|
|
楼主 |
发表于 2022-7-16 07:53:11
|
显示全部楼层
# -*- coding: utf-8 -*-
: i& r$ h4 ]. J% Z/ K8 j3 uimport os
+ e; O! A1 b4 X- u/ mfrom django.utils.translation import ugettext_lazy as _
: L* y$ V6 N. m# Tfrom openstack_dashboard import exceptions: A$ i$ \- N% T5 d* E3 H% H0 Y
from openstack_dashboard.settings import HORIZON_CONFIG* S1 k/ |& t6 |% B5 m5 M3 i
DEBUG = False& U( Q% Z! ?# B3 ]
TEMPLATE_DEBUG = DEBUG7 S9 H0 ^' c9 {
COMPRESS_OFFLINE = True
l% ]4 Z9 V! w; h8 o2 t# _7 P# WEBROOT is the location relative to Webserver root
: ^: n, e- j& r! c2 h. P, J5 c# should end with a slash.
1 [4 [& F( F" pWEBROOT = '/'
0 z' c* g. V2 b+ A; v#LOGIN_URL = WEBROOT + 'auth/login/'" o+ u* \# F2 r
#LOGOUT_URL = WEBROOT + 'auth/logout/'
! X* e$ @ x" n0 N' `#
) f& t# D/ J% h$ m0 D# _# LOGIN_REDIRECT_URL can be used as an alternative for
. v& t% `' J6 j: C! w# HORIZON_CONFIG.user_home, if user_home is not set. z6 m. o8 P# [6 b2 |( ]" B# c5 {
# Do not set it to '/home/', as this will cause circular redirect loop9 x8 N( p% C( _. D! k! a
#LOGIN_REDIRECT_URL = WEBROOT: v% s- E4 L1 d* e6 U+ c
# If horizon is running in production (DEBUG is False), set this. k7 G4 U3 P3 j2 b
# with the list of host/domain names that the application can serve.
9 s/ L" K/ r' L# a+ Y( _# For more information see:9 N5 r. l3 n! D
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
( W6 F* `. E6 f+ m: A: cALLOWED_HOSTS = ['*']
3 B: i- s0 s/ F/ O+ V- @. @( u7 u) O; S4 p7 i
# Set SSL proxy settings:
- \6 o# N! \: J" ?. T# Pass this header from the proxy after terminating the SSL,+ Y. c/ J) P/ f
# and don't forget to strip it from the client's request.
: U+ i3 c2 |8 n0 J# For more information see:' w& G" k, g; }
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
. ~! D, H* t3 c! \ y$ A#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
7 k+ Z8 n# p1 r# If Horizon is being served through SSL, then uncomment the following two$ w3 H# [3 n- @7 y
# settings to better secure the cookies from security exploits
0 R( W0 T. B$ i9 _# d#CSRF_COOKIE_SECURE = True3 M6 T6 C% N. H ]3 O. C% V9 u9 Y
#SESSION_COOKIE_SECURE = True
0 b( l# a& I$ x0 s7 }8 J3 e
& R/ w( i! y0 {$ M2 f8 [/ U# The absolute path to the directory where message files are collected.
/ R6 m( Y. f" g3 N3 `4 x. Y# The message file must have a .json file extension. When the user logins to
1 t' f- A/ @- G* l- a; p# horizon, the message files collected are processed and displayed to the user.
. d7 U8 N6 N' o. p+ A#MESSAGES_PATH=None- u8 J. z! J# N9 N9 `. o5 m: ]3 h) x
# Overrides for OpenStack API versions. Use this setting to force the4 ?. x6 O0 _, @) B1 |, M
# OpenStack dashboard to use a specific API version for a given service API.
# O: D+ B$ t* c) d& `0 l# Versions specified here should be integers or floats, not strings.) N& d: j$ g# w2 s* E; G
# NOTE: The version should be formatted as it appears in the URL for the
; V3 ^" v# b) h# service API. For example, The identity service APIs have inconsistent
( K! `3 p" V- i# use of the decimal point, so valid options would be 2.0 or 3.
3 |/ h) b4 ^0 |, m! g( v# Minimum compute version to get the instance locked status is 2.9.
1 e) f" ?4 c5 b# U/ W% @# Q2 M#OPENSTACK_API_VERSIONS = {
% z4 s2 p& h8 Q2 ]/ ]% k& ?# "data-processing": 1.1,# T! Y) j8 r$ n- C
# "identity": 3,
- r5 x1 ^( m) D6 ~2 B# "volume": 2,
1 R. u( C/ K5 q2 ` R. F4 f- S# "compute": 2," }1 z: m, } K
#}3 \3 N' U( w* n. b- @+ u3 P5 r
OPENSTACK_API_VERSIONS = {
z2 x) t+ n7 f& m "identity": 3,. j0 f$ U/ k: b
}* }2 I; d. G( j, A( @9 s& O* \
# Set this to True if running on a multi-domain model. When this is enabled, it
5 n3 d3 P4 I0 ~/ {# will require the user to enter the Domain name in addition to the username
3 r7 T* t( ]! X# G1 r# for login.; f' e, [: V: b' \+ Y: a
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False3 a. N; `* s% W4 D: `1 Z- d
# Set this to True if you want available domains displayed as a dropdown menu# n/ r Y9 |7 V4 }/ D+ z& s4 X, j
# on the login screen. It is strongly advised NOT to enable this for public+ p4 Y$ ]9 I$ r- K- e5 i
# clouds, as advertising enabled domains to unauthenticated customers7 n- m9 u O: B
# irresponsibly exposes private information. This should only be used for4 Y! [1 F/ F* v; F. s
# private clouds where the dashboard sits behind a corporate firewall.
* n2 \2 k" e- M8 x4 OOPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = False
- x, O' \2 r" \( B, T8 d# If OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN is enabled, this option can be used to
4 `' L% F' f8 N1 v# set the available domains to choose from. This is a list of pairs whose first
- ~- y5 x$ Z( f/ v8 h# value is the domain name and the second is the display name.9 a+ e: j% A$ Y1 g
OPENSTACK_KEYSTONE_DOMAIN_CHOICES = (# P, g; [8 U: M" c! i
('Default', 'default'),
; O7 s' I, q! b- t& m% V k)
7 \, i; V9 y# \' H# Overrides the default domain used when running on single-domain model: w Q8 ~9 ?: D3 {! ^
# with Keystone V3. All entities will be created in the default domain.) s1 r7 \0 z3 u2 l
# NOTE: This value must be the ID of the default domain, NOT the name.$ e1 `: E$ S& l4 Q h% b5 Q
# Also, you will most likely have a value in the keystone policy file like this! F1 ?% n' h! [. ]0 Q
# "cloud_admin": "rule:admin_required and domain_id:<your domain id>"% V0 u ?( S: a- [- U- c" e
# This value must match the domain id specified there.
f4 D( J/ V8 E: ` f- R#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'8 `0 W& }; P3 i1 V, h
# Set this to True to enable panels that provide the ability for users to5 H, z6 J% g+ Q
# manage Identity Providers (IdPs) and establish a set of rules to map! _6 N+ {, \0 |9 p5 }9 K1 g
# federation protocol attributes to Identity API attributes.
- ]8 q0 W( V6 L# Y6 U: G% q/ s9 a# This extension requires v3.0+ of the Identity API.
