flake8 codestyle fixes and tox flake8 setting enable

Fix major below issues:
E741 ambiguous variable name 'l'
./openstack/python-horizon/centos/files/guni_config.py
E402 module level import not at top of file
./openstack/python-horizon/centos/files/local_settings.py
E265 block comment should start with '# '
./openstack/python-horizon/centos/files/local_settings.py

Story: 2003428
Task: 24617

Change-Id: I9d4d6c33ce032849f09e2ec232c83909fc6690a3
Signed-off-by: Sun Austin <austin.sun@intel.com>
This commit is contained in:
Sun Austin 2018-08-23 13:30:42 +08:00
parent db03094634
commit 0de76ec71d
7 changed files with 153 additions and 144 deletions

View File

@ -17,16 +17,16 @@ def worker_abort(worker):
path = ("/proc/%s/fd") % os.getpid()
contents = os.listdir(path)
upload_dir = getattr(settings, 'FILE_UPLOAD_TEMP_DIR', '/tmp')
pattern = os.path.join(upload_dir, '*.upload')
pattern = os.path.join(upload_dir, '*.upload')
for i in contents:
f = os.path.join(path, i)
if os.path.exists(f):
try:
l = os.readlink(f)
if fnmatch.fnmatch(l, pattern):
worker.log.info(l)
os.remove(l)
link = os.readlink(f)
if fnmatch.fnmatch(link, pattern):
worker.log.info(link)
os.remove(link)
except OSError:
pass

