sentry.conf.py 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266
  1. # flake8: noqa
  2. # This file is just Python, with a touch of Django which means
  3. # you can inherit and tweak settings to your hearts content.
  4. import os
  5. import os.path
  6. # For Docker, the following environment variables are supported:
  7. # SENTRY_POSTGRES_HOST
  8. # SENTRY_POSTGRES_PORT
  9. # SENTRY_DB_NAME
  10. # SENTRY_DB_USER
  11. # SENTRY_DB_PASSWORD
  12. # SENTRY_RABBITMQ_HOST
  13. # SENTRY_RABBITMQ_USERNAME
  14. # SENTRY_RABBITMQ_PASSWORD
  15. # SENTRY_RABBITMQ_VHOST
  16. # SENTRY_REDIS_HOST
  17. # SENTRY_REDIS_PASSWORD
  18. # SENTRY_REDIS_PORT
  19. # SENTRY_REDIS_DB
  20. # SENTRY_MEMCACHED_HOST
  21. # SENTRY_MEMCACHED_PORT
  22. # SENTRY_FILESTORE_DIR
  23. # SENTRY_SERVER_EMAIL
  24. # SENTRY_EMAIL_HOST
  25. # SENTRY_EMAIL_PORT
  26. # SENTRY_EMAIL_USER
  27. # SENTRY_EMAIL_PASSWORD
  28. # SENTRY_EMAIL_USE_TLS
  29. # SENTRY_EMAIL_USE_SSL
  30. # SENTRY_ENABLE_EMAIL_REPLIES
  31. # SENTRY_SMTP_HOSTNAME
  32. # SENTRY_MAILGUN_API_KEY
  33. # SENTRY_SINGLE_ORGANIZATION
  34. # SENTRY_SECRET_KEY
  35. from sentry.conf.server import *
  36. from sentry.utils.types import Bool
  37. CONF_ROOT = os.path.dirname(__file__)
  38. env = os.environ.get
  39. postgres = env("SENTRY_POSTGRES_HOST") or (env("POSTGRES_PORT_5432_TCP_ADDR") and "postgres")
  40. if postgres:
  41. DATABASES = {
  42. "default": {
  43. "ENGINE": "sentry.db.postgres",
  44. "NAME": (env("SENTRY_DB_NAME") or env("POSTGRES_ENV_POSTGRES_USER") or "postgres"),
  45. "USER": (env("SENTRY_DB_USER") or env("POSTGRES_ENV_POSTGRES_USER") or "postgres"),
  46. "PASSWORD": (env("SENTRY_DB_PASSWORD") or env("POSTGRES_ENV_POSTGRES_PASSWORD") or ""),
  47. "HOST": postgres,
  48. "PORT": (env("SENTRY_POSTGRES_PORT") or ""),
  49. }
  50. }
  51. # You should not change this setting after your database has been created
  52. # unless you have altered all schemas first
  53. SENTRY_USE_BIG_INTS = True
  54. # If you're expecting any kind of real traffic on Sentry, we highly recommend
  55. # configuring the CACHES and Redis settings
  56. ###########
  57. # General #
  58. ###########
  59. # Instruct Sentry that this install intends to be run by a single organization
  60. # and thus various UI optimizations should be enabled.
  61. SENTRY_SINGLE_ORGANIZATION = Bool(env("SENTRY_SINGLE_ORGANIZATION", True))
  62. #########
  63. # Redis #
  64. #########
  65. # Generic Redis configuration used as defaults for various things including:
  66. # Buffers, Quotas, TSDB
  67. redis = env("SENTRY_REDIS_HOST") or (env("REDIS_PORT_6379_TCP_ADDR") and "redis")
  68. if not redis:
  69. raise Exception(
  70. "Error: REDIS_PORT_6379_TCP_ADDR (or SENTRY_REDIS_HOST) is undefined, did you forget to `--link` a redis container?"
  71. )
  72. redis_password = env("SENTRY_REDIS_PASSWORD") or ""
  73. redis_port = env("SENTRY_REDIS_PORT") or "6379"
  74. redis_db = env("SENTRY_REDIS_DB") or "0"
  75. SENTRY_OPTIONS.update(
  76. {
  77. "redis.clusters": {
  78. "default": {
  79. "hosts": {
  80. 0: {
  81. "host": redis,
  82. "password": redis_password,
  83. "port": redis_port,
  84. "db": redis_db,
  85. }
  86. }
  87. }
  88. }
  89. }
  90. )
  91. #########
  92. # Cache #
  93. #########
  94. # Sentry currently utilizes two separate mechanisms. While CACHES is not a
  95. # requirement, it will optimize several high throughput patterns.
  96. memcached = env("SENTRY_MEMCACHED_HOST") or (env("MEMCACHED_PORT_11211_TCP_ADDR") and "memcached")
  97. if memcached:
  98. memcached_port = env("SENTRY_MEMCACHED_PORT") or "11211"
  99. CACHES = {
  100. "default": {
  101. "BACKEND": "django.core.cache.backends.memcached.PyMemcacheCache",
  102. "LOCATION": [memcached + ":" + memcached_port],
  103. "TIMEOUT": 3600,
  104. "OPTIONS": {"ignore_exc": True},
  105. }
  106. }
  107. # A primary cache is required for things such as processing events
  108. SENTRY_CACHE = "sentry.cache.redis.RedisCache"
  109. #########
  110. # Queue #
  111. #########
  112. # See https://develop.sentry.dev/services/queue/ for more information on
  113. # configuring your queue broker and workers. Sentry relies on a Python
  114. # framework called Celery to manage queues.
