Statistics
| Branch: | Tag: | Revision:

root / snf-cyclades-app / conf / 20-snf-cyclades-app-api.conf @ 4a769fc0

History | View | Annotate | Download (6.1 kB)

1 fd622d4b Christos Stavrakakis
## -*- coding: utf-8 -*-
2 fd622d4b Christos Stavrakakis
##
3 fd622d4b Christos Stavrakakis
## API configuration
4 fd622d4b Christos Stavrakakis
######################
5 fd622d4b Christos Stavrakakis
#
6 fd622d4b Christos Stavrakakis
#
7 fd622d4b Christos Stavrakakis
#DEBUG = False
8 fd622d4b Christos Stavrakakis
#
9 fd622d4b Christos Stavrakakis
## Top-level URL for deployment. Numerous other URLs depend on this.
10 e3ff6830 Georgios D. Tsoukalas
#CYCLADES_BASE_URL = "https://host:port/cyclades"
11 fd622d4b Christos Stavrakakis
#
12 fd622d4b Christos Stavrakakis
## The API will return HTTP Bad Request if the ?changes-since
13 fd622d4b Christos Stavrakakis
## parameter refers to a point in time more than POLL_LIMIT seconds ago.
14 fd622d4b Christos Stavrakakis
#POLL_LIMIT = 3600
15 fd622d4b Christos Stavrakakis
#
16 bda47e03 Christos Stavrakakis
## Astakos groups that have access to '/admin' views.
17 bda47e03 Christos Stavrakakis
#ADMIN_STATS_PERMITTED_GROUPS = ["admin-stats"]
18 bda47e03 Christos Stavrakakis
#
19 fd622d4b Christos Stavrakakis
##
20 fd622d4b Christos Stavrakakis
## Network Configuration
21 fd622d4b Christos Stavrakakis
##
22 fd622d4b Christos Stavrakakis
#
23 3aecadc8 Christos Stavrakakis
## CYCLADES_DEFAULT_SERVER_NETWORKS setting contains a list of networks to
24 3aecadc8 Christos Stavrakakis
## connect a newly created server to, *if the user has not* specified them
25 3aecadc8 Christos Stavrakakis
## explicitly in the POST /server API call.
26 3aecadc8 Christos Stavrakakis
## Each member of the list may be a network UUID, a tuple of network UUIDs,
27 3aecadc8 Christos Stavrakakis
## "SNF:ANY_PUBLIC_IPV4" [any public network with an IPv4 subnet defined],
28 3aecadc8 Christos Stavrakakis
## "SNF:ANY_PUBLIC_IPV6 [any public network with only an IPV6 subnet defined],
29 3aecadc8 Christos Stavrakakis
##  or "SNF:ANY_PUBLIC" [any public network].
30 3aecadc8 Christos Stavrakakis
##
31 3aecadc8 Christos Stavrakakis
## Access control and quota policy are enforced, just as if the user had
32 3aecadc8 Christos Stavrakakis
## specified the value of CYCLADES_DEFAULT_SERVER_NETWORKS in the content
33 3aecadc8 Christos Stavrakakis
## of the POST /call, after processing of "SNF:*" directives."
34 3aecadc8 Christos Stavrakakis
#CYCLADES_DEFAULT_SERVER_NETWORKS = ["SNF:ANY_PUBLIC"]
