root / snf-cyclades-app / synnefo / app_settings / default / api.py @ 3aecadc8
History | View | Annotate | Download (6 kB)
| 1 |
# -*- coding: utf-8 -*-
|
|---|---|
| 2 |
#
|
| 3 |
# API configuration
|
| 4 |
#####################
|
| 5 |
|
| 6 |
|
| 7 |
DEBUG = False
|
| 8 |
|
| 9 |
# Top-level URL for deployment. Numerous other URLs depend on this.
|
| 10 |
CYCLADES_BASE_URL = "https://compute.example.synnefo.org/compute/"
|
| 11 |
|
| 12 |
# The API will return HTTP Bad Request if the ?changes-since
|
| 13 |
# parameter refers to a point in time more than POLL_LIMIT seconds ago.
|
| 14 |
POLL_LIMIT = 3600
|
| 15 |
|
| 16 |
#
|
| 17 |
# Network Configuration
|
| 18 |
#
|
| 19 |
|
| 20 |
# CYCLADES_DEFAULT_SERVER_NETWORKS setting contains a list of networks to
|
| 21 |
# connect a newly created server to, *if the user has not* specified them
|
| 22 |
# explicitly in the POST /server API call.
|
| 23 |
# Each member of the list may be a network UUID, a tuple of network UUIDs,
|
| 24 |
# "SNF:ANY_PUBLIC_IPV4" [any public network with an IPv4 subnet defined],
|
| 25 |
# "SNF:ANY_PUBLIC_IPV6 [any public network with only an IPV6 subnet defined],
|
| 26 |
# or "SNF:ANY_PUBLIC" [any public network].
|
| 27 |
#
|
| 28 |
# Access control and quota policy are enforced, just as if the user had
|
| 29 |
# specified the value of CYCLADES_DEFAULT_SERVER_NETWORKS in the content
|
| 30 |
# of the POST /call, after processing of "SNF:*" directives."
|
| 31 |
CYCLADES_DEFAULT_SERVER_NETWORKS = ["SNF:ANY_PUBLIC"]
|
| 32 |
|
| 33 |
# This setting contains a list of networks which every new server
|
| 34 |
# will be forced to connect to, regardless of the contents of the POST
|
| 35 |
# /servers call, or the value of CYCLADES_DEFAULT_SERVER_NETWORKS.
|
| 36 |
# Its format is identical to that of CYCLADES_DEFAULT_SERVER_NETWORKS.
|
| 37 |
|
| 38 |
# WARNING: No access control or quota policy are enforced.
|
| 39 |
# The server will get all IPv4/IPv6 addresses needed to connect to the
|
| 40 |
# networks specified in CYCLADES_FORCED_SERVER_NETWORKS, regardless
|
| 41 |
# of the state of the floating IP pool of the user, and without
|
| 42 |
# allocating any floating IPs."
|
| 43 |
CYCLADES_FORCED_SERVER_NETWORKS = ["SNF:ANY_PUBLIC_IPV6"]
|
| 44 |
|
| 45 |
# Maximum allowed network size for private networks.
|
| 46 |
MAX_CIDR_BLOCK = 22
|
| 47 |
|
| 48 |
# Default settings used by network flavors
|
| 49 |
DEFAULT_MAC_PREFIX = 'aa:00:0'
|
| 50 |
DEFAULT_BRIDGE = 'br0'
|
| 51 |
|
| 52 |
# Network flavors that users are allowed to create through API requests
|
| 53 |
API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED']
|
| 54 |
|
| 55 |
# Settings for IP_LESS_ROUTED network:
|
| 56 |
# -----------------------------------
|
| 57 |
# In this case VMCs act as routers that forward the traffic to/from VMs, based
|
| 58 |
# on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that
|
| 59 |
# exist in every node, implenting an IP-less routed and proxy-arp setup.
|
| 60 |
DEFAULT_ROUTING_TABLE = 'snf_public'
|
| 61 |
|
| 62 |
# Settings for MAC_FILTERED network:
|
| 63 |
# ------------------------------------------
|
| 64 |
# All networks of this type are bridged to the same bridge. Isolation between
|
| 65 |
# networks is achieved by assigning a unique MAC-prefix to each network and
|
| 66 |
# filtering packets via ebtables.
|
| 67 |
DEFAULT_MAC_FILTERED_BRIDGE = 'prv0'
