2015-06-11 23:05:30 +03:00
# Copyright (c) 2015 Ansible, Inc.
2014-12-18 01:49:45 +03:00
# All Rights Reserved.
# Local Django settings for AWX project. Rename to "local_settings.py" and
# edit as needed for your development environment.
# All variables defined in awx/settings/development.py will already be loaded
# into the global namespace before this file is loaded, to allow for reading
# and updating the default settings as needed.
###############################################################################
# MISC PROJECT SETTINGS
###############################################################################
ADMINS = (
# ('Your Name', 'your_email@domain.com'),
)
MANAGERS = ADMINS
# Database settings to use PostgreSQL for development.
DATABASES = {
' default ' : {
' ENGINE ' : ' django.db.backends.postgresql_psycopg2 ' ,
' NAME ' : ' awx-dev ' ,
' USER ' : ' awx-dev ' ,
' PASSWORD ' : ' AWXsome1 ' ,
' HOST ' : ' localhost ' ,
' PORT ' : ' ' ,
}
}
# Use SQLite for unit tests instead of PostgreSQL. If the lines below are
# commented out, Django will create the test_awx-dev database in PostgreSQL to
# run unit tests.
if len ( sys . argv ) > = 2 and sys . argv [ 1 ] == ' test ' :
DATABASES = {
' default ' : {
' ENGINE ' : ' django.db.backends.sqlite3 ' ,
' NAME ' : os . path . join ( BASE_DIR , ' awx.sqlite3 ' ) ,
# Test database cannot be :memory: for celery/inventory tests.
' TEST_NAME ' : os . path . join ( BASE_DIR , ' awx_test.sqlite3 ' ) ,
}
}
# Celery AMQP configuration.
BROKER_URL = ' redis://localhost/ '
# Set True to enable additional logging from the job_event_callback plugin
JOB_CALLBACK_DEBUG = False
# Absolute filesystem path to the directory to host projects (with playbooks).
# This directory should NOT be web-accessible.
PROJECTS_ROOT = os . path . join ( BASE_DIR , ' projects ' )
# Absolute filesystem path to the directory for job status stdout
# This directory should not be web-accessible
JOBOUTPUT_ROOT = os . path . join ( BASE_DIR , ' job_status ' )
# The UUID of the system, for HA.
SYSTEM_UUID = ' 00000000-0000-0000-0000-000000000000 '
# Local time zone for this installation. Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
# On Unix systems, a value of None will cause Django to use the same
# timezone as the operating system.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = ' America/New_York '
# Language code for this installation. All choices can be found here:
# http://www.i18nguy.com/unicode/language-identifiers.html
LANGUAGE_CODE = ' en-us '
# SECURITY WARNING: keep the secret key used in production secret!
# Hardcoded values can leak through source control. Consider loading
# the secret key from an environment variable or a file instead.
SECRET_KEY = ' p7z7g1ql4 % 6+(6nlebb6hdk7sd^&fnjpal308 % n % +p^_e6vo1y '
# HTTP headers and meta keys to search to determine remote host name or IP. Add
# additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a
# reverse proxy.
REMOTE_HOST_HEADERS = [ ' REMOTE_ADDR ' , ' REMOTE_HOST ' ]
# Define additional environment variables to be passed to subprocess started by
# the celery task.
#AWX_TASK_ENV['FOO'] = 'BAR'
# If set, use -vvv for project updates instead of -v for more output.
# PROJECT_UPDATE_VVV=True
# Set verbosity for inventory import command when running inventory updates.
# INVENTORY_UPDATE_VERBOSITY=1
###############################################################################
# EMAIL SETTINGS
###############################################################################
# Email address that error messages come from.
SERVER_EMAIL = ' root@localhost '
