|
|
楼主 |
发表于 2022-7-16 07:53:11
|
显示全部楼层
# -*- coding: utf-8 -*-
0 M" h- J3 ?7 }- k8 c1 C: ~import os K7 _& Z8 d. {$ R
from django.utils.translation import ugettext_lazy as _
& f$ |6 x' K' G' F# h% e5 ufrom openstack_dashboard import exceptions
+ Q2 Z* d' ~" h3 j) t' G# ]' @+ }from openstack_dashboard.settings import HORIZON_CONFIG
/ Q% x, q$ o8 T8 mDEBUG = False" {6 P& b% w: j9 W% z. q
TEMPLATE_DEBUG = DEBUG* k1 v9 A) Q ]0 G2 X( c
COMPRESS_OFFLINE = True
; z- t- k7 N4 @1 ]% \, [0 P" b# WEBROOT is the location relative to Webserver root) G5 R5 \) ]% U7 L; B/ ?
# should end with a slash.
3 D U4 \, I/ k8 C% BWEBROOT = '/'
: [% b/ W# l8 _, h2 C. I7 A#LOGIN_URL = WEBROOT + 'auth/login/') G/ _+ G# o% C
#LOGOUT_URL = WEBROOT + 'auth/logout/'
: C0 G$ |: w4 I- Z3 ~. x# F#1 B7 @2 m' }* F
# LOGIN_REDIRECT_URL can be used as an alternative for
9 A9 G; M |/ E+ {# HORIZON_CONFIG.user_home, if user_home is not set.% N' k: D6 R) d. W' G/ h G
# Do not set it to '/home/', as this will cause circular redirect loop
; M1 k( @; I9 ^: ^4 M#LOGIN_REDIRECT_URL = WEBROOT
/ _6 g% R: r1 |8 I& @2 X, G/ J# If horizon is running in production (DEBUG is False), set this
/ g1 B6 L9 R* }$ F" _4 L/ C' ]) y# with the list of host/domain names that the application can serve.. c7 K4 f: }8 P; V0 i0 i
# For more information see:
. m+ U" t- q6 H+ i" B6 C# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts9 T W5 ?8 d5 A8 R# w/ M
ALLOWED_HOSTS = ['*']
* k6 P* ]0 C' O; S$ u" k( l; k
& O- O# L5 B% _' c7 H. ^# Set SSL proxy settings:
@1 m9 r0 c" J- c6 G& J# Pass this header from the proxy after terminating the SSL,, A/ n: y4 I0 B& W' ?, ~2 F8 t; B
# and don't forget to strip it from the client's request.
$ b1 G% x& t' Q: m. W" ^( ~# For more information see:( D9 S- H! d7 e/ c3 U' g
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
& j5 B# C+ |" g5 q#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
5 G a Y/ q% C1 c5 N( `. ?9 C# If Horizon is being served through SSL, then uncomment the following two/ a) V8 G* V7 _: E2 u
# settings to better secure the cookies from security exploits' B( `# L/ \$ M. {- s% V- M
#CSRF_COOKIE_SECURE = True
4 x5 [2 P5 z1 A+ q& s5 G! K#SESSION_COOKIE_SECURE = True
5 R( A- w( @1 f! k4 U6 c
; ?6 u# i8 Z$ ?- u' X# The absolute path to the directory where message files are collected.
p% Q! i! S2 J7 ], G# The message file must have a .json file extension. When the user logins to
6 r3 _ }3 O4 S) a x# horizon, the message files collected are processed and displayed to the user.' j1 [9 r& T! c* u% s2 w" e' g/ }* B
#MESSAGES_PATH=None6 G% H4 B1 ?: v3 u
# Overrides for OpenStack API versions. Use this setting to force the9 ]5 ~+ e5 N4 u+ F4 w$ Y
# OpenStack dashboard to use a specific API version for a given service API.& j4 B, i! u) c# w. N1 H
# Versions specified here should be integers or floats, not strings.& [: _: L, P/ T3 h. x8 ]1 D6 n
# NOTE: The version should be formatted as it appears in the URL for the1 d7 y8 o* b* V% A; N6 d5 F! T
# service API. For example, The identity service APIs have inconsistent
5 P6 K! v/ ~* [8 }0 \' J. k# use of the decimal point, so valid options would be 2.0 or 3.
+ s. Z3 r5 Z# r# {# ]/ A* ]# Minimum compute version to get the instance locked status is 2.9.
; }) |" w! m A#OPENSTACK_API_VERSIONS = {! g F, H' b; Y5 ]8 B5 C
# "data-processing": 1.1,
7 f. R' ?: Z3 Q* H' T: t# "identity": 3,0 H) v+ z8 L2 N e% ]0 i
# "volume": 2,# _1 P1 X6 l$ H! {9 M- ~1 A
# "compute": 2,
9 L( F( @- G/ L! e. |2 d" b#}
7 C% Z$ r% e( G- @! ZOPENSTACK_API_VERSIONS = {+ D4 | b: ]. I. S: g
"identity": 3,
) ], n" R6 r( C' m& R* i( H}
) y" N9 T! L7 K# Set this to True if running on a multi-domain model. When this is enabled, it
# b+ ^9 s; u4 |2 W# will require the user to enter the Domain name in addition to the username
; ~1 M4 p3 a8 t1 k5 h5 [+ Y! ]# for login." s* C P5 ?& ^2 g8 R* y
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
4 r: t3 G( B6 B( q# Set this to True if you want available domains displayed as a dropdown menu3 V$ ]% N: [0 [# ]* F$ q! a5 S, C
# on the login screen. It is strongly advised NOT to enable this for public
. E; M/ O3 ]5 I) ^/ z# clouds, as advertising enabled domains to unauthenticated customers
" ` u- Q7 i$ E( ]# irresponsibly exposes private information. This should only be used for
8 k' ^5 s O/ Y; E# private clouds where the dashboard sits behind a corporate firewall.. g4 Z" y4 f0 M: C0 c- e
OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = False
+ k+ ~2 T8 N6 b$ N; o2 d# If OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN is enabled, this option can be used to* ~4 {: i+ ^8 L$ F
# set the available domains to choose from. This is a list of pairs whose first
: r/ }# {( W& u; t" P6 e# value is the domain name and the second is the display name.5 b9 r: E7 x1 ^/ I5 q) x9 F: a
OPENSTACK_KEYSTONE_DOMAIN_CHOICES = (
) T; a+ _0 m# H# X/ B ('Default', 'default'),4 r1 ]* { n$ @- `/ x
)
7 f0 W4 B7 o4 H3 Z4 J9 a/ I3 A# Overrides the default domain used when running on single-domain model
" E" `" Q. D8 ^, b! c! n# with Keystone V3. All entities will be created in the default domain.( a6 F: \, i" ^+ G. E: d
# NOTE: This value must be the ID of the default domain, NOT the name.
3 j* m+ I. d3 p# Also, you will most likely have a value in the keystone policy file like this
* C: g0 [3 d) b1 \- n7 W+ Z0 j3 `% d# "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
. A' C `* `0 I$ o7 F. Q9 z! Y# This value must match the domain id specified there.
