|
|
楼主 |
发表于 2022-7-16 07:53:11
|
显示全部楼层
# -*- coding: utf-8 -*-4 c6 Z: L) B/ |) D! }% \
import os
: F/ |- p+ e' l( n6 a1 R1 vfrom django.utils.translation import ugettext_lazy as _2 Q4 K; K9 l7 I; O
from openstack_dashboard import exceptions& w: L: n( [5 r
from openstack_dashboard.settings import HORIZON_CONFIG
( i" F! ] U" m4 _2 `DEBUG = False
/ e2 W# }! v0 wTEMPLATE_DEBUG = DEBUG
) x- w' \1 f. E/ i( s( ECOMPRESS_OFFLINE = True4 ^# Z8 H' R3 k$ M( U
# WEBROOT is the location relative to Webserver root7 A& F. J# p3 ?; P/ X( W% `# e) S. a
# should end with a slash.
0 Y& l) `$ X8 P2 R* cWEBROOT = '/'
1 W8 X' o& \& ]#LOGIN_URL = WEBROOT + 'auth/login/': w7 V3 A7 C' J/ {" D" ~8 ?' T3 R, e
#LOGOUT_URL = WEBROOT + 'auth/logout/'
3 s% F% d% F( v! L; @#
- a5 U+ c( }8 U/ {% m# d4 h# LOGIN_REDIRECT_URL can be used as an alternative for- Z9 i% R$ p! A5 R$ Y: G! i7 N$ e
# HORIZON_CONFIG.user_home, if user_home is not set." T9 K6 B& N. x5 @5 k! Z1 i9 C
# Do not set it to '/home/', as this will cause circular redirect loop
2 M0 S* H. X$ s0 A#LOGIN_REDIRECT_URL = WEBROOT
+ V- v7 p4 C- U7 f) J# If horizon is running in production (DEBUG is False), set this2 k& H: z8 }8 w L
# with the list of host/domain names that the application can serve./ l0 P" u) T$ m1 X; J t
# For more information see:" y: y/ A$ O e. C
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts3 A; p5 V1 B4 {; q: k
ALLOWED_HOSTS = ['*']/ W" m/ M8 @6 c; b/ C
; X7 d+ D9 S0 P9 H# Set SSL proxy settings: w6 V- c( A! ^! Y
# Pass this header from the proxy after terminating the SSL,1 d- d4 s( a6 ^1 G
# and don't forget to strip it from the client's request.4 _9 `0 U. x* P
# For more information see:+ P, @3 ^ w8 a, n
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header0 `! J. S- J; U; ~6 v9 g9 m
#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
( R; j, d4 f( j6 U, T7 }# If Horizon is being served through SSL, then uncomment the following two
; I1 X: [9 z- E2 @% o# ~' A# settings to better secure the cookies from security exploits
) R6 Q( @# k1 y6 w$ M5 n. } w#CSRF_COOKIE_SECURE = True. o; q, ?8 U2 |7 s' @
#SESSION_COOKIE_SECURE = True* ]3 Q% V- J/ R
" x4 A% E. ]/ p' l9 U; S3 `( ~
# The absolute path to the directory where message files are collected., M `1 f: H& ?/ u; a
# The message file must have a .json file extension. When the user logins to
) C" w) v- t2 @. D# horizon, the message files collected are processed and displayed to the user.: Q. I2 w' W& q6 r3 g) f$ r" }- w2 ]( N
#MESSAGES_PATH=None
9 o+ I* B r5 T# Overrides for OpenStack API versions. Use this setting to force the
6 f x# F: F: {# OpenStack dashboard to use a specific API version for a given service API.: d0 e5 e [9 D8 @# b6 }8 \
# Versions specified here should be integers or floats, not strings.
* F0 n* Q; D1 b( L, B2 I4 p# NOTE: The version should be formatted as it appears in the URL for the: M* }' x# w/ d1 f0 L5 x; M4 }
# service API. For example, The identity service APIs have inconsistent# ?- H$ ^( C, X7 {: W) \
# use of the decimal point, so valid options would be 2.0 or 3.
; A% r* Q% n& t! W0 k4 I# Minimum compute version to get the instance locked status is 2.9.
0 v+ e/ f% w5 J- ?: `4 M# k: `; g#OPENSTACK_API_VERSIONS = {
+ t! r* i- ?, _ U# "data-processing": 1.1,
B6 f+ B7 l& Y# "identity": 3,
4 Y% |0 Y3 k! U! k4 p( G# "volume": 2,
& A- ], D& ?4 D; \- H! X+ K# "compute": 2,
$ X2 E8 ?$ V, l5 r( ^#}
5 k1 Y- T$ _4 e% P) ?- e- LOPENSTACK_API_VERSIONS = {$ @. H! W) k+ t) K+ }
"identity": 3,5 z) k) n, R0 y4 R$ n
}7 S( z- x' _& S- p
# Set this to True if running on a multi-domain model. When this is enabled, it; \+ m& v( t: P. m! p+ o
# will require the user to enter the Domain name in addition to the username
: P: e- Q! n! |6 H# for login.
: r) E+ G% H$ w5 |/ [OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False: j$ c$ q4 }7 Q- n) h) I+ j
# Set this to True if you want available domains displayed as a dropdown menu* R8 I5 i$ Z1 ~* E: B! C1 k
# on the login screen. It is strongly advised NOT to enable this for public8 K2 f. L( i3 G% s
# clouds, as advertising enabled domains to unauthenticated customers
1 @, D( Y& f0 m0 i6 a% n7 Z4 R# irresponsibly exposes private information. This should only be used for } T7 V+ ] i, [4 V) s" Z8 | y
# private clouds where the dashboard sits behind a corporate firewall.: D+ u( k1 g3 ?/ ^6 S2 f5 X0 A
OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = False
0 o! q9 ?" C) `; i# If OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN is enabled, this option can be used to
6 |8 C: `' R6 U" a# set the available domains to choose from. This is a list of pairs whose first9 `6 h& h8 h3 j" b* ]
# value is the domain name and the second is the display name.
. M# F5 O' E+ [# X8 {OPENSTACK_KEYSTONE_DOMAIN_CHOICES = (5 {; e: h7 `0 ~
('Default', 'default'), o. {" @& b9 J% D# U: X
); h1 F, D7 ^+ V$ @. i2 T4 ?5 g8 t
# Overrides the default domain used when running on single-domain model# S+ U: Z. l6 n& J% b( n% V
# with Keystone V3. All entities will be created in the default domain.; a; `- R" f6 K3 O% x5 f2 [
# NOTE: This value must be the ID of the default domain, NOT the name.
/ b. E" P/ @* B# Y4 W; B. ?5 s# Also, you will most likely have a value in the keystone policy file like this1 M8 ]3 _- u1 q, X" f* N% P
# "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
# a/ P1 V+ I6 a( f3 W" j8 j# This value must match the domain id specified there.
4 Q: a" |* A3 v `#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
8 j, v+ E- m0 f* G# C! l5 Y# Set this to True to enable panels that provide the ability for users to
6 u# m) L# ] y* z$ [- t# manage Identity Providers (IdPs) and establish a set of rules to map
- N, n& ?$ R) j F# federation protocol attributes to Identity API attributes.% D& u+ ?. L$ Z4 T/ M. Z
# This extension requires v3.0+ of the Identity API.# L! M. \5 H C3 C
#OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False% r& ?8 v+ D& Q# x2 f
# Set Console type:
. ~) f3 R0 Y( u5 e* P) Y! n, p# valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None
8 Q/ b1 n H4 b# Set to None explicitly if you want to deactivate the console.5 I! Z/ m; Y8 }: |
#CONSOLE_TYPE = "AUTO" n3 O k6 j/ v" G9 K. R9 E
# If provided, a "Report Bug" link will be displayed in the site header" Q$ {! Q% }5 a3 F3 ?- g" B
# which links to the value of this setting (ideally a URL containing
' i7 _7 ~& P' r# information on how to report issues).