4 M" @$ E, i+ O#OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False. s' c$ t2 @! \8 S. I, |
# Set Console type:
# D% j. R% `# v* C# valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None$ v# M4 J7 @# u5 u' D, J) P5 N
# Set to None explicitly if you want to deactivate the console.
0 J+ F. \) I2 g% R% O#CONSOLE_TYPE = "AUTO"
8 z- N' f8 L1 e9 o: m- I" C# If provided, a "Report Bug" link will be displayed in the site header
, a/ k* x0 \$ U: G1 K" o# which links to the value of this setting (ideally a URL containing* k- {3 G w. d3 g! }
# information on how to report issues).5 u% Q7 m$ s0 r1 |: F5 v3 X& s
#HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
: p: V0 x( h# I! q. b! {4 ?# Show backdrop element outside the modal, do not close the modal
. M& {4 B/ X+ [/ R# after clicking on backdrop.
* T1 h! @# A5 I* l6 Q0 u5 o( ^#HORIZON_CONFIG["modal_backdrop"] = "static"
9 V/ b. ^" W% X) l9 y2 }7 p/ Q# Specify a regular expression to validate user passwords.
2 H2 {$ S7 C' V( l [( O. _#HORIZON_CONFIG["password_validator"] = {+ B3 `5 _& b, ?- a% `
# "regex": '.*',
8 j, \8 D' U- R* |7 _# "help_text": _("Your password does not meet the requirements."),' I/ s" l) V# ?, B
#}
) q h/ G9 X. D, I C2 ]! s" K# Disable simplified floating IP address management for deployments with
% Z! V$ m% O0 B* E- C5 m. e7 l# multiple floating IP pools or complex network requirements.
0 C( l! A9 J" u0 [5 V5 ?2 ?; s) u#HORIZON_CONFIG["simple_ip_management"] = False
D1 ?& M' _2 Z3 V. V# Turn off browser autocompletion for forms including the login form and
7 X2 h* P: Z; L: a# the database creation workflow if so desired.
& ^5 S2 i/ X) i/ g7 @#HORIZON_CONFIG["password_autocomplete"] = "off", E- X5 E$ C+ f o \
# Setting this to True will disable the reveal button for password fields,
' j; b7 C0 f; c6 M# including on the login form.
+ ~" c) }6 K# }#HORIZON_CONFIG["disable_password_reveal"] = False7 ^ ? }1 _% T5 b
LOCAL_PATH = '/tmp'
: L" p: W1 r3 [3 c( a/ \6 p" J( p# Set custom secret key:- W3 O) Y* O9 _( G9 T
# You can either set it to a specific value or you can let horizon generate a/ m& |8 h$ G0 w
# default secret key that is unique on this machine, e.i. regardless of the
; x; P% r/ ]9 O6 m s# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,
) s( Z# ?4 v+ w- x# _' O# there may be situations where you would want to set this explicitly, e.g.. P. p% M/ z- T# S( ^7 v8 o
# when multiple dashboard instances are distributed on different machines
1 s6 T) x N* c9 Q# (usually behind a load-balancer). Either you have to make sure that a session& E7 H$ C8 R, |& e* y% R1 ]: n
# gets all requests routed to the same dashboard instance or you set the same' W3 u. X9 [/ e
# SECRET_KEY for all of them.% @% T9 z/ D* Y: e+ z* ?3 y
SECRET_KEY='RyLdZs4KeJ5z3TX48mk5biZLwlE1kzkFfbAKb9ma'
! c4 n/ z* D2 F/ ^4 U# We recommend you use memcached for development; otherwise after every reload( e3 G2 d8 E0 v8 a }+ ~' S& X6 L
# of the django development server, you will have to login again. To use
! d0 i: s1 \" F. g3 o6 ^- V# memcached set CACHES to something like
9 ]* F9 H) q, y& f% d7 [#CACHES = {% f* ~7 f# M- {0 a. F" N
# 'default': {
$ i" s" H3 Q& @* W9 u# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+ w: F7 Z$ D* [+ S' C# 'LOCATION': '127.0.0.1:11211',
: b2 E/ U) f& g* V* P1 Y# },
4 \- t* W" |9 c2 h5 \% u#}
" V1 Q* B" M, V: C0 |, i+ OSESSION_ENGINE = 'django.contrib.sessions.backends.cache'
& P v- x4 C# ]# C" E: S! C5 wCACHES = {5 n+ V' Q+ R6 P( o7 F0 H
'default': {9 d4 y8 e) D* a! N4 J* |% }
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',9 o+ L5 R+ P; V" w/ `
'LOCATION': ['10.144.106.6:11211','10.144.106.7:11211','10.144.106.8:11211']
, T( U& H' i+ n1 G. H2 J }
4 s: T& d4 p; {9 v}4 ] n% S% u- D3 K
# Send email to the console by default
0 p& r& ^6 x- V8 N1 D+ wEMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
: X" `; H( u! x1 x+ j' q+ C: Q5 T2 o# Or send them to /dev/null
i4 \5 M$ B1 }: i( J#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
) o2 ?8 y6 I2 Q# Configure these for your outgoing email host1 f1 M4 [2 C4 ~% K* c! M
#EMAIL_HOST = 'smtp.my-company.com'
6 T9 h3 f1 ]1 p2 w3 A#EMAIL_PORT = 25 l4 I9 T. y P" E+ H
#EMAIL_HOST_USER = 'djangomail'
( X$ Z% W0 \6 f5 S3 N: T#EMAIL_HOST_PASSWORD = 'top-secret!'# C8 \3 D$ z: o4 \' U2 r
5 v9 o; b1 K- R' j5 W& w2 n. r( h, L
OPENSTACK_HOST = "10.144.106.253"
+ L2 I0 V5 W; c3 _2 p7 K& ?* iOPENSTACK_KEYSTONE_URL = "http://10.144.106.253:5000"
; }8 f0 `8 C3 KOPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"7 B2 x) w& \& `- D! o) J
# Enables keystone web single-sign-on if set to True.: \% W3 m2 k6 C9 U# l' {' K
#WEBSSO_ENABLED = False
; Z% F; d4 l/ {+ o# Determines which authentication choice to show as default.8 _- D6 x v1 F9 k3 } e* g. }0 `
#WEBSSO_INITIAL_CHOICE = "credentials"
+ G3 r! ^; Z# G8 @* H# The list of authentication mechanisms which include keystone
' F# S/ v* |! D- p# B! `7 J f# federation protocols and identity provider/federation protocol% u# v3 T. |' Y) ?: y$ E$ T
# mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol6 W& L' ~. J Y" h9 N; V8 A
# IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID
+ G& @0 W% `4 a6 X+ a# f) X# Connect respectively.9 O5 o( x: e1 q8 ?" s7 I% D* K: |
# Do not remove the mandatory credentials mechanism.
) Z; M5 u3 a8 X6 q/ h. v0 i7 ~# Note: The last two tuples are sample mapping keys to a identity provider
: R+ A" `, W4 W7 \6 {# and federation protocol combination (WEBSSO_IDP_MAPPING).
