root / snf-cyclades-app / conf / 20-snf-cyclades-app-api.conf @ 18cb3999
History | View | Annotate | Download (6.8 kB)
1 | fd622d4b | Christos Stavrakakis | ## -*- coding: utf-8 -*- |
---|---|---|---|
2 | fd622d4b | Christos Stavrakakis | ## |
3 | fd622d4b | Christos Stavrakakis | ## API configuration |
4 | fd622d4b | Christos Stavrakakis | ###################### |
5 | fd622d4b | Christos Stavrakakis | # |
6 | fd622d4b | Christos Stavrakakis | # |
7 | fd622d4b | Christos Stavrakakis | #DEBUG = False |
8 | fd622d4b | Christos Stavrakakis | # |
9 | fd622d4b | Christos Stavrakakis | ## Top-level URL for deployment. Numerous other URLs depend on this. |
10 | e3ff6830 | Georgios D. Tsoukalas | #CYCLADES_BASE_URL = "https://host:port/cyclades" |
11 | fd622d4b | Christos Stavrakakis | # |
12 | fd622d4b | Christos Stavrakakis | ## The API will return HTTP Bad Request if the ?changes-since |
13 | fd622d4b | Christos Stavrakakis | ## parameter refers to a point in time more than POLL_LIMIT seconds ago. |
14 | fd622d4b | Christos Stavrakakis | #POLL_LIMIT = 3600 |
15 | fd622d4b | Christos Stavrakakis | # |
16 | bda47e03 | Christos Stavrakakis | ## Astakos groups that have access to '/admin' views. |
17 | bda47e03 | Christos Stavrakakis | #ADMIN_STATS_PERMITTED_GROUPS = ["admin-stats"] |
18 | bda47e03 | Christos Stavrakakis | # |
19 | fd622d4b | Christos Stavrakakis | ## |
20 | fd622d4b | Christos Stavrakakis | ## Network Configuration |
21 | fd622d4b | Christos Stavrakakis | ## |
22 | fd622d4b | Christos Stavrakakis | # |
23 | 3aecadc8 | Christos Stavrakakis | ## CYCLADES_DEFAULT_SERVER_NETWORKS setting contains a list of networks to |
24 | 3aecadc8 | Christos Stavrakakis | ## connect a newly created server to, *if the user has not* specified them |
25 | 3aecadc8 | Christos Stavrakakis | ## explicitly in the POST /server API call. |
26 | 3aecadc8 | Christos Stavrakakis | ## Each member of the list may be a network UUID, a tuple of network UUIDs, |
27 | 3aecadc8 | Christos Stavrakakis | ## "SNF:ANY_PUBLIC_IPV4" [any public network with an IPv4 subnet defined], |
28 | 3aecadc8 | Christos Stavrakakis | ## "SNF:ANY_PUBLIC_IPV6 [any public network with only an IPV6 subnet defined], |
29 | 3aecadc8 | Christos Stavrakakis | ## or "SNF:ANY_PUBLIC" [any public network]. |
30 | 3aecadc8 | Christos Stavrakakis | ## |
31 | 3aecadc8 | Christos Stavrakakis | ## Access control and quota policy are enforced, just as if the user had |
32 | 3aecadc8 | Christos Stavrakakis | ## specified the value of CYCLADES_DEFAULT_SERVER_NETWORKS in the content |
33 | 3aecadc8 | Christos Stavrakakis | ## of the POST /call, after processing of "SNF:*" directives." |
34 | 7fccf095 | Christos Stavrakakis | #CYCLADES_DEFAULT_SERVER_NETWORKS = [] |
35 | 3aecadc8 | Christos Stavrakakis | # |
36 | 3aecadc8 | Christos Stavrakakis | ## This setting contains a list of networks which every new server |
37 | 3aecadc8 | Christos Stavrakakis | ## will be forced to connect to, regardless of the contents of the POST |
38 | 3aecadc8 | Christos Stavrakakis | ## /servers call, or the value of CYCLADES_DEFAULT_SERVER_NETWORKS. |
39 | 3aecadc8 | Christos Stavrakakis | ## Its format is identical to that of CYCLADES_DEFAULT_SERVER_NETWORKS. |
40 | 3aecadc8 | Christos Stavrakakis | # |
41 | 3aecadc8 | Christos Stavrakakis | ## WARNING: No access control or quota policy are enforced. |
42 | 3aecadc8 | Christos Stavrakakis | ## The server will get all IPv4/IPv6 addresses needed to connect to the |