0 A( G- i [1 Q2 v8 x#HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
1 r; h- ~/ p6 P; g) l# Show backdrop element outside the modal, do not close the modal
. k9 h% v! u7 i5 w: A# after clicking on backdrop.
% B V/ f$ j F3 x#HORIZON_CONFIG["modal_backdrop"] = "static"
& I: f& U. T% e0 x& s }# Specify a regular expression to validate user passwords./ e6 n/ v& g* U8 L# S, ]
#HORIZON_CONFIG["password_validator"] = {
" }( I" f- K% ]7 V- Y, X( L# n# "regex": '.*',
4 }9 c% N6 Y+ N! v# "help_text": _("Your password does not meet the requirements."),
; X, X8 [; w, {' @7 u- Z! r ?#}0 W* @* b2 D! L
# Disable simplified floating IP address management for deployments with1 j7 n3 m; s: N. v( c7 o- _) O* d
# multiple floating IP pools or complex network requirements.4 M8 O0 E% N% y; Q& w' k+ e+ a
#HORIZON_CONFIG["simple_ip_management"] = False
; a3 M u. u5 B$ k% E# Turn off browser autocompletion for forms including the login form and" F, y0 x. T w/ \- i
# the database creation workflow if so desired.
. j" a j: [; x& a#HORIZON_CONFIG["password_autocomplete"] = "off"
7 i$ p, v" K# [9 O% c8 @& r' B" i# Setting this to True will disable the reveal button for password fields,
% s, w, ]4 U" L# including on the login form.) ?; y4 v1 V- P. Q! L t' e; d
#HORIZON_CONFIG["disable_password_reveal"] = False: b( i# u5 f, k: `7 Z/ |: s) F
LOCAL_PATH = '/tmp'4 H& F5 H0 [/ j- ^
# Set custom secret key:
' Y9 d0 r# c- K1 C# You can either set it to a specific value or you can let horizon generate a
# M9 i7 |, D$ h: x. M& A# default secret key that is unique on this machine, e.i. regardless of the! [+ G7 K3 o6 _, V. E
# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,; I ]" i3 Y) S* q( ?) ~% c4 u4 n. g, [5 e
# there may be situations where you would want to set this explicitly, e.g.( m" \7 ~6 F' s/ q& D3 n0 K" b
# when multiple dashboard instances are distributed on different machines/ O) w9 r! q/ W( u9 U) S
# (usually behind a load-balancer). Either you have to make sure that a session. d/ V Z% @# d# ?5 I' I
# gets all requests routed to the same dashboard instance or you set the same& b9 K& t- U8 N2 u1 _- Y8 f9 f
# SECRET_KEY for all of them.
+ [9 N: T; j- U0 m0 @ TSECRET_KEY='RyLdZs4KeJ5z3TX48mk5biZLwlE1kzkFfbAKb9ma'
" R5 W4 d& V0 U+ j1 V% [ F# We recommend you use memcached for development; otherwise after every reload
7 p% Z/ J' g& e* a$ x) \# of the django development server, you will have to login again. To use& L$ S* ^1 ?, S, E) p* ]9 M9 V
# memcached set CACHES to something like
' Z. s& s% ]0 T6 _1 D#CACHES = {( {# Y5 y# F/ J1 R* B' d
# 'default': {
" e7 ^) }4 D( E4 I" @( S( P# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',( N! Q9 x3 g$ @% I
# 'LOCATION': '127.0.0.1:11211',
8 h7 o. z) \: Z! C0 @, M# },+ p. d C3 v8 d
#}" D" F, x. d1 H# E7 P
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
" S; V/ d, B, \: k; ^CACHES = { P9 i' I6 J4 ]/ D6 f% T
'default': {
' y* W) X3 O/ h- n+ J+ o5 F/ C( u: o 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',$ D. r# ]/ {' L5 e
'LOCATION': ['10.144.106.6:11211','10.144.106.7:11211','10.144.106.8:11211']' \$ H/ ^2 H0 }* B; W3 E/ Q
}
6 ~4 @! ?1 `& b( t" N}- u, Z/ a) Q7 Z6 J" ?- _
# Send email to the console by default
$ c3 j/ K: f/ m/ Z0 e" [EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'0 l9 Y' A8 p0 x- ]' l. y
# Or send them to /dev/null, t8 k \8 _: ?1 M" B) f. }: F% l
#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' S# {& ~1 P& Q7 b
# Configure these for your outgoing email host- H Q; S& S; j/ W2 e
#EMAIL_HOST = 'smtp.my-company.com'3 ^) z2 I. i: y8 t. v( \2 F/ g$ w
#EMAIL_PORT = 25
7 C5 [! W3 R0 J#EMAIL_HOST_USER = 'djangomail'# n7 X. z/ H: ?
#EMAIL_HOST_PASSWORD = 'top-secret!'5 U4 l* ^/ I* `
0 v( t b6 _) @5 m& W9 \9 a2 j
OPENSTACK_HOST = "10.144.106.253"( `* s4 K- T& R% Q: `
OPENSTACK_KEYSTONE_URL = "http://10.144.106.253:5000"1 O! E: U P. c. [/ ?
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"/ |0 T" O- l% {: V$ o
# Enables keystone web single-sign-on if set to True.! G b- ^- _; j5 q/ u
#WEBSSO_ENABLED = False
+ }$ y0 \& ?; |: o# Determines which authentication choice to show as default.9 p' c# H& k1 s( W0 {$ t. S
#WEBSSO_INITIAL_CHOICE = "credentials"; f* d' d3 L& o' x Y
# The list of authentication mechanisms which include keystone; p- |* }# y& x( o
# federation protocols and identity provider/federation protocol
4 B u6 |$ a Y! t# mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol" b, S. S' U5 e, [4 M8 _
# IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID& w w7 L5 X5 L
# Connect respectively.8 l+ Y3 z! d S' ?$ c
# Do not remove the mandatory credentials mechanism.' z$ i' t% N# \, U: S' N
# Note: The last two tuples are sample mapping keys to a identity provider+ k' C% F7 a- E+ _( @2 ^3 i. B; s! U8 K
# and federation protocol combination (WEBSSO_IDP_MAPPING).
) J# Z$ |' _4 E2 s+ B#WEBSSO_CHOICES = (; m4 [; o9 Y# U. v: d8 I. X
# ("credentials", _("Keystone Credentials")),$ F/ r$ t! A. i, P0 l7 j3 P
# ("oidc", _("OpenID Connect")),
2 G9 X2 ^5 v' T# ("saml2", _("Security Assertion Markup Language")), U. p9 G7 E: [ t
# ("acme_oidc", "ACME - OpenID Connect"),3 m5 M. @+ C$ d0 F! h7 r; w
# ("acme_saml2", "ACME - SAML2"),
) T* c0 F1 M* Y1 Y' ]) s! I#)
% f J6 V$ K; Z2 J4 E# A dictionary of specific identity provider and federation protocol8 h n) }0 v' U/ t8 }5 k9 h
# combinations. From the selected authentication mechanism, the value/ k7 v) u: }0 o; t T+ k
# will be looked up as keys in the dictionary. If a match is found,1 x9 }+ c/ x& s* c: n( z* S
# it will redirect the user to a identity provider and federation protocol+ A+ w4 w+ \" x. p6 S# D V) E
# specific WebSSO endpoint in keystone, otherwise it will use the value
% P) ^4 k& \/ I0 p, i8 v# as the protocol_id when redirecting to the WebSSO by protocol endpoint.