% M! A% `4 z( l#WEBSSO_CHOICES = (
- ^' d" T( [# B# ("credentials", _("Keystone Credentials")),
( e G' c# S, r, U* G# ("oidc", _("OpenID Connect")), `3 e/ m, a H6 r
# ("saml2", _("Security Assertion Markup Language")),
/ c/ L0 K& J6 b( m1 d# ("acme_oidc", "ACME - OpenID Connect"),
# I/ L& E( q6 L5 T; v, ~0 F7 |# ("acme_saml2", "ACME - SAML2"),1 Q ~) Q; I6 N# C+ N1 A0 ?3 W8 E
#)
7 ?& R( ^1 `, C# A dictionary of specific identity provider and federation protocol# I" G! f4 t/ N1 u" ]5 G; V1 P: u
# combinations. From the selected authentication mechanism, the value* J6 a7 ~" o$ ~
# will be looked up as keys in the dictionary. If a match is found,
# G/ s/ U* D$ p8 v7 n# y# it will redirect the user to a identity provider and federation protocol
@0 x; `# U5 G4 M2 `! r# specific WebSSO endpoint in keystone, otherwise it will use the value' M; m u) ~5 y% B: @2 x% z- ^1 ` G
# as the protocol_id when redirecting to the WebSSO by protocol endpoint.! u0 o+ V4 ]5 |+ \, k
# NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>)./ r! G2 X/ N1 L# j
#WEBSSO_IDP_MAPPING = {
0 \3 v+ l; `1 P: r# "acme_oidc": ("acme", "oidc"),
2 J8 H5 ^) `5 K2 j* \, F! Q# "acme_saml2": ("acme", "saml2"),# A! i5 B0 y& `: X& \
#}
3 @2 s$ Q% d8 x* F& o6 z" I( ?2 K# Disable SSL certificate checks (useful for self-signed certificates):8 [4 s% ]. I* i( t2 _: i
#OPENSTACK_SSL_NO_VERIFY = True
' }' i& |* x+ n8 a# The CA certificate to use to verify SSL connections
w1 |+ l1 x0 O1 H% t#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'0 ^, z d6 O, W
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the3 T/ W! F, S! ?' I
# capabilities of the auth backend for Keystone.9 Q' @8 Q" ]/ V9 i3 U0 A% t
# If Keystone has been configured to use LDAP as the auth backend then set4 X7 O: a) j& v1 h3 }
# can_edit_user to False and name to 'ldap'.
* i6 a& ?% L) f; z* H#$ v: _7 x' {( p# r5 a% ~* j9 U' u
# TODO(tres): Remove these once Keystone has an API to identify auth backend.# U! J# N3 x4 [0 @- k
OPENSTACK_KEYSTONE_BACKEND = {
2 {2 r# [& G, C1 I7 b" L- F# d 'name': 'native',
! k8 Z+ O- E; U4 c 'can_edit_user': True,5 x' o/ }3 Q3 m# U
'can_edit_group': True,
, Z( U1 [$ s q, D D) Y 'can_edit_project': True,
) e3 i( T9 |6 Q5 g 'can_edit_domain': True,: {/ V8 d- m4 w0 u' f' o+ b
'can_edit_role': True,0 p4 h* h* Z3 R! K
}
# W8 z, A: z) v7 X0 k# Setting this to True, will add a new "Retrieve Password" action on instance,
' [8 B! t6 S. ^$ E2 ^, B# allowing Admin session password retrieval/decryption.
: ^. V4 d! i) y$ f#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False' l& R. r" f9 D+ V$ i' F
# The Launch Instance user experience has been significantly enhanced.7 `. C. K2 V0 a+ w/ r, M
# You can choose whether to enable the new launch instance experience,; O T# B5 g( j
# the legacy experience, or both. The legacy experience will be removed
$ V1 Q- L6 q/ y# in a future release, but is available as a temporary backup setting to ensure9 f* r5 b) j h; u
# compatibility with existing deployments. Further development will not be
' i) `" V' g$ ?$ ]/ [, O$ ]: f; K# done on the legacy experience. Please report any problems with the new z0 y; E& `0 n; d/ J' y. J
# experience via the Launchpad tracking system./ a6 ~# ?3 d% K' p) a. h2 g5 m
#
0 l+ k1 g9 R8 u* u" R# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
+ z" z' C- U5 s. i. N# determine the experience to enable. Set them both to true to enable. c1 @4 H! w$ R+ U1 \3 R
# both.8 ]0 x1 N- D- O! B5 F+ @
#LAUNCH_INSTANCE_LEGACY_ENABLED = True
5 r' G: |7 E3 d#LAUNCH_INSTANCE_NG_ENABLED = False
, M9 X$ H1 ~3 T6 y! k# A dictionary of settings which can be used to provide the default values for6 v" W9 n Z9 W$ I( h* F
# properties found in the Launch Instance modal./ A4 i. x) N3 I% k1 e) n$ d9 m
#LAUNCH_INSTANCE_DEFAULTS = {6 u5 Q( S" P8 D" ?% z
# 'config_drive': False,
W4 R7 {- u7 n# A% K, J7 j+ g# 'enable_scheduler_hints': True1 l1 w3 J: V0 I' W: H7 `
#}
0 U9 c8 S: N9 A+ J, [8 v# The Xen Hypervisor has the ability to set the mount point for volumes* {6 n# C, U, w$ H" L% C
# attached to instances (other Hypervisors currently do not). Setting5 V$ f- C% u1 i" H9 V* E
# can_set_mount_point to True will add the option to set the mount point
2 ?* Z; ^3 X6 k# from the UI.% c9 @' e' v# ]
OPENSTACK_HYPERVISOR_FEATURES = {( p- s) m( G9 |* r" S
'can_set_mount_point': False,8 y9 r1 T2 P9 P$ d1 E
'can_set_password': False,
4 `; X5 O. r2 i( q% m 'requires_keypair': False,3 D) ~7 @$ ?4 `
'enable_quotas': True
2 b4 @7 S4 w& @8 T: a9 v}% Y$ \& V+ E% @( X6 j
# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional" A1 O; |2 G* L$ L6 y: f v- v6 A
# services provided by cinder that is not exposed by its extension API.2 Q: G9 [/ H2 ? Z' a
OPENSTACK_CINDER_FEATURES = {
* `$ e1 B5 T" l* p 'enable_backup': True,
* \ U7 g0 c/ i; X}& T1 i. b: O8 v8 D+ z
# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional" A# @) [3 q( [$ q. ~% Q
# services provided by neutron. Options currently available are load! w- R# C( S; d5 n4 I( U
# balancer service, security groups, quotas, VPN service.7 D: D1 `/ _) N5 L1 g! x6 G
OPENSTACK_NEUTRON_NETWORK = { F6 V! N& y8 `. z u3 f1 {6 M
'enable_router': True,
' @) [7 n S' m" B$ w3 w" _- G 'enable_quotas': True,2 y8 K) `/ @7 T' y) b5 P& m4 `
'enable_ipv6': True,
y+ M- q! B. @. m# U9 C5 U 'enable_distributed_router': False,
& r& Z! v; g- o/ {! d 'enable_ha_router': False,% ?+ }- K, C8 D+ q/ q
'enable_lb': True,
( b/ G1 R5 e3 D* x 'enable_firewall': True,
, Z& Q. N2 M- p8 |9 g+ N9 U" |6 N 'enable_vpn': True, V+ c9 s; B& T- i; l
'enable_fip_topology_check': True,
# h7 Z; v7 a7 g o # Default dns servers you would like to use when a subnet is
! `7 T; x- m! X0 G # created. This is only a default, users can still choose a different
5 h3 R5 Z8 y/ c0 Y. L! ~( m # list of dns servers when creating a new subnet.
( T5 s$ ^9 s* `0 t( R; {5 S: ?, y # The entries below are examples only, and are not appropriate for
' t# w% q6 N! ` # real deployments
6 W. j& D2 f) s" `8 E9 l # 'default_dns_nameservers': ["8.8.8.8", "8.8.4.4", "208.67.222.222"],7 H [5 `& H. B- G+ x
# The profile_support option is used to detect if an external router can be" j# {- `4 F/ U: s+ p6 L
# configured via the dashboard. When using specific plugins the
8 n k p& q. }) L3 M: h0 j # profile_support can be turned on if needed.
) T% V, `7 H s" H 'profile_support': None,
! V4 O9 E2 M6 L3 Z6 k' C% l #'profile_support': 'cisco',+ Y( j/ b' e8 G
# Set which provider network types are supported. Only the network types
* V: M% e7 F1 ] # in this list will be available to choose from when creating a network.