U E9 n2 _! J2 i#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
* G- a/ W" F/ V, O# Set this to True to enable panels that provide the ability for users to$ o6 V; {1 @# _% U G
# manage Identity Providers (IdPs) and establish a set of rules to map J( B$ D- u7 H3 S8 f
# federation protocol attributes to Identity API attributes.: [* t/ A7 [& }2 w4 v: r* e
# This extension requires v3.0+ of the Identity API.
1 c# B( w% l6 z$ X* `. l#OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False
4 h' L0 t; R3 L7 V# Set Console type:
# E3 R* a" m/ f- C# valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None2 z# U* F5 b. ^% f. i% u& U; n
# Set to None explicitly if you want to deactivate the console.8 ]" }2 Y5 b8 o9 i! S; A4 V6 a6 F
#CONSOLE_TYPE = "AUTO"
: s; T3 n4 M' p. l# If provided, a "Report Bug" link will be displayed in the site header
. P' j) h; W+ c* ~! R) r0 s# which links to the value of this setting (ideally a URL containing1 J5 b0 B. A: P( f: m
# information on how to report issues).
1 h$ \" b `6 ~% g4 n# g#HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
5 z/ m1 G: x/ v3 |; P& Y# v$ `, P# Show backdrop element outside the modal, do not close the modal
Y7 P O. w7 H$ |& J! K# after clicking on backdrop.5 b$ n7 g1 N- J8 J1 C5 T! C
#HORIZON_CONFIG["modal_backdrop"] = "static"
4 P& I9 N `: h1 o5 w% e1 s1 x# Specify a regular expression to validate user passwords.
3 u* N9 X: q {, d- U E4 l1 R#HORIZON_CONFIG["password_validator"] = {8 C/ ~+ C& z8 w7 T+ m; I
# "regex": '.*',4 j$ o6 K) \/ \- S
# "help_text": _("Your password does not meet the requirements."),7 m0 n5 l1 h ~) R0 r
#}4 ]7 q& D7 x5 s1 ~% |: ^; Z
# Disable simplified floating IP address management for deployments with
+ R! n# r, ~2 k" L- j/ g# multiple floating IP pools or complex network requirements.
4 d, R. g) ~3 \4 ^6 J9 }# @#HORIZON_CONFIG["simple_ip_management"] = False/ ]- d# {' ^9 @( ^5 K
# Turn off browser autocompletion for forms including the login form and
6 F& h& U8 ?+ T, ?0 |: p5 i8 ~2 `0 Z# the database creation workflow if so desired./ k7 B X. `6 _% Q8 o+ O
#HORIZON_CONFIG["password_autocomplete"] = "off"
: g% n7 J( S" }2 G9 V7 J# Setting this to True will disable the reveal button for password fields,
; b6 l4 ]' w5 v: ~9 w2 M, b4 e# including on the login form.0 ], L, c, `* Q9 i2 R6 a7 C
#HORIZON_CONFIG["disable_password_reveal"] = False" B1 {3 B) Q) V* u
LOCAL_PATH = '/tmp'2 ?; e* ~% D6 m, D6 d9 q
# Set custom secret key:
$ m' B9 m1 ]+ k% [; A; F) P% }# You can either set it to a specific value or you can let horizon generate a' P" \/ r( F' d4 B) u4 ?
# default secret key that is unique on this machine, e.i. regardless of the
4 t7 B" X% G9 k9 D# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,4 O4 ]) S" X$ E6 J- ?
# there may be situations where you would want to set this explicitly, e.g.8 \! \ u% Y3 b& G+ n$ k3 X
# when multiple dashboard instances are distributed on different machines3 b1 ]- r$ D: W- s" D% c9 d* B
# (usually behind a load-balancer). Either you have to make sure that a session3 k; `/ \4 D( o8 ?# k; |
# gets all requests routed to the same dashboard instance or you set the same, W4 ~. ?5 Q% y" M* J/ k+ q) z
# SECRET_KEY for all of them.
7 t, J" X& Z. ?: ?' o7 CSECRET_KEY='RyLdZs4KeJ5z3TX48mk5biZLwlE1kzkFfbAKb9ma'
1 ?5 U" g# w- F; A# }* R0 v# We recommend you use memcached for development; otherwise after every reload; m- f& N# s3 f2 k& g ]' c
# of the django development server, you will have to login again. To use/ D" `4 K* [1 y+ [! S, z, \1 E
# memcached set CACHES to something like
; a% W+ U/ j& K#CACHES = {
2 |, B/ @ O- }* [( b q# 'default': {
) N5 E1 U% C0 D# T3 Z* w P# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',1 w9 x) i; v3 V2 P+ {8 ~
# 'LOCATION': '127.0.0.1:11211',
! N+ d$ S! n8 E4 j# },
Z3 s1 ]% d6 z" Z% H#}
3 l4 v5 \6 P0 ?9 Q6 bSESSION_ENGINE = 'django.contrib.sessions.backends.cache'
1 M7 c; H/ Y; ~CACHES = {$ b5 {3 S9 U7 _# t8 Y4 S, U
'default': {
6 N4 f9 s/ O1 |3 w. ?! m% d- b 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
! x& Q# ~( [4 d9 _! q6 I# ` 'LOCATION': ['10.144.106.6:11211','10.144.106.7:11211','10.144.106.8:11211']
/ B( l- f" n0 Z- ~5 T) K0 v }/ x' Z( J* L3 [3 D2 V i9 o
}
# w% @9 m. f. C+ [% m: K2 K# Send email to the console by default; b" V, Y7 ~7 D4 u
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'2 U2 y2 y) ^8 d
# Or send them to /dev/null
; J' F3 }7 T1 C: R#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
3 i2 m; \3 f/ E' R/ v# Configure these for your outgoing email host
t5 c/ Q3 p4 r. Q3 h! g4 V3 ]#EMAIL_HOST = 'smtp.my-company.com') E2 |. l; h0 R
#EMAIL_PORT = 25
) K' U& Y% r: Z#EMAIL_HOST_USER = 'djangomail'# M; @9 V# D$ b/ f
#EMAIL_HOST_PASSWORD = 'top-secret!'& T1 _7 V6 Z8 M( s# P: q9 t1 c
- f' e, p1 K! I, i% a7 E/ X4 ]1 n4 lOPENSTACK_HOST = "10.144.106.253"# f/ h B0 T% i0 P( J6 a
OPENSTACK_KEYSTONE_URL = "http://10.144.106.253:5000"
4 k1 x6 w7 x, d8 ?: I" b4 oOPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_": Z( J* I# L+ I$ s' Y
# Enables keystone web single-sign-on if set to True.6 N/ `. @) J; E/ E7 V6 t
#WEBSSO_ENABLED = False0 R. M1 G7 L) q% [( Y: h1 B! I2 [
# Determines which authentication choice to show as default.
% j* ?1 }- q3 D8 i2 f#WEBSSO_INITIAL_CHOICE = "credentials"
! B9 I( ^4 p' Q8 n# The list of authentication mechanisms which include keystone
& V! R( n: G R+ b1 v I! s' H# federation protocols and identity provider/federation protocol
0 {5 Q5 ~: D$ S3 Y9 h# mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol( h, C" |! ]" t
# IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID& d2 n; Y) C; y1 y
# Connect respectively.
8 [* U G& M. N* _$ K# Do not remove the mandatory credentials mechanism.! p) {3 x: z- N g' t
# Note: The last two tuples are sample mapping keys to a identity provider9 S0 ?/ u p5 u' @: ^
# and federation protocol combination (WEBSSO_IDP_MAPPING)., p% f: E* i* ~; z* L
#WEBSSO_CHOICES = (
0 s S4 g# B0 n2 g' B4 v( \+ Y# ("credentials", _("Keystone Credentials")),
2 |+ B& B( _% K2 l- d# ("oidc", _("OpenID Connect")),) h r7 z; ^. h; r- q+ I9 @
# ("saml2", _("Security Assertion Markup Language")),2 K: g1 f) F ~ a0 s
# ("acme_oidc", "ACME - OpenID Connect"),
( I& c: s! V* F" a5 B0 v+ k0 L# ("acme_saml2", "ACME - SAML2"),
) a6 s- j( b7 r* n#)0 m' r6 U L* h5 @: X0 ~" x
# A dictionary of specific identity provider and federation protocol& Z7 C+ T0 K# \2 w: z# E6 s
# combinations. From the selected authentication mechanism, the value' Y) J2 o! V7 V
# will be looked up as keys in the dictionary. If a match is found,: v6 T8 M% T0 {
# it will redirect the user to a identity provider and federation protocol
% Z0 T! Y \- w- r7 g# specific WebSSO endpoint in keystone, otherwise it will use the value# J( j4 Y+ c0 P
