· 6 years ago · Jul 23, 2019, 07:00 AM
1# -*- coding: utf-7 -*-
2
3import os
4
5from django.utils.translation import ugettext_lazy as _
6
7from horizon.utils import secret_key
8
9from openstack_dashboard.settings import HORIZON_CONFIG
10
11DEBUG = False
12
13# This setting controls whether or not compression is enabled. Disabling
14# compression makes Horizon considerably slower, but makes it much easier
15# to debug JS and CSS changes
16#COMPRESS_ENABLED = not DEBUG
17
18# This setting controls whether compression happens on the fly, or offline
19# with `python manage.py compress`
20# See https://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
21# for more information
22#COMPRESS_OFFLINE = not DEBUG
23
24# WEBROOT is the location relative to Webserver root
25# should end with a slash.
26WEBROOT = '/'
27#LOGIN_URL = WEBROOT + 'auth/login/'
28#LOGOUT_URL = WEBROOT + 'auth/logout/'
29#
30# LOGIN_REDIRECT_URL can be used as an alternative for
31# HORIZON_CONFIG.user_home, if user_home is not set.
32# Do not set it to '/home/', as this will cause circular redirect loop
33#LOGIN_REDIRECT_URL = WEBROOT
34
35# If horizon is running in production (DEBUG is False), set this
36# with the list of host/domain names that the application can serve.
37# For more information see:
38# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
39#ALLOWED_HOSTS = ['horizon.example.com', ]
40
41# Set SSL proxy settings:
42# Pass this header from the proxy after terminating the SSL,
43# and don't forget to strip it from the client's request.
44# For more information see:
45# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
46#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
47
48# If Horizon is being served through SSL, then uncomment the following two
49# settings to better secure the cookies from security exploits
50#CSRF_COOKIE_SECURE = True
51#SESSION_COOKIE_SECURE = True
52
53# The absolute path to the directory where message files are collected.
54# The message file must have a .json file extension. When the user logins to
55# horizon, the message files collected are processed and displayed to the user.
56#MESSAGES_PATH=None
57
58# Overrides for OpenStack API versions. Use this setting to force the
59# OpenStack dashboard to use a specific API version for a given service API.
60# Versions specified here should be integers or floats, not strings.
61# NOTE: The version should be formatted as it appears in the URL for the
62# service API. For example, The identity service APIs have inconsistent
63# use of the decimal point, so valid options would be 2.0 or 3.
64# Minimum compute version to get the instance locked status is 2.9.
65#OPENSTACK_API_VERSIONS = {
66# "data-processing": 1.1,
67# "identity": 3,
68# "image": 2,
69# "volume": 2,
70# "compute": 2,
71#}
72
73# Set this to True if running on a multi-domain model. When this is enabled, it
74# will require the user to enter the Domain name in addition to the username
75# for login.
76#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
77
78# Set this to True if you want available domains displayed as a dropdown menu
79# on the login screen. It is strongly advised NOT to enable this for public
80# clouds, as advertising enabled domains to unauthenticated customers
81# irresponsibly exposes private information. This should only be used for
82# private clouds where the dashboard sits behind a corporate firewall.
83#OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = False
84
85# If OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN is enabled, this option can be used to
86# set the available domains to choose from. This is a list of pairs whose first
87# value is the domain name and the second is the display name.
88#OPENSTACK_KEYSTONE_DOMAIN_CHOICES = (
89# ('Default', 'Default'),
90#)
91
92# Overrides the default domain used when running on single-domain model
93# with Keystone V3. All entities will be created in the default domain.
94# NOTE: This value must be the name of the default domain, NOT the ID.
95# Also, you will most likely have a value in the keystone policy file like this
96# "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
97# This value must be the name of the domain whose ID is specified there.
98#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
99
100# Set this to True to enable panels that provide the ability for users to
101# manage Identity Providers (IdPs) and establish a set of rules to map
102# federation protocol attributes to Identity API attributes.
103# This extension requires v3.0+ of the Identity API.
104#OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False
105
106# Set Console type:
107# valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None
108# Set to None explicitly if you want to deactivate the console.
