· 6 years ago · Sep 04, 2019, 11:24 AM
1# -*- coding: utf-8 -*-
2
3import os
4
5from django.utils.translation import ugettext_lazy as _
6
7from horizon.utils import secret_key
8
9from openstack_dashboard.settings import HORIZON_CONFIG
10
11DEBUG = False
12
13WEBROOT = '/'
14#LOGIN_URL = WEBROOT + 'auth/login/'
15#LOGOUT_URL = WEBROOT + 'auth/logout/'
16#LOGIN_ERROR = WEBROOT + 'auth/error/'
17#
18# LOGIN_REDIRECT_URL can be used as an alternative for
19# HORIZON_CONFIG.user_home, if user_home is not set.
20# Do not set it to '/home/', as this will cause circular redirect loop
21#LOGIN_REDIRECT_URL = WEBROOT
22
23# If horizon is running in production (DEBUG is False), set this
24# with the list of host/domain names that the application can serve.
25# For more information see:
26# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
27#ALLOWED_HOSTS = ['horizon.example.com', ]
28ALLOWED_HOSTS = ['10.0.0.18', '127.0.0.1']
29# Set SSL proxy settings:
30# Pass this header from the proxy after terminating the SSL,
31# and don't forget to strip it from the client's request.
32# For more information see:
33# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
34#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
35
36# If Horizon is being served through SSL, then uncomment the following two
37# settings to better secure the cookies from security exploits
38#CSRF_COOKIE_SECURE = True
39#SESSION_COOKIE_SECURE = True
40
41# The absolute path to the directory where message files are collected.
42# The message file must have a .json file extension. When the user logins to
43# horizon, the message files collected are processed and displayed to the user.
44#MESSAGES_PATH=None
45
46# Overrides for OpenStack API versions. Use this setting to force the
47# OpenStack dashboard to use a specific API version for a given service API.
48# Versions specified here should be integers or floats, not strings.
49# NOTE: The version should be formatted as it appears in the URL for the
50# service API. For example, The identity service APIs have inconsistent
51# use of the decimal point, so valid options would be 2.0 or 3.
52# Minimum compute version to get the instance locked status is 2.9.
53OPENSTACK_API_VERSIONS = {
54 "identity": 3,
55 "image": 2,
56 "volume": 3,
57}
58
59# Set this to True if running on a multi-domain model. When this is enabled, it
60# will require the user to enter the Domain name in addition to the username
61# for login.
62OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
63OPENSTACK_HOST = "controller"
64# Set this to True if you want available domains displayed as a dropdown menu
65# on the login screen. It is strongly advised NOT to enable this for public
66# clouds, as advertising enabled domains to unauthenticated customers
67# irresponsibly exposes private information. This should only be used for
68# private clouds where the dashboard sits behind a corporate firewall.
69OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = False
70
71# If OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN is enabled, this option can be used to
72# set the available domains to choose from. This is a list of pairs whose first
73# value is the domain name and the second is the display name.
74#OPENSTACK_KEYSTONE_DOMAIN_CHOICES = (
75# ('Default', 'Default'),
76#)
77
78# Overrides the default domain used when running on single-domain model
79# with Keystone V3. All entities will be created in the default domain.
80# NOTE: This value must be the name of the default domain, NOT the ID.
81# Also, you will most likely have a value in the keystone policy file like this
82# "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
83# This value must be the name of the domain whose ID is specified there.
84OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
85OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
86
87# Set this to True to enable panels that provide the ability for users to
88# manage Identity Providers (IdPs) and establish a set of rules to map
89# federation protocol attributes to Identity API attributes.
90# This extension requires v3.0+ of the Identity API.
91#OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False
92
93# Set Console type:
94# valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL", "MKS"
95# or None. Set to None explicitly if you want to deactivate the console.
96#CONSOLE_TYPE = "AUTO"
97
98# Toggle showing the openrc file for Keystone V2.
99# If set to false the link will be removed from the user dropdown menu
100# and the API Access page
101#SHOW_KEYSTONE_V2_RC = False
102
103# Controls whether the keystone openrc file is accesible from the user
104# menu and the api access panel.
105SHOW_OPENRC_FILE = True
106
107# Controls whether clouds.yaml is accesible from the user
108# menu and the api access panel.