43 | 3aecadc8 | Christos Stavrakakis | ## networks specified in CYCLADES_FORCED_SERVER_NETWORKS, regardless |
44 | 3aecadc8 | Christos Stavrakakis | ## of the state of the floating IP pool of the user, and without |
45 | 3aecadc8 | Christos Stavrakakis | ## allocating any floating IPs." |
46 | 7fccf095 | Christos Stavrakakis | #CYCLADES_FORCED_SERVER_NETWORKS = [] |
47 | 9446e7e5 | Christos Stavrakakis | # |
48 | 9446e7e5 | Christos Stavrakakis | # |
49 | fd622d4b | Christos Stavrakakis | ## Maximum allowed network size for private networks. |
50 | fd622d4b | Christos Stavrakakis | #MAX_CIDR_BLOCK = 22 |
51 | fd622d4b | Christos Stavrakakis | # |
52 | fd622d4b | Christos Stavrakakis | ## Default settings used by network flavors |
53 | fd622d4b | Christos Stavrakakis | #DEFAULT_MAC_PREFIX = 'aa:00:0' |
54 | fd622d4b | Christos Stavrakakis | #DEFAULT_BRIDGE = 'br0' |
55 | fd622d4b | Christos Stavrakakis | # |
56 | fd622d4b | Christos Stavrakakis | ## Network flavors that users are allowed to create through API requests |
57 | e4def9d6 | Christos Stavrakakis | ## Available flavors are IP_LESS_ROUTED, MAC_FILTERED, PHYSICAL_VLAN |
58 | fd622d4b | Christos Stavrakakis | #API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED'] |
59 | fd622d4b | Christos Stavrakakis | # |
60 | fd622d4b | Christos Stavrakakis | # |
61 | fd622d4b | Christos Stavrakakis | ## Settings for MAC_FILTERED network: |
62 | fd622d4b | Christos Stavrakakis | ## ------------------------------------------ |
63 | fd622d4b | Christos Stavrakakis | ## All networks of this type are bridged to the same bridge. Isolation between |
64 | fd622d4b | Christos Stavrakakis | ## networks is achieved by assigning a unique MAC-prefix to each network and |
65 | fd622d4b | Christos Stavrakakis | ## filtering packets via ebtables. |
66 | fd622d4b | Christos Stavrakakis | #DEFAULT_MAC_FILTERED_BRIDGE = 'prv0' |
67 | fd622d4b | Christos Stavrakakis | # |
68 | fd622d4b | Christos Stavrakakis | # |
69 | d0545590 | Christos Stavrakakis | ## Firewall tags should contain '%s' to be filled with the NIC |
70 | d0545590 | Christos Stavrakakis | ## ID. |
71 | d0545590 | Christos Stavrakakis | #GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%s:protected' |
72 | d0545590 | Christos Stavrakakis | #GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%s:unprotected' |
73 | d0545590 | Christos Stavrakakis | #GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%s:limited' |
74 | fd622d4b | Christos Stavrakakis | # |
75 | fd622d4b | Christos Stavrakakis | ## The default firewall profile that will be in effect if no tags are defined |
76 | fd622d4b | Christos Stavrakakis | #DEFAULT_FIREWALL_PROFILE = 'DISABLED' |
77 | fd622d4b | Christos Stavrakakis | # |
78 | fd622d4b | Christos Stavrakakis | ## Fixed mapping of user VMs to a specific backend. |
79 | 8c26221c | Olga Brani | ## e.g. BACKEND_PER_USER = {'example@synnefo.org': 2} |
80 | fd622d4b | Christos Stavrakakis | #BACKEND_PER_USER = {} |
81 | fd622d4b | Christos Stavrakakis | # |
82 | fd622d4b | Christos Stavrakakis | # |
83 | bd16bf3e | Stratos Psomadakis | ## Encryption key for the instance hostname in the stat graphs URLs. Set it to |
84 | bd16bf3e | Stratos Psomadakis | ## a random string and update the STATS_SECRET_KEY setting in the snf-stats-app |
85 | bd16bf3e | Stratos Psomadakis | ## host (20-snf-stats-app-settings.conf) accordingly. |
86 | bd16bf3e | Stratos Psomadakis | #CYCLADES_STATS_SECRET_KEY = "secret key" |
