· 9 years ago · Jan 30, 2017, 04:34 PM
1import os
2
3from django.utils.translation import ugettext_lazy as _
4
5from horizon.utils import secret_key
6
7from openstack_dashboard import exceptions
8from openstack_dashboard.settings import HORIZON_CONFIG
9
10DEBUG = False
11TEMPLATE_DEBUG = DEBUG
12
13
14# WEBROOT is the location relative to Webserver root
15# should end with a slash.
16#LOGIN_URL = WEBROOT + 'auth/login/'
17#LOGOUT_URL = WEBROOT + 'auth/logout/'
18WEBROOT = '/dashboard/'
19LOGIN_URL = '/dashboard/auth/login/'
20LOGOUT_URL = '/dashboard/auth/logout/'
21
22# LOGIN_REDIRECT_URL can be used as an alternative for
23# HORIZON_CONFIG.user_home, if user_home is not set.
24# Do not set it to '/home/', as this will cause circular redirect loop
25#LOGIN_REDIRECT_URL = WEBROOT
26LOGIN_REDIRECT_URL = '/dashboard/'
27
28# Required for Django 1.5.
29# If horizon is running in production (DEBUG is False), set this
30# with the list of host/domain names that the application can serve.
31# For more information see:
32# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
33#ALLOWED_HOSTS = ['horizon.example.com', ]
34
35ALLOWED_HOSTS = ['*', ]
36
37# Set SSL proxy settings:
38# Pass this header from the proxy after terminating the SSL,
39# and don't forget to strip it from the client's request.
40# For more information see:
41# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
42#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
43
44# If Horizon is being served through SSL, then uncomment the following two
45# settings to better secure the cookies from security exploits
46
47#CSRF_COOKIE_SECURE = True
48#SESSION_COOKIE_SECURE = True
49
50
51# Overrides for OpenStack API versions. Use this setting to force the
52# OpenStack dashboard to use a specific API version for a given service API.
53# Versions specified here should be integers or floats, not strings.
54# NOTE: The version should be formatted as it appears in the URL for the
55# service API. For example, The identity service APIs have inconsistent
56# use of the decimal point, so valid options would be 2.0 or 3.
57#OPENSTACK_API_VERSIONS = {
58# "data-processing": 1.1,
59# "identity": 3,
60# "volume": 2,
61# "compute": 2
62#}
63
64OPENSTACK_API_VERSIONS = {
65 'identity': 3,
66
67}
68
69
70# Set this to True if running on multi-domain model. When this is enabled, it
71# will require user to enter the Domain name in addition to username for login.
72#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
73
74
75# Overrides the default domain used when running on single-domain model
76# with Keystone V3. All entities will be created in the default domain.
77#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
78
79
80# Set Console type:
81# valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None
82# Set to None explicitly if you want to deactivate the console.
83#CONSOLE_TYPE = "AUTO"
84
85# Default OpenStack Dashboard configuration.
86HORIZON_CONFIG = {
87 'dashboards': ('project', 'admin', 'settings',),
88 'default_dashboard': 'project',
89 'user_home': 'openstack_dashboard.views.get_user_home',
90 'ajax_queue_limit': 10,
91 'auto_fade_alerts': {
92 'delay': 3000,
93 'fade_duration': 1500,
94 'types': ['alert-success', 'alert-info']
95 },
96 'help_url': "http://docs.openstack.org",
97 'exceptions': {'recoverable': exceptions.RECOVERABLE,
98 'not_found': exceptions.NOT_FOUND,
99 'unauthorized': exceptions.UNAUTHORIZED},
100}
101
102# If provided, a "Report Bug" link will be displayed in the site header
103# which links to the value of this setting (ideally a URL containing
104# information on how to report issues).
105#HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
106
107# Show backdrop element outside the modal, do not close the modal
108# after clicking on backdrop.
109#HORIZON_CONFIG["modal_backdrop"] = "static"
110
111# Specify a regular expression to validate user passwords.
112#HORIZON_CONFIG["password_validator"] = {
113# "regex": '.*',
114# "help_text": _("Your password does not meet the requirements."),
115#}
116
117# Disable simplified floating IP address management for deployments with
118# multiple floating IP pools or complex network requirements.
119#HORIZON_CONFIG["simple_ip_management"] = False
120
121# Turn off browser autocompletion for forms including the login form and
122# the database creation workflow if so desired.