109SHOW_OPENSTACK_CLOUDS_YAML = True
110
111# If provided, a "Report Bug" link will be displayed in the site header
112# which links to the value of this setting (ideally a URL containing
113# information on how to report issues).
114#HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
115
116# Show backdrop element outside the modal, do not close the modal
117# after clicking on backdrop.
118#HORIZON_CONFIG["modal_backdrop"] = "static"
119
120# Specify a regular expression to validate user passwords.
121#HORIZON_CONFIG["password_validator"] = {
122# "regex": '.*',
123# "help_text": _("Your password does not meet the requirements."),
124#}
125
126# Turn off browser autocompletion for forms including the login form and
127# the database creation workflow if so desired.
128#HORIZON_CONFIG["password_autocomplete"] = "off"
129
130# Setting this to True will disable the reveal button for password fields,
131# including on the login form.
132#HORIZON_CONFIG["disable_password_reveal"] = False
133
134LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
135
136# Set custom secret key:
137# You can either set it to a specific value or you can let horizon generate a
138# default secret key that is unique on this machine, e.i. regardless of the
139# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,
140# there may be situations where you would want to set this explicitly, e.g.
141# when multiple dashboard instances are distributed on different machines
142# (usually behind a load-balancer). Either you have to make sure that a session
143# gets all requests routed to the same dashboard instance or you set the same
144# SECRET_KEY for all of them.
145SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key')
146
147# We recommend you use memcached for development; otherwise after every reload
148# of the django development server, you will have to login again. To use
149# memcached set CACHES to something like below.
150# For more information, see
151# https://docs.djangoproject.com/en/1.11/topics/http/sessions/.
152#
153#SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
154#
155#CACHES = {
156# 'default': {
157# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
158# 'LOCATION': 'controller:11211',
159# }
160#}
161
162SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
163
164CACHES = {
165 'default': {
166 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
167 'LOCATION': 'controller:11211',
168 }
169}
170
171#CACHES = {
172# 'default': {
173# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
174# }
175#}
176
177# If you use ``tox -e runserver`` for developments,then configure
178# SESSION_ENGINE to django.contrib.sessions.backends.signed_cookies
179# as shown below:
180#SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
181
182
183# Send email to the console by default
184EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
185# Or send them to /dev/null
186#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
187
188# Configure these for your outgoing email host
189#EMAIL_HOST = 'smtp.my-company.com'
190#EMAIL_PORT = 25
191#EMAIL_HOST_USER = 'djangomail'
192#EMAIL_HOST_PASSWORD = 'top-secret!'
193
194# For multiple regions uncomment this configuration, and add (endpoint, title).
195#AVAILABLE_REGIONS = [
196# ('http://cluster1.example.com:5000/v3', 'cluster1'),
197# ('http://cluster2.example.com:5000/v3', 'cluster2'),
198#]
199
200OPENSTACK_HOST = "controller"
201OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
202
203# For setting the default service region on a per-endpoint basis. Note that the
204# default value for this setting is {}, and below is just an example of how it
205# should be specified.
206# A key of '*' is an optional global default if no other key matches.
207#DEFAULT_SERVICE_REGIONS = {
208# '*': 'RegionOne'
209# OPENSTACK_KEYSTONE_URL: 'RegionTwo'
210#}
211
212# Enables keystone web single-sign-on if set to True.
213#WEBSSO_ENABLED = False
214
215# Authentication mechanism to be selected as default.
216# The value must be a key from WEBSSO_CHOICES.
217#WEBSSO_INITIAL_CHOICE = "credentials"
218
219# The list of authentication mechanisms which include keystone
220# federation protocols and identity provider/federation protocol
221# mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol
222# IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID
223# Connect respectively.
224# Do not remove the mandatory credentials mechanism.
225# Note: The last two tuples are sample mapping keys to a identity provider
226# and federation protocol combination (WEBSSO_IDP_MAPPING).
227#WEBSSO_CHOICES = (
228# ("credentials", _("Keystone Credentials")),
229# ("oidc", _("OpenID Connect")),
230# ("saml2", _("Security Assertion Markup Language")),
231# ("acme_oidc", "ACME - OpenID Connect"),
232# ("acme_saml2", "ACME - SAML2"),
233#)
234
235# A dictionary of specific identity provider and federation protocol
236# combinations. From the selected authentication mechanism, the value
237# will be looked up as keys in the dictionary. If a match is found,
238# it will redirect the user to a identity provider and federation protocol
239# specific WebSSO endpoint in keystone, otherwise it will use the value
240# as the protocol_id when redirecting to the WebSSO by protocol endpoint.
241# NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>).
242#WEBSSO_IDP_MAPPING = {
243# "acme_oidc": ("acme", "oidc"),
244# "acme_saml2": ("acme", "saml2"),
245#}
246
247# Enables redirection on login to the identity provider defined on
248# WEBSSO_DEFAULT_REDIRECT_PROTOCOL and WEBSSO_DEFAULT_REDIRECT_REGION
249#WEBSSO_DEFAULT_REDIRECT = False
250
251# Specifies the protocol to use for default redirection on login
252#WEBSSO_DEFAULT_REDIRECT_PROTOCOL = None
253
254# Specifies the region to which the connection will be established on login
255#WEBSSO_DEFAULT_REDIRECT_REGION = OPENSTACK_KEYSTONE_URL
256
257# Enables redirection on logout to the method specified on the identity provider.
258# Once logout the client will be redirected to the address specified in this
259# variable.
260#WEBSSO_DEFAULT_REDIRECT_LOGOUT = None
261
262# If set this URL will be used for web single-sign-on authentication
263# instead of OPENSTACK_KEYSTONE_URL. This is needed in the deployment
264# scenarios where network segmentation is used per security requirement.
265# In this case, the controllers are not reachable from public network.
266# Therefore, user's browser will not be able to access OPENSTACK_KEYSTONE_URL
267# if it is set to the internal endpoint.
268#WEBSSO_KEYSTONE_URL = "http://keystone-public.example.com/v3"
269
270# The Keystone Provider drop down uses Keystone to Keystone federation
271# to switch between Keystone service providers.
272# Set display name for Identity Provider (dropdown display name)
273#KEYSTONE_PROVIDER_IDP_NAME = "Local Keystone"
274# This id is used for only for comparison with the service provider IDs. This ID
275# should not match any service provider IDs.
276#KEYSTONE_PROVIDER_IDP_ID = "localkeystone"
277
278# Disable SSL certificate checks (useful for self-signed certificates):
279#OPENSTACK_SSL_NO_VERIFY = True
280
281# The CA certificate to use to verify SSL connections
282#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
283
284# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
285# capabilities of the auth backend for Keystone.
286# If Keystone has been configured to use LDAP as the auth backend then set
287# can_edit_user to False and name to 'ldap'.
288#
289# TODO(tres): Remove these once Keystone has an API to identify auth backend.
290#OPENSTACK_KEYSTONE_BACKEND = {
291# 'name': 'native',
292# 'can_edit_user': True,
293# 'can_edit_group': True,
294# 'can_edit_project': True,
295# 'can_edit_domain': True,
296# 'can_edit_role': True,
297#}
298
299# Setting this to True, will add a new "Retrieve Password" action on instance,
300# allowing Admin session password retrieval/decryption.
301#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
302
303# The Launch Instance user experience has been significantly enhanced.
304# You can choose whether to enable the new launch instance experience,
305# the legacy experience, or both. The legacy experience will be removed
306# in a future release, but is available as a temporary backup setting to ensure
307# compatibility with existing deployments. Further development will not be
308# done on the legacy experience. Please report any problems with the new
309# experience via the Launchpad tracking system.
310#
311# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
312# determine the experience to enable. Set them both to true to enable
313# both.
314#LAUNCH_INSTANCE_LEGACY_ENABLED = True
315#LAUNCH_INSTANCE_NG_ENABLED = False
316
317# A dictionary of settings which can be used to provide the default values for
318# properties found in the Launch Instance modal.
319#LAUNCH_INSTANCE_DEFAULTS = {
320# 'config_drive': False,
321# 'enable_scheduler_hints': True,
322# 'disable_image': False,
323# 'disable_instance_snapshot': False,
324# 'disable_volume': False,
325# 'disable_volume_snapshot': False,
326# 'create_volume': True,
327#}
328
329# The Xen Hypervisor has the ability to set the mount point for volumes
330# attached to instances (other Hypervisors currently do not). Setting
331# can_set_mount_point to True will add the option to set the mount point
332# from the UI.
