OpenStack Dashboard (Horizon)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

local_settings.py.example 34KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922
  1. # -*- coding: utf-8 -*-
  2. import os
  3. from django.utils.translation import ugettext_lazy as _
  4. from horizon.utils import secret_key
  5. from openstack_dashboard.settings import HORIZON_CONFIG
  6. DEBUG = True
  7. # This setting controls whether or not compression is enabled. Disabling
  8. # compression makes Horizon considerably slower, but makes it much easier
  9. # to debug JS and CSS changes
  10. #COMPRESS_ENABLED = not DEBUG
  11. # This setting controls whether compression happens on the fly, or offline
  12. # with `python manage.py compress`
  13. # See https://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
  14. # for more information
  15. #COMPRESS_OFFLINE = not DEBUG
  16. # WEBROOT is the location relative to Webserver root
  17. # should end with a slash.
  18. WEBROOT = '/'
  19. #LOGIN_URL = WEBROOT + 'auth/login/'
  20. #LOGOUT_URL = WEBROOT + 'auth/logout/'
  21. #
  22. # LOGIN_REDIRECT_URL can be used as an alternative for
  23. # HORIZON_CONFIG.user_home, if user_home is not set.
  24. # Do not set it to '/home/', as this will cause circular redirect loop
  25. #LOGIN_REDIRECT_URL = WEBROOT
  26. # If horizon is running in production (DEBUG is False), set this
  27. # with the list of host/domain names that the application can serve.
  28. # For more information see:
  29. # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
  30. #ALLOWED_HOSTS = ['horizon.example.com', ]
  31. # Set SSL proxy settings:
  32. # Pass this header from the proxy after terminating the SSL,
  33. # and don't forget to strip it from the client's request.
  34. # For more information see:
  35. # https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
  36. #SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
  37. # If Horizon is being served through SSL, then uncomment the following two
  38. # settings to better secure the cookies from security exploits
  39. #CSRF_COOKIE_SECURE = True
  40. #SESSION_COOKIE_SECURE = True
  41. # The absolute path to the directory where message files are collected.
  42. # The message file must have a .json file extension. When the user logins to
  43. # horizon, the message files collected are processed and displayed to the user.
  44. #MESSAGES_PATH=None
  45. # Overrides for OpenStack API versions. Use this setting to force the
  46. # OpenStack dashboard to use a specific API version for a given service API.
  47. # Versions specified here should be integers or floats, not strings.
  48. # NOTE: The version should be formatted as it appears in the URL for the
  49. # service API. For example, The identity service APIs have inconsistent
  50. # use of the decimal point, so valid options would be 2.0 or 3.
  51. # Minimum compute version to get the instance locked status is 2.9.
  52. #OPENSTACK_API_VERSIONS = {
  53. # "data-processing": 1.1,
  54. # "identity": 3,
  55. # "image": 2,
  56. # "volume": 2,
  57. # "compute": 2,
  58. #}
  59. # Set this to True if running on a multi-domain model. When this is enabled, it
  60. # will require the user to enter the Domain name in addition to the username
  61. # for login.
  62. #OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
  63. # Set this to True if you want available domains displayed as a dropdown menu
  64. # on the login screen. It is strongly advised NOT to enable this for public
  65. # clouds, as advertising enabled domains to unauthenticated customers
  66. # irresponsibly exposes private information. This should only be used for
  67. # private clouds where the dashboard sits behind a corporate firewall.
  68. #OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = False
  69. # If OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN is enabled, this option can be used to
  70. # set the available domains to choose from. This is a list of pairs whose first
  71. # value is the domain name and the second is the display name.
  72. #OPENSTACK_KEYSTONE_DOMAIN_CHOICES = (
  73. # ('Default', 'Default'),
  74. #)
  75. # Overrides the default domain used when running on single-domain model
  76. # with Keystone V3. All entities will be created in the default domain.
  77. # NOTE: This value must be the name of the default domain, NOT the ID.
  78. # Also, you will most likely have a value in the keystone policy file like this
  79. # "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
  80. # This value must be the name of the domain whose ID is specified there.
  81. #OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
  82. # Set this to True to enable panels that provide the ability for users to
  83. # manage Identity Providers (IdPs) and establish a set of rules to map
  84. # federation protocol attributes to Identity API attributes.
  85. # This extension requires v3.0+ of the Identity API.
  86. #OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False
  87. # Set Console type:
  88. # valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL", "MKS"
  89. # or None. Set to None explicitly if you want to deactivate the console.
  90. #CONSOLE_TYPE = "AUTO"
  91. # Toggle showing the openrc file for Keystone V2.