123#HORIZON_CONFIG["password_autocomplete"] = "off"
124HORIZON_CONFIG["password_autocomplete"] = "off"
125
126# Setting this to True will disable the reveal button for password fields,
127# including on the login form.
128#HORIZON_CONFIG["disable_password_reveal"] = False
129
130# Configure enabled image panel. It can be legacy or angular.
131#HORIZON_CONFIG["images_panel"] = "legacy"
132HORIZON_CONFIG["images_panel"] = "legacy"
133
134LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
135
136# Set custom secret key:
137# You can either set it to a specific value or you can let horizon generate a
138# default secret key that is unique on this machine, e.i. regardless of the
139# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,
140# there may be situations where you would want to set this explicitly, e.g.
141# when multiple dashboard instances are distributed on different machines
142# (usually behind a load-balancer). Either you have to make sure that a session
143# gets all requests routed to the same dashboard instance or you set the same
144# SECRET_KEY for all of them.
145#SECRET_KEY = secret_key.generate_or_read_from_file(
146# os.path.join(LOCAL_PATH, '.secret_key_store'))
147SECRET_KEY = 'mrGGrBUoDA'
148
149# We recommend you use memcached for development; otherwise after every reload
150# of the django development server, you will have to login again. To use
151# memcached set CACHES to something like
152#CACHES = {
153# 'default': {
154# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
155# 'LOCATION': '127.0.0.1:11211',
156# }
157#}
158#
159#CACHES = {
160# 'default': {
161# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
162# }
163#}
164CACHES = {
165 'default': {
166 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
167
168
169
170 'LOCATION': [ '10.5.7.20:11211','10.5.7.19:11211','10.5.7.18:11211', ],
171
172
173 }
174}
175
176
177SESSION_ENGINE = "django.contrib.sessions.backends.cache"
178
179
180# Send email to the console by default
181EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
182# Or send them to /dev/null
183#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
184
185# Configure these for your outgoing email host
186#EMAIL_HOST = 'smtp.my-company.com'
187#EMAIL_PORT = 25
188#EMAIL_HOST_USER = 'djangomail'
189#EMAIL_HOST_PASSWORD = 'top-secret!'
190
191# For multiple regions uncomment this configuration, and add (endpoint, title).
192#AVAILABLE_REGIONS = [
193# ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
194# ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
195#]
196
197#OPENSTACK_HOST = "127.0.0.1"
198#OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
199#OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
200OPENSTACK_KEYSTONE_URL = "http://10.5.7.15:5000/v2.0"
201OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
202
203# Enables keystone web single-sign-on if set to True.
204#WEBSSO_ENABLED = False
205
206# Determines which authentication choice to show as default.
207#WEBSSO_INITIAL_CHOICE = "credentials"
208
209# The list of authentication mechanisms which include keystone
210# federation protocols and identity provider/federation protocol
211# mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol
212# IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID
213# Connect respectively.
214# Do not remove the mandatory credentials mechanism.
215# Note: The last two tuples are sample mapping keys to a identity provider
216# and federation protocol combination (WEBSSO_IDP_MAPPING).
217#WEBSSO_CHOICES = (
218# ("credentials", _("Keystone Credentials")),
219# ("oidc", _("OpenID Connect")),
220# ("saml2", _("Security Assertion Markup Language")),
221# ("acme_oidc", "ACME - OpenID Connect"),
222# ("acme_saml2", "ACME - SAML2")
223#)
224
225# A dictionary of specific identity provider and federation protocol
226# combinations. From the selected authentication mechanism, the value
227# will be looked up as keys in the dictionary. If a match is found,
228# it will redirect the user to a identity provider and federation protocol
229# specific WebSSO endpoint in keystone, otherwise it will use the value
230# as the protocol_id when redirecting to the WebSSO by protocol endpoint.
231# NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>).
232#WEBSSO_IDP_MAPPING = {
233# "acme_oidc": ("acme", "oidc"),
234# "acme_saml2": ("acme", "saml2")
235#}
236
237# Disable SSL certificate checks (useful for self-signed certificates):
238#OPENSTACK_SSL_NO_VERIFY = True
239
240# The CA certificate to use to verify SSL connections
241#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
242
243# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
244# capabilities of the auth backend for Keystone.