' r! e* Q- C! O4 ?5 h4 h, e# NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>).7 j% y+ P/ m0 h0 C" q0 t+ e
#WEBSSO_IDP_MAPPING = {
( [5 n* ~+ I C$ c* @5 f+ P# "acme_oidc": ("acme", "oidc"),( e( Y2 o/ D) x1 ~
# "acme_saml2": ("acme", "saml2"),
4 g, c! P" w9 ]#}$ u9 W) w! q Y+ S6 r, O! @
# Disable SSL certificate checks (useful for self-signed certificates):) \, T! R2 g5 l! D
#OPENSTACK_SSL_NO_VERIFY = True; F# ]& e6 ^- d% B0 J0 K& P/ I% \
# The CA certificate to use to verify SSL connections7 y1 ] `5 e% R1 Q& ~1 l
#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
: {5 t. i- V( h Z# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
. b' \0 l o/ [+ u# capabilities of the auth backend for Keystone.1 I1 D H j% k* Q1 K
# If Keystone has been configured to use LDAP as the auth backend then set
+ [' l6 P5 e5 O# can_edit_user to False and name to 'ldap'.
5 D+ |6 \5 K$ v* P5 v3 u#3 v! a1 e! G- C; m/ K
# TODO(tres): Remove these once Keystone has an API to identify auth backend.6 z$ T% d# ~# q5 U2 L
OPENSTACK_KEYSTONE_BACKEND = {( J; h7 j# p Y1 P
'name': 'native',
0 \5 c5 l& b8 ?+ I6 i' l 'can_edit_user': True,
" `- y9 n$ W) y 'can_edit_group': True,
8 g7 t3 m: @" l9 v0 Y8 W: u 'can_edit_project': True,
' U7 T3 z" I6 K# F6 V 'can_edit_domain': True,- l, q& y# Y, h4 c/ ~4 u
'can_edit_role': True,
; b; W6 j3 U# Y4 L}7 T3 |5 J* n8 Z' D$ P( Z) Z; Q
# Setting this to True, will add a new "Retrieve Password" action on instance,+ b1 c4 r. q6 [! c9 J3 Z
# allowing Admin session password retrieval/decryption.& O0 q9 j( _3 v" O: n! H0 J
#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False" ]2 r. u5 z% X* H, o+ E8 w6 a' Y
# The Launch Instance user experience has been significantly enhanced.
, g1 H! G0 [* @) P, Q: m/ L7 C# You can choose whether to enable the new launch instance experience,8 N, N& ^! J. w1 a
# the legacy experience, or both. The legacy experience will be removed" ?: ]& w0 e# [- N8 R6 t
# in a future release, but is available as a temporary backup setting to ensure
L9 y% g, K& D9 W3 _% Q# compatibility with existing deployments. Further development will not be# q/ R* A& [0 ?# h8 z
# done on the legacy experience. Please report any problems with the new; m) ], F) Z! Y& G. y
# experience via the Launchpad tracking system.4 c" D+ X0 J5 U/ x3 B7 p
#9 i4 V) r: Y# C) P
# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
) S* \! T, D4 K% s# determine the experience to enable. Set them both to true to enable& H N8 S) n: }- Q4 t) Z& \
# both.! ]. X# L3 O5 F+ K3 @
#LAUNCH_INSTANCE_LEGACY_ENABLED = True. ~. M" S2 P1 w6 \7 b' _( @
#LAUNCH_INSTANCE_NG_ENABLED = False
3 K8 v5 o0 Z; x" j6 N7 @. q! O# A dictionary of settings which can be used to provide the default values for; k" j1 X. u3 t
# properties found in the Launch Instance modal.
" M4 A r6 k" q( u: b) X8 c#LAUNCH_INSTANCE_DEFAULTS = {3 y' m$ x+ }% Z
# 'config_drive': False,7 U: K$ C3 r5 k
# 'enable_scheduler_hints': True: ]6 [9 ^0 g" [8 P3 m
#}* h9 k' h" v& c1 n" w; z$ a. c
# The Xen Hypervisor has the ability to set the mount point for volumes! ]9 }. o: t7 Q# |" p2 H- P9 a
# attached to instances (other Hypervisors currently do not). Setting O) Q) n2 V" O
# can_set_mount_point to True will add the option to set the mount point% `. l; w& y/ g: C3 Z
# from the UI.% g8 P8 \5 g' _# c+ O
OPENSTACK_HYPERVISOR_FEATURES = {0 ^# ^/ m9 k! a0 n" T
'can_set_mount_point': False,. F t3 d# F% w& l
'can_set_password': False,
; L2 Z$ L( e8 f6 d# g& d- T0 \ 'requires_keypair': False,/ p/ x) l: Y- G, K# M, _( D" X
'enable_quotas': True
$ I8 p7 ^6 q( \& `' t% R}& G% f0 i$ a8 J2 ~
# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional3 u g) V E+ i( K; X' ?1 g
# services provided by cinder that is not exposed by its extension API.
9 }# |2 _) i# s. ?- m- A) KOPENSTACK_CINDER_FEATURES = {9 P/ i' K: G! v2 G. }2 R+ w
'enable_backup': True,( `. T4 Y- F6 V/ H2 I
}
3 E# {- K8 h& o6 s- i9 w* n0 c( c6 j# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional4 F9 D# Z c D# L
# services provided by neutron. Options currently available are load& g. i& X- X: }1 K+ k* Q
# balancer service, security groups, quotas, VPN service.% s: A. t. v, F* W6 X" I1 o' n
OPENSTACK_NEUTRON_NETWORK = {
" s& w( M. c/ I$ \ N: s: d 'enable_router': True,
9 K- F! A: F3 {7 y 'enable_quotas': True,
0 O, B- ?0 V! F, E9 n$ t 'enable_ipv6': True,! y6 @$ |7 f& ^" P9 v
'enable_distributed_router': False," i8 u: C1 R( P8 \. ^
'enable_ha_router': False,, f8 x/ y0 g' E _
'enable_lb': True,* H0 u* ?. j; M8 c8 }* B6 c8 O6 R
'enable_firewall': True,, M- F1 z& E3 M& Q- L. c, y) [! t
'enable_vpn': True,
1 J0 j+ \4 R- M3 P) t 'enable_fip_topology_check': True,1 e5 e/ C/ c8 d' e8 J: \) b
# Default dns servers you would like to use when a subnet is
9 G) e7 u9 b" ]' { # created. This is only a default, users can still choose a different
1 E. [0 P* X" n+ Q; _6 E/ x. U # list of dns servers when creating a new subnet.
$ x! W( Z, g% \3 p) m7 S+ {) T # The entries below are examples only, and are not appropriate for
8 `* F( W/ s( Z/ @/ `( ^ # real deployments
! I# f0 m0 Z. n% J0 Y. u/ _' g0 P # 'default_dns_nameservers': ["8.8.8.8", "8.8.4.4", "208.67.222.222"],
# {7 ~6 k1 t) T* C* s5 ~ # The profile_support option is used to detect if an external router can be. l+ z: y6 V* i& o' e) a. C
# configured via the dashboard. When using specific plugins the6 u; o) ]" i( z& p
# profile_support can be turned on if needed.% |8 L Z2 E9 {+ v$ _- k; d& B
'profile_support': None,
8 c4 o3 u- U) ]9 ~ #'profile_support': 'cisco',
e. @9 m% m8 x9 }. Y# R- W. ~ # Set which provider network types are supported. Only the network types( `# H- K p/ [1 b1 h( q3 t
