# This file is just Python, with a touch of Django which means# you can inheri

1. # This file is just Python, with a touch of Django which means
2. # you can inherit and tweak settings to your hearts content.
3.  
4. # For Docker, the following environment variables are supported:
5. #  SENTRY_MYSQL_HOST
6. #  SENTRY_MYSQL_PORT
7. #  SENTRY_DB_NAME
8. #  SENTRY_DB_USER
9. #  SENTRY_DB_PASSWORD
10. #  SENTRY_RABBITMQ_HOST
11. #  SENTRY_RABBITMQ_USERNAME
12. #  SENTRY_RABBITMQ_PASSWORD
13. #  SENTRY_RABBITMQ_VHOST
14. #  SENTRY_REDIS_HOST
15. #  SENTRY_REDIS_PASSWORD
16. #  SENTRY_REDIS_PORT
17. #  SENTRY_REDIS_DB
18. #  SENTRY_MEMCACHED_HOST
19. #  SENTRY_MEMCACHED_PORT
20. #  SENTRY_FILESTORE_DIR
21. #  SENTRY_SERVER_EMAIL
22. #  SENTRY_EMAIL_HOST
23. #  SENTRY_EMAIL_PORT
24. #  SENTRY_EMAIL_USER
25. #  SENTRY_EMAIL_PASSWORD
26. #  SENTRY_EMAIL_USE_TLS
27. #  SENTRY_ENABLE_EMAIL_REPLIES
28. #  SENTRY_SMTP_HOSTNAME
29. #  SENTRY_MAILGUN_API_KEY
30. #  SENTRY_SINGLE_ORGANIZATION
31. #  SENTRY_SECRET_KEY
32. #  SLACK_CLIENT_ID
33. #  SLACK_CLIENT_SECRET
34. #  SLACK_VERIFICATION_TOKEN
35. #  GITHUB_APP_ID
36. #  GITHUB_API_SECRET
37. #  BITBUCKET_CONSUMER_KEY
38. #  BITBUCKET_CONSUMER_SECRET
39. from sentry.conf.server import *  # NOQA
40.  
41. import os
42. import os.path
43.  
44. CONF_ROOT = os.path.dirname(__file__)
45.  
46. mysql = env('SENTRY_MYSQL_HOST')
47. if mysql:
48.     DATABASES = {
49.         'default': {
50.             'ENGINE': 'django.db.backends.mysql',
51.             'NAME': (
52.                 env('SENTRY_DB_NAME')
53.                 or 'sentry'
54.             ),
55.             'USER': (
56.                 env('SENTRY_DB_USER')
57.                 or 'sentry'
58.             ),
59.             'PASSWORD': (
60.                 env('SENTRY_DB_PASSWORD')
61.                 or ''
62.             ),
63.             'HOST': mysql,
64.             'PORT': (
65.                 env('SENTRY_MYSQL_PORT')
66.                 or '3306'
67.             ),
68.             'OPTIONS': {
69.                 'autocommit': True,
70.             },
71.         },
72.     }
73.  
74. # You should not change this setting after your database has been created
75. # unless you have altered all schemas first
76. SENTRY_USE_BIG_INTS = True
77.  
78. # If you're expecting any kind of real traffic on Sentry, we highly recommend
79. # configuring the CACHES and Redis settings
80.  
81. ###########
82. # General #
83. ###########
84.  
85. # Instruct Sentry that this install intends to be run by a single organization
86. # and thus various UI optimizations should be enabled.
87. SENTRY_SINGLE_ORGANIZATION = env('SENTRY_SINGLE_ORGANIZATION', True)
88.  
89. #########
90. # Redis #
91. #########
92.  
93. # Generic Redis configuration used as defaults for various things including:
94. # Buffers, Quotas, TSDB
95.  
96. redis = env('SENTRY_REDIS_HOST') or (env('REDIS_PORT_6379_TCP_ADDR') and 'redis')
97. if not redis:
98.     raise Exception('Error: REDIS_PORT_6379_TCP_ADDR (or SENTRY_REDIS_HOST) is undefined, did you forget to `--link` a redis container?')
99.  
100. redis_password = env('SENTRY_REDIS_PASSWORD') or ''
101. redis_port = env('SENTRY_REDIS_PORT') or '6379'
102. redis_db = env('SENTRY_REDIS_DB') or '0'
103.  
104. SENTRY_OPTIONS.update({
105.     'redis.clusters': {
106.         'default': {
107.             'hosts': {
108.                 0: {
109.                     'host': redis,
110.                     'password': redis_password,
111.                     'port': redis_port,
112.                     'db': redis_db,
113.                 },
114.             },
115.         },
116.     },
117. })
118.  
119. #########
120. # Cache #
121. #########
122.  
123. # Sentry currently utilizes two separate mechanisms. While CACHES is not a
124. # requirement, it will optimize several high throughput patterns.
125.  