# as the protocol_id when redirecting to the WebSSO by protocol endpoint.3 |% R4 t: [+ e4 a
# NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>).
: l2 `/ o+ r" S& v. j5 h9 Q& p#WEBSSO_IDP_MAPPING = {2 X$ U! U5 ?. R `1 ^' i* z
# "acme_oidc": ("acme", "oidc"),& d' W8 {' O b! G) W5 f
# "acme_saml2": ("acme", "saml2"),+ H K% M# z1 A. \
#}7 c& B' z4 G- Z+ W8 e/ f
# Disable SSL certificate checks (useful for self-signed certificates):# F) ^: w0 m8 j7 t, p
#OPENSTACK_SSL_NO_VERIFY = True- L- H& v7 v8 G# [; U" f. d$ }
# The CA certificate to use to verify SSL connections& d5 z% }( p/ N' l
#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
9 ~8 E3 P# V$ t/ E: B9 D7 C# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the4 k# P3 u1 V9 d* P+ \+ M9 x
# capabilities of the auth backend for Keystone.
% c9 W1 J7 f' N4 C/ w7 w# If Keystone has been configured to use LDAP as the auth backend then set5 E8 ~/ @7 F( X6 w P
# can_edit_user to False and name to 'ldap'.. ?" C0 h2 ]% V; I
#4 C" {. u0 K! g/ {
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
9 p% a! u2 ]6 U Z4 O3 R, uOPENSTACK_KEYSTONE_BACKEND = {, ~2 i2 W6 m# l* G& ?* ^
'name': 'native',
3 H( D8 {) } V% _3 x/ F 'can_edit_user': True,
# G% m8 k' Z0 u. j' t* V9 [ 'can_edit_group': True,% F) R# ]9 e y8 k) `3 I- q
'can_edit_project': True,. J$ j) i+ b$ \8 y
'can_edit_domain': True,$ k8 Q5 y: R2 w7 U' H! k
'can_edit_role': True,
7 B. F0 z6 t c8 Z2 V% K# {; J2 e} {9 r! ?: |! J& i
# Setting this to True, will add a new "Retrieve Password" action on instance,
& I( @/ C, F/ m0 I& t! }# allowing Admin session password retrieval/decryption.6 Q$ ~/ y9 z* V
#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
! y- R" U! w% d2 w; b8 O0 O* z6 Q# The Launch Instance user experience has been significantly enhanced.7 g' X* D6 _$ _9 s
# You can choose whether to enable the new launch instance experience,
`6 l2 H8 a L' d# the legacy experience, or both. The legacy experience will be removed
+ Z: O( f5 U% @* }1 c( J( x) d# in a future release, but is available as a temporary backup setting to ensure
+ f% h/ [% i2 ^' J1 x" I' U' T# compatibility with existing deployments. Further development will not be% R7 d, |6 C) m, }
# done on the legacy experience. Please report any problems with the new* l/ \- k& O9 ]- j; E
# experience via the Launchpad tracking system.# v! n+ F! y9 Z" e+ X# y5 [
#
9 \# L9 ^( l$ P) E+ _6 S# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to4 ^/ e6 n) ?6 @+ ]! ~. W* y7 p
# determine the experience to enable. Set them both to true to enable
& p$ X! r" Z2 S# both.$ b, C) p) }" D9 I' U) ~7 u# G" `
#LAUNCH_INSTANCE_LEGACY_ENABLED = True
) v+ |# d6 M2 h1 v9 F" n# z+ [#LAUNCH_INSTANCE_NG_ENABLED = False
) q: H+ n9 K; ?8 L R; [# A dictionary of settings which can be used to provide the default values for
3 j- N- Q- s. a: X! m, [: G# properties found in the Launch Instance modal.
) l; Y7 c/ |6 O/ h& N#LAUNCH_INSTANCE_DEFAULTS = {
/ d% P0 F. W' [# s- Q4 g$ N m, Q# 'config_drive': False,
! {9 _8 r' {: _4 _; b9 z/ R# 'enable_scheduler_hints': True
+ J; o' n4 Z& O( B% U o#}; G1 J1 J- o9 } A3 {4 t
# The Xen Hypervisor has the ability to set the mount point for volumes
3 ~7 [7 l4 q* T+ |# attached to instances (other Hypervisors currently do not). Setting; [2 }: C0 B' e- B, l1 K% ]( J
# can_set_mount_point to True will add the option to set the mount point& y3 S, T$ T" A: b& h6 f# ~
# from the UI.
& u6 R O3 J- W. v9 h5 GOPENSTACK_HYPERVISOR_FEATURES = {; O+ l$ J9 a' }9 L' g
'can_set_mount_point': False,8 y' ]: l {. T- Q# y$ G
'can_set_password': False,
5 Z& I: ]2 h8 L# p: m 'requires_keypair': False,
U& l$ m, P' P3 t7 } 'enable_quotas': True
; r+ d. s9 |" e3 T6 y6 w}
& z& u) F7 I( b0 E# s# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional1 [. @; E( @$ X& O K5 Z, T
# services provided by cinder that is not exposed by its extension API.
. S: G5 H& a% t9 _+ Q; d0 C- {6 @OPENSTACK_CINDER_FEATURES = {
9 E. j* v# S B% r: K3 ?; N 'enable_backup': True,
5 h8 U9 \/ t7 \+ K}
& x% x( v, g9 f7 o2 ?: d; i5 A# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional9 V: ^9 F2 M. B" o3 Q
# services provided by neutron. Options currently available are load' g7 K4 N9 i# ?9 e6 J3 m1 F
# balancer service, security groups, quotas, VPN service.: B. e6 |1 ^% J" ]
OPENSTACK_NEUTRON_NETWORK = {3 R5 E" p8 J2 t& N7 c" ?
'enable_router': True,
8 s7 e: f! l6 d+ c, O 'enable_quotas': True,
: t. Z3 w3 G* D3 e 'enable_ipv6': True,
& E, e& n3 |' h8 p6 i# N& G% s# k 'enable_distributed_router': False,
0 v( E/ v+ X" t3 L' D5 s! S 'enable_ha_router': False,; P. c4 l) m. A. T/ {0 o+ S+ ~% m
'enable_lb': True,% z, B8 y5 a* O8 H
'enable_firewall': True,
$ q7 J; Z; ]9 X) C3 _# R' j3 _* n 'enable_vpn': True,
8 c, y- M$ s+ n 'enable_fip_topology_check': True,
( Q! \4 d8 s. h& e1 ^ # Default dns servers you would like to use when a subnet is ~6 l" R; Z+ [
# created. This is only a default, users can still choose a different& `0 g; v7 B- a R% }
# list of dns servers when creating a new subnet.
8 E' u3 z2 Z: E8 n, r( T # The entries below are examples only, and are not appropriate for4 O7 L9 ~1 K: f6 @- h! } s
# real deployments
7 N- S! y0 {2 W5 @ # 'default_dns_nameservers': ["8.8.8.8", "8.8.4.4", "208.67.222.222"],
/ D( |* G. H5 |1 _ # The profile_support option is used to detect if an external router can be
- J, V, i0 I0 W$ ~8 d( Z # configured via the dashboard. When using specific plugins the9 P' h5 l3 ^7 H2 `+ U
# profile_support can be turned on if needed.! z: s4 \, s; F/ n1 Z, Q( W2 w1 u& K
'profile_support': None,4 v/ b! P$ B0 K( O8 W4 T& `
#'profile_support': 'cisco',9 J/ |4 \; r5 G8 n1 V0 p
# Set which provider network types are supported. Only the network types
6 h1 C9 b: b: n1 D; ^ H # in this list will be available to choose from when creating a network.9 h5 l* k3 r) F4 E+ m
# Network types include local, flat, vlan, gre, vxlan and geneve.
( y! o4 G, R5 n+ @, y8 }0 N3 } # 'supported_provider_types': ['*'],& o) l% e' n/ z$ Q4 B. O
# You can configure available segmentation ID range per network type
7 m: e6 E1 S$ A% ]5 g2 u/ C # in your deployment.