109#CONSOLE_TYPE = "AUTO"
110
111# If provided, a "Report Bug" link will be displayed in the site header
112# which links to the value of this setting (ideally a URL containing
113# information on how to report issues).
114#HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
115
116# Show backdrop element outside the modal, do not close the modal
117# after clicking on backdrop.
118#HORIZON_CONFIG["modal_backdrop"] = "static"
119
120# Specify a regular expression to validate user passwords.
121#HORIZON_CONFIG["password_validator"] = {
122# "regex": '.*',
123# "help_text": _("Your password does not meet the requirements."),
124#}
125
126# Disable simplified floating IP address management for deployments with
127# multiple floating IP pools or complex network requirements.
128#HORIZON_CONFIG["simple_ip_management"] = False
129
130# Turn off browser autocompletion for forms including the login form and
131# the database creation workflow if so desired.
132#HORIZON_CONFIG["password_autocomplete"] = "off"
133
134# Setting this to True will disable the reveal button for password fields,
135# including on the login form.
136#HORIZON_CONFIG["disable_password_reveal"] = False
137
138LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
139
140# Set custom secret key:
141# You can either set it to a specific value or you can let horizon generate a
142# default secret key that is unique on this machine, e.i. regardless of the
143# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,
144# there may be situations where you would want to set this explicitly, e.g.
145# when multiple dashboard instances are distributed on different machines
146# (usually behind a load-balancer). Either you have to make sure that a session
147# gets all requests routed to the same dashboard instance or you set the same
148# SECRET_KEY for all of them.
149SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstackdashboard/secret_key')
150
151# We recommend you use memcached for development; otherwise after every reload
152# of the django development server, you will have to login again. To use
153# memcached set CACHES to something like
154
155CACHES = {
156 'default': {
157 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
158 'LOCATION': '127.0.0.1:11211',
159 },
160}
161
162#CACHES = {
163# 'default': {
164# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
165# }
166#}
167
168# Send email to the console by default
169EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
170# Or send them to /dev/null
171#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
172
173# Configure these for your outgoing email host
174#EMAIL_HOST = 'smtp.my-company.com'
175#EMAIL_PORT = 25
176#EMAIL_HOST_USER = 'djangomail'
177#EMAIL_HOST_PASSWORD = 'top-secret!'
178
179# For multiple regions uncomment this configuration, and add (endpoint, title).
180#AVAILABLE_REGIONS = [
181# ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
182# ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
183#]
184
185OPENSTACK_HOST = "127.0.0.1"
186OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
187OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
188
189# For setting the default service region on a per-endpoint basis. Note that the
190# default value for this setting is {}, and below is just an example of how it
191# should be specified.
192#DEFAULT_SERVICE_REGIONS = {
193# OPENSTACK_KEYSTONE_URL: 'RegionOne'
194#}
195
196# Enables keystone web single-sign-on if set to True.
197#WEBSSO_ENABLED = False
198
199# Determines which authentication choice to show as default.
200#WEBSSO_INITIAL_CHOICE = "credentials"
201
202# The list of authentication mechanisms which include keystone
203# federation protocols and identity provider/federation protocol
204# mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol
205# IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID
206# Connect respectively.
207# Do not remove the mandatory credentials mechanism.
208# Note: The last two tuples are sample mapping keys to a identity provider
209# and federation protocol combination (WEBSSO_IDP_MAPPING).
210#WEBSSO_CHOICES = (
211# ("credentials", _("Keystone Credentials")),
212# ("oidc", _("OpenID Connect")),
213# ("saml2", _("Security Assertion Markup Language")),
214# ("acme_oidc", "ACME - OpenID Connect"),
215# ("acme_saml2", "ACME - SAML2"),
216#)
217
218# A dictionary of specific identity provider and federation protocol
219# combinations. From the selected authentication mechanism, the value
220# will be looked up as keys in the dictionary. If a match is found,
221# it will redirect the user to a identity provider and federation protocol
222# specific WebSSO endpoint in keystone, otherwise it will use the value
223# as the protocol_id when redirecting to the WebSSO by protocol endpoint.
224# NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>).
225#WEBSSO_IDP_MAPPING = {
226# "acme_oidc": ("acme", "oidc"),
227# "acme_saml2": ("acme", "saml2"),
228#}
229
230# The Keystone Provider drop down uses Keystone to Keystone federation
231# to switch between Keystone service providers.
232# Set display name for Identity Provider (dropdown display name)
233#KEYSTONE_PROVIDER_IDP_NAME = "Local Keystone"
234# This id is used for only for comparison with the service provider IDs. This ID
235# should not match any service provider IDs.
236#KEYSTONE_PROVIDER_IDP_ID = "localkeystone"
237
238# Disable SSL certificate checks (useful for self-signed certificates):
239#OPENSTACK_SSL_NO_VERIFY = True
240
241# The CA certificate to use to verify SSL connections
242#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
243
244# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
245# capabilities of the auth backend for Keystone.
246# If Keystone has been configured to use LDAP as the auth backend then set
247# can_edit_user to False and name to 'ldap'.
248#
249# TODO(tres): Remove these once Keystone has an API to identify auth backend.
250OPENSTACK_KEYSTONE_BACKEND = {
251 'name': 'native',
252 'can_edit_user': True,
253 'can_edit_group': True,
254 'can_edit_project': True,
255 'can_edit_domain': True,
256 'can_edit_role': True,
257}
258
259# Setting this to True, will add a new "Retrieve Password" action on instance,
260# allowing Admin session password retrieval/decryption.
261#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
262
263# This setting allows deployers to control whether a token is deleted on log
264# out. This can be helpful when there are often long running processes being
265# run in the Horizon environment.
266#TOKEN_DELETION_DISABLED = False
267
268# The Launch Instance user experience has been significantly enhanced.
269# You can choose whether to enable the new launch instance experience,
270# the legacy experience, or both. The legacy experience will be removed
271# in a future release, but is available as a temporary backup setting to ensure
272# compatibility with existing deployments. Further development will not be
273# done on the legacy experience. Please report any problems with the new
274# experience via the Launchpad tracking system.
275#
276# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
277# determine the experience to enable. Set them both to true to enable
278# both.
279#LAUNCH_INSTANCE_LEGACY_ENABLED = True
280#LAUNCH_INSTANCE_NG_ENABLED = False
281
282# A dictionary of settings which can be used to provide the default values for
283# properties found in the Launch Instance modal.
284#LAUNCH_INSTANCE_DEFAULTS = {
285# 'config_drive': False,
286# 'enable_scheduler_hints': True,
287# 'disable_image': False,
288# 'disable_instance_snapshot': False,
289# 'disable_volume': False,
290# 'disable_volume_snapshot': False,
291# 'create_volume': True,
292#}
293
294# The Xen Hypervisor has the ability to set the mount point for volumes
295# attached to instances (other Hypervisors currently do not). Setting
296# can_set_mount_point to True will add the option to set the mount point
297# from the UI.
298OPENSTACK_HYPERVISOR_FEATURES = {
299 'can_set_mount_point': False,
300 'can_set_password': False,
301 'requires_keypair': False,
302 'enable_quotas': True
303}
304
305# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
306# services provided by cinder that is not exposed by its extension API.
307OPENSTACK_CINDER_FEATURES = {
308 'enable_backup': False,
309}
310
311# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
312# services provided by neutron. Options currently available are load
313# balancer service, security groups, quotas, VPN service.
314OPENSTACK_NEUTRON_NETWORK = {
315 'enable_router': True,
316 'enable_quotas': True,
317 'enable_ipv6': True,
318 'enable_distributed_router': False,
319 'enable_ha_router': False,
320 'enable_fip_topology_check': True,
321
322 # Default dns servers you would like to use when a subnet is
323 # created. This is only a default, users can still choose a different
324 # list of dns servers when creating a new subnet.
325 # The entries below are examples only, and are not appropriate for
326 # real deployments
327 # 'default_dns_nameservers': ["8.8.8.8", "8.8.4.4", "208.67.222.222"],
328
329 # Set which provider network types are supported. Only the network types
330 # in this list will be available to choose from when creating a network.