126. memcached = env('SENTRY_MEMCACHED_HOST') or (env('MEMCACHED_PORT_11211_TCP_ADDR') and 'memcached')
127. if memcached:
128.     memcached_port = (
129.         env('SENTRY_MEMCACHED_PORT')
130.         or '11211'
131.     )
132.     CACHES = {
133.         'default': {
134.             'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
135.             'LOCATION': [memcached + ':' + memcached_port],
136.             'TIMEOUT': 3600,
137.         }
138.     }
139.  
140. # A primary cache is required for things such as processing events
141. SENTRY_CACHE = 'sentry.cache.redis.RedisCache'
142.  
143. #########
144. # Queue #
145. #########
146.  
147. # See https://docs.getsentry.com/on-premise/server/queue/ for more
148. # information on configuring your queue broker and workers. Sentry relies
149. # on a Python framework called Celery to manage queues.
150.  
151. rabbitmq = env('SENTRY_RABBITMQ_HOST') or (env('RABBITMQ_PORT_5672_TCP_ADDR') and 'rabbitmq')
152.  
153. if rabbitmq:
154.     BROKER_URL = (
155.         'amqp://' + (
156.             env('SENTRY_RABBITMQ_USERNAME')
157.             or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_USER')
158.             or 'guest'
159.         ) + ':' + (
160.             env('SENTRY_RABBITMQ_PASSWORD')
161.             or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_PASS')
162.             or 'guest'
163.         ) + '@' + rabbitmq + '/' + (
164.             env('SENTRY_RABBITMQ_VHOST')
165.             or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_VHOST')
166.             or '/'
167.         )
168.     )
169. else:
170.     BROKER_URL = 'redis://:' + redis_password + '@' + redis + ':' + redis_port + '/' + redis_db
171.  
172.  
173. ###############
174. # Rate Limits #
175. ###############
176.  
177. # Rate limits apply to notification handlers and are enforced per-project
178. # automatically.
179.  
180. SENTRY_RATELIMITER = 'sentry.ratelimits.redis.RedisRateLimiter'
181.  
182. ##################
183. # Update Buffers #
184. ##################
185.  
186. # Buffers (combined with queueing) act as an intermediate layer between the
187. # database and the storage API. They will greatly improve efficiency on large
188. # numbers of the same events being sent to the API in a short amount of time.
189. # (read: if you send any kind of real data to Sentry, you should enable buffers)
190.  
191. SENTRY_BUFFER = 'sentry.buffer.redis.RedisBuffer'
192.  
193. ##########
194. # Quotas #
195. ##########
196.  
197. # Quotas allow you to rate limit individual projects or the Sentry install as
198. # a whole.
199.  
200. SENTRY_QUOTAS = 'sentry.quotas.redis.RedisQuota'
201.  
202. ########
203. # TSDB #
204. ########
205.  
206. # The TSDB is used for building charts as well as making things like per-rate
207. # alerts possible.
208.  
209. SENTRY_TSDB = 'sentry.tsdb.redis.RedisTSDB'
210.  
211. ###########
212. # Digests #
213. ###########
214.  
215. # The digest backend powers notification summaries.
216.  
217. SENTRY_DIGESTS = 'sentry.digests.backends.redis.RedisBackend'
218.  
219. ################
220. # File storage #
221. ################
222.  
223. # Uploaded media uses these `filestore` settings. The available
224. # backends are either `filesystem` or `s3`.
225.  
226. SENTRY_OPTIONS['filestore.backend'] = 'filesystem'
227. SENTRY_OPTIONS['filestore.options'] = {
228.     'location': env('SENTRY_FILESTORE_DIR'),
229. }
230.  
231. ##############
232. # Web Server #
233. ##############
234.  
235. # If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto
236. # header and set `SENTRY_USE_SSL=1`
237.  
238. if env('SENTRY_USE_SSL', False):
239.     SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
240.     SESSION_COOKIE_SECURE = True
241.     CSRF_COOKIE_SECURE = True
242.     SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
243.  
244. SENTRY_WEB_HOST = '0.0.0.0'
245. SENTRY_WEB_PORT = 9000
246. SENTRY_WEB_OPTIONS = {
247.     # 'workers': 3,  # the number of web workers
248. }
249.  
250. ###############
251. # Mail Server #
252. ###############
253.  
254.  
255. email = env('SENTRY_EMAIL_HOST') or (env('SMTP_PORT_25_TCP_ADDR') and 'smtp')
256. if email:
257.     SENTRY_OPTIONS['mail.backend'] = 'smtp'
258.     SENTRY_OPTIONS['mail.host'] = email
259.     SENTRY_OPTIONS['mail.password'] = env('SENTRY_EMAIL_PASSWORD') or ''
260.     SENTRY_OPTIONS['mail.username'] = env('SENTRY_EMAIL_USER') or ''
261.     SENTRY_OPTIONS['mail.port'] = int(env('SENTRY_EMAIL_PORT') or 25)
262.     SENTRY_OPTIONS['mail.use-tls'] = env('SENTRY_EMAIL_USE_TLS', False)
263. else:
264.     SENTRY_OPTIONS['mail.backend'] = 'dummy'
265.  
266. # The email address to send on behalf of
267. SENTRY_OPTIONS['mail.from'] = env('SENTRY_SERVER_EMAIL') or 'root@localhost'
268.  