333OPENSTACK_HYPERVISOR_FEATURES = {
334 'can_set_mount_point': False,
335 'can_set_password': False,
336 'requires_keypair': False,
337 'enable_quotas': True
338}
339
340# This settings controls whether IP addresses of servers are retrieved from
341# neutron in the project instance table. Setting this to ``False`` may mitigate
342# a performance issue in the project instance table in large deployments.
343#OPENSTACK_INSTANCE_RETRIEVE_IP_ADDRESSES = True
344
345# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
346# services provided by cinder that is not exposed by its extension API.
347OPENSTACK_CINDER_FEATURES = {
348 'enable_backup': False,
349}
350
351# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
352# services provided by neutron. Options currently available are load
353# balancer service, security groups, quotas, VPN service.
354#OPENSTACK_NEUTRON_NETWORK = {
355# 'enable_router': True,
356# 'enable_quotas': True,
357# 'enable_ipv6': True,
358# 'enable_distributed_router': False,
359# 'enable_ha_router': False,
360# 'enable_fip_topology_check': True,
361
362 # Default dns servers you would like to use when a subnet is
363 # created. This is only a default, users can still choose a different
364 # list of dns servers when creating a new subnet.
365 # The entries below are examples only, and are not appropriate for
366 # real deployments
367 # 'default_dns_nameservers': ["8.8.8.8", "8.8.4.4", "208.67.222.222"],
368
369 # Set which provider network types are supported. Only the network types
370 # in this list will be available to choose from when creating a network.
371 # Network types include local, flat, vlan, gre, vxlan and geneve.
372 # 'supported_provider_types': ['*'],
373
374 # You can configure available segmentation ID range per network type
375 # in your deployment.
376 # 'segmentation_id_range': {
377 # 'vlan': [1024, 2048],
378 # 'vxlan': [4094, 65536],
379 # },
380
381 # You can define additional provider network types here.
382 # 'extra_provider_types': {
383 # 'awesome_type': {
384 # 'display_name': 'Awesome New Type',
385 # 'require_physical_network': False,
386 # 'require_segmentation_id': True,
387 # }
388 # },
389
390 # Set which VNIC types are supported for port binding. Only the VNIC
391 # types in this list will be available to choose from when creating a
392 # port.
393 # VNIC types include 'normal', 'direct', 'direct-physical', 'macvtap',
394 # 'baremetal' and 'virtio-forwarder'
395 # Set to empty list or None to disable VNIC type selection.
396 # 'supported_vnic_types': ['*'],
397
398 # Set list of available physical networks to be selected in the physical
399 # network field on the admin create network modal. If it's set to an empty
400 # list, the field will be a regular input field.
401 # e.g. ['default', 'test']
402 # 'physical_networks': [],
403
404#}
405
406OPENSTACK_NEUTRON_NETWORK = {
407 'enable_router': False,
408 'enable_quotas': False,
409 'enable_ipv6': False,
410 'enable_distributed_router': False,
411 'enable_ha_router': False,
412 'enable_lb': False,
413 'enable_firewall': False,
414 'enable_vpn': False,
415 'enable_fip_topology_check': False,
416}
417
418# The OPENSTACK_HEAT_STACK settings can be used to disable password
419# field required while launching the stack.
420OPENSTACK_HEAT_STACK = {
421 'enable_user_pass': True,
422}
423
424# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
425# in the OpenStack Dashboard related to the Image service, such as the list
426# of supported image formats.
427#OPENSTACK_IMAGE_BACKEND = {
428# 'image_formats': [
429# ('', _('Select format')),
430# ('aki', _('AKI - Amazon Kernel Image')),
431# ('ami', _('AMI - Amazon Machine Image')),
432# ('ari', _('ARI - Amazon Ramdisk Image')),
433# ('docker', _('Docker')),
434# ('iso', _('ISO - Optical Disk Image')),
435# ('ova', _('OVA - Open Virtual Appliance')),
436# ('qcow2', _('QCOW2 - QEMU Emulator')),
437# ('raw', _('Raw')),
438# ('vdi', _('VDI - Virtual Disk Image')),
439# ('vhd', _('VHD - Virtual Hard Disk')),
440# ('vhdx', _('VHDX - Large Virtual Hard Disk')),
441# ('vmdk', _('VMDK - Virtual Machine Disk')),
442# ],
443#}
444
445# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
446# image custom property attributes that appear on image detail pages.