View File

@ -10,52 +10,55 @@ from openstack_dashboard.settings import HORIZON_CONFIG
from tsconfig.tsconfig import distributed_cloud_role
# Custom STX settings
import configss
DEBUG = False
# This setting controls whether or not compression is enabled. Disabling
# compression makes Horizon considerably slower, but makes it much easier
# to debug JS and CSS changes
#COMPRESS_ENABLED = not DEBUG
# COMPRESS_ENABLED = not DEBUG
# This setting controls whether compression happens on the fly, or offline
# with `python manage.py compress`
# See https://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
# for more information
#COMPRESS_OFFLINE = not DEBUG
# COMPRESS_OFFLINE = not DEBUG
# WEBROOT is the location relative to Webserver root
# should end with a slash.
WEBROOT = '/'
#LOGIN_URL = WEBROOT + 'auth/login/'
#LOGOUT_URL = WEBROOT + 'auth/logout/'
# LOGIN_URL = WEBROOT + 'auth/login/'
# LOGOUT_URL = WEBROOT + 'auth/logout/'
#
# LOGIN_REDIRECT_URL can be used as an alternative for
# HORIZON_CONFIG.user_home, if user_home is not set.
# Do not set it to '/home/', as this will cause circular redirect loop
#LOGIN_REDIRECT_URL = WEBROOT
# LOGIN_REDIRECT_URL = WEBROOT
# If horizon is running in production (DEBUG is False), set this
# with the list of host/domain names that the application can serve.
# For more information see:
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
#ALLOWED_HOSTS = ['horizon.example.com', ]
# ALLOWED_HOSTS = ['horizon.example.com', ]
# Set SSL proxy settings:
# Pass this header from the proxy after terminating the SSL,
# and don't forget to strip it from the client's request.
# For more information see:
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# If Horizon is being served through SSL, then uncomment the following two
# settings to better secure the cookies from security exploits
#CSRF_COOKIE_SECURE = True
#SESSION_COOKIE_SECURE = True
# CSRF_COOKIE_SECURE = True
# SESSION_COOKIE_SECURE = True
# The absolute path to the directory where message files are collected.
# The message file must have a .json file extension. When the user logins to
# horizon, the message files collected are processed and displayed to the user.
#MESSAGES_PATH=None
# MESSAGES_PATH=None
# Overrides for OpenStack API versions. Use this setting to force the
# OpenStack dashboard to use a specific API version for a given service API.
@ -64,32 +67,32 @@ WEBROOT = '/'
# service API. For example, The identity service APIs have inconsistent
# use of the decimal point, so valid options would be 2.0 or 3.
# Minimum compute version to get the instance locked status is 2.9.
#OPENSTACK_API_VERSIONS = {
# OPENSTACK_API_VERSIONS = {
# "data-processing": 1.1,
# "identity": 3,
# "image": 2,
# "volume": 2,
# "compute": 2,
#}
# }
# Set this to True if running on a multi-domain model. When this is enabled, it
# will require the user to enter the Domain name in addition to the username
# for login.
#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
# Set this to True if you want available domains displayed as a dropdown menu
# on the login screen. It is strongly advised NOT to enable this for public
# clouds, as advertising enabled domains to unauthenticated customers
# irresponsibly exposes private information. This should only be used for
# private clouds where the dashboard sits behind a corporate firewall.
#OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = False
# OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = False
# If OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN is enabled, this option can be used to
# set the available domains to choose from. This is a list of pairs whose first
# value is the domain name and the second is the display name.
#OPENSTACK_KEYSTONE_DOMAIN_CHOICES = (
# OPENSTACK_KEYSTONE_DOMAIN_CHOICES = (
# ('Default', 'Default'),
#)
# )
# Overrides the default domain used when running on single-domain model
# with Keystone V3. All entities will be created in the default domain.
@ -97,45 +100,45 @@ WEBROOT = '/'
# Also, you will most likely have a value in the keystone policy file like this
# "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
# This value must be the name of the domain whose ID is specified there.
#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
# OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
# Set this to True to enable panels that provide the ability for users to
# manage Identity Providers (IdPs) and establish a set of rules to map
# federation protocol attributes to Identity API attributes.
# This extension requires v3.0+ of the Identity API.
#OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False
# OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False
# Set Console type:
# valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None
# Set to None explicitly if you want to deactivate the console.
#CONSOLE_TYPE = "AUTO"
