root / snf-cyclades-app / conf / 20-snf-cyclades-app-api.conf @ 9cec0c17
History | View | Annotate | Download (6 kB)
1 |
## -*- coding: utf-8 -*- |
---|---|
2 |
## |
3 |
## API configuration |
4 |
###################### |
5 |
# |
6 |
# |
7 |
#DEBUG = False |
8 |
# |
9 |
## Top-level URL for deployment. Numerous other URLs depend on this. |
10 |
#CYCLADES_BASE_URL = "https://host:port/cyclades" |
11 |
# |
12 |
## The API will return HTTP Bad Request if the ?changes-since |
13 |
## parameter refers to a point in time more than POLL_LIMIT seconds ago. |
14 |
#POLL_LIMIT = 3600 |
15 |
# |
16 |
## Astakos groups that have access to '/admin' views. |
17 |
#ADMIN_STATS_PERMITTED_GROUPS = ["admin-stats"] |
18 |
# |
19 |
## |
20 |
## Network Configuration |
21 |
## |
22 |
# |
23 |
## CYCLADES_DEFAULT_SERVER_NETWORKS setting contains a list of networks to |
24 |
## connect a newly created server to, *if the user has not* specified them |
25 |
## explicitly in the POST /server API call. |
26 |
## Each member of the list may be a network UUID, a tuple of network UUIDs, |
27 |
## "SNF:ANY_PUBLIC_IPV4" [any public network with an IPv4 subnet defined], |
28 |
## "SNF:ANY_PUBLIC_IPV6 [any public network with only an IPV6 subnet defined], |
29 |
## or "SNF:ANY_PUBLIC" [any public network]. |
30 |
## |
31 |
## Access control and quota policy are enforced, just as if the user had |
32 |
## specified the value of CYCLADES_DEFAULT_SERVER_NETWORKS in the content |
33 |
## of the POST /call, after processing of "SNF:*" directives." |
34 |
#CYCLADES_DEFAULT_SERVER_NETWORKS = ["SNF:ANY_PUBLIC"] |
35 |
# |
36 |
## This setting contains a list of networks which every new server |
37 |
## will be forced to connect to, regardless of the contents of the POST |
38 |
## /servers call, or the value of CYCLADES_DEFAULT_SERVER_NETWORKS. |
39 |
## Its format is identical to that of CYCLADES_DEFAULT_SERVER_NETWORKS. |
40 |
# |
41 |
## WARNING: No access control or quota policy are enforced. |
42 |
## The server will get all IPv4/IPv6 addresses needed to connect to the |
43 |
## networks specified in CYCLADES_FORCED_SERVER_NETWORKS, regardless |
44 |
## of the state of the floating IP pool of the user, and without |
45 |
## allocating any floating IPs." |
46 |
#CYCLADES_FORCED_SERVER_NETWORKS = ["SNF:ANY_PUBLIC_IPV6"] |
47 |
# |
48 |
# |
49 |
## Maximum allowed network size for private networks. |
50 |
#MAX_CIDR_BLOCK = 22 |
51 |
# |
52 |
## Default settings used by network flavors |
53 |
#DEFAULT_MAC_PREFIX = 'aa:00:0' |
54 |
#DEFAULT_BRIDGE = 'br0' |
55 |
# |
56 |
## Network flavors that users are allowed to create through API requests |
57 |
#API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED'] |
58 |
# |
59 |
## Settings for IP_LESS_ROUTED network: |
60 |
## ----------------------------------- |
61 |
## In this case VMCs act as routers that forward the traffic to/from VMs, based |
62 |
## on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that |
63 |
## exist in every node, implenting an IP-less routed and proxy-arp setup. |
64 |
#DEFAULT_ROUTING_TABLE = 'snf_public' |
65 |
# |
66 |
## Settings for MAC_FILTERED network: |
67 |
## ------------------------------------------ |
68 |
## All networks of this type are bridged to the same bridge. Isolation between |
69 |
## networks is achieved by assigning a unique MAC-prefix to each network and |
70 |
## filtering packets via ebtables. |
71 |
#DEFAULT_MAC_FILTERED_BRIDGE = 'prv0' |
72 |
# |
73 |
# |
74 |
## Firewall tags should contain '%s' to be filled with the NIC |
75 |
## ID. |
76 |
#GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%s:protected' |
77 |
#GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%s:unprotected' |
78 |
#GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%s:limited' |
79 |
# |
80 |
## The default firewall profile that will be in effect if no tags are defined |
81 |
#DEFAULT_FIREWALL_PROFILE = 'DISABLED' |
82 |
# |
83 |
## Fixed mapping of user VMs to a specific backend. |
84 |
## e.g. BACKEND_PER_USER = {'example@synnefo.org': 2} |
85 |
#BACKEND_PER_USER = {} |
86 |
# |
87 |
# |
88 |
## URL templates for the stat graphs. |
89 |
## The API implementation replaces '%s' with the encrypted backend id. |
90 |
## FIXME: For now we do not encrypt the backend id. |
91 |
#CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png' |
92 |
#CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png' |
93 |
#NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png' |
94 |
#NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png' |
95 |
# |
96 |
## Recommended refresh period for server stats |
97 |
#STATS_REFRESH_PERIOD = 60 |
98 |
# |
99 |
## The maximum number of file path/content pairs that can be supplied on server |
100 |
## build |
101 |
#MAX_PERSONALITY = 5 |
102 |
# |
103 |
## The maximum size, in bytes, for each personality file |
104 |
#MAX_PERSONALITY_SIZE = 10240 |
105 |
# |
106 |
# |
107 |
## Authentication URL of the astakos instance to be used for user management |
108 |
#ASTAKOS_AUTH_URL = 'https://accounts.example.synnefo.org/identity/v2.0' |
109 |
# |
110 |
## Key for password encryption-decryption. After changing this setting, synnefo |
111 |
## will be unable to decrypt all existing Backend passwords. You will need to |
112 |
## store again the new password by using 'snf-manage backend-modify'. |
113 |
## SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not |
114 |
## supported. |
115 |
#SECRET_ENCRYPTION_KEY= "Password Encryption Key" |
116 |
# |
117 |
## Astakos service token |
118 |
## The token used for astakos service api calls (e.g. api to retrieve user email |
119 |
## using a user uuid) |
120 |
#CYCLADES_SERVICE_TOKEN = '' |
121 |
|
122 |
## PROXY Astakos services under the following path |
123 |
#CYCLADES_PROXY_PREFIX = '_astakos' |
124 |
|
125 |
# Tune the size of the http connection pool to astakos. |
126 |
#CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50 |
127 |
# |
128 |
## Template to use to build the FQDN of VMs. The setting will be formated with |
129 |
## the id of the VM. |
130 |
#CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org' |
131 |
# |
132 |
## Description of applied port forwarding rules (DNAT) for Cyclades VMs. This |
133 |
## setting contains a mapping from the port of each VM to a tuple contaning the |
134 |
## destination IP/hostname and the new port: (host, port). Instead of a tuple a |
135 |
## python callable object may be used which must return such a tuple. The caller |
136 |
## will pass to the callable the following positional arguments, in the |
137 |
## following order: |
138 |
## * server_id: The ID of the VM in the DB |
139 |
## * ip_address: The IPv4 address of the public VM NIC |
140 |
## * fqdn: The FQDN of the VM |
141 |
## * user: The UUID of the owner of the VM |
142 |
## |
143 |
## Here is an example describing the mapping of the SSH port of all VMs to |
144 |
## the external address 'gate.example.synnefo.org' and port 60000+server_id. |
145 |
## e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \ |
146 |
## --dport (61000 # $(VM_ID)) -j DNAT --to-destination $(VM_IP):22 |
147 |
##CYCLADES_PORT_FORWARDING = { |
148 |
## 22: lambda ip_address, server_id, fqdn, user: |
149 |
## ("gate.example.synnefo.org", 61000 + server_id), |
150 |
##} |
151 |
#CYCLADES_PORT_FORWARDING = {} |