## -*- coding: utf-8 -*- ## ## API configuration ###################### # # #DEBUG = False # ## Top-level URL for deployment. Numerous other URLs depend on this. #CYCLADES_BASE_URL = "https://host:port/cyclades" # ## The API will return HTTP Bad Request if the ?changes-since ## parameter refers to a point in time more than POLL_LIMIT seconds ago. #POLL_LIMIT = 3600 # ## Astakos groups that have access to '/admin' views. #ADMIN_STATS_PERMITTED_GROUPS = ["admin-stats"] # ## ## Network Configuration ## # ## CYCLADES_DEFAULT_SERVER_NETWORKS setting contains a list of networks to ## connect a newly created server to, *if the user has not* specified them ## explicitly in the POST /server API call. ## Each member of the list may be a network UUID, a tuple of network UUIDs, ## "SNF:ANY_PUBLIC_IPV4" [any public network with an IPv4 subnet defined], ## "SNF:ANY_PUBLIC_IPV6 [any public network with only an IPV6 subnet defined], ## or "SNF:ANY_PUBLIC" [any public network]. ## ## Access control and quota policy are enforced, just as if the user had ## specified the value of CYCLADES_DEFAULT_SERVER_NETWORKS in the content ## of the POST /call, after processing of "SNF:*" directives." #CYCLADES_DEFAULT_SERVER_NETWORKS = ["SNF:ANY_PUBLIC"] # ## This setting contains a list of networks which every new server ## will be forced to connect to, regardless of the contents of the POST ## /servers call, or the value of CYCLADES_DEFAULT_SERVER_NETWORKS. ## Its format is identical to that of CYCLADES_DEFAULT_SERVER_NETWORKS. # ## WARNING: No access control or quota policy are enforced. ## The server will get all IPv4/IPv6 addresses needed to connect to the ## networks specified in CYCLADES_FORCED_SERVER_NETWORKS, regardless ## of the state of the floating IP pool of the user, and without ## allocating any floating IPs." #CYCLADES_FORCED_SERVER_NETWORKS = ["SNF:ANY_PUBLIC_IPV6"] # # ## Maximum allowed network size for private networks. #MAX_CIDR_BLOCK = 22 # ## Default settings used by network flavors #DEFAULT_MAC_PREFIX = 'aa:00:0' #DEFAULT_BRIDGE = 'br0' # ## Network flavors that users are allowed to create through API requests #API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED'] # ## Settings for IP_LESS_ROUTED network: ## ----------------------------------- ## In this case VMCs act as routers that forward the traffic to/from VMs, based ## on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that ## exist in every node, implenting an IP-less routed and proxy-arp setup. #DEFAULT_ROUTING_TABLE = 'snf_public' # ## Settings for MAC_FILTERED network: ## ------------------------------------------ ## All networks of this type are bridged to the same bridge. Isolation between ## networks is achieved by assigning a unique MAC-prefix to each network and ## filtering packets via ebtables. #DEFAULT_MAC_FILTERED_BRIDGE = 'prv0' # # ## Firewall tags should contain '%s' to be filled with the NIC ## ID. #GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%s:protected' #GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%s:unprotected' #GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%s:limited' # ## The default firewall profile that will be in effect if no tags are defined #DEFAULT_FIREWALL_PROFILE = 'DISABLED' # ## Fixed mapping of user VMs to a specific backend. ## e.g. BACKEND_PER_USER = {'example@synnefo.org': 2} #BACKEND_PER_USER = {} # # ## URL templates for the stat graphs. ## The API implementation replaces '%s' with the encrypted backend id. ## FIXME: For now we do not encrypt the backend id. #CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png' #CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png' #NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png' #NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png' # ## Recommended refresh period for server stats #STATS_REFRESH_PERIOD = 60 # ## The maximum number of file path/content pairs that can be supplied on server ## build #MAX_PERSONALITY = 5 # ## The maximum size, in bytes, for each personality file #MAX_PERSONALITY_SIZE = 10240 # # ## Authentication URL of the astakos instance to be used for user management #ASTAKOS_AUTH_URL = 'https://accounts.example.synnefo.org/identity/v2.0' # ## Key for password encryption-decryption. After changing this setting, synnefo ## will be unable to decrypt all existing Backend passwords. You will need to ## store again the new password by using 'snf-manage backend-modify'. ## SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not ## supported. #SECRET_ENCRYPTION_KEY= "Password Encryption Key" # ## Astakos service token ## The token used for astakos service api calls (e.g. api to retrieve user email ## using a user uuid) #CYCLADES_SERVICE_TOKEN = '' ## PROXY Astakos services under the following path #CYCLADES_PROXY_PREFIX = '_astakos' # Tune the size of the http connection pool to astakos. #CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50 # ## Template to use to build the FQDN of VMs. The setting will be formated with ## the id of the VM. If set to 'None' the first public IPv4 or IPv6 address ## of the VM will be used. #CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org' # ## Description of applied port forwarding rules (DNAT) for Cyclades VMs. This ## setting contains a mapping from the port of each VM to a tuple contaning the ## destination IP/hostname and the new port: (host, port). Instead of a tuple a ## python callable object may be used which must return such a tuple. The caller ## will pass to the callable the following positional arguments, in the ## following order: ## * server_id: The ID of the VM in the DB ## * ip_address: The IPv4 address of the public VM NIC ## * fqdn: The FQDN of the VM ## * user: The UUID of the owner of the VM ## ## Here is an example describing the mapping of the SSH port of all VMs to ## the external address 'gate.example.synnefo.org' and port 60000+server_id. ## e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \ ## --dport (61000 # $(VM_ID)) -j DNAT --to-destination $(VM_IP):22 ##CYCLADES_PORT_FORWARDING = { ## 22: lambda ip_address, server_id, fqdn, user: ## ("gate.example.synnefo.org", 61000 + server_id), ##} #CYCLADES_PORT_FORWARDING = {}