root / snf-cyclades-app / conf / 20-snf-cyclades-app-api.conf @ 18cb3999
History | View | Annotate | Download (6.8 kB)
| 1 | fd622d4b | Christos Stavrakakis | ## -*- coding: utf-8 -*- |
|---|---|---|---|
| 2 | fd622d4b | Christos Stavrakakis | ## |
| 3 | fd622d4b | Christos Stavrakakis | ## API configuration |
| 4 | fd622d4b | Christos Stavrakakis | ###################### |
| 5 | fd622d4b | Christos Stavrakakis | # |
| 6 | fd622d4b | Christos Stavrakakis | # |
| 7 | fd622d4b | Christos Stavrakakis | #DEBUG = False |
| 8 | fd622d4b | Christos Stavrakakis | # |
| 9 | fd622d4b | Christos Stavrakakis | ## Top-level URL for deployment. Numerous other URLs depend on this. |
| 10 | e3ff6830 | Georgios D. Tsoukalas | #CYCLADES_BASE_URL = "https://host:port/cyclades" |
| 11 | fd622d4b | Christos Stavrakakis | # |
| 12 | fd622d4b | Christos Stavrakakis | ## The API will return HTTP Bad Request if the ?changes-since |
| 13 | fd622d4b | Christos Stavrakakis | ## parameter refers to a point in time more than POLL_LIMIT seconds ago. |
| 14 | fd622d4b | Christos Stavrakakis | #POLL_LIMIT = 3600 |
| 15 | fd622d4b | Christos Stavrakakis | # |
| 16 | bda47e03 | Christos Stavrakakis | ## Astakos groups that have access to '/admin' views. |
| 17 | bda47e03 | Christos Stavrakakis | #ADMIN_STATS_PERMITTED_GROUPS = ["admin-stats"] |
| 18 | bda47e03 | Christos Stavrakakis | # |
| 19 | fd622d4b | Christos Stavrakakis | ## |
| 20 | fd622d4b | Christos Stavrakakis | ## Network Configuration |
| 21 | fd622d4b | Christos Stavrakakis | ## |
| 22 | fd622d4b | Christos Stavrakakis | # |
| 23 | 3aecadc8 | Christos Stavrakakis | ## CYCLADES_DEFAULT_SERVER_NETWORKS setting contains a list of networks to |
| 24 | 3aecadc8 | Christos Stavrakakis | ## connect a newly created server to, *if the user has not* specified them |
| 25 | 3aecadc8 | Christos Stavrakakis | ## explicitly in the POST /server API call. |
| 26 | 3aecadc8 | Christos Stavrakakis | ## Each member of the list may be a network UUID, a tuple of network UUIDs, |
| 27 | 3aecadc8 | Christos Stavrakakis | ## "SNF:ANY_PUBLIC_IPV4" [any public network with an IPv4 subnet defined], |
| 28 | 3aecadc8 | Christos Stavrakakis | ## "SNF:ANY_PUBLIC_IPV6 [any public network with only an IPV6 subnet defined], |
| 29 | 3aecadc8 | Christos Stavrakakis | ## or "SNF:ANY_PUBLIC" [any public network]. |
| 30 | 3aecadc8 | Christos Stavrakakis | ## |
| 31 | 3aecadc8 | Christos Stavrakakis | ## Access control and quota policy are enforced, just as if the user had |
| 32 | 3aecadc8 | Christos Stavrakakis | ## specified the value of CYCLADES_DEFAULT_SERVER_NETWORKS in the content |
| 33 | 3aecadc8 | Christos Stavrakakis | ## of the POST /call, after processing of "SNF:*" directives." |
| 34 | 7fccf095 | Christos Stavrakakis | #CYCLADES_DEFAULT_SERVER_NETWORKS = [] |
| 35 | 3aecadc8 | Christos Stavrakakis | # |
| 36 | 3aecadc8 | Christos Stavrakakis | ## This setting contains a list of networks which every new server |
| 37 | 3aecadc8 | Christos Stavrakakis | ## will be forced to connect to, regardless of the contents of the POST |
| 38 | 3aecadc8 | Christos Stavrakakis | ## /servers call, or the value of CYCLADES_DEFAULT_SERVER_NETWORKS. |
| 39 | 3aecadc8 | Christos Stavrakakis | ## Its format is identical to that of CYCLADES_DEFAULT_SERVER_NETWORKS. |
| 40 | 3aecadc8 | Christos Stavrakakis | # |
| 41 | 3aecadc8 | Christos Stavrakakis | ## WARNING: No access control or quota policy are enforced. |
| 42 | 3aecadc8 | Christos Stavrakakis | ## The server will get all IPv4/IPv6 addresses needed to connect to the |