# The email backend to use. For possible shortcuts see django.core.mail.
# The default is to use the SMTP backend.
# Third-party backends can be specified by providing a Python path
# to a module that defines an EmailBackend class.
EMAIL_BACKEND = ' django.core.mail.backends.smtp.EmailBackend '
# Host for sending email.
EMAIL_HOST = ' localhost '
# Port for sending email.
EMAIL_PORT = 25
# Optional SMTP authentication information for EMAIL_HOST.
EMAIL_HOST_USER = ' '
EMAIL_HOST_PASSWORD = ' '
EMAIL_USE_TLS = False
# Default email address to use for various automated correspondence from
# the site managers.
DEFAULT_FROM_EMAIL = ' webmaster@localhost '
# Subject-line prefix for email messages send with django.core.mail.mail_admins
# or ...mail_managers. Make sure to include the trailing space.
EMAIL_SUBJECT_PREFIX = ' [AWX] '
###############################################################################
# LOGGING SETTINGS
###############################################################################
# Enable logging to syslog. Setting level to ERROR captures 500 errors,
# WARNING also logs 4xx responses.
LOGGING [ ' handlers ' ] [ ' syslog ' ] = {
' level ' : ' WARNING ' ,
' filters ' : [ ] ,
' class ' : ' django.utils.log.NullHandler ' ,
' formatter ' : ' simple ' ,
}
# Enable the following lines to also log to a file.
#LOGGING['handlers']['file'] = {
# 'class': 'logging.FileHandler',
# 'filename': os.path.join(BASE_DIR, 'awx.log'),
# 'formatter': 'simple',
#}
# Enable the following lines to turn on lots of permissions-related logging.
#LOGGING['loggers']['awx.main.access']['propagate'] = True
#LOGGING['loggers']['awx.main.signals']['propagate'] = True
#LOGGING['loggers']['awx.main.permissions']['propagate'] = True
# Enable the following lines to turn on LDAP auth logging.
#LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
#LOGGING['loggers']['django_auth_ldap']['level'] = 'DEBUG'
###############################################################################
# LDAP AUTHENTICATION SETTINGS
###############################################################################
# Refer to django-auth-ldap docs for more details:
# http://pythonhosted.org/django-auth-ldap/authentication.html
# LDAP server URI, such as "ldap://ldap.example.com:389" (non-SSL) or
# "ldaps://ldap.example.com:636" (SSL). LDAP authentication is disable if this
# parameter is empty.
AUTH_LDAP_SERVER_URI = ' '
# DN of user to bind for all search queries. Normally in the format
# "CN=Some User,OU=Users,DC=example,DC=com" but may also be specified as
# "DOMAIN\username" for Active Directory.
AUTH_LDAP_BIND_DN = ' '
# Password using to bind above user account.
AUTH_LDAP_BIND_PASSWORD = ' '
# Enable TLS when the connection is not using SSL.
AUTH_LDAP_START_TLS = False
# Imports needed for remaining LDAP configuration.
import ldap
from django_auth_ldap . config import LDAPSearch , LDAPSearchUnion
from django_auth_ldap . config import ActiveDirectoryGroupType
# LDAP search query to find users.
AUTH_LDAP_USER_SEARCH = LDAPSearch (
' OU=Users,DC=example,DC=com ' , # Base DN
ldap . SCOPE_SUBTREE , # SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE
' (sAMAccountName= %(user)s ) ' , # Query
)
# Alternative to user search, if user DNs are all of the same format.
#AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,OU=Users,DC=example,DC=com'
# Mapping of LDAP to user atrributes (key is user attribute name, value is LDAP
# attribute name).
AUTH_LDAP_USER_ATTR_MAP = {
' first_name ' : ' givenName ' ,
' last_name ' : ' sn ' ,
' email ' : ' mail ' ,
}
# LDAP search query to find groups. Does not support LDAPSearchUnion.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch (
' DC=example,DC=com ' , # Base DN
ldap . SCOPE_SUBTREE , # SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE
' (objectClass=group) ' , # Query
)
# Type of group returned by the search above. Should be one of the types
# listed at: http://pythonhosted.org/django-auth-ldap/groups.html#types-of-groups
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType ( )
