Fuel CCP - Horizon deployment
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

720 lines
26 KiB

  1. # -*- coding: utf-8 -*-
  2. import os
  3. from django.utils.translation import ugettext_lazy as _
  4. from horizon.utils import secret_key
  5. from openstack_dashboard import exceptions
  6. from openstack_dashboard.settings import HORIZON_CONFIG
  7. DEBUG = True
  8. # WEBROOT is the location relative to Webserver root
  9. # should end with a slash.
  10. WEBROOT = '/'
  11. #LOGIN_URL = WEBROOT + 'auth/login/'
  12. #LOGOUT_URL = WEBROOT + 'auth/logout/'
  13. #
  14. # LOGIN_REDIRECT_URL can be used as an alternative for
  15. # HORIZON_CONFIG.user_home, if user_home is not set.
  16. # Do not set it to '/home/', as this will cause circular redirect loop
  17. #LOGIN_REDIRECT_URL = WEBROOT
  18. # If horizon is running in production (DEBUG is False), set this
  19. # with the list of host/domain names that the application can serve.
  20. # For more information see:
  21. # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
  22. ALLOWED_HOSTS = ['*']
  23. # Set SSL proxy settings:
  24. # Pass this header from the proxy after terminating the SSL,
  25. # and don't forget to strip it from the client's request.
  26. # For more information see:
  27. # https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
  28. SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
  29. # If Horizon is being served through SSL, then uncomment the following two
  30. # settings to better secure the cookies from security exploits
  31. #CSRF_COOKIE_SECURE = True
  32. #SESSION_COOKIE_SECURE = True
  33. # The absolute path to the directory where message files are collected.
  34. # The message file must have a .json file extension. When the user logins to
  35. # horizon, the message files collected are processed and displayed to the user.
  36. #MESSAGES_PATH=None
  37. # Overrides for OpenStack API versions. Use this setting to force the
  38. # OpenStack dashboard to use a specific API version for a given service API.
  39. # Versions specified here should be integers or floats, not strings.
  40. # NOTE: The version should be formatted as it appears in the URL for the
  41. # service API. For example, The identity service APIs have inconsistent
  42. # use of the decimal point, so valid options would be 2.0 or 3.
  43. OPENSTACK_API_VERSIONS = {
  44. "data-processing": 1.1,
  45. "identity": 3,
  46. "volume": 2,
  47. "compute": 2,
  48. }
  49. # Set this to True if running on multi-domain model. When this is enabled, it
  50. # will require user to enter the Domain name in addition to username for login.
  51. #OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
  52. # Overrides the default domain used when running on single-domain model
  53. # with Keystone V3. All entities will be created in the default domain.
  54. # NOTE: This value must be the ID of the default domain, NOT the name.
  55. # Also, you will most likely have a value in the keystone policy file like this
  56. # "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
  57. # This value must match the domain id specified there.
  58. #OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
  59. # Set this to True to enable panels that provide the ability for users to
  60. # manage Identity Providers (IdPs) and establish a set of rules to map
  61. # federation protocol attributes to Identity API attributes.
  62. # This extension requires v3.0+ of the Identity API.
  63. #OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False
  64. # Set Console type:
  65. # valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None
  66. # Set to None explicitly if you want to deactivate the console.
  67. #CONSOLE_TYPE = "AUTO"
  68. # If provided, a "Report Bug" link will be displayed in the site header
  69. # which links to the value of this setting (ideally a URL containing
  70. # information on how to report issues).
  71. #HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
  72. # Show backdrop element outside the modal, do not close the modal
  73. # after clicking on backdrop.
  74. #HORIZON_CONFIG["modal_backdrop"] = "static"
  75. # Specify a regular expression to validate user passwords.
  76. #HORIZON_CONFIG["password_validator"] = {
  77. # "regex": '.*',
  78. # "help_text": _("Your password does not meet the requirements."),
  79. #}
  80. # Disable simplified floating IP address management for deployments with
  81. # multiple floating IP pools or complex network requirements.