245# If Keystone has been configured to use LDAP as the auth backend then set
246# can_edit_user to False and name to 'ldap'.
247#
248# TODO(tres): Remove these once Keystone has an API to identify auth backend.
249
250OPENSTACK_KEYSTONE_BACKEND = {
251 'can_edit_domain': True,
252 'can_edit_group': True,
253 'can_edit_project': True,
254 'can_edit_role': True,
255 'can_edit_user': True,
256 'name': 'native',
257}
258
259# Setting this to True, will add a new "Retrieve Password" action on instance,
260# allowing Admin session password retrieval/decryption.
261#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
262
263# The Launch Instance user experience has been significantly enhanced.
264# You can choose whether to enable the new launch instance experience,
265# the legacy experience, or both. The legacy experience will be removed
266# in a future release, but is available as a temporary backup setting to ensure
267# compatibility with existing deployments. Further development will not be
268# done on the legacy experience. Please report any problems with the new
269# experience via the Launchpad tracking system.
270#
271# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
272# determine the experience to enable. Set them both to true to enable
273# both.
274#LAUNCH_INSTANCE_LEGACY_ENABLED = True
275#LAUNCH_INSTANCE_NG_ENABLED = False
276
277# The Xen Hypervisor has the ability to set the mount point for volumes
278# attached to instances (other Hypervisors currently do not). Setting
279# can_set_mount_point to True will add the option to set the mount point
280# from the UI.
281#OPENSTACK_HYPERVISOR_FEATURES = {
282# 'can_set_mount_point': False,
283# 'can_set_password': False,
284# 'requires_keypair': False,
285#}
286
287# The OPENSTACK_HYPERVISOR_FEATURES settings can be used to enable optional
288# services provided by hypervisors.
289OPENSTACK_HYPERVISOR_FEATURES = {
290 'can_set_mount_point': True,
291 'can_set_password': False,
292}
293
294# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
295# services provided by cinder that is not exposed by its extension API.
296#OPENSTACK_CINDER_FEATURES = {
297# 'enable_backup': False,
298#}
299OPENSTACK_CINDER_FEATURES = {
300 'enable_backup': False,
301}
302
303# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
304# services provided by neutron. Options currently available are load
305# balancer service, security groups, quotas, VPN service.
306#OPENSTACK_NEUTRON_NETWORK = {
307# 'enable_router': True,
308# 'enable_quotas': True,
309# 'enable_ipv6': True,
310# 'enable_distributed_router': False,
311# 'enable_ha_router': False,
312# 'enable_lb': True,
313# 'enable_firewall': True,
314# 'enable_vpn': True,
315# 'enable_fip_topology_check': True,
316
317 # Neutron can be configured with a default Subnet Pool to be used for IPv4
318 # subnet-allocation. Specify the label you wish to display in the Address
319 # pool selector on the create subnet step if you want to use this feature.
320 #'default_ipv4_subnet_pool_label': None,
321
322 # Neutron can be configured with a default Subnet Pool to be used for IPv6
323 # subnet-allocation. Specify the label you wish to display in the Address
324 # pool selector on the create subnet step if you want to use this feature.
325 # You must set this to enable IPv6 Prefix Delegation in a PD-capable
326 # environment.
327 #'default_ipv6_subnet_pool_label': None,
328
329 # The profile_support option is used to detect if an external router can be
330 # configured via the dashboard. When using specific plugins the
331 # profile_support can be turned on if needed.
332 #'profile_support': None,
333 #'profile_support': 'cisco',
334
335 # Set which provider network types are supported. Only the network types
336 # in this list will be available to choose from when creating a network.
337 # Network types include local, flat, vlan, gre, and vxlan.
338 #'supported_provider_types': ['*'],
339
340 # Set which VNIC types are supported for port binding. Only the VNIC
341 # types in this list will be available to choose from when creating a
342 # port.
343 # VNIC types include 'normal', 'macvtap' and 'direct'.
344 # Set to empty list or None to disable VNIC type selection.
345 #'supported_vnic_types': ['*']
346#}
347OPENSTACK_NEUTRON_NETWORK = {
348 'enable_distributed_router': False,
349 'enable_firewall': False,
350 'enable_ha_router': False,
351 'enable_lb': False,
352 'enable_quotas': True,
353 'enable_security_group': True,
354 'enable_vpn': False,
355 'profile_support': None,
356}
357
358# The OPENSTACK_HEAT_STACK settings can be used to disable password
359# field required while launching the stack.