# in this list will be available to choose from when creating a network. C4 `, o# z0 p, L5 _) j! D+ s" D
# Network types include local, flat, vlan, gre, vxlan and geneve.
' x1 @1 ^9 n. R/ \ # 'supported_provider_types': ['*'],
% J( s- s2 s- h0 H( x, A+ q" e) `, u # You can configure available segmentation ID range per network type+ R' ]" k: E4 X+ Z R
# in your deployment.
2 y, E" T# E8 \2 Q0 M # 'segmentation_id_range': {1 Z9 H- |% Q0 z1 k$ n# M# `6 l+ B
# 'vlan': [1024, 2048],
) x5 X' e/ H* q' F9 ? # 'vxlan': [4094, 65536],
' l- Y6 c. Z) E # },0 O; j( U0 U9 Q/ H8 s, {3 G
# You can define additional provider network types here.# R! |% c; ]& h7 c8 C+ j
# 'extra_provider_types': {# r ]' g8 K! T4 B+ f
# 'awesome_type': {
$ X$ a" M4 ]2 z1 X+ x # 'display_name': 'Awesome New Type',
) m. ]. \& I4 \! p6 t # 'require_physical_network': False,
d& f! i5 h" Q0 H0 l # 'require_segmentation_id': True,, R( D) e! D& U- b! G5 z: O
# }: c2 P% A. w& d" A l6 |
# },
# f* i# N- @$ ?5 p' g # Set which VNIC types are supported for port binding. Only the VNIC3 S( v4 W1 K5 F4 ]& t/ t) W
# types in this list will be available to choose from when creating a ]3 s$ i& W% u
# port.* |7 x4 W: Q# W; X2 D- S4 u
# VNIC types include 'normal', 'macvtap' and 'direct'.
: X# w$ h; A2 E+ Y( ^ o # Set to empty list or None to disable VNIC type selection.# R' a2 B6 q# Q U7 M ]! ]
'supported_vnic_types': ['*'],5 i2 q9 h. s4 m; M e5 l
}8 Z( n' p6 ~& J( }
# The OPENSTACK_HEAT_STACK settings can be used to disable password
0 g4 l0 g* w# l$ j; a# field required while launching the stack.
. v" U: Y4 X* o) P4 M% POPENSTACK_HEAT_STACK = {4 ]. r4 c+ g$ g, q$ d+ \
'enable_user_pass': True,: ~7 V! Y5 Y1 f0 s0 |
}6 C& ?" ]" q0 z# ]% p
# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features# b- E- W* D+ B6 m6 D+ V1 `
# in the OpenStack Dashboard related to the Image service, such as the list1 @3 A' x3 n; x: n: E
# of supported image formats.
' P; T+ b( E! P0 \6 ]5 B, g) k#OPENSTACK_IMAGE_BACKEND = {
6 j) |2 [2 ?* S6 S& t0 t3 C, e# 'image_formats': [
2 {( w' `- q" u, C% G o+ {7 `# ('', _('Select format')),+ _6 e! k( _* z
# ('aki', _('AKI - Amazon Kernel Image')),- L# Z9 s9 S9 u; ^ i+ T. u
# ('ami', _('AMI - Amazon Machine Image')),
3 Z4 n1 e! g. N; f( E# ('ari', _('ARI - Amazon Ramdisk Image')),
5 V) k1 l' _ L% f; d+ ?( K2 L# ('docker', _('Docker')),0 e4 h6 ^8 R5 v' |/ {" \" c2 \
# ('iso', _('ISO - Optical Disk Image'))," ^+ N9 s. V3 |8 j9 e$ a4 O& Y
# ('ova', _('OVA - Open Virtual Appliance')),
% w, C9 a5 J& s$ Y& J& H# ('qcow2', _('QCOW2 - QEMU Emulator')),
5 t+ h. o+ y9 A3 H6 o# ('raw', _('Raw')),
$ r- e4 l3 ] \$ d5 u/ W# ('vdi', _('VDI - Virtual Disk Image')),
& H# y! X0 `7 S. _# ('vhd', _('VHD - Virtual Hard Disk')),
4 g5 j' B7 M$ Z7 V$ u# ('vmdk', _('VMDK - Virtual Machine Disk')),. A3 ^; S; }& W, Q% `1 F3 ?+ U
# ],$ Y6 r8 A/ m2 ^ C% s
#}
$ K7 i# j! [& g# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
F2 k! S# w6 \) N# s# image custom property attributes that appear on image detail pages.: [, Z7 Y) Q4 w& m! R: c
IMAGE_CUSTOM_PROPERTY_TITLES = {
% j& v+ `- v, A( Y: q3 m. M$ x' I "architecture": _("Architecture"),
/ H2 ]6 }9 W0 y7 d+ s "kernel_id": _("Kernel ID"),6 b8 t5 L* A+ b" j
"ramdisk_id": _("Ramdisk ID"),1 J5 ^/ j/ n2 E3 `; M% D* Q0 ?
"image_state": _("Euca2ools state"),, }* ?# q F* l% V, o6 f4 t
"project_id": _("Project ID"),
# l4 p5 l/ B! V" k+ T- O/ M "image_type": _("Image Type"),
2 |: X4 N: i! ^* o+ f0 @}8 {2 F+ E5 ~/ S+ o, |
# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
7 C* o, B- t6 P5 W) p# custom properties should not be displayed in the Image Custom Properties6 _) [# L) D* U$ x& i
# table.: f9 y/ d5 e0 D1 G' u. p! J4 Q
IMAGE_RESERVED_CUSTOM_PROPERTIES = []2 R$ t" z4 t! f/ p0 P; i4 _
# Set to 'legacy' or 'direct' to allow users to upload images to glance via
+ l T$ K: [5 I( L+ }# Horizon server. When enabled, a file form field will appear on the create
, H8 }2 n4 C/ c' Z# K9 P1 E, g3 \# image form. If set to 'off', there will be no file form field on the create
& F9 i3 \8 D1 T5 Q7 |& q' J# image form. See documentation for deployment considerations.
5 @/ W0 k: ~, a) d# J#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
* k* m0 O# p6 p5 |* W3 U# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints# p% w( [# A9 g' M
# in the Keystone service catalog. Use this setting when Horizon is running
+ o- j% I2 z+ _$ v' t- B# external to the OpenStack environment. The default is 'publicURL'.$ g# O( G7 A8 }+ I. k
OPENSTACK_ENDPOINT_TYPE = "internalURL"% R' G& ]1 d: ?2 C2 _
# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
: h i! t/ b( H* |3 K! Z! U- h# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints! S1 q5 B5 W7 x' \2 b7 L q
# in the Keystone service catalog. Use this setting when Horizon is running
4 e& }9 b5 k2 A% o# external to the OpenStack environment. The default is None. This
~' h+ P+ Z) S3 E. x% N% o# value should differ from OPENSTACK_ENDPOINT_TYPE if used." y3 [, Z) G2 L; N% Z- {
#SECONDARY_ENDPOINT_TYPE = None
! }5 v& V A* }& H8 H* ~6 l# The number of objects (Swift containers/objects or images) to display/ Z: O# s1 R+ w- C
# on a single page before providing a paging element (a "more" link)
% r# |( Q E; K& y% u# to paginate results.