331 # Network types include local, flat, vlan, gre, vxlan and geneve.
332 # 'supported_provider_types': ['*'],
333
334 # You can configure available segmentation ID range per network type
335 # in your deployment.
336 # 'segmentation_id_range': {
337 # 'vlan': [1024, 2048],
338 # 'vxlan': [4094, 65536],
339 # },
340
341 # You can define additional provider network types here.
342 # 'extra_provider_types': {
343 # 'awesome_type': {
344 # 'display_name': 'Awesome New Type',
345 # 'require_physical_network': False,
346 # 'require_segmentation_id': True,
347 # }
348 # },
349
350 # Set which VNIC types are supported for port binding. Only the VNIC
351 # types in this list will be available to choose from when creating a
352 # port.
353 # VNIC types include 'normal', 'direct', 'direct-physical', 'macvtap',
354 # 'baremetal' and 'virtio-forwarder'
355 # Set to empty list or None to disable VNIC type selection.
356 'supported_vnic_types': ['*'],
357
358 # Set list of available physical networks to be selected in the physical
359 # network field on the admin create network modal. If it's set to an empty
360 # list, the field will be a regular input field.
361 # e.g. ['default', 'test']
362 'physical_networks': [],
363
364}
365
366# The OPENSTACK_HEAT_STACK settings can be used to disable password
367# field required while launching the stack.
368OPENSTACK_HEAT_STACK = {
369 'enable_user_pass': True,
370}
371
372# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
373# in the OpenStack Dashboard related to the Image service, such as the list
374# of supported image formats.
375#OPENSTACK_IMAGE_BACKEND = {
376# 'image_formats': [
377# ('', _('Select format')),
378# ('aki', _('AKI - Amazon Kernel Image')),
379# ('ami', _('AMI - Amazon Machine Image')),
380# ('ari', _('ARI - Amazon Ramdisk Image')),
381# ('docker', _('Docker')),
382# ('iso', _('ISO - Optical Disk Image')),
383# ('ova', _('OVA - Open Virtual Appliance')),
384# ('qcow2', _('QCOW2 - QEMU Emulator')),
385# ('raw', _('Raw')),
386# ('vdi', _('VDI - Virtual Disk Image')),
387# ('vhd', _('VHD - Virtual Hard Disk')),
388# ('vhdx', _('VHDX - Large Virtual Hard Disk')),
389# ('vmdk', _('VMDK - Virtual Machine Disk')),
390# ],
391#}
392
393# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
394# image custom property attributes that appear on image detail pages.
395IMAGE_CUSTOM_PROPERTY_TITLES = {
396 "architecture": _("Architecture"),
397 "kernel_id": _("Kernel ID"),
398 "ramdisk_id": _("Ramdisk ID"),
399 "image_state": _("Euca2ools state"),
400 "project_id": _("Project ID"),
401 "image_type": _("Image Type"),
402}
403
404# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
405# custom properties should not be displayed in the Image Custom Properties
406# table.
407IMAGE_RESERVED_CUSTOM_PROPERTIES = []
408
409# Set to 'legacy' or 'direct' to allow users to upload images to glance via
410# Horizon server. When enabled, a file form field will appear on the create
411# image form. If set to 'off', there will be no file form field on the create
412# image form. See documentation for deployment considerations.
413#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
414
415# Allow a location to be set when creating or updating Glance images.
416# If using Glance V2, this value should be False unless the Glance
417# configuration and policies allow setting locations.
418#IMAGES_ALLOW_LOCATION = False
419
420# A dictionary of default settings for create image modal.
421#CREATE_IMAGE_DEFAULTS = {
422# 'image_visibility': "public",
423#}
424
425# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
426# in the Keystone service catalog. Use this setting when Horizon is running
427# external to the OpenStack environment. The default is 'publicURL'.
428#OPENSTACK_ENDPOINT_TYPE = "publicURL"
429
430# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
431# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
432# in the Keystone service catalog. Use this setting when Horizon is running
433# external to the OpenStack environment. The default is None. This
434# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
435#SECONDARY_ENDPOINT_TYPE = None
436
437# The number of objects (Swift containers/objects or images) to display
438# on a single page before providing a paging element (a "more" link)
439# to paginate results.