( ^3 t8 |# [) r+ p5 D # Network types include local, flat, vlan, gre, vxlan and geneve.
0 X; B4 W9 j& f4 M# g # 'supported_provider_types': ['*']," ~6 k |9 F# C+ q [! m
# You can configure available segmentation ID range per network type
) M* u9 u0 a* T. E6 j5 Z) B2 h; Y # in your deployment.
2 _3 p- D6 T" Q' `+ d # 'segmentation_id_range': { z4 ]# A4 x7 u( L8 j, e5 ~, i
# 'vlan': [1024, 2048],
) }! C& h0 P4 c" Q # 'vxlan': [4094, 65536],( o5 N" E) E# q
# },
' n# S* O0 C% ]9 Y: P1 q! ~: } # You can define additional provider network types here.
# p. p4 j5 [& s N& J # 'extra_provider_types': {- p% F1 q$ u; {; D$ C+ g) t
# 'awesome_type': {8 J0 O. j v7 x3 m! _; E* z/ k
# 'display_name': 'Awesome New Type',
8 G9 r; J, }/ s& a' x0 r # 'require_physical_network': False,* _ t% K1 N- M- F' M9 \& y
# 'require_segmentation_id': True,3 C3 C- M4 h+ q. Z" \0 G
# }: Q1 Y. m" L/ E! |) k! D& r7 r
# },
: ]4 i1 a# j& |! p7 N5 O # Set which VNIC types are supported for port binding. Only the VNIC+ R. J. W6 r% ?( C( v! g
# types in this list will be available to choose from when creating a
- h w7 F/ D% ]0 V # port.7 j, `2 ~8 ^# \8 l3 G5 Q7 t
# VNIC types include 'normal', 'macvtap' and 'direct'./ g/ u! c- N1 k5 K. m: b8 u Q! H
# Set to empty list or None to disable VNIC type selection.
6 V7 t2 ?" Z& \% ] 'supported_vnic_types': ['*'], m6 w; S. @* J! c
}
8 M' ?9 {' h, k9 J; v% C+ d# The OPENSTACK_HEAT_STACK settings can be used to disable password
8 D* N, ~* {( D. Q2 t& b; J# field required while launching the stack.
+ P- \3 m: t8 M. t8 H8 h, iOPENSTACK_HEAT_STACK = {
5 W4 n- `) i+ w% P9 h; ^3 B. M( z# z ? 'enable_user_pass': True,; U3 d$ S3 P0 r( B
}$ Z9 Y' @7 \ k' B8 Q* f, e! x4 i
# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features; D# D+ X- M( C
# in the OpenStack Dashboard related to the Image service, such as the list
& c. p. A+ I4 D$ I8 u% i3 W4 s) h# of supported image formats." P) _; H: Q1 q5 Y% x" q
#OPENSTACK_IMAGE_BACKEND = {9 d2 D4 b, I# W' I8 }7 w4 |# x4 f
# 'image_formats': [7 U8 n4 h* y: ^' [, B* @7 D1 O
# ('', _('Select format')),; t( q7 x9 D- Z3 o0 u" T
# ('aki', _('AKI - Amazon Kernel Image')), `* X+ p5 M" j: i
# ('ami', _('AMI - Amazon Machine Image')),
' I/ p; b' c6 C3 G- t. o; R/ \( n# ('ari', _('ARI - Amazon Ramdisk Image')),4 C) O1 }$ J' D) L
# ('docker', _('Docker')),. a, p2 w0 \" L% F; ]
# ('iso', _('ISO - Optical Disk Image')),
. s4 z5 X7 T; [, t- B9 O- Z# ('ova', _('OVA - Open Virtual Appliance')),2 b, _) m! U8 H, c) W
# ('qcow2', _('QCOW2 - QEMU Emulator')),
+ H+ i7 W" e' a7 v; l* t/ B# ('raw', _('Raw')),
2 w% l6 Z( @1 D4 q; g1 u1 _# ('vdi', _('VDI - Virtual Disk Image')),
7 J) f5 m) @8 A! I! |+ m" O# ('vhd', _('VHD - Virtual Hard Disk')),
9 R& o, y- j1 n. u# ('vmdk', _('VMDK - Virtual Machine Disk')),
2 ~7 w) a, C6 ?& c: X# ],
C9 T6 W0 X/ V, R( Q#}- q: R6 q. r8 ?0 Y6 t$ I+ Y
# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
3 }5 ^0 Z( O* y# c5 h# image custom property attributes that appear on image detail pages.
- W' f8 A: s( ?IMAGE_CUSTOM_PROPERTY_TITLES = {; Z2 @9 k. J( g8 Y
"architecture": _("Architecture"),% M' r9 Z0 h9 l& t0 o: u
"kernel_id": _("Kernel ID"),5 a- {! i0 ^; U6 L5 U; B k
"ramdisk_id": _("Ramdisk ID"),
0 \$ X0 z" d( {" ?8 v0 ^ "image_state": _("Euca2ools state"),1 b4 n X( H8 l
"project_id": _("Project ID"),
1 w2 M# X( K6 h: i& W. B3 L/ B "image_type": _("Image Type"),
& w* q$ q+ k J8 T O}
$ B" B$ @) z+ R x7 n# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image6 }: m) h0 V' F3 X" s
# custom properties should not be displayed in the Image Custom Properties
1 W% X/ o Z7 M( ?# table.
/ N" N* Z& P6 A7 B0 f+ L% tIMAGE_RESERVED_CUSTOM_PROPERTIES = []
- G2 p) n" G @0 w0 n# Set to 'legacy' or 'direct' to allow users to upload images to glance via
z3 |9 Y# J# K2 f) D# Horizon server. When enabled, a file form field will appear on the create! n0 n7 H" z4 `' A1 J4 a2 @% d
# image form. If set to 'off', there will be no file form field on the create
9 N. q0 M/ a" y. ]9 ^# image form. See documentation for deployment considerations.0 L) m/ T; G1 y" X; Y+ |
#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'. g* l* Q% v6 O4 }' c+ \9 s# h
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
Q0 j8 b4 B- m: O S# in the Keystone service catalog. Use this setting when Horizon is running8 G2 b) d6 K- }' {; V q
# external to the OpenStack environment. The default is 'publicURL'.
3 T. X, \& U! t7 t: T" @$ z0 m0 AOPENSTACK_ENDPOINT_TYPE = "internalURL"
+ }+ B( `4 E6 V u+ M; U* |# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the8 Q; r0 B2 \! b' ?/ }9 D) V2 }
# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
/ T# n" A: Y6 G* ^0 `# z% s# in the Keystone service catalog. Use this setting when Horizon is running
6 D% \( o' r7 E$ v& p1 p$ `7 j# external to the OpenStack environment. The default is None. This
m8 r: e5 T! b: _ C9 {# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
& m/ r/ F( A0 m7 S6 u#SECONDARY_ENDPOINT_TYPE = None
, ~% X9 B' _' F2 Y+ r# The number of objects (Swift containers/objects or images) to display+ k+ f- Y2 y8 n. w3 p8 S3 N
# on a single page before providing a paging element (a "more" link)3 d7 Y2 q. E7 @4 k
# to paginate results.
- g3 p! h; q6 ^5 n& WAPI_RESULT_LIMIT = 1000
5 J% _5 g$ g: K" M1 T. c1 A+ m! |7 sAPI_RESULT_PAGE_SIZE = 20/ x. m& S4 R6 V5 p! V
# The size of chunk in bytes for downloading objects from Swift; K5 }' Q! y" I/ ^0 g* \4 s
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
z. S1 B2 _# T# Specify a maximum number of items to display in a dropdown.
