root / snf-cyclades-app / conf / 20-snf-cyclades-app-api.conf @ 210e5933
History | View | Annotate | Download (6.1 kB)
| 1 |
## -*- coding: utf-8 -*- |
|---|---|
| 2 |
## |
| 3 |
## API configuration |
| 4 |
###################### |
| 5 |
# |
| 6 |
# |
| 7 |
#DEBUG = False |
| 8 |
# |
| 9 |
## Top-level URL for deployment. Numerous other URLs depend on this. |
| 10 |
#CYCLADES_BASE_URL = "https://host:port/cyclades" |
| 11 |
# |
| 12 |
## The API will return HTTP Bad Request if the ?changes-since |
| 13 |
## parameter refers to a point in time more than POLL_LIMIT seconds ago. |
| 14 |
#POLL_LIMIT = 3600 |
| 15 |
# |
| 16 |
## |
| 17 |
## Network Configuration |
| 18 |
## |
| 19 |
# |
| 20 |
## CYCLADES_DEFAULT_SERVER_NETWORKS setting contains a list of networks to |
| 21 |
## connect a newly created server to, *if the user has not* specified them |
| 22 |
## explicitly in the POST /server API call. |
| 23 |
## Each member of the list may be a network UUID, a tuple of network UUIDs, |
| 24 |
## "SNF:ANY_PUBLIC_IPV4" [any public network with an IPv4 subnet defined], |
| 25 |
## "SNF:ANY_PUBLIC_IPV6 [any public network with only an IPV6 subnet defined], |
| 26 |
## or "SNF:ANY_PUBLIC" [any public network]. |
| 27 |
## |
| 28 |
## Access control and quota policy are enforced, just as if the user had |
| 29 |
## specified the value of CYCLADES_DEFAULT_SERVER_NETWORKS in the content |
| 30 |
## of the POST /call, after processing of "SNF:*" directives." |
| 31 |
#CYCLADES_DEFAULT_SERVER_NETWORKS = ["SNF:ANY_PUBLIC"] |
| 32 |
# |
| 33 |
## This setting contains a list of networks which every new server |
| 34 |
## will be forced to connect to, regardless of the contents of the POST |
| 35 |
## /servers call, or the value of CYCLADES_DEFAULT_SERVER_NETWORKS. |
| 36 |
## Its format is identical to that of CYCLADES_DEFAULT_SERVER_NETWORKS. |
| 37 |
# |
| 38 |
## WARNING: No access control or quota policy are enforced. |
| 39 |
## The server will get all IPv4/IPv6 addresses needed to connect to the |
| 40 |
## networks specified in CYCLADES_FORCED_SERVER_NETWORKS, regardless |
| 41 |
## of the state of the floating IP pool of the user, and without |
| 42 |
## allocating any floating IPs." |
| 43 |
#CYCLADES_FORCED_SERVER_NETWORKS = ["SNF:ANY_PUBLIC_IPV6"] |
| 44 |
# |
| 45 |
# |
| 46 |
## Maximum allowed network size for private networks. |
| 47 |
#MAX_CIDR_BLOCK = 22 |
| 48 |
# |
| 49 |
## Default settings used by network flavors |
| 50 |
#DEFAULT_MAC_PREFIX = 'aa:00:0' |
| 51 |
#DEFAULT_BRIDGE = 'br0' |
| 52 |
# |
| 53 |
## Network flavors that users are allowed to create through API requests |
| 54 |
#API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED'] |
| 55 |
# |
| 56 |
## Settings for IP_LESS_ROUTED network: |
| 57 |
## ----------------------------------- |
| 58 |
## In this case VMCs act as routers that forward the traffic to/from VMs, based |
| 59 |
## on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that |
| 60 |
## exist in every node, implenting an IP-less routed and proxy-arp setup. |
| 61 |
#DEFAULT_ROUTING_TABLE = 'snf_public' |
| 62 |
# |
| 63 |
## Settings for MAC_FILTERED network: |
| 64 |
## ------------------------------------------ |
| 65 |
## All networks of this type are bridged to the same bridge. Isolation between |
| 66 |
## networks is achieved by assigning a unique MAC-prefix to each network and |
| 67 |
## filtering packets via ebtables. |
| 68 |
#DEFAULT_MAC_FILTERED_BRIDGE = 'prv0' |
| 69 |
# |
| 70 |
# |
| 71 |
## Firewall tags should contain '%s' to be filled with the NIC |
| 72 |
## ID. |
| 73 |
#GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%s:protected' |
| 74 |
#GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%s:unprotected' |
| 75 |
#GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%s:limited' |
| 76 |
# |
| 77 |