35 3aecadc8 Christos Stavrakakis
#
36 3aecadc8 Christos Stavrakakis
## This setting contains a list of networks which every new server
37 3aecadc8 Christos Stavrakakis
## will be forced to connect to, regardless of the contents of the POST
38 3aecadc8 Christos Stavrakakis
## /servers call, or the value of CYCLADES_DEFAULT_SERVER_NETWORKS.
39 3aecadc8 Christos Stavrakakis
## Its format is identical to that of CYCLADES_DEFAULT_SERVER_NETWORKS.
40 3aecadc8 Christos Stavrakakis
#
41 3aecadc8 Christos Stavrakakis
## WARNING: No access control or quota policy are enforced.
42 3aecadc8 Christos Stavrakakis
## The server will get all IPv4/IPv6 addresses needed to connect to the
43 3aecadc8 Christos Stavrakakis
## networks specified in CYCLADES_FORCED_SERVER_NETWORKS, regardless
44 3aecadc8 Christos Stavrakakis
## of the state of the floating IP pool of the user, and without
45 3aecadc8 Christos Stavrakakis
## allocating any floating IPs."
46 3aecadc8 Christos Stavrakakis
#CYCLADES_FORCED_SERVER_NETWORKS = ["SNF:ANY_PUBLIC_IPV6"]
47 9446e7e5 Christos Stavrakakis
#
48 9446e7e5 Christos Stavrakakis
#
49 fd622d4b Christos Stavrakakis
## Maximum allowed network size for private networks.
50 fd622d4b Christos Stavrakakis
#MAX_CIDR_BLOCK = 22
51 fd622d4b Christos Stavrakakis
#
52 fd622d4b Christos Stavrakakis
## Default settings used by network flavors
53 fd622d4b Christos Stavrakakis
#DEFAULT_MAC_PREFIX = 'aa:00:0'
54 fd622d4b Christos Stavrakakis
#DEFAULT_BRIDGE = 'br0'
55 fd622d4b Christos Stavrakakis
#
56 fd622d4b Christos Stavrakakis
## Network flavors that users are allowed to create through API requests
57 fd622d4b Christos Stavrakakis
#API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED']
58 fd622d4b Christos Stavrakakis
#
59 fd622d4b Christos Stavrakakis
## Settings for IP_LESS_ROUTED network:
60 fd622d4b Christos Stavrakakis
## -----------------------------------
61 fd622d4b Christos Stavrakakis
## In this case VMCs act as routers that forward the traffic to/from VMs, based
62 fd622d4b Christos Stavrakakis
## on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that
63 fd622d4b Christos Stavrakakis
## exist in every node, implenting an IP-less routed and proxy-arp setup.
64 fd622d4b Christos Stavrakakis
#DEFAULT_ROUTING_TABLE = 'snf_public'
65 fd622d4b Christos Stavrakakis
#
66 fd622d4b Christos Stavrakakis
## Settings for MAC_FILTERED network:
67 fd622d4b Christos Stavrakakis
## ------------------------------------------
68 fd622d4b Christos Stavrakakis
## All networks of this type are bridged to the same bridge. Isolation between
69 fd622d4b Christos Stavrakakis
## networks is achieved by assigning a unique MAC-prefix to each network and
70 fd622d4b Christos Stavrakakis
## filtering packets via ebtables.
71 fd622d4b Christos Stavrakakis
#DEFAULT_MAC_FILTERED_BRIDGE = 'prv0'
72 fd622d4b Christos Stavrakakis
#
73 fd622d4b Christos Stavrakakis
#
74 d0545590 Christos Stavrakakis
## Firewall tags should contain '%s' to be filled with the NIC
75 d0545590 Christos Stavrakakis
## ID.
76 d0545590 Christos Stavrakakis
#GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%s:protected'
77 d0545590 Christos Stavrakakis
#GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%s:unprotected'
78 d0545590 Christos Stavrakakis
#GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%s:limited'
79 fd622d4b Christos Stavrakakis
#
80 fd622d4b Christos Stavrakakis
## The default firewall profile that will be in effect if no tags are defined
81 fd622d4b Christos Stavrakakis
#DEFAULT_FIREWALL_PROFILE = 'DISABLED'