  82. #HORIZON_CONFIG["simple_ip_management"] = False
  83. # Turn off browser autocompletion for forms including the login form and
  84. # the database creation workflow if so desired.
  85. #HORIZON_CONFIG["password_autocomplete"] = "off"
  86. # Setting this to True will disable the reveal button for password fields,
  87. # including on the login form.
  88. #HORIZON_CONFIG["disable_password_reveal"] = False
  89. LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
  90. # Set custom secret key:
  91. # You can either set it to a specific value or you can let horizon generate a
  92. # default secret key that is unique on this machine, e.i. regardless of the
  93. # amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,
  94. # there may be situations where you would want to set this explicitly, e.g.
  95. # when multiple dashboard instances are distributed on different machines
  96. # (usually behind a load-balancer). Either you have to make sure that a session
  97. # gets all requests routed to the same dashboard instance or you set the same
  98. # SECRET_KEY for all of them.
  99. SECRET_KEY = "{{ horizon.secret_key }}"
  100. # We recommend you use memcached for development; otherwise after every reload
  101. # of the django development server, you will have to login again. To use
  102. # memcached set CACHES to something like
  103. CACHES = {
  104. 'default': {
  105. 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
  106. 'LOCATION': '{{ address("memcached", memcached.port) }}',
  107. },
  108. }
  109. # Send email to the console by default
  110. EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
  111. # Or send them to /dev/null
  112. #EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
  113. # Configure these for your outgoing email host
  114. #EMAIL_HOST = 'smtp.my-company.com'
  115. #EMAIL_PORT = 25
  116. #EMAIL_HOST_USER = 'djangomail'
  117. #EMAIL_HOST_PASSWORD = 'top-secret!'
  118. # For multiple regions uncomment this configuration, and add (endpoint, title).
  119. #AVAILABLE_REGIONS = [
  120. # ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
  121. # ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
  122. #]
  123. OPENSTACK_HOST = "{{ address('keystone') }}"
  124. OPENSTACK_KEYSTONE_URL = "{{ address('keystone', keystone.public_port, with_scheme=True) }}/v3"
  125. OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
  126. # Enables keystone web single-sign-on if set to True.
  127. #WEBSSO_ENABLED = False
  128. # Determines which authentication choice to show as default.
  129. #WEBSSO_INITIAL_CHOICE = "credentials"
  130. # The list of authentication mechanisms which include keystone
  131. # federation protocols and identity provider/federation protocol
  132. # mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol
  133. # IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID
  134. # Connect respectively.
  135. # Do not remove the mandatory credentials mechanism.
  136. # Note: The last two tuples are sample mapping keys to a identity provider
  137. # and federation protocol combination (WEBSSO_IDP_MAPPING).
  138. #WEBSSO_CHOICES = (
  139. # ("credentials", _("Keystone Credentials")),
  140. # ("oidc", _("OpenID Connect")),
  141. # ("saml2", _("Security Assertion Markup Language")),
  142. # ("acme_oidc", "ACME - OpenID Connect"),
  143. # ("acme_saml2", "ACME - SAML2"),
  144. #)
  145. # A dictionary of specific identity provider and federation protocol
  146. # combinations. From the selected authentication mechanism, the value
  147. # will be looked up as keys in the dictionary. If a match is found,
  148. # it will redirect the user to a identity provider and federation protocol
  149. # specific WebSSO endpoint in keystone, otherwise it will use the value
  150. # as the protocol_id when redirecting to the WebSSO by protocol endpoint.
  151. # NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>).
  152. #WEBSSO_IDP_MAPPING = {
  153. # "acme_oidc": ("acme", "oidc"),
  154. # "acme_saml2": ("acme", "saml2"),
  155. #}
  156. # Disable SSL certificate checks (useful for self-signed certificates):
  157. #OPENSTACK_SSL_NO_VERIFY = True
  158. # The CA certificate to use to verify SSL connections
  159. OPENSTACK_SSL_CACERT = '/opt/ccp/etc/tls/ca.pem'
  160. # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
  161. # capabilities of the auth backend for Keystone.
  162. # If Keystone has been configured to use LDAP as the auth backend then set
  163. # can_edit_user to False and name to 'ldap'.
