kallithea Changeset - 70e29dc91deb

Changeset - 70e29dc91deb

Parent rev.

Child rev.

[Not reviewed]

default

0 5 0

Thomas De Schampheleire - 11 years ago 2015-03-10 20:00:41
thomas.de.schampheleire@gmail.com

ini file: clarify that beaker.session.key should be unique

When several instances of Kallithea are running on the same machine, the
same browser cannot be logged into both instances at the same time without
conflicts. The login session are saved into the same cookie; logging into
one instance closes the session on the second instance and vice-versa.

This is caused because the cookie name is simply 'kallithea', combined with
the fact that the cookie specification (RFC6265) states that there is no
isolation of cookies based on port. This means that the browser sends all
cookies from a given domain with all services (Kallithea instances) running
on that domain, irrespective of port.

The services thus need to handle any such issue themselves, for example by
using unique cookie names and only interacting with one's own cookie.

Making the key unique when creating the configuration file proved difficult:
- it does not seem possible to hook into 'paster make-config'
- since Beaker directly interprets the beaker.session.key, changing it on
the fly from SessionMiddleware will not work correctly.

There is a kallithea-config script that is an alternative to 'paster
make-config' which would be the ideal place to make such changes. However,
it seems this method is not advocated over 'paster make-config' (yet?).

Instead, simply add a comment in the config file and let the user take care
of it.

5 files changed with 12 insertions and 0 deletions:

