github.com/jiasir/deis@v1.12.2/controller/deis/settings.py (about) 1 """ 2 Django settings for the Deis project. 3 """ 4 5 from __future__ import unicode_literals 6 import os.path 7 import random 8 import semantic_version as semver 9 import string 10 import sys 11 import tempfile 12 import ldap 13 14 from django_auth_ldap.config import LDAPSearch, GroupOfNamesType 15 16 17 PROJECT_ROOT = os.path.normpath(os.path.join(os.path.dirname(__file__), '..')) 18 19 DEBUG = False 20 TEMPLATE_DEBUG = DEBUG 21 22 ADMINS = ( 23 # ('Your Name', 'your_email@example.com'), 24 ) 25 26 MANAGERS = ADMINS 27 28 CONN_MAX_AGE = 60 * 3 29 30 # SECURITY: change this to allowed fqdn's to prevent host poisioning attacks 31 # https://docs.djangoproject.com/en/1.6/ref/settings/#allowed-hosts 32 ALLOWED_HOSTS = ['*'] 33 34 # Local time zone for this installation. Choices can be found here: 35 # http://en.wikipedia.org/wiki/List_of_tz_zones_by_name 36 # although not all choices may be available on all operating systems. 37 # In a Windows environment this must be set to your system time zone. 38 TIME_ZONE = 'UTC' 39 40 # Language code for this installation. All choices can be found here: 41 # http://www.i18nguy.com/unicode/language-identifiers.html 42 LANGUAGE_CODE = 'en-us' 43 44 SITE_ID = 1 45 46 # If you set this to False, Django will make some optimizations so as not 47 # to load the internationalization machinery. 48 USE_I18N = True 49 50 # If you set this to False, Django will not format dates, numbers and 51 # calendars according to the current locale. 52 USE_L10N = True 53 54 # If you set this to False, Django will not use timezone-aware datetimes. 55 USE_TZ = True 56 57 # Absolute filesystem path to the directory that will hold user-uploaded files. 58 # Example: "/var/www/example.com/media/" 59 MEDIA_ROOT = '' 60 61 # URL that handles the media served from MEDIA_ROOT. Make sure to use a 62 # trailing slash. 63 # Examples: "http://example.com/media/", "http://media.example.com/" 64 MEDIA_URL = '' 65 66 # Absolute path to the directory static files should be collected to. 67 # Don't put anything in this directory yourself; store your static files 68 # in apps' "static/" subdirectories and in STATICFILES_DIRS. 69 # Example: "/var/www/example.com/static/" 70 STATIC_ROOT = os.path.abspath(os.path.join(__file__, '..', '..', 'static')) 71 72 # URL prefix for static files. 73 # Example: "http://example.com/static/", "http://static.example.com/" 74 STATIC_URL = '/static/' 75 76 # Additional locations of static files 77 STATICFILES_DIRS = ( 78 # Put strings here, like "/home/html/static" or "C:/www/django/static". 79 # Always use forward slashes, even on Windows. 80 # Don't forget to use absolute paths, not relative paths. 81 ) 82 83 # List of finder classes that know how to find static files in 84 # various locations. 85 STATICFILES_FINDERS = ( 86 'django.contrib.staticfiles.finders.FileSystemFinder', 87 'django.contrib.staticfiles.finders.AppDirectoriesFinder', 88 ) 89 90 # Make this unique, and don't share it with anybody. 91 SECRET_KEY = None # @UnusedVariable 92 93 # List of callables that know how to import templates from various sources. 