# CONSOLE_TYPE = "AUTO"
# If provided, a "Report Bug" link will be displayed in the site header
# which links to the value of this setting (ideally a URL containing
# information on how to report issues).
#HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
# HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
# Show backdrop element outside the modal, do not close the modal
# after clicking on backdrop.
#HORIZON_CONFIG["modal_backdrop"] = "static"
# HORIZON_CONFIG["modal_backdrop"] = "static"
# Specify a regular expression to validate user passwords.
#HORIZON_CONFIG["password_validator"] = {
# HORIZON_CONFIG["password_validator"] = {
# "regex": '.*',
# "help_text": _("Your password does not meet the requirements."),
#}
# }
# Disable simplified floating IP address management for deployments with
# multiple floating IP pools or complex network requirements.
#HORIZON_CONFIG["simple_ip_management"] = False
# HORIZON_CONFIG["simple_ip_management"] = False
# Turn off browser autocompletion for forms including the login form and
# the database creation workflow if so desired.
#HORIZON_CONFIG["password_autocomplete"] = "off"
# HORIZON_CONFIG["password_autocomplete"] = "off"
# Setting this to True will disable the reveal button for password fields,
# including on the login form.
#HORIZON_CONFIG["disable_password_reveal"] = False
# HORIZON_CONFIG["disable_password_reveal"] = False
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
@ -154,12 +157,12 @@ SECRET_KEY = secret_key.generate_or_read_from_file(
# We recommend you use memcached for development; otherwise after every reload
# of the django development server, you will have to login again. To use
# memcached set CACHES to something like
#CACHES = {
# CACHES = {
# 'default': {
# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
# 'LOCATION': '127.0.0.1:11211',
# },
#}
# }
CACHES = {
'default': {
@ -170,19 +173,19 @@ CACHES = {
# Send email to the console by default
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# Or send them to /dev/null
#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
# EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
# Configure these for your outgoing email host
#EMAIL_HOST = 'smtp.my-company.com'
#EMAIL_PORT = 25
#EMAIL_HOST_USER = 'djangomail'
#EMAIL_HOST_PASSWORD = 'top-secret!'
# EMAIL_HOST = 'smtp.my-company.com'
# EMAIL_PORT = 25
# EMAIL_HOST_USER = 'djangomail'
# EMAIL_HOST_PASSWORD = 'top-secret!'
# For multiple regions uncomment this configuration, and add (endpoint, title).
#AVAILABLE_REGIONS = [
# AVAILABLE_REGIONS = [
# ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
# ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
#]
# ]
OPENSTACK_HOST = "127.0.0.1"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
@ -191,15 +194,15 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
# For setting the default service region on a per-endpoint basis. Note that the
# default value for this setting is {}, and below is just an example of how it
# should be specified.
#DEFAULT_SERVICE_REGIONS = {
# DEFAULT_SERVICE_REGIONS = {
# OPENSTACK_KEYSTONE_URL: 'RegionOne'
#}
# }
# Enables keystone web single-sign-on if set to True.
#WEBSSO_ENABLED = False
# WEBSSO_ENABLED = False
# Determines which authentication choice to show as default.
#WEBSSO_INITIAL_CHOICE = "credentials"
# WEBSSO_INITIAL_CHOICE = "credentials"
# The list of authentication mechanisms which include keystone
# federation protocols and identity provider/federation protocol
@ -209,13 +212,13 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
# Do not remove the mandatory credentials mechanism.
# Note: The last two tuples are sample mapping keys to a identity provider
# and federation protocol combination (WEBSSO_IDP_MAPPING).
#WEBSSO_CHOICES = (
# WEBSSO_CHOICES = (
# ("credentials", _("Keystone Credentials")),
# ("oidc", _("OpenID Connect")),
# ("saml2", _("Security Assertion Markup Language")),
# ("acme_oidc", "ACME - OpenID Connect"),
# ("acme_saml2", "ACME - SAML2"),
#)
# )
# A dictionary of specific identity provider and federation protocol
# combinations. From the selected authentication mechanism, the value
@ -224,24 +227,24 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
# specific WebSSO endpoint in keystone, otherwise it will use the value
# as the protocol_id when redirecting to the WebSSO by protocol endpoint.
# NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>).
#WEBSSO_IDP_MAPPING = {
# WEBSSO_IDP_MAPPING = {
# "acme_oidc": ("acme", "oidc"),
# "acme_saml2": ("acme", "saml2"),
#}
# }
# The Keystone Provider drop down uses Keystone to Keystone federation
# to switch between Keystone service providers.
# Set display name for Identity Provider (dropdown display name)
#KEYSTONE_PROVIDER_IDP_NAME = "Local Keystone"
