET')
  316.  
  317. ### Ldap
  318.  
  319. import sys
  320. reload(sys)
  321. sys.setdefaultencoding('utf8')
  322. import ldap
  323.  
  324. from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType
  325.  
  326. AUTH_LDAP_ALWAYS_UPDATE_USER = True
  327. AUTH_LDAP_SERVER_URI = 'ldap://192.168.100.14:389'
  328. AUTH_LDAP_BIND_DN = 'sentry'
  329. AUTH_LDAP_BIND_PASSWORD = 'Qwerty12345'
  330. AUTH_LDAP_USER_SEARCH = LDAPSearch(u"dc=exmo,dc=lan",ldap.SCOPE_SUBTREE,u"(sAMAccountName=%(user)s)"
  331. )
  332.  
  333. AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
  334.     u'',
  335.     ldap.SCOPE_SUBTREE,
  336.     u'(objectClass=groupOfUniqueNames)'
  337. )
  338.  
  339. AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
  340. AUTH_LDAP_REQUIRE_GROUP = None
  341. AUTH_LDAP_DENY_GROUP = None
  342.  
  343. AUTH_LDAP_USER_ATTR_MAP = {
  344.     "username": "sAMAccountName",
  345.     "first_name": u"givenName",
  346.     "last_name": u"sn",
  347.     "email": "mail",
  348. }
  349.  
  350. AUTH_LDAP_FIND_GROUP_PERMS = False
  351. AUTH_LDAP_CACHE_GROUPS = True
  352. AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
  353.  
  354. AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
  355. AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
  356. AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
  357. AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False
  358.  
  359. SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )
  360.  
  361. AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
  362.     'sentry_ldap_auth.backend.SentryLdapBackend',
  363. )
  364.  
  365. # optional, for debugging
  366. import logging
  367. logger = logging.getLogger('django_auth_ldap')
  368. logger.addHandler(logging.StreamHandler())
  369. logger.addHandler(logging.FileHandler('/tmp/ldap2.log'))
  370. logger.setLevel('DEBUG')
  371.  
  372. LOGGING['overridable'] = ['sentry', 'django_auth_ldap']
  373. LOGGING['loggers']['django_auth_ldap'] = {
  374.     'handlers': ['console'],
  375.     'level': 'DEBUG'
  376. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top