  92. # If set to false the link will be removed from the user dropdown menu
  93. # and the API Access page
  94. #SHOW_KEYSTONE_V2_RC = True
  95. # If provided, a "Report Bug" link will be displayed in the site header
  96. # which links to the value of this setting (ideally a URL containing
  97. # information on how to report issues).
  98. #HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
  99. # Show backdrop element outside the modal, do not close the modal
  100. # after clicking on backdrop.
  101. #HORIZON_CONFIG["modal_backdrop"] = "static"
  102. # Specify a regular expression to validate user passwords.
  103. #HORIZON_CONFIG["password_validator"] = {
  104. # "regex": '.*',
  105. # "help_text": _("Your password does not meet the requirements."),
  106. #}
  107. # Disable simplified floating IP address management for deployments with
  108. # multiple floating IP pools or complex network requirements.
  109. #HORIZON_CONFIG["simple_ip_management"] = False
  110. # Turn off browser autocompletion for forms including the login form and
  111. # the database creation workflow if so desired.
  112. #HORIZON_CONFIG["password_autocomplete"] = "off"
  113. # Setting this to True will disable the reveal button for password fields,
  114. # including on the login form.
  115. #HORIZON_CONFIG["disable_password_reveal"] = False
  116. LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
  117. # Set custom secret key:
  118. # You can either set it to a specific value or you can let horizon generate a
  119. # default secret key that is unique on this machine, e.i. regardless of the
  120. # amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,
  121. # there may be situations where you would want to set this explicitly, e.g.
  122. # when multiple dashboard instances are distributed on different machines
  123. # (usually behind a load-balancer). Either you have to make sure that a session
  124. # gets all requests routed to the same dashboard instance or you set the same
  125. # SECRET_KEY for all of them.
  126. SECRET_KEY = secret_key.generate_or_read_from_file(
  127. os.path.join(LOCAL_PATH, '.secret_key_store'))
  128. # We recommend you use memcached for development; otherwise after every reload
  129. # of the django development server, you will have to login again. To use
  130. # memcached set CACHES to something like
  131. #CACHES = {
  132. # 'default': {
  133. # 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
  134. # 'LOCATION': '127.0.0.1:11211',
  135. # },
  136. #}
  137. CACHES = {
  138. 'default': {
  139. 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
  140. },
  141. }
  142. # Send email to the console by default
  143. EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
  144. # Or send them to /dev/null
  145. #EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
  146. # Configure these for your outgoing email host
  147. #EMAIL_HOST = 'smtp.my-company.com'
  148. #EMAIL_PORT = 25
  149. #EMAIL_HOST_USER = 'djangomail'
  150. #EMAIL_HOST_PASSWORD = 'top-secret!'
  151. # For multiple regions uncomment this configuration, and add (endpoint, title).
  152. #AVAILABLE_REGIONS = [
  153. # ('http://cluster1.example.com:5000/v3', 'cluster1'),
  154. # ('http://cluster2.example.com:5000/v3', 'cluster2'),
  155. #]
  156. OPENSTACK_HOST = "127.0.0.1"
  157. OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
  158. OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
  159. # For setting the default service region on a per-endpoint basis. Note that the
  160. # default value for this setting is {}, and below is just an example of how it
  161. # should be specified.
  162. #DEFAULT_SERVICE_REGIONS = {
  163. # OPENSTACK_KEYSTONE_URL: 'RegionOne'
  164. #}
  165. # Enables keystone web single-sign-on if set to True.
  166. #WEBSSO_ENABLED = False
  167. # Authentication mechanism to be selected as default.
  168. # The value must be a key from WEBSSO_CHOICES.
  169. #WEBSSO_INITIAL_CHOICE = "credentials"
  170. # The list of authentication mechanisms which include keystone
  171. # federation protocols and identity provider/federation protocol
  172. # mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol
  173. # IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID
  174. # Connect respectively.
  175. # Do not remove the mandatory credentials mechanism.
  176. # Note: The last two tuples are sample mapping keys to a identity provider
  177. # and federation protocol combination (WEBSSO_IDP_MAPPING).
  178. #WEBSSO_CHOICES = (
  179. # ("credentials", _("Keystone Credentials")),
  180. # ("oidc", _("OpenID Connect")),
  181. # ("saml2", _("Security Assertion Markup Language")),
  182. # ("acme_oidc", "ACME - OpenID Connect"),
  183. # ("acme_saml2", "ACME - SAML2"),
  184. #)
  185. # A dictionary of specific identity provider and federation protocol
  186. # combinations. From the selected authentication mechanism, the value
  187. # will be looked up as keys in the dictionary. If a match is found,
  188. # it will redirect the user to a identity provider and federation protocol
  189. # specific WebSSO endpoint in keystone, otherwise it will use the value
  190. # as the protocol_id when redirecting to the WebSSO by protocol endpoint.