$ e2 _1 g) T* }) W- RAPI_RESULT_LIMIT = 10000 g+ s8 \6 T# V9 h3 o
API_RESULT_PAGE_SIZE = 207 b4 H1 B# U' F5 B8 p, i
# The size of chunk in bytes for downloading objects from Swift
: X- r+ j8 v* w% ~: s$ Y& z; b) mSWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024$ i% n6 }6 G7 \1 A. `4 e
# Specify a maximum number of items to display in a dropdown.
Y. U! j% X& I4 [ P" xDROPDOWN_MAX_ITEMS = 30: C- V4 L! u u4 I) v- M
# The timezone of the server. This should correspond with the timezone! y. a" S: {" Y/ N0 ]
# of your entire OpenStack installation, and hopefully be in UTC.& y$ g$ G, e0 k$ I
TIME_ZONE = "UTC"; U" x6 L& J p
# When launching an instance, the menu of available flavors is* r* U% p6 C% [ Q! D" |" V/ L
# sorted by RAM usage, ascending. If you would like a different sort order,: e) x9 m% i5 Y7 A
# you can provide another flavor attribute as sorting key. Alternatively, you- j7 [$ p) I9 U& u @/ o3 P
# can provide a custom callback method to use for sorting. You can also provide) F( _/ e9 E( l6 `- p) M8 `) h) I
# a flag for reverse sort. For more info, see
: k/ E( A1 f4 j( w r9 T) L# http://docs.python.org/2/library/functions.html#sorted
) `+ a, T6 v% v" s+ H" ~3 X#CREATE_INSTANCE_FLAVOR_SORT = {
R8 k# @- g/ u: ?6 Z& O# 'key': 'name',
6 ~' m9 @4 D$ y S# # or- a/ V' i1 A: C. d: q# `
# 'key': my_awesome_callback_method,
- t( C% X# P% v9 J! Z# 'reverse': False,! o% m7 l. ^4 `
#}5 L, @8 i! a6 S* K
# Set this to True to display an 'Admin Password' field on the Change Password8 l8 g7 ]- @. F) {
# form to verify that it is indeed the admin logged-in who wants to change! Q- K$ m' x" d# K; w# V
# the password.3 z3 z5 f, s' ~* T4 v2 [, d# q
#ENFORCE_PASSWORD_CHECK = False! _6 c `$ m6 E: I2 S
# Modules that provide /auth routes that can be used to handle different types
* d% f# \9 r" y- w! p; D2 L( w6 M2 N# of user authentication. Add auth plugins that require extra route handling to" h1 @$ _9 z( j% V
# this list.
5 D9 Z; J/ W- ?8 E; V; [" i. [#AUTHENTICATION_URLS = [* [2 W8 a" S$ B# l+ k9 l& g
# 'openstack_auth.urls',: L' M, q: Z/ ]
#]
+ f9 @% p1 k/ P/ h" Z) X+ f$ q# The Horizon Policy Enforcement engine uses these values to load per service
; O2 ]7 \0 t6 Y0 {# policy rule files. The content of these files should match the files the
6 q6 j( z) R" ~9 U# OpenStack services are using to determine role based access control in the, a6 a6 a5 p1 B9 @( S. m; n
# target installation.
* M/ Q0 _+ |/ P$ X$ `" g# Path to directory containing policy.json files
" L. w' D' y. X3 c: ^* I9 @) JPOLICY_FILES_PATH = '/etc/openstack-dashboard'
. x& P( Q/ }6 L+ N, z6 r9 z( E: I# Map of local copy of service policy files.
s- `+ {( t1 l Z: e6 A5 p# Please insure that your identity policy file matches the one being used on
5 ]8 L6 k; p! a# y" t# your keystone servers. There is an alternate policy file that may be used! K8 b! B) v; t o
# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
: o2 s: }+ K' i" `1 Y# This file is not included in the Horizon repository by default but can be! A' L* K) A- x6 r9 x0 O4 c! s0 K
# found at
. Y/ m+ _: C, x! H; y+ k$ B# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \ o. F* y d$ P" z! _! j9 Y
# policy.v3cloudsample.json. }& T0 _9 s$ K2 j0 ~8 i
# Having matching policy files on the Horizon and Keystone servers is essential
/ D: U" k$ O. H+ H- T5 F5 `) ]# for normal operation. This holds true for all services and their policy files.5 [+ Y" d9 G. `8 S1 U
#POLICY_FILES = {
$ Y" o) A$ D. i# 'identity': 'keystone_policy.json',
9 }6 n9 i' v' J; |: L# 'compute': 'nova_policy.json',4 }$ x' D! x! e# f4 _
# 'volume': 'cinder_policy.json',
% I4 o6 m! H# y- m: e, y# 'image': 'glance_policy.json',
1 x2 H, j8 O, o# ]# 'orchestration': 'heat_policy.json',0 X3 C9 E1 Z& a s0 X& ^
# 'network': 'neutron_policy.json',
6 O0 O& O5 @* l# 'telemetry': 'ceilometer_policy.json'," T, Q; a: I0 }$ k2 g
#}
K0 L7 {' ~8 [) _! s, F& W# TODO: (david-lyle) remove when plugins support adding settings.
7 h7 \. G% h7 v0 m1 ~6 O# Note: Only used when trove-dashboard plugin is configured to be used by
) p" y }' Z% t# K3 Y$ j# Horizon.7 K- A1 _" d% j. Q
# Trove user and database extension support. By default support for% a4 h7 p9 K* J3 k- Q1 v0 y
# creating users and databases on database instances is turned on.
! c. U) |3 [0 F+ S' \, B9 I/ Y- Q# To disable these extensions set the permission here to something. \, F: g$ y$ V( U9 P$ s4 ~2 q
# unusable such as ["!"].
4 M z) |! }8 w7 Z$ W' r/ j, Y& E#TROVE_ADD_USER_PERMS = []3 E# P/ q8 o/ K2 }4 I
#TROVE_ADD_DATABASE_PERMS = []" l# I/ j7 Q/ W! \
# Change this patch to the appropriate list of tuples containing' h7 V b# H) c$ q% m# ?7 f
# a key, label and static directory containing two files:9 S" P) }" y, u a
# _variables.scss and _styles.scss% H$ o l' T8 Z* G) d+ T
#AVAILABLE_THEMES = [
* z8 [& O1 S9 G6 G* y* U# ('default', 'Default', 'themes/default'),
- f3 O5 k+ D$ F7 K. v, D# ('material', 'Material', 'themes/material'),
5 v0 Z# u; F# [# ~# s; O7 q/ D; ^#]
3 [% H) }, M- B4 }8 a% cLOGGING = {
2 V' e( F) P1 r1 m6 ~ 'version': 1,
* N8 F1 I' b8 ]7 A' | # When set to True this will disable all logging except
( V* ~( f9 A! f* y z i, z # for loggers specified in this configuration dictionary. Note that; I- g& v6 ?2 Y; m; C9 F* N9 Z
# if nothing is specified here and disable_existing_loggers is True,4 Z& r+ K2 {+ G: z3 u2 E
# django.db.backends will still log unless it is disabled explicitly.! ^2 ?! \5 d' d7 i o0 [
'disable_existing_loggers': False,
' J; m$ }6 n8 @8 q1 k 'formatters': {0 y; G( r2 t6 T$ S/ l0 r2 R
'operation': {7 d! a7 T! g; C; _6 N- A: h' ^$ k
# The format of "%(message)s" is defined by- R% h% w1 m8 e7 ]% a( `
# OPERATION_LOG_OPTIONS['format']" g% x2 H6 F X& P; ^5 n# [
'format': '%(asctime)s %(message)s'3 n: Q8 N% }- q- J$ |
},
) F7 I' U2 d: D' s) s' x$ Z },0 ]# s+ a4 ^' ]+ \
'handlers': {+ D% @7 A) n; ^/ [( c2 H
'null': {! k, _3 x* @% n+ T* o. ?