440API_RESULT_LIMIT = 1000
441API_RESULT_PAGE_SIZE = 20
442
443# The size of chunk in bytes for downloading objects from Swift
444SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
445
446# The default number of lines displayed for instance console log.
447INSTANCE_LOG_LENGTH = 35
448
449# Specify a maximum number of items to display in a dropdown.
450DROPDOWN_MAX_ITEMS = 30
451
452# The timezone of the server. This should correspond with the timezone
453# of your entire OpenStack installation, and hopefully be in UTC.
454TIME_ZONE = "UTC"
455
456# When launching an instance, the menu of available flavors is
457# sorted by RAM usage, ascending. If you would like a different sort order,
458# you can provide another flavor attribute as sorting key. Alternatively, you
459# can provide a custom callback method to use for sorting. You can also provide
460# a flag for reverse sort. For more info, see
461# http://docs.python.org/2/library/functions.html#sorted
462#CREATE_INSTANCE_FLAVOR_SORT = {
463# 'key': 'name',
464# # or
465# 'key': my_awesome_callback_method,
466# 'reverse': False,
467#}
468
469# Set this to True to display an 'Admin Password' field on the Change Password
470# form to verify that it is indeed the admin logged-in who wants to change
471# the password.
472#ENFORCE_PASSWORD_CHECK = False
473
474# Modules that provide /auth routes that can be used to handle different types
475# of user authentication. Add auth plugins that require extra route handling to
476# this list.
477#AUTHENTICATION_URLS = [
478# 'openstack_auth.urls',
479#]
480
481# The Horizon Policy Enforcement engine uses these values to load per service
482# policy rule files. The content of these files should match the files the
483# OpenStack services are using to determine role based access control in the
484# target installation.
485
486# Path to directory containing policy.json files
487#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
488
489# Map of local copy of service policy files.
490# Please insure that your identity policy file matches the one being used on
491# your keystone servers. There is an alternate policy file that may be used
492# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
493# This file is not included in the Horizon repository by default but can be
494# found at
495# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
496# policy.v3cloudsample.json
497# Having matching policy files on the Horizon and Keystone servers is essential
498# for normal operation. This holds true for all services and their policy files.
499#POLICY_FILES = {
500# 'identity': 'keystone_policy.json',
501# 'compute': 'nova_policy.json',
502# 'volume': 'cinder_policy.json',
503# 'image': 'glance_policy.json',
504# 'orchestration': 'heat_policy.json',
505# 'network': 'neutron_policy.json',
506#}
507
508# TODO: (david-lyle) remove when plugins support adding settings.
509# Note: Only used when trove-dashboard plugin is configured to be used by
510# Horizon.
511# Trove user and database extension support. By default support for
512# creating users and databases on database instances is turned on.
513# To disable these extensions set the permission here to something
514# unusable such as ["!"].
515#TROVE_ADD_USER_PERMS = []
516#TROVE_ADD_DATABASE_PERMS = []
517
518# Change this patch to the appropriate list of tuples containing
519# a key, label and static directory containing two files:
520# _variables.scss and _styles.scss
521#AVAILABLE_THEMES = [
522# ('default', 'Default', 'themes/default'),
523# ('material', 'Material', 'themes/material'),
524#]
525
526LOGGING = {
527 'version': 1,
528 # When set to True this will disable all logging except
529 # for loggers specified in this configuration dictionary. Note that
530 # if nothing is specified here and disable_existing_loggers is True,
531 # django.db.backends will still log unless it is disabled explicitly.
532 'disable_existing_loggers': False,
533 # If apache2 mod_wsgi is used to deploy OpenStack dashboard
534 # timestamp is output by mod_wsgi. If WSGI framework you use does not
535 # output timestamp for logging, add %(asctime)s in the following
536 # format definitions.