  191. # NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>).
  192. #WEBSSO_IDP_MAPPING = {
  193. # "acme_oidc": ("acme", "oidc"),
  194. # "acme_saml2": ("acme", "saml2"),
  195. #}
  196. # The Keystone Provider drop down uses Keystone to Keystone federation
  197. # to switch between Keystone service providers.
  198. # Set display name for Identity Provider (dropdown display name)
  199. #KEYSTONE_PROVIDER_IDP_NAME = "Local Keystone"
  200. # This id is used for only for comparison with the service provider IDs. This ID
  201. # should not match any service provider IDs.
  202. #KEYSTONE_PROVIDER_IDP_ID = "localkeystone"
  203. # Disable SSL certificate checks (useful for self-signed certificates):
  204. #OPENSTACK_SSL_NO_VERIFY = True
  205. # The CA certificate to use to verify SSL connections
  206. #OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
  207. # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
  208. # capabilities of the auth backend for Keystone.
  209. # If Keystone has been configured to use LDAP as the auth backend then set
  210. # can_edit_user to False and name to 'ldap'.
  211. #
  212. # TODO(tres): Remove these once Keystone has an API to identify auth backend.
  213. OPENSTACK_KEYSTONE_BACKEND = {
  214. 'name': 'native',
  215. 'can_edit_user': True,
  216. 'can_edit_group': True,
  217. 'can_edit_project': True,
  218. 'can_edit_domain': True,
  219. 'can_edit_role': True,
  220. }
  221. # Setting this to True, will add a new "Retrieve Password" action on instance,
  222. # allowing Admin session password retrieval/decryption.
  223. #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
  224. # This setting allows deployers to control whether a token is deleted on log
  225. # out. This can be helpful when there are often long running processes being
  226. # run in the Horizon environment.
  227. #TOKEN_DELETION_DISABLED = False
  228. # The Launch Instance user experience has been significantly enhanced.
  229. # You can choose whether to enable the new launch instance experience,
  230. # the legacy experience, or both. The legacy experience will be removed
  231. # in a future release, but is available as a temporary backup setting to ensure
  232. # compatibility with existing deployments. Further development will not be
  233. # done on the legacy experience. Please report any problems with the new
  234. # experience via the Launchpad tracking system.
  235. #
  236. # Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
  237. # determine the experience to enable. Set them both to true to enable
  238. # both.
  239. #LAUNCH_INSTANCE_LEGACY_ENABLED = True
  240. #LAUNCH_INSTANCE_NG_ENABLED = False
  241. # A dictionary of settings which can be used to provide the default values for
  242. # properties found in the Launch Instance modal.
  243. #LAUNCH_INSTANCE_DEFAULTS = {
  244. # 'config_drive': False,
  245. # 'enable_scheduler_hints': True,
  246. # 'disable_image': False,
  247. # 'disable_instance_snapshot': False,
  248. # 'disable_volume': False,
  249. # 'disable_volume_snapshot': False,
  250. # 'create_volume': True,
  251. #}
  252. # The Xen Hypervisor has the ability to set the mount point for volumes
  253. # attached to instances (other Hypervisors currently do not). Setting
  254. # can_set_mount_point to True will add the option to set the mount point
  255. # from the UI.
  256. OPENSTACK_HYPERVISOR_FEATURES = {
  257. 'can_set_mount_point': False,
  258. 'can_set_password': False,
  259. 'requires_keypair': False,
  260. 'enable_quotas': True
  261. }
  262. # This settings controls whether IP addresses of servers are retrieved from
  263. # neutron in the project instance table. Setting this to ``False`` may mitigate
  264. # a performance issue in the project instance table in large deployments.
  265. #OPENSTACK_INSTANCE_RETRIEVE_IP_ADDRESSES = True
  266. # The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
  267. # services provided by cinder that is not exposed by its extension API.
  268. OPENSTACK_CINDER_FEATURES = {
  269. 'enable_backup': False,
  270. }
  271. # The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
  272. # services provided by neutron. Options currently available are load
  273. # balancer service, security groups, quotas, VPN service.
  274. OPENSTACK_NEUTRON_NETWORK = {
  275. 'enable_router': True,
  276. 'enable_quotas': True,
  277. 'enable_ipv6': True,
  278. 'enable_distributed_router': False,
  279. 'enable_ha_router': False,
  280. 'enable_fip_topology_check': True,
  281. # Default dns servers you would like to use when a subnet is
  282. # created. This is only a default, users can still choose a different
  283. # list of dns servers when creating a new subnet.