development.ini

kallithea/bin/template.ini.mako

kallithea/config/deployment.ini_tmpl

production.ini

test.ini

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -258,192 +258,194 @@ instance_id = @@
 ## alternative return HTTP header for failed authentication. Default HTTP
 ## response is 401 HTTPUnauthorized. Currently Mercurial clients have trouble with
 ## handling that. Set this variable to 403 to return HTTPForbidden
 auth_ret_code =
 ## locking return code. When repository is locked return this HTTP code. 2XX
 ## codes don't break the transactions while 4XX codes do
 lock_ret_code = 423
 ## allows to change the repository location in settings page
 allow_repo_location_change = True
 ## allows to setup custom hooks in settings page
 allow_custom_hooks_settings = True
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost
 broker.port = 5672
 broker.user = rabbitmq
 broker.password = qweqwe
 celery.imports = kallithea.lib.celerylib.tasks
 celery.result.backend = amqp
 celery.result.dburi = amqp://
 celery.result.serialier = json
 #celery.send.task.error.emails = true
 #celery.amqp.task.result.expires = 18000
 celeryd.concurrency = 2
 #celeryd.log.file = celeryd.log
 celeryd.log.level = debug
 celeryd.max.tasks.per.child = 1
 ## tasks will never be sent to the queue, but executed locally instead.
 celery.always.eager = false
 ####################################
 ###         BEAKER CACHE        ####
 ####################################
 beaker.cache.data_dir=%(here)s/data/cache/data
 beaker.cache.lock_dir=%(here)s/data/cache/lock
 beaker.cache.regions=super_short_term,short_term,long_term,sql_cache_short,sql_cache_med,sql_cache_long
 beaker.cache.super_short_term.type=memory
 beaker.cache.super_short_term.expire=10
 beaker.cache.super_short_term.key_length = 256
 beaker.cache.short_term.type=memory
 beaker.cache.short_term.expire=60
 beaker.cache.short_term.key_length = 256
 beaker.cache.long_term.type=memory
 beaker.cache.long_term.expire=36000
 beaker.cache.long_term.key_length = 256
 beaker.cache.sql_cache_short.type=memory
 beaker.cache.sql_cache_short.expire=10
 beaker.cache.sql_cache_short.key_length = 256
 beaker.cache.sql_cache_med.type=memory
 beaker.cache.sql_cache_med.expire=360
 beaker.cache.sql_cache_med.key_length = 256
 beaker.cache.sql_cache_long.type=file
 beaker.cache.sql_cache_long.expire=3600
 beaker.cache.sql_cache_long.key_length = 256
 ####################################
 ###       BEAKER SESSION        ####
 ####################################
 ## Type of storage used for the session, current types are
 ## dbm, file, memcached, database, and memory.
 ## The storage uses the Container API
 ## that is also used by the cache system.
 ## db session ##
 #beaker.session.type = ext:database
 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea
 #beaker.session.table_name = db_session
 ## encrypted cookie client side session, good for many instances ##
 #beaker.session.type = cookie
 ## file based cookies (default) ##
 #beaker.session.type = file
 ## beaker.session.key should be unique for a given host, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 beaker.session.key = kallithea
 beaker.session.secret = development-not-secret
 ## Secure encrypted cookie. Requires AES and AES python libraries
 ## you must disable beaker.session.secret to use this
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 ## sets session as invalid if it haven't been accessed for given amount of time
 beaker.session.timeout = 2592000
 beaker.session.httponly = true
 #beaker.session.cookie_path = /<your-prefix>
 ## uncomment for https secure cookie
 beaker.session.secure = false
 ## auto save the session to not to use .save()
 beaker.session.auto = False
 ## default cookie expiration time in seconds `true` expire at browser close ##
 #beaker.session.cookie_expires = 3600
 ############################
 ## ERROR HANDLING SYSTEMS ##
 ############################
 ####################
 ### [errormator] ###
 ####################
 ## Errormator is tailored to work with Kallithea, see
 ## http://errormator.com for details how to obtain an account
 ## you must install python package `errormator_client` to make it work
 ## errormator enabled
 errormator = false
 errormator.server_url = https://api.errormator.com
 errormator.api_key = YOUR_API_KEY
 ## TWEAK AMOUNT OF INFO SENT HERE
 ## enables 404 error logging (default False)
 errormator.report_404 = false
 ## time in seconds after request is considered being slow (default 1)
 errormator.slow_request_time = 1
 ## record slow requests in application
 ## (needs to be enabled for slow datastore recording and time tracking)
 errormator.slow_requests = true
 ## enable hooking to application loggers
 # errormator.logging = true
 ## minimum log level for log capture
 # errormator.logging.level = WARNING
 ## send logs only from erroneous/slow requests
 ## (saves API quota for intensive logging)
 errormator.logging_on_error = false
 ## list of additonal keywords that should be grabbed from environ object
 ## can be string with comma separated list of words in lowercase
 ## (by default client will always send following info:
 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
 ## start with HTTP* this list be extended with additional keywords here
 errormator.environ_keys_whitelist =
 ## list of keywords that should be blanked from request object
 ## can be string with comma separated list of words in lowercase
 ## (by default client will always blank keys that contain following words
 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
 ## this list be extended with additional keywords set here
 errormator.request_keys_blacklist =
 ## list of namespaces that should be ignores when gathering log entries
 ## can be string with comma separated list of namespaces
 ## (by default the client ignores own entries: errormator_client.client)
 errormator.log_namespace_blacklist =
 ################
 ### [sentry] ###
 ################
 ## sentry is a alternative open source error aggregator
 ## you must install python packages `sentry` and `raven` to enable
 sentry.dsn = YOUR_DNS
 sentry.servers =
 sentry.name =
 sentry.key =