& g( Q* @. j. y4 D1 y6 RDROPDOWN_MAX_ITEMS = 30
7 u+ }3 z1 }" D @# R9 B/ e# The timezone of the server. This should correspond with the timezone
/ R* J5 ]6 o; I# G" k# of your entire OpenStack installation, and hopefully be in UTC.) c3 ~" k. p+ U( W" w, o1 c
TIME_ZONE = "UTC"7 K1 W- I$ q4 ]; c0 H7 i
# When launching an instance, the menu of available flavors is: x) T$ Q# _; O9 P3 s. B
# sorted by RAM usage, ascending. If you would like a different sort order,
( o; n: O! t" t. ~: y# o# you can provide another flavor attribute as sorting key. Alternatively, you
$ A+ z% d# d* T+ \$ b# can provide a custom callback method to use for sorting. You can also provide
y( s$ s! T, U. {4 E a# a flag for reverse sort. For more info, see
& _; C7 V, z4 p# N7 W8 U1 y# http://docs.python.org/2/library/functions.html#sorted, P$ W* h, m1 Z' A3 _$ C K. e* k
#CREATE_INSTANCE_FLAVOR_SORT = {8 n/ A. K2 b6 {$ I, G# }0 W* h& V0 L
# 'key': 'name',
; }6 v1 t2 t, D. M# y# Z# # or
' s* _3 Z4 N; w+ S1 ]# 'key': my_awesome_callback_method,4 q* C. V! I* f, m2 H; S2 u5 f
# 'reverse': False,' M! G9 @2 N$ {
#}
3 ?; t0 C5 }- ~7 T0 z# Set this to True to display an 'Admin Password' field on the Change Password& F' j! y: k$ B/ }8 a, A! G
# form to verify that it is indeed the admin logged-in who wants to change
1 }) H5 R) I5 A6 U n# the password.% w+ A2 y2 v: ~* A6 f( d2 W
#ENFORCE_PASSWORD_CHECK = False
) g% ^( y8 T$ A, B- {' H# Modules that provide /auth routes that can be used to handle different types
4 ?" M7 Y9 x5 K' V# of user authentication. Add auth plugins that require extra route handling to7 h( R" q- C' M- {
# this list., _& z( @8 g7 G; ^* Q
#AUTHENTICATION_URLS = [9 D5 z6 U% Q" T' B7 Z# E7 ^8 o @' g
# 'openstack_auth.urls',$ S5 ~; A- s. w( ^& ]) I) d5 U
#]7 I- t, D9 h0 d5 w
# The Horizon Policy Enforcement engine uses these values to load per service
( ^* H, {7 c! p0 d' ]4 F6 N# policy rule files. The content of these files should match the files the
9 x7 t& d ~! e3 {3 n) E9 z" K8 O" ?# OpenStack services are using to determine role based access control in the
! r* }; t8 B: Z6 @6 z4 \# target installation.
3 ^4 {: z- R3 H( q s6 b# Path to directory containing policy.json files
& V4 m( q- H1 Z& D7 j5 X( Y% JPOLICY_FILES_PATH = '/etc/openstack-dashboard' [2 w4 } t# d B( o5 ?" \
# Map of local copy of service policy files.. ~( P# U) c3 L
# Please insure that your identity policy file matches the one being used on: F0 Z& _* P, D! A5 l: _
# your keystone servers. There is an alternate policy file that may be used7 F) K6 I0 ?$ s# h. a* ?1 M# t7 a
# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
6 U. Y: T2 i# d$ l# This file is not included in the Horizon repository by default but can be5 _/ R* r; P: A5 w. e
# found at
6 I. ]" e& a% C) C; w6 w7 p# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
# c. J; [+ o- h; |# policy.v3cloudsample.json
: r1 S* R8 W. F# Having matching policy files on the Horizon and Keystone servers is essential: K' C! r3 V5 l$ t0 V/ z8 w
# for normal operation. This holds true for all services and their policy files.6 E. f, }6 z3 _
#POLICY_FILES = {
, y) \) ~! |+ @- T& E) k9 g# 'identity': 'keystone_policy.json',
/ z/ j J q4 {$ W1 F/ i# 'compute': 'nova_policy.json',& w# T8 Y' ]; U: c% t
# 'volume': 'cinder_policy.json',
8 A0 J! q1 ?, f7 q6 U/ H9 B( d5 s# 'image': 'glance_policy.json',7 R8 ^1 v+ _) a# d6 h) ~; l
# 'orchestration': 'heat_policy.json',
3 {4 d5 n. N' m/ S. C# 'network': 'neutron_policy.json', w* R% p* O; F! H- E8 ]7 d
# 'telemetry': 'ceilometer_policy.json',1 O& |7 X4 w" J$ {' e: o
#}
7 \5 D, z* |$ z4 Y# TODO: (david-lyle) remove when plugins support adding settings.; }1 l% E, }0 D( ~
# Note: Only used when trove-dashboard plugin is configured to be used by
+ D# B0 P4 Z' b; x# Horizon.
( ~. J: R- [! f$ H7 x1 T7 l; b. Q [) |# Trove user and database extension support. By default support for& g6 q' u6 W& ?$ r
# creating users and databases on database instances is turned on.
8 U, t' f( M H& }; k* q6 ^ l# To disable these extensions set the permission here to something5 S" `: i! d& j$ d
# unusable such as ["!"].
3 \- ?, p0 {! J$ n$ q#TROVE_ADD_USER_PERMS = []$ O/ S9 Q& _$ p" ^$ ^1 l) X" O0 o3 {
#TROVE_ADD_DATABASE_PERMS = []
7 H7 R9 E+ l$ D3 o: L1 L" Y+ _8 w# Change this patch to the appropriate list of tuples containing5 _# l0 C$ m4 M8 P9 \/ l
# a key, label and static directory containing two files:3 W1 {2 `" e: R" p$ ^
# _variables.scss and _styles.scss2 c4 {/ D* z! L1 F% C+ }
#AVAILABLE_THEMES = [
6 u) z5 L2 F4 W8 K0 W2 M) w) T# ('default', 'Default', 'themes/default'),# `" }+ c' D8 k' r Y
# ('material', 'Material', 'themes/material'),
4 I7 u: D9 [. v' ] J#]% H1 O# \4 U* _' {& J2 T& F; \
LOGGING = {9 J3 L% |6 B! a/ \$ Y
'version': 1,
' x E1 X& q. D' k" }1 c4 x( O # When set to True this will disable all logging except
# E2 j8 b9 R8 ]/ c* [ # for loggers specified in this configuration dictionary. Note that
% ~% O' h; {: I' ~9 }( M # if nothing is specified here and disable_existing_loggers is True,
3 Y3 i# K, I, R # django.db.backends will still log unless it is disabled explicitly.
3 N9 g6 C+ k6 k* T 'disable_existing_loggers': False,
8 i7 r" G% |* \, { 'formatters': {# E" U% R' B& \# N7 `
'operation': {
9 `0 L& p6 _" e8 N: W7 ^& \6 l! } # The format of "%(message)s" is defined by
% n3 w4 e# M$ y; O7 D$ _. D # OPERATION_LOG_OPTIONS['format']
9 E2 _! z& ]* N 'format': '%(asctime)s %(message)s'8 x; z9 z) I$ K1 f9 U& N
},
+ s& }/ G/ C, o },8 p/ c, F& V8 y% @6 f2 {
'handlers': {
, F( a* {7 s ]5 g3 M) @2 X 'null': {. J7 n, ]8 f" ~( l9 |
'level': 'DEBUG',. K& J! Y6 `8 a. F* q$ |
'class': 'logging.NullHandler',
' H+ [4 X1 r" r' @% q! }6 E$ f, U& h8 C },
; R& d4 T3 w) A( ~ 'console': {
7 E* |$ {. q, ~0 y' J # Set the level to "DEBUG" for verbose output logging.
# B$ x# ?& U4 G+ G a 'level': 'INFO',* X% R& D1 ? L5 U% o
'class': 'logging.StreamHandler',8 u* S4 z% Q; c# m
},% n; G/ l) C2 L/ E% r
'operation': {
4 F4 Z3 m! K" ^7 h0 m9 g% B+ N2 W1 _ 'level': 'INFO',
" G% s0 D9 Y2 t! Z0 ~6 [" F 'class': 'logging.StreamHandler',3 ^) P6 F3 s3 Z4 Q
'formatter': 'operation',
$ b2 X% r# R% {2 Q+ y: A; |; J. V },
: I- |; @ o+ p },
0 M* f' A* \4 C/ ^* P+ J2 G 'loggers': {5 [& j! b. u0 D, O, R' Z$ Y& U
# Logging from django.db.backends is VERY verbose, send to null
5 ~- b1 \& i9 T& R; ^' R # by default.