# KEYSTONE_PROVIDER_IDP_NAME = "Local Keystone"
# This id is used for only for comparison with the service provider IDs. This ID
# should not match any service provider IDs.
#KEYSTONE_PROVIDER_IDP_ID = "localkeystone"
# KEYSTONE_PROVIDER_IDP_ID = "localkeystone"
# Disable SSL certificate checks (useful for self-signed certificates):
#OPENSTACK_SSL_NO_VERIFY = True
# OPENSTACK_SSL_NO_VERIFY = True
# The CA certificate to use to verify SSL connections
#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
# capabilities of the auth backend for Keystone.
@ -260,12 +263,12 @@ OPENSTACK_KEYSTONE_BACKEND = {
# Setting this to True, will add a new "Retrieve Password" action on instance,
# allowing Admin session password retrieval/decryption.
#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
# OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
# This setting allows deployers to control whether a token is deleted on log
# out. This can be helpful when there are often long running processes being
# run in the Horizon environment.
#TOKEN_DELETION_DISABLED = False
# TOKEN_DELETION_DISABLED = False
# The Launch Instance user experience has been significantly enhanced.
# You can choose whether to enable the new launch instance experience,
@ -278,12 +281,12 @@ OPENSTACK_KEYSTONE_BACKEND = {
# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
# determine the experience to enable. Set them both to true to enable
# both.
#LAUNCH_INSTANCE_LEGACY_ENABLED = True
#LAUNCH_INSTANCE_NG_ENABLED = False
# LAUNCH_INSTANCE_LEGACY_ENABLED = True
# LAUNCH_INSTANCE_NG_ENABLED = False
# A dictionary of settings which can be used to provide the default values for
# properties found in the Launch Instance modal.
#LAUNCH_INSTANCE_DEFAULTS = {
# LAUNCH_INSTANCE_DEFAULTS = {
# 'config_drive': False,
# 'enable_scheduler_hints': True,
# 'disable_image': False,
@ -291,7 +294,7 @@ OPENSTACK_KEYSTONE_BACKEND = {
# 'disable_volume': False,
# 'disable_volume_snapshot': False,
# 'create_volume': True,
#}
# }
# The Xen Hypervisor has the ability to set the mount point for volumes
# attached to instances (other Hypervisors currently do not). Setting
@ -374,7 +377,7 @@ OPENSTACK_HEAT_STACK = {
# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
# in the OpenStack Dashboard related to the Image service, such as the list
# of supported image formats.
#OPENSTACK_IMAGE_BACKEND = {
# OPENSTACK_IMAGE_BACKEND = {
# 'image_formats': [
# ('', _('Select format')),
# ('aki', _('AKI - Amazon Kernel Image')),
@ -390,7 +393,7 @@ OPENSTACK_HEAT_STACK = {
# ('vhdx', _('VHDX - Large Virtual Hard Disk')),
# ('vmdk', _('VMDK - Virtual Machine Disk')),
# ],
#}
# }
# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
# image custom property attributes that appear on image detail pages.
@ -412,29 +415,29 @@ IMAGE_RESERVED_CUSTOM_PROPERTIES = []
# Horizon server. When enabled, a file form field will appear on the create
# image form. If set to 'off', there will be no file form field on the create
# image form. See documentation for deployment considerations.
#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
# HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
# Allow a location to be set when creating or updating Glance images.
# If using Glance V2, this value should be False unless the Glance
# configuration and policies allow setting locations.
#IMAGES_ALLOW_LOCATION = False
# IMAGES_ALLOW_LOCATION = False
# A dictionary of default settings for create image modal.
#CREATE_IMAGE_DEFAULTS = {
# CREATE_IMAGE_DEFAULTS = {
# 'image_visibility': "public",
#}
# }
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
# in the Keystone service catalog. Use this setting when Horizon is running
# external to the OpenStack environment. The default is 'publicURL'.
#OPENSTACK_ENDPOINT_TYPE = "publicURL"
# OPENSTACK_ENDPOINT_TYPE = "publicURL"
# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
# in the Keystone service catalog. Use this setting when Horizon is running
# external to the OpenStack environment. The default is None. This
# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
#SECONDARY_ENDPOINT_TYPE = None
# SECONDARY_ENDPOINT_TYPE = None
# The number of objects (Swift containers/objects or images) to display
# on a single page before providing a paging element (a "more" link)
@ -461,24 +464,24 @@ TIME_ZONE = "UTC"
# can provide a custom callback method to use for sorting. You can also provide
# a flag for reverse sort. For more info, see
# http://docs.python.org/2/library/functions.html#sorted
#CREATE_INSTANCE_FLAVOR_SORT = {
# CREATE_INSTANCE_FLAVOR_SORT = {
# 'key': 'name',
# # or
# 'key': my_awesome_callback_method,
# 'reverse': False,
#}
# }
# Set this to True to display an 'Admin Password' field on the Change Password
# form to verify that it is indeed the admin logged-in who wants to change
# the password.
#ENFORCE_PASSWORD_CHECK = False