  164. #
  165. # TODO(tres): Remove these once Keystone has an API to identify auth backend.
  166. OPENSTACK_KEYSTONE_BACKEND = {
  167. 'name': 'native',
  168. 'can_edit_user': True,
  169. 'can_edit_group': True,
  170. 'can_edit_project': True,
  171. 'can_edit_domain': True,
  172. 'can_edit_role': True,
  173. }
  174. # Setting this to True, will add a new "Retrieve Password" action on instance,
  175. # allowing Admin session password retrieval/decryption.
  176. #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
  177. # The Launch Instance user experience has been significantly enhanced.
  178. # You can choose whether to enable the new launch instance experience,
  179. # the legacy experience, or both. The legacy experience will be removed
  180. # in a future release, but is available as a temporary backup setting to ensure
  181. # compatibility with existing deployments. Further development will not be
  182. # done on the legacy experience. Please report any problems with the new
  183. # experience via the Launchpad tracking system.
  184. #
  185. # Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
  186. # determine the experience to enable. Set them both to true to enable
  187. # both.
  188. LAUNCH_INSTANCE_LEGACY_ENABLED = False
  189. LAUNCH_INSTANCE_NG_ENABLED = True
  190. # "off" disables the ability to upload images via Horizon. "legacy" enables
  191. # local file upload by piping the image file through the Horizon?s web-server.
  192. # "direct" sends the image file directly from the web browser to Glance.
  193. HORIZON_IMAGES_UPLOAD_MODE = "{{ horizon.images_upload_mode }}"
  194. # A dictionary of settings which can be used to provide the default values for
  195. # properties found in the Launch Instance modal.
  196. #LAUNCH_INSTANCE_DEFAULTS = {
  197. # 'config_drive': False,
  198. #}
  199. # The Xen Hypervisor has the ability to set the mount point for volumes
  200. # attached to instances (other Hypervisors currently do not). Setting
  201. # can_set_mount_point to True will add the option to set the mount point
  202. # from the UI.
  203. OPENSTACK_HYPERVISOR_FEATURES = {
  204. 'can_set_mount_point': False,
  205. 'can_set_password': False,
  206. 'requires_keypair': False,
  207. }
  208. # The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
  209. # services provided by cinder that is not exposed by its extension API.
  210. OPENSTACK_CINDER_FEATURES = {
  211. 'enable_backup': True,
  212. }
  213. # The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
  214. # services provided by neutron. Options currently available are load
  215. # balancer service, security groups, quotas, VPN service.
  216. OPENSTACK_NEUTRON_NETWORK = {
  217. 'enable_router': True,
  218. 'enable_quotas': True,
  219. 'enable_ipv6': True,
  220. 'enable_distributed_router': False,
  221. 'enable_ha_router': False,
  222. 'enable_lb': True,
  223. 'enable_firewall': True,
  224. 'enable_vpn': True,
  225. 'enable_fip_topology_check': True,
  226. # Neutron can be configured with a default Subnet Pool to be used for IPv4
  227. # subnet-allocation. Specify the label you wish to display in the Address
  228. # pool selector on the create subnet step if you want to use this feature.
  229. 'default_ipv4_subnet_pool_label': None,
  230. # Neutron can be configured with a default Subnet Pool to be used for IPv6
  231. # subnet-allocation. Specify the label you wish to display in the Address
  232. # pool selector on the create subnet step if you want to use this feature.
  233. # You must set this to enable IPv6 Prefix Delegation in a PD-capable
  234. # environment.
  235. 'default_ipv6_subnet_pool_label': None,
  236. # The profile_support option is used to detect if an external router can be
  237. # configured via the dashboard. When using specific plugins the
  238. # profile_support can be turned on if needed.
  239. 'profile_support': None,
  240. #'profile_support': 'cisco',
  241. # Set which provider network types are supported. Only the network types
  242. # in this list will be available to choose from when creating a network.
  243. # Network types include local, flat, vlan, gre, and vxlan.