  115. rabbitmq = env("SENTRY_RABBITMQ_HOST") or (env("RABBITMQ_PORT_5672_TCP_ADDR") and "rabbitmq")
  116. if rabbitmq:
  117. BROKER_URL = (
  118. "amqp://"
  119. + (env("SENTRY_RABBITMQ_USERNAME") or env("RABBITMQ_ENV_RABBITMQ_DEFAULT_USER") or "guest")
  120. + ":"
  121. + (env("SENTRY_RABBITMQ_PASSWORD") or env("RABBITMQ_ENV_RABBITMQ_DEFAULT_PASS") or "guest")
  122. + "@"
  123. + rabbitmq
  124. + "/"
  125. + (env("SENTRY_RABBITMQ_VHOST") or env("RABBITMQ_ENV_RABBITMQ_DEFAULT_VHOST") or "/")
  126. )
  127. else:
  128. BROKER_URL = f"redis://{redis_password}@{redis}:{redis_port}/{redis_db}"
  129. ###############
  130. # Rate Limits #
  131. ###############
  132. # Rate limits apply to notification handlers and are enforced per-project
  133. # automatically.
  134. SENTRY_RATELIMITER = "sentry.ratelimits.redis.RedisRateLimiter"
  135. ##################
  136. # Update Buffers #
  137. ##################
  138. # Buffers (combined with queueing) act as an intermediate layer between the
  139. # database and the storage API. They will greatly improve efficiency on large
  140. # numbers of the same events being sent to the API in a short amount of time.
  141. # (read: if you send any kind of real data to Sentry, you should enable buffers)
  142. SENTRY_BUFFER = "sentry.buffer.redis.RedisBuffer"
  143. ##########
  144. # Quotas #
  145. ##########
  146. # Quotas allow you to rate limit individual projects or the Sentry install as
  147. # a whole.
  148. SENTRY_QUOTAS = "sentry.quotas.redis.RedisQuota"
  149. ########
  150. # TSDB #
  151. ########
  152. # The TSDB is used for building charts as well as making things like per-rate
  153. # alerts possible.
  154. SENTRY_TSDB = "sentry.tsdb.redis.RedisSnubaTSDB"
  155. ###########
  156. # Digests #
  157. ###########
  158. # The digest backend powers notification summaries.
  159. SENTRY_DIGESTS = "sentry.digests.backends.redis.RedisBackend"
  160. ##############
  161. # Web Server #
  162. ##############
  163. # If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto
  164. # header and uncomment the following settings:
  165. # SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
  166. # SESSION_COOKIE_SECURE = True
  167. # CSRF_COOKIE_SECURE = True
  168. SENTRY_WEB_HOST = "0.0.0.0"
  169. SENTRY_WEB_PORT = 9000
  170. SENTRY_WEB_OPTIONS = {
  171. # 'workers': 1, # the number of web workers
  172. }
  173. ###############
  174. # Mail Server #
  175. ###############
  176. email = env("SENTRY_EMAIL_HOST") or (env("SMTP_PORT_25_TCP_ADDR") and "smtp")
  177. if email:
  178. SENTRY_OPTIONS["mail.backend"] = "smtp"
  179. SENTRY_OPTIONS["mail.host"] = email
  180. SENTRY_OPTIONS["mail.password"] = env("SENTRY_EMAIL_PASSWORD") or ""
  181. SENTRY_OPTIONS["mail.username"] = env("SENTRY_EMAIL_USER") or ""
  182. SENTRY_OPTIONS["mail.port"] = int(env("SENTRY_EMAIL_PORT") or 25)
  183. SENTRY_OPTIONS["mail.use-tls"] = Bool(env("SENTRY_EMAIL_USE_TLS", False))
  184. SENTRY_OPTIONS["mail.use-ssl"] = Bool(env("SENTRY_EMAIL_USE_SSL", False))
  185. else:
  186. SENTRY_OPTIONS["mail.backend"] = "dummy"
  187. # The email address to send on behalf of
  188. SENTRY_OPTIONS["mail.from"] = env("SENTRY_SERVER_EMAIL") or "root@localhost"
  189. # If you're using mailgun for inbound mail, set your API key and configure a
  190. # route to forward to /api/hooks/mailgun/inbound/
  191. SENTRY_OPTIONS["mail.mailgun-api-key"] = env("SENTRY_MAILGUN_API_KEY") or ""
  192. # If you specify a MAILGUN_API_KEY, you definitely want EMAIL_REPLIES
  193. if SENTRY_OPTIONS["mail.mailgun-api-key"]:
  194. SENTRY_OPTIONS["mail.enable-replies"] = True
  195. else:
  196. SENTRY_OPTIONS["mail.enable-replies"] = Bool(env("SENTRY_ENABLE_EMAIL_REPLIES", False))
  197. if SENTRY_OPTIONS["mail.enable-replies"]:
  198. SENTRY_OPTIONS["mail.reply-hostname"] = env("SENTRY_SMTP_HOSTNAME") or ""
  199. # If this value ever becomes compromised, it's important to regenerate your
  200. # SENTRY_SECRET_KEY. Changing this value will result in all current sessions
  201. # being invalidated.
  202. secret_key = env("SENTRY_SECRET_KEY")
  203. if not secret_key:
  204. raise Exception(
  205. "Error: SENTRY_SECRET_KEY is undefined, run `generate-secret-key` and set to -e SENTRY_SECRET_KEY"
  206. )
  207. if "SENTRY_RUNNING_UWSGI" not in os.environ and len(secret_key) < 32:
  208. print("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
  209. print("!! CAUTION !!")
  210. print("!! Your SENTRY_SECRET_KEY is potentially insecure. !!")
  211. print("!! We recommend at least 32 characters long. !!")
  212. print("!! Regenerate with `generate-secret-key`. !!")
  213. print("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
  214. SENTRY_OPTIONS["system.secret-key"] = secret_key
  215. SENTRY_USE_RELAY = True