## The default firewall profile that will be in effect if no tags are defined |
| 78 |
#DEFAULT_FIREWALL_PROFILE = 'DISABLED' |
| 79 |
# |
| 80 |
## Fixed mapping of user VMs to a specific backend. |
| 81 |
## e.g. BACKEND_PER_USER = {'example@synnefo.org': 2}
|
| 82 |
#BACKEND_PER_USER = {}
|
| 83 |
# |
| 84 |
# |
| 85 |
## URL templates for the stat graphs. |
| 86 |
## The API implementation replaces '%s' with the encrypted backend id. |
| 87 |
## FIXME: For now we do not encrypt the backend id. |
| 88 |
#CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png' |
| 89 |
#CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png' |
| 90 |
#NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png' |
| 91 |
#NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png' |
| 92 |
# |
| 93 |
## Recommended refresh period for server stats |
| 94 |
#STATS_REFRESH_PERIOD = 60 |
| 95 |
# |
| 96 |
## The maximum number of file path/content pairs that can be supplied on server |
| 97 |
## build |
| 98 |
#MAX_PERSONALITY = 5 |
| 99 |
# |
| 100 |
## The maximum size, in bytes, for each personality file |
| 101 |
#MAX_PERSONALITY_SIZE = 10240 |
| 102 |
# |
| 103 |
# |
| 104 |
## Top-level URL of the astakos instance to be used for user management |
| 105 |
#ASTAKOS_BASE_URL = 'https://accounts.example.synnefo.org/' |
| 106 |
# |
| 107 |
## Key for password encryption-decryption. After changing this setting, synnefo |
| 108 |
## will be unable to decrypt all existing Backend passwords. You will need to |
| 109 |
## store again the new password by using 'snf-manage backend-modify'. |
| 110 |
## SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not |
| 111 |
## supported. |
| 112 |
#SECRET_ENCRYPTION_KEY= "Password Encryption Key" |
| 113 |
# |
| 114 |
## Astakos service token |
| 115 |
## The token used for astakos service api calls (e.g. api to retrieve user email |
| 116 |
## using a user uuid) |
| 117 |
#CYCLADES_SERVICE_TOKEN = '' |
| 118 |
|
| 119 |
# Let cyclades proxy user specific api calls to astakos, via self served |
| 120 |
# endpoints. Set this to False if you deploy cyclades-app/astakos-app on the |
| 121 |
# same machine. |
| 122 |
#CYCLADES_PROXY_USER_SERVICES = True |
| 123 |
|
| 124 |
# Tune the size of the http connection pool to astakos. |
| 125 |
#CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50 |
| 126 |
# |
| 127 |
## Template to use to build the FQDN of VMs. The setting will be formated with |
| 128 |
## the id of the VM. If set to 'None' the first public IPv4 or IPv6 address |
| 129 |
## of the VM will be used. |
| 130 |
#CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org' |
| 131 |
# |
| 132 |
## Description of applied port forwarding rules (DNAT) for Cyclades VMs. This |
| 133 |
## setting contains a mapping from the port of each VM to a tuple contaning the |
| 134 |
## destination IP/hostname and the new port: (host, port). Instead of a tuple a |
| 135 |
## python callable object may be used which must return such a tuple. The caller |
| 136 |
## will pass to the callable the following positional arguments, in the |
| 137 |
## following order: |
| 138 |
## * server_id: The ID of the VM in the DB |
| 139 |
## * ip_address: The IPv4 address of the public VM NIC |
| 140 |
## * fqdn: The FQDN of the VM |
| 141 |
## * user: The UUID of the owner of the VM |
| 142 |
## |
| 143 |
## Here is an example describing the mapping of the SSH port of all VMs to |
| 144 |
## the external address 'gate.example.synnefo.org' and port 60000+server_id. |
| 145 |
## e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \ |
| 146 |
## --dport (61000 # $(VM_ID)) -j DNAT --to-destination $(VM_IP):22 |
| 147 |
##CYCLADES_PORT_FORWARDING = {
|
| 148 |
## 22: lambda ip_address, server_id, fqdn, user: |
| 149 |
## ("gate.example.synnefo.org", 61000 + server_id),
|
| 150 |
##} |
| 151 |
#CYCLADES_PORT_FORWARDING = {}
|