api.py 4.17 KB
Newer Older
1
2
3
4
5
# -*- coding: utf-8 -*-
#
# API configuration
#####################

6
7
8

DEBUG = False

Kostas Papadimitriou's avatar
Kostas Papadimitriou committed
9
10
# Top-level URL for deployment. Numerous other URLs depend on this.
APP_INSTALL_URL = "https://host:port"
11

12
13
14
15
16
17
18
19
20
21
22
23
# The API implementation needs to accept and return absolute references
# to its resources. Thus, it needs to know its public URL.
API_ROOT_URL = APP_INSTALL_URL + '/api'

# The API will return HTTP Bad Request if the ?changes-since
# parameter refers to a point in time more than POLL_LIMIT seconds ago.
POLL_LIMIT = 3600

#
# Network Configuration
#

24
25
# Maximum allowed network size for private networks.
MAX_CIDR_BLOCK = 22
Christos Stavrakakis's avatar
Christos Stavrakakis committed
26

27
28
29
# Default settings used by network flavors
DEFAULT_MAC_PREFIX = 'aa:00:0'
DEFAULT_BRIDGE = 'br0'
Christos Stavrakakis's avatar
Christos Stavrakakis committed
30

31
32
33
34
# Boolean value indicating whether synnefo would hold a Pool and allocate IP
# addresses. If this setting is set to False, IP pool management will be
# delegated to Ganeti. If machines have been created with this option as False,
# you must run network reconciliation after turning it to True.
35
PUBLIC_USE_POOL = True
36

37
38
39
40
41
42
43
44
45
46
47
# Network flavors that users are allowed to create through API requests
API_ENABLED_NETWORK_FLAVORS = ['MAC_FILTERED']

# Settings for IP_LESS_ROUTED network:
# -----------------------------------
# In this case VMCs act as routers that forward the traffic to/from VMs, based
# on the defined routing table($DEFAULT_ROUTING_TABLE) and ip rules, that
# exist in every node, implenting an IP-less routed and proxy-arp setup.
DEFAULT_ROUTING_TABLE = 'snf_public'

# Settings for MAC_FILTERED network:
Christos Stavrakakis's avatar
Christos Stavrakakis committed
48
49
50
51
# ------------------------------------------
# All networks of this type are bridged to the same bridge. Isolation between
# networks is achieved by assigning a unique MAC-prefix to each network and
# filtering packets via ebtables.
52
DEFAULT_MAC_FILTERED_BRIDGE = 'prv0'
Christos Stavrakakis's avatar
Christos Stavrakakis committed
53

54

55
# Firewalling
56
57
58
GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:0:protected'
GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:0:unprotected'
GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:0:limited'
59

60
61
62
# The default firewall profile that will be in effect if no tags are defined
DEFAULT_FIREWALL_PROFILE = 'DISABLED'

63
64
# our REST API would prefer to be explicit about trailing slashes
APPEND_SLASH = False
65

66
67
68
69
# Fixed mapping of user VMs to a specific backend.
# e.g. BACKEND_PER_USER = {'example@okeanos.grnet.gr': 2}
BACKEND_PER_USER = {}

70
71
# List of backend IDs used *only* for archipelago.
ARCHIPELAGO_BACKENDS = []
72

73

74
75
76
77
78
79
80
# URL templates for the stat graphs.
# The API implementation replaces '%s' with the encrypted backend id.
# FIXME: For now we do not encrypt the backend id.
CPU_BAR_GRAPH_URL = 'http://stats.okeanos.grnet.gr/%s/cpu-bar.png'
CPU_TIMESERIES_GRAPH_URL = 'http://stats.okeanos.grnet.gr/%s/cpu-ts.png'
NET_BAR_GRAPH_URL = 'http://stats.okeanos.grnet.gr/%s/net-bar.png'
NET_TIMESERIES_GRAPH_URL = 'http://stats.okeanos.grnet.gr/%s/net-ts.png'
81
82
83

# Recommended refresh period for server stats
STATS_REFRESH_PERIOD = 60
84
85
86
87
88
89
90

# The maximum number of file path/content pairs that can be supplied on server
# build
MAX_PERSONALITY = 5

# The maximum size, in bytes, for each personality file
MAX_PERSONALITY_SIZE = 10240
91
92

# Available storage types to be used as disk templates
93
# Use ext_<provider_name> to map specific provider for `ext` disk template.
94
95
96
GANETI_DISK_TEMPLATES = ('blockdev', 'diskless', 'drbd', 'file', 'plain',
                         'rbd',  'sharedfile')
DEFAULT_GANETI_DISK_TEMPLATE = 'drbd'
97
98

# The URL of an astakos instance that will be used for user authentication
99
ASTAKOS_URL = 'https://accounts.example.org/'
100
101
102

# Key for password encryption-decryption. After changing this setting, synnefo
# will be unable to decrypt all existing Backend passwords. You will need to
103
104
105
# store again the new password by using 'snf-manage backend-modify'.
# SECRET_ENCRYPTION_KEY may up to 32 bytes. Keys bigger than 32 bytes are not
# supported.
Christos Stavrakakis's avatar
Christos Stavrakakis committed
106
SECRET_ENCRYPTION_KEY= "Password Encryption Key"
107
108
109
110
111
112

# Astakos service token
# The token used for astakos service api calls (e.g. api to retrieve user email
# using a user uuid)
CYCLADES_ASTAKOS_SERVICE_TOKEN = ''

113
114
115
116
# Let cyclades proxy user specific api calls to astakos, via self served
# endpoints. Set this to False if you deploy cyclades-app/astakos-app on the
# same machine.
CYCLADES_PROXY_USER_SERVICES = True