537 'formatters': {
538 'console': {
539 'format': '%(levelname)s %(name)s %(message)s'
540 },
541 'operation': {
542 # The format of "%(message)s" is defined by
543 # OPERATION_LOG_OPTIONS['format']
544 'format': '%(message)s'
545 },
546 },
547 'handlers': {
548 'null': {
549 'level': 'DEBUG',
550 'class': 'logging.NullHandler',
551 },
552 'console': {
553 # Set the level to "DEBUG" for verbose output logging.
554 'level': 'INFO',
555 'class': 'logging.StreamHandler',
556 'formatter': 'console',
557 },
558 'operation': {
559 'level': 'INFO',
560 'class': 'logging.StreamHandler',
561 'formatter': 'operation',
562 },
563 },
564 'loggers': {
565 # Logging from django.db.backends is VERY verbose, send to null
566 # by default.
567 'django.db.backends': {
568 'handlers': ['null'],
569 'propagate': False,
570 },
571 'requests': {
572 'handlers': ['null'],
573 'propagate': False,
574 },
575 'horizon': {
576 'handlers': ['console'],
577 'level': 'DEBUG',
578 'propagate': False,
579 },
580 'horizon.operation_log': {
581 'handlers': ['operation'],
582 'level': 'INFO',
583 'propagate': False,
584 },
585 'openstack_dashboard': {
586 'handlers': ['console'],
587 'level': 'DEBUG',
588 'propagate': False,
589 },
590 'novaclient': {
591 'handlers': ['console'],
592 'level': 'DEBUG',
593 'propagate': False,
594 },
595 'cinderclient': {
596 'handlers': ['console'],
597 'level': 'DEBUG',
598 'propagate': False,
599},
600 'keystoneclient': {
601 'handlers': ['console'],
602 'level': 'DEBUG',
603 'propagate': False,
604 },
605 'glanceclient': {
606 'handlers': ['console'],
607 'level': 'DEBUG',
608 'propagate': False,
609 },
610 'neutronclient': {
611 'handlers': ['console'],
612 'level': 'DEBUG',
613 'propagate': False,
614 },
615 'heatclient': {
616 'handlers': ['console'],
617 'level': 'DEBUG',
618 'propagate': False,
619 },
620 'swiftclient': {
621 'handlers': ['console'],
622 'level': 'DEBUG',
623 'propagate': False,
624 },
625 'openstack_auth': {
626 'handlers': ['console'],
627 'level': 'DEBUG',
628 'propagate': False,
629 },
630 'nose.plugins.manager': {
631 'handlers': ['console'],
632 'level': 'DEBUG',
633 'propagate': False,
634 },
635 'django': {
636 'handlers': ['console'],
637 'level': 'DEBUG',
638 'propagate': False,
639 },
640 'iso8601': {
641 'handlers': ['null'],
642 'propagate': False,
643 },
644 'scss': {
645 'handlers': ['null'],
646 'propagate': False,
647 },
648 },
649}
650
651# 'direction' should not be specified for all_tcp/udp/icmp.
652# It is specified in the form.