94 TEMPLATE_LOADERS = ( 95 'django.template.loaders.filesystem.Loader', 96 'django.template.loaders.app_directories.Loader', 97 ) 98 99 TEMPLATE_CONTEXT_PROCESSORS = ( 100 "django.contrib.auth.context_processors.auth", 101 "django.core.context_processors.debug", 102 "django.core.context_processors.i18n", 103 "django.core.context_processors.media", 104 "django.core.context_processors.request", 105 "django.core.context_processors.static", 106 "django.core.context_processors.tz", 107 "django.contrib.messages.context_processors.messages", 108 "deis.context_processors.site", 109 ) 110 111 MIDDLEWARE_CLASSES = ( 112 'corsheaders.middleware.CorsMiddleware', 113 'django.middleware.common.CommonMiddleware', 114 'django.contrib.sessions.middleware.SessionMiddleware', 115 'django.contrib.auth.middleware.AuthenticationMiddleware', 116 'django.contrib.messages.middleware.MessageMiddleware', 117 'api.middleware.APIVersionMiddleware', 118 'deis.middleware.PlatformVersionMiddleware', 119 # Uncomment the next line for simple clickjacking protection: 120 # 'django.middleware.clickjacking.XFrameOptionsMiddleware', 121 ) 122 123 ROOT_URLCONF = 'deis.urls' 124 125 # Python dotted path to the WSGI application used by Django's runserver. 126 WSGI_APPLICATION = 'deis.wsgi.application' 127 128 TEMPLATE_DIRS = ( 129 # Put strings here, like "/home/html/django_templates" 130 # or "C:/www/django/templates". 131 # Always use forward slashes, even on Windows. 132 # Don't forget to use absolute paths, not relative paths. 133 PROJECT_ROOT + '/web/templates', 134 ) 135 136 INSTALLED_APPS = ( 137 'django.contrib.admin', 138 'django.contrib.auth', 139 'django.contrib.contenttypes', 140 'django.contrib.humanize', 141 'django.contrib.messages', 142 'django.contrib.sessions', 143 'django.contrib.sites', 144 'django.contrib.staticfiles', 145 # Third-party apps 146 'django_auth_ldap', 147 'guardian', 148 'json_field', 149 'gunicorn', 150 'rest_framework', 151 'rest_framework.authtoken', 152 'south', 153 'corsheaders', 154 # Deis apps 155 'api', 156 'registry', 157 'web', 158 ) 159 160 AUTHENTICATION_BACKENDS = ( 161 "django_auth_ldap.backend.LDAPBackend", 162 "django.contrib.auth.backends.ModelBackend", 163 "guardian.backends.ObjectPermissionBackend", 164 ) 165 166 ANONYMOUS_USER_ID = -1 167 LOGIN_URL = '/v1/auth/login/' 168 LOGIN_REDIRECT_URL = '/' 169 170 SOUTH_TESTS_MIGRATE = False 171 172 CORS_ORIGIN_ALLOW_ALL = True 173 174 CORS_ALLOW_HEADERS = ( 175 'content-type', 176 'accept', 177 'origin', 178 'Authorization', 179 'Host', 180 ) 181 182 CORS_EXPOSE_HEADERS = ( 183 'X_DEIS_API_VERSION', # DEPRECATED 184 'X_DEIS_PLATFORM_VERSION', # DEPRECATED 185 'X-Deis-Release', # DEPRECATED 186 'DEIS_API_VERSION', 187 'DEIS_PLATFORM_VERSION', 188 'Deis-Release', 189 ) 190 191 REST_FRAMEWORK = { 192 'DEFAULT_MODEL_SERIALIZER_CLASS': 193 'rest_framework.serializers.ModelSerializer', 194 'DEFAULT_PERMISSION_CLASSES': ( 195 'rest_framework.permissions.IsAuthenticated', 196 ), 197 'DEFAULT_AUTHENTICATION_CLASSES': ( 198 'rest_framework.authentication.TokenAuthentication', 199 ), 200 'DEFAULT_RENDERER_CLASSES': ( 201 'rest_framework.renderers.JSONRenderer', 202 ), 203 'PAGINATE_BY': 100, 204 'PAGINATE_BY_PARAM': 'page_size', 205 'TEST_REQUEST_DEFAULT_FORMAT': 'json', 206 } 207 208 # URLs that end with slashes are ugly 209 APPEND_SLASH = False 210 211 # Determine where to send syslog messages 212 if os.path.exists('/dev/log'): # Linux rsyslog 213 SYSLOG_ADDRESS = '/dev/log' 214 elif os.path.exists('/var/log/syslog'): # Mac OS X syslog 215 SYSLOG_ADDRESS = '/var/log/syslog' 216 else: # default SysLogHandler address 217 SYSLOG_ADDRESS = ('localhost', 514) 218 219 # A sample logging configuration. The only tangible logging 220 # performed by this configuration is to send an email to 221 # the site admins on every HTTP 500 error when DEBUG=False. 