- Y/ r1 D& j+ L0 [ 'django.db.backends': {0 A9 w$ d) ^. z) F% C3 q8 a2 s
'handlers': ['null'],( x9 ]- ^ p7 o1 n
'propagate': False,2 K9 f- ]& ^) R
},) w n9 u' p& D0 a0 f
'requests': {
& C" D( {) _2 o- H V6 ]# O; ?7 k 'handlers': ['null'],
9 M9 ~$ h+ W) a8 q0 L" [ 'propagate': False,
6 A; T2 b9 k2 d },# U9 |% C$ E7 w" z1 H
'horizon': {
- J. A6 \. r' S4 r( u4 Y 'handlers': ['console'],; E, T" b* E s/ [7 M. S
'level': 'DEBUG',
2 m7 F/ J# s h7 Z 'propagate': False,, G5 @+ q9 T5 }, Z" H4 _
},
8 ~% v0 A& _" R1 K 'horizon.operation_log': {
7 Z7 s8 ?4 u1 c* N7 ^& @$ w5 M" G ~ 'handlers': ['operation'],$ j) `6 H- i4 [! L- d
'level': 'INFO',! K. j* Q G6 n# X! K
'propagate': False,* U% q( G4 G0 R8 U( s
},
+ ^/ X. Y7 _# V% V1 M1 H 'openstack_dashboard': {: v( x- x$ ~: q1 E7 ?
'handlers': ['console'],
: Y0 W4 {) L3 O% [, t 'level': 'DEBUG',! B8 R+ M# M" y. ~) n, {
'propagate': False,5 k# s( T, N: i8 D7 v
},. C7 o6 H" ?. @# C( q! e: W
'novaclient': {( N1 d7 r. N- L4 a( |7 s3 [
'handlers': ['console'],. q* }: k7 \# k# o
'level': 'DEBUG',5 l! b1 X, c- ]
'propagate': False,
& @% d8 k, q. b$ F- X },
4 R' J9 ?* p% Z, r% F0 @ 'cinderclient': {( ^4 P8 d) n0 a! U5 b
'handlers': ['console'],
7 ^% E! G) U9 _2 c. r d& u 'level': 'DEBUG',
3 J& i; R: j$ U4 |* |$ r 'propagate': False,
0 U0 z" j. f& E. ? },( `' ]' g4 x/ i
'keystoneclient': {
0 i/ M; T0 E' \7 |$ ^ 'handlers': ['console'],
2 P. x+ }" i6 A; m; F 'level': 'DEBUG',
; a9 C+ s1 M2 f4 I( d8 m6 z* d/ w, S 'propagate': False,
. ? Y' c Z; N6 Q },
4 i! x/ D9 P S- m7 q: p 'glanceclient': {8 y @9 D3 G0 s$ D% F* f
'handlers': ['console'],
0 a% T5 P) X! g9 W1 {) w 'level': 'DEBUG',
& G) Q4 A7 R# K$ o 'propagate': False,$ e, f H Y5 E; d5 {9 G$ X
},
( e0 h6 j# k7 U 'neutronclient': {
7 t3 A& u2 m+ t8 d/ j 'handlers': ['console'],
( P3 ?" A. l! Q9 m 'level': 'DEBUG'," l' x. ]9 z* p5 |4 z+ e* C2 O) m
'propagate': False,
7 G8 O+ y( o! m, J6 l: u },
1 k6 j' f1 w* H- L7 y: n3 S- | 'heatclient': {% j. K& p: G* r# Y8 L
'handlers': ['console'],
# c8 l2 k( P, F) }* L/ c 'level': 'DEBUG',
: Z8 N7 V C% @4 O, E H, b6 C" p 'propagate': False,
l; } s& i* Z0 W3 o5 @ },7 W& Y5 ?8 P8 s4 K
'ceilometerclient': {+ e$ C) ?2 }8 ~# |6 T6 k: I- R2 L
'handlers': ['console'],: {. Y2 v; b% `: @
'level': 'DEBUG',
. }( i9 x! m+ M8 y 'propagate': False,( V# R3 o- d* w2 T# B% a) {8 i! ?' S
},
! [0 J1 J: U( O 'swiftclient': {) ^. p6 |' I( q# c2 c
'handlers': ['console'],
" T' c; `) K1 l# ` 'level': 'DEBUG',% }1 p! D1 l( e1 E
'propagate': False,
, p N% t% s& b },9 b* z4 ~# `0 K5 r" a
'openstack_auth': {
9 M" D" ^: k( Q2 U 'handlers': ['console'],5 f+ b& T) L- T/ A F
'level': 'DEBUG',
, T6 D2 T8 X, f1 p5 U 'propagate': False,
8 I$ f7 a$ F! U4 i6 x },
0 [* h+ B4 x5 q$ \ 'nose.plugins.manager': {
1 t7 O) R( M7 h4 ] 'handlers': ['console'],
. n! `# c4 |5 {: k# B; m 'level': 'DEBUG',
\0 t, O' n! d ~2 o7 j% O 'propagate': False,
0 {4 r7 x# y7 f9 X; D6 E. D7 U }, I9 l0 @: X! a9 e) @
'django': {4 O6 O4 L, Z. T6 m4 e
'handlers': ['console'],
& P) b2 R0 M* v$ o! h 'level': 'DEBUG',
3 Z" H) Z# S3 ]) G- O 'propagate': False,9 D! `7 }/ R# p( l
},8 m" d6 [: _3 k
'iso8601': {3 Z( `+ w/ L8 ~6 d( B6 S
'handlers': ['null'],
+ d$ K5 e1 P$ u3 r- _4 ` 'propagate': False,9 m& J' i! M f3 b+ o! q8 {" D* T$ \/ C