'level': 'DEBUG',
5 l6 |8 Z H$ l9 U% i; F: y/ K; x2 A 'class': 'logging.NullHandler',
; i, k+ i. L! A; p" Y },
: M8 ^& a1 K+ U0 _, `8 m. z 'console': {' v+ t- k4 v- N
# Set the level to "DEBUG" for verbose output logging.
5 T) j( Q- a. E0 B6 }2 g 'level': 'INFO',; m$ e7 ~# d6 U3 _1 k% H9 ~% Q" ]
'class': 'logging.StreamHandler',
& n& M/ U& h1 |" W6 } },- v4 H3 p2 B( P$ z2 R- T( Y! }; o
'operation': {4 ?' ^7 G) K& Q, _3 D4 y+ N4 W
'level': 'INFO',
' m& W. J" V- w" W) { 'class': 'logging.StreamHandler',9 y; h) T# s6 M7 J# m7 f
'formatter': 'operation',0 A, n$ g3 D1 [/ z" s" L0 ~) i8 Q3 k) S
},
8 e& x$ a# ^6 Q( q2 u },+ z: v! u1 F1 G6 h4 [3 E& X0 b1 \
'loggers': {
& J# d+ E" l( ]! @1 G4 J # Logging from django.db.backends is VERY verbose, send to null( r$ ^( F7 e! ]. V" g
# by default.
% }0 u. a0 x% H" c- I- U 'django.db.backends': {- r+ g: f- x; a
'handlers': ['null'],) e: ^# V" X8 G; _8 b7 f
'propagate': False,
/ `$ p' L+ m* X8 u8 k; |5 G },* E6 o$ B" T* w$ ~
'requests': {
% z) r" S& Y- J% p4 I) T: f3 h1 n 'handlers': ['null'],* g: T0 l, @5 z
'propagate': False,
" A4 c, Z' J$ d' k },
6 r: w2 ^+ I* d+ {% F9 V 'horizon': {
4 t+ o6 f3 T* \- y! V 'handlers': ['console'],
3 Z, P0 |* `/ A E: g, c 'level': 'DEBUG',. n6 {9 \; h, [1 t0 ?
'propagate': False,
% h: k4 R) V6 a1 E8 {3 o* Q }," Q7 ~% q& N+ s4 L% I
'horizon.operation_log': {
5 S/ e( n2 i4 ?" _) ^. u4 H0 k2 g 'handlers': ['operation'],4 O% v0 W: ^ a0 F7 r
'level': 'INFO',
1 Z ^2 j: j/ H1 ?% } 'propagate': False,1 T# p7 ~* h0 p. x: l6 f7 R% u
},
% n0 ^7 V. R7 H, A 'openstack_dashboard': {
% V- O" r" a9 u9 j4 k 'handlers': ['console'],
0 M" q/ P, @" l! c2 s; s' u 'level': 'DEBUG',0 P% x+ M" N0 l( z& v
'propagate': False,
4 Z4 S. V" Y9 D; l: H! S- k8 ]1 }2 d! X },- d4 E1 A6 S' r6 l* P/ K# l A, m
'novaclient': {
2 z# G5 M4 Y0 j- M 'handlers': ['console'],2 t/ s+ S. |4 y; ], b6 u
'level': 'DEBUG',
! H0 n6 q X* l+ r& ~# f5 ~ 'propagate': False," t# F# ?+ L' T, ?- o
},9 T# z7 H4 S1 x! d |( }
'cinderclient': {
( q5 k& i4 r9 W7 ` 'handlers': ['console'],% P; j) f7 ]0 S$ H9 U2 k& U
'level': 'DEBUG',
; \! O2 }: V- G8 p9 } 'propagate': False,
- v2 p, G2 ~( o, X4 r7 F) u },
# |7 `& X! \8 p0 k/ ?. h4 f; e 'keystoneclient': {
( e: t5 T5 S8 G' D 'handlers': ['console'],
; D1 t6 H. t- L, N1 I& R 'level': 'DEBUG',( y4 O. {9 l" h8 \- h
'propagate': False,7 X' z$ [( Y% ~
},5 M$ J' k* @) y7 d5 Y6 ]
'glanceclient': {% @" I! c7 H# o2 q7 a) H' b2 E
'handlers': ['console'], s* `! }; W% h' C5 ^
'level': 'DEBUG',6 ^+ v+ A3 I! j! H$ p! q) C+ h0 M
'propagate': False,
% L: ?; x1 `5 j/ V+ _6 \& D },
x3 f' E0 A0 R( O 'neutronclient': {8 d- Z3 I t5 M
'handlers': ['console'],
* y3 k3 s' I8 @. k- K# r$ T `% d 'level': 'DEBUG',; {! s b2 Z2 }& Q2 m: ^
'propagate': False,1 J. B6 f. x& `" z9 b9 o
},
' l. p [: X2 P5 ]7 e3 | 'heatclient': {
( E: @/ x1 |: l; L3 o0 S: ] 'handlers': ['console'],
; y- K* U! z Y 'level': 'DEBUG',
3 K5 _1 Z9 s' G- e 'propagate': False,
6 L' x1 n* q% f7 p3 y2 W },3 {! o* z& Y% m, x
'ceilometerclient': {* \9 e T! ~! Q3 I5 _
'handlers': ['console'],
5 S6 ~( x$ q5 g/ h4 b* X1 v 'level': 'DEBUG',! J9 o# K, t" x8 b( f
'propagate': False,
: I4 J% q" V7 N/ u# B0 W3 A) V },
# y! T+ d! B D; w p0 t 'swiftclient': {
6 v2 D" ?4 w L) m6 M7 J1 l 'handlers': ['console'],
: T& H' m4 G0 h( C: `( S; P 'level': 'DEBUG',
7 S E5 d0 {' q4 I' Z 'propagate': False,
( b1 d4 P+ \/ k% N8 c# x, K. m- H },% O) U6 O+ r7 G) i4 i
'openstack_auth': {5 x' [$ f- Y& e/ ]
'handlers': ['console'],
1 ?1 v1 ]( }) }2 m8 m. } 'level': 'DEBUG',* X$ ]/ h5 t9 j: O% x
'propagate': False,4 q' o1 ^ J* `# ~8 I! e% Y4 X
},- D- K" ]" w. s( G% {9 F# n" g0 u
'nose.plugins.manager': {* X9 S, C0 K* u$ s' l) N
'handlers': ['console'],
6 U6 M! T" t5 R2 a& M# h( @9 [+ | 'level': 'DEBUG',4 H- \1 G8 F6 ?
'propagate': False,
- B3 G) |3 `1 f3 Z$ h, S0 }- E' M; O },4 D( H0 O$ ?( g$ l
'django': {
3 w* d4 k+ K! x8 m# V9 t* t 'handlers': ['console'],% K3 u- | l' t* T. y& K
'level': 'DEBUG',
* }0 A+ J- m! e* R% {5 h 'propagate': False,& E3 Y6 J8 ?6 i/ z" G5 C
},
( R& W; ~8 R5 x 'iso8601': {
3 W y) O$ d* l 'handlers': ['null'],
( q8 f3 j) h( o 'propagate': False,4 j( ^# F" X* Z0 `% m; k6 i6 n
},
$ m, M$ c' M! n* { 'scss': {4 R# w$ J2 a g
'handlers': ['null'],
3 S) n* k$ o! A" c) R 'propagate': False,
5 b7 J4 n4 |% N5 k! c L1 b },1 h, w4 \- O& s7 [; I; `; ?
},
: f! R* `1 u+ {2 ~}5 i' d: `1 E+ _' |- M' \- o" Y( f2 y
# 'direction' should not be specified for all_tcp/udp/icmp.$ h/ p* C& ]! [3 E8 S( m' V
# It is specified in the form.
& b. e. M* R I: C1 kSECURITY_GROUP_RULES = {
+ B ^5 n, X% a! l 'all_tcp': {2 ^" f. [; i B Z, k: ?4 ^
'name': _('All TCP'),$ z" _8 B- r- t% J4 o% R, W# ?