: u( M" F- v; K7 u! P9 G # 'segmentation_id_range': {
2 O$ V5 W* S7 Z. G # 'vlan': [1024, 2048],) t) w9 @' b5 s4 U/ [2 T% g
# 'vxlan': [4094, 65536], @$ ]5 c; R$ d2 H4 D m* ^1 ]$ B% }
# },
\. {( n' \6 b6 n& S- @9 C6 K/ W0 @3 z # You can define additional provider network types here.
+ w }" |3 d1 ^) `, j0 h5 O$ S # 'extra_provider_types': {
1 `6 [- ?0 G+ T4 L& m# [ # 'awesome_type': {. j1 e& X% M. K" \
# 'display_name': 'Awesome New Type',
' E& [4 T9 k8 N- { # 'require_physical_network': False,
$ O, H: U: G2 q3 T # 'require_segmentation_id': True,5 J; J" X! u. t. W+ }
# }* O: k; p) N2 T' s! b# p
# },$ C1 O; Y) q& \5 v
# Set which VNIC types are supported for port binding. Only the VNIC; [, X3 X' E5 j( ]% v$ f- X) v
# types in this list will be available to choose from when creating a; d4 T% I+ I9 [1 k9 ^) h
# port.$ l; h2 l% i8 J" j# ~+ t
# VNIC types include 'normal', 'macvtap' and 'direct'.
! C- z) D$ r5 M$ b. e # Set to empty list or None to disable VNIC type selection.8 z( P% u6 q- M1 H9 M
'supported_vnic_types': ['*'],
* S5 I; V, n- k$ B; ^& i$ z$ i}( p) A) K* X8 D# r' }; M
# The OPENSTACK_HEAT_STACK settings can be used to disable password
5 L$ V8 ` q: z f: o# field required while launching the stack.
; V- ^* W" m, p. X0 aOPENSTACK_HEAT_STACK = {
, L, L2 Y' E' v' x$ j: f$ t. x/ D6 W 'enable_user_pass': True, ?5 ~6 p4 S9 [: Q
}
K7 n7 I& e# a4 `) G: [# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
8 {8 T" L& v' m$ [ b# in the OpenStack Dashboard related to the Image service, such as the list
* }- M" f3 N% x2 w( T& B# of supported image formats., ~1 @/ ]: q j2 @. ?$ X8 G
#OPENSTACK_IMAGE_BACKEND = {) ? [7 I$ P0 z
# 'image_formats': [ m% `4 c: O/ }
# ('', _('Select format')),
; W" O* ^" I- F& `# ('aki', _('AKI - Amazon Kernel Image')),
! b& r2 J3 @; T/ B$ R8 O Y- e/ e# ('ami', _('AMI - Amazon Machine Image')),8 M6 e/ Y2 U3 @- t
# ('ari', _('ARI - Amazon Ramdisk Image')),6 z! O- k" R9 G& e( g
# ('docker', _('Docker')),
8 p) N/ F( \3 V4 G0 o# ('iso', _('ISO - Optical Disk Image')),8 f2 z$ [/ C: r6 Y
# ('ova', _('OVA - Open Virtual Appliance')),
7 ]4 ]1 [: ~, q/ v- J4 Z% ?# f# ('qcow2', _('QCOW2 - QEMU Emulator')),
( b8 J5 `6 t8 T( ]0 |# ('raw', _('Raw')),
- n: L7 l1 x5 A2 ^% D0 U' {1 t% ?# ('vdi', _('VDI - Virtual Disk Image')),0 k1 N2 n J4 g& {& o
# ('vhd', _('VHD - Virtual Hard Disk')),
( g9 J7 H Y) h& \- k. s# ('vmdk', _('VMDK - Virtual Machine Disk')),7 D `. o2 f8 T. V" W( Z* u; C
# ],
9 o$ s0 E x6 O8 m#}
/ B; H L+ q; ^+ x6 t1 G: C# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
- C, f: u" c% a |+ A5 p) V# image custom property attributes that appear on image detail pages.6 d- F" i' c/ t3 t5 T
IMAGE_CUSTOM_PROPERTY_TITLES = {
0 p: E4 s. b6 s$ G" F; b, n "architecture": _("Architecture"),
5 n/ G6 K2 J0 U0 ]5 B( E "kernel_id": _("Kernel ID"),5 ~. r/ p4 L0 h; X1 R
"ramdisk_id": _("Ramdisk ID"),: P u, V- L- s9 U2 Q
"image_state": _("Euca2ools state"),8 l) \" x& h, X- N
"project_id": _("Project ID"),+ X5 n. b; z: h
"image_type": _("Image Type"),
2 H; _1 @/ _, p! k}4 C( n" _& N2 a
# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image5 p+ k5 M& p5 a4 Z: y
# custom properties should not be displayed in the Image Custom Properties
( @. A; v, R" _# table.+ V1 h" N* [! S( D
IMAGE_RESERVED_CUSTOM_PROPERTIES = []7 z! B t- r9 b; w
# Set to 'legacy' or 'direct' to allow users to upload images to glance via! g N7 @# X1 p. B$ w# K
# Horizon server. When enabled, a file form field will appear on the create
5 V1 G9 F, O0 d9 M" d9 ?. n ]* n7 g3 W# image form. If set to 'off', there will be no file form field on the create
6 Q$ p+ E' h. y1 r) Q# image form. See documentation for deployment considerations.
3 ~) h* M$ N; G! n) q#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
+ h+ X2 i" A& A5 T$ |# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints8 I: |$ Q5 v" m+ W8 E: E
# in the Keystone service catalog. Use this setting when Horizon is running
0 j( Z0 h8 |6 Z1 {# external to the OpenStack environment. The default is 'publicURL'.& Y' F2 |. ~1 w
OPENSTACK_ENDPOINT_TYPE = "internalURL"2 [" E9 {- _4 q% Z
# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
; u8 U5 b7 U: Y ?/ p p$ A7 U) V# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
2 p! k: U" t% _) P( k+ _8 N# in the Keystone service catalog. Use this setting when Horizon is running
) F! c4 z! D% e8 C1 K V/ Q# external to the OpenStack environment. The default is None. This& P7 c, w9 x) a' Z4 |: k7 e
# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
/ Z, P: `) w% Z1 i6 L/ Z- q# R ~#SECONDARY_ENDPOINT_TYPE = None
5 F5 c+ \) O5 \; g# The number of objects (Swift containers/objects or images) to display2 r) c6 ~; {! a
# on a single page before providing a paging element (a "more" link)9 n# T' [- T, F
# to paginate results.
3 i+ q! a `( `1 ~API_RESULT_LIMIT = 1000
. F7 \$ }) b, T8 @4 U$ lAPI_RESULT_PAGE_SIZE = 203 B0 i. D" J H" I% y$ x
# The size of chunk in bytes for downloading objects from Swift: `- |* X: L; y& S+ t% `
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
8 } I( h J/ _( @# Specify a maximum number of items to display in a dropdown.; q+ d r1 l) g6 e g' i, @
DROPDOWN_MAX_ITEMS = 303 N& \3 B# {' p
# The timezone of the server. This should correspond with the timezone
0 Y& H! u* e2 y+ X! E# of your entire OpenStack installation, and hopefully be in UTC.5 o- p+ k0 b% S) [
TIME_ZONE = "UTC"4 e% q Q4 ^% H% L8 z' ~) X4 z
# When launching an instance, the menu of available flavors is
2 |: A' H) k8 V- Z' ]# sorted by RAM usage, ascending. If you would like a different sort order,1 B. J! G. _/ q. R j* p# k" ?5 m- d
# you can provide another flavor attribute as sorting key. Alternatively, you8 G$ }2 u+ ?4 L# r' ]* y
# can provide a custom callback method to use for sorting. You can also provide# L4 _+ j. J( y7 y' B% E9 a( D
# a flag for reverse sort. For more info, see7 R- e2 w% b) f! E
# http://docs.python.org/2/library/functions.html#sorted3 f) v! ]6 o" w8 @
#CREATE_INSTANCE_FLAVOR_SORT = {
) {9 }0 c& v* r# 'key': 'name',/ s( V' T1 ?# r! k" y/ {( ]
# # or- @( f( k* F+ z7 u* u; E% {
# 'key': my_awesome_callback_method,( _- D! H0 s1 A4 A8 @
# 'reverse': False,+ W' E9 _) v7 a
#}+ B9 m7 L6 z2 X; X# V5 X
# Set this to True to display an 'Admin Password' field on the Change Password
; T0 E( G- _- w" E4 X# {# form to verify that it is indeed the admin logged-in who wants to change! K- z) g) U5 b" |1 p* b) N4 y
# the password.$ R9 b; j! Z( D8 T# B
#ENFORCE_PASSWORD_CHECK = False
7 E( `& F% @4 a" X/ t- v# Modules that provide /auth routes that can be used to handle different types1 H1 Z: V ]* k" J, Z. W* f( v
# of user authentication. Add auth plugins that require extra route handling to5 o1 U& r) h" P1 Y$ X( }0 [
# this list.
* D# A* u1 R E" ]: K7 K4 }/ W#AUTHENTICATION_URLS = [* X7 U7 ?+ Y& ]7 r; m; |/ Z l
# 'openstack_auth.urls',
+ X# e5 u6 R- F6 L r#]
' }) u+ {& a' t$ `. }! U( W- M# The Horizon Policy Enforcement engine uses these values to load per service- k C6 e, m+ L2 e5 ^( O
# policy rule files. The content of these files should match the files the
6 S2 J; y% H F# y" P% E/ J# OpenStack services are using to determine role based access control in the
4 }1 ?, k' R, B" d1 X8 s$ l# target installation.$ `6 M# O3 P% Q) @2 A L% k$ B ]
# Path to directory containing policy.json files- W! T/ K6 ?: W, N+ \2 f0 a
POLICY_FILES_PATH = '/etc/openstack-dashboard'1 I4 l* I6 j. _5 _/ n" l
# Map of local copy of service policy files.
* l8 J5 o8 c0 n& b! B9 f# Please insure that your identity policy file matches the one being used on5 k$ }! Y4 O6 ]3 J! }; Q/ B
# your keystone servers. There is an alternate policy file that may be used* @2 \" X0 t" M. M- Q
# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.% i1 h1 q2 Z2 Z; v3 s: C7 Z5 N a+ W& X$ o
# This file is not included in the Horizon repository by default but can be
( Q. [* d6 O8 q3 a# P- G# found at! p& w. b$ k3 I: U9 G0 P1 r* c" M7 J
# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \! j+ ?. \% z$ J: H
# policy.v3cloudsample.json
) h7 o- G' y" Q- V# Having matching policy files on the Horizon and Keystone servers is essential
' o5 L0 F, u3 t' ~, J: @5 c+ ~; T, a# for normal operation. This holds true for all services and their policy files.
) x5 T j/ D E) N9 t#POLICY_FILES = {4 T+ L8 g& G$ t6 O* m' U9 h; x
# 'identity': 'keystone_policy.json',5 W" { y( S/ H( Z, I
# 'compute': 'nova_policy.json',; x; p' w! M U$ d3 w4 E
# 'volume': 'cinder_policy.json',. [& B# L" R' e. Z ]& ^- R T
# 'image': 'glance_policy.json',% C4 F3 @1 _" N# A8 q, B9 N
# 'orchestration': 'heat_policy.json',
8 M8 z( R) o, ]9 [2 _# 'network': 'neutron_policy.json',
( v' p& v: h! F# 'telemetry': 'ceilometer_policy.json',
/ T, W: G% c" E1 c+ D( o0 c D#}
4 y& c) u" L' ^) P# TODO: (david-lyle) remove when plugins support adding settings.7 [( [& B3 l, O/ ^5 \! j
# Note: Only used when trove-dashboard plugin is configured to be used by
# S2 ~2 D* w% O; r. G1 J. b7 G# Horizon.! Q3 Q' w2 k# q v- Q0 o* z7 g
# Trove user and database extension support. By default support for# H8 `8 ^# y1 a& u$ D) H
# creating users and databases on database instances is turned on.
C1 j; ?# O4 e8 X) G; g+ M# To disable these extensions set the permission here to something$ J& v! ]+ N7 g' I$ g, K' @
# unusable such as ["!"].
( G; D) D% J* P' t' j5 q4 x6 {( ^#TROVE_ADD_USER_PERMS = []
3 C( r& w5 ]5 l2 ]7 i#TROVE_ADD_DATABASE_PERMS = []
* n6 T! `' C2 x) \0 z/ J& ^# Change this patch to the appropriate list of tuples containing/ \" h0 r0 Y7 ^
# a key, label and static directory containing two files:/ b( t; U I; P8 j- I7 l' m9 d
# _variables.scss and _styles.scss
5 @- j7 m$ F' R, `#AVAILABLE_THEMES = [! u3 h9 D9 r: S! o/ f9 C) G
# ('default', 'Default', 'themes/default'),: t" z- W/ t' j8 ?; t$ Q
# ('material', 'Material', 'themes/material'),' h0 C5 L) Z( P0 G7 i
#]) R# Y, e% {$ u& P! e
LOGGING = {
, I; N3 F; x( d. p; I 'version': 1,
$ {, ~5 g0 t' x% q9 A: V # When set to True this will disable all logging except
3 N4 |2 R+ A* [" J$ y # for loggers specified in this configuration dictionary. Note that( X4 L$ _' A3 y" r1 q( E
# if nothing is specified here and disable_existing_loggers is True,
# O: W ^' y6 Q$ ~* W, W" m7 I @ # django.db.backends will still log unless it is disabled explicitly.
9 `! J7 q, \4 m* s 'disable_existing_loggers': False,
( U' Q0 S j0 z- x8 p! M6 L/ D8 { 'formatters': {& b9 e1 z" x0 K/ O& o
'operation': {
9 j0 K }* j' {; }1 F3 }: U # The format of "%(message)s" is defined by
. E: s m8 \- o% f4 h2 Y # OPERATION_LOG_OPTIONS['format']
/ l" S0 {; l/ G7 A, S" [ 'format': '%(asctime)s %(message)s', Q' k; I( H9 e' N) f# d5 `
},; e" u7 }, C$ F3 @% A& f G
},. o4 S4 D1 T Q1 x3 {* p
'handlers': {
& s3 G& z% V0 d% @" \0 L 'null': {# Y0 I3 _9 R, l* |9 \* @
'level': 'DEBUG',9 Y' K( A, D4 J$ l$ [' O; O
'class': 'logging.NullHandler',5 Q) x. d% U/ s
},
1 W4 I$ } B7 b5 d% D3 c+ z j 'console': {) a- r6 u. n4 |% Z; y, L% p, w
# Set the level to "DEBUG" for verbose output logging.
3 q u$ } o( E8 O3 { 'level': 'INFO',
" _" H2 x" z1 u% j$ S 'class': 'logging.StreamHandler',$ D j+ y$ D/ V* @+ ?8 W$ M. \
},3 l4 S2 V8 a1 ?, j% N
'operation': {2 g! n! _, m2 r* w/ s. t% J( t
'level': 'INFO',3 y$ k& J. B/ Q- C
'class': 'logging.StreamHandler',# T# m P4 |# u% G' U9 b
'formatter': 'operation',
' t% n, s8 x/ ~3 H! | M, X }, x% y& J2 j2 X: g, T
},% h6 W8 V- N% j* k# _1 S0 e+ U
'loggers': {8 l. O4 {1 H" v$ m% o4 J/ f7 g" ^
# Logging from django.db.backends is VERY verbose, send to null
9 k& _, L2 S: `0 W # by default.