  284. # The entries below are examples only, and are not appropriate for
  285. # real deployments
  286. # 'default_dns_nameservers': ["8.8.8.8", "8.8.4.4", "208.67.222.222"],
  287. # Set which provider network types are supported. Only the network types
  288. # in this list will be available to choose from when creating a network.
  289. # Network types include local, flat, vlan, gre, vxlan and geneve.
  290. # 'supported_provider_types': ['*'],
  291. # You can configure available segmentation ID range per network type
  292. # in your deployment.
  293. # 'segmentation_id_range': {
  294. # 'vlan': [1024, 2048],
  295. # 'vxlan': [4094, 65536],
  296. # },
  297. # You can define additional provider network types here.
  298. # 'extra_provider_types': {
  299. # 'awesome_type': {
  300. # 'display_name': 'Awesome New Type',
  301. # 'require_physical_network': False,
  302. # 'require_segmentation_id': True,
  303. # }
  304. # },
  305. # Set which VNIC types are supported for port binding. Only the VNIC
  306. # types in this list will be available to choose from when creating a
  307. # port.
  308. # VNIC types include 'normal', 'direct', 'direct-physical', 'macvtap',
  309. # 'baremetal' and 'virtio-forwarder'
  310. # Set to empty list or None to disable VNIC type selection.
  311. 'supported_vnic_types': ['*'],
  312. # Set list of available physical networks to be selected in the physical
  313. # network field on the admin create network modal. If it's set to an empty
  314. # list, the field will be a regular input field.
  315. # e.g. ['default', 'test']
  316. 'physical_networks': [],
  317. }
  318. # The OPENSTACK_HEAT_STACK settings can be used to disable password
  319. # field required while launching the stack.
  320. OPENSTACK_HEAT_STACK = {
  321. 'enable_user_pass': True,
  322. }
  323. # The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
  324. # in the OpenStack Dashboard related to the Image service, such as the list
  325. # of supported image formats.
  326. #OPENSTACK_IMAGE_BACKEND = {
  327. # 'image_formats': [
  328. # ('', _('Select format')),
  329. # ('aki', _('AKI - Amazon Kernel Image')),
  330. # ('ami', _('AMI - Amazon Machine Image')),
  331. # ('ari', _('ARI - Amazon Ramdisk Image')),
  332. # ('docker', _('Docker')),
  333. # ('iso', _('ISO - Optical Disk Image')),
  334. # ('ova', _('OVA - Open Virtual Appliance')),
  335. # ('qcow2', _('QCOW2 - QEMU Emulator')),
  336. # ('raw', _('Raw')),
  337. # ('vdi', _('VDI - Virtual Disk Image')),
  338. # ('vhd', _('VHD - Virtual Hard Disk')),
  339. # ('vhdx', _('VHDX - Large Virtual Hard Disk')),
  340. # ('vmdk', _('VMDK - Virtual Machine Disk')),
  341. # ],
  342. #}
  343. # The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
  344. # image custom property attributes that appear on image detail pages.
  345. IMAGE_CUSTOM_PROPERTY_TITLES = {
  346. "architecture": _("Architecture"),
  347. "kernel_id": _("Kernel ID"),
  348. "ramdisk_id": _("Ramdisk ID"),
  349. "image_state": _("Euca2ools state"),
  350. "project_id": _("Project ID"),
  351. "image_type": _("Image Type"),
  352. }
  353. # The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
  354. # custom properties should not be displayed in the Image Custom Properties
  355. # table.
  356. IMAGE_RESERVED_CUSTOM_PROPERTIES = []
  357. # Set to 'legacy' or 'direct' to allow users to upload images to glance via
  358. # Horizon server. When enabled, a file form field will appear on the create
  359. # image form. If set to 'off', there will be no file form field on the create
  360. # image form. See documentation for deployment considerations.
  361. #HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
  362. # Allow a location to be set when creating or updating Glance images.
  363. # If using Glance V2, this value should be False unless the Glance
  364. # configuration and policies allow setting locations.
  365. #IMAGES_ALLOW_LOCATION = False
  366. # A dictionary of default settings for create image modal.
  367. #CREATE_IMAGE_DEFAULTS = {
  368. # 'image_visibility': "public",
  369. #}
  370. # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
  371. # in the Keystone service catalog. Use this setting when Horizon is running
  372. # external to the OpenStack environment. The default is 'publicURL'.