222 # See http://docs.djangoproject.com/en/dev/topics/logging for 223 # more details on how to customize your logging configuration. 224 LOGGING = { 225 'version': 1, 226 'disable_existing_loggers': False, 227 'formatters': { 228 'verbose': { 229 'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s' 230 }, 231 'simple': { 232 'format': '%(levelname)s %(message)s' 233 }, 234 }, 235 'filters': { 236 'require_debug_false': { 237 '()': 'django.utils.log.RequireDebugFalse' 238 } 239 }, 240 'handlers': { 241 'null': { 242 'level': 'DEBUG', 243 'class': 'logging.NullHandler', 244 }, 245 'console': { 246 'level': 'DEBUG', 247 'class': 'logging.StreamHandler', 248 'formatter': 'simple' 249 }, 250 'mail_admins': { 251 'level': 'ERROR', 252 'filters': ['require_debug_false'], 253 'class': 'django.utils.log.AdminEmailHandler' 254 }, 255 'rsyslog': { 256 'class': 'logging.handlers.SysLogHandler', 257 'address': SYSLOG_ADDRESS, 258 'facility': 'local0', 259 }, 260 }, 261 'loggers': { 262 'django': { 263 'handlers': ['null'], 264 'level': 'INFO', 265 'propagate': True, 266 }, 267 'django.request': { 268 'handlers': ['console', 'mail_admins'], 269 'level': 'WARNING', 270 'propagate': True, 271 }, 272 'api': { 273 'handlers': ['console', 'mail_admins', 'rsyslog'], 274 'level': 'INFO', 275 'propagate': True, 276 }, 277 'registry': { 278 'handlers': ['console', 'mail_admins', 'rsyslog'], 279 'level': 'INFO', 280 'propagate': True, 281 }, 282 } 283 } 284 TEST_RUNNER = 'api.tests.SilentDjangoTestSuiteRunner' 285 286 # etcd settings 287 ETCD_HOST, ETCD_PORT = os.environ.get('ETCD', '127.0.0.1:4001').split(',')[0].split(':') 288 289 # default deis settings 290 LOG_LINES = 1000 291 TEMPDIR = tempfile.mkdtemp(prefix='deis') 292 DEIS_DOMAIN = 'deisapp.local' 293 294 # standard datetime format used for logging, model timestamps, etc. 295 DEIS_DATETIME_FORMAT = '%Y-%m-%dT%H:%M:%S%Z' 296 297 # names which apps cannot reserve for routing 298 DEIS_RESERVED_NAMES = ['deis'] 299 300 # default scheduler settings 301 SCHEDULER_MODULE = 'scheduler.mock' 302 SCHEDULER_TARGET = '' # path to scheduler endpoint (e.g. /var/run/fleet.sock) 303 SCHEDULER_AUTH = '' 304 SCHEDULER_OPTIONS = {} 305 306 # security keys and auth tokens 307 SSH_PRIVATE_KEY = '' # used for SSH connections to facilitate "deis run" 308 SECRET_KEY = os.environ.get('DEIS_SECRET_KEY', 'CHANGEME_sapm$s%upvsw5l_zuy_&29rkywd^78ff(qi') 309 BUILDER_KEY = os.environ.get('DEIS_BUILDER_KEY', 'CHANGEME_sapm$s%upvsw5l_zuy_&29rkywd^78ff(qi') 310 311 # registry settings 312 REGISTRY_URL = 'http://localhost:5000' 313 REGISTRY_HOST = 'localhost' 314 REGISTRY_PORT = 5000 315 316 # logger settings 317 LOGGER_HOST = 'localhost' 318 LOGGER_PORT = 8088 319 320 # check if we can register users with `deis register` 321 REGISTRATION_ENABLED = True 322 323 # check if we should enable the web UI module 324 WEB_ENABLED = False 325 326 # default to sqlite3, but allow postgresql config through