root / snf-cyclades-app / synnefo / app_settings / default / api.py @ 7fccf095
History | View | Annotate | Download (7 kB)
1 |
# -*- coding: utf-8 -*-
|
---|---|
2 |
#
|
3 |
# API configuration
|
4 |
#####################
|
5 |
|
6 |
|
7 |
DEBUG = False
|
8 |
|
9 |
# Top-level URL for deployment. Numerous other URLs depend on this.
|
10 |
CYCLADES_BASE_URL = "https://compute.example.synnefo.org/compute/"
|
11 |
|
12 |
# The API will return HTTP Bad Request if the ?changes-since
|
13 |
# parameter refers to a point in time more than POLL_LIMIT seconds ago.
|
14 |
POLL_LIMIT = 3600
|
15 |
|
16 |
# Astakos groups that have access to '/admin' views.
|
17 |
ADMIN_STATS_PERMITTED_GROUPS = ["admin-stats"]
|
18 |
|
19 |
#
|
20 |
# Network Configuration
|
21 |
#
|
22 |
|
23 |
# CYCLADES_DEFAULT_SERVER_NETWORKS setting contains a list of networks to
|
24 |
# connect a newly created server to, *if the user has not* specified them
|
25 |
# explicitly in the POST /server API call.
|
26 |
# Each member of the list may be a network UUID, a tuple of network UUIDs,
|
27 |
# "SNF:ANY_PUBLIC_IPV4" [any public network with an IPv4 subnet defined],
|
28 |
# "SNF:ANY_PUBLIC_IPV6 [any public network with only an IPV6 subnet defined],
|
29 |
# or "SNF:ANY_PUBLIC" [any public network].
|
30 |
#
|
31 |
# Access control and quota policy are enforced, just as if the user had
|
32 |
# specified the value of CYCLADES_DEFAULT_SERVER_NETWORKS in the content
|
33 |
# of the POST /call, after processing of "SNF:*" directives."
|
34 |
CYCLADES_DEFAULT_SERVER_NETWORKS = [] |
35 |
|
36 |
# This setting contains a list of networks which every new server
|
37 |
# will be forced to connect to, regardless of the contents of the POST
|
38 |
# /servers call, or the value of CYCLADES_DEFAULT_SERVER_NETWORKS.
|
39 |
# Its format is identical to that of CYCLADES_DEFAULT_SERVER_NETWORKS.
|
40 |
|
41 |
# WARNING: No access control or quota policy are enforced.
|
42 |
# The server will get all IPv4/IPv6 addresses needed to connect to the
|
43 |
# networks specified in CYCLADES_FORCED_SERVER_NETWORKS, regardless
|
44 |
# of the state of the floating IP pool of the user, and without
|
45 |
# allocating any floating IPs."
|
46 |
CYCLADES_FORCED_SERVER_NETWORKS = [] |
47 |
|
48 |
# Maximum allowed network size for private networks.
|
49 |
MAX_CIDR_BLOCK = 22
|
50 |
|
51 |
# Default settings used by network flavors
|
52 |
DEFAULT_MAC_PREFIX = 'aa:00:0'
|
53 |
DEFAULT_BRIDGE = 'br0'
|
54 |
|
55 |
# Network flavors that users are allowed to create through API requests
|
56 |
API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED']
|
57 |
|
58 |
# Settings for IP_LESS_ROUTED network:
|
59 |
# -----------------------------------
|
60 |
# In this case VMCs act as routers that forward the traffic to/from VMs, based
|
61 |
# on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that
|
62 |
# exist in every node, implenting an IP-less routed and proxy-arp setup.
|
63 |
DEFAULT_ROUTING_TABLE = 'snf_public'
|
64 |
|
65 |
# Settings for MAC_FILTERED network:
|
66 |
# ------------------------------------------
|
67 |
# All networks of this type are bridged to the same bridge. Isolation between
|
68 |
# networks is achieved by assigning a unique MAC-prefix to each network and
|
69 |
# filtering packets via ebtables.
|
70 |
DEFAULT_MAC_FILTERED_BRIDGE = 'prv0'
|
71 |
|
72 |
|
73 |
# Firewalling. Firewall tags should contain '%d' to be filled with the NIC
|
74 |
# ID.
|
75 |
GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%s:protected'
|
76 |
GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%s:unprotected'
|
77 |
GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%s:limited'
|
78 |
|
79 |
# The default firewall profile that will be in effect if no tags are defined
|
80 |
DEFAULT_FIREWALL_PROFILE = 'DISABLED'
|
81 |
|
82 |
# Fixed mapping of user VMs to a specific backend.
|
83 |
# e.g. BACKEND_PER_USER = {'example@synnefo.org': 2}
|
84 |
BACKEND_PER_USER = {} |
85 |
|
86 |
|
87 |
# Encryption key for the instance hostname in the stat graphs URLs. Set it to
|
88 |
# a random string and update the STATS_SECRET_KEY setting in the snf-stats-app
|
89 |
# host (20-snf-stats-app-settings.conf) accordingly.
|
90 |
CYCLADES_STATS_SECRET_KEY = "secret_key"
|
91 |
|
92 |
# URL templates for the stat graphs.
|
93 |
# The API implementation replaces '%s' with the encrypted backend id.
|
94 |
CPU_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-bar/%s'
|
95 |
CPU_TIMESERIES_GRAPH_URL = \ |
96 |
'http://stats.example.synnefo.org/stats/v1.0/cpu-ts/%s'
|
97 |
NET_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/net-bar/%s'
|
98 |
NET_TIMESERIES_GRAPH_URL = \ |
99 |
'http://stats.example.synnefo.org/stats/v1.0/net-ts/%s'
|
100 |
|
101 |
# Recommended refresh period for server stats
|
102 |
STATS_REFRESH_PERIOD = 60
|
103 |
|
104 |
# The maximum number of file path/content pairs that can be supplied on server
|
105 |
# build
|
106 |
MAX_PERSONALITY = 5
|
107 |
|
108 |
# The maximum size, in bytes, for each personality file
|
109 |
MAX_PERSONALITY_SIZE = 10240
|
110 |
|
111 |
|
112 |
# Authentication URL of the astakos instance to be used for user management
|
113 |
ASTAKOS_AUTH_URL = 'https://accounts.example.synnefo.org/identity/v2.0'
|
114 |
|
115 |
# Tune the size of the Astakos http client connection pool
|
116 |
# This limit the number of concurrent requests to Astakos.
|
117 |
CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50
|
118 |
|
119 |
# Key for password encryption-decryption. After changing this setting, synnefo
|
120 |
# will be unable to decrypt all existing Backend passwords. You will need to
|
121 |
# store again the new password by using 'snf-manage backend-modify'.
|
122 |
# SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not
|
123 |
# supported.
|
124 |
SECRET_ENCRYPTION_KEY = "Password Encryption Key"
|
125 |
|
126 |
# Astakos service token
|
127 |
# The token used for astakos service api calls (e.g. api to retrieve user email
|
128 |
# using a user uuid)
|
129 |
CYCLADES_SERVICE_TOKEN = ''
|
130 |
|
131 |
# Template to use to build the FQDN of VMs. The setting will be formated with
|
132 |
# the id of the VM.
|
133 |
CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org'
|
134 |
|
135 |
# Description of applied port forwarding rules (DNAT) for Cyclades VMs. This
|
136 |
# setting contains a mapping from the port of each VM to a tuple contaning the
|
137 |
# destination IP/hostname and the new port: (host, port). Instead of a tuple a
|
138 |
# python callable object may be used which must return such a tuple. The caller
|
139 |
# will pass to the callable the following positional arguments, in the
|
140 |
# following order:
|
141 |
# * server_id: The ID of the VM in the DB
|
142 |
# * ip_address: The IPv4 address of the public VM NIC
|
143 |
# * fqdn: The FQDN of the VM
|
144 |
# * user: The UUID of the owner of the VM
|
145 |
#
|
146 |
# Here is an example describing the mapping of the SSH port of all VMs to
|
147 |
# the external address 'gate.example.synnefo.org' and port 60000+server_id.
|
148 |
# e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \
|
149 |
# --dport (61000 + $(VM_ID)) -j DNAT --to-destination $(VM_IP):22
|
150 |
#CYCLADES_PORT_FORWARDING = {
|
151 |
# 22: lambda ip_address, server_id, fqdn, user:
|
152 |
# ("gate.example.synnefo.org", 61000 + server_id),
|
153 |
#}
|
154 |
CYCLADES_PORT_FORWARDING = {} |
155 |
|
156 |
# Extra configuration options required for snf-vncauthproxy (>=1.5)
|
157 |
CYCLADES_VNCAUTHPROXY_OPTS = { |
158 |
# These values are required for VNC console support. They should match a
|
159 |
# user / password configured in the snf-vncauthproxy authentication / users
|
160 |
# file (/var/lib/vncauthproxy/users).
|
161 |
'auth_user': 'synnefo', |
162 |
'auth_password': 'secret_password', |
163 |
# server_address and server_port should reflect the --listen-address and
|
164 |
# --listen-port options passed to the vncauthproxy daemon
|
165 |
'server_address': '127.0.0.1', |
166 |
'server_port': 24999, |
167 |
# Set to True to enable SSL support on the control socket.
|
168 |
'enable_ssl': False, |
169 |
# If you enabled SSL support for snf-vncauthproxy you can optionally
|
170 |
# provide a path to a CA file and enable strict checkfing for the server
|
171 |
# certficiate.
|
172 |
'ca_cert': None, |
173 |
'strict': False, |
174 |
} |