  373. #OPENSTACK_ENDPOINT_TYPE = "publicURL"
  374. # SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
  375. # case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
  376. # in the Keystone service catalog. Use this setting when Horizon is running
  377. # external to the OpenStack environment. The default is None. This
  378. # value should differ from OPENSTACK_ENDPOINT_TYPE if used.
  379. #SECONDARY_ENDPOINT_TYPE = None
  380. # The number of objects (Swift containers/objects or images) to display
  381. # on a single page before providing a paging element (a "more" link)
  382. # to paginate results.
  383. API_RESULT_LIMIT = 1000
  384. API_RESULT_PAGE_SIZE = 20
  385. # The size of chunk in bytes for downloading objects from Swift
  386. SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
  387. # The default number of lines displayed for instance console log.
  388. INSTANCE_LOG_LENGTH = 35
  389. # Specify a maximum number of items to display in a dropdown.
  390. DROPDOWN_MAX_ITEMS = 30
  391. # The timezone of the server. This should correspond with the timezone
  392. # of your entire OpenStack installation, and hopefully be in UTC.
  393. TIME_ZONE = "UTC"
  394. # When launching an instance, the menu of available flavors is
  395. # sorted by RAM usage, ascending. If you would like a different sort order,
  396. # you can provide another flavor attribute as sorting key. Alternatively, you
  397. # can provide a custom callback method to use for sorting. You can also provide
  398. # a flag for reverse sort. For more info, see
  399. # http://docs.python.org/2/library/functions.html#sorted
  400. #CREATE_INSTANCE_FLAVOR_SORT = {
  401. # 'key': 'name',
  402. # # or
  403. # 'key': my_awesome_callback_method,
  404. # 'reverse': False,
  405. #}
  406. # Set this to True to display an 'Admin Password' field on the Change Password
  407. # form to verify that it is indeed the admin logged-in who wants to change
  408. # the password.
  409. #ENFORCE_PASSWORD_CHECK = False
  410. # Modules that provide /auth routes that can be used to handle different types
  411. # of user authentication. Add auth plugins that require extra route handling to
  412. # this list.
  413. #AUTHENTICATION_URLS = [
  414. # 'openstack_auth.urls',
  415. #]
  416. # The Horizon Policy Enforcement engine uses these values to load per service
  417. # policy rule files. The content of these files should match the files the
  418. # OpenStack services are using to determine role based access control in the
  419. # target installation.
  420. # Path to directory containing policy.json files
  421. #POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
  422. # Map of local copy of service policy files.
  423. # Please insure that your identity policy file matches the one being used on
  424. # your keystone servers. There is an alternate policy file that may be used
  425. # in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
  426. # This file is not included in the Horizon repository by default but can be
  427. # found at
  428. # http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
  429. # policy.v3cloudsample.json
  430. # Having matching policy files on the Horizon and Keystone servers is essential
  431. # for normal operation. This holds true for all services and their policy files.
  432. #POLICY_FILES = {
  433. # 'identity': 'keystone_policy.json',
  434. # 'compute': 'nova_policy.json',
  435. # 'volume': 'cinder_policy.json',
  436. # 'image': 'glance_policy.json',
  437. # 'network': 'neutron_policy.json',
  438. #}
  439. # TODO: (david-lyle) remove when plugins support adding settings.
  440. # Note: Only used when trove-dashboard plugin is configured to be used by
  441. # Horizon.
  442. # Trove user and database extension support. By default support for
  443. # creating users and databases on database instances is turned on.
  444. # To disable these extensions set the permission here to something
  445. # unusable such as ["!"].
  446. #TROVE_ADD_USER_PERMS = []
  447. #TROVE_ADD_DATABASE_PERMS = []
  448. # Change this patch to the appropriate list of tuples containing
  449. # a key, label and static directory containing two files:
  450. # _variables.scss and _styles.scss
  451. #AVAILABLE_THEMES = [
  452. # ('default', 'Default', 'themes/default'),
  453. # ('material', 'Material', 'themes/material'),
  454. #]
  455. LOGGING = {
  456. 'version': 1,
  457. # When set to True this will disable all logging except
  458. # for loggers specified in this configuration dictionary. Note that
  459. # if nothing is specified here and disable_existing_loggers is True,
  460. # django.db.backends will still log unless it is disabled explicitly.
  461. 'disable_existing_loggers': False,
  462. # If apache2 mod_wsgi is used to deploy OpenStack dashboard
  463. # timestamp is output by mod_wsgi. If WSGI framework you use does not
  464. # output timestamp for logging, add %(asctime)s in the following
  465. # format definitions.