kallithea/bin/template.ini.mako

➞

Show inline comments

@@ @@ -255,192 +255,196 @@ instance_id = @@
 <%text>## alternative return HTTP header for failed authentication. Default HTTP</%text>
 <%text>## response is 401 HTTPUnauthorized. Currently Mercurial clients have trouble with</%text>
 <%text>## handling that. Set this variable to 403 to return HTTPForbidden</%text>
 auth_ret_code =
 <%text>## locking return code. When repository is locked return this HTTP code. 2XX</%text>
 <%text>## codes don't break the transactions while 4XX codes do</%text>
 lock_ret_code = 423
 <%text>## allows to change the repository location in settings page</%text>
 allow_repo_location_change = True
 <%text>## allows to setup custom hooks in settings page</%text>
 allow_custom_hooks_settings = True
 <%text>
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 </%text>
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost
 broker.port = 5672
 broker.user = rabbitmq
 broker.password = qweqwe
 celery.imports = kallithea.lib.celerylib.tasks
 celery.result.backend = amqp
 celery.result.dburi = amqp://
 celery.result.serialier = json
 #celery.send.task.error.emails = true
 #celery.amqp.task.result.expires = 18000
 celeryd.concurrency = 2
 #celeryd.log.file = celeryd.log
 celeryd.log.level = debug
 celeryd.max.tasks.per.child = 1
 <%text>## tasks will never be sent to the queue, but executed locally instead.</%text>
 celery.always.eager = false
 <%text>
 ####################################
 ###         BEAKER CACHE        ####
 ####################################
 </%text>
 beaker.cache.data_dir=${here}/data/cache/data
 beaker.cache.lock_dir=${here}/data/cache/lock
 beaker.cache.regions=super_short_term,short_term,long_term,sql_cache_short,sql_cache_med,sql_cache_long
 beaker.cache.super_short_term.type=memory
 beaker.cache.super_short_term.expire=10
 beaker.cache.super_short_term.key_length = 256
 beaker.cache.short_term.type=memory
 beaker.cache.short_term.expire=60
 beaker.cache.short_term.key_length = 256
 beaker.cache.long_term.type=memory
 beaker.cache.long_term.expire=36000
 beaker.cache.long_term.key_length = 256
 beaker.cache.sql_cache_short.type=memory
 beaker.cache.sql_cache_short.expire=10
 beaker.cache.sql_cache_short.key_length = 256
 beaker.cache.sql_cache_med.type=memory
 beaker.cache.sql_cache_med.expire=360
 beaker.cache.sql_cache_med.key_length = 256
 beaker.cache.sql_cache_long.type=file
 beaker.cache.sql_cache_long.expire=3600
 beaker.cache.sql_cache_long.key_length = 256
 <%text>
 ####################################
 ###       BEAKER SESSION        ####
 ####################################
 ## Type of storage used for the session, current types are
 ## dbm, file, memcached, database, and memory.
 ## The storage uses the Container API
 ## that is also used by the cache system.
 </%text>
 <%text>## db session ##</%text>
 #beaker.session.type = ext:database
 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea
 #beaker.session.table_name = db_session
 <%text>## encrypted cookie client side session, good for many instances ##</%text>
 #beaker.session.type = cookie
 <%text>## file based cookies (default) ##</%text>
 #beaker.session.type = file
 <%text>
 ## beaker.session.key should be unique for a given host, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 </%text>
 beaker.session.key = kallithea
 beaker.session.secret = ${uuid()}
 <%text>## Secure encrypted cookie. Requires AES and AES python libraries</%text>