# Group DN required to login. If specified, user must be a member of this
# group to login via LDAP.
#AUTH_LDAP_REQUIRE_GROUP = ''
# Group DN denied from login. If specified, user will not be allowed to login
# if a member of this group.
#AUTH_LDAP_DENY_GROUP = ''
# User profile flags updated from group membership (key is user attribute name,
# value is group DN).
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
#'is_superuser': 'CN=Domain Admins,CN=Users,DC=example,DC=com',
}
# Mapping between organization admins/users and LDAP groups. Keys are
# organization names (will be created if not present). Values are dictionaries
# of options for each organization's membership, where each can contain the
# following parameters:
# - remove: True/False. Defaults to False. Specifies the default for
# remove_admins or remove_users if those parameters aren't explicitly set.
# - admins: None, True/False, string or list/tuple of strings.
# If None, organization admins will not be updated.
# If True/False, all LDAP users will be added/removed as admins.
# If a string or list of strings, specifies the group DN(s). User will be
# added as an org admin if the user is a member of ANY of these groups.
# - remove_admins: True/False. Defaults to False. If True, a user who is not a
# member of the given groups will be removed from the organization's admins.
# - users: None, True/False, string or list/tuple of strings. Same rules apply
# as for admins.
# - remove_users: True/False. Defaults to False. If True, a user who is not a
# member of the given groups will be removed from the organization's users.
AUTH_LDAP_ORGANIZATION_MAP = {
#'Test Org': {
# 'admins': 'CN=Domain Admins,CN=Users,DC=example,DC=com',
# 'users': ['CN=Domain Users,CN=Users,DC=example,DC=com'],
#},
#'Test Org 2': {
# 'admins': ['CN=Administrators,CN=Builtin,DC=example,DC=com'],
# 'users': True,
#},
}
# Mapping between team members (users) and LDAP groups. Keys are team names
# (will be created if not present). Values are dictionaries of options for
# each team's membership, where each can contain the following parameters:
# - organization: string. The name of the organization to which the team
# belongs. The team will be created if the combination of organization and
# team name does not exist. The organization will first be created if it
# does not exist.
# - users: None, True/False, string or list/tuple of strings.
# If None, team members will not be updated.
# If True/False, all LDAP users will be added/removed as team members.
# If a string or list of strings, specifies the group DN(s). User will be
# added as a team member if the user is a member of ANY of these groups.
# - remove: True/False. Defaults to False. If True, a user who is not a member
# of the given groups will be removed from the team.
AUTH_LDAP_TEAM_MAP = {
' My Team ' : {
' organization ' : ' Test Org ' ,
' users ' : [ ' CN=Domain Users,CN=Users,DC=example,DC=com ' ] ,
' remove ' : True ,
} ,
' Other Team ' : {
' organization ' : ' Test Org 2 ' ,
' users ' : ' CN=Other Users,CN=Users,DC=example,DC=com ' ,
' remove ' : False ,
} ,
}
###############################################################################
# SCM TEST SETTINGS
###############################################################################
# Define these variables to enable more complete testing of project support for
# SCM updates. The test repositories listed do not have to contain any valid
# playbooks.
try :
path = os . path . expanduser ( os . path . expandvars ( ' ~/.ssh/id_rsa ' ) )
TEST_SSH_KEY_DATA = file ( path , ' rb ' ) . read ( )
except IOError :
TEST_SSH_KEY_DATA = ' '
TEST_GIT_USERNAME = ' '
TEST_GIT_PASSWORD = ' '
TEST_GIT_KEY_DATA = TEST_SSH_KEY_DATA
TEST_GIT_PUBLIC_HTTPS = ' https://github.com/ansible/ansible.github.com.git '
TEST_GIT_PRIVATE_HTTPS = ' https://github.com/ansible/product-docs.git '
TEST_GIT_PRIVATE_SSH = ' git@github.com:ansible/product-docs.git '
TEST_HG_USERNAME = ' '
TEST_HG_PASSWORD = ' '
TEST_HG_KEY_DATA = TEST_SSH_KEY_DATA
TEST_HG_PUBLIC_HTTPS = ' https://bitbucket.org/cchurch/django-hotrunner '
TEST_HG_PRIVATE_HTTPS = ' '
TEST_HG_PRIVATE_SSH = ' '
TEST_SVN_USERNAME = ' '
TEST_SVN_PASSWORD = ' '
TEST_SVN_PUBLIC_HTTPS = ' https://github.com/ansible/ansible.github.com '
TEST_SVN_PRIVATE_HTTPS = ' https://github.com/ansible/product-docs '