360#OPENSTACK_HEAT_STACK = {
361# 'enable_user_pass': True,
362#}
363
364# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
365# in the OpenStack Dashboard related to the Image service, such as the list
366# of supported image formats.
367#OPENSTACK_IMAGE_BACKEND = {
368# 'image_formats': [
369# ('', _('Select format')),
370# ('aki', _('AKI - Amazon Kernel Image')),
371# ('ami', _('AMI - Amazon Machine Image')),
372# ('ari', _('ARI - Amazon Ramdisk Image')),
373# ('docker', _('Docker')),
374# ('iso', _('ISO - Optical Disk Image')),
375# ('ova', _('OVA - Open Virtual Appliance')),
376# ('qcow2', _('QCOW2 - QEMU Emulator')),
377# ('raw', _('Raw')),
378# ('vdi', _('VDI - Virtual Disk Image')),
379# ('vhd', ('VHD - Virtual Hard Disk')),
380# ('vmdk', _('VMDK - Virtual Machine Disk')),
381# ]
382#}
383
384# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
385# image custom property attributes that appear on image detail pages.
386#IMAGE_CUSTOM_PROPERTY_TITLES = {
387# "architecture": _("Architecture"),
388# "kernel_id": _("Kernel ID"),
389# "ramdisk_id": _("Ramdisk ID"),
390# "image_state": _("Euca2ools state"),
391# "project_id": _("Project ID"),
392# "image_type": _("Image Type"),
393#}
394
395# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
396# custom properties should not be displayed in the Image Custom Properties
397# table.
398#IMAGE_RESERVED_CUSTOM_PROPERTIES = []
399
400# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
401# in the Keystone service catalog. Use this setting when Horizon is running
402# external to the OpenStack environment. The default is 'publicURL'.
403#OPENSTACK_ENDPOINT_TYPE = "publicURL"
404
405
406# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
407# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
408# in the Keystone service catalog. Use this setting when Horizon is running
409# external to the OpenStack environment. The default is None. This
410# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
411#SECONDARY_ENDPOINT_TYPE = "publicURL"
412
413
414# The number of objects (Swift containers/objects or images) to display
415# on a single page before providing a paging element (a "more" link)
416# to paginate results.
417#API_RESULT_LIMIT = 1000
418#API_RESULT_PAGE_SIZE = 20$
419API_RESULT_LIMIT = 1000
420API_RESULT_PAGE_SIZE = 20
421
422# The size of chunk in bytes for downloading objects from Swift
423#SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
424
425# Specify a maximum number of items to display in a dropdown.
426#DROPDOWN_MAX_ITEMS = 30
427
428# The timezone of the server. This should correspond with the timezone
429# of your entire OpenStack installation, and hopefully be in UTC.
430TIME_ZONE = "UTC"
431
432# If you have external monitoring links, eg:
433
434
435# When launching an instance, the menu of available flavors is
436# sorted by RAM usage, ascending. If you would like a different sort order,
437# you can provide another flavor attribute as sorting key. Alternatively, you
438# can provide a custom callback method to use for sorting. You can also provide
439# a flag for reverse sort. For more info, see
440# http://docs.python.org/2/library/functions.html#sorted
441#CREATE_INSTANCE_FLAVOR_SORT = {
442# 'key': 'name',
443# # or
444# 'key': my_awesome_callback_method,
445# 'reverse': False,
446#}
447
448# CUSTOM_THEME_PATH allows to set to the directory location for the
449# theme (e.g., "static/themes/blue"). The path can either be
450# relative to the openstack_dashboard directory or an absolute path
451# to an accessible location on the file system.
452# If not specified, the default CUSTOM_THEME_PATH is
453# static/themes/default.
454
455
456
457
458
459
460# Set this to True to display an 'Admin Password' field on the Change Password
461# form to verify that it is indeed the admin logged-in who wants to change
462# the password.
463#ENFORCE_PASSWORD_CHECK = False
464
465# Modules that provide /auth routes that can be used to handle different types
466# of user authentication. Add auth plugins that require extra route handling to
467# this list.