| 43 | 3aecadc8 | Christos Stavrakakis | ## networks specified in CYCLADES_FORCED_SERVER_NETWORKS, regardless |
| 44 | 3aecadc8 | Christos Stavrakakis | ## of the state of the floating IP pool of the user, and without |
| 45 | 3aecadc8 | Christos Stavrakakis | ## allocating any floating IPs." |
| 46 | 7fccf095 | Christos Stavrakakis | #CYCLADES_FORCED_SERVER_NETWORKS = [] |
| 47 | 9446e7e5 | Christos Stavrakakis | # |
| 48 | 9446e7e5 | Christos Stavrakakis | # |
| 49 | fd622d4b | Christos Stavrakakis | ## Maximum allowed network size for private networks. |
| 50 | fd622d4b | Christos Stavrakakis | #MAX_CIDR_BLOCK = 22 |
| 51 | fd622d4b | Christos Stavrakakis | # |
| 52 | fd622d4b | Christos Stavrakakis | ## Default settings used by network flavors |
| 53 | fd622d4b | Christos Stavrakakis | #DEFAULT_MAC_PREFIX = 'aa:00:0' |
| 54 | fd622d4b | Christos Stavrakakis | #DEFAULT_BRIDGE = 'br0' |
| 55 | fd622d4b | Christos Stavrakakis | # |
| 56 | fd622d4b | Christos Stavrakakis | ## Network flavors that users are allowed to create through API requests |
| 57 | e4def9d6 | Christos Stavrakakis | ## Available flavors are IP_LESS_ROUTED, MAC_FILTERED, PHYSICAL_VLAN |
| 58 | fd622d4b | Christos Stavrakakis | #API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED'] |
| 59 | fd622d4b | Christos Stavrakakis | # |
| 60 | fd622d4b | Christos Stavrakakis | # |
| 61 | fd622d4b | Christos Stavrakakis | ## Settings for MAC_FILTERED network: |
| 62 | fd622d4b | Christos Stavrakakis | ## ------------------------------------------ |
| 63 | fd622d4b | Christos Stavrakakis | ## All networks of this type are bridged to the same bridge. Isolation between |
| 64 | fd622d4b | Christos Stavrakakis | ## networks is achieved by assigning a unique MAC-prefix to each network and |
| 65 | fd622d4b | Christos Stavrakakis | ## filtering packets via ebtables. |
| 66 | fd622d4b | Christos Stavrakakis | #DEFAULT_MAC_FILTERED_BRIDGE = 'prv0' |
| 67 | fd622d4b | Christos Stavrakakis | # |
| 68 | fd622d4b | Christos Stavrakakis | # |
| 69 | d0545590 | Christos Stavrakakis | ## Firewall tags should contain '%s' to be filled with the NIC |
| 70 | d0545590 | Christos Stavrakakis | ## ID. |
| 71 | d0545590 | Christos Stavrakakis | #GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%s:protected' |
| 72 | d0545590 | Christos Stavrakakis | #GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%s:unprotected' |
| 73 | d0545590 | Christos Stavrakakis | #GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%s:limited' |
| 74 | fd622d4b | Christos Stavrakakis | # |
| 75 | fd622d4b | Christos Stavrakakis | ## The default firewall profile that will be in effect if no tags are defined |
| 76 | fd622d4b | Christos Stavrakakis | #DEFAULT_FIREWALL_PROFILE = 'DISABLED' |
| 77 | fd622d4b | Christos Stavrakakis | # |
| 78 | fd622d4b | Christos Stavrakakis | ## Fixed mapping of user VMs to a specific backend. |
| 79 | 8c26221c | Olga Brani | ## e.g. BACKEND_PER_USER = {'example@synnefo.org': 2}
|
| 80 | fd622d4b | Christos Stavrakakis | #BACKEND_PER_USER = {}
|
| 81 | fd622d4b | Christos Stavrakakis | # |
| 82 | fd622d4b | Christos Stavrakakis | # |
| 83 | bd16bf3e | Stratos Psomadakis | ## Encryption key for the instance hostname in the stat graphs URLs. Set it to |
| 84 | bd16bf3e | Stratos Psomadakis | ## a random string and update the STATS_SECRET_KEY setting in the snf-stats-app |
| 85 | bd16bf3e | Stratos Psomadakis | ## host (20-snf-stats-app-settings.conf) accordingly. |
| 86 | bd16bf3e | Stratos Psomadakis | #CYCLADES_STATS_SECRET_KEY = "secret key" |