87 | bd16bf3e | Stratos Psomadakis | # |
88 | fd622d4b | Christos Stavrakakis | ## URL templates for the stat graphs. |
89 | fd622d4b | Christos Stavrakakis | ## The API implementation replaces '%s' with the encrypted backend id. |
90 | bd16bf3e | Stratos Psomadakis | #CPU_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-bar/%s' |
91 | bd16bf3e | Stratos Psomadakis | #CPU_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-ts/%s' |
92 | bd16bf3e | Stratos Psomadakis | #NET_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/net-bar/stats/v1.0/%s' |
93 | bd16bf3e | Stratos Psomadakis | #NET_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/net-ts/%s' |
94 | fd622d4b | Christos Stavrakakis | # |
95 | fd622d4b | Christos Stavrakakis | ## Recommended refresh period for server stats |
96 | fd622d4b | Christos Stavrakakis | #STATS_REFRESH_PERIOD = 60 |
97 | fd622d4b | Christos Stavrakakis | # |
98 | fd622d4b | Christos Stavrakakis | ## The maximum number of file path/content pairs that can be supplied on server |
99 | fd622d4b | Christos Stavrakakis | ## build |
100 | fd622d4b | Christos Stavrakakis | #MAX_PERSONALITY = 5 |
101 | fd622d4b | Christos Stavrakakis | # |
102 | fd622d4b | Christos Stavrakakis | ## The maximum size, in bytes, for each personality file |
103 | fd622d4b | Christos Stavrakakis | #MAX_PERSONALITY_SIZE = 10240 |
104 | fd622d4b | Christos Stavrakakis | # |
105 | fd622d4b | Christos Stavrakakis | # |
106 | e407f159 | Ilias Tsitsimpis | ## Authentication URL of the astakos instance to be used for user management |
107 | 6ce03057 | Giorgos Korfiatis | #ASTAKOS_AUTH_URL = 'https://accounts.example.synnefo.org/identity/v2.0' |
108 | fd622d4b | Christos Stavrakakis | # |
109 | fd622d4b | Christos Stavrakakis | ## Key for password encryption-decryption. After changing this setting, synnefo |
110 | fd622d4b | Christos Stavrakakis | ## will be unable to decrypt all existing Backend passwords. You will need to |
111 | fd622d4b | Christos Stavrakakis | ## store again the new password by using 'snf-manage backend-modify'. |
112 | fd622d4b | Christos Stavrakakis | ## SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not |
113 | fd622d4b | Christos Stavrakakis | ## supported. |
114 | fd622d4b | Christos Stavrakakis | #SECRET_ENCRYPTION_KEY= "Password Encryption Key" |
115 | fd622d4b | Christos Stavrakakis | # |
116 | fd622d4b | Christos Stavrakakis | ## Astakos service token |
117 | fd622d4b | Christos Stavrakakis | ## The token used for astakos service api calls (e.g. api to retrieve user email |
118 | fd622d4b | Christos Stavrakakis | ## using a user uuid) |
119 | 18c4414d | Giorgos Korfiatis | #CYCLADES_SERVICE_TOKEN = '' |
120 | 02f0cf8a | Kostas Papadimitriou | |
121 | e407f159 | Ilias Tsitsimpis | ## PROXY Astakos services under the following path |
122 | e407f159 | Ilias Tsitsimpis | #CYCLADES_PROXY_PREFIX = '_astakos' |
123 | b0c95903 | Giorgos Korfiatis | |
124 | b0c95903 | Giorgos Korfiatis | # Tune the size of the http connection pool to astakos. |
125 | b0c95903 | Giorgos Korfiatis | #CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50 |
126 | d328a525 | Christos Stavrakakis | # |
127 | d328a525 | Christos Stavrakakis | ## Template to use to build the FQDN of VMs. The setting will be formated with |
128 | 9cec0c17 | Christos Stavrakakis | ## the id of the VM. |
129 | d328a525 | Christos Stavrakakis | #CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org' |
130 | 2522e489 | Christos Stavrakakis | # |