  244. 'supported_provider_types': ['*'],
  245. # Set which VNIC types are supported for port binding. Only the VNIC
  246. # types in this list will be available to choose from when creating a
  247. # port.
  248. # VNIC types include 'normal', 'macvtap' and 'direct'.
  249. # Set to empty list or None to disable VNIC type selection.
  250. 'supported_vnic_types': ['*'],
  251. }
  252. # The OPENSTACK_HEAT_STACK settings can be used to disable password
  253. # field required while launching the stack.
  254. OPENSTACK_HEAT_STACK = {
  255. 'enable_user_pass': True,
  256. }
  257. # The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
  258. # in the OpenStack Dashboard related to the Image service, such as the list
  259. # of supported image formats.
  260. #OPENSTACK_IMAGE_BACKEND = {
  261. # 'image_formats': [
  262. # ('', _('Select format')),
  263. # ('aki', _('AKI - Amazon Kernel Image')),
  264. # ('ami', _('AMI - Amazon Machine Image')),
  265. # ('ari', _('ARI - Amazon Ramdisk Image')),
  266. # ('docker', _('Docker')),
  267. # ('iso', _('ISO - Optical Disk Image')),
  268. # ('ova', _('OVA - Open Virtual Appliance')),
  269. # ('qcow2', _('QCOW2 - QEMU Emulator')),
  270. # ('raw', _('Raw')),
  271. # ('vdi', _('VDI - Virtual Disk Image')),
  272. # ('vhd', _('VHD - Virtual Hard Disk')),
  273. # ('vmdk', _('VMDK - Virtual Machine Disk')),
  274. # ],
  275. #}
  276. # The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
  277. # image custom property attributes that appear on image detail pages.
  278. IMAGE_CUSTOM_PROPERTY_TITLES = {
  279. "architecture": _("Architecture"),
  280. "kernel_id": _("Kernel ID"),
  281. "ramdisk_id": _("Ramdisk ID"),
  282. "image_state": _("Euca2ools state"),
  283. "project_id": _("Project ID"),
  284. "image_type": _("Image Type"),
  285. }
  286. # The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
  287. # custom properties should not be displayed in the Image Custom Properties
  288. # table.
  289. IMAGE_RESERVED_CUSTOM_PROPERTIES = []
  290. # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
  291. # in the Keystone service catalog. Use this setting when Horizon is running
  292. # external to the OpenStack environment. The default is 'publicURL'.
  293. OPENSTACK_ENDPOINT_TYPE = "internalURL"
  294. # SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
  295. # case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
  296. # in the Keystone service catalog. Use this setting when Horizon is running
  297. # external to the OpenStack environment. The default is None. This
  298. # value should differ from OPENSTACK_ENDPOINT_TYPE if used.
  299. #SECONDARY_ENDPOINT_TYPE = "publicURL"
  300. # The number of objects (Swift containers/objects or images) to display
  301. # on a single page before providing a paging element (a "more" link)
  302. # to paginate results.
  303. API_RESULT_LIMIT = 1000
  304. API_RESULT_PAGE_SIZE = 20
  305. # The size of chunk in bytes for downloading objects from Swift
  306. SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
  307. # Specify a maximum number of items to display in a dropdown.
  308. DROPDOWN_MAX_ITEMS = 30
  309. # The timezone of the server. This should correspond with the timezone
  310. # of your entire OpenStack installation, and hopefully be in UTC.
  311. TIME_ZONE = "UTC"
  312. # When launching an instance, the menu of available flavors is
  313. # sorted by RAM usage, ascending. If you would like a different sort order,
  314. # you can provide another flavor attribute as sorting key. Alternatively, you
  315. # can provide a custom callback method to use for sorting. You can also provide
  316. # a flag for reverse sort. For more info, see
  317. # http://docs.python.org/2/library/functions.html#sorted
  318. #CREATE_INSTANCE_FLAVOR_SORT = {
  319. # 'key': 'name',
  320. # # or
  321. # 'key': my_awesome_callback_method,
  322. # 'reverse': False,
  323. #}
  324. # Set this to True to display an 'Admin Password' field on the Change Password
  325. # form to verify that it is indeed the admin logged-in who wants to change
  326. # the password.