  466. 'formatters': {
  467. 'console': {
  468. 'format': '%(levelname)s %(name)s %(message)s'
  469. },
  470. 'operation': {
  471. # The format of "%(message)s" is defined by
  472. # OPERATION_LOG_OPTIONS['format']
  473. 'format': '%(message)s'
  474. },
  475. },
  476. 'handlers': {
  477. 'null': {
  478. 'level': 'DEBUG',
  479. 'class': 'logging.NullHandler',
  480. },
  481. 'console': {
  482. # Set the level to "DEBUG" for verbose output logging.
  483. 'level': 'INFO',
  484. 'class': 'logging.StreamHandler',
  485. 'formatter': 'console',
  486. },
  487. 'operation': {
  488. 'level': 'INFO',
  489. 'class': 'logging.StreamHandler',
  490. 'formatter': 'operation',
  491. },
  492. },
  493. 'loggers': {
  494. 'horizon': {
  495. 'handlers': ['console'],
  496. 'level': 'DEBUG',
  497. 'propagate': False,
  498. },
  499. 'horizon.operation_log': {
  500. 'handlers': ['operation'],
  501. 'level': 'INFO',
  502. 'propagate': False,
  503. },
  504. 'openstack_dashboard': {
  505. 'handlers': ['console'],
  506. 'level': 'DEBUG',
  507. 'propagate': False,
  508. },
  509. 'novaclient': {
  510. 'handlers': ['console'],
  511. 'level': 'DEBUG',
  512. 'propagate': False,
  513. },
  514. 'cinderclient': {
  515. 'handlers': ['console'],
  516. 'level': 'DEBUG',
  517. 'propagate': False,
  518. },
  519. 'keystoneauth': {
  520. 'handlers': ['console'],
  521. 'level': 'DEBUG',
  522. 'propagate': False,
  523. },
  524. 'keystoneclient': {
  525. 'handlers': ['console'],
  526. 'level': 'DEBUG',
  527. 'propagate': False,
  528. },
  529. 'glanceclient': {
  530. 'handlers': ['console'],
  531. 'level': 'DEBUG',
  532. 'propagate': False,
  533. },
  534. 'neutronclient': {
  535. 'handlers': ['console'],
  536. 'level': 'DEBUG',
  537. 'propagate': False,
  538. },
  539. 'swiftclient': {
  540. 'handlers': ['console'],
  541. 'level': 'DEBUG',
  542. 'propagate': False,
  543. },
  544. 'oslo_policy': {
  545. 'handlers': ['console'],
  546. 'level': 'DEBUG',
  547. 'propagate': False,
  548. },
  549. 'openstack_auth': {
  550. 'handlers': ['console'],
  551. 'level': 'DEBUG',
  552. 'propagate': False,
  553. },
  554. 'nose.plugins.manager': {
  555. 'handlers': ['console'],
  556. 'level': 'DEBUG',
  557. 'propagate': False,
  558. },
  559. 'django': {
  560. 'handlers': ['console'],
  561. 'level': 'DEBUG',
  562. 'propagate': False,
  563. },
  564. # Logging from django.db.backends is VERY verbose, send to null
  565. # by default.
  566. 'django.db.backends': {
  567. 'handlers': ['null'],
  568. 'propagate': False,
  569. },
  570. 'requests': {
  571. 'handlers': ['null'],
  572. 'propagate': False,
  573. },
  574. 'urllib3': {
  575. 'handlers': ['null'],
  576. 'propagate': False,
  577. },
  578. 'chardet.charsetprober': {
  579. 'handlers': ['null'],
  580. 'propagate': False,
  581. },
  582. 'iso8601': {
  583. 'handlers': ['null'],
  584. 'propagate': False,
  585. },
  586. 'scss': {
  587. 'handlers': ['null'],
  588. 'propagate': False,
  589. },
  590. },
  591. }
  592. # 'direction' should not be specified for all_tcp/udp/icmp.
  593. # It is specified in the form.