447IMAGE_CUSTOM_PROPERTY_TITLES = {
448 "architecture": _("Architecture"),
449 "kernel_id": _("Kernel ID"),
450 "ramdisk_id": _("Ramdisk ID"),
451 "image_state": _("Euca2ools state"),
452 "project_id": _("Project ID"),
453 "image_type": _("Image Type"),
454}
455
456# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
457# custom properties should not be displayed in the Image Custom Properties
458# table.
459IMAGE_RESERVED_CUSTOM_PROPERTIES = []
460
461# Set to 'legacy' or 'direct' to allow users to upload images to glance via
462# Horizon server. When enabled, a file form field will appear on the create
463# image form. If set to 'off', there will be no file form field on the create
464# image form. See documentation for deployment considerations.
465#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
466
467# Allow a location to be set when creating or updating Glance images.
468# If using Glance V2, this value should be False unless the Glance
469# configuration and policies allow setting locations.
470#IMAGES_ALLOW_LOCATION = False
471
472# A dictionary of default settings for create image modal.
473#CREATE_IMAGE_DEFAULTS = {
474# 'image_visibility': "public",
475#}
476
477# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
478# in the Keystone service catalog. Use this setting when Horizon is running
479# external to the OpenStack environment. The default is 'publicURL'.
480#OPENSTACK_ENDPOINT_TYPE = "publicURL"
481
482# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
483# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
484# in the Keystone service catalog. Use this setting when Horizon is running
485# external to the OpenStack environment. The default is None. This
486# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
487#SECONDARY_ENDPOINT_TYPE = None
488
489# The number of objects (Swift containers/objects or images) to display
490# on a single page before providing a paging element (a "more" link)
491# to paginate results.
492API_RESULT_LIMIT = 1000
493API_RESULT_PAGE_SIZE = 20
494
495# The size of chunk in bytes for downloading objects from Swift
496SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
497
498# The default number of lines displayed for instance console log.
499INSTANCE_LOG_LENGTH = 35
500
501# Specify a maximum number of items to display in a dropdown.
502DROPDOWN_MAX_ITEMS = 30
503
504# The timezone of the server. This should correspond with the timezone
505# of your entire OpenStack installation, and hopefully be in UTC.
506TIME_ZONE = "UTC"
507
508# When launching an instance, the menu of available flavors is
509# sorted by RAM usage, ascending. If you would like a different sort order,
510# you can provide another flavor attribute as sorting key. Alternatively, you
511# can provide a custom callback method to use for sorting. You can also provide
512# a flag for reverse sort. For more info, see
513# http://docs.python.org/2/library/functions.html#sorted
514#CREATE_INSTANCE_FLAVOR_SORT = {
515# 'key': 'name',
516# # or
517# 'key': my_awesome_callback_method,
518# 'reverse': False,
519#}
520
521# Set this to True to display an 'Admin Password' field on the Change Password
522# form to verify that it is indeed the admin logged-in who wants to change
523# the password.
524#ENFORCE_PASSWORD_CHECK = False
525
526# Modules that provide /auth routes that can be used to handle different types
527# of user authentication. Add auth plugins that require extra route handling to
528# this list.
529#AUTHENTICATION_URLS = [
530# 'openstack_auth.urls',
531#]
532
533# The Horizon Policy Enforcement engine uses these values to load per service
534# policy rule files. The content of these files should match the files the
535# OpenStack services are using to determine role based access control in the
536# target installation.
537
538# Path to directory containing policy.json files
539#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
540
541# Map of local copy of service policy files.
542# Please insure that your identity policy file matches the one being used on
543# your keystone servers. There is an alternate policy file that may be used
544# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
545# This file is not included in the Horizon repository by default but can be
546# found at
547# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
548# policy.v3cloudsample.json
549# Having matching policy files on the Horizon and Keystone servers is essential
550# for normal operation. This holds true for all services and their policy files.