},0 F0 R2 |) ^: j
'scss': { H+ k7 k6 K4 h: [1 {4 z5 @: E
'handlers': ['null'],
5 }% v$ c% T. w 'propagate': False,5 n7 |8 D# U- A6 t/ i: a3 n+ Y
},' C( @* W3 f+ t h' A6 m
},) I7 p, k3 ?# u' O5 [" ]- H
}" N+ D3 m7 J) |+ O
# 'direction' should not be specified for all_tcp/udp/icmp.1 M( B6 [$ Z, x, S
# It is specified in the form.
' G- E' a9 J; h$ r; jSECURITY_GROUP_RULES = {" e0 Y* ^" u9 H- J( M- }
'all_tcp': {
# w0 g& o* b; V1 o 'name': _('All TCP'),3 C. i; J6 n: ~! U2 c# [& I3 {
'ip_protocol': 'tcp',0 |# A' S" |. l) w
'from_port': '1',8 k) h+ ^4 q8 R/ O
'to_port': '65535',1 e$ C2 A! x) h" }5 n @
},' r* q3 g" p3 [; V
'all_udp': {& z" Q7 F: U2 ~" ^
'name': _('All UDP'),
' o5 Y- H+ p9 b4 P. d# q% G 'ip_protocol': 'udp',+ D* k" A; t F6 R' B! ^3 K
'from_port': '1',
5 h2 m& V# `" ], o 'to_port': '65535',
/ h/ J! C2 }" E- i- _ },% D7 G$ ^3 N& v |3 k1 I
'all_icmp': {
: R9 k6 w1 @: ~8 q" u6 l4 X2 { 'name': _('All ICMP'),5 a1 [% p3 L. o8 @ ^
'ip_protocol': 'icmp',
3 |8 c* k4 n' c( Q, d 'from_port': '-1',5 O6 j6 r! P2 G- O6 B2 q0 Z6 d; O
'to_port': '-1',
* V3 N) z2 m! O" d },
2 l" h& l, C0 t! A 'ssh': {+ i6 [" m8 K& ?4 v1 @- u
'name': 'SSH',
" t3 w0 j& o, j0 K1 P3 w8 D, q. u 'ip_protocol': 'tcp',. J& ] }* \0 ?+ u) m
'from_port': '22',. Q( E. [/ ~: c4 O. ~: @
'to_port': '22',
7 v& k+ q# p3 q8 g: h },
: B) L8 J( u1 l$ L. e* U 'smtp': {' i' h% j1 ^4 x6 Y- @4 V
'name': 'SMTP',& U6 L8 u' D( ?( u4 R2 n
'ip_protocol': 'tcp'," g/ [$ }# C- `) S4 z) P, `
'from_port': '25',
3 W/ B: A& ^' j! b2 m 'to_port': '25',
: p% L! K- Z) l },8 C8 \5 D3 E( c/ f$ x( @/ T ^
'dns': {
, U, @2 L, G( [9 {. w2 S- D 'name': 'DNS',
7 f' V6 e! u$ a5 B 'ip_protocol': 'tcp',2 t2 \1 P. K; g8 _1 g! Q6 f
'from_port': '53',3 o. `; U" h% \( Y$ f3 x7 ?
'to_port': '53',( k, J! c/ S6 V8 m
},9 h8 G, W5 [5 y8 [" `1 ?% G w
'http': {
z1 H3 D; `6 m f5 o 'name': 'HTTP',
: z/ h. u6 m% _0 S1 O$ j% W 'ip_protocol': 'tcp',
2 ^* m. A" ]. g# t 'from_port': '80',2 E# W2 X! @+ V& }
'to_port': '80',
( V4 I/ B( I; C3 ~' p },- \( {2 k# V4 N* P' Q
'pop3': {
8 _9 w) D/ D3 P+ b4 V$ y. b 'name': 'POP3',! L% y9 I# R2 I) E5 _5 \
'ip_protocol': 'tcp',
/ r% z; n2 Q5 l5 J8 m6 ]# a 'from_port': '110',* E. K9 \5 o* X9 r l- V
'to_port': '110', L- w _+ e0 I" u
},' h5 i& t: c* R' D* G- h
'imap': {
4 u1 h1 O w# p( L 'name': 'IMAP',
5 c! B$ F; v8 [' o7 u5 O( ] 'ip_protocol': 'tcp',8 ]! a) z7 P' ]# S- Z
'from_port': '143',1 P$ D( k# ^4 N4 b) I3 l
'to_port': '143',, @' U% p) F- |/ h& ~0 A; R
},( [, Q9 ~/ @% N- Y( a
'ldap': {1 A9 a3 Z6 b. Z1 w( ~3 r% _
'name': 'LDAP',1 _: @4 s7 L6 C( m$ {
'ip_protocol': 'tcp',: M* X" `+ y9 U% Q( o- a& q8 Y0 f
'from_port': '389',/ q* h: T1 M: A" v Z
'to_port': '389',3 U+ u# V0 t k4 v- c. S) G/ r" A
},
+ W8 K. p8 ~5 `, i 'https': {3 R) X7 [. _2 \* V9 M1 @, ~- h* s; T
'name': 'HTTPS',
, t& w7 n% P8 a/ b5 D" u* N9 r% f 'ip_protocol': 'tcp',
0 \5 L/ `; J/ K' O 'from_port': '443',
/ j$ O8 N, M- u1 a4 N) W 'to_port': '443',
5 v+ K- k0 @* A" W8 D },4 K0 e( q' q7 G/ {+ @
'smtps': {' |/ D6 d1 E# {
'name': 'SMTPS',
; M) |4 q, r; C( [) c* J. ^9 e 'ip_protocol': 'tcp',6 f: m, p/ ]$ E2 O' h! t+ I
'from_port': '465',
& M5 C4 T; `/ s, L 'to_port': '465',( p1 s$ I, b4 Q6 f: A+ n) X$ f
},
: m" Y5 j6 N7 N* _9 o0 ~" P0 s 'imaps': {3 v8 @! A$ k9 ~" }5 E% o9 |
'name': 'IMAPS',
e7 L, Q4 t( @ 'ip_protocol': 'tcp',
9 j+ l5 j& v' q; x; } 'from_port': '993',7 V- S5 }. S" O6 `0 m+ \* M1 p0 l/ W
'to_port': '993',
1 y: [* G8 E0 i7 O1 f },
4 X [# E9 Q3 M- k9 C, C9 M 'pop3s': {
6 l& D/ {5 {0 `# b 'name': 'POP3S',8 }" z0 U! ^" k4 L3 y! q
'ip_protocol': 'tcp',9 {2 ?. t& H( i/ r! h
'from_port': '995',
$ u+ K( ^! ?: L! t6 ?5 X+ Z: J& E' f. k 'to_port': '995',) r! ]0 e# u! M( q7 K
},
( G# X5 e/ Z4 _; r2 t$ f t 'ms_sql': {4 @( ? [6 N* ]: W* d8 R. }/ j: }
'name': 'MS SQL',& w- _9 v7 j! M! t+ d# Z& H3 O
'ip_protocol': 'tcp',6 y. ?3 f! N2 w J
'from_port': '1433',# k2 |7 x" J, H) T2 L6 J4 h
'to_port': '1433',, j K+ \4 t1 y+ j
},, i* u% b6 N6 ?* m' l/ ~0 Y$ Z) y( k
'mysql': {
0 H. b0 g: g# H2 ]$ `1 Y 'name': 'MYSQL',( e# P7 V3 ]2 ~7 U( X2 L5 i
'ip_protocol': 'tcp',
( m7 X3 T3 h, h 'from_port': '3306',
3 C& C: f) D. D4 u& m" b 'to_port': '3306',
5 @. s1 l; A& P3 H1 R8 S1 g },
. V7 ^" P+ f$ R: }) M 'rdp': {; y* O: O& {- w, B2 N
'name': 'RDP',1 Q% Q- Q5 ~) W, f' u! o
'ip_protocol': 'tcp',9 ~' G% O, M1 l& z3 d
'from_port': '3389',
$ g3 _/ ?' d5 `% }3 c 'to_port': '3389',
; Y n8 K' i5 l( U( x$ b6 M },
% o. l: ^, Y. y$ D}
- f, y% B9 F9 t8 z1 E# Deprecation Notice:
o+ f F; @. e0 |+ n! e4 X* x#- v& L9 F* z y* _& K- \
# The setting FLAVOR_EXTRA_KEYS has been deprecated.
8 j M/ ~! s1 Y8 R# w1 {# c* U# Please load extra spec metadata into the Glance Metadata Definition Catalog.