|
| 68 |
|
| 69 |
|
| 70 |
# Firewalling. Firewall tags should contain '%d' to be filled with the NIC
|
| 71 |
# ID.
|
| 72 |
GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%s:protected'
|
| 73 |
GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%s:unprotected'
|
| 74 |
GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%s:limited'
|
| 75 |
|
| 76 |
# The default firewall profile that will be in effect if no tags are defined
|
| 77 |
DEFAULT_FIREWALL_PROFILE = 'DISABLED'
|
| 78 |
|
| 79 |
# Fixed mapping of user VMs to a specific backend.
|
| 80 |
# e.g. BACKEND_PER_USER = {'example@synnefo.org': 2}
|
| 81 |
BACKEND_PER_USER = {}
|
| 82 |
|
| 83 |
|
| 84 |
# URL templates for the stat graphs.
|
| 85 |
# The API implementation replaces '%s' with the encrypted backend id.
|
| 86 |
# FIXME: For now we do not encrypt the backend id.
|
| 87 |
CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png'
|
| 88 |
CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png'
|
| 89 |
NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png'
|
| 90 |
NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png'
|
| 91 |
|
| 92 |
# Recommended refresh period for server stats
|
| 93 |
STATS_REFRESH_PERIOD = 60
|
| 94 |
|
| 95 |
# The maximum number of file path/content pairs that can be supplied on server
|
| 96 |
# build
|
| 97 |
MAX_PERSONALITY = 5
|
| 98 |
|
| 99 |
# The maximum size, in bytes, for each personality file
|
| 100 |
MAX_PERSONALITY_SIZE = 10240
|
| 101 |
|
| 102 |
|
| 103 |
# Top-level URL of the astakos instance to be used for user management
|
| 104 |
ASTAKOS_BASE_URL = 'https://accounts.example.synnefo.org/'
|
| 105 |
|
| 106 |
# Tune the size of the Astakos http client connection pool
|
| 107 |
# This limit the number of concurrent requests to Astakos.
|
| 108 |
CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50
|
| 109 |
|
| 110 |
# Key for password encryption-decryption. After changing this setting, synnefo
|
| 111 |
# will be unable to decrypt all existing Backend passwords. You will need to
|
| 112 |
# store again the new password by using 'snf-manage backend-modify'.
|
| 113 |
# SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not
|
| 114 |
# supported.
|
| 115 |
SECRET_ENCRYPTION_KEY = "Password Encryption Key"
|
| 116 |
|
| 117 |
# Astakos service token
|
| 118 |
# The token used for astakos service api calls (e.g. api to retrieve user email
|
| 119 |
# using a user uuid)
|
| 120 |
CYCLADES_SERVICE_TOKEN = ''
|
| 121 |
|
| 122 |
# Let cyclades proxy user specific api calls to astakos, via self served
|
| 123 |
# endpoints. Set this to False if you deploy cyclades-app/astakos-app on the
|
| 124 |
# same machine.
|
| 125 |
CYCLADES_PROXY_USER_SERVICES = True
|
| 126 |
|
| 127 |
# Template to use to build the FQDN of VMs. The setting will be formated with
|
| 128 |
# the id of the VM. If set to 'None' the first public IPv4 or IPv6 address
|
| 129 |
# of the VM will be used.
|
| 130 |
CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org'
|
| 131 |
|
| 132 |
# Description of applied port forwarding rules (DNAT) for Cyclades VMs. This
|
| 133 |
# setting contains a mapping from the port of each VM to a tuple contaning the
|
| 134 |
# destination IP/hostname and the new port: (host, port). Instead of a tuple a
|
| 135 |
# python callable object may be used which must return such a tuple. The caller
|
| 136 |
# will pass to the callable the following positional arguments, in the
|
| 137 |
# following order:
|
| 138 |
# * server_id: The ID of the VM in the DB
|
| 139 |
# * ip_address: The IPv4 address of the public VM NIC
|
| 140 |
# * fqdn: The FQDN of the VM
|
| 141 |
# * user: The UUID of the owner of the VM
|
| 142 |
#
|
| 143 |
# Here is an example describing the mapping of the SSH port of all VMs to
|
| 144 |
# the external address 'gate.example.synnefo.org' and port 60000+server_id.
|
| 145 |
# e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \
|
| 146 |
# --dport (61000 + $(VM_ID)) -j DNAT --to-destination $(VM_IP):22
|
| 147 |
#CYCLADES_PORT_FORWARDING = {
|
| 148 |
# 22: lambda ip_address, server_id, fqdn, user:
|
| 149 |
# ("gate.example.synnefo.org", 61000 + server_id),
|
| 150 |
#}
|
| 151 |
CYCLADES_PORT_FORWARDING = {}
|