551#POLICY_FILES = {
552# 'identity': 'keystone_policy.json',
553# 'compute': 'nova_policy.json',
554# 'volume': 'cinder_policy.json',
555# 'image': 'glance_policy.json',
556# 'network': 'neutron_policy.json',
557#}
558
559# Change this patch to the appropriate list of tuples containing
560# a key, label and static directory containing two files:
561# _variables.scss and _styles.scss
562#AVAILABLE_THEMES = [
563# ('default', 'Default', 'themes/default'),
564# ('material', 'Material', 'themes/material'),
565# ('example', 'Example', 'themes/example'),
566#]
567
568LOGGING = {
569 'version': 1,
570 # When set to True this will disable all logging except
571 # for loggers specified in this configuration dictionary. Note that
572 # if nothing is specified here and disable_existing_loggers is True,
573 # django.db.backends will still log unless it is disabled explicitly.
574 'disable_existing_loggers': False,
575 # If apache2 mod_wsgi is used to deploy OpenStack dashboard
576 # timestamp is output by mod_wsgi. If WSGI framework you use does not
577 # output timestamp for logging, add %(asctime)s in the following
578 # format definitions.
579 'formatters': {
580 'console': {
581 'format': '%(levelname)s %(name)s %(message)s'
582 },
583 'operation': {
584 # The format of "%(message)s" is defined by
585 # OPERATION_LOG_OPTIONS['format']
586 'format': '%(message)s'
587 },
588 },
589 'handlers': {
590 'null': {
591 'level': 'DEBUG',
592 'class': 'logging.NullHandler',
593 },
594 'console': {
595 # Set the level to "DEBUG" for verbose output logging.
596 'level': 'INFO',
597 'class': 'logging.StreamHandler',
598 'formatter': 'console',
599 },
600 'operation': {
601 'level': 'INFO',
602 'class': 'logging.StreamHandler',
603 'formatter': 'operation',
604 },
605 },
606 'loggers': {
607 'horizon': {
608 'handlers': ['console'],
609 'level': 'DEBUG',
610 'propagate': False,
611 },
612 'horizon.operation_log': {
613 'handlers': ['operation'],
614 'level': 'INFO',
615 'propagate': False,
616 },
617 'openstack_dashboard': {
618 'handlers': ['console'],
619 'level': 'DEBUG',
620 'propagate': False,
621 },
622 'novaclient': {
623 'handlers': ['console'],
624 'level': 'DEBUG',
625 'propagate': False,
626 },
627 'cinderclient': {
628 'handlers': ['console'],
629 'level': 'DEBUG',
630 'propagate': False,
631 },
632 'keystoneauth': {
633 'handlers': ['console'],
634 'level': 'DEBUG',
635 'propagate': False,
636 },
637 'keystoneclient': {
638 'handlers': ['console'],
639 'level': 'DEBUG',
640 'propagate': False,
641 },
642 'glanceclient': {
643 'handlers': ['console'],
644 'level': 'DEBUG',
645 'propagate': False,
646 },
647 'neutronclient': {
648 'handlers': ['console'],
649 'level': 'DEBUG',
650 'propagate': False,
651 },
652 'swiftclient': {
653 'handlers': ['console'],
654 'level': 'DEBUG',
655 'propagate': False,
656 },
657 'oslo_policy': {
658 'handlers': ['console'],
659 'level': 'DEBUG',
660 'propagate': False,
661 },
662 'openstack_auth': {
663 'handlers': ['console'],
664 'level': 'DEBUG',
665 'propagate': False,
666 },
667 'django': {
668 'handlers': ['console'],
669 'level': 'DEBUG',
670 'propagate': False,
671 },
672 # Logging from django.db.backends is VERY verbose, send to null
673 # by default.
674 'django.db.backends': {
675 'handlers': ['null'],
676 'propagate': False,
677 },
678 'requests': {
679 'handlers': ['null'],
680 'propagate': False,
681 },
682 'urllib3': {
683 'handlers': ['null'],
684 'propagate': False,
685 },
686 'chardet.charsetprober': {
687 'handlers': ['null'],
688 'propagate': False,
689 },
690 'iso8601': {
691 'handlers': ['null'],
692 'propagate': False,
693 },
694 'scss': {
695 'handlers': ['null'],
696 'propagate': False,
697 },
698 },
699}
700
701# 'direction' should not be specified for all_tcp/udp/icmp.
702# It is specified in the form.