# To test repo access via SSH login to localhost.
import getpass
TEST_SSH_LOOPBACK_USERNAME = getpass . getuser ( )
TEST_SSH_LOOPBACK_PASSWORD = ' '
###############################################################################
# LDAP TEST SETTINGS
###############################################################################
# LDAP connection and authentication settings for unit tests only. LDAP tests
# will be skipped if TEST_AUTH_LDAP_SERVER_URI is not configured.
TEST_AUTH_LDAP_SERVER_URI = ' '
TEST_AUTH_LDAP_BIND_DN = ' '
TEST_AUTH_LDAP_BIND_PASSWORD = ' '
TEST_AUTH_LDAP_START_TLS = False
# LDAP username/password for testing authentication.
TEST_AUTH_LDAP_USERNAME = ' '
TEST_AUTH_LDAP_PASSWORD = ' '
# LDAP search query to find users.
TEST_AUTH_LDAP_USER_SEARCH = LDAPSearch (
' CN=Users,DC=example,DC=com ' ,
ldap . SCOPE_SUBTREE ,
' (sAMAccountName= %(user)s ) ' ,
)
# Alternative to user search.
#TEST_AUTH_LDAP_USER_DN_TEMPLATE = 'sAMAccountName=%(user)s,OU=Users,DC=example,DC=com'
# Mapping of LDAP attributes to user attributes.
TEST_AUTH_LDAP_USER_ATTR_MAP = {
' first_name ' : ' givenName ' ,
' last_name ' : ' sn ' ,
' email ' : ' mail ' ,
}
# LDAP search query for finding groups.
TEST_AUTH_LDAP_GROUP_SEARCH = LDAPSearch (
' DC=example,DC=com ' ,
ldap . SCOPE_SUBTREE ,
' (objectClass=group) ' ,
)
# Type of group returned by the search above.
TEST_AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType ( )
# Test DNs for a group required to login. User should be a member of the first
# group, but not a member of the second.
TEST_AUTH_LDAP_REQUIRE_GROUP = ' CN=Domain Admins,CN=Users,DC=example,DC=com '
TEST_AUTH_LDAP_REQUIRE_GROUP_FAIL = ' CN=Guest,CN=Users,DC=example,DC=com '
# Test DNs for a group denied from login. User should not be a member of the
# first group, but should be a member of the second.
TEST_AUTH_LDAP_DENY_GROUP = ' CN=Guest,CN=Users,DC=example,DC=com '
TEST_AUTH_LDAP_DENY_GROUP_FAIL = ' CN=Domain Admins,CN=Users,DC=example,DC=com '