# ENFORCE_PASSWORD_CHECK = False
# Modules that provide /auth routes that can be used to handle different types
# of user authentication. Add auth plugins that require extra route handling to
# this list.
#AUTHENTICATION_URLS = [
# AUTHENTICATION_URLS = [
# 'openstack_auth.urls',
#]
# ]
# The Horizon Policy Enforcement engine uses these values to load per service
# policy rule files. The content of these files should match the files the
@ -486,7 +489,7 @@ TIME_ZONE = "UTC"
# target installation.
# Path to directory containing policy.json files
#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
# POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
# Map of local copy of service policy files.
# Please insure that your identity policy file matches the one being used on
@ -498,14 +501,14 @@ TIME_ZONE = "UTC"
# policy.v3cloudsample.json
# Having matching policy files on the Horizon and Keystone servers is essential
# for normal operation. This holds true for all services and their policy files.
#POLICY_FILES = {
# POLICY_FILES = {
# 'identity': 'keystone_policy.json',
# 'compute': 'nova_policy.json',
# 'volume': 'cinder_policy.json',
# 'image': 'glance_policy.json',
# 'orchestration': 'heat_policy.json',
# 'network': 'neutron_policy.json',
#}
# }
# TODO: (david-lyle) remove when plugins support adding settings.
# Note: Only used when trove-dashboard plugin is configured to be used by
@ -514,16 +517,16 @@ TIME_ZONE = "UTC"
# creating users and databases on database instances is turned on.
# To disable these extensions set the permission here to something
# unusable such as ["!"].
#TROVE_ADD_USER_PERMS = []
#TROVE_ADD_DATABASE_PERMS = []
# TROVE_ADD_USER_PERMS = []
# TROVE_ADD_DATABASE_PERMS = []
# Change this patch to the appropriate list of tuples containing
# a key, label and static directory containing two files:
# _variables.scss and _styles.scss
#AVAILABLE_THEMES = [
# AVAILABLE_THEMES = [
# ('default', 'Default', 'themes/default'),
# ('material', 'Material', 'themes/material'),
#]
# ]
LOGGING = {
'version': 1,
@ -780,13 +783,13 @@ SECURITY_GROUP_RULES = {
# pool for use in their cluster. False by default. You would want
# to set this to True if you were running Nova Networking with
# auto_assign_floating_ip = True.
#SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
# SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
# The hash algorithm to use for authentication tokens. This must
# match the hash algorithm that the identity server and the
# auth_token middleware are using. Allowed values are the
# algorithms supported by Python's hashlib library.
#OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
# OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
# AngularJS requires some settings to be made available to
# the client side. Some settings are required by in-tree / built-in horizon
@ -811,7 +814,7 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
# !! Please use extreme caution as the settings are transferred via HTTP/S
# and are not encrypted on the browser. This is an experimental API and
# may be deprecated in the future without notice.
#REST_API_ADDITIONAL_SETTINGS = []
# REST_API_ADDITIONAL_SETTINGS = []
# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
@ -819,11 +822,11 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
# where iframes are not used in deployment. Default setting is True.
# For more information see:
# http://tinyurl.com/anticlickjack
#DISALLOW_IFRAME_EMBED = True
# DISALLOW_IFRAME_EMBED = True
# Help URL can be made available for the client. To provide a help URL, edit the
# following attribute to the URL of your choice.
#HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
# HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
# Settings for OperationLogMiddleware
# OPERATION_LOG_ENABLED is flag to use the function to log an operation on
@ -831,8 +834,8 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
# mask_targets is arrangement for appointing a target to mask.
# method_targets is arrangement of HTTP method to output log.
# format is the log contents.
#OPERATION_LOG_ENABLED = False
#OPERATION_LOG_OPTIONS = {
# OPERATION_LOG_ENABLED = False
# OPERATION_LOG_OPTIONS = {
# 'mask_fields': ['password'],
# 'target_methods': ['POST'],
# 'ignored_urls': ['/js/', '/static/', '^/api/'],
@ -841,19 +844,19 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
# " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
# " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
# " [%(http_status)s] [%(param)s]"),
#}
# }
# The default date range in the Overview panel meters - either <today> minus N
# days (if the value is integer N), or from the beginning of the current month
# until today (if set to None). This setting should be used to limit the amount
# of data fetched by default when rendering the Overview panel.
#OVERVIEW_DAYS_RANGE = 1