703SECURITY_GROUP_RULES = {
704 'all_tcp': {
705 'name': _('All TCP'),
706 'ip_protocol': 'tcp',
707 'from_port': '1',
708 'to_port': '65535',
709 },
710 'all_udp': {
711 'name': _('All UDP'),
712 'ip_protocol': 'udp',
713 'from_port': '1',
714 'to_port': '65535',
715 },
716 'all_icmp': {
717 'name': _('All ICMP'),
718 'ip_protocol': 'icmp',
719 'from_port': '-1',
720 'to_port': '-1',
721 },
722 'ssh': {
723 'name': 'SSH',
724 'ip_protocol': 'tcp',
725 'from_port': '22',
726 'to_port': '22',
727 },
728 'smtp': {
729 'name': 'SMTP',
730 'ip_protocol': 'tcp',
731 'from_port': '25',
732 'to_port': '25',
733 },
734 'dns': {
735 'name': 'DNS',
736 'ip_protocol': 'tcp',
737 'from_port': '53',
738 'to_port': '53',
739 },
740 'http': {
741 'name': 'HTTP',
742 'ip_protocol': 'tcp',
743 'from_port': '80',
744 'to_port': '80',
745 },
746 'pop3': {
747 'name': 'POP3',
748 'ip_protocol': 'tcp',
749 'from_port': '110',
750 'to_port': '110',
751 },
752 'imap': {
753 'name': 'IMAP',
754 'ip_protocol': 'tcp',
755 'from_port': '143',
756 'to_port': '143',
757 },
758 'ldap': {
759 'name': 'LDAP',
760 'ip_protocol': 'tcp',
761 'from_port': '389',
762 'to_port': '389',
763 },
764 'https': {
765 'name': 'HTTPS',
766 'ip_protocol': 'tcp',
767 'from_port': '443',
768 'to_port': '443',
769 },
770 'smtps': {
771 'name': 'SMTPS',
772 'ip_protocol': 'tcp',
773 'from_port': '465',
774 'to_port': '465',
775 },
776 'imaps': {
777 'name': 'IMAPS',
778 'ip_protocol': 'tcp',
779 'from_port': '993',
780 'to_port': '993',
781 },
782 'pop3s': {
783 'name': 'POP3S',
784 'ip_protocol': 'tcp',
785 'from_port': '995',
786 'to_port': '995',
787 },
788 'ms_sql': {
789 'name': 'MS SQL',
790 'ip_protocol': 'tcp',
791 'from_port': '1433',
792 'to_port': '1433',
793 },
794 'mysql': {
795 'name': 'MYSQL',
796 'ip_protocol': 'tcp',
797 'from_port': '3306',
798 'to_port': '3306',
799 },
800 'rdp': {
801 'name': 'RDP',
802 'ip_protocol': 'tcp',
803 'from_port': '3389',
804 'to_port': '3389',
805 },
806}
807
808# Deprecation Notice:
809#
810# The setting FLAVOR_EXTRA_KEYS has been deprecated.
811# Please load extra spec metadata into the Glance Metadata Definition Catalog.
812#
813# The sample quota definitions can be found in:
814# <glance_source>/etc/metadefs/compute-quota.json
815#
816# The metadata definition catalog supports CLI and API:
817# $glance --os-image-api-version 2 help md-namespace-import
818# $glance-manage db_load_metadefs <directory_with_definition_files>
819#
820# See Metadata Definitions on:
821# https://docs.openstack.org/glance/latest/user/glancemetadefcatalogapi.html
822
823# AngularJS requires some settings to be made available to
824# the client side. Some settings are required by in-tree / built-in horizon
825# features. These settings must be added to REST_API_REQUIRED_SETTINGS in the
826# form of ['SETTING_1','SETTING_2'], etc.
827#
828# You may remove settings from this list for security purposes, but do so at
829# the risk of breaking a built-in horizon feature. These settings are required
830# for horizon to function properly. Only remove them if you know what you
831# are doing. These settings may in the future be moved to be defined within
832# the enabled panel configuration.
833# You should not add settings to this list for out of tree extensions.
834# See: https://wiki.openstack.org/wiki/Horizon/RESTAPI
835REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
836 'LAUNCH_INSTANCE_DEFAULTS',
837 'OPENSTACK_IMAGE_FORMATS',
838 'OPENSTACK_KEYSTONE_BACKEND',
839 'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN',
840 'CREATE_IMAGE_DEFAULTS',
841 'ENFORCE_PASSWORD_CHECK']
842
843# Additional settings can be made available to the client side for
844# extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS
845# !! Please use extreme caution as the settings are transferred via HTTP/S
846# and are not encrypted on the browser. This is an experimental API and
847# may be deprecated in the future without notice.