 <%text>## you must disable beaker.session.secret to use this</%text>
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 <%text>## sets session as invalid if it haven't been accessed for given amount of time</%text>
 beaker.session.timeout = 2592000
 beaker.session.httponly = true
 #beaker.session.cookie_path = /<your-prefix>
 <%text>## uncomment for https secure cookie</%text>
 beaker.session.secure = false
 <%text>## auto save the session to not to use .save()</%text>
 beaker.session.auto = False
 <%text>## default cookie expiration time in seconds `true` expire at browser close ##</%text>
 #beaker.session.cookie_expires = 3600
 %if error_aggregation_service == 'errormator':
 <%text>
 ############################
 ## ERROR HANDLING SYSTEMS ##
 ############################
 ####################
 ### [errormator] ###
 ####################
 ## Errormator is tailored to work with Kallithea, see
 ## http://errormator.com for details how to obtain an account
 ## you must install python package `errormator_client` to make it work
 </%text>
 <%text>## errormator enabled</%text>
 errormator = false
 errormator.server_url = https://api.errormator.com
 errormator.api_key = YOUR_API_KEY
 <%text>## TWEAK AMOUNT OF INFO SENT HERE</%text>
 <%text>## enables 404 error logging (default False)</%text>
 errormator.report_404 = false
 <%text>## time in seconds after request is considered being slow (default 1)</%text>
 errormator.slow_request_time = 1
 <%text>## record slow requests in application</%text>
 <%text>## (needs to be enabled for slow datastore recording and time tracking)</%text>
 errormator.slow_requests = true
 <%text>## enable hooking to application loggers</%text>
 # errormator.logging = true
 <%text>## minimum log level for log capture</%text>
 # errormator.logging.level = WARNING
 <%text>## send logs only from erroneous/slow requests</%text>
 <%text>## (saves API quota for intensive logging)</%text>
 errormator.logging_on_error = false
 <%text>## list of additonal keywords that should be grabbed from environ object</%text>
 <%text>## can be string with comma separated list of words in lowercase</%text>
 <%text>## (by default client will always send following info:</%text>
 <%text>## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that</%text>
 <%text>## start with HTTP* this list be extended with additional keywords here</%text>
 errormator.environ_keys_whitelist =
 <%text>## list of keywords that should be blanked from request object</%text>
 <%text>## can be string with comma separated list of words in lowercase</%text>
 <%text>## (by default client will always blank keys that contain following words</%text>
 <%text>## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'</%text>
 <%text>## this list be extended with additional keywords set here</%text>
 errormator.request_keys_blacklist =
 <%text>## list of namespaces that should be ignores when gathering log entries</%text>
 <%text>## can be string with comma separated list of namespaces</%text>
 <%text>## (by default the client ignores own entries: errormator_client.client)</%text>
 errormator.log_namespace_blacklist =
 %elif error_aggregation_service == 'sentry':
 <%text>
 ################
 ### [sentry] ###
 ################
 ## sentry is a alternative open source error aggregator
 ## you must install python packages `sentry` and `raven` to enable
 </%text>
 sentry.dsn = YOUR_DNS
 sentry.servers =
 sentry.name =