  327. #ENFORCE_PASSWORD_CHECK = False
  328. # Modules that provide /auth routes that can be used to handle different types
  329. # of user authentication. Add auth plugins that require extra route handling to
  330. # this list.
  331. #AUTHENTICATION_URLS = [
  332. # 'openstack_auth.urls',
  333. #]
  334. # The Horizon Policy Enforcement engine uses these values to load per service
  335. # policy rule files. The content of these files should match the files the
  336. # OpenStack services are using to determine role based access control in the
  337. # target installation.
  338. # Path to directory containing policy.json files
  339. #POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
  340. # Map of local copy of service policy files.
  341. # Please insure that your identity policy file matches the one being used on
  342. # your keystone servers. There is an alternate policy file that may be used
  343. # in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
  344. # This file is not included in the Horizon repository by default but can be
  345. # found at
  346. # http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
  347. # policy.v3cloudsample.json
  348. # Having matching policy files on the Horizon and Keystone servers is essential
  349. # for normal operation. This holds true for all services and their policy files.
  350. #POLICY_FILES = {
  351. # 'identity': 'keystone_policy.json',
  352. # 'compute': 'nova_policy.json',
  353. # 'volume': 'cinder_policy.json',
  354. # 'image': 'glance_policy.json',
  355. # 'orchestration': 'heat_policy.json',
  356. # 'network': 'neutron_policy.json',
  357. # 'telemetry': 'ceilometer_policy.json',
  358. #}
  359. # TODO: (david-lyle) remove when plugins support adding settings.
  360. # Note: Only used when trove-dashboard plugin is configured to be used by
  361. # Horizon.
  362. # Trove user and database extension support. By default support for
  363. # creating users and databases on database instances is turned on.
  364. # To disable these extensions set the permission here to something
  365. # unusable such as ["!"].
  366. #TROVE_ADD_USER_PERMS = []
  367. #TROVE_ADD_DATABASE_PERMS = []
  368. # Change this patch to the appropriate list of tuples containing
  369. # a key, label and static directory containing two files:
  370. # _variables.scss and _styles.scss
  371. #AVAILABLE_THEMES = [
  372. # ('default', 'Default', 'themes/default'),
  373. # ('material', 'Material', 'themes/material'),
  374. #]
  375. LOGGING = {
  376. 'version': 1,
  377. # When set to True this will disable all logging except
  378. # for loggers specified in this configuration dictionary. Note that
  379. # if nothing is specified here and disable_existing_loggers is True,
  380. # django.db.backends will still log unless it is disabled explicitly.
  381. 'disable_existing_loggers': False,
  382. 'handlers': {
  383. 'null': {
  384. 'level': 'DEBUG',
  385. 'class': 'logging.NullHandler',
  386. },
  387. 'console': {
  388. # Set the level to "DEBUG" for verbose output logging.
  389. 'level': 'INFO',
  390. 'class': 'logging.StreamHandler',
  391. },
  392. },
  393. 'loggers': {
  394. # Logging from django.db.backends is VERY verbose, send to null
  395. # by default.