848#REST_API_ADDITIONAL_SETTINGS = []
849
850###############################################################################
851# Ubuntu Settings
852###############################################################################
853
854 # The default theme if no cookie is present
855DEFAULT_THEME = 'ubuntu'
856
857# Default Ubuntu apache configuration uses /horizon as the application root.
858WEBROOT='/horizon/'
859
860# By default, validation of the HTTP Host header is disabled. Production
861# installations should have this set accordingly. For more information
862# see https://docs.djangoproject.com/en/dev/ref/settings/.
863ALLOWED_HOSTS = ['localhost', 'controller',]
864
865# Compress all assets offline as part of packaging installation
866COMPRESS_OFFLINE = True
867
868# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
869# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
870# Scripting (XFS) vulnerability, so this option allows extra security hardening
871# where iframes are not used in deployment. Default setting is True.
872# For more information see:
873# http://tinyurl.com/anticlickjack
874#DISALLOW_IFRAME_EMBED = True
875
876# Help URL can be made available for the client. To provide a help URL, edit the
877# following attribute to the URL of your choice.
878#HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
879
880# Settings for OperationLogMiddleware
881# OPERATION_LOG_ENABLED is flag to use the function to log an operation on
882# Horizon.
883# mask_targets is arrangement for appointing a target to mask.
884# method_targets is arrangement of HTTP method to output log.
885# format is the log contents.
886#OPERATION_LOG_ENABLED = False
887#OPERATION_LOG_OPTIONS = {
888# 'mask_fields': ['password'],
889# 'target_methods': ['POST'],
890# 'ignored_urls': ['/js/', '/static/', '^/api/'],
891# 'format': ("[%(client_ip)s] [%(domain_name)s]"
892# " [%(domain_id)s] [%(project_name)s]"
893# " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
894# " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
895# " [%(http_status)s] [%(param)s]"),
896#}
897
898# The default date range in the Overview panel meters - either <today> minus N
899# days (if the value is integer N), or from the beginning of the current month
900# until today (if set to None). This setting should be used to limit the amount
901# of data fetched by default when rendering the Overview panel.
902#OVERVIEW_DAYS_RANGE = 1
903
904# To allow operators to require users provide a search criteria first
905# before loading any data into the views, set the following dict
906# attributes to True in each one of the panels you want to enable this feature.
907# Follow the convention <dashboard>.<view>
908#FILTER_DATA_FIRST = {
909# 'admin.instances': False,
910# 'admin.images': False,
911# 'admin.networks': False,
912# 'admin.routers': False,
913# 'admin.volumes': False,
914# 'identity.users': False,
915# 'identity.projects': False,
916# 'identity.groups': False,
917# 'identity.roles': False
918#}
919
920# Dict used to restrict user private subnet cidr range.
921# An empty list means that user input will not be restricted
922# for a corresponding IP version. By default, there is
923# no restriction for IPv4 or IPv6. To restrict
924# user private subnet cidr range set ALLOWED_PRIVATE_SUBNET_CIDR
925# to something like
926#ALLOWED_PRIVATE_SUBNET_CIDR = {
927# 'ipv4': ['10.0.0.0/8', '192.168.0.0/16'],
928# 'ipv6': ['fc00::/7']
929#}
930ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
931
932# Projects and users can have extra attributes as defined by keystone v3.
933# Horizon has the ability to display these extra attributes via this setting.
934# If you'd like to display extra data in the project or user tables, set the
935# corresponding dict key to the attribute name, followed by the display name.
936# For more information, see horizon's customization
937# (https://docs.openstack.org/horizon/latest/configuration/customizing.html#horizon-customization-module-overrides)
938#PROJECT_TABLE_EXTRA_INFO = {
939# 'phone_num': _('Phone Number'),
940#}
941#USER_TABLE_EXTRA_INFO = {
942# 'phone_num': _('Phone Number'),
943#}
944
945# Password will have an expiration date when using keystone v3 and enabling the
946# feature.
947# This setting allows you to set the number of days that the user will be alerted
948# prior to the password expiration.
949# Once the password expires keystone will deny the access and users must
950# contact an admin to change their password.
951#PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS = 0