-
-
Save anonymous/ab8a68ca9e62411e38b8 to your computer and use it in GitHub Desktop.
Materials for illustrating the bad endpoint problem with the projects dropdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Full path: /usr/lib/python2.7/dist-packages/openstack_auth/backend.py | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or | |
# implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
""" Module defining the Django auth backend class for the Keystone API. """ | |
import logging | |
from django.conf import settings | |
from django.utils.translation import ugettext_lazy as _ | |
from keystoneclient import exceptions as keystone_exceptions | |
from openstack_auth import exceptions | |
from openstack_auth import user as auth_user | |
from openstack_auth import utils | |
import os | |
LOG = logging.getLogger(__name__) | |
KEYSTONE_CLIENT_ATTR = "_keystoneclient" | |
class KeystoneBackend(object): | |
"""Django authentication backend class for use with | |
``django.contrib.auth``. | |
""" | |
def check_auth_expiry(self, auth_ref, margin=None): | |
if not utils.is_token_valid(auth_ref, margin): | |
msg = _("The authentication token issued by the Identity service " | |
"has expired.") | |
LOG.warning("The authentication token issued by the Identity " | |
"service appears to have expired before it was " | |
"issued. This may indicate a problem with either your " | |
"server or client configuration.") | |
raise exceptions.KeystoneAuthException(msg) | |
return True | |
def get_user(self, user_id): | |
"""Returns the current user (if authenticated) based on the user ID | |
and session data. | |
Note: this required monkey-patching the ``contrib.auth`` middleware | |
to make the ``request`` object available to the auth backend class. | |
""" | |
if (hasattr(self, 'request') and | |
user_id == self.request.session["user_id"]): | |
token = self.request.session['token'] | |
endpoint = self.request.session['region_endpoint'] | |
if not utils.has_in_url_path(endpoint, 'v2.0') and not utils.has_in_url_path(endpoint, 'v3'): | |
if utils.get_keystone_version() >= 3: | |
endpoint = os.path.join(endpoint, 'v3') | |
else: | |
endpoint = os.path.join(endpoint, 'v2.0') | |
services_region = self.request.session['services_region'] | |
LOG.warning('openstack_auth/backend: endpoint = %s' % endpoint) | |
user = auth_user.create_user_from_token(self.request, token, | |
endpoint, services_region) | |
return user | |
else: | |
return None | |
def authenticate(self, request=None, username=None, password=None, | |
user_domain_name=None, auth_url=None): | |
"""Authenticates a user via the Keystone Identity API.""" | |
LOG.debug('Beginning user authentication for user "%s".' % username) | |
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) | |
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None) | |
endpoint_type = getattr( | |
settings, 'OPENSTACK_ENDPOINT_TYPE', 'publicURL') | |
# keystone client v3 does not support logging in on the v2 url any more | |
if utils.get_keystone_version() >= 3: | |
if utils.has_in_url_path(auth_url, "/v2.0"): | |
LOG.warning("The settings.py file points to a v2.0 keystone " | |
"endpoint, but v3 is specified as the API version " | |
"to use. Using v3 endpoint for authentication.") | |
auth_url = utils.url_path_replace(auth_url, "/v2.0", "/v3", 1) | |
keystone_client = utils.get_keystone_client() | |
try: | |
client = keystone_client.Client( | |
user_domain_name=user_domain_name, | |
username=username, | |
password=password, | |
auth_url=auth_url, | |
insecure=insecure, | |
cacert=ca_cert, | |
debug=settings.DEBUG) | |
unscoped_auth_ref = client.auth_ref | |
unscoped_token = auth_user.Token(auth_ref=unscoped_auth_ref) | |
except (keystone_exceptions.Unauthorized, | |
keystone_exceptions.Forbidden, | |
keystone_exceptions.NotFound) as exc: | |
msg = _('Invalid user name or password.') | |
LOG.debug(str(exc)) | |
raise exceptions.KeystoneAuthException(msg) | |
except (keystone_exceptions.ClientException, | |
keystone_exceptions.AuthorizationFailure) as exc: | |
msg = _("An error occurred authenticating. " | |
"Please try again later.") | |
LOG.debug(str(exc)) | |
raise exceptions.KeystoneAuthException(msg) | |
# Check expiry for our unscoped auth ref. | |
self.check_auth_expiry(unscoped_auth_ref) | |
# Check if token is automatically scoped to default_project | |
if unscoped_auth_ref.project_scoped: | |
auth_ref = unscoped_auth_ref | |
else: | |
# For now we list all the user's projects and iterate through. | |
try: | |
if utils.get_keystone_version() < 3: | |
projects = client.tenants.list() | |
else: | |
client.management_url = auth_url | |
projects = client.projects.list( | |
user=unscoped_auth_ref.user_id) | |
except (keystone_exceptions.ClientException, | |
keystone_exceptions.AuthorizationFailure) as exc: | |
msg = _('Unable to retrieve authorized projects.') | |
raise exceptions.KeystoneAuthException(msg) | |
# Abort if there are no projects for this user | |
if not projects: | |
msg = _('You are not authorized for any projects.') | |
raise exceptions.KeystoneAuthException(msg) | |
while projects: | |
project = projects.pop() | |
try: | |
client = keystone_client.Client( | |
tenant_id=project.id, | |
token=unscoped_auth_ref.auth_token, | |
auth_url=auth_url, | |
insecure=insecure, | |
cacert=ca_cert, | |
debug=settings.DEBUG) | |
auth_ref = client.auth_ref | |
break | |
except (keystone_exceptions.ClientException, | |
keystone_exceptions.AuthorizationFailure): | |
auth_ref = None | |
if auth_ref is None: | |
msg = _("Unable to authenticate to any available projects.") | |
raise exceptions.KeystoneAuthException(msg) | |
# Check expiry for our new scoped token. | |
self.check_auth_expiry(auth_ref) | |
# If we made it here we succeeded. Create our User! | |
user = auth_user.create_user_from_token( | |
request, | |
auth_user.Token(auth_ref), | |
client.service_catalog.url_for(endpoint_type=endpoint_type)) | |
if request is not None: | |
request.session['unscoped_token'] = unscoped_token.id | |
request.user = user | |
# Support client caching to save on auth calls. | |
setattr(request, KEYSTONE_CLIENT_ATTR, client) | |