# User profile flags updated from group membership. Test user should be a
# member of the group.
TEST_AUTH_LDAP_USER_FLAGS_BY_GROUP = {
' is_superuser ' : ' CN=Domain Admins,CN=Users,DC=example,DC=com ' ,
}
# Test mapping between organization admins/users and LDAP groups.
TEST_AUTH_LDAP_ORGANIZATION_MAP = {
' Test Org ' : {
' admins ' : ' CN=Domain Admins,CN=Users,DC=example,DC=com ' ,
' users ' : [ ' CN=Domain Users,CN=Users,DC=example,DC=com ' ] ,
} ,
' Test Org 2 ' : {
' admins ' : [ ' CN=Administrators,CN=Builtin,DC=example,DC=com ' ] ,
' users ' : True ,
} ,
}
# Expected results from organization mapping. After login, should user be an
# admin/user in the given organization?
TEST_AUTH_LDAP_ORGANIZATION_MAP_RESULT = {
' Test Org ' : { ' admins ' : True , ' users ' : False } ,
' Test Org 2 ' : { ' admins ' : False , ' users ' : True } ,
}
# Second test mapping to test remove parameters.
TEST_AUTH_LDAP_ORGANIZATION_MAP_2 = {
' Test Org ' : {
' admins ' : ' CN=Domain Users,CN=Users,DC=example,DC=com ' ,
' users ' : True ,
' remove_admins ' : True ,
' remove_users ' : False ,
} ,
' Test Org 2 ' : {
' admins ' : [ ' CN=Domain Admins,CN=Users,DC=example,DC=com ' ,
' CN=Administrators,CN=Builtin,DC=example,DC=com ' ] ,
' users ' : False ,
' remove ' : True ,
} ,
}
# Expected results from second organization mapping.
TEST_AUTH_LDAP_ORGANIZATION_MAP_2_RESULT = {
' Test Org ' : { ' admins ' : False , ' users ' : True } ,
' Test Org 2 ' : { ' admins ' : True , ' users ' : False } ,
}
# Test mapping between team users and LDAP groups.
TEST_AUTH_LDAP_TEAM_MAP = {
' Domain Users Team ' : {
' organization ' : ' Test Org ' ,
' users ' : [ ' CN=Domain Users,CN=Users,DC=example,DC=com ' ] ,
' remove ' : False ,
} ,
' Admins Team ' : {
' organization ' : ' Admins Org ' ,
' users ' : ' CN=Domain Admins,CN=Users,DC=example,DC=com ' ,
' remove ' : True ,
} ,
' Everyone Team ' : {
' organization ' : ' Test Org 2 ' ,
' users ' : True ,
} ,
}
# Expected results from team mapping. After login, should user be a member of
# the given team?
TEST_AUTH_LDAP_TEAM_MAP_RESULT = {
' Domain Users Team ' : { ' users ' : False } ,
' Admins Team ' : { ' users ' : True } ,
' Everyone Team ' : { ' users ' : True } ,
}
# Second test mapping for teams to remove user.
TEST_AUTH_LDAP_TEAM_MAP_2 = {
' Domain Users Team ' : {
' organization ' : ' Test Org ' ,
' users ' : [ ' CN=Domain Users,CN=Users,DC=example,DC=com ' ] ,
' remove ' : False ,
} ,
' Admins Team ' : {
' organization ' : ' Admins Org ' ,
' users ' : ' CN=Administrators,CN=Builtin,DC=example,DC=com ' ,
' remove ' : True ,
} ,
' Everyone Team ' : {
' organization ' : ' Test Org 2 ' ,
' users ' : False ,
' remove ' : False ,
} ,
}
# Expected results from second team mapping. After login, should user be a
# member of the given team?
TEST_AUTH_LDAP_TEAM_MAP_2_RESULT = {
' Domain Users Team ' : { ' users ' : False } ,
' Admins Team ' : { ' users ' : False } ,
' Everyone Team ' : { ' users ' : True } ,
}
###############################################################################
# INVENTORY IMPORT TEST SETTINGS
###############################################################################
# Define these variables to enable more complete testing of inventory import
# from cloud providers.
# EC2 credentials
TEST_AWS_ACCESS_KEY_ID = ' '
TEST_AWS_SECRET_ACCESS_KEY = ' '
TEST_AWS_REGIONS = ' all '
# Rackspace credentials
TEST_RACKSPACE_USERNAME = ' '
TEST_RACKSPACE_API_KEY = ' '
TEST_RACKSPACE_REGIONS = ' all '
# VMware credentials
TEST_VMWARE_HOST = ' '
TEST_VMWARE_USER = ' '
TEST_VMWARE_PASSWORD = ' '
