· 7 years ago · May 22, 2018, 10:20 PM
1ardana@ardana-qe201-cp1-c0-m1-mgmt:~/openstack/my_cloud/config/horizon> cat local_settings.py
2#
3# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
4# (c) Copyright 2017-2018 SUSE LLC
5#
6# Licensed under the Apache License, Version 2.0 (the "License");
7# you may not use this file except in compliance with the License.
8# You may obtain a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS,
14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
15# implied.
16# See the License for the specific language governing permissions and
17# limitations under the License.
18
19import os
20
21from openstack_dashboard import exceptions
22from openstack_dashboard.settings import HORIZON_CONFIG
23
24DEBUG = False
25COMPRESS_OFFLINE = True
26_LOG_LEVEL = '{{ horizon_log_level }}'
27
28STATIC_ROOT = '{{ horizon_static_dir }}'
29
30ALLOWED_HOSTS = ['*']
31
32# Enable the angular work in Kilo that reimplements 'launch instance',
33# and disable the legacy Django implementation.
34LAUNCH_INSTANCE_LEGACY_ENABLED = False
35LAUNCH_INSTANCE_NG_ENABLED = True
36
37with open('{{ horizon_conf_dir }}/.secret_key_store', 'r') as f:
38 SECRET_KEY = f.read()
39
40#TODO Modify this link to current doc path
41HORIZON_CONFIG['help_url'] = "https://www.suse.com/documentation/suse-openstack-cloud-7"
42
43# Turn off browser autocompletion for forms including the login form and
44# the database creation workflow if so desired.
45HORIZON_CONFIG["password_autocomplete"] = False
46
47# Setting this to True will disable the reveal button for password fields,
48# including on the login form.
49HORIZON_CONFIG["disable_password_reveal"] = True
50
51CACHES = {
52 'default': {
53 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'
54 }
55}
56
57
58# Send email to the console by default
59EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
60
61# Enable/Disable Keystone V3 with multi-domain support
62OPENSTACK_API_VERSIONS = {
63 "identity": 3,
64}
65OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
66OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
67
68OPENSTACK_ENDPOINT_TYPE = "{{ horizon_openstack_endpoint_type }}"
69OPENSTACK_SSL_CACERT = "{{ trusted_ca_bundle }}"
70# The CA certificate for the external endpoints
71ARDANA_EXTERNAL_SSL_CACERT = "{{ external_cacert_filename }}"
72
73# HORI-3288: set SECURE_PROXY_SSL_HEADER
74SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTOCOL", "https")
75
76{% if horizon_public_protocol == 'https' -%}
77 {% if horizon_private_protocol == 'https' %}
78# http://docs.openstack.org/security-guide/dashboard/checklist.html
79USE_SSL = True
80# Set SECURE for csrf and session cookies so they're only sent
81# over HTTPS connections.
82CSRF_COOKIE_SECURE = True
83SESSION_COOKIE_SECURE = True
84# Harden cookies to prevent XSS attacks
85SESSION_COOKIE_HTTPONLY = True
86 {% else %}
87# WARNING - Horizon is configured such that its public endpoint is
88# behind HTTPS but its internal one is not. It is strongly recommended
89# that the internal endpoint be secured, and the settings below set to True.
90# They cannot be set unless BOTH endpoints are secured.
91CSRF_COOKIE_SECURE = False
92SESSION_COOKIE_SECURE = False
93 {% endif %}
94{%- endif %}
95
96OPENSTACK_KEYSTONE_URL = "{{ horizon_keystone_url }}"
97
98OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
99
100OPENSTACK_KEYSTONE_BACKEND = {
101 'name': 'native',
102 'can_edit_user': True,
103 'can_edit_group': True,
104 'can_edit_project': True,
105 'can_edit_domain': True,
106 'can_edit_role': True
107}
108
109OPENSTACK_HYPERVISOR_FEATURES = {
110 'can_set_mount_point': True,
111
112 # NOTE: as of Grizzly this is not yet supported in Nova so enabling this
113 # setting will not do anything useful
114 'can_encrypt_volumes': False
115}
116
117
118# HORI-4120 - setting enable_quotas to False, or not including it
119# will result in Create Network, Create Subnet, Create Router buttons
120# not showing up
121#
122# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
123# services provided by neutron. Options currently available are load
124# balancer service, security groups, quotas, VPN service.
125OPENSTACK_NEUTRON_NETWORK = {
126 'enable_router': True,
127 'enable_quotas': True,
128 'enable_ipv6': True,
129 'enable_distributed_router': False,
130 'enable_ha_router': False,
131 'enable_lb': True,
132 'enable_fip_topology_check': True,
133
134 # Set which provider network types are supported. Only the network types
135 # in this list will be available to choose from when creating a network.
136 # Network types include local, flat, vlan, gre, and vxlan.
137 'supported_provider_types': ['*'],
138
139 # Set which VNIC types are supported for port binding. Only the VNIC
140 # types in this list will be available to choose from when creating a
141 # port.
142 # VNIC types include 'normal', 'macvtap' and 'direct'.