LOG.debug('Authentication completed for user "%s".' % username) | |
return user | |
def get_group_permissions(self, user, obj=None): | |
"""Returns an empty set since Keystone doesn't support "groups".""" | |
# Keystone V3 added "groups". The Auth token response includes the | |
# roles from the user's Group assignment. It should be fine just | |
# returning an empty set here. | |
return set() | |
def get_all_permissions(self, user, obj=None): | |
"""Returns a set of permission strings that this user has through | |
his/her Keystone "roles". | |
The permissions are returned as ``"openstack.{{ role.name }}"``. | |
""" | |
if user.is_anonymous() or obj is not None: | |
return set() | |
# TODO(gabrielhurley): Integrate policy-driven RBAC | |
# when supported by Keystone. | |
role_perms = set(["openstack.roles.%s" % role['name'].lower() | |
for role in user.roles]) | |
service_perms = set(["openstack.services.%s" % service['type'].lower() | |
for service in user.service_catalog | |
if user.services_region in | |
[endpoint.get('region', None) for endpoint | |
in service.get('endpoints', [])]]) | |
return role_perms | service_perms | |
def has_perm(self, user, perm, obj=None): | |
"""Returns True if the given user has the specified permission.""" | |
if not user.is_active: | |
return False | |
return perm in self.get_all_permissions(user, obj) | |
def has_module_perms(self, user, app_label): | |
"""Returns True if user has any permissions in the given app_label. | |
Currently this matches for the app_label ``"openstack"``. | |
""" | |
if not user.is_active: | |
return False | |
for perm in self.get_all_permissions(user): | |
if perm[:perm.index('.')] == app_label: | |
return True | |
return False | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or | |
# implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
""" Module defining the Django auth backend class for the Keystone API. """ | |
import logging | |
from django.conf import settings | |
from django.utils.translation import ugettext_lazy as _ | |
from keystoneclient import exceptions as keystone_exceptions | |
from openstack_auth import exceptions | |
from openstack_auth import user as auth_user | |
from openstack_auth import utils | |
import os | |
LOG = logging.getLogger(__name__) | |
KEYSTONE_CLIENT_ATTR = "_keystoneclient" | |
class KeystoneBackend(object): | |
"""Django authentication backend class for use with | |
``django.contrib.auth``. | |
""" | |
def check_auth_expiry(self, auth_ref, margin=None): | |
if not utils.is_token_valid(auth_ref, margin): | |
msg = _("The authentication token issued by the Identity service " | |
"has expired.") | |
LOG.warning("The authentication token issued by the Identity " | |
"service appears to have expired before it was " | |
"issued. This may indicate a problem with either your " | |
"server or client configuration.") | |
raise exceptions.KeystoneAuthException(msg) | |
return True | |
def get_user(self, user_id): | |
"""Returns the current user (if authenticated) based on the user ID | |
and session data. | |
Note: this required monkey-patching the ``contrib.auth`` middleware | |
to make the ``request`` object available to the auth backend class. | |
""" | |
if (hasattr(self, 'request') and | |
user_id == self.request.session["user_id"]): | |
token = self.request.session['token'] | |
endpoint = self.request.session['region_endpoint'] | |
if not utils.has_in_url_path(endpoint, 'v2.0') and not utils.has_in_url_path(endpoint, 'v3'): | |
if utils.get_keystone_version() >= 3: | |
endpoint = os.path.join(endpoint, 'v3') | |
else: | |
endpoint = os.path.join(endpoint, 'v2.0') | |
services_region = self.request.session['services_region'] | |
LOG.warning('openstack_auth/backend: endpoint = %s' % endpoint) | |
user = auth_user.create_user_from_token(self.request, token, | |
endpoint, services_region) | |
return user | |
else: | |
return None | |
def authenticate(self, request=None, username=None, password=None, | |
user_domain_name=None, auth_url=None): | |
"""Authenticates a user via the Keystone Identity API.""" | |
LOG.debug('Beginning user authentication for user "%s".' % username) | |
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) | |
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None) | |
endpoint_type = getattr( | |
settings, 'OPENSTACK_ENDPOINT_TYPE', 'publicURL') | |
# keystone client v3 does not support logging in on the v2 url any more | |
if utils.get_keystone_version() >= 3: | |
if utils.has_in_url_path(auth_url, "/v2.0"): | |
LOG.warning("The settings.py file points to a v2.0 keystone " | |
"endpoint, but v3 is specified as the API version " | |
"to use. Using v3 endpoint for authentication.") | |
auth_url = utils.url_path_replace(auth_url, "/v2.0", "/v3", 1) | |
keystone_client = utils.get_keystone_client() | |
try: | |
client = keystone_client.Client( | |
user_domain_name=user_domain_name, | |
username=username, | |
password=password, | |
auth_url=auth_url, | |
insecure=insecure, | |
cacert=ca_cert, | |
debug=settings.DEBUG) | |
unscoped_auth_ref = client.auth_ref | |
unscoped_token = auth_user.Token(auth_ref=unscoped_auth_ref) | |
except (keystone_exceptions.Unauthorized, | |
keystone_exceptions.Forbidden, | |
keystone_exceptions.NotFound) as exc: | |
msg = _('Invalid user name or password.') | |
LOG.debug(str(exc)) | |
raise exceptions.KeystoneAuthException(msg) | |
except (keystone_exceptions.ClientException, | |
keystone_exceptions.AuthorizationFailure) as exc: | |
msg = _("An error occurred authenticating. " | |
"Please try again later.") | |
LOG.debug(str(exc)) | |
raise exceptions.KeystoneAuthException(msg) | |
# Check expiry for our unscoped auth ref. | |
self.check_auth_expiry(unscoped_auth_ref) | |
# Check if token is automatically scoped to default_project | |
if unscoped_auth_ref.project_scoped: | |
auth_ref = unscoped_auth_ref | |
else: | |
# For now we list all the user's projects and iterate through. | |
try: | |
if utils.get_keystone_version() < 3: | |
projects = client.tenants.list() | |
else: | |
client.management_url = auth_url | |
projects = client.projects.list( | |
user=unscoped_auth_ref.user_id) | |