kallithea/config/deployment.ini_tmpl

➞

Show inline comments

@@ @@ -252,192 +252,194 @@ instance_id = @@
 ## alternative return HTTP header for failed authentication. Default HTTP
 ## response is 401 HTTPUnauthorized. Currently Mercurial clients have trouble with
 ## handling that. Set this variable to 403 to return HTTPForbidden
 auth_ret_code =
 ## locking return code. When repository is locked return this HTTP code. 2XX
 ## codes don't break the transactions while 4XX codes do
 lock_ret_code = 423
 ## allows to change the repository location in settings page
 allow_repo_location_change = True
 ## allows to setup custom hooks in settings page
 allow_custom_hooks_settings = True
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost
 broker.port = 5672
 broker.user = rabbitmq
 broker.password = qweqwe
 celery.imports = kallithea.lib.celerylib.tasks
 celery.result.backend = amqp
 celery.result.dburi = amqp://
 celery.result.serialier = json
 #celery.send.task.error.emails = true
 #celery.amqp.task.result.expires = 18000
 celeryd.concurrency = 2
 #celeryd.log.file = celeryd.log
 celeryd.log.level = debug
 celeryd.max.tasks.per.child = 1
 ## tasks will never be sent to the queue, but executed locally instead.
 celery.always.eager = false
 ####################################
 ###         BEAKER CACHE        ####
 ####################################
 beaker.cache.data_dir=%(here)s/data/cache/data
 beaker.cache.lock_dir=%(here)s/data/cache/lock
 beaker.cache.regions=super_short_term,short_term,long_term,sql_cache_short,sql_cache_med,sql_cache_long
 beaker.cache.super_short_term.type=memory
 beaker.cache.super_short_term.expire=10
 beaker.cache.super_short_term.key_length = 256
 beaker.cache.short_term.type=memory
 beaker.cache.short_term.expire=60
 beaker.cache.short_term.key_length = 256
 beaker.cache.long_term.type=memory
 beaker.cache.long_term.expire=36000
 beaker.cache.long_term.key_length = 256
 beaker.cache.sql_cache_short.type=memory
 beaker.cache.sql_cache_short.expire=10
 beaker.cache.sql_cache_short.key_length = 256
 beaker.cache.sql_cache_med.type=memory
 beaker.cache.sql_cache_med.expire=360
 beaker.cache.sql_cache_med.key_length = 256
 beaker.cache.sql_cache_long.type=file
 beaker.cache.sql_cache_long.expire=3600
 beaker.cache.sql_cache_long.key_length = 256
 ####################################
 ###       BEAKER SESSION        ####
 ####################################
 ## Type of storage used for the session, current types are
 ## dbm, file, memcached, database, and memory.
 ## The storage uses the Container API
 ## that is also used by the cache system.
 ## db session ##
 #beaker.session.type = ext:database
 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea
 #beaker.session.table_name = db_session
 ## encrypted cookie client side session, good for many instances ##
 #beaker.session.type = cookie
 ## file based cookies (default) ##
 #beaker.session.type = file
 ## beaker.session.key should be unique for a given host, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 beaker.session.key = kallithea
 beaker.session.secret = ${app_instance_uuid}
 ## Secure encrypted cookie. Requires AES and AES python libraries
 ## you must disable beaker.session.secret to use this
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 ## sets session as invalid if it haven't been accessed for given amount of time
 beaker.session.timeout = 2592000
 beaker.session.httponly = true
 #beaker.session.cookie_path = /<your-prefix>
 ## uncomment for https secure cookie
 beaker.session.secure = false
 ## auto save the session to not to use .save()
 beaker.session.auto = False
 ## default cookie expiration time in seconds `true` expire at browser close ##
 #beaker.session.cookie_expires = 3600
 ############################
 ## ERROR HANDLING SYSTEMS ##
 ############################
 ####################
 ### [errormator] ###
 ####################
 ## Errormator is tailored to work with Kallithea, see
 ## http://errormator.com for details how to obtain an account
 ## you must install python package `errormator_client` to make it work
 ## errormator enabled
 errormator = false
 errormator.server_url = https://api.errormator.com
 errormator.api_key = YOUR_API_KEY
 ## TWEAK AMOUNT OF INFO SENT HERE
 ## enables 404 error logging (default False)
 errormator.report_404 = false
 ## time in seconds after request is considered being slow (default 1)
 errormator.slow_request_time = 1
 ## record slow requests in application
 ## (needs to be enabled for slow datastore recording and time tracking)
 errormator.slow_requests = true
 ## enable hooking to application loggers
 # errormator.logging = true
 ## minimum log level for log capture
 # errormator.logging.level = WARNING
 ## send logs only from erroneous/slow requests
 ## (saves API quota for intensive logging)
 errormator.logging_on_error = false
 ## list of additonal keywords that should be grabbed from environ object
 ## can be string with comma separated list of words in lowercase
 ## (by default client will always send following info:
 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
 ## start with HTTP* this list be extended with additional keywords here
 errormator.environ_keys_whitelist =
 ## list of keywords that should be blanked from request object
 ## can be string with comma separated list of words in lowercase
 ## (by default client will always blank keys that contain following words
 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
 ## this list be extended with additional keywords set here
 errormator.request_keys_blacklist =
 ## list of namespaces that should be ignores when gathering log entries
 ## can be string with comma separated list of namespaces
 ## (by default the client ignores own entries: errormator_client.client)
 errormator.log_namespace_blacklist =
 ################
 ### [sentry] ###
 ################
 ## sentry is a alternative open source error aggregator
 ## you must install python packages `sentry` and `raven` to enable
 sentry.dsn = YOUR_DNS
 sentry.servers =
 sentry.name =
 sentry.key =

