## -*- coding: utf-8 -*- ## ## API configuration ###################### # # #DEBUG = False # ## Top-level URL for deployment. Numerous other URLs depend on this. #CYCLADES_BASE_URL = "https://host:port/cyclades" # ## The API will return HTTP Bad Request if the ?changes-since ## parameter refers to a point in time more than POLL_LIMIT seconds ago. #POLL_LIMIT = 3600 # ## ## Network Configuration ## # ## List of network IDs. All created instances will get a NIC connected to each ## network of this list. If the special network ID "SNF:ANY_PUBLIC" is used, ## Cyclades will automatically choose a public network and connect the server to ## it. #DEFAULT_INSTANCE_NETWORKS=["SNF:ANY_PUBLIC"] # # ## Maximum allowed network size for private networks. #MAX_CIDR_BLOCK = 22 # ## Default settings used by network flavors #DEFAULT_MAC_PREFIX = 'aa:00:0' #DEFAULT_BRIDGE = 'br0' # ## Network flavors that users are allowed to create through API requests #API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED'] # ## Settings for IP_LESS_ROUTED network: ## ----------------------------------- ## In this case VMCs act as routers that forward the traffic to/from VMs, based ## on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that ## exist in every node, implenting an IP-less routed and proxy-arp setup. #DEFAULT_ROUTING_TABLE = 'snf_public' # ## Settings for MAC_FILTERED network: ## ------------------------------------------ ## All networks of this type are bridged to the same bridge. Isolation between ## networks is achieved by assigning a unique MAC-prefix to each network and ## filtering packets via ebtables. #DEFAULT_MAC_FILTERED_BRIDGE = 'prv0' # # ## Firewall tags should contain '%s' to be filled with the NIC ## ID. #GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%s:protected' #GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%s:unprotected' #GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%s:limited' # ## The default firewall profile that will be in effect if no tags are defined #DEFAULT_FIREWALL_PROFILE = 'DISABLED' # ## Fixed mapping of user VMs to a specific backend. ## e.g. BACKEND_PER_USER = {'example@synnefo.org': 2} #BACKEND_PER_USER = {} # # ## URL templates for the stat graphs. ## The API implementation replaces '%s' with the encrypted backend id. ## FIXME: For now we do not encrypt the backend id. #CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png' #CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png' #NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png' #NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png' # ## Recommended refresh period for server stats #STATS_REFRESH_PERIOD = 60 # ## The maximum number of file path/content pairs that can be supplied on server ## build #MAX_PERSONALITY = 5 # ## The maximum size, in bytes, for each personality file #MAX_PERSONALITY_SIZE = 10240 # # ## Top-level URL of the astakos instance to be used for user management #ASTAKOS_BASE_URL = 'https://accounts.example.synnefo.org/' # ## Key for password encryption-decryption. After changing this setting, synnefo ## will be unable to decrypt all existing Backend passwords. You will need to ## store again the new password by using 'snf-manage backend-modify'. ## SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not ## supported. #SECRET_ENCRYPTION_KEY= "Password Encryption Key" # ## Astakos service token ## The token used for astakos service api calls (e.g. api to retrieve user email ## using a user uuid) #CYCLADES_SERVICE_TOKEN = '' # Let cyclades proxy user specific api calls to astakos, via self served # endpoints. Set this to False if you deploy cyclades-app/astakos-app on the # same machine. #CYCLADES_PROXY_USER_SERVICES = True # Tune the size of the http connection pool to astakos. #CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50 # ## Template to use to build the FQDN of VMs. The setting will be formated with ## the id of the VM. If set to 'None' the first public IPv4 or IPv6 address ## of the VM will be used. #CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org' # ## Description of applied port forwarding rules (DNAT) for Cyclades VMs. This ## setting contains a mapping from the port of each VM to a tuple contaning the ## destination IP/hostname and the new port: (host, port). Instead of a tuple a ## python callable object may be used which must return such a tuple. The caller ## will pass to the callable the following positional arguments, in the ## following order: ## * server_id: The ID of the VM in the DB ## * ip_address: The IPv4 address of the public VM NIC ## * fqdn: The FQDN of the VM ## * user: The UUID of the owner of the VM ## ## Here is an example describing the mapping of the SSH port of all VMs to ## the external address 'gate.example.synnefo.org' and port 60000+server_id. ## e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \ ## --dport (61000 # $(VM_ID)) -j DNAT --to-destination $(VM_IP):22 ##CYCLADES_PORT_FORWARDING = { ## 22: lambda ip_address, server_id, fqdn, user: ## ("gate.example.synnefo.org", 61000 + server_id), ##} #CYCLADES_PORT_FORWARDING = {}