82 fd622d4b Christos Stavrakakis
#
83 fd622d4b Christos Stavrakakis
## Fixed mapping of user VMs to a specific backend.
84 8c26221c Olga Brani
## e.g. BACKEND_PER_USER = {'example@synnefo.org': 2}
85 fd622d4b Christos Stavrakakis
#BACKEND_PER_USER = {}
86 fd622d4b Christos Stavrakakis
#
87 fd622d4b Christos Stavrakakis
#
88 fd622d4b Christos Stavrakakis
## URL templates for the stat graphs.
89 fd622d4b Christos Stavrakakis
## The API implementation replaces '%s' with the encrypted backend id.
90 fd622d4b Christos Stavrakakis
## FIXME: For now we do not encrypt the backend id.
91 8c26221c Olga Brani
#CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png'
92 8c26221c Olga Brani
#CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png'
93 8c26221c Olga Brani
#NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png'
94 8c26221c Olga Brani
#NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png'
95 fd622d4b Christos Stavrakakis
#
96 fd622d4b Christos Stavrakakis
## Recommended refresh period for server stats
97 fd622d4b Christos Stavrakakis
#STATS_REFRESH_PERIOD = 60
98 fd622d4b Christos Stavrakakis
#
99 fd622d4b Christos Stavrakakis
## The maximum number of file path/content pairs that can be supplied on server
100 fd622d4b Christos Stavrakakis
## build
101 fd622d4b Christos Stavrakakis
#MAX_PERSONALITY = 5
102 fd622d4b Christos Stavrakakis
#
103 fd622d4b Christos Stavrakakis
## The maximum size, in bytes, for each personality file
104 fd622d4b Christos Stavrakakis
#MAX_PERSONALITY_SIZE = 10240
105 fd622d4b Christos Stavrakakis
#
106 fd622d4b Christos Stavrakakis
#
107 e407f159 Ilias Tsitsimpis
## Authentication URL of the astakos instance to be used for user management
108 6ce03057 Giorgos Korfiatis
#ASTAKOS_AUTH_URL = 'https://accounts.example.synnefo.org/identity/v2.0'
109 fd622d4b Christos Stavrakakis
#
110 fd622d4b Christos Stavrakakis
## Key for password encryption-decryption. After changing this setting, synnefo
111 fd622d4b Christos Stavrakakis
## will be unable to decrypt all existing Backend passwords. You will need to
112 fd622d4b Christos Stavrakakis
## store again the new password by using 'snf-manage backend-modify'.
113 fd622d4b Christos Stavrakakis
## SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not
114 fd622d4b Christos Stavrakakis
## supported.
115 fd622d4b Christos Stavrakakis
#SECRET_ENCRYPTION_KEY= "Password Encryption Key"
116 fd622d4b Christos Stavrakakis
#
117 fd622d4b Christos Stavrakakis
## Astakos service token
118 fd622d4b Christos Stavrakakis
## The token used for astakos service api calls (e.g. api to retrieve user email
119 fd622d4b Christos Stavrakakis
## using a user uuid)
120 18c4414d Giorgos Korfiatis
#CYCLADES_SERVICE_TOKEN = ''
121 02f0cf8a Kostas Papadimitriou
122 e407f159 Ilias Tsitsimpis
## PROXY Astakos services under the following path
123 e407f159 Ilias Tsitsimpis
#CYCLADES_PROXY_PREFIX = '_astakos'
124 b0c95903 Giorgos Korfiatis
125 b0c95903 Giorgos Korfiatis
# Tune the size of the http connection pool to astakos.
126 b0c95903 Giorgos Korfiatis
#CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50
127 d328a525 Christos Stavrakakis
#
128 d328a525 Christos Stavrakakis
## Template to use to build the FQDN of VMs. The setting will be formated with
129 d328a525 Christos Stavrakakis
## the id of the VM. If set to 'None' the first public IPv4 or IPv6 address
130 d328a525 Christos Stavrakakis
## of the VM will be used.
131 d328a525 Christos Stavrakakis
#CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org'
132 2522e489 Christos Stavrakakis
#
133 2522e489 Christos Stavrakakis
## Description of applied port forwarding rules (DNAT) for Cyclades VMs. This
134 2522e489 Christos Stavrakakis
## setting contains a mapping from the port of each VM to a tuple contaning the
135 2522e489 Christos Stavrakakis
## destination IP/hostname and the new port: (host, port). Instead of a tuple a
136 2522e489 Christos Stavrakakis
## python callable object may be used which must return such a tuple. The caller
137 2522e489 Christos Stavrakakis
## will pass to the callable the following positional arguments, in the
138 2522e489 Christos Stavrakakis
## following order:
139 2522e489 Christos Stavrakakis
## * server_id: The ID of the VM in the DB
140 2522e489 Christos Stavrakakis
## * ip_address: The IPv4 address of the public VM NIC
141 2522e489 Christos Stavrakakis
## * fqdn: The FQDN of the VM
142 2522e489 Christos Stavrakakis
## * user: The UUID of the owner of the VM
143 2522e489 Christos Stavrakakis
##
144 2522e489 Christos Stavrakakis
## Here is an example describing the mapping of the SSH port of all VMs to
145 2522e489 Christos Stavrakakis
## the external address 'gate.example.synnefo.org' and port 60000+server_id.
146 2522e489 Christos Stavrakakis
## e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \
147 2522e489 Christos Stavrakakis
## --dport (61000 # $(VM_ID)) -j DNAT --to-destination $(VM_IP):22
148 2522e489 Christos Stavrakakis
##CYCLADES_PORT_FORWARDING = {
149 2522e489 Christos Stavrakakis
##    22: lambda ip_address, server_id, fqdn, user:
150 2522e489 Christos Stavrakakis
##               ("gate.example.synnefo.org", 61000 + server_id),
151 2522e489 Christos Stavrakakis
##}
152 2522e489 Christos Stavrakakis
#CYCLADES_PORT_FORWARDING = {}