  396. 'django.db.backends': {
  397. 'handlers': ['null'],
  398. 'propagate': False,
  399. },
  400. 'requests': {
  401. 'handlers': ['null'],
  402. 'propagate': False,
  403. },
  404. 'horizon': {
  405. 'handlers': ['console'],
  406. 'level': 'DEBUG',
  407. 'propagate': False,
  408. },
  409. 'openstack_dashboard': {
  410. 'handlers': ['console'],
  411. 'level': 'DEBUG',
  412. 'propagate': False,
  413. },
  414. 'novaclient': {
  415. 'handlers': ['console'],
  416. 'level': 'DEBUG',
  417. 'propagate': False,
  418. },
  419. 'cinderclient': {
  420. 'handlers': ['console'],
  421. 'level': 'DEBUG',
  422. 'propagate': False,
  423. },
  424. 'keystoneclient': {
  425. 'handlers': ['console'],
  426. 'level': 'DEBUG',
  427. 'propagate': False,
  428. },
  429. 'glanceclient': {
  430. 'handlers': ['console'],
  431. 'level': 'DEBUG',
  432. 'propagate': False,
  433. },
  434. 'neutronclient': {
  435. 'handlers': ['console'],
  436. 'level': 'DEBUG',
  437. 'propagate': False,
  438. },
  439. 'heatclient': {
  440. 'handlers': ['console'],
  441. 'level': 'DEBUG',
  442. 'propagate': False,
  443. },
  444. 'ceilometerclient': {
  445. 'handlers': ['console'],
  446. 'level': 'DEBUG',
  447. 'propagate': False,
  448. },
  449. 'swiftclient': {
  450. 'handlers': ['console'],
  451. 'level': 'DEBUG',
  452. 'propagate': False,
  453. },
  454. 'openstack_auth': {
  455. 'handlers': ['console'],
  456. 'level': 'DEBUG',
  457. 'propagate': False,
  458. },
  459. 'nose.plugins.manager': {
  460. 'handlers': ['console'],
  461. 'level': 'DEBUG',
  462. 'propagate': False,
  463. },
  464. 'django': {
  465. 'handlers': ['console'],
  466. 'level': 'DEBUG',
  467. 'propagate': False,
  468. },
  469. 'iso8601': {
  470. 'handlers': ['null'],
  471. 'propagate': False,
  472. },
  473. 'scss': {
  474. 'handlers': ['null'],
  475. 'propagate': False,
  476. },
  477. },
  478. }
  479. # 'direction' should not be specified for all_tcp/udp/icmp.
  480. # It is specified in the form.
  481. SECURITY_GROUP_RULES = {
  482. 'all_tcp': {
  483. 'name': _('All TCP'),
  484. 'ip_protocol': 'tcp',
  485. 'from_port': '1',
  486. 'to_port': '65535',
  487. },
  488. 'all_udp': {
  489. 'name': _('All UDP'),
  490. 'ip_protocol': 'udp',
  491. 'from_port': '1',
  492. 'to_port': '65535',
  493. },
  494. 'all_icmp': {
  495. 'name': _('All ICMP'),
  496. 'ip_protocol': 'icmp',
  497. 'from_port': '-1',
  498. 'to_port': '-1',
  499. },
  500. 'ssh': {
  501. 'name': 'SSH',
  502. 'ip_protocol': 'tcp',
  503. 'from_port': '22',
  504. 'to_port': '22',
  505. },
  506. 'smtp': {
  507. 'name': 'SMTP',
  508. 'ip_protocol': 'tcp',
  509. 'from_port': '25',
  510. 'to_port': '25',
  511. },
  512. 'dns': {
  513. 'name': 'DNS',
  514. 'ip_protocol': 'tcp',
  515. 'from_port': '53',
  516. 'to_port': '53',
  517. },
  518. 'http': {
  519. 'name': 'HTTP',
  520. 'ip_protocol': 'tcp',
  521. 'from_port': '80',
  522. 'to_port': '80',
  523. },
  524. 'pop3': {
  525. 'name': 'POP3',
  526. 'ip_protocol': 'tcp',
  527. 'from_port': '110',
  528. 'to_port': '110',
  529. },
  530. 'imap': {
  531. 'name': 'IMAP',
  532. 'ip_protocol': 'tcp',
  533. 'from_port': '143',
  534. 'to_port': '143',
  535. },
  536. 'ldap': {
  537. 'name': 'LDAP',
  538. 'ip_protocol': 'tcp',
  539. 'from_port': '389',
  540. 'to_port': '389',
  541. },
  542. 'https': {
  543. 'name': 'HTTPS',
  544. 'ip_protocol': 'tcp',
  545. 'from_port': '443',
  546. 'to_port': '443',
  547. },
  548. 'smtps': {
  549. 'name': 'SMTPS',
  550. 'ip_protocol': 'tcp',
  551. 'from_port': '465',
  552. 'to_port': '465',
  553. },
  554. 'imaps': {
  555. 'name': 'IMAPS',
  556. 'ip_protocol': 'tcp',
  557. 'from_port': '993',
  558. 'to_port': '993',
  559. },
  560. 'pop3s': {
  561. 'name': 'POP3S',
  562. 'ip_protocol': 'tcp',
  563. 'from_port': '995',
  564. 'to_port': '995',
  565. },
  566. 'ms_sql': {
  567. 'name': 'MS SQL',
  568. 'ip_protocol': 'tcp',
  569. 'from_port': '1433',
  570. 'to_port': '1433',
  571. },
  572. 'mysql': {
  573. 'name': 'MYSQL',
  574. 'ip_protocol': 'tcp',
  575. 'from_port': '3306',
  576. 'to_port': '3306',
  577. },
  578. 'rdp': {
  579. 'name': 'RDP',
  580. 'ip_protocol': 'tcp',
  581. 'from_port': '3389',
  582. 'to_port': '3389',
  583. },
  584. }
  585. # Deprecation Notice:
  586. #
  587. # The setting FLAVOR_EXTRA_KEYS has been deprecated.