  594. SECURITY_GROUP_RULES = {
  595. 'all_tcp': {
  596. 'name': _('All TCP'),
  597. 'ip_protocol': 'tcp',
  598. 'from_port': '1',
  599. 'to_port': '65535',
  600. },
  601. 'all_udp': {
  602. 'name': _('All UDP'),
  603. 'ip_protocol': 'udp',
  604. 'from_port': '1',
  605. 'to_port': '65535',
  606. },
  607. 'all_icmp': {
  608. 'name': _('All ICMP'),
  609. 'ip_protocol': 'icmp',
  610. 'from_port': '-1',
  611. 'to_port': '-1',
  612. },
  613. 'ssh': {
  614. 'name': 'SSH',
  615. 'ip_protocol': 'tcp',
  616. 'from_port': '22',
  617. 'to_port': '22',
  618. },
  619. 'smtp': {
  620. 'name': 'SMTP',
  621. 'ip_protocol': 'tcp',
  622. 'from_port': '25',
  623. 'to_port': '25',
  624. },
  625. 'dns': {
  626. 'name': 'DNS',
  627. 'ip_protocol': 'tcp',
  628. 'from_port': '53',
  629. 'to_port': '53',
  630. },
  631. 'http': {
  632. 'name': 'HTTP',
  633. 'ip_protocol': 'tcp',
  634. 'from_port': '80',
  635. 'to_port': '80',
  636. },
  637. 'pop3': {
  638. 'name': 'POP3',
  639. 'ip_protocol': 'tcp',
  640. 'from_port': '110',
  641. 'to_port': '110',
  642. },
  643. 'imap': {
  644. 'name': 'IMAP',
  645. 'ip_protocol': 'tcp',
  646. 'from_port': '143',
  647. 'to_port': '143',
  648. },
  649. 'ldap': {
  650. 'name': 'LDAP',
  651. 'ip_protocol': 'tcp',
  652. 'from_port': '389',
  653. 'to_port': '389',
  654. },
  655. 'https': {
  656. 'name': 'HTTPS',
  657. 'ip_protocol': 'tcp',
  658. 'from_port': '443',
  659. 'to_port': '443',
  660. },
  661. 'smtps': {
  662. 'name': 'SMTPS',
  663. 'ip_protocol': 'tcp',
  664. 'from_port': '465',
  665. 'to_port': '465',
  666. },
  667. 'imaps': {
  668. 'name': 'IMAPS',
  669. 'ip_protocol': 'tcp',
  670. 'from_port': '993',
  671. 'to_port': '993',
  672. },
  673. 'pop3s': {
  674. 'name': 'POP3S',
  675. 'ip_protocol': 'tcp',
  676. 'from_port': '995',
  677. 'to_port': '995',
  678. },
  679. 'ms_sql': {
  680. 'name': 'MS SQL',
  681. 'ip_protocol': 'tcp',
  682. 'from_port': '1433',
  683. 'to_port': '1433',
  684. },
  685. 'mysql': {
  686. 'name': 'MYSQL',
  687. 'ip_protocol': 'tcp',
  688. 'from_port': '3306',
  689. 'to_port': '3306',
  690. },
  691. 'rdp': {
  692. 'name': 'RDP',
  693. 'ip_protocol': 'tcp',
  694. 'from_port': '3389',
  695. 'to_port': '3389',
  696. },
  697. }
  698. # Deprecation Notice:
  699. #
  700. # The setting FLAVOR_EXTRA_KEYS has been deprecated.
  701. # Please load extra spec metadata into the Glance Metadata Definition Catalog.
  702. #
  703. # The sample quota definitions can be found in:
  704. # <glance_source>/etc/metadefs/compute-quota.json
  705. #
  706. # The metadata definition catalog supports CLI and API:
  707. # $glance --os-image-api-version 2 help md-namespace-import
  708. # $glance-manage db_load_metadefs <directory_with_definition_files>
  709. #
  710. # See Metadata Definitions on:
  711. # https://docs.openstack.org/glance/latest/user/glancemetadefcatalogapi.html
  712. # TODO: (david-lyle) remove when plugins support settings natively
  713. # Note: This is only used when the Sahara plugin is configured and enabled
  714. # for use in Horizon.
  715. # Indicate to the Sahara data processing service whether or not
  716. # automatic floating IP allocation is in effect. If it is not
  717. # in effect, the user will be prompted to choose a floating IP
  718. # pool for use in their cluster. False by default. You would want
  719. # to set this to True if you were running Nova Networking with
  720. # auto_assign_floating_ip = True.
  721. #SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
  722. # The hash algorithm to use for authentication tokens. This must
  723. # match the hash algorithm that the identity server and the
  724. # auth_token middleware are using. Allowed values are the
  725. # algorithms supported by Python's hashlib library.
  726. #OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
  727. # AngularJS requires some settings to be made available to
  728. # the client side. Some settings are required by in-tree / built-in horizon
  729. # features. These settings must be added to REST_API_REQUIRED_SETTINGS in the
  730. # form of ['SETTING_1','SETTING_2'], etc.
  731. #
  732. # You may remove settings from this list for security purposes, but do so at
  733. # the risk of breaking a built-in horizon feature. These settings are required
  734. # for horizon to function properly. Only remove them if you know what you
  735. # are doing. These settings may in the future be moved to be defined within
  736. # the enabled panel configuration.