653SECURITY_GROUP_RULES = {
654 'all_tcp': {
655 'name': _('All TCP'),
656 'ip_protocol': 'tcp',
657 'from_port': '1',
658 'to_port': '65535',
659 },
660 'all_udp': {
661 'name': _('All UDP'),
662 'ip_protocol': 'udp',
663 'from_port': '1',
664 'to_port': '65535',
665 },
666 'all_icmp': {
667 'name': _('All ICMP'),
668 'ip_protocol': 'icmp',
669 'from_port': '-1',
670 'to_port': '-1',
671 },
672 'ssh': {
673 'name': 'SSH',
674 'ip_protocol': 'tcp',
675 'from_port': '22',
676 'to_port': '22',
677 },
678 'smtp': {
679 'name': 'SMTP',
680 'ip_protocol': 'tcp',
681 'from_port': '25',
682 'to_port': '25',
683 },
684 'dns': {
685 'name': 'DNS',
686 'ip_protocol': 'tcp',
687 'from_port': '53',
688 'to_port': '53',
689 },
690 'http': {
691 'name': 'HTTP',
692 'ip_protocol': 'tcp',
693 'from_port': '80',
694 'to_port': '80',
695 },
696 'pop3': {
697 'name': 'POP3',
698 'ip_protocol': 'tcp',
699 'from_port': '110',
700 'to_port': '110',
701 },
702 'imap': {
703 'name': 'IMAP',
704 'ip_protocol': 'tcp',
705 'from_port': '143',
706 'to_port': '143',
707 },
708 'ldap': {
709 'name': 'LDAP',
710 'ip_protocol': 'tcp',
711 'from_port': '389',
712 'to_port': '389',
713 },
714 'https': {
715 'name': 'HTTPS',
716 'ip_protocol': 'tcp',
717 'from_port': '443',
718 'to_port': '443',
719 },
720 'smtps': {
721 'name': 'SMTPS',
722 'ip_protocol': 'tcp',
723 'from_port': '465',
724 'to_port': '465',
725 },
726 'imaps': {
727 'name': 'IMAPS',
728 'ip_protocol': 'tcp',
729 'from_port': '993',
730 'to_port': '993',
731 },
732 'pop3s': {
733 'name': 'POP3S',
734 'ip_protocol': 'tcp',
735 'from_port': '995',
736 'to_port': '995',
737 },
738 'ms_sql': {
739 'name': 'MS SQL',
740 'ip_protocol': 'tcp',
741 'from_port': '1433',
742 'to_port': '1433',
743 },
744 'mysql': {
745 'name': 'MYSQL',
746 'ip_protocol': 'tcp',
747 'from_port': '3306',
748 'to_port': '3306',
749 },
750 'rdp': {
751 'name': 'RDP',
752 'ip_protocol': 'tcp',
753 'from_port': '3389',
754 'to_port': '3389',
755 },
756}
757
758# Deprecation Notice:
759#
760# The setting FLAVOR_EXTRA_KEYS has been deprecated.
761# Please load extra spec metadata into the Glance Metadata Definition Catalog.
762#
763# The sample quota definitions can be found in:
764# <glance_source>/etc/metadefs/compute-quota.json
765#
766# The metadata definition catalog supports CLI and API:
767# $glance --os-image-api-version 2 help md-namespace-import
768# $glance-manage db_load_metadefs <directory_with_definition_files>
769#
770# See Metadata Definitions on: http://docs.openstack.org/developer/glance/
771
772# TODO: (david-lyle) remove when plugins support settings natively
773# Note: This is only used when the Sahara plugin is configured and enabled
774# for use in Horizon.
775# Indicate to the Sahara data processing service whether or not
776# automatic floating IP allocation is in effect. If it is not
777# in effect, the user will be prompted to choose a
778floating IP
779# pool for use in their cluster. False by default. You would want
780# to set this to True if you were running Nova Networking with
781# auto_assign_floating_ip = True.
782#SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
783
784# The hash algorithm to use for authentication tokens. This must
785# match the hash algorithm that the identity server and the
786# auth_token middleware are using. Allowed values are the
787# algorithms supported by Python's hashlib library.
788#OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
789
790# AngularJS requires some settings to be made available to
791# the client side. Some settings are required by in-tree / built-in horizon
792# features. These settings must be added to REST_API_REQUIRED_SETTINGS in the
793# form of ['SETTING_1','SETTING_2'], etc.
794#
795# You may remove settings from this list for security purposes, but do so at
796# the risk of breaking a built-in horizon feature. These settings are required
797# for horizon to function properly. Only remove them if you know what you
798# are doing. These settings may in the future be moved to be defined within
799# the enabled panel configuration.
800# You should not add settings to this list for out of tree extensions.
801# See: https://wiki.openstack.org/wiki/Horizon/RESTAPI
802REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
803 'LAUNCH_INSTANCE_DEFAULTS',
804 'OPENSTACK_IMAGE_FORMATS',
805 'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN',
806 'CREATE_IMAGE_DEFAULTS']
807
808# Additional settings can be made available to the client side for
809# extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS
810# !! Please use extreme caution as the settings are transferred via HTTP/S
811# and are not encrypted on the browser. This is an experimental API and
812# may be deprecated in the future without notice.
