root / snf-cyclades-app / conf / 20-snf-cyclades-app-api.conf @ cb7b1c23
History | View | Annotate | Download (5 kB)
1 | fd622d4b | Christos Stavrakakis | ## -*- coding: utf-8 -*- |
---|---|---|---|
2 | fd622d4b | Christos Stavrakakis | ## |
3 | fd622d4b | Christos Stavrakakis | ## API configuration |
4 | fd622d4b | Christos Stavrakakis | ###################### |
5 | fd622d4b | Christos Stavrakakis | # |
6 | fd622d4b | Christos Stavrakakis | # |
7 | fd622d4b | Christos Stavrakakis | #DEBUG = False |
8 | fd622d4b | Christos Stavrakakis | # |
9 | fd622d4b | Christos Stavrakakis | ## Top-level URL for deployment. Numerous other URLs depend on this. |
10 | e3ff6830 | Georgios D. Tsoukalas | #CYCLADES_BASE_URL = "https://host:port/cyclades" |
11 | fd622d4b | Christos Stavrakakis | # |
12 | fd622d4b | Christos Stavrakakis | ## The API will return HTTP Bad Request if the ?changes-since |
13 | fd622d4b | Christos Stavrakakis | ## parameter refers to a point in time more than POLL_LIMIT seconds ago. |
14 | fd622d4b | Christos Stavrakakis | #POLL_LIMIT = 3600 |
15 | fd622d4b | Christos Stavrakakis | # |
16 | fd622d4b | Christos Stavrakakis | ## |
17 | fd622d4b | Christos Stavrakakis | ## Network Configuration |
18 | fd622d4b | Christos Stavrakakis | ## |
19 | fd622d4b | Christos Stavrakakis | # |
20 | 9446e7e5 | Christos Stavrakakis | ## List of network IDs. All created instances will get a NIC connected to each |
21 | 9446e7e5 | Christos Stavrakakis | ## network of this list. If the special network ID "SNF:ANY_PUBLIC" is used, |
22 | 9446e7e5 | Christos Stavrakakis | ## Cyclades will automatically choose a public network and connect the server to |
23 | 9446e7e5 | Christos Stavrakakis | ## it. |
24 | 9446e7e5 | Christos Stavrakakis | #DEFAULT_INSTANCE_NETWORKS=["SNF:ANY_PUBLIC"] |
25 | 9446e7e5 | Christos Stavrakakis | # |
26 | 9446e7e5 | Christos Stavrakakis | # |
27 | fd622d4b | Christos Stavrakakis | ## Maximum allowed network size for private networks. |
28 | fd622d4b | Christos Stavrakakis | #MAX_CIDR_BLOCK = 22 |
29 | fd622d4b | Christos Stavrakakis | # |
30 | fd622d4b | Christos Stavrakakis | ## Default settings used by network flavors |
31 | fd622d4b | Christos Stavrakakis | #DEFAULT_MAC_PREFIX = 'aa:00:0' |
32 | fd622d4b | Christos Stavrakakis | #DEFAULT_BRIDGE = 'br0' |
33 | fd622d4b | Christos Stavrakakis | # |
34 | fd622d4b | Christos Stavrakakis | ## Network flavors that users are allowed to create through API requests |
35 | fd622d4b | Christos Stavrakakis | #API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED'] |
36 | fd622d4b | Christos Stavrakakis | # |
37 | fd622d4b | Christos Stavrakakis | ## Settings for IP_LESS_ROUTED network: |
38 | fd622d4b | Christos Stavrakakis | ## ----------------------------------- |
39 | fd622d4b | Christos Stavrakakis | ## In this case VMCs act as routers that forward the traffic to/from VMs, based |
40 | fd622d4b | Christos Stavrakakis | ## on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that |
41 | fd622d4b | Christos Stavrakakis | ## exist in every node, implenting an IP-less routed and proxy-arp setup. |
42 | fd622d4b | Christos Stavrakakis | #DEFAULT_ROUTING_TABLE = 'snf_public' |
43 | fd622d4b | Christos Stavrakakis | # |
44 | fd622d4b | Christos Stavrakakis | ## Settings for MAC_FILTERED network: |
45 | fd622d4b | Christos Stavrakakis | ## ------------------------------------------ |
46 | fd622d4b | Christos Stavrakakis | ## All networks of this type are bridged to the same bridge. Isolation between |