'ip_protocol': 'tcp',- i! X+ X/ ]$ ]* r! O i- s
'from_port': '1',! }0 i& |, D: C+ O% g
'to_port': '65535',
+ g% X, A9 g$ i' {; E! n },
4 M$ x1 `% A$ S9 G8 _ 'all_udp': {
$ B/ O, X ^7 q5 G0 P ^ 'name': _('All UDP'),% q- k. s) Y; W! D% q
'ip_protocol': 'udp',. A$ A, Q, Z' t- C7 _3 l' a, \
'from_port': '1',) i# N7 S4 c( h% V! V7 d
'to_port': '65535',
$ H' J% v v" c l0 p1 d! x },
4 R- ^' L( N% T2 i8 N( P 'all_icmp': {
3 E0 G; Y( ]$ |* v) P6 A 'name': _('All ICMP'),* J8 i8 d! c$ @+ I4 F: ?
'ip_protocol': 'icmp',
: @2 }2 }3 i* u, K 'from_port': '-1',1 U+ G. H! k3 j4 _: b5 c1 _ t0 U
'to_port': '-1',
) b$ P! k) g4 U: i) j },7 n$ b' e; B$ O) J3 |2 t* X1 Q
'ssh': {
: ^$ \! Q8 Q" M, q$ _, F" j 'name': 'SSH',. I# |3 S1 z/ \* i
'ip_protocol': 'tcp',
4 [4 F+ d1 w" o: G- q9 C 'from_port': '22', r5 M1 D, `1 U4 ]3 {
'to_port': '22',
, _9 K& f0 g( a },
# x$ c L7 s( K2 G0 e- s+ c 'smtp': {
2 o* C* Y$ d6 M 'name': 'SMTP',
: x1 H5 f0 |3 h( k 'ip_protocol': 'tcp',
) P+ y; |! M5 v/ i# D 'from_port': '25',6 V8 `" q7 s: |/ C) p* W
'to_port': '25',$ O8 O" Z) v& g$ w6 |
},; d+ Y. c7 N4 k
'dns': {2 @2 ]! _ y% c- h2 l, S0 d& O
'name': 'DNS',
4 J1 a! R+ {3 g* q" v/ } 'ip_protocol': 'tcp',
, `4 _- M$ E& z7 h/ b/ | 'from_port': '53',1 n1 a; E9 I$ h: J/ e
'to_port': '53',! Z% v! S R! s. O) m
},% c' w6 @& u& f7 l+ l ~' C
'http': {0 [+ a1 I. m% w G k- f4 f
'name': 'HTTP',
. e) R$ P0 t' S" X- o 'ip_protocol': 'tcp',
$ O- p8 s" d& w% \& d$ W! U 'from_port': '80',* I" }3 |# u, C6 E& J6 B3 n& p4 c
'to_port': '80',
; s$ P* i5 w. J, W( f; n },
: l2 M* q2 s5 l! i4 G% ^ 'pop3': {- G7 }; \! D% G1 Q' u$ H- Q
'name': 'POP3',
( T9 f! K# b9 Z 'ip_protocol': 'tcp',: @$ U; c0 L7 S8 g |) s3 \
'from_port': '110',( a" O8 F' Q- i! M8 ]% J! B
'to_port': '110',
k3 o5 H1 ]! S( ?5 a },
/ B3 H& m- |* p0 x5 c$ W: \# ]% n8 V 'imap': {
1 W2 m* n- |3 t4 q. `, C6 D 'name': 'IMAP',
S K2 m0 ^: K# W/ D1 T5 g6 P 'ip_protocol': 'tcp',, `9 R& l4 v2 \; R
'from_port': '143',
$ z- |; Y+ R- | 'to_port': '143',
- B0 N2 K4 o- X* L# W },' J7 D% J0 y) {8 z5 E, @
'ldap': {
% A7 h% _8 f1 z$ n$ a- | 'name': 'LDAP',6 J; ]/ G* z. G9 A- d$ x, I
'ip_protocol': 'tcp',
( m/ d. G9 A* Y; O# I x' u5 l' ^ 'from_port': '389',
+ h9 T* c: x6 w7 M 'to_port': '389',
( L$ P& ^' b+ U* ~5 O/ [& ?$ m },
" o- w/ \$ z- e9 b7 ^& Z 'https': {
5 `* }1 v* B5 H4 t; p# @% n 'name': 'HTTPS',
' s$ G' u9 F1 h. G$ d/ U) O 'ip_protocol': 'tcp',4 p0 ^" {: O1 k3 Z3 h
'from_port': '443',
8 ^* V' R, L) o 'to_port': '443'," g4 z3 e0 B6 ~
},7 I: }- I' k7 B- R, z4 P L
'smtps': {9 J5 G/ u2 h) @4 [0 M, N& q
'name': 'SMTPS',+ ~% T( G+ C7 c' |6 b4 q
'ip_protocol': 'tcp',
% ?. r9 `; d: v" m1 P& D$ Q 'from_port': '465',
7 V( ~% @ ] W% |( e! R 'to_port': '465',
# v$ M2 o; ?# f4 _# F },
& v1 x& B1 o$ U 'imaps': {1 m4 o& j) b3 b
'name': 'IMAPS',
. q1 c' t# z5 F 'ip_protocol': 'tcp', a' C6 P& `, J
'from_port': '993',
/ V z! f9 u* r+ ^( A& ]$ i3 i3 X0 i 'to_port': '993', `, v( e7 N. q, N
},
7 ?- A/ [) R2 ~( i 'pop3s': {
; o/ E$ q9 d% F 'name': 'POP3S',# O! I( P; d8 ]/ q/ t9 n( x; y
'ip_protocol': 'tcp',. t0 S, x& O3 O- n1 ~
'from_port': '995',
. a, [9 h, b/ v I' _7 D 'to_port': '995',5 u9 u0 v: d& n% _" Z
},: J+ o( |1 _& ~) y1 u; p
'ms_sql': {! P$ `( t9 @" d4 h* ~
'name': 'MS SQL',6 K% e- y7 a) J3 x0 q$ w
'ip_protocol': 'tcp',
' b& X9 V5 K- T& e3 h" Q h& T 'from_port': '1433',
! r8 {+ b2 t7 e7 Z! ~6 | 'to_port': '1433',
" b: Y$ U) W5 S$ p) y },
1 T4 S; r% f6 x9 P% B 'mysql': {0 N( `4 {1 O. E( Q$ h" H% w
'name': 'MYSQL',
- q, |! k1 L/ [ 'ip_protocol': 'tcp',
+ A2 M6 y5 o/ h' |' j) v 'from_port': '3306',
$ _3 {, ~* m& R7 |$ f k4 A9 {6 ^' q 'to_port': '3306',5 ^* `- I) I7 p) O' u# b' B