  737. # You should not add settings to this list for out of tree extensions.
  738. # See: https://wiki.openstack.org/wiki/Horizon/RESTAPI
  739. REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
  740. 'LAUNCH_INSTANCE_DEFAULTS',
  741. 'OPENSTACK_IMAGE_FORMATS',
  742. 'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN',
  743. 'CREATE_IMAGE_DEFAULTS',
  744. 'ENFORCE_PASSWORD_CHECK']
  745. # Additional settings can be made available to the client side for
  746. # extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS
  747. # !! Please use extreme caution as the settings are transferred via HTTP/S
  748. # and are not encrypted on the browser. This is an experimental API and
  749. # may be deprecated in the future without notice.
  750. #REST_API_ADDITIONAL_SETTINGS = []
  751. # DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
  752. # within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
  753. # Scripting (XFS) vulnerability, so this option allows extra security hardening
  754. # where iframes are not used in deployment. Default setting is True.
  755. # For more information see:
  756. # http://tinyurl.com/anticlickjack
  757. #DISALLOW_IFRAME_EMBED = True
  758. # Help URL can be made available for the client. To provide a help URL, edit the
  759. # following attribute to the URL of your choice.
  760. #HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
  761. # Settings for OperationLogMiddleware
  762. # OPERATION_LOG_ENABLED is flag to use the function to log an operation on
  763. # Horizon.
  764. # mask_targets is arrangement for appointing a target to mask.
  765. # method_targets is arrangement of HTTP method to output log.
  766. # format is the log contents.
  767. #OPERATION_LOG_ENABLED = False
  768. #OPERATION_LOG_OPTIONS = {
  769. # 'mask_fields': ['password'],
  770. # 'target_methods': ['POST'],
  771. # 'ignored_urls': ['/js/', '/static/', '^/api/'],
  772. # 'format': ("[%(client_ip)s] [%(domain_name)s]"
  773. # " [%(domain_id)s] [%(project_name)s]"
  774. # " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
  775. # " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
  776. # " [%(http_status)s] [%(param)s]"),
  777. #}
  778. # The default date range in the Overview panel meters - either <today> minus N
  779. # days (if the value is integer N), or from the beginning of the current month
  780. # until today (if set to None). This setting should be used to limit the amount
  781. # of data fetched by default when rendering the Overview panel.
  782. #OVERVIEW_DAYS_RANGE = 1
  783. # To allow operators to require users provide a search criteria first
  784. # before loading any data into the views, set the following dict
  785. # attributes to True in each one of the panels you want to enable this feature.
  786. # Follow the convention <dashboard>.<view>
  787. #FILTER_DATA_FIRST = {
  788. # 'admin.instances': False,
  789. # 'admin.images': False,
  790. # 'admin.networks': False,
  791. # 'admin.routers': False,
  792. # 'admin.volumes': False,
  793. # 'identity.users': False,
  794. # 'identity.projects': False,
  795. # 'identity.groups': False,
  796. # 'identity.roles': False
  797. #}
  798. # Dict used to restrict user private subnet cidr range.
  799. # An empty list means that user input will not be restricted
  800. # for a corresponding IP version. By default, there is
  801. # no restriction for IPv4 or IPv6. To restrict
  802. # user private subnet cidr range set ALLOWED_PRIVATE_SUBNET_CIDR
  803. # to something like
  804. #ALLOWED_PRIVATE_SUBNET_CIDR = {
  805. # 'ipv4': ['10.0.0.0/8', '192.168.0.0/16'],
  806. # 'ipv6': ['fc00::/7']
  807. #}
  808. ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
  809. # Projects and users can have extra attributes as defined by keystone v3.
  810. # Horizon has the ability to display these extra attributes via this setting.
  811. # If you'd like to display extra data in the project or user tables, set the
  812. # corresponding dict key to the attribute name, followed by the display name.
  813. # For more information, see horizon's customization
  814. # (https://docs.openstack.org/horizon/latest/configuration/customizing.html#horizon-customization-module-overrides)
  815. #PROJECT_TABLE_EXTRA_INFO = {
  816. # 'phone_num': _('Phone Number'),
  817. #}
  818. #USER_TABLE_EXTRA_INFO = {
  819. # 'phone_num': _('Phone Number'),
  820. #}
  821. # Password will have an expiration date when using keystone v3 and enabling the
  822. # feature.
  823. # This setting allows you to set the number of days that the user will be alerted
  824. # prior to the password expiration.
  825. # Once the password expires keystone will deny the access and users must
  826. # contact an admin to change their password.
  827. #PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS = 0