except (keystone_exceptions.ClientException, | |
keystone_exceptions.AuthorizationFailure) as exc: | |
msg = _('Unable to retrieve authorized projects.') | |
raise exceptions.KeystoneAuthException(msg) | |
# Abort if there are no projects for this user | |
if not projects: | |
msg = _('You are not authorized for any projects.') | |
raise exceptions.KeystoneAuthException(msg) | |
while projects: | |
project = projects.pop() | |
try: | |
client = keystone_client.Client( | |
tenant_id=project.id, | |
token=unscoped_auth_ref.auth_token, | |
auth_url=auth_url, | |
insecure=insecure, | |
cacert=ca_cert, | |
debug=settings.DEBUG) | |
auth_ref = client.auth_ref | |
break | |
except (keystone_exceptions.ClientException, | |
keystone_exceptions.AuthorizationFailure): | |
auth_ref = None | |
if auth_ref is None: | |
msg = _("Unable to authenticate to any available projects.") | |
raise exceptions.KeystoneAuthException(msg) | |
# Check expiry for our new scoped token. | |
self.check_auth_expiry(auth_ref) | |
# If we made it here we succeeded. Create our User! | |
user = auth_user.create_user_from_token( | |
request, | |
auth_user.Token(auth_ref), | |
client.service_catalog.url_for(endpoint_type=endpoint_type)) | |
if request is not None: | |
request.session['unscoped_token'] = unscoped_token.id | |
request.user = user | |
# Support client caching to save on auth calls. | |
setattr(request, KEYSTONE_CLIENT_ATTR, client) | |
LOG.debug('Authentication completed for user "%s".' % username) | |
return user | |
def get_group_permissions(self, user, obj=None): | |
"""Returns an empty set since Keystone doesn't support "groups".""" | |
# Keystone V3 added "groups". The Auth token response includes the | |
# roles from the user's Group assignment. It should be fine just | |
# returning an empty set here. | |
return set() | |
def get_all_permissions(self, user, obj=None): | |
"""Returns a set of permission strings that this user has through | |
his/her Keystone "roles". | |
The permissions are returned as ``"openstack.{{ role.name }}"``. | |
""" | |
if user.is_anonymous() or obj is not None: | |
return set() | |
# TODO(gabrielhurley): Integrate policy-driven RBAC | |
# when supported by Keystone. | |
role_perms = set(["openstack.roles.%s" % role['name'].lower() | |
for role in user.roles]) | |
service_perms = set(["openstack.services.%s" % service['type'].lower() | |
for service in user.service_catalog | |
if user.services_region in | |
[endpoint.get('region', None) for endpoint | |
in service.get('endpoints', [])]]) | |
return role_perms | service_perms | |
def has_perm(self, user, perm, obj=None): | |
"""Returns True if the given user has the specified permission.""" | |
if not user.is_active: | |
return False | |
return perm in self.get_all_permissions(user, obj) | |
def has_module_perms(self, user, app_label): | |
"""Returns True if user has any permissions in the given app_label. | |
Currently this matches for the app_label ``"openstack"``. | |
""" | |
if not user.is_active: | |
return False | |
for perm in self.get_all_permissions(user): | |
if perm[:perm.index('.')] == app_label: | |
return True | |
return False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
controller# openstack endpoint list | grep identity | |
| 148c391ebba34d38bce956caf5c98e72 | RegionOne | keystone | identity | True | public | http://10.0.81.10:5000 | | |
| 5f7385d68fb54a809eab3673c8a54474 | RegionOne | keystone | identity | True | admin | http://10.0.81.10:35357 | | |
| 77324811f0544c79ac8bab83ee154a94 | RegionOne | keystone | identity | True | internal | http://10.0.81.10:5000 | | |
controller# openstack endpoint list | grep identity | |
| 148c391ebba34d38bce956caf5c98e72 | RegionOne | keystone | identity | True | public | http://10.0.81.10:5000 | | |
| 5f7385d68fb54a809eab3673c8a54474 | RegionOne | keystone | identity | True | admin | http://10.0.81.10:35357 | | |
| 77324811f0544c79ac8bab83ee154a94 | RegionOne | keystone | identity | True | internal | http://10.0.81.10:5000 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
from django.utils.translation import ugettext_lazy as _ | |
from openstack_dashboard import exceptions | |
DEBUG = False | |
TEMPLATE_DEBUG = DEBUG | |
# WEBROOT is the location relative to Webserver root | |
# should end with a slash. | |
WEBROOT = '/horizon/' | |
# Required for Django 1.5. | |
# If horizon is running in production (DEBUG is False), set this | |
# with the list of host/domain names that the application can serve. | |
# For more information see: | |
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts | |
#ALLOWED_HOSTS = ['horizon.example.com', ] | |
ALLOWED_HOSTS = ['controller.local', '10.0.81.10', ] | |
# Set SSL proxy settings: | |
# For Django 1.4+ pass this header from the proxy after terminating the SSL, | |
# and don't forget to strip it from the client's request. | |
# For more information see: | |
# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header | |
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') | |
# If Horizon is being served through SSL, then uncomment the following two | |
# settings to better secure the cookies from security exploits | |
#CSRF_COOKIE_SECURE = True | |
#SESSION_COOKIE_SECURE = True | |
# Overrides for OpenStack API versions. Use this setting to force the | |
# OpenStack dashboard to use a specfic API version for a given service API. | |
# NOTE: The version should be formatted as it appears in the URL for the | |
# service API. For example, The identity service APIs have inconsistent | |
# use of the decimal point, so valid options would be "2.0" or "3". | |
OPENSTACK_API_VERSIONS = { | |
"identity": 2.0 | |
} | |
# Set this to True if running on multi-domain model. When this is enabled, it | |
# will require user to enter the Domain name in addition to username for login. | |
#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False | |
# Overrides the default domain used when running on single-domain model | |
# with Keystone V3. All entities will be created in the default domain. | |
# OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' | |
# Set Console type: | |
# valid options would be "AUTO", "VNC" or "SPICE" | |
# CONSOLE_TYPE = "AUTO" | |
# Default OpenStack Dashboard configuration. | |
HORIZON_CONFIG = { | |