production.ini

➞

Show inline comments

@@ @@ -256,192 +256,194 @@ instance_id = @@
 ## alternative return HTTP header for failed authentication. Default HTTP
 ## response is 401 HTTPUnauthorized. Currently Mercurial clients have trouble with
 ## handling that. Set this variable to 403 to return HTTPForbidden
 auth_ret_code =
 ## locking return code. When repository is locked return this HTTP code. 2XX
 ## codes don't break the transactions while 4XX codes do
 lock_ret_code = 423
 ## allows to change the repository location in settings page
 allow_repo_location_change = True
 ## allows to setup custom hooks in settings page
 allow_custom_hooks_settings = True
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost
 broker.port = 5672
 broker.user = rabbitmq
 broker.password = qweqwe
 celery.imports = kallithea.lib.celerylib.tasks
 celery.result.backend = amqp
 celery.result.dburi = amqp://
 celery.result.serialier = json
 #celery.send.task.error.emails = true
 #celery.amqp.task.result.expires = 18000
 celeryd.concurrency = 2
 #celeryd.log.file = celeryd.log
 celeryd.log.level = debug
 celeryd.max.tasks.per.child = 1
 ## tasks will never be sent to the queue, but executed locally instead.
 celery.always.eager = false
 ####################################
 ###         BEAKER CACHE        ####
 ####################################
 beaker.cache.data_dir=%(here)s/data/cache/data
 beaker.cache.lock_dir=%(here)s/data/cache/lock
 beaker.cache.regions=super_short_term,short_term,long_term,sql_cache_short,sql_cache_med,sql_cache_long
 beaker.cache.super_short_term.type=memory
 beaker.cache.super_short_term.expire=10
 beaker.cache.super_short_term.key_length = 256
 beaker.cache.short_term.type=memory
 beaker.cache.short_term.expire=60
 beaker.cache.short_term.key_length = 256
 beaker.cache.long_term.type=memory
 beaker.cache.long_term.expire=36000
 beaker.cache.long_term.key_length = 256
 beaker.cache.sql_cache_short.type=memory
 beaker.cache.sql_cache_short.expire=10
 beaker.cache.sql_cache_short.key_length = 256
 beaker.cache.sql_cache_med.type=memory
 beaker.cache.sql_cache_med.expire=360
 beaker.cache.sql_cache_med.key_length = 256
 beaker.cache.sql_cache_long.type=file
 beaker.cache.sql_cache_long.expire=3600
 beaker.cache.sql_cache_long.key_length = 256
 ####################################
 ###       BEAKER SESSION        ####
 ####################################
 ## Type of storage used for the session, current types are
 ## dbm, file, memcached, database, and memory.
 ## The storage uses the Container API
 ## that is also used by the cache system.
 ## db session ##
 #beaker.session.type = ext:database
 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea
 #beaker.session.table_name = db_session
 ## encrypted cookie client side session, good for many instances ##
 #beaker.session.type = cookie
 ## file based cookies (default) ##
 #beaker.session.type = file
 ## beaker.session.key should be unique for a given host, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 beaker.session.key = kallithea
 beaker.session.secret = change-me
 ## Secure encrypted cookie. Requires AES and AES python libraries
 ## you must disable beaker.session.secret to use this
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 ## sets session as invalid if it haven't been accessed for given amount of time
 beaker.session.timeout = 2592000
 beaker.session.httponly = true
 #beaker.session.cookie_path = /<your-prefix>
 ## uncomment for https secure cookie
 beaker.session.secure = false
 ## auto save the session to not to use .save()
 beaker.session.auto = False
 ## default cookie expiration time in seconds `true` expire at browser close ##
 #beaker.session.cookie_expires = 3600
 ############################
 ## ERROR HANDLING SYSTEMS ##
 ############################
 ####################
 ### [errormator] ###
 ####################
 ## Errormator is tailored to work with Kallithea, see
 ## http://errormator.com for details how to obtain an account
 ## you must install python package `errormator_client` to make it work
 ## errormator enabled
 errormator = false
 errormator.server_url = https://api.errormator.com
 errormator.api_key = YOUR_API_KEY
 ## TWEAK AMOUNT OF INFO SENT HERE
 ## enables 404 error logging (default False)
 errormator.report_404 = false
 ## time in seconds after request is considered being slow (default 1)
 errormator.slow_request_time = 1
 ## record slow requests in application
 ## (needs to be enabled for slow datastore recording and time tracking)
 errormator.slow_requests = true
 ## enable hooking to application loggers
 # errormator.logging = true
 ## minimum log level for log capture
 # errormator.logging.level = WARNING
 ## send logs only from erroneous/slow requests
 ## (saves API quota for intensive logging)
 errormator.logging_on_error = false
 ## list of additonal keywords that should be grabbed from environ object
 ## can be string with comma separated list of words in lowercase
 ## (by default client will always send following info:
 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
 ## start with HTTP* this list be extended with additional keywords here
 errormator.environ_keys_whitelist =
 ## list of keywords that should be blanked from request object
 ## can be string with comma separated list of words in lowercase
 ## (by default client will always blank keys that contain following words
 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
 ## this list be extended with additional keywords set here
 errormator.request_keys_blacklist =
 ## list of namespaces that should be ignores when gathering log entries
 ## can be string with comma separated list of namespaces
 ## (by default the client ignores own entries: errormator_client.client)
 errormator.log_namespace_blacklist =
 ################
 ### [sentry] ###
 ################
 ## sentry is a alternative open source error aggregator
 ## you must install python packages `sentry` and `raven` to enable
 sentry.dsn = YOUR_DNS
 sentry.servers =
 sentry.name =
 sentry.key =