  588. # Please load extra spec metadata into the Glance Metadata Definition Catalog.
  589. #
  590. # The sample quota definitions can be found in:
  591. # <glance_source>/etc/metadefs/compute-quota.json
  592. #
  593. # The metadata definition catalog supports CLI and API:
  594. # $glance --os-image-api-version 2 help md-namespace-import
  595. # $glance-manage db_load_metadefs <directory_with_definition_files>
  596. #
  597. # See Metadata Definitions on: http://docs.openstack.org/developer/glance/
  598. # TODO: (david-lyle) remove when plugins support settings natively
  599. # Note: This is only used when the Sahara plugin is configured and enabled
  600. # for use in Horizon.
  601. # Indicate to the Sahara data processing service whether or not
  602. # automatic floating IP allocation is in effect. If it is not
  603. # in effect, the user will be prompted to choose a floating IP
  604. # pool for use in their cluster. False by default. You would want
  605. # to set this to True if you were running Nova Networking with
  606. # auto_assign_floating_ip = True.
  607. #SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
  608. # The hash algorithm to use for authentication tokens. This must
  609. # match the hash algorithm that the identity server and the
  610. # auth_token middleware are using. Allowed values are the
  611. # algorithms supported by Python's hashlib library.
  612. #OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
  613. # AngularJS requires some settings to be made available to
  614. # the client side. Some settings are required by in-tree / built-in horizon
  615. # features. These settings must be added to REST_API_REQUIRED_SETTINGS in the
  616. # form of ['SETTING_1','SETTING_2'], etc.
  617. #
  618. # You may remove settings from this list for security purposes, but do so at
  619. # the risk of breaking a built-in horizon feature. These settings are required
  620. # for horizon to function properly. Only remove them if you know what you
  621. # are doing. These settings may in the future be moved to be defined within
  622. # the enabled panel configuration.
  623. # You should not add settings to this list for out of tree extensions.
  624. # See: https://wiki.openstack.org/wiki/Horizon/RESTAPI
  625. REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
  626. 'LAUNCH_INSTANCE_DEFAULTS',
  627. 'OPENSTACK_IMAGE_FORMATS']
  628. # Additional settings can be made available to the client side for
  629. # extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS
  630. # !! Please use extreme caution as the settings are transferred via HTTP/S
  631. # and are not encrypted on the browser. This is an experimental API and
  632. # may be deprecated in the future without notice.
  633. #REST_API_ADDITIONAL_SETTINGS = []
  634. # DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
  635. # within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
  636. # Scripting (XFS) vulnerability, so this option allows extra security hardening
  637. # where iframes are not used in deployment. Default setting is True.
  638. # For more information see:
  639. # http://tinyurl.com/anticlickjack
  640. #DISALLOW_IFRAME_EMBED = True
  641. COMPRESS_OFFLINE = True
  642. # Allow a location to be set when creating or updating Glance images.
  643. # If using Glance V2, this value should be False unless the Glance
  644. # configuration and policies allow setting locations.
  645. IMAGES_ALLOW_LOCATION = True