'dashboards': ('project', 'admin', 'settings',), | |
'default_dashboard': 'project', | |
'user_home': 'openstack_dashboard.views.get_user_home', | |
'ajax_queue_limit': 10, | |
'auto_fade_alerts': { | |
'delay': 3000, | |
'fade_duration': 1500, | |
'types': ['alert-success', 'alert-info'] | |
}, | |
'help_url': "http://docs.openstack.org", | |
'exceptions': {'recoverable': exceptions.RECOVERABLE, | |
'not_found': exceptions.NOT_FOUND, | |
'unauthorized': exceptions.UNAUTHORIZED}, | |
} | |
# Specify a regular expression to validate user passwords. | |
# HORIZON_CONFIG["password_validator"] = { | |
# "regex": '.*', | |
# "help_text": _("Your password does not meet the requirements.") | |
# } | |
# Disable simplified floating IP address management for deployments with | |
# multiple floating IP pools or complex network requirements. | |
# HORIZON_CONFIG["simple_ip_management"] = False | |
# Turn off browser autocompletion for the login form if so desired. | |
# HORIZON_CONFIG["password_autocomplete"] = "off" | |
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) | |
# Set custom secret key: | |
# You can either set it to a specific value or you can let horizion generate a | |
# default secret key that is unique on this machine, e.i. regardless of the | |
# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there | |
# may be situations where you would want to set this explicitly, e.g. when | |
# multiple dashboard instances are distributed on different machines (usually | |
# behind a load-balancer). Either you have to make sure that a session gets all | |
# requests routed to the same dashboard instance or you set the same SECRET_KEY | |
# for all of them. | |
# from horizon.utils import secret_key | |
# SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, '.secret_key_store')) | |
SECRET_KEY = '<SECRET_REDACTED>' | |
# We recommend you use memcached for development; otherwise after every reload | |
# of the django development server, you will have to login again. To use | |
# memcached set CACHES to something like | |
# CACHES = { | |
# 'default': { | |
# 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache', | |
# 'LOCATION' : '127.0.0.1:11211', | |
# } | |
#} | |
CACHES = { | |
'default': { | |
# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache' | |
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', | |
'LOCATION': [ 'controller.local:11211', ], | |
} | |
} | |
# Send email to the console by default | |
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' | |
# Or send them to /dev/null | |
#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' | |
# Configure these for your outgoing email host | |
# EMAIL_HOST = 'smtp.my-company.com' | |
# EMAIL_PORT = 25 | |
# EMAIL_HOST_USER = 'djangomail' | |
# EMAIL_HOST_PASSWORD = 'top-secret!' | |
# For multiple regions uncomment this configuration, and add (endpoint, title). | |
OPENSTACK_KEYSTONE_URL = "http://10.0.80.11:5000/v2.0" | |
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" | |
# Disable SSL certificate checks (useful for self-signed certificates): | |
# OPENSTACK_SSL_NO_VERIFY = True | |
# The CA certificate to use to verify SSL connections | |
# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' | |
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the | |
# capabilities of the auth backend for Keystone. | |
# If Keystone has been configured to use LDAP as the auth backend then set | |
# can_edit_user to False and name to 'ldap'. | |
# | |
# TODO(tres): Remove these once Keystone has an API to identify auth backend. | |
OPENSTACK_KEYSTONE_BACKEND = { | |
'name': 'native', | |
'can_edit_user': True, | |
'can_edit_group': True, | |
'can_edit_project': True, | |
'can_edit_domain': True, | |
'can_edit_role': True | |
} | |
# The OPENSTACK_HYPERVISOR_FEATURES settings can be used to enable optional | |
# services provided by hypervisors. | |
OPENSTACK_HYPERVISOR_FEATURES = { | |
'can_set_mount_point': True, | |
'can_set_password': False, | |
} | |
# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional | |
# # services provided by cinder that is not exposed by its extension API. | |
OPENSTACK_CINDER_FEATURES = { | |
'enable_backup': False, | |
} | |
# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional | |
# services provided by neutron. Options currenly available are load | |
# balancer service, security groups, quotas, VPN service. | |
OPENSTACK_NEUTRON_NETWORK = { | |
'enable_lb': False, | |
'enable_firewall': False, | |
'enable_quotas': True, | |
'enable_security_group': True, | |
'enable_vpn': False, | |
'enable_distributed_router': False, | |
'enable_ha_router': False, | |
# The profile_support option is used to detect if an externa lrouter can be | |
# configured via the dashboard. When using specific plugins the | |
# profile_support can be turned on if needed. | |
#'profile_support': 'cisco', | |
} | |
# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features | |
# in the OpenStack Dashboard related to the Image service, such as the list | |
# of supported image formats. | |
# OPENSTACK_IMAGE_BACKEND = { | |
# 'image_formats': [ | |
# ('', ''), | |
# ('aki', _('AKI - Amazon Kernel Image')), | |
# ('ami', _('AMI - Amazon Machine Image')), | |
# ('ari', _('ARI - Amazon Ramdisk Image')), | |
# ('iso', _('ISO - Optical Disk Image')), | |
# ('qcow2', _('QCOW2 - QEMU Emulator')), | |
# ('raw', _('Raw')), | |
# ('vdi', _('VDI')), | |
# ('vhd', _('VHD')), | |
# ('vmdk', _('VMDK')) | |
# ] | |
# } | |
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints | |
# in the Keystone service catalog. Use this setting when Horizon is running | |
# external to the OpenStack environment. The default is 'publicURL'. | |
#OPENSTACK_ENDPOINT_TYPE = "publicURL" | |
# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the | |
# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints | |
# in the Keystone service catalog. Use this setting when Horizon is running | |
# external to the OpenStack environment. The default is None. This | |
# value should differ from OPENSTACK_ENDPOINT_TYPE if used. | |
#SECONDARY_ENDPOINT_TYPE = "publicURL" | |