| 87 | bd16bf3e | Stratos Psomadakis | # |
| 88 | fd622d4b | Christos Stavrakakis | ## URL templates for the stat graphs. |
| 89 | fd622d4b | Christos Stavrakakis | ## The API implementation replaces '%s' with the encrypted backend id. |
| 90 | bd16bf3e | Stratos Psomadakis | #CPU_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-bar/%s' |
| 91 | bd16bf3e | Stratos Psomadakis | #CPU_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-ts/%s' |
| 92 | bd16bf3e | Stratos Psomadakis | #NET_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/net-bar/stats/v1.0/%s' |
| 93 | bd16bf3e | Stratos Psomadakis | #NET_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/net-ts/%s' |
| 94 | fd622d4b | Christos Stavrakakis | # |
| 95 | fd622d4b | Christos Stavrakakis | ## Recommended refresh period for server stats |
| 96 | fd622d4b | Christos Stavrakakis | #STATS_REFRESH_PERIOD = 60 |
| 97 | fd622d4b | Christos Stavrakakis | # |
| 98 | fd622d4b | Christos Stavrakakis | ## The maximum number of file path/content pairs that can be supplied on server |
| 99 | fd622d4b | Christos Stavrakakis | ## build |
| 100 | fd622d4b | Christos Stavrakakis | #MAX_PERSONALITY = 5 |
| 101 | fd622d4b | Christos Stavrakakis | # |
| 102 | fd622d4b | Christos Stavrakakis | ## The maximum size, in bytes, for each personality file |
| 103 | fd622d4b | Christos Stavrakakis | #MAX_PERSONALITY_SIZE = 10240 |
| 104 | fd622d4b | Christos Stavrakakis | # |
| 105 | fd622d4b | Christos Stavrakakis | # |
| 106 | e407f159 | Ilias Tsitsimpis | ## Authentication URL of the astakos instance to be used for user management |
| 107 | 6ce03057 | Giorgos Korfiatis | #ASTAKOS_AUTH_URL = 'https://accounts.example.synnefo.org/identity/v2.0' |
| 108 | fd622d4b | Christos Stavrakakis | # |
| 109 | fd622d4b | Christos Stavrakakis | ## Key for password encryption-decryption. After changing this setting, synnefo |
| 110 | fd622d4b | Christos Stavrakakis | ## will be unable to decrypt all existing Backend passwords. You will need to |
| 111 | fd622d4b | Christos Stavrakakis | ## store again the new password by using 'snf-manage backend-modify'. |
| 112 | fd622d4b | Christos Stavrakakis | ## SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not |
| 113 | fd622d4b | Christos Stavrakakis | ## supported. |
| 114 | fd622d4b | Christos Stavrakakis | #SECRET_ENCRYPTION_KEY= "Password Encryption Key" |
| 115 | fd622d4b | Christos Stavrakakis | # |
| 116 | fd622d4b | Christos Stavrakakis | ## Astakos service token |
| 117 | fd622d4b | Christos Stavrakakis | ## The token used for astakos service api calls (e.g. api to retrieve user email |
| 118 | fd622d4b | Christos Stavrakakis | ## using a user uuid) |
| 119 | 18c4414d | Giorgos Korfiatis | #CYCLADES_SERVICE_TOKEN = '' |
| 120 | 02f0cf8a | Kostas Papadimitriou | |
| 121 | e407f159 | Ilias Tsitsimpis | ## PROXY Astakos services under the following path |
| 122 | e407f159 | Ilias Tsitsimpis | #CYCLADES_PROXY_PREFIX = '_astakos' |
| 123 | b0c95903 | Giorgos Korfiatis | |
| 124 | b0c95903 | Giorgos Korfiatis | # Tune the size of the http connection pool to astakos. |
| 125 | b0c95903 | Giorgos Korfiatis | #CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50 |
| 126 | d328a525 | Christos Stavrakakis | # |
| 127 | d328a525 | Christos Stavrakakis | ## Template to use to build the FQDN of VMs. The setting will be formated with |
| 128 | 9cec0c17 | Christos Stavrakakis | ## the id of the VM. |
| 129 | d328a525 | Christos Stavrakakis | #CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org' |
| 130 | 2522e489 | Christos Stavrakakis | # |
| 131 | 2522e489 | Christos Stavrakakis | ## Description of applied port forwarding rules (DNAT) for Cyclades VMs. This |
| 132 | 2522e489 | Christos Stavrakakis | ## setting contains a mapping from the port of each VM to a tuple contaning the |
| 133 | 2522e489 | Christos Stavrakakis | ## destination IP/hostname and the new port: (host, port). Instead of a tuple a |
| 134 | 2522e489 | Christos Stavrakakis | ## python callable object may be used which must return such a tuple. The caller |
| 135 | 2522e489 | Christos Stavrakakis | ## will pass to the callable the following positional arguments, in the |
| 136 | 2522e489 | Christos Stavrakakis | ## following order: |
| 137 | 2522e489 | Christos Stavrakakis | ## * server_id: The ID of the VM in the DB |
| 138 | 2522e489 | Christos Stavrakakis | ## * ip_address: The IPv4 address of the public VM NIC |
| 139 | 2522e489 | Christos Stavrakakis | ## * fqdn: The FQDN of the VM |
| 140 | 2522e489 | Christos Stavrakakis | ## * user: The UUID of the owner of the VM |
| 141 | 2522e489 | Christos Stavrakakis | ## |
| 142 | 2522e489 | Christos Stavrakakis | ## Here is an example describing the mapping of the SSH port of all VMs to |
| 143 | 2522e489 | Christos Stavrakakis | ## the external address 'gate.example.synnefo.org' and port 60000+server_id. |
| 144 | 2522e489 | Christos Stavrakakis | ## e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \ |
| 145 | 2522e489 | Christos Stavrakakis | ## --dport (61000 # $(VM_ID)) -j DNAT --to-destination $(VM_IP):22 |
| 146 | 2522e489 | Christos Stavrakakis | ##CYCLADES_PORT_FORWARDING = {
|
| 147 | 2522e489 | Christos Stavrakakis | ## 22: lambda ip_address, server_id, fqdn, user: |
| 148 | 2522e489 | Christos Stavrakakis | ## ("gate.example.synnefo.org", 61000 + server_id),
|
| 149 | 2522e489 | Christos Stavrakakis | ##} |
| 150 | 2522e489 | Christos Stavrakakis | #CYCLADES_PORT_FORWARDING = {}
|
| 151 | f3c5f1df | Stratos Psomadakis | |
| 152 | f3c5f1df | Stratos Psomadakis | ## Extra configuration options required for snf-vncauthproxy (>=1.5) |
| 153 | f3c5f1df | Stratos Psomadakis | #CYCLADES_VNCAUTHPROXY_OPTS = {
|
| 154 | f3c5f1df | Stratos Psomadakis | # # These values are required for VNC console support. They should match a |
| 155 | f3c5f1df | Stratos Psomadakis | # # user / password configured in the snf-vncauthproxy authentication / users |
| 156 | f3c5f1df | Stratos Psomadakis | # # file (/var/lib/vncauthproxy/users). |
| 157 | f3c5f1df | Stratos Psomadakis | # 'auth_user': 'synnefo', |
| 158 | f3c5f1df | Stratos Psomadakis | # 'auth_password': 'secret_password', |
| 159 | f3c5f1df | Stratos Psomadakis | # # server_address and server_port should reflect the --listen-address and |
| 160 | f3c5f1df | Stratos Psomadakis | # # --listen-port options passed to the vncauthproxy daemon |
| 161 | f3c5f1df | Stratos Psomadakis | # 'server_address': '127.0.0.1', |
| 162 | f3c5f1df | Stratos Psomadakis | # 'server_port': 24999, |
| 163 | f3c5f1df | Stratos Psomadakis | # # Set to True to enable SSL support on the control socket. |
| 164 | f3c5f1df | Stratos Psomadakis | # 'enable_ssl': False, |
| 165 | f3c5f1df | Stratos Psomadakis | # # If you enabled SSL support for snf-vncauthproxy you can optionally |
| 166 | f3c5f1df | Stratos Psomadakis | # # provide a path to a CA file and enable strict checkfing for the server |
| 167 | f3c5f1df | Stratos Psomadakis | # # certficiate. |
| 168 | f3c5f1df | Stratos Psomadakis | # 'ca_cert': None, |
| 169 | f3c5f1df | Stratos Psomadakis | # 'strict': False, |
| 170 | f3c5f1df | Stratos Psomadakis | #} |