},# ^" ~) z* I4 o: [/ ~& Q6 Y' {
'rdp': {
; {4 h8 O/ X( B C 'name': 'RDP',' R" h1 Q# T" f& F) m3 Z: F& v
'ip_protocol': 'tcp',0 x# z7 A3 _' j0 v
'from_port': '3389',
% \7 D2 i0 y% R/ {& o 'to_port': '3389', x- s& w% D1 ]4 @5 c/ A
},2 z, z$ @' _ K1 b# P, a
}
5 I6 O' Y8 L' G1 ^. N/ h# Deprecation Notice:; f* x) h2 ?- F) V
#
# t B* Z% R9 t% J& d+ A' R# The setting FLAVOR_EXTRA_KEYS has been deprecated.4 M+ a# V) E2 Q) D! g: G w4 X1 ?
# Please load extra spec metadata into the Glance Metadata Definition Catalog.
" H) Q; C' b4 a. | T% |; N( l8 l# w5 E#( K) q% w$ h/ e) t9 W
# The sample quota definitions can be found in:
" }. i/ i. G+ n% l8 H) Z# <glance_source>/etc/metadefs/compute-quota.json5 U( \/ y0 f1 W8 z: S4 Q8 o
#) v6 [8 y( V9 d7 |% H4 ]2 j9 t
# The metadata definition catalog supports CLI and API:
& h) Z) z9 [" ]# $glance --os-image-api-version 2 help md-namespace-import
0 c3 V+ A& _7 M6 h# $glance-manage db_load_metadefs <directory_with_definition_files>
+ _5 `0 @+ c, Z' f, W#' s* q: W) x! n$ Q8 V0 G! L1 B
# See Metadata Definitions on: https://docs.openstack.org/glance/latest/
+ i* S! u1 u9 G9 l! S# TODO: (david-lyle) remove when plugins support settings natively; ~' ^1 Y5 Y. [
# Note: This is only used when the Sahara plugin is configured and enabled
6 k4 C9 D- H/ I) n/ W3 b# for use in Horizon.# D, r2 E5 I1 w9 u2 D
# Indicate to the Sahara data processing service whether or not7 I# v1 }+ \0 z( O2 T* ^
# automatic floating IP allocation is in effect. If it is not
. L9 A5 A* u1 h M7 |# in effect, the user will be prompted to choose a floating IP/ V. _. m+ K" V" N2 |
# pool for use in their cluster. False by default. You would want
! S8 R& B# I" {! h" T" S, R# to set this to True if you were running Nova Networking with
+ E# `# `# R7 `% ?8 W# p, @# auto_assign_floating_ip = True.
% ?' {. q$ o# a# h5 @0 Z6 j/ h' E#SAHARA_AUTO_IP_ALLOCATION_ENABLED = False0 G( O' T- }. o# [; c; k4 X
# The hash algorithm to use for authentication tokens. This must
! L$ i' I% |' B" y5 V. {* P3 ]1 c# match the hash algorithm that the identity server and the
$ p+ d; S2 D- R' }( S3 i. w# auth_token middleware are using. Allowed values are the/ c5 Z* k/ A7 C
# algorithms supported by Python's hashlib library.
" [% e+ u2 o5 `0 I4 a6 @#OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'9 u9 s. f- q: p) }# c
# AngularJS requires some settings to be made available to
1 b( N! i" I3 |% }. A- E" n# the client side. Some settings are required by in-tree / built-in horizon
3 B0 y6 {4 y0 G4 J/ q4 ^) ]. I( O# features. These settings must be added to REST_API_REQUIRED_SETTINGS in the
" |8 p8 K* a C }* z# form of ['SETTING_1','SETTING_2'], etc.5 k# J& Z, T$ z+ P; c3 ~# b
#
, k2 m; y. i/ ~" H% G# You may remove settings from this list for security purposes, but do so at
8 w7 ~( P6 D# i* Q: |/ G) Y# the risk of breaking a built-in horizon feature. These settings are required1 g( T2 m9 N" e, F
# for horizon to function properly. Only remove them if you know what you( q* J) s- q5 B+ B c G2 D
# are doing. These settings may in the future be moved to be defined within
t+ k' b& M& z3 [3 N0 ?+ Z: X3 G# the enabled panel configuration.
5 g2 Z2 o9 X& w1 s1 c2 ]7 _, [# _# You should not add settings to this list for out of tree extensions./ N6 W& q0 P; F- P
# See: https://wiki.openstack.org/wiki/Horizon/RESTAPI
. Z" w/ w) |/ f7 k) QREST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
" p% a8 h+ `+ } 'LAUNCH_INSTANCE_DEFAULTS',; \" ^9 y! k/ ~. H
'OPENSTACK_IMAGE_FORMATS']
: F+ z S( D3 p" ^. K# Additional settings can be made available to the client side for2 Q. b3 N9 V# d: ]! H9 q4 Q. m/ v
# extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS
9 Y$ `5 K9 S3 H& w0 [# !! Please use extreme caution as the settings are transferred via HTTP/S, p8 G" N4 F/ [; l# b* c) Q2 Z, Y
# and are not encrypted on the browser. This is an experimental API and
( d. R' B! z) D* G ^# may be deprecated in the future without notice." z- {+ G" }" U6 h6 `8 k8 _! R' t
#REST_API_ADDITIONAL_SETTINGS = []
4 j5 O. C8 ^2 \# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
4 y7 G4 m7 ^" A9 |4 r, ~( N0 T5 o# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame/ ]. A; U& S: I
# Scripting (XFS) vulnerability, so this option allows extra security hardening
4 o: L: ]5 W2 H! e4 I# S# where iframes are not used in deployment. Default setting is True., T: r) u& a' t
# For more information see:" ]5 o& b: w6 g9 C( ?) A! n
# http://tinyurl.com/anticlickjack& P: W' x1 }( K$ u
#DISALLOW_IFRAME_EMBED = True K, m, K' z8 }+ x
# Help URL can be made available for the client. To provide a help URL, edit the0 H4 r1 {. A: {7 X8 i) h
# following attribute to the URL of your choice.
9 E# i5 h# v$ B1 P#HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
3 N5 M7 J' L9 L) x# }9 @9 _# Settings for OperationLogMiddleware& b! S) l D3 J1 ]
# OPERATION_LOG_ENABLED is flag to use the function to log an operation on
9 f! y' y& _3 ^5 ~( _ a# Horizon.
, |3 E+ g1 g% i& q( R( ]$ p! t# mask_targets is arrangement for appointing a target to mask./ C# y, A2 P! ]
# method_targets is arrangement of HTTP method to output log.
/ c. J' {/ C# b2 J- Q8 J# format is the log contents.
" c3 E9 `2 |! @#OPERATION_LOG_ENABLED = False+ w! p/ B% `2 S6 ~; x
#OPERATION_LOG_OPTIONS = {/ S& p) U' n" a: s9 R4 @) t
# 'mask_fields': ['password'],5 e- k: ]( Z4 T8 e
# 'target_methods': ['POST'],
& @/ ` o# U3 z+ r, e% X& M# G# 'format': ("[%(domain_name)s] [%(domain_id)s] [%(project_name)s]"2 c& ?8 P5 q8 ?- }# U. U4 a8 s
# " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"3 D* p5 Y* N" y I# _
# " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]", Y, A+ b1 Q' z- ^ w, X" F
# " [%(http_status)s] [%(param)s]"), V- ^" Y# Q& N* H
#}
: k, \- @$ C% A% p) M/ ^% x/ v# The default date range in the Overview panel meters - either <today> minus N
$ H7 v5 z" ?2 Z. d# days (if the value is integer N), or from the beginning of the current month8 v7 i) @8 Z4 E6 v
# until today (if set to None). This setting should be used to limit the amount% U5 J" [5 O. w0 ^+ e
# of data fetched by default when rendering the Overview panel.
3 g4 N: N' m. H1 l#OVERVIEW_DAYS_RANGE = 1
* G# N l' D( F( D" c# To allow operators to require admin users provide a search criteria first& R9 s+ N- r& q7 j! j: o
# before loading any data into the admin views, set the following attribute to
* R t* ]; v. L6 Z2 S7 X# True
9 o! R: l, p9 j& f! M4 q# J#ADMIN_FILTER_DATA_FIRST=False. e+ a! V$ m- Q
$ w. E, U: A) F. N$ A, {" G* X1 |. D- H' P. c) Y
|
|
发表于 2022-7-15 22:58:08