20-snf-cyclades-app-api.conf 5.11 KB
Newer Older
1
2
3
4
5
6
7
8
9
## -*- coding: utf-8 -*-
##
## API configuration
######################
#
#
#DEBUG = False
#
## Top-level URL for deployment. Numerous other URLs depend on this.
10
#CYCLADES_BASE_URL = "https://host:port/cyclades"
11
12
13
14
15
16
17
18
19
#
## The API will return HTTP Bad Request if the ?changes-since
## parameter refers to a point in time more than POLL_LIMIT seconds ago.
#POLL_LIMIT = 3600
#
##
## Network Configuration
##
#
20
21
22
23
24
25
26
## List of network IDs. All created instances will get a NIC connected to each
## network of this list. If the special network ID "SNF:ANY_PUBLIC" is used,
## Cyclades will automatically choose a public network and connect the server to
## it.
#DEFAULT_INSTANCE_NETWORKS=["SNF:ANY_PUBLIC"]
#
#
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
## Maximum allowed network size for private networks.
#MAX_CIDR_BLOCK = 22
#
## Default settings used by network flavors
#DEFAULT_MAC_PREFIX = 'aa:00:0'
#DEFAULT_BRIDGE = 'br0'
#
## Network flavors that users are allowed to create through API requests
#API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED']
#
## Settings for IP_LESS_ROUTED network:
## -----------------------------------
## In this case VMCs act as routers that forward the traffic to/from VMs, based
## on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that
## exist in every node, implenting an IP-less routed and proxy-arp setup.
#DEFAULT_ROUTING_TABLE = 'snf_public'
#
## Settings for MAC_FILTERED network:
## ------------------------------------------
## All networks of this type are bridged to the same bridge. Isolation between
## networks is achieved by assigning a unique MAC-prefix to each network and
## filtering packets via ebtables.
#DEFAULT_MAC_FILTERED_BRIDGE = 'prv0'
#
#
52
53
## Firewall tags should contain '%d' to be filled with the NIC
## index.
54
55
56
57
58
59
60
61
#GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:0:protected'
#GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:0:unprotected'
#GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:0:limited'
#
## The default firewall profile that will be in effect if no tags are defined
#DEFAULT_FIREWALL_PROFILE = 'DISABLED'
#
## Fixed mapping of user VMs to a specific backend.
62
## e.g. BACKEND_PER_USER = {'example@synnefo.org': 2}
63
64
65
66
67
68
69
70
71
#BACKEND_PER_USER = {}
#
## List of backend IDs used *only* for archipelago.
#ARCHIPELAGO_BACKENDS = []
#
#
## URL templates for the stat graphs.
## The API implementation replaces '%s' with the encrypted backend id.
## FIXME: For now we do not encrypt the backend id.
72
73
74
75
#CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png'
#CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png'
#NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png'
#NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png'
76
77
78
79
80
81
82
83
84
85
86
87
#
## Recommended refresh period for server stats
#STATS_REFRESH_PERIOD = 60
#
## The maximum number of file path/content pairs that can be supplied on server
## build
#MAX_PERSONALITY = 5
#
## The maximum size, in bytes, for each personality file
#MAX_PERSONALITY_SIZE = 10240
#
#
88
89
## Top-level URL of the astakos instance to be used for user management
#ASTAKOS_BASE_URL = 'https://accounts.example.synnefo.org/'
90
91
92
93
94
95
96
97
98
99
100
#
## Key for password encryption-decryption. After changing this setting, synnefo
## will be unable to decrypt all existing Backend passwords. You will need to
## store again the new password by using 'snf-manage backend-modify'.
## SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not
## supported.
#SECRET_ENCRYPTION_KEY= "Password Encryption Key"
#
## Astakos service token
## The token used for astakos service api calls (e.g. api to retrieve user email
## using a user uuid)
101
#CYCLADES_SERVICE_TOKEN = ''
102
103
104
105
106

# Let cyclades proxy user specific api calls to astakos, via self served
# endpoints. Set this to False if you deploy cyclades-app/astakos-app on the
# same machine.
#CYCLADES_PROXY_USER_SERVICES = True
107
108
109

# Tune the size of the http connection pool to astakos.
#CYCLADES_ASTAKOSCLIENT_POOLSIZE = 50
110
111
112
113
114
#
## Template to use to build the FQDN of VMs. The setting will be formated with
## the id of the VM. If set to 'None' the first public IPv4 or IPv6 address
## of the VM will be used.
#CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org'
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#
## Description of applied port forwarding rules (DNAT) for Cyclades VMs. This
## setting contains a mapping from the port of each VM to a tuple contaning the
## destination IP/hostname and the new port: (host, port). Instead of a tuple a
## python callable object may be used which must return such a tuple. The caller
## will pass to the callable the following positional arguments, in the
## following order:
## * server_id: The ID of the VM in the DB
## * ip_address: The IPv4 address of the public VM NIC
## * fqdn: The FQDN of the VM
## * user: The UUID of the owner of the VM
##
## Here is an example describing the mapping of the SSH port of all VMs to
## the external address 'gate.example.synnefo.org' and port 60000+server_id.
## e.g. iptables -t nat -A prerouting -d gate.example.synnefo.org \
## --dport (61000 # $(VM_ID)) -j DNAT --to-destination $(VM_IP):22
##CYCLADES_PORT_FORWARDING = {
##    22: lambda ip_address, server_id, fqdn, user:
##               ("gate.example.synnefo.org", 61000 + server_id),
##}
#CYCLADES_PORT_FORWARDING = {}