# OVERVIEW_DAYS_RANGE = 1
# To allow operators to require users provide a search criteria first
# before loading any data into the views, set the following dict
# attributes to True in each one of the panels you want to enable this feature.
# Follow the convention <dashboard>.<view>
#FILTER_DATA_FIRST = {
# FILTER_DATA_FIRST = {
# 'admin.instances': False,
# 'admin.images': False,
# 'admin.networks': False,
@ -863,7 +866,7 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
# 'identity.projects': False,
# 'identity.groups': False,
# 'identity.roles': False
#}
# }
# Dict used to restrict user private subnet cidr range.
# An empty list means that user input will not be restricted
@ -871,10 +874,10 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
# no restriction for IPv4 or IPv6. To restrict
# user private subnet cidr range set ALLOWED_PRIVATE_SUBNET_CIDR
# to something like
#ALLOWED_PRIVATE_SUBNET_CIDR = {
# ALLOWED_PRIVATE_SUBNET_CIDR = {
# 'ipv4': ['10.0.0.0/8', '192.168.0.0/16'],
# 'ipv6': ['fc00::/7']
#}
# }
ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
# Projects and users can have extra attributes as defined by keystone v3.
@ -882,12 +885,12 @@ ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
# If you'd like to display extra data in the project or user tables, set the
# corresponding dict key to the attribute name, followed by the display name.
# For more information, see horizon's customization (http://docs.openstack.org/developer/horizon/topics/customizing.html#horizon-customization-module-overrides)
#PROJECT_TABLE_EXTRA_INFO = {
# PROJECT_TABLE_EXTRA_INFO = {
# 'phone_num': _('Phone Number'),
#}
#USER_TABLE_EXTRA_INFO = {
# }
# USER_TABLE_EXTRA_INFO = {
# 'phone_num': _('Phone Number'),
#}
# }
# Password will have an expiration date when using keystone v3 and enabling the
# feature.
@ -895,22 +898,8 @@ ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
# prior to the password expiration.
# Once the password expires keystone will deny the access and users must
# contact an admin to change their password.
#PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS = 0
# Custom WRS settings
import configss
# PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS = 0
ALLOWED_HOSTS = ["*"]
HORIZON_CONFIG["password_autocomplete"] = "off"
# The OPENSTACK_HEAT_STACK settings can be used to disable password
@ -921,7 +910,7 @@ OPENSTACK_HEAT_STACK = {
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_API_VERSIONS={"identity":3}
OPENSTACK_API_VERSIONS = {"identity": 3}
OPENSTACK_NEUTRON_NETWORK['enable_distributed_router'] = True
@ -936,7 +925,7 @@ try:
OPENSTACK_HOST = configss.CONFSS['shared_services']['openstack_host']
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
AVAILABLE_REGIONS = [(OPENSTACK_KEYSTONE_URL, configss.CONFSS['shared_services']['region_name']),]
AVAILABLE_REGIONS = [(OPENSTACK_KEYSTONE_URL, configss.CONFSS['shared_services']['region_name'])]
REGION_NAME = configss.CONFSS['shared_services']['region_name']
SS_ENABLED = "True"
else:
@ -960,8 +949,8 @@ except Exception:
# check if it is in distributed cloud
DC_MODE = False
if distributed_cloud_role and distributed_cloud_role in [ 'systemcontroller', 'subcloud']:
DC_MODE= True
if distributed_cloud_role and distributed_cloud_role in ['systemcontroller', 'subcloud']:
DC_MODE = True
OPENSTACK_ENDPOINT_TYPE = "internalURL"
@ -981,12 +970,12 @@ POLICY_FILES_PATH = "/etc/openstack-dashboard"
# Settings for OperationLogMiddleware
OPERATION_LOG_ENABLED = True
OPERATION_LOG_OPTIONS = {
'mask_fields': ['password', 'bm_password', 'bm_confirm_password',
'current_password', 'confirm_password', 'new_password'],
'target_methods': ['POST', 'PUT', 'DELETE'],
'format': ("[%(project_name)s %(project_id)s] [%(user_name)s %(user_id)s]"
" [%(method)s %(request_url)s %(http_status)s]"
" parameters:[%(param)s] message:[%(message)s]"),
'mask_fields': ['password', 'bm_password', 'bm_confirm_password',
'current_password', 'confirm_password', 'new_password'],
'target_methods': ['POST', 'PUT', 'DELETE'],
'format': ("[%(project_name)s %(project_id)s] [%(user_name)s %(user_id)s]"
" [%(method)s %(request_url)s %(http_status)s]"
" parameters:[%(param)s] message:[%(message)s]"),
}
@ -1025,11 +1014,11 @@ try:
if os.path.exists('/etc/openstack-dashboard/horizon-config.ini'):
if not configss.CONFSS or 'horizon_params' not in configss.CONFSS:
configss.load('/etc/openstack-dashboard/horizon-config.ini')
if configss.CONFSS['horizon_params']['https_enabled'] == 'true':
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
if configss.CONFSS['auth']['lockout_period']:
LOCKOUT_PERIOD_SEC = float(configss.CONFSS['auth']['lockout_period'])
if configss.CONFSS['auth']['lockout_retries']:
@ -1190,6 +1179,3 @@ LOGGING = {
},
},
}