envvars 327 DATABASES = { 328 'default': { 329 'ENGINE': 'django.db.backends.' + os.environ.get('DATABASE_ENGINE', 'postgresql_psycopg2'), 330 'NAME': os.environ.get('DATABASE_NAME', 'deis'), 331 # randomize test database name so we can run multiple unit tests simultaneously 332 'TEST_NAME': "unittest-{}".format(''.join( 333 random.choice(string.ascii_letters + string.digits) for _ in range(8))) 334 } 335 } 336 337 APP_URL_REGEX = '[a-z0-9-]+' 338 339 # Honor HTTPS from a trusted proxy 340 # see https://docs.djangoproject.com/en/1.6/ref/settings/#secure-proxy-ssl-header 341 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') 342 343 # Unit Hostname handling. 344 # Supports: 345 # default - Docker generated hostname 346 # application - Hostname based on application unit name (i.e. my-application.v2.web.1) 347 # server - Hostname based on CoreOS server hostname 348 UNIT_HOSTNAME = 'default' 349 350 # LDAP DEFAULT SETTINGS (Overrided by confd later) 351 LDAP_ENDPOINT = "" 352 BIND_DN = "" 353 BIND_PASSWORD = "" 354 USER_BASEDN = "" 355 USER_FILTER = "" 356 GROUP_BASEDN = "" 357 GROUP_FILTER = "" 358 GROUP_TYPE = "" 359 360 # Create a file named "local_settings.py" to contain sensitive settings data 361 # such as database configuration, admin email, or passwords and keys. It 362 # should also be used for any settings which differ between development 363 # and production. 364 # The local_settings.py file should *not* be checked in to version control. 365 try: 366 from .local_settings import * # noqa 367 except ImportError: 368 pass 369 370 # have confd_settings within container execution override all others 371 # including local_settings (which may end up in the container) 372 if os.path.exists('/templates/confd_settings.py'): 373 sys.path.append('/templates') 374 from confd_settings import * # noqa 375 376 # Disable swap when mem limits are set, unless Docker is too old 377 DISABLE_SWAP = '--memory-swap=-1' 378 try: 379 version = 'unknown' 380 from registry.dockerclient import DockerClient 381 version = DockerClient().client.version().get('Version') 382 if not semver.validate(version) or semver.Version(version) < semver.Version('1.5.0'): 383 DISABLE_SWAP = '' 384 except: 385 print("Not disabling --memory-swap for Docker version {}".format(version)) 386 387 # LDAP Backend Configuration 388 # Should be always after the confd_settings import. 389 LDAP_USER_SEARCH = LDAPSearch( 390 base_dn=USER_BASEDN, 391 scope=ldap.SCOPE_SUBTREE, 392 filterstr="(%s=%%(user)s)" % USER_FILTER 393 ) 394 LDAP_GROUP_SEARCH = LDAPSearch( 395 base_dn=GROUP_BASEDN, 396 scope=ldap.SCOPE_SUBTREE, 397 filterstr="(%s=%s)" % (GROUP_FILTER, GROUP_TYPE) 398 ) 399 AUTH_LDAP_SERVER_URI = LDAP_ENDPOINT 400 AUTH_LDAP_BIND_DN = BIND_DN 401 AUTH_LDAP_BIND_PASSWORD = BIND_PASSWORD 402 AUTH_LDAP_USER_SEARCH = LDAP_USER_SEARCH 403 AUTH_LDAP_GROUP_SEARCH = LDAP_GROUP_SEARCH 404 AUTH_LDAP_GROUP_TYPE = GroupOfNamesType() 405 AUTH_LDAP_USER_ATTR_MAP = { 406 "first_name": "givenName", 407 "last_name": "sn", 408 "email": "mail", 409 "username": USER_FILTER, 410 } 411 AUTH_LDAP_GLOBAL_OPTIONS = { 412 ldap.OPT_X_TLS_REQUIRE_CERT: False, 413 ldap.OPT_REFERRALS: False 414 } 415 AUTH_LDAP_ALWAYS_UPDATE_USER = True 416 AUTH_LDAP_MIRROR_GROUPS = True 417 AUTH_LDAP_FIND_GROUP_PERMS = True 418 AUTH_LDAP_CACHE_GROUPS = False