468#AUTHENTICATION_URLS = [
469# 'openstack_auth.urls',
470#]
471
472# The Horizon Policy Enforcement engine uses these values to load per service
473# policy rule files. The content of these files should match the files the
474# OpenStack services are using to determine role based access control in the
475# target installation.
476
477# Path to directory containing policy.json files
478#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
479
480POLICY_FILES_PATH = '/etc/openstack-dashboard'
481
482# Map of local copy of service policy files.
483# Please insure that your identity policy file matches the one being used on
484# your keystone servers. There is an alternate policy file that may be used
485# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
486# This file is not included in the Horizon repository by default but can be
487# found at
488# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
489# policy.v3cloudsample.json
490# Having matching policy files on the Horizon and Keystone servers is essential
491# for normal operation. This holds true for all services and their policy files.
492#POLICY_FILES = {
493# 'identity': 'keystone_policy.json',
494# 'compute': 'nova_policy.json',
495# 'volume': 'cinder_policy.json',
496# 'image': 'glance_policy.json',
497# 'orchestration': 'heat_policy.json',
498# 'network': 'neutron_policy.json',
499# 'telemetry': 'ceilometer_policy.json',
500#}
501#POLICY_FILES = {
502# 'identity': 'keystone_policy.json',
503# 'compute': 'nova_policy.json'
504#}
505
506# TODO: (david-lyle) remove when plugins support adding settings.
507# Note: Only used when trove-dashboard plugin is configured to be used by
508# Horizon.
509# Trove user and database extension support. By default support for
510# creating users and databases on database instances is turned on.
511# To disable these extensions set the permission here to something
512# unusable such as ["!"].
513#TROVE_ADD_USER_PERMS = []
514#TROVE_ADD_DATABASE_PERMS = []
515
516# Change this patch to the appropriate static directory containing
517# two files: _variables.scss and _styles.scss
518#CUSTOM_THEME_PATH = 'themes/default'
519
520LOGGING = {
521 'version': 1,
522 # When set to True this will disable all logging except
523 # for loggers specified in this configuration dictionary. Note that
524 # if nothing is specified here and disable_existing_loggers is True,
525 # django.db.backends will still log unless it is disabled explicitly.
526 'disable_existing_loggers': False,
527 'formatters': {
528 'verbose': {
529 'format': '%(asctime)s %(process)d %(levelname)s %(name)s '
530 '%(message)s'
531 },
532 'normal': {
533 'format': 'dashboard-%(name)s: %(levelname)s %(message)s'
534 },
535 },
536 'handlers': {
537 'null': {
538 'level': 'DEBUG',
539 'class': 'django.utils.log.NullHandler',
540 },
541 'console': {
542 # Set the level to "DEBUG" for verbose output logging.
543 'level': 'INFO',
544 'class': 'logging.StreamHandler',
545 },
546 'file': {
547 'level': 'INFO',
548 'class': 'logging.FileHandler',
549 'filename': '/var/log/horizon/horizon.log',
550 'formatter': 'verbose',
551 },
552 },
553 'loggers': {
554 # Logging from django.db.backends is VERY verbose, send to null
555 # by default.