5 m/ H* i; M2 r: f' b 'django.db.backends': {
c9 _3 Z; u; \, f, ^; v 'handlers': ['null'],
5 G, `3 g \( K7 M5 g/ U 'propagate': False,
1 v/ r' h& F- D/ G1 } },' y, P8 M( a& l- |7 `* c
'requests': {( g* |; E) n8 i5 `0 p; L5 N4 t0 c
'handlers': ['null'],
$ N/ J6 c |4 X% P: ^ 'propagate': False,
! ?: j( m8 A( K, i. V },8 y, l! t, K5 x: x8 }2 T; w
'horizon': {
' d* l: A7 E3 ~' K( G) I 'handlers': ['console'],% w$ U! j7 F4 J6 U0 X0 G7 A
'level': 'DEBUG',
3 n* ^! s6 l% A$ P 'propagate': False,3 ~0 A' {2 q# |
},9 _7 Z8 Q) p) p& b# P
'horizon.operation_log': {. H/ k+ [. U+ s
'handlers': ['operation'],
( D; \5 S0 k x5 l( g" M, T 'level': 'INFO',
w* {5 Z8 }4 n+ Q- s, S 'propagate': False," P5 U. F1 t: I* E
},
7 y2 p6 \2 n) n( }* G 'openstack_dashboard': {
6 y$ Z. \1 Z8 z7 _ 'handlers': ['console'],
; ]9 s& e9 T8 J# g# R4 C 'level': 'DEBUG',
0 u5 I6 _5 \5 C0 f! p 'propagate': False,
! X0 G3 u! P) _2 j },
, M* n/ u; a0 B; v# Y9 L 'novaclient': {3 c( ~; q. \/ Q
'handlers': ['console'],1 L% S) d0 R. y6 e+ C
'level': 'DEBUG',+ M3 q6 B8 `2 q2 d
'propagate': False,
; G: g& u% H" J: Z },$ z3 E8 J' Z% V4 ~' t
'cinderclient': {5 h, [9 Q) _% m* N: H8 R) ~4 ]
'handlers': ['console'],
, I3 r" `; D. K" J) ~8 V. Y 'level': 'DEBUG',# S, l. H) z1 S& w8 k3 P
'propagate': False,
7 j8 X+ D4 ?- ?" q# F },0 ]+ b4 n( Z. b0 v7 R
'keystoneclient': {
' E& y! N& s: L; l 'handlers': ['console'],
+ G) l s! s* ^8 U6 o' X 'level': 'DEBUG',
$ C2 R, p% ~* s- D 'propagate': False,
& }6 m% j1 I6 z* n },3 q5 @/ P2 R$ ^& b/ s; K$ I
'glanceclient': {
8 O( b1 b ?' r- r 'handlers': ['console'],
2 \" m) v# c( C8 k( w$ I. [: C 'level': 'DEBUG',2 u$ P \. ~# @7 {
'propagate': False,
# k3 \' ]. V9 ]7 O, O! _3 D },2 t; J1 c* S* U+ {: }: e( d
'neutronclient': {
) ]/ \; T. k$ h, Z' |1 H' F; ]2 t 'handlers': ['console'],
2 x$ c0 @& v$ @ 'level': 'DEBUG',0 y/ W6 d$ a& c4 ?0 Y$ Z
'propagate': False,
0 ]0 d2 M3 h; D6 H* M+ M+ ^6 ^1 _ },
|" z }) p' X% ?. j6 { 'heatclient': {) |& r* a1 _2 `; R& Y
'handlers': ['console'],
$ T9 T% C, s+ n$ H1 v; N 'level': 'DEBUG',. V2 E5 c* d# f- u# ]
'propagate': False,! h% P0 V% S- |
},
: v5 {1 \! O: k j- Y; r 'ceilometerclient': {
H; d# a* i6 r 'handlers': ['console'],
0 f; C9 g/ G N B 'level': 'DEBUG',
/ `$ {2 w) q& D; A 'propagate': False,: Q4 [9 _% p* h/ w, h* A1 Y
},
5 X( D+ Y! m3 r- ? 'swiftclient': {# g. `4 I8 _9 G* Z- v" Q' e
'handlers': ['console'],5 n, c% D) l1 A! k' z/ @
'level': 'DEBUG',
: z1 n h: r' |! l |3 Y 'propagate': False,
) U: X: ]) L: W; `, [ },
! w& b: ]6 ~( j1 |! l0 Y* r/ p. V& r# u 'openstack_auth': {
* i+ X3 w7 f* e7 J) M 'handlers': ['console'],
: s% d% _3 I+ d% u/ P' F+ b' c 'level': 'DEBUG',3 @' W6 q( g# T2 C8 g, K
'propagate': False,/ Z/ I* b8 ]( N7 \* B# O
},
; ]) Z$ g+ @$ V& n; @4 e 'nose.plugins.manager': {, d$ m, d) {6 C1 [* i, w
'handlers': ['console'],
) T7 Z# Y1 j+ B5 k 'level': 'DEBUG',
7 r, r/ P5 P% {, W5 h: | 'propagate': False,- W; {& H4 {4 D/ b; Z8 _
},- U: H) J' e3 |: p+ Q
'django': {1 V+ c/ B l; r- [3 Z9 _! ^5 w
'handlers': ['console'], j5 c( f% \ d. `/ c/ f
'level': 'DEBUG',
! g) E. B% r+ i" b% Z 'propagate': False,: P6 ~, P! N1 w0 w+ z
},, Z, R6 ^ |$ Q6 @+ u
'iso8601': {
% V% I2 K" A. Y! J! h B5 Y 'handlers': ['null'],1 {3 z' m5 |$ l g, |: \6 V- S
'propagate': False," }0 m H8 `$ M. I( W6 t, m
},) I: |8 O* e, z
'scss': {
* W( B9 u% p' p- E 'handlers': ['null'],
H- Y4 A' \! r 'propagate': False," Y- a# g- w$ D
},
$ s+ F ~5 |7 u& c9 } },
; b9 L3 W$ u' K1 t; f}
$ [2 ^- }0 ?5 G# 'direction' should not be specified for all_tcp/udp/icmp.8 o7 q! M1 O! Q7 g- d