269. # If you're using mailgun for inbound mail, set your API key and configure a
270. # route to forward to /api/hooks/mailgun/inbound/
271. SENTRY_OPTIONS['mail.mailgun-api-key'] = env('SENTRY_MAILGUN_API_KEY') or ''
272.  
273. # If you specify a MAILGUN_API_KEY, you definitely want EMAIL_REPLIES
274. if SENTRY_OPTIONS['mail.mailgun-api-key']:
275.     SENTRY_OPTIONS['mail.enable-replies'] = True
276. else:
277.     SENTRY_OPTIONS['mail.enable-replies'] = env('SENTRY_ENABLE_EMAIL_REPLIES', False)
278.  
279. if SENTRY_OPTIONS['mail.enable-replies']:
280.     SENTRY_OPTIONS['mail.reply-hostname'] = env('SENTRY_SMTP_HOSTNAME') or ''
281.  
282. #####################
283. # SLACK INTEGRATION #
284. #####################
285. slack = env('SLACK_CLIENT_ID') and env('SLACK_CLIENT_SECRET')
286. if slack:
287.     SENTRY_OPTIONS['slack.client-id'] = env('SLACK_CLIENT_ID')
288.     SENTRY_OPTIONS['slack.client-secret'] = env('SLACK_CLIENT_SECRET')
289.     SENTRY_OPTIONS['slack.verification-token'] = env('SLACK_VERIFICATION_TOKEN') or ''
290.  
291. # If this value ever becomes compromised, it's important to regenerate your
292. # SENTRY_SECRET_KEY. Changing this value will result in all current sessions
293. # being invalidated.
294. secret_key = env('SENTRY_SECRET_KEY')
295. if not secret_key:
296.     raise Exception('Error: SENTRY_SECRET_KEY is undefined, run `generate-secret-key` and set to -e SENTRY_SECRET_KEY')
297.  
298. if 'SENTRY_RUNNING_UWSGI' not in os.environ and len(secret_key) < 32:
299.     print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
300.     print('!!                    CAUTION                       !!')
301.     print('!! Your SENTRY_SECRET_KEY is potentially insecure.  !!')
302.     print('!!    We recommend at least 32 characters long.     !!')
303.     print('!!     Regenerate with `generate-secret-key`.       !!')
304.     print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
305.  
306. SENTRY_OPTIONS['system.secret-key'] = secret_key
307.  
308. if 'GITHUB_APP_ID' in os.environ:
309.     GITHUB_EXTENDED_PERMISSIONS = ['repo']
310.     GITHUB_APP_ID = env('GITHUB_APP_ID')
311.     GITHUB_API_SECRET = env('GITHUB_API_SECRET')
312.  
313. if 'BITBUCKET_CONSUMER_KEY' in os.environ:
314.     BITBUCKET_CONSUMER_KEY = env('BITBUCKET_CONSUMER_KEY')
315.     BITBUCKET_CONSUMER_SECRET = env('BITBUCKET_CONSUMER_SECRET')
316.  
317. ### Ldap
318.  
319. import sys
320. reload(sys)
321. sys.setdefaultencoding('utf8')
322. import ldap
323.  
324. from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType
325.  
326. AUTH_LDAP_ALWAYS_UPDATE_USER = True
327. AUTH_LDAP_SERVER_URI = 'ldap://192.168.100.14:389'
328. AUTH_LDAP_BIND_DN = 'sentry'
329. AUTH_LDAP_BIND_PASSWORD = 'Qwerty12345'
330. AUTH_LDAP_USER_SEARCH = LDAPSearch(u"dc=exmo,dc=lan",ldap.SCOPE_SUBTREE,u"(sAMAccountName=%(user)s)"
331. )
332.  
333. AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
334.     u'',
335.     ldap.SCOPE_SUBTREE,
336.     u'(objectClass=groupOfUniqueNames)'
337. )
338.  
339. AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
340. AUTH_LDAP_REQUIRE_GROUP = None
341. AUTH_LDAP_DENY_GROUP = None
342.  
343. AUTH_LDAP_USER_ATTR_MAP = {
344.     "username": "sAMAccountName",
345.     "first_name": u"givenName",
346.     "last_name": u"sn",
347.     "email": "mail",
348. }
349.  
350. AUTH_LDAP_FIND_GROUP_PERMS = False
351. AUTH_LDAP_CACHE_GROUPS = True
352. AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
353.  
354. AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
355. AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
356. AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
357. AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False
358.  
359. SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )
360.  
361. AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
362.     'sentry_ldap_auth.backend.SentryLdapBackend',
363. )
364.  
365. # optional, for debugging
366. import logging
367. logger = logging.getLogger('django_auth_ldap')
368. logger.addHandler(logging.StreamHandler())
369. logger.addHandler(logging.FileHandler('/tmp/ldap2.log'))
370. logger.setLevel('DEBUG')
371.  
372. LOGGING['overridable'] = ['sentry', 'django_auth_ldap']
373. LOGGING['loggers']['django_auth_ldap'] = {
374.     'handlers': ['console'],
375.     'level': 'DEBUG'
376. }