View File

@ -11,6 +11,7 @@ if command is None:
syslog.openlog('nova_migration_wrapper')
def allow_command(user, args):
syslog.syslog(syslog.LOG_INFO, "Allowing connection='{}' command={} ".format(
ssh_connection,
@ -18,6 +19,7 @@ def allow_command(user, args):
))
os.execlp('sudo', 'sudo', '-u', user, *args)
def deny_command(args):
syslog.syslog(syslog.LOG_ERR, "Denying connection='{}' command={}".format(
ssh_connection,
@ -26,13 +28,14 @@ def deny_command(args):
sys.stderr.write('Forbidden\n')
sys.exit(1)
# Handle libvirt ssh tunnel script snippet
# https://github.com/libvirt/libvirt/blob/f0803dae93d62a4b8a2f67f4873c290a76d978b3/src/rpc/virnetsocket.c#L890
libvirt_sock = '/var/run/libvirt/libvirt-sock'
live_migration_tunnel_cmd = "sh -c 'if 'nc' -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then " \
"ARG=-q0;" \
" ARG=-q0;" \
"else " \
"ARG=;" \
" ARG=;" \
"fi;" \
"'nc' $ARG -U {}'".format(libvirt_sock)
@ -49,11 +52,13 @@ cold_migration_cmds = [
]
rootwrap_args = ['/usr/bin/nova-rootwrap', '/etc/nova/migration/rootwrap.conf']
def validate_cold_migration_cmd(args):
target_path = os.path.normpath(args[-1])
cmd = args[:-1]
return cmd in cold_migration_cmds and target_path.startswith(cold_migration_root)
# Rules
args = command.split(' ')
if command == live_migration_tunnel_cmd:

View File

@ -1,5 +1,5 @@
#!/usr/bin/python2
#PBR Generated from u'wsgi_scripts'
# PBR Generated from u'wsgi_scripts'
import threading
@ -61,4 +61,3 @@ else:
with app_lock:
if application is None:
application = init_application()

View File

@ -16,7 +16,9 @@ import logging
# logger
logging.basicConfig(level=logging.DEBUG, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s')
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s - %(name)s - %(levelname)s - %(message)s')
logging.getLogger('multiprocessing').setLevel(logging.DEBUG)
LOG = logging.getLogger(__name__)
@ -82,6 +84,7 @@ def get_l3_cache_allocation_info():
_L3_CACHE[cache]['num_cbm_bits'] = None
return _L3_CACHE
def get_l3_cache_allocation_schemata(uuid=None):
"""Get resctrl L3 cache allocation technology schemata CBM corresponding
to instance uuid, or the default schemata if uuid not provided.
@ -136,6 +139,7 @@ def get_l3_cache_allocation_schemata(uuid=None):
return schemata
def get_all_l3_schemata():
"""Get L3 CLOS schemata CBM for all resctrl uuids.
:param: None
@ -238,8 +242,8 @@ def print_all_instance_schematas(l3_info=None, default_schemata=None, schematas=
closids_used = 1 + len(schematas)
print('%6s %4s : %*s : %8s : %20s : %4s : %s'
% ('cache', 'bank', uuid_len, 'uuid',
'CBM', 'bitarray', 'size', 'setbits'))
% ('cache', 'bank', uuid_len, 