47 | fd622d4b | Christos Stavrakakis | ## networks is achieved by assigning a unique MAC-prefix to each network and |
48 | fd622d4b | Christos Stavrakakis | ## filtering packets via ebtables. |
49 | fd622d4b | Christos Stavrakakis | #DEFAULT_MAC_FILTERED_BRIDGE = 'prv0' |
50 | fd622d4b | Christos Stavrakakis | # |
51 | fd622d4b | Christos Stavrakakis | # |
52 | b2791a77 | Christos Stavrakakis | ## Firewall tags should contain '%d' to be filled with the NIC |
53 | b2791a77 | Christos Stavrakakis | ## index. |
54 | fd622d4b | Christos Stavrakakis | #GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:0:protected' |
55 | fd622d4b | Christos Stavrakakis | #GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:0:unprotected' |
56 | fd622d4b | Christos Stavrakakis | #GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:0:limited' |
57 | fd622d4b | Christos Stavrakakis | # |
58 | fd622d4b | Christos Stavrakakis | ## The default firewall profile that will be in effect if no tags are defined |
59 | fd622d4b | Christos Stavrakakis | #DEFAULT_FIREWALL_PROFILE = 'DISABLED' |
60 | fd622d4b | Christos Stavrakakis | # |
61 | fd622d4b | Christos Stavrakakis | ## Fixed mapping of user VMs to a specific backend. |
62 | 8c26221c | Olga Brani | ## e.g. BACKEND_PER_USER = {'example@synnefo.org': 2} |
63 | fd622d4b | Christos Stavrakakis | #BACKEND_PER_USER = {} |
64 | fd622d4b | Christos Stavrakakis | # |
65 | fd622d4b | Christos Stavrakakis | # |
66 | fd622d4b | Christos Stavrakakis | ## URL templates for the stat graphs. |
67 | fd622d4b | Christos Stavrakakis | ## The API implementation replaces '%s' with the encrypted backend id. |
68 | fd622d4b | Christos Stavrakakis | ## FIXME: For now we do not encrypt the backend id. |
69 | 8c26221c | Olga Brani | #CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png' |
70 | 8c26221c | Olga Brani | #CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png' |
71 | 8c26221c | Olga Brani | #NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png' |
72 | 8c26221c | Olga Brani | #NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png' |
73 | fd622d4b | Christos Stavrakakis | # |
74 | fd622d4b | Christos Stavrakakis | ## Recommended refresh period for server stats |
75 | fd622d4b | Christos Stavrakakis | #STATS_REFRESH_PERIOD = 60 |
76 | fd622d4b | Christos Stavrakakis | # |
77 | fd622d4b | Christos Stavrakakis | ## The maximum number of file path/content pairs that can be supplied on server |
78 | fd622d4b | Christos Stavrakakis | ## build |
79 | fd622d4b | Christos Stavrakakis | #MAX_PERSONALITY = 5 |
80 | fd622d4b | Christos Stavrakakis | # |
81 | fd622d4b | Christos Stavrakakis | ## The maximum size, in bytes, for each personality file |
82 | fd622d4b | Christos Stavrakakis | #MAX_PERSONALITY_SIZE = 10240 |
83 | fd622d4b | Christos Stavrakakis | # |
84 | fd622d4b | Christos Stavrakakis | # |
85 | e3ff6830 | Georgios D. Tsoukalas | ## Top-level URL of the astakos instance to be used for user management |
86 | e3ff6830 | Georgios D. Tsoukalas | #ASTAKOS_BASE_URL = 'https://accounts.example.synnefo.org/' |
87 | fd622d4b | Christos Stavrakakis | # |
88 | fd622d4b | Christos Stavrakakis | ## Key for password encryption-decryption. After changing this setting, synnefo |
89 | fd622d4b | Christos Stavrakakis | ## will be unable to decrypt all existing Backend passwords. You will need to |
90 | fd622d4b | Christos Stavrakakis | ## store again the new password by using 'snf-manage backend-modify'. |
91 | fd622d4b | Christos Stavrakakis | ## SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not |