# The number of objects (Swift containers/objects or images) to display | |
# on a single page before providing a paging element (a "more" link) | |
# to paginate results. | |
API_RESULT_LIMIT = 1000 | |
API_RESULT_PAGE_SIZE = 20 | |
# The timezone of the server. This should correspond with the timezone | |
# of your entire OpenStack installation, and hopefully be in UTC. | |
TIME_ZONE = "UTC" | |
# If you have external monitoring links, eg: | |
# When launching an instance, the menu of available flavors is | |
# sorted by RAM usage, ascending. Provide a callback method here | |
# (and/or a flag for reverse sort) for the sorted() method if you'd | |
# like a different behaviour. For more info, see | |
# http://docs.python.org/2/library/functions.html#sorted | |
# CREATE_INSTANCE_FLAVOR_SORT = { | |
# 'key': my_awesome_callback_method, | |
# 'reverse': False, | |
# } | |
# The Horizon Policy Enforcement engine uses these values to load per service | |
# policy rule files. The content of these files should match the files the | |
# OpenStack services are using to determine role based access control in the | |
# target installation. | |
# Path to directory containing policy.json files | |
#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf") | |
# Map of local copy of service policy files | |
#POLICY_FILES = { | |
# 'identity': 'keystone_policy.json', | |
# 'compute': 'nova_policy.json' | |
#} | |
# Trove user and database extension support. By default support for | |
# creating users and databases on database instances is turned on. | |
# To disable these extensions set the permission here to something | |
# unusable such as ["!"]. | |
# TROVE_ADD_USER_PERMS = [] | |
# TROVE_ADD_DATABASE_PERMS = [] | |
LOGGING = { | |
'version': 1, | |
# When set to True this will disable all logging except | |
# for loggers specified in this configuration dictionary. Note that | |
# if nothing is specified here and disable_existing_loggers is True, | |
# django.db.backends will still log unless it is disabled explicitly. | |
'disable_existing_loggers': False, | |
'formatters': { | |
'verbose': { | |
'format': '%(asctime)s %(process)d %(levelname)s %(name)s ' | |
'%(message)s' | |
}, | |
'normal': { | |
'format': 'dashboard-%(name)s: %(levelname)s %(message)s' | |
}, | |
}, | |
'handlers': { | |
'null': { | |
'level': 'DEBUG', | |
'class': 'django.utils.log.NullHandler', | |
}, | |
'console': { | |
# Set the level to "DEBUG" for verbose output logging. | |
'level': 'INFO', | |
'class': 'logging.StreamHandler', | |
}, | |
'file': { | |
'level': 'INFO', | |
'class': 'logging.FileHandler', | |
'filename': '/var/log/horizon/horizon.log', | |
'formatter': 'verbose', | |
}, | |
'syslog': { | |
'level': 'INFO', | |
'facility': 'local1', | |
'class': 'logging.handlers.SysLogHandler', | |
'address': '/dev/log', | |
'formatter': 'normal', | |
} | |
}, | |
'loggers': { | |
# Logging from django.db.backends is VERY verbose, send to null | |
# by default. | |
'django.db.backends': { | |
'handlers': ['null'], | |
'propagate': False, | |
}, | |
'requests': { | |
'handlers': ['null'], | |
'propagate': False, | |
}, | |
'horizon': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'openstack_dashboard': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'novaclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'cinderclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'keystoneclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'glanceclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'neutronclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'heatclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'ceilometerclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'troveclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'swiftclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'openstack_auth': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'nose.plugins.manager': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'django': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
} | |
} | |
SECURITY_GROUP_RULES = { | |
'all_tcp': { | |
'name': 'ALL TCP', | |
'ip_protocol': 'tcp', | |
'from_port': '1', | |
'to_port': '65535', | |
}, | |
'all_udp': { | |
'name': 'ALL UDP', | |
'ip_protocol': 'udp', | |
'from_port': '1', | |
'to_port': '65535', | |
}, | |
'all_icmp': { | |
'name': 'ALL ICMP', | |
'ip_protocol': 'icmp', | |
'from_port': '-1', | |
'to_port': '-1', | |
}, | |
'ssh': { | |
'name': 'SSH', | |
'ip_protocol': 'tcp', | |
'from_port': '22', | |
'to_port': '22', | |
}, | |
'smtp': { | |
'name': 'SMTP', | |
'ip_protocol': 'tcp', | |
'from_port': '25', | |
'to_port': '25', | |
}, | |
'dns': { | |
'name': 'DNS', | |
'ip_protocol': 'tcp', | |
'from_port': '53', | |
'to_port': '53', | |
}, | |
'http': { | |
'name': 'HTTP', | |
'ip_protocol': 'tcp', | |
'from_port': '80', | |
'to_port': '80', | |
}, | |
'pop3': { | |
'name': 'POP3', | |
'ip_protocol': 'tcp', | |
'from_port': '110', | |
'to_port': '110', | |
}, | |
'imap': { | |
'name': 'IMAP', | |
'ip_protocol': 'tcp', | |
'from_port': '143', | |
'to_port': '143', | |
}, | |
'ldap': { | |
'name': 'LDAP', | |
'ip_protocol': 'tcp', | |
'from_port': '389', | |
'to_port': '389', | |
}, | |
'https': { | |
'name': 'HTTPS', | |
'ip_protocol': 'tcp', | |
'from_port': '443', | |
'to_port': '443', | |
}, | |
'smtps': { | |
'name': 'SMTPS', | |
'ip_protocol': 'tcp', | |
'from_port': '465', | |
'to_port': '465', | |
}, | |
'imaps': { | |
'name': 'IMAPS', | |
'ip_protocol': 'tcp', | |
'from_port': '993', | |
'to_port': '993', | |
}, | |
'pop3s': { | |
'name': 'POP3S', | |
'ip_protocol': 'tcp', | |
'from_port': '995', | |
'to_port': '995', | |
}, | |
'ms_sql': { | |
'name': 'MS SQL', | |
'ip_protocol': 'tcp', | |
'from_port': '1433', | |
'to_port': '1433', | |
}, | |
'mysql': { | |
'name': 'MYSQL', | |
'ip_protocol': 'tcp', | |
'from_port': '3306', | |
'to_port': '3306', | |
}, | |
'rdp': { | |
'name': 'RDP', | |
'ip_protocol': 'tcp', | |
'from_port': '3389', | |
'to_port': '3389', | |
}, | |
} | |