# It is specified in the form.
+ m' s; \4 I. O7 R( E9 \6 v- gSECURITY_GROUP_RULES = {7 A/ `$ a* t' D* T( a5 y
'all_tcp': {
" z" V `. X& j& {0 D 'name': _('All TCP'),
: ~: Y4 E, N3 ~: x 'ip_protocol': 'tcp',1 V4 B2 o1 b3 _+ Q- B
'from_port': '1',4 z+ B6 Q& P2 S3 ?9 o
'to_port': '65535',1 D6 i' `, a$ M
},
, R+ |- p) ?- D 'all_udp': {/ ]. `0 e: r3 ]$ q$ V" o5 D. u ~
'name': _('All UDP'),
: r; o" ^ S0 j# s 'ip_protocol': 'udp',2 [$ [0 R; \5 L; i
'from_port': '1',8 J8 T. b' ?9 Z- B2 Q+ Z
'to_port': '65535',
* }4 h+ {7 l. {& h; N* r$ m ~ },. {3 T5 e$ ^. F
'all_icmp': {
, i O9 p5 W- e+ r. n @3 u 'name': _('All ICMP'),
5 L+ J# v& i6 T5 G0 L. k! _) E 'ip_protocol': 'icmp',8 K' ]3 |; ]! t9 b) t, d
'from_port': '-1',0 D u( ?6 X8 I0 v+ G
'to_port': '-1',
3 j# [9 n2 h5 x },* E) `4 Q! ~5 U" p- |" ?, I
'ssh': {
5 c1 ^2 R4 `8 t5 x" T F 'name': 'SSH',
. ~$ g5 x7 U/ k+ [ 'ip_protocol': 'tcp',
5 E+ F1 W- S2 r 'from_port': '22',8 E8 l2 ?4 G; e/ m) C
'to_port': '22',; z1 }% E: ~) K0 U# k o
},) J0 g. l& Q! ?
'smtp': {
- ~' Z4 A4 C* u2 i' d: P3 ] 'name': 'SMTP',0 G5 ^# T$ p: V, H3 f
'ip_protocol': 'tcp',+ K% Q7 Q9 F6 v( K* ]/ C
'from_port': '25',
2 @. H: o! ?7 h& v2 p# K0 s/ g0 W 'to_port': '25',
" X& M4 Y2 y3 Z8 K },
! w) v; d5 O7 |6 L- ? 'dns': {" e9 Q+ e- i* i# p# h' d8 {
'name': 'DNS',9 |- C6 S' w7 i+ y' ^
'ip_protocol': 'tcp',4 f6 ]. H7 l8 u0 r1 E" b U
'from_port': '53',0 C% q+ G7 C" D" \, E" U/ h
'to_port': '53',* {- w/ k% r, q7 O: T+ F
},
9 u; f5 {( U& @5 f% p7 N7 a 'http': {
5 _' ^8 o; g1 A3 R# r8 i* h2 q. i+ d" f# l C 'name': 'HTTP',
0 F* I; x S7 J$ H' | 'ip_protocol': 'tcp',8 M0 _* n8 E9 a3 H0 e9 I( l; c$ Q
'from_port': '80',8 |$ C8 ~4 r0 m r' |
'to_port': '80',: ]* L, r6 {) i/ q7 p% q
},% d* b; R3 J; m! P
'pop3': {
% _! Y, N! ^& Y. J# |. k' B 'name': 'POP3'," K( k0 ?( U" V: s
'ip_protocol': 'tcp',$ M5 D. t0 f/ p9 H' m9 Z$ C
'from_port': '110',+ ]/ O/ ]2 A' g
'to_port': '110',
/ G2 {, U* J! P' J$ g; W7 u1 s }," }% o$ [" S) [3 K) F2 L4 [6 P
'imap': {4 r- t6 }' b2 p, v6 Q e5 ^
'name': 'IMAP',
. e, t5 ?# L- r+ m- E 'ip_protocol': 'tcp',
# S" U X, J F4 A1 y+ C; | 'from_port': '143',: y5 r. M/ d5 D3 F$ j
'to_port': '143',: G) ^" R6 u: f
},2 D, v f0 B+ o
'ldap': {
6 U7 @5 T4 v' B0 M3 j* p 'name': 'LDAP',3 S% @$ C3 C1 F! l1 M8 ?
'ip_protocol': 'tcp',( q& A2 y& H' G& N N
'from_port': '389',, }% S* ?& _ @+ n9 b* A
'to_port': '389',
$ j# _3 D& P$ h- ^. |! s },0 T9 F* Q9 X' N! a3 N
'https': {9 G9 Q; X' o3 l: T1 ^+ V
'name': 'HTTPS',8 b$ P9 T6 T) j7 |5 ?6 [. t" e
'ip_protocol': 'tcp',* E: S' I- t5 W) H; S1 m* z
'from_port': '443',( N7 x; F- T9 ~2 N4 ^
'to_port': '443',
3 J+ D) [/ G+ |9 Z; k! x },
2 |- [2 k' o6 n3 V/ J+ a# k9 X( g 'smtps': {
7 P" f! C# k" {6 l# f( W 'name': 'SMTPS',9 x0 W. _ j! v- \+ g K
'ip_protocol': 'tcp',
5 s1 d$ C3 f: ^5 h3 N/ ?$ f O* \ 'from_port': '465',0 ^2 j+ s( h9 h
'to_port': '465',7 ?$ t8 B8 h, N* O! R% n" H
},
& m' X$ E, o/ q 'imaps': { ?* ?+ p- I4 f. Y# j3 y2 b$ p
'name': 'IMAPS',4 t; @! V$ N3 D* Z6 b* x
'ip_protocol': 'tcp',
7 G6 c8 ^* b$ Y0 X; [& a5 f 'from_port': '993',
; v: C# P& G6 K* ]. d 'to_port': '993',
/ }* ]( c: o' G* ?% [0 c& K },( O# ?0 G$ s4 T( R
'pop3s': {( [# g( i4 e7 ^8 n& G4 i# b% ^: }
'name': 'POP3S',& V; T( M+ G3 ]% W7 V7 h' n
'ip_protocol': 'tcp',# P6 D: T4 m% y* }# i3 ]
'from_port': '995',
/ H" o8 t" A R9 q. Q% x) Q( s 'to_port': '995',6 x( N0 W3 N" t3 t
},
; x- |! [" ]' U3 P) u 'ms_sql': {
4 o6 l0 \+ X3 h, }! J; E 'name': 'MS SQL',5 w0 {/ ~9 K7 L7 R$ h' b0 M9 y( d
'ip_protocol': 'tcp',. F! J* v* G. y) d; N! z4 x7 R7 Y
'from_port': '1433',
9 a0 y) c- g/ n& U' ] 'to_port': '1433',# u- H- W$ ^1 ~+ z% p0 m& y8 O6 s
},5 C# N$ N8 h9 a- B' ~: m7 o7 V
'mysql': {$ ^$ m5 @7 n0 T3 X* u
'name': 'MYSQL',8 T# T; N2 N8 n4 d5 K
'ip_protocol': 'tcp',
$ }1 f/ C6 F) ]! \& g5 [/ v8 n4 e 'from_port': '3306',
1 g) z8 X9 W" _ N7 g- E) ~4 ` 'to_port': '3306',4 y; P, }6 E. V# T( e# v8 Z2 l
},
+ \, H% }7 a c/ L x* i) p( V3 h 'rdp': {* C) S8 r" K0 w q
'name': 'RDP',6 A3 ?. w- r9 U! ]
'ip_protocol': 'tcp',2 ?2 d1 k8 {7 ?# U
'from_port': '3389',) r3 w% \2 ?. T N% P5 x
'to_port': '3389',
, E' z: c4 {8 t7 O: x },
' A7 n% W" r/ I9 O# \$ F. Y7 c}
7 c: ]: Z2 V" b+ N2 r# Deprecation Notice:
6 |" r7 a4 Z3 |! ^#
, P+ i! i- f* A8 c6 M/ c# The setting FLAVOR_EXTRA_KEYS has been deprecated.