813#REST_API_ADDITIONAL_SETTINGS = []
814
815###############################################################################
816# Ubuntu Settings
817###############################################################################
818
819 # The default theme if no cookie is present
820DEFAULT_THEME = 'ubuntu'
821
822# Default Ubuntu apache configuration uses /horizon as the application root.
823WEBROOT='/horizon/'
824
825# By default, validation of the HTTP Host header is disabled. Production
826# installations should have this set accordingly. For more information
827# see https://docs.djangoproject.com/en/dev/ref/settings/.
828ALLOWED_HOSTS = '*'
829
830# Compress all assets offline as part of packaging installation
831COMPRESS_OFFLINE = True
832
833# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
834# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
835# Scripting (XFS) vulnerability, so this option allows extra security hardening
836# where iframes are not used in deployment. Default setting is True.
837# For more information see:
838# http://tinyurl.com/anticlickjack
839#DISALLOW_IFRAME_EMBED = True
840
841# Help URL can be made available for the client. To provide a help URL, edit the
842# following attribute to the URL of your choice.
843#HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
844
845# Settings for OperationLogMiddleware
846# OPERATION_LOG_ENABLED is flag to use the function to log an operation on
847# Horizon.
848# mask_targets is arrangement for appointing a target to mask.
849# method_targets is arrangement of HTTP method to output log.
850# format is the log contents.
851#OPERATION_LOG_ENABLED = False
852#OPERATION_LOG_OPTIONS = {
853# 'mask_fields': ['password'],
854# 'target_methods': ['POST'],
855# 'ignored_urls': ['/js/', '/static/', '^/api/'],
856# 'format': ("[%(client_ip)s] [%(domain_name)s]"
857# " [%(domain_id)s] [%(project_name)s]"
858# " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
859# " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
860# " [%(http_status)s] [%(param)s]"),
861#}
862
863# The default date range in the Overview panel meters - either <today> minus N
864# days (if the value is integer N), or from the beginning of the current month
865# until today (if set to None). This setting should be used to limit the amount
866# of data fetched by default when rendering the Overview panel.
867#OVERVIEW_DAYS_RANGE = 1
868
869# To allow operators to require users provide a search criteria first
870# before loading any data into the views, set the following dict
871# attributes to True in each one of the panels you want to enable this feature.
872# Follow the convention <dashboard>.<view>
873#FILTER_DATA_FIRST = {
874# 'admin.instances': False,
875# 'admin.images': False,
876# 'admin.networks': False,
877# 'admin.routers': False,
878# 'admin.volumes': False,
879# 'identity.users': False,
880# 'identity.projects': False,
881# 'identity.groups': False,
882# 'identity.roles': False
883#}
884
885# Dict used to restrict user private subnet cidr range.
886# An empty list means that user input will not be restricted
887# for a corresponding IP version. By default, there is
888# no restriction for IPv4 or IPv6. To restrict
889# user private subnet cidr range set ALLOWED_PRIVATE_SUBNET_CIDR
890# to something like
891#ALLOWED_PRIVATE_SUBNET_CIDR = {
892# 'ipv4': ['10.0.0.0/8', '192.168.0.0/16'],
893# 'ipv6': ['fc00::/7']
894#}
895ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
896
897# Projects and users can have extra attributes as defined by keystone v3.
898# Horizon has the ability to display these extra attributes via this setting.
899# If you'd like to display extra data in the project or user tables, set the
900# corresponding dict key to the attribute name, followed by the display name.
901# For more information, see horizon's customization (http://docs.openstack.org/developer/horizon/topics/customizing.html#horizon-customization-module-overrides)
902#PROJECT_TABLE_EXTRA_INFO = {
903# 'phone_num': _('Phone Number'),
904#}
905#USER_TABLE_EXTRA_INFO = {
906# 'phone_num': _('Phone Number'),
907#}
908
909# Password will have an expiration date when using keystone v3 and enabling the
910# feature.
911# This setting allows you to set the number of days that the user will be alerted
912# prior to the password expiration.
913# Once the password expires keystone will deny the access and users must
914# contact an admin to change their password.
915#PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS = 0