LOGIN_URL = '/horizon/auth/login/' | |
LOGOUT_URL = '/horizon/auth/logout/' | |
LOGIN_REDIRECT_URL = '/horizon' | |
# The Ubuntu package includes pre-compressed JS and compiled CSS to allow | |
# offline compression by default. To enable online compression, install | |
# the python-lesscpy package and disable the following option. | |
COMPRESS_OFFLINE = True | |
# For Glance image upload, Horizon uses the file upload support from Django | |
# so we add this option to change the directory where uploaded files are temporarily | |
# stored until they are loaded into Glance. | |
FILE_UPLOAD_TEMP_DIR = '/tmp' | |
# Cookies are not persisted for now - they get cleared after the timeout or on browser restart | |
SESSION_TIMEOUT = 86400 | |
import os | |
from django.utils.translation import ugettext_lazy as _ | |
from openstack_dashboard import exceptions | |
DEBUG = False | |
TEMPLATE_DEBUG = DEBUG | |
# WEBROOT is the location relative to Webserver root | |
# should end with a slash. | |
WEBROOT = '/horizon/' | |
# Required for Django 1.5. | |
# If horizon is running in production (DEBUG is False), set this | |
# with the list of host/domain names that the application can serve. | |
# For more information see: | |
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts | |
#ALLOWED_HOSTS = ['horizon.example.com', ] | |
ALLOWED_HOSTS = ['controller.local', '10.0.81.10', ] | |
# Set SSL proxy settings: | |
# For Django 1.4+ pass this header from the proxy after terminating the SSL, | |
# and don't forget to strip it from the client's request. | |
# For more information see: | |
# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header | |
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') | |
# If Horizon is being served through SSL, then uncomment the following two | |
# settings to better secure the cookies from security exploits | |
#CSRF_COOKIE_SECURE = True | |
#SESSION_COOKIE_SECURE = True | |
# Overrides for OpenStack API versions. Use this setting to force the | |
# OpenStack dashboard to use a specfic API version for a given service API. | |
# NOTE: The version should be formatted as it appears in the URL for the | |
# service API. For example, The identity service APIs have inconsistent | |
# use of the decimal point, so valid options would be "2.0" or "3". | |
OPENSTACK_API_VERSIONS = { | |
"identity": 2.0 | |
} | |
# Set this to True if running on multi-domain model. When this is enabled, it | |
# will require user to enter the Domain name in addition to username for login. | |
#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False | |
# Overrides the default domain used when running on single-domain model | |
# with Keystone V3. All entities will be created in the default domain. | |
# OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' | |
# Set Console type: | |
# valid options would be "AUTO", "VNC" or "SPICE" | |
# CONSOLE_TYPE = "AUTO" | |
# Default OpenStack Dashboard configuration. | |
HORIZON_CONFIG = { | |
'dashboards': ('project', 'admin', 'settings',), | |
'default_dashboard': 'project', | |
'user_home': 'openstack_dashboard.views.get_user_home', | |
'ajax_queue_limit': 10, | |
'auto_fade_alerts': { | |
'delay': 3000, | |
'fade_duration': 1500, | |
'types': ['alert-success', 'alert-info'] | |
}, | |
'help_url': "http://docs.openstack.org", | |
'exceptions': {'recoverable': exceptions.RECOVERABLE, | |
'not_found': exceptions.NOT_FOUND, | |
'unauthorized': exceptions.UNAUTHORIZED}, | |
} | |
# Specify a regular expression to validate user passwords. | |
# HORIZON_CONFIG["password_validator"] = { | |
# "regex": '.*', | |
# "help_text": _("Your password does not meet the requirements.") | |
# } | |
# Disable simplified floating IP address management for deployments with | |
# multiple floating IP pools or complex network requirements. | |
# HORIZON_CONFIG["simple_ip_management"] = False | |
# Turn off browser autocompletion for the login form if so desired. | |
# HORIZON_CONFIG["password_autocomplete"] = "off" | |
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) | |
# Set custom secret key: | |
# You can either set it to a specific value or you can let horizion generate a | |
# default secret key that is unique on this machine, e.i. regardless of the | |
# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there | |
# may be situations where you would want to set this explicitly, e.g. when | |
# multiple dashboard instances are distributed on different machines (usually | |
# behind a load-balancer). Either you have to make sure that a session gets all | |
# requests routed to the same dashboard instance or you set the same SECRET_KEY | |
# for all of them. | |
# from horizon.utils import secret_key | |
# SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, '.secret_key_store')) | |
SECRET_KEY = '<SECRET_REDACTED>' | |
# We recommend you use memcached for development; otherwise after every reload | |
# of the django development server, you will have to login again. To use | |
# memcached set CACHES to something like | |
# CACHES = { | |
# 'default': { | |
# 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache', | |
# 'LOCATION' : '127.0.0.1:11211', | |
# } | |
#} | |
CACHES = { | |
'default': { | |
# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache' | |
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', | |
'LOCATION': [ 'controller.local:11211', ], | |
} | |
} | |
# Send email to the console by default | |
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' | |
# Or send them to /dev/null | |
#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' | |
# Configure these for your outgoing email host | |
# EMAIL_HOST = 'smtp.my-company.com' | |
# EMAIL_PORT = 25 | |
# EMAIL_HOST_USER = 'djangomail' | |
# EMAIL_HOST_PASSWORD = 'top-secret!' | |
# For multiple regions uncomment this configuration, and add (endpoint, title). | |
OPENSTACK_KEYSTONE_URL = "http://10.0.80.11:5000/v2.0" | |
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" | |
# Disable SSL certificate checks (useful for self-signed certificates): | |
# OPENSTACK_SSL_NO_VERIFY = True | |
# The CA certificate to use to verify SSL connections | |
# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' | |