92 | fd622d4b | Christos Stavrakakis | ## supported. |
93 | fd622d4b | Christos Stavrakakis | #SECRET_ENCRYPTION_KEY= "Password Encryption Key" |
94 | fd622d4b | Christos Stavrakakis | # |
95 | fd622d4b | Christos Stavrakakis | ## Astakos service token |
96 | fd622d4b | Christos Stavrakakis | ## The token used for astakos service api calls (e.g. api to retrieve user email |
97 | fd622d4b | Christos Stavrakakis | ## using a user uuid) |
98 | 18c4414d | Giorgos Korfiatis | #CYCLADES_SERVICE_TOKEN = '' |
99 | 02f0cf8a | Kostas Papadimitriou | |
100 | 02f0cf8a | Kostas Papadimitriou | # Let cyclades proxy user specific api calls to astakos, via self served |
101 | 02f0cf8a | Kostas Papadimitriou | # endpoints. Set this to False if you deploy cyclades-app/astakos-app on the |
102 | 02f0cf8a | Kostas Papadimitriou | # same machine. |
103 | 02f0cf8a | Kostas Papadimitriou | #CYCLADES_PROXY_USER_SERVICES = True |
104 | b0c95903 | Giorgos Korfiatis | |
105 | b0c95903 | Giorgos Korfiatis | # Tune the size of the http connection pool to astakos. |
106 | b0c95903 | Giorgos Korfiatis | #CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50 |
107 | d328a525 | Christos Stavrakakis | # |
108 | d328a525 | Christos Stavrakakis | ## Template to use to build the FQDN of VMs. The setting will be formated with |
109 | d328a525 | Christos Stavrakakis | ## the id of the VM. If set to 'None' the first public IPv4 or IPv6 address |
110 | d328a525 | Christos Stavrakakis | ## of the VM will be used. |
111 | d328a525 | Christos Stavrakakis | #CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org' |
112 | 2522e489 | Christos Stavrakakis | # |
113 | 2522e489 | Christos Stavrakakis | ## Description of applied port forwarding rules (DNAT) for Cyclades VMs. This |
114 | 2522e489 | Christos Stavrakakis | ## setting contains a mapping from the port of each VM to a tuple contaning the |
115 | 2522e489 | Christos Stavrakakis | ## destination IP/hostname and the new port: (host, port). Instead of a tuple a |
116 | 2522e489 | Christos Stavrakakis | ## python callable object may be used which must return such a tuple. The caller |
117 | 2522e489 | Christos Stavrakakis | ## will pass to the callable the following positional arguments, in the |
118 | 2522e489 | Christos Stavrakakis | ## following order: |
119 | 2522e489 | Christos Stavrakakis | ## * server_id: The ID of the VM in the DB |
120 | 2522e489 | Christos Stavrakakis | ## * ip_address: The IPv4 address of the public VM NIC |
121 | 2522e489 | Christos Stavrakakis | ## * fqdn: The FQDN of the VM |
122 | 2522e489 | Christos Stavrakakis | ## * user: The UUID of the owner of the VM |
123 | 2522e489 | Christos Stavrakakis | ## |
124 | 2522e489 | Christos Stavrakakis | ## Here is an example describing the mapping of the SSH port of all VMs to |
125 | 2522e489 | Christos Stavrakakis | ## the external address 'gate.example.synnefo.org' and port 60000+server_id. |
126 | 2522e489 | Christos Stavrakakis | ## e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \ |
127 | 2522e489 | Christos Stavrakakis | ## --dport (61000 # $(VM_ID)) -j DNAT --to-destination $(VM_IP):22 |
128 | 2522e489 | Christos Stavrakakis | ##CYCLADES_PORT_FORWARDING = { |
129 | 2522e489 | Christos Stavrakakis | ## 22: lambda ip_address, server_id, fqdn, user: |
130 | 2522e489 | Christos Stavrakakis | ## ("gate.example.synnefo.org", 61000 + server_id), |
131 | 2522e489 | Christos Stavrakakis | ##} |
132 | 2522e489 | Christos Stavrakakis | #CYCLADES_PORT_FORWARDING = {} |