test.ini

➞

Show inline comments

@@ @@ -258,192 +258,194 @@ instance_id = @@
 ## alternative return HTTP header for failed authentication. Default HTTP
 ## response is 401 HTTPUnauthorized. Currently Mercurial clients have trouble with
 ## handling that. Set this variable to 403 to return HTTPForbidden
 auth_ret_code =
 ## locking return code. When repository is locked return this HTTP code. 2XX
 ## codes don't break the transactions while 4XX codes do
 lock_ret_code = 423
 ## allows to change the repository location in settings page
 allow_repo_location_change = True
 ## allows to setup custom hooks in settings page
 allow_custom_hooks_settings = True
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost
 broker.port = 5672
 broker.user = rabbitmq
 broker.password = qweqwe
 celery.imports = kallithea.lib.celerylib.tasks
 celery.result.backend = amqp
 celery.result.dburi = amqp://
 celery.result.serialier = json
 #celery.send.task.error.emails = true
 #celery.amqp.task.result.expires = 18000
 celeryd.concurrency = 2
 #celeryd.log.file = celeryd.log
 celeryd.log.level = debug
 celeryd.max.tasks.per.child = 1
 ## tasks will never be sent to the queue, but executed locally instead.
 celery.always.eager = false
 ####################################
 ###         BEAKER CACHE        ####
 ####################################
 beaker.cache.data_dir=%(here)s/data/cache/data
 beaker.cache.lock_dir=%(here)s/data/cache/lock
 beaker.cache.regions=super_short_term,short_term,long_term,sql_cache_short,sql_cache_med,sql_cache_long
 beaker.cache.super_short_term.type=memory
 beaker.cache.super_short_term.expire=10
 beaker.cache.super_short_term.key_length = 256
 beaker.cache.short_term.type=memory
 beaker.cache.short_term.expire=60
 beaker.cache.short_term.key_length = 256
 beaker.cache.long_term.type=memory
 beaker.cache.long_term.expire=36000
 beaker.cache.long_term.key_length = 256
 beaker.cache.sql_cache_short.type=memory
 beaker.cache.sql_cache_short.expire=1
 beaker.cache.sql_cache_short.key_length = 256
 beaker.cache.sql_cache_med.type=memory
 beaker.cache.sql_cache_med.expire=360
 beaker.cache.sql_cache_med.key_length = 256
 beaker.cache.sql_cache_long.type=file
 beaker.cache.sql_cache_long.expire=3600
 beaker.cache.sql_cache_long.key_length = 256
 ####################################
 ###       BEAKER SESSION        ####
 ####################################
 ## Type of storage used for the session, current types are
 ## dbm, file, memcached, database, and memory.
 ## The storage uses the Container API
 ## that is also used by the cache system.
 ## db session ##
 #beaker.session.type = ext:database
 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea
 #beaker.session.table_name = db_session
 ## encrypted cookie client side session, good for many instances ##
 #beaker.session.type = cookie
 ## file based cookies (default) ##
 #beaker.session.type = file
 ## beaker.session.key should be unique for a given host, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 beaker.session.key = kallithea
 beaker.session.secret = {74e0cd75-b339-478b-b129-07dd221def1f}