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the | |
# capabilities of the auth backend for Keystone. | |
# If Keystone has been configured to use LDAP as the auth backend then set | |
# can_edit_user to False and name to 'ldap'. | |
# | |
# TODO(tres): Remove these once Keystone has an API to identify auth backend. | |
OPENSTACK_KEYSTONE_BACKEND = { | |
'name': 'native', | |
'can_edit_user': True, | |
'can_edit_group': True, | |
'can_edit_project': True, | |
'can_edit_domain': True, | |
'can_edit_role': True | |
} | |
# The OPENSTACK_HYPERVISOR_FEATURES settings can be used to enable optional | |
# services provided by hypervisors. | |
OPENSTACK_HYPERVISOR_FEATURES = { | |
'can_set_mount_point': True, | |
'can_set_password': False, | |
} | |
# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional | |
# # services provided by cinder that is not exposed by its extension API. | |
OPENSTACK_CINDER_FEATURES = { | |
'enable_backup': False, | |
} | |
# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional | |
# services provided by neutron. Options currenly available are load | |
# balancer service, security groups, quotas, VPN service. | |
OPENSTACK_NEUTRON_NETWORK = { | |
'enable_lb': False, | |
'enable_firewall': False, | |
'enable_quotas': True, | |
'enable_security_group': True, | |
'enable_vpn': False, | |
'enable_distributed_router': False, | |
'enable_ha_router': False, | |
# The profile_support option is used to detect if an externa lrouter can be | |
# configured via the dashboard. When using specific plugins the | |
# profile_support can be turned on if needed. | |
#'profile_support': 'cisco', | |
} | |
# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features | |
# in the OpenStack Dashboard related to the Image service, such as the list | |
# of supported image formats. | |
# OPENSTACK_IMAGE_BACKEND = { | |
# 'image_formats': [ | |
# ('', ''), | |
# ('aki', _('AKI - Amazon Kernel Image')), | |
# ('ami', _('AMI - Amazon Machine Image')), | |
# ('ari', _('ARI - Amazon Ramdisk Image')), | |
# ('iso', _('ISO - Optical Disk Image')), | |
# ('qcow2', _('QCOW2 - QEMU Emulator')), | |
# ('raw', _('Raw')), | |
# ('vdi', _('VDI')), | |
# ('vhd', _('VHD')), | |
# ('vmdk', _('VMDK')) | |
# ] | |
# } | |
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints | |
# in the Keystone service catalog. Use this setting when Horizon is running | |
# external to the OpenStack environment. The default is 'publicURL'. | |
#OPENSTACK_ENDPOINT_TYPE = "publicURL" | |
# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the | |
# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints | |
# in the Keystone service catalog. Use this setting when Horizon is running | |
# external to the OpenStack environment. The default is None. This | |
# value should differ from OPENSTACK_ENDPOINT_TYPE if used. | |
#SECONDARY_ENDPOINT_TYPE = "publicURL" | |
# The number of objects (Swift containers/objects or images) to display | |
# on a single page before providing a paging element (a "more" link) | |
# to paginate results. | |
API_RESULT_LIMIT = 1000 | |
API_RESULT_PAGE_SIZE = 20 | |
# The timezone of the server. This should correspond with the timezone | |
# of your entire OpenStack installation, and hopefully be in UTC. | |
TIME_ZONE = "UTC" | |
# If you have external monitoring links, eg: | |
# When launching an instance, the menu of available flavors is | |
# sorted by RAM usage, ascending. Provide a callback method here | |
# (and/or a flag for reverse sort) for the sorted() method if you'd | |
# like a different behaviour. For more info, see | |
# http://docs.python.org/2/library/functions.html#sorted | |
# CREATE_INSTANCE_FLAVOR_SORT = { | |
# 'key': my_awesome_callback_method, | |
# 'reverse': False, | |
# } | |
# The Horizon Policy Enforcement engine uses these values to load per service | |
# policy rule files. The content of these files should match the files the | |
# OpenStack services are using to determine role based access control in the | |
# target installation. | |
# Path to directory containing policy.json files | |
#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf") | |
# Map of local copy of service policy files | |
#POLICY_FILES = { | |
# 'identity': 'keystone_policy.json', | |
# 'compute': 'nova_policy.json' | |
#} | |
# Trove user and database extension support. By default support for | |
# creating users and databases on database instances is turned on. | |
# To disable these extensions set the permission here to something | |
# unusable such as ["!"]. | |
# TROVE_ADD_USER_PERMS = [] | |
# TROVE_ADD_DATABASE_PERMS = [] | |
LOGGING = { | |
'version': 1, | |
# When set to True this will disable all logging except | |
# for loggers specified in this configuration dictionary. Note that | |
# if nothing is specified here and disable_existing_loggers is True, | |
# django.db.backends will still log unless it is disabled explicitly. | |
'disable_existing_loggers': False, | |
'formatters': { | |
'verbose': { | |
'format': '%(asctime)s %(process)d %(levelname)s %(name)s ' | |
'%(message)s' | |
}, | |
'normal': { | |
'format': 'dashboard-%(name)s: %(levelname)s %(message)s' | |
}, | |
}, | |
'handlers': { | |
'null': { | |
'level': 'DEBUG', | |
'class': 'django.utils.log.NullHandler', | |
}, | |
'console': { | |
# Set the level to "DEBUG" for verbose output logging. | |
'level': 'INFO', | |
'class': 'logging.StreamHandler', | |
}, | |
'file': { | |
'level': 'INFO', | |
'class': 'logging.FileHandler', | |
'filename': '/var/log/horizon/horizon.log', | |
'formatter': 'verbose', | |
}, | |
'syslog': { | |
'level': 'INFO', | |
'facility': 'local1', | |
'class': 'logging.handlers.SysLogHandler', | |
'address': '/dev/log', | |
'formatter': 'normal', | |
} | |
}, | |
'loggers': { | |
# Logging from django.db.backends is VERY verbose, send to null | |
# by default. | |
'django.db.backends': { | |
'handlers': ['null'], | |
'propagate': False, | |
}, | |
'requests': { | |
'handlers': ['null'], | |
'propagate': False, | |
}, | |