131 | 2522e489 | Christos Stavrakakis | ## Description of applied port forwarding rules (DNAT) for Cyclades VMs. This |
132 | 2522e489 | Christos Stavrakakis | ## setting contains a mapping from the port of each VM to a tuple contaning the |
133 | 2522e489 | Christos Stavrakakis | ## destination IP/hostname and the new port: (host, port). Instead of a tuple a |
134 | 2522e489 | Christos Stavrakakis | ## python callable object may be used which must return such a tuple. The caller |
135 | 2522e489 | Christos Stavrakakis | ## will pass to the callable the following positional arguments, in the |
136 | 2522e489 | Christos Stavrakakis | ## following order: |
137 | 2522e489 | Christos Stavrakakis | ## * server_id: The ID of the VM in the DB |
138 | 2522e489 | Christos Stavrakakis | ## * ip_address: The IPv4 address of the public VM NIC |
139 | 2522e489 | Christos Stavrakakis | ## * fqdn: The FQDN of the VM |
140 | 2522e489 | Christos Stavrakakis | ## * user: The UUID of the owner of the VM |
141 | 2522e489 | Christos Stavrakakis | ## |
142 | 2522e489 | Christos Stavrakakis | ## Here is an example describing the mapping of the SSH port of all VMs to |
143 | 2522e489 | Christos Stavrakakis | ## the external address 'gate.example.synnefo.org' and port 60000+server_id. |
144 | 2522e489 | Christos Stavrakakis | ## e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \ |
145 | 2522e489 | Christos Stavrakakis | ## --dport (61000 # $(VM_ID)) -j DNAT --to-destination $(VM_IP):22 |
146 | 2522e489 | Christos Stavrakakis | ##CYCLADES_PORT_FORWARDING = { |
147 | 2522e489 | Christos Stavrakakis | ## 22: lambda ip_address, server_id, fqdn, user: |
148 | 2522e489 | Christos Stavrakakis | ## ("gate.example.synnefo.org", 61000 + server_id), |
149 | 2522e489 | Christos Stavrakakis | ##} |
150 | 2522e489 | Christos Stavrakakis | #CYCLADES_PORT_FORWARDING = {} |
151 | f3c5f1df | Stratos Psomadakis | |
152 | f3c5f1df | Stratos Psomadakis | ## Extra configuration options required for snf-vncauthproxy (>=1.5) |
153 | f3c5f1df | Stratos Psomadakis | #CYCLADES_VNCAUTHPROXY_OPTS = { |
154 | f3c5f1df | Stratos Psomadakis | # # These values are required for VNC console support. They should match a |
155 | f3c5f1df | Stratos Psomadakis | # # user / password configured in the snf-vncauthproxy authentication / users |
156 | f3c5f1df | Stratos Psomadakis | # # file (/var/lib/vncauthproxy/users). |
157 | f3c5f1df | Stratos Psomadakis | # 'auth_user': 'synnefo', |
158 | f3c5f1df | Stratos Psomadakis | # 'auth_password': 'secret_password', |
159 | f3c5f1df | Stratos Psomadakis | # # server_address and server_port should reflect the --listen-address and |
160 | f3c5f1df | Stratos Psomadakis | # # --listen-port options passed to the vncauthproxy daemon |
161 | f3c5f1df | Stratos Psomadakis | # 'server_address': '127.0.0.1', |
162 | f3c5f1df | Stratos Psomadakis | # 'server_port': 24999, |
163 | f3c5f1df | Stratos Psomadakis | # # Set to True to enable SSL support on the control socket. |
164 | f3c5f1df | Stratos Psomadakis | # 'enable_ssl': False, |
165 | f3c5f1df | Stratos Psomadakis | # # If you enabled SSL support for snf-vncauthproxy you can optionally |
166 | f3c5f1df | Stratos Psomadakis | # # provide a path to a CA file and enable strict checkfing for the server |
167 | f3c5f1df | Stratos Psomadakis | # # certficiate. |
168 | f3c5f1df | Stratos Psomadakis | # 'ca_cert': None, |
169 | f3c5f1df | Stratos Psomadakis | # 'strict': False, |
170 | f3c5f1df | Stratos Psomadakis | #} |