143 # Set to empty list or None to disable VNIC type selection.
144 'supported_vnic_types': ['*']
145}
146
147API_RESULT_LIMIT = 1000
148API_RESULT_PAGE_SIZE = 20
149
150SWIFT_FILE_TRANSFER_CHUNK_SIZE = 1024 * 1024
151
152DROPDOWN_MAX_ITEMS = 30
153
154TIME_ZONE = "UTC"
155
156SITE_BRANDING = 'SUSE Ardana OpenStack'
157
158AVAILABLE_THEMES = [
159 ('default', 'Default', 'themes/default'),
160]
161
162DEFAULT_THEME = 'default'
163
164OPENSTACK_CINDER_FEATURES = {
165 'enable_backup': True,
166}
167
168SESSION_ENGINE = 'django.contrib.sessions.backends.db'
169
170DATABASES = {
171 'default': {
172 'ENGINE': 'django.db.backends.mysql',
173 'HOST': '{{ mysql.host }}',
174 'NAME': '{{ mysql.horizon_db }}',
175 'USER': '{{ mysql.horizon_user }}',
176 'PASSWORD': '{{ mysql.horizon_password }}',
177 {% if mysql.use_ssl | bool %}
178 'OPTIONS': {'ssl': {'ca': '{{ ca_file}}' }},
179 {% endif %}
180 }
181}
182
183LOGGING = {
184 'version': 1,
185 # When set to True this will disable all logging except
186 # for loggers specified in this configuration dictionary. Note that
187 # if nothing is specified here and disable_existing_loggers is True,
188 # django.db.backends will still log unless it is disabled explicitly.
189 'disable_existing_loggers': False,
190 'formatters': {
191 'context': {
192 'datefmt': '%Y-%m-%d %H:%M:%S',
193 'format': '%(asctime)s.%(msecs)03d %(process)d %(levelname)s ' +
194 '%(name)s %(message)s'
195 },
196 'logstash': {
197 '()': 'logstash.LogstashFormatterVersion1',
198 'message_type': 'horizon'
199 },
200 },
201 'handlers': {
202 'null': {
203 'level': 'INFO',
204 'class': 'logging.NullHandler',
205 },
206 'console': {
207 # Set the level to "DEBUG" for verbose output logging.
208 'formatter': 'context',
209 'level': _LOG_LEVEL,
210 'class': 'logging.StreamHandler',
211 },
212 'logstash': {
213 'formatter': 'logstash',
214 'class': 'logging.handlers.WatchedFileHandler',
215 'level': _LOG_LEVEL,
216 'filename': '/var/log/horizon/horizon-json.log',
217 },
218 },
219 'loggers': {
220 # Logging from django.db.backends is VERY verbose, send to null
221 # by default.
222 'django.db.backends': {
223 'handlers': ['null'],
224 'propagate': False,
225 },
226 'requests': {
227 'handlers': ['null'],
228 'propagate': False,
229 },
230 'iso8601': {
231 'handlers': ['null'],
232 'propagate': False,
233 },
234 'scss': {
235 'handlers': ['null'],
236 'propagate': False,
237 },
238 '': {
239 'handlers': ['console', 'logstash'],
240 'level': _LOG_LEVEL,
241 'propagate': False,
242 },
243 }
244}
245
246
247# If running management commands, don't initialize the full logging palava
248if os.environ.get('HORIZON_LOG_TO_CONSOLE', None):
249 LOGGING = {
250 'version': 1,
251 'formatters': {
252 'logstash': {
253 '()': 'logstash.LogstashFormatterVersion1',
254 'message_type': 'horizon-management'
255 }
256 },
257 'handlers': {
258 'console': {
259 'level': _LOG_LEVEL,
260 'class': 'logging.StreamHandler',
261 },
262 'logstash': {
263 'formatter': 'logstash',
264 'class': 'logging.handlers.WatchedFileHandler',
265 'level': _LOG_LEVEL,
266 'filename': '/var/log/horizon/management/management-json.log'
267 }
268 },
269 'loggers': {
270 '': {
271 'handlers': ['console', 'logstash'],
272 'level': _LOG_LEVEL,
273 'propagate': False
274 }
275 }
276 }
277
278WEBSSO_ENABLED = {{ horizon_websso_enabled }}
279WEBSSO_CHOICES = (
280("credentials", "Keystone Credentials"),
281{% for choice in horizon_websso_choices %}
282("{{ choice.protocol }}", "{{ choice.description }}"),
283{% endfor %}
284)
285WEBSSO_KEYSTONE_URL = "{{ horizon_websso_keystone_url }}"
286
287# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
288# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
289# Scripting (XFS) vulnerability, so this option allows extra security hardening
290# where iframes are not used in deployment. Default setting is True.
291# For more information see:
292# http://tinyurl.com/anticlickjack
293DISALLOW_IFRAME_EMBED = True
294
295REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
296 'LAUNCH_INSTANCE_DEFAULTS',
297 'OPENSTACK_IMAGE_FORMATS']
298ardana@ardana-qe201-cp1-c0-m1-mgmt:~/openstack/my_cloud/config/horizon>