556 'django.db.backends': {
557 'handlers': ['null'],
558 'propagate': False,
559 },
560 'requests': {
561 'handlers': ['null'],
562 'propagate': False,
563 },
564 'horizon': {
565 # 'handlers': ['console'],
566 'handlers': ['file'],
567 # 'level': 'DEBUG',
568 'level': 'INFO',
569 'propagate': False,
570 },
571 'openstack_dashboard': {
572 # 'handlers': ['console'],
573 'handlers': ['file'],
574 # 'level': 'DEBUG',
575 'level': 'INFO',
576 'propagate': False,
577 },
578 'novaclient': {
579 # 'handlers': ['console'],
580 'handlers': ['file'],
581 # 'level': 'DEBUG',
582 'level': 'INFO',
583 'propagate': False,
584 },
585 'cinderclient': {
586 # 'handlers': ['console'],
587 'handlers': ['file'],
588 # 'level': 'DEBUG',
589 'level': 'INFO',
590 'propagate': False,
591 },
592 'keystoneclient': {
593 # 'handlers': ['console'],
594 'handlers': ['file'],
595 # 'level': 'DEBUG',
596 'level': 'INFO',
597 'propagate': False,
598 },
599 'glanceclient': {
600 # 'handlers': ['console'],
601 'handlers': ['file'],
602 # 'level': 'DEBUG',
603 'level': 'INFO',
604 'propagate': False,
605 },
606 'neutronclient': {
607 # 'handlers': ['console'],
608 'handlers': ['file'],
609 # 'level': 'DEBUG',
610 'level': 'INFO',
611 'propagate': False,
612 },
613 'heatclient': {
614 # 'handlers': ['console'],
615 'handlers': ['file'],
616 # 'level': 'DEBUG',
617 'level': 'INFO',
618 'propagate': False,
619 },
620 'ceilometerclient': {
621 # 'handlers': ['console'],
622 'handlers': ['file'],
623 # 'level': 'DEBUG',
624 'level': 'INFO',
625 'propagate': False,
626 },
627 'troveclient': {
628 # 'handlers': ['console'],
629 'handlers': ['file'],
630 # 'level': 'DEBUG',
631 'level': 'INFO',
632 'propagate': False,
633 },
634 'swiftclient': {
635 # 'handlers': ['console'],
636 'handlers': ['file'],
637 # 'level': 'DEBUG',
638 'level': 'INFO',
639 'propagate': False,
640 },
641 'openstack_auth': {
642 # 'handlers': ['console'],
643 'handlers': ['file'],
644 # 'level': 'DEBUG',
645 'level': 'INFO',
646 'propagate': False,
647 },
648 'nose.plugins.manager': {
649 # 'handlers': ['console'],
650 'handlers': ['file'],
651 # 'level': 'DEBUG',
652 'level': 'INFO',
653 'propagate': False,
654 },
655 'django': {
656 # 'handlers': ['console'],
657 'handlers': ['file'],
658 # 'level': 'DEBUG',
659 'level': 'INFO',
660 'propagate': False,
661 },
662 }
663}
664
665# 'direction' should not be specified for all_tcp/udp/icmp.
666# It is specified in the form.
667SECURITY_GROUP_RULES = {
668 'all_tcp': {
669 'name': 'ALL TCP',
670 'ip_protocol': 'tcp',
671 'from_port': '1',
672 'to_port': '65535',
673 },
674 'all_udp': {
675 'name': 'ALL UDP',
676 'ip_protocol': 'udp',
677 'from_port': '1',
678 'to_port': '65535',
679 },
680 'all_icmp': {
681 'name': 'ALL ICMP',
682 'ip_protocol': 'icmp',
683 'from_port': '-1',
684 'to_port': '-1',
685 },
686 'ssh': {
687 'name': 'SSH',
688 'ip_protocol': 'tcp',
689 'from_port': '22',
690 'to_port': '22',
691 },
692 'smtp': {
693 'name': 'SMTP',
694 'ip_protocol': 'tcp',
695 'from_port': '25',
696 'to_port': '25',
697 },
698 'dns': {
699 'name': 'DNS',
700 'ip_protocol': 'tcp',
701 'from_port': '53',
702 'to_port': '53',
703 },
704 'http': {
705 'name': 'HTTP',
706 'ip_protocol': 'tcp',
707 'from_port': '80',
708 'to_port': '80',
709 },
710 'pop3': {
711 'name': 'POP3',
712 'ip_protocol': 'tcp',
713 'from_port': '110',
714 'to_port': '110',
715 },
716 'imap': {
717 'name': 'IMAP',
718 'ip_protocol': 'tcp',
719 'from_port': '143',
720 'to_port': '143',
721 },
722 'ldap': {
723 'name': 'LDAP',
724 'ip_protocol': 'tcp',
725 'from_port': '389',
726 'to_port': '389',
727 },
728 'https': {
729 'name': 'HTTPS',
730 'ip_protocol': 'tcp',
731 'from_port': '443',
732 'to_port': '443',
733 },
734 'smtps': {
735 'name': 'SMTPS',
736 'ip_protocol': 'tcp',
737 'from_port': '465',
738 'to_port': '465',
739 },
740 'imaps': {
741 'name': 'IMAPS',
742 'ip_protocol': 'tcp',
743 'from_port': '993',
744 'to_port': '993',
745 },
746 'pop3s': {
747 'name': 'POP3S',
748 'ip_protocol': 'tcp',
749 'from_port': '995',
750 'to_port': '995',
751 },
752 'ms_sql': {
753 'name': 'MS SQL',
754 'ip_protocol': 'tcp',
755 'from_port': '1433',
756 'to_port': '1433',
757 },
758 'mysql': {
759 'name': 'MYSQL',
760 'ip_protocol': 'tcp',
761 'from_port': '3306',
762 'to_port': '3306',
763 },
764 'rdp': {
765 'name': 'RDP',
766 'ip_protocol': 'tcp',
767 'from_port': '3389',
768 'to_port': '3389',
769 },
770}
771
772SESSION_TIMEOUT = 1800
773
774# The Ubuntu package includes pre-compressed JS and compiled CSS to allow
775# offline compression by default. To enable online compression, install
776# the python-lesscpy package and disable the following option.