'horizon': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'openstack_dashboard': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'novaclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'cinderclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'keystoneclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'glanceclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'neutronclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'heatclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'ceilometerclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'troveclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'swiftclient': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'openstack_auth': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'nose.plugins.manager': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
'django': { | |
# 'handlers': ['console'], | |
'handlers': ['file'], | |
# 'level': 'DEBUG', | |
'level': 'INFO', | |
'propagate': False, | |
}, | |
} | |
} | |
SECURITY_GROUP_RULES = { | |
'all_tcp': { | |
'name': 'ALL TCP', | |
'ip_protocol': 'tcp', | |
'from_port': '1', | |
'to_port': '65535', | |
}, | |
'all_udp': { | |
'name': 'ALL UDP', | |
'ip_protocol': 'udp', | |
'from_port': '1', | |
'to_port': '65535', | |
}, | |
'all_icmp': { | |
'name': 'ALL ICMP', | |
'ip_protocol': 'icmp', | |
'from_port': '-1', | |
'to_port': '-1', | |
}, | |
'ssh': { | |
'name': 'SSH', | |
'ip_protocol': 'tcp', | |
'from_port': '22', | |
'to_port': '22', | |
}, | |
'smtp': { | |
'name': 'SMTP', | |
'ip_protocol': 'tcp', | |
'from_port': '25', | |
'to_port': '25', | |
}, | |
'dns': { | |
'name': 'DNS', | |
'ip_protocol': 'tcp', | |
'from_port': '53', | |
'to_port': '53', | |
}, | |
'http': { | |
'name': 'HTTP', | |
'ip_protocol': 'tcp', | |
'from_port': '80', | |
'to_port': '80', | |
}, | |
'pop3': { | |
'name': 'POP3', | |
'ip_protocol': 'tcp', | |
'from_port': '110', | |
'to_port': '110', | |
}, | |
'imap': { | |
'name': 'IMAP', | |
'ip_protocol': 'tcp', | |
'from_port': '143', | |
'to_port': '143', | |
}, | |
'ldap': { | |
'name': 'LDAP', | |
'ip_protocol': 'tcp', | |
'from_port': '389', | |
'to_port': '389', | |
}, | |
'https': { | |
'name': 'HTTPS', | |
'ip_protocol': 'tcp', | |
'from_port': '443', | |
'to_port': '443', | |
}, | |
'smtps': { | |
'name': 'SMTPS', | |
'ip_protocol': 'tcp', | |
'from_port': '465', | |
'to_port': '465', | |
}, | |
'imaps': { | |
'name': 'IMAPS', | |
'ip_protocol': 'tcp', | |
'from_port': '993', | |
'to_port': '993', | |
}, | |
'pop3s': { | |
'name': 'POP3S', | |
'ip_protocol': 'tcp', | |
'from_port': '995', | |
'to_port': '995', | |
}, | |
'ms_sql': { | |
'name': 'MS SQL', | |
'ip_protocol': 'tcp', | |
'from_port': '1433', | |
'to_port': '1433', | |
}, | |
'mysql': { | |
'name': 'MYSQL', | |
'ip_protocol': 'tcp', | |
'from_port': '3306', | |
'to_port': '3306', | |
}, | |
'rdp': { | |
'name': 'RDP', | |
'ip_protocol': 'tcp', | |
'from_port': '3389', | |
'to_port': '3389', | |
}, | |
} | |
LOGIN_URL = '/horizon/auth/login/' | |
LOGOUT_URL = '/horizon/auth/logout/' | |
LOGIN_REDIRECT_URL = '/horizon' | |
# The Ubuntu package includes pre-compressed JS and compiled CSS to allow | |
# offline compression by default. To enable online compression, install | |
# the python-lesscpy package and disable the following option. | |
COMPRESS_OFFLINE = True | |
# For Glance image upload, Horizon uses the file upload support from Django | |
# so we add this option to change the directory where uploaded files are temporarily | |
# stored until they are loaded into Glance. | |
FILE_UPLOAD_TEMP_DIR = '/tmp' | |
# Cookies are not persisted for now - they get cleared after the timeout or on browser restart | |
SESSION_TIMEOUT = 86400 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2015-10-20 13:33:24,271 8084 ERROR openstack_auth.user Unable to retrieve project list. | |
Traceback (most recent call last): | |
File "/usr/lib/python2.7/dist-packages/openstack_auth/user.py", line 281, in authorized_tenants | |
debug=settings.DEBUG) | |
File "/usr/lib/python2.7/dist-packages/openstack_auth/utils.py", line 139, in wrapper | |
result = func(*args, **kwargs) | |
File "/usr/lib/python2.7/dist-packages/openstack_auth/utils.py", line 193, in get_project_list | |
client = get_keystone_client().Client(*args, **kwargs) | |
File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py", line 152, in __init__ | |
self.authenticate() | |
File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 318, in inner | |
return func(*args, **kwargs) | |
File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 503, in authenticate | |
resp = self.get_raw_token_from_identity_service(**kwargs) | |
File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py", line 200, in get_raw_token_from_identity_service | |
_("Authorization Failed: %s %s") % (e, auth_url)) | |
AuthorizationFailure: Authorization Failed: The resource could not be found. (HTTP 404) http://10.0.81.10:5000 | |
2015-10-20 13:33:24,271 8084 ERROR openstack_auth.user Unable to retrieve project list. | |
Traceback (most recent call last): | |
File "/usr/lib/python2.7/dist-packages/openstack_auth/user.py", line 281, in authorized_tenants | |
debug=settings.DEBUG) | |
File "/usr/lib/python2.7/dist-packages/openstack_auth/utils.py", line 139, in wrapper | |
result = func(*args, **kwargs) | |
File "/usr/lib/python2.7/dist-packages/openstack_auth/utils.py", line 193, in get_project_list | |
client = get_keystone_client().Client(*args, **kwargs) | |
File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py", line 152, in __init__ | |
self.authenticate() | |
File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 318, in inner | |
return func(*args, **kwargs) | |
File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 503, in authenticate | |
resp = self.get_raw_token_from_identity_service(**kwargs) | |
File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py", line 200, in get_raw_token_from_identity_service | |
_("Authorization Failed: %s %s") % (e, auth_url)) | |
AuthorizationFailure: Authorization Failed: The resource could not be found. (HTTP 404) http://10.0.81.10:5000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment