Synnefo

# -*- coding: utf-8 -*-

#

# API configuration

#####################

DEBUG = False

# Top-level URL for deployment. Numerous other URLs depend on this.

CYCLADES_BASE_URL = "https://compute.example.synnefo.org/compute/"

# The API will return HTTP Bad Request if the ?changes-since

# parameter refers to a point in time more than POLL_LIMIT seconds ago.

POLL_LIMIT = 3600

# Astakos groups that have access to '/admin' views.

ADMIN_STATS_PERMITTED_GROUPS = ["admin-stats"]

#

# Network Configuration

#

# CYCLADES_DEFAULT_SERVER_NETWORKS setting contains a list of networks to

# connect a newly created server to, *if the user has not* specified them

# explicitly in the POST /server API call.

# Each member of the list may be a network UUID, a tuple of network UUIDs,

# "SNF:ANY_PUBLIC_IPV4" [any public network with an IPv4 subnet defined],

# "SNF:ANY_PUBLIC_IPV6 [any public network with only an IPV6 subnet defined],

#  or "SNF:ANY_PUBLIC" [any public network].

#

# Access control and quota policy are enforced, just as if the user had

# specified the value of CYCLADES_DEFAULT_SERVER_NETWORKS in the content

# of the POST /call, after processing of "SNF:*" directives."

CYCLADES_DEFAULT_SERVER_NETWORKS = []

# This setting contains a list of networks which every new server

# will be forced to connect to, regardless of the contents of the POST

# /servers call, or the value of CYCLADES_DEFAULT_SERVER_NETWORKS.

# Its format is identical to that of CYCLADES_DEFAULT_SERVER_NETWORKS.

# WARNING: No access control or quota policy are enforced.

# The server will get all IPv4/IPv6 addresses needed to connect to the

# networks specified in CYCLADES_FORCED_SERVER_NETWORKS, regardless

# of the state of the floating IP pool of the user, and without

# allocating any floating IPs."

CYCLADES_FORCED_SERVER_NETWORKS = []

# Maximum allowed network size for private networks.

MAX_CIDR_BLOCK = 22

# Default settings used by network flavors

DEFAULT_MAC_PREFIX = 'aa:00:0'

DEFAULT_BRIDGE = 'br0'

# Network flavors that users are allowed to create through API requests

API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED']

# Settings for IP_LESS_ROUTED network:

# -----------------------------------

# In this case VMCs act as routers that forward the traffic to/from VMs, based

# on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that

# exist in every node, implenting an IP-less routed and proxy-arp setup.

DEFAULT_ROUTING_TABLE = 'snf_public'

# Settings for MAC_FILTERED network:

# ------------------------------------------

# All networks of this type are bridged to the same bridge. Isolation between

# networks is achieved by assigning a unique MAC-prefix to each network and

# filtering packets via ebtables.

DEFAULT_MAC_FILTERED_BRIDGE = 'prv0'

# Firewalling. Firewall tags should contain '%d' to be filled with the NIC

# ID.

GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%s:protected'

GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%s:unprotected'

GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%s:limited'

# The default firewall profile that will be in effect if no tags are defined

DEFAULT_FIREWALL_PROFILE = 'DISABLED'

# Fixed mapping of user VMs to a specific backend.

# e.g. BACKEND_PER_USER = {'example@synnefo.org': 2}

BACKEND_PER_USER = {}

# Encryption key for the instance hostname in the stat graphs URLs. Set it to

# a random string and update the STATS_SECRET_KEY setting in the snf-stats-app

# host (20-snf-stats-app-settings.conf) accordingly.

CYCLADES_STATS_SECRET_KEY = "secret_key"

# URL templates for the stat graphs.

# The API implementation replaces '%s' with the encrypted backend id.

CPU_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-bar/%s'

CPU_TIMESERIES_GRAPH_URL = \

    'http://stats.example.synnefo.org/stats/v1.0/cpu-ts/%s'

NET_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/net-bar/%s'

NET_TIMESERIES_GRAPH_URL = \

    'http://stats.example.synnefo.org/stats/v1.0/net-ts/%s'

# Recommended refresh period for server stats

STATS_REFRESH_PERIOD = 60

# The maximum number of file path/content pairs that can be supplied on server

# build

MAX_PERSONALITY = 5

# The maximum size, in bytes, for each personality file

MAX_PERSONALITY_SIZE = 10240

# Authentication URL of the astakos instance to be used for user management

ASTAKOS_AUTH_URL = 'https://accounts.example.synnefo.org/identity/v2.0'

# Tune the size of the Astakos http client connection pool

# This limit the number of concurrent requests to Astakos.

CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50

# Key for password encryption-decryption. After changing this setting, synnefo

# will be unable to decrypt all existing Backend passwords. You will need to

# store again the new password by using 'snf-manage backend-modify'.

# SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not

# supported.

SECRET_ENCRYPTION_KEY = "Password Encryption Key"

# Astakos service token

# The token used for astakos service api calls (e.g. api to retrieve user email

# using a user uuid)

CYCLADES_SERVICE_TOKEN = ''

# Template to use to build the FQDN of VMs. The setting will be formated with

# the id of the VM.

CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org'

# Description of applied port forwarding rules (DNAT) for Cyclades VMs. This

# setting contains a mapping from the port of each VM to a tuple contaning the

# destination IP/hostname and the new port: (host, port). Instead of a tuple a

# python callable object may be used which must return such a tuple. The caller

# will pass to the callable the following positional arguments, in the

# following order:

# * server_id: The ID of the VM in the DB

# * ip_address: The IPv4 address of the public VM NIC

# * fqdn: The FQDN of the VM

# * user: The UUID of the owner of the VM

#

# Here is an example describing the mapping of the SSH port of all VMs to

# the external address 'gate.example.synnefo.org' and port 60000+server_id.

# e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \

# --dport (61000 + $(VM_ID)) -j DNAT --to-destination $(VM_IP):22

#CYCLADES_PORT_FORWARDING = {

#    22: lambda ip_address, server_id, fqdn, user:

#               ("gate.example.synnefo.org", 61000 + server_id),

#}

CYCLADES_PORT_FORWARDING = {}

# Extra configuration options required for snf-vncauthproxy (>=1.5)

CYCLADES_VNCAUTHPROXY_OPTS = {

    # These values are required for VNC console support. They should match a

    # user / password configured in the snf-vncauthproxy authentication / users

    # file (/var/lib/vncauthproxy/users).

    'auth_user': 'synnefo',

    'auth_password': 'secret_password',

    # server_address and server_port should reflect the --listen-address and

    # --listen-port options passed to the vncauthproxy daemon

    'server_address': '127.0.0.1',

    'server_port': 24999,

    # Set to True to enable SSL support on the control socket.

    'enable_ssl': False,

    # If you enabled SSL support for snf-vncauthproxy you can optionally

    # provide a path to a CA file and enable strict checkfing for the server

    # certficiate.

    'ca_cert': None,

    'strict': False,

}