7 w+ }0 t2 m$ C, B( b; V0 S: K# Please load extra spec metadata into the Glance Metadata Definition Catalog.
. ^1 P% G, o$ L5 }9 j#$ `9 W. X# G S; @
# The sample quota definitions can be found in:1 R- `5 r8 l: f o# U" h- C
# <glance_source>/etc/metadefs/compute-quota.json1 `( e' M' o. C8 C, F0 d8 _3 ]7 z
#
+ _! O1 E' l$ H0 V% L6 s0 H# The metadata definition catalog supports CLI and API:
# g% X$ y5 f1 v7 E# p# $glance --os-image-api-version 2 help md-namespace-import) n! M3 p, B+ x+ k9 ?2 \" U- X; ?! U
# $glance-manage db_load_metadefs <directory_with_definition_files>
8 a P$ M$ u& }! f- J7 g#% ?5 a. e4 I7 P9 R! N+ t! ?
# See Metadata Definitions on: https://docs.openstack.org/glance/latest/
, t. i& B! u# W) _6 p) r# TODO: (david-lyle) remove when plugins support settings natively8 ]# q' K" k& B: ?
# Note: This is only used when the Sahara plugin is configured and enabled$ _+ E, L( k' |3 X
# for use in Horizon., ~1 z" Z) t) c2 j+ J
# Indicate to the Sahara data processing service whether or not. r- g1 \7 \0 T, u( o
# automatic floating IP allocation is in effect. If it is not
- x8 D+ x& G& W+ e# in effect, the user will be prompted to choose a floating IP
. {& @8 u4 O8 B h7 L( G6 u# k# pool for use in their cluster. False by default. You would want' j) O' x; ]& b+ H0 l! b% I# y
# to set this to True if you were running Nova Networking with
' m" R$ i! h1 O+ ]( f/ [$ X# auto_assign_floating_ip = True.' J& s$ M) Z6 v' F: t+ v
#SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
0 {9 }! B# l- F' p" j# The hash algorithm to use for authentication tokens. This must
* x: b" c+ [+ @# match the hash algorithm that the identity server and the M0 P% q! x/ a3 z4 J; o
# auth_token middleware are using. Allowed values are the+ [4 P6 e* M7 B9 y
# algorithms supported by Python's hashlib library.
* ~3 h2 V- a0 a% T5 _8 ~" M#OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
, s3 b3 t6 M m' s# AngularJS requires some settings to be made available to
# n' C0 K0 o( }9 J( G* C6 G6 {1 ?# the client side. Some settings are required by in-tree / built-in horizon& j4 M. k( ?; C( z4 Z2 O: s
# features. These settings must be added to REST_API_REQUIRED_SETTINGS in the
8 I) F; I3 q M* ^8 b1 n+ n# form of ['SETTING_1','SETTING_2'], etc." ?& n1 D& w3 @* c
#' K2 W5 W7 N6 [
# You may remove settings from this list for security purposes, but do so at2 n0 B5 i/ Z7 B8 p r
# the risk of breaking a built-in horizon feature. These settings are required
7 ~+ e, N; ^+ @" r, H: A2 X. x# for horizon to function properly. Only remove them if you know what you+ P% f5 o- z3 G2 W$ T, m- d- O/ k! S
# are doing. These settings may in the future be moved to be defined within
4 t6 ?5 t5 }; V( H# the enabled panel configuration.
+ P# t2 a8 Q9 s+ D# You should not add settings to this list for out of tree extensions.) q ^* J" t3 o+ g* [$ Y9 N
# See: https://wiki.openstack.org/wiki/Horizon/RESTAPI
5 ]% `9 @6 i6 K, O" i2 m6 GREST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
2 L9 x/ r' O# ^# } 'LAUNCH_INSTANCE_DEFAULTS',
f% W) _' v g9 L2 X% a- | 'OPENSTACK_IMAGE_FORMATS']' V* B4 Y% p' g7 d+ Y+ l, x; D
# Additional settings can be made available to the client side for; W# j% X" n9 v2 N5 T
# extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS
) L, I* v s f. S2 d, w# !! Please use extreme caution as the settings are transferred via HTTP/S- r) c. p1 h3 W8 Y7 g H# j1 M, q
# and are not encrypted on the browser. This is an experimental API and8 k% Q* ?3 `* ]9 m+ u. k
# may be deprecated in the future without notice.
$ f! R5 e% I0 N5 i# R0 G#REST_API_ADDITIONAL_SETTINGS = []
5 s( c: t( S. [( Q$ ?1 b# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
: |9 t. g6 ^$ q: n1 p0 h% B- f4 z$ r# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
4 ~; M# a1 v5 B, c# Scripting (XFS) vulnerability, so this option allows extra security hardening5 C9 r2 c4 y& h4 r2 y I$ d' M
# where iframes are not used in deployment. Default setting is True.; r4 k, m& E& F: R/ H+ u4 h4 ~
# For more information see:# X9 r1 h+ v: X% x! t5 x
# http://tinyurl.com/anticlickjack4 `$ i2 v, m1 G! M! g+ V
#DISALLOW_IFRAME_EMBED = True3 W1 p' y$ P) _& w! N' b9 Z8 t
# Help URL can be made available for the client. To provide a help URL, edit the
: P- H, {7 `9 ]# following attribute to the URL of your choice.! a4 Q. K7 W7 J8 K8 ~4 P
#HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
8 x, F3 _: _) I( H/ s# Settings for OperationLogMiddleware9 U* W0 R0 \( c4 ^( ^
# OPERATION_LOG_ENABLED is flag to use the function to log an operation on, ^( W q# A' j# p0 X2 v
# Horizon.
, G1 N4 P% X8 s7 k8 S0 i7 _% X8 g# mask_targets is arrangement for appointing a target to mask.0 {0 v$ a9 @$ h- \2 s
# method_targets is arrangement of HTTP method to output log.
. C9 `$ ~5 b3 @6 y4 P# format is the log contents.
. W6 W% g6 x8 ]) y7 N& I#OPERATION_LOG_ENABLED = False
, i ?$ b$ F( l#OPERATION_LOG_OPTIONS = {
! y# X# M; l3 R1 z5 g- P# 'mask_fields': ['password'],
% b0 K2 }" O: U- f# 'target_methods': ['POST'],5 ^( z/ H, Y! K2 i; E d+ h
# 'format': ("[%(domain_name)s] [%(domain_id)s] [%(project_name)s]"
* U0 \! N8 @! |. |; K s# " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
1 d0 \7 Q1 ~+ `" i# n# " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"- F; f' A6 P% C
# " [%(http_status)s] [%(param)s]"),8 }; J/ v! O; L$ q, H. s
#}. C/ y8 d1 d2 K$ x9 d- K3 f
# The default date range in the Overview panel meters - either <today> minus N
$ C. `( _( n) P! ^& A# days (if the value is integer N), or from the beginning of the current month
9 d$ s( ^" h4 E; @/ g4 F# until today (if set to None). This setting should be used to limit the amount
' u' X1 L3 E0 A2 k# of data fetched by default when rendering the Overview panel.
b1 [# f: N3 o; V# O& r, m( `) D#OVERVIEW_DAYS_RANGE = 1
' `3 c# `% L! t q3 i# q: Y4 m# To allow operators to require admin users provide a search criteria first: |3 M5 n: S9 d( \1 b c
# before loading any data into the admin views, set the following attribute to- I# y0 J4 [8 H P# h6 X3 h4 s/ Z' i
# True0 z* o2 t' X: V& D0 n
#ADMIN_FILTER_DATA_FIRST=False E& o5 v2 B$ D# F
" q( Z1 Q( j. o3 i
% G$ M! A$ ?( z/ X" ?/ R% u |
|
发表于 2022-7-15 22:58:08