777COMPRESS_OFFLINE = True
778
779# For Glance image upload, Horizon uses the file upload support from Django
780# so we add this option to change the directory where uploaded files are temporarily
781# stored until they are loaded into Glance.
782FILE_UPLOAD_TEMP_DIR = '/tmp'
783
784# The default date range in the Overview panel meters - either <today> minus N
785# days (if the value is integer N), or from the beginning of the current month
786# until today (if set to None). This setting should be used to limit the amount
787# of data fetched by default when rendering the Overview panel.
788# OVERVIEW_DAYS_RANGE = None
789
790
791# Deprecation Notice:
792#
793# The setting FLAVOR_EXTRA_KEYS has been deprecated.
794# Please load extra spec metadata into the Glance Metadata Definition Catalog.
795#
796# The sample quota definitions can be found in:
797# <glance_source>/etc/metadefs/compute-quota.json
798#
799# The metadata definition catalog supports CLI and API:
800# $glance --os-image-api-version 2 help md-namespace-import
801# $glance-manage db_load_metadefs <directory_with_definition_files>
802#
803# See Metadata Definitions on: http://docs.openstack.org/developer/glance/
804
805# TODO: (david-lyle) remove when plugins support settings natively
806# Note: This is only used when the Sahara plugin is configured and enabled
807# for use in Horizon.
808# Indicate to the Sahara data processing service whether or not
809# automatic floating IP allocation is in effect. If it is not
810# in effect, the user will be prompted to choose a floating IP
811# pool for use in their cluster. False by default. You would want
812# to set this to True if you were running Nova Networking with
813# auto_assign_floating_ip = True.
814#SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
815
816# The hash algorithm to use for authentication tokens. This must
817# match the hash algorithm that the identity server and the
818# auth_token middleware are using. Allowed values are the
819# algorithms supported by Python's hashlib library.
820#OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
821
822# Hashing tokens from Keystone keeps the Horizon session data smaller, but it
823# doesn't work in some cases when using PKI tokens. Uncomment this value and
824# set it to False if using PKI tokens and there are 401 errors due to token
825# hashing.
826#OPENSTACK_TOKEN_HASH_ENABLED = True
827
828# AngularJS requires some settings to be made available to
829# the client side. Some settings are required by in-tree / built-in horizon
830# features. These settings must be added to REST_API_REQUIRED_SETTINGS in the
831# form of ['SETTING_1','SETTING_2'], etc.
832#
833# You may remove settings from this list for security purposes, but do so at
834# the risk of breaking a built-in horizon feature. These settings are required
835# for horizon to function properly. Only remove them if you know what you
836# are doing. These settings may in the future be moved to be defined within
837# the enabled panel configuration.
838# You should not add settings to this list for out of tree extensions.
839# See: https://wiki.openstack.org/wiki/Horizon/RESTAPI
840REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
841 'LAUNCH_INSTANCE_DEFAULTS',
842 'OPENSTACK_IMAGE_FORMATS']
843
844# Additional settings can be made available to the client side for
845# extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS
846# !! Please use extreme caution as the settings are transferred via HTTP/S
847# and are not encrypted on the browser. This is an experimental API and
848# may be deprecated in the future without notice.
849#REST_API_ADDITIONAL_SETTINGS = []
850
851# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
852# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
853# Scripting (XFS) vulnerability, so this option allows extra security hardening
854# where iframes are not used in deployment. Default setting is True.
855# For more information see:
856# http://tinyurl.com/anticlickjack
857#DISALLOW_IFRAME_EMBED = True