2 x! A1 d8 F* O/ d#4 G1 H! \' t( [2 z8 F8 B
# The sample quota definitions can be found in:
; | q, j. Y1 B1 x) D% K# L" v' n# <glance_source>/etc/metadefs/compute-quota.json: s+ C, L4 K, [ b
#' S- Y% h! A; P* D/ b- ]& u+ U
# The metadata definition catalog supports CLI and API:/ ~% V; n& K3 T0 S Z' q2 u
# $glance --os-image-api-version 2 help md-namespace-import; z+ i- x7 H3 h `4 ?
# $glance-manage db_load_metadefs <directory_with_definition_files>2 v% z& ^5 @, { ^
#
% ^5 W0 \1 W& J# See Metadata Definitions on: https://docs.openstack.org/glance/latest/3 U( {" R& F7 `- X, x( c) T
# TODO: (david-lyle) remove when plugins support settings natively
: Q3 l; g! n; m9 r* S, D; d5 e# Note: This is only used when the Sahara plugin is configured and enabled
+ i+ y- G$ N- y& j* c# for use in Horizon.7 Y2 i- B4 d7 m$ }8 e
# Indicate to the Sahara data processing service whether or not
; y# a, ]4 B0 V* ^, @ [# automatic floating IP allocation is in effect. If it is not" u) x& @8 k! c7 i! p. j
# in effect, the user will be prompted to choose a floating IP
: x: Y0 d5 a4 j3 M! j3 v/ T# pool for use in their cluster. False by default. You would want9 U' h& i4 M; C$ G6 K8 f1 |: |% i
# to set this to True if you were running Nova Networking with# N6 x* K% }9 _" b$ M4 i
# auto_assign_floating_ip = True.- A/ r* N2 \3 J* n0 _# R& f% e% p
#SAHARA_AUTO_IP_ALLOCATION_ENABLED = False, k9 G! _. g; i1 k. q4 ]
# The hash algorithm to use for authentication tokens. This must
- x% _& h% g+ Q# match the hash algorithm that the identity server and the+ x. L6 m; U* m- O# v" f
# auth_token middleware are using. Allowed values are the
% V, r4 h: u( ?+ ~2 y# algorithms supported by Python's hashlib library.& F L- Q+ \5 o' T3 Y; T0 Y1 K
#OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5', f: ]! S/ M" {/ S1 r, A* a
# AngularJS requires some settings to be made available to
& p: S! }9 R$ i; c! _# the client side. Some settings are required by in-tree / built-in horizon
- Z, y2 V; ?2 J& p3 L' h# features. These settings must be added to REST_API_REQUIRED_SETTINGS in the7 U. p9 ~) t' V0 \- ^# Y# D6 F
# form of ['SETTING_1','SETTING_2'], etc.7 m K9 j' O. d
#
" @8 Q. q2 O2 I" h; ^: B# You may remove settings from this list for security purposes, but do so at
0 ~' {" I3 G* i8 A0 M o# A" a# the risk of breaking a built-in horizon feature. These settings are required
! J' C2 N9 O" T8 c p4 e# for horizon to function properly. Only remove them if you know what you6 ?0 N. L, G0 S! O) `
# are doing. These settings may in the future be moved to be defined within; u9 o" K$ V' e, T! x% s [
# the enabled panel configuration.
, o& _9 ?/ v# F; Z% [# You should not add settings to this list for out of tree extensions.
& J. b7 m/ n5 j2 M3 Q! F# See: https://wiki.openstack.org/wiki/Horizon/RESTAPI* h) { Z. F% e' V/ I6 O- F
REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
4 w# Y" N3 E5 U" [ 'LAUNCH_INSTANCE_DEFAULTS',: ~4 K2 n5 ?3 D
'OPENSTACK_IMAGE_FORMATS']
7 X, f* r) M2 Y: g. O# Additional settings can be made available to the client side for
3 R6 V0 |" M( j5 J# extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS: t- W4 h6 D0 @1 ]) c1 J& s
# !! Please use extreme caution as the settings are transferred via HTTP/S3 [% n6 k% V- j* S. ^4 i+ L, d
# and are not encrypted on the browser. This is an experimental API and
' o8 E' I0 ]; W; o, m+ `8 o. y# may be deprecated in the future without notice.- E8 P/ f" P5 a7 @6 T
#REST_API_ADDITIONAL_SETTINGS = []
" ^: g5 C1 X; O" v, R- n2 U1 P# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded) J$ w( O+ ~5 e, l/ } T
# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame5 y$ E8 T% w( u
# Scripting (XFS) vulnerability, so this option allows extra security hardening
6 V" o+ I" w0 V: f9 V# U# where iframes are not used in deployment. Default setting is True.
! T$ [2 ^8 O1 C9 m4 K* ^- s# For more information see:
, D3 ^+ ` ~* B8 B' p- p, \( K# http://tinyurl.com/anticlickjack
) P& B9 G1 {" P+ G$ z) Y1 b: J#DISALLOW_IFRAME_EMBED = True
4 H0 {' s6 @- R+ c! N6 J) r# Help URL can be made available for the client. To provide a help URL, edit the) o) k+ R) x1 ?
# following attribute to the URL of your choice.
" A5 ^ s! b% P0 u- Q, I8 g#HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
) B2 B$ T( ], A& n B# Settings for OperationLogMiddleware8 S! G3 c9 z7 ~9 f' w+ o" o& `! a
# OPERATION_LOG_ENABLED is flag to use the function to log an operation on( k$ ?( k; D" e# O/ |, s3 b
# Horizon.
# [2 x$ S& [2 ?' H# q n# mask_targets is arrangement for appointing a target to mask.
3 q$ b# @; K! v4 y" d( G! Y# method_targets is arrangement of HTTP method to output log.3 c C3 e% D" W7 n/ x# E8 b
# format is the log contents.
+ ^) H$ A0 [% D& {3 d#OPERATION_LOG_ENABLED = False, P9 _' R( m. x9 B8 G% h
#OPERATION_LOG_OPTIONS = {
* W! q& W0 i# `# 'mask_fields': ['password'],
7 N2 ~, }7 V$ m9 J: }6 R4 N# 'target_methods': ['POST'],
4 g- Z4 L1 }3 p" A4 O+ Y# 'format': ("[%(domain_name)s] [%(domain_id)s] [%(project_name)s]"
; E# A2 J6 D, f1 _( ?# " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
! S/ [1 b6 a# h! Q# " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
" y% u; |4 `6 M: c! O# " [%(http_status)s] [%(param)s]"),5 L/ T- |" o. E: O) O1 I# l% S4 \
#}- C8 o9 _* J7 F8 M& ~) ?
# The default date range in the Overview panel meters - either <today> minus N
/ J5 i* }$ h+ g' G/ Y( m# days (if the value is integer N), or from the beginning of the current month+ l1 |7 X4 a1 r2 b5 }6 ]1 H
# until today (if set to None). This setting should be used to limit the amount
) m8 t {, s, Q6 B$ p! m# of data fetched by default when rendering the Overview panel.% @# n- m3 k5 r% |9 k
#OVERVIEW_DAYS_RANGE = 1
* r' H- j- d$ ^! g& W3 p+ E# To allow operators to require admin users provide a search criteria first6 w: G* g' G7 s. x
# before loading any data into the admin views, set the following attribute to; |5 ?" [, r- T
# True
; x/ T+ |+ V' z, [) s/ K' j8 ?5 f#ADMIN_FILTER_DATA_FIRST=False9 ~, I0 R' u, c: D
! S: p' v2 W* T& R: Q
/ Z6 A3 E; ^, N# _ |
|
发表于 2022-7-15 22:58:08