 ## Secure encrypted cookie. Requires AES and AES python libraries
 ## you must disable beaker.session.secret to use this
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 ## sets session as invalid if it haven't been accessed for given amount of time
 beaker.session.timeout = 2592000
 beaker.session.httponly = true
 #beaker.session.cookie_path = /<your-prefix>
 ## uncomment for https secure cookie
 beaker.session.secure = false
 ## auto save the session to not to use .save()
 beaker.session.auto = False
 ## default cookie expiration time in seconds `true` expire at browser close ##
 #beaker.session.cookie_expires = 3600
 ############################
 ## ERROR HANDLING SYSTEMS ##
 ############################
 ####################
 ### [errormator] ###
 ####################
 ## Errormator is tailored to work with Kallithea, see
 ## http://errormator.com for details how to obtain an account
 ## you must install python package `errormator_client` to make it work
 ## errormator enabled
 errormator = false
 errormator.server_url = https://api.errormator.com
 errormator.api_key = YOUR_API_KEY
 ## TWEAK AMOUNT OF INFO SENT HERE
 ## enables 404 error logging (default False)
 errormator.report_404 = false
 ## time in seconds after request is considered being slow (default 1)
 errormator.slow_request_time = 1
 ## record slow requests in application
 ## (needs to be enabled for slow datastore recording and time tracking)
 errormator.slow_requests = true
 ## enable hooking to application loggers
 # errormator.logging = true
 ## minimum log level for log capture
 # errormator.logging.level = WARNING
 ## send logs only from erroneous/slow requests
 ## (saves API quota for intensive logging)
 errormator.logging_on_error = false
 ## list of additonal keywords that should be grabbed from environ object
 ## can be string with comma separated list of words in lowercase
 ## (by default client will always send following info:
 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
 ## start with HTTP* this list be extended with additional keywords here
 errormator.environ_keys_whitelist =
 ## list of keywords that should be blanked from request object
 ## can be string with comma separated list of words in lowercase
 ## (by default client will always blank keys that contain following words
 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
 ## this list be extended with additional keywords set here
 errormator.request_keys_blacklist =
 ## list of namespaces that should be ignores when gathering log entries
 ## can be string with comma separated list of namespaces
 ## (by default the client ignores own entries: errormator_client.client)
 errormator.log_namespace_blacklist =
 ################
 ### [sentry] ###
 ################
 ## sentry is a alternative open source error aggregator
 ## you must install python packages `sentry` and `raven` to enable
 sentry.dsn = YOUR_DNS
 sentry.servers =
 sentry.name =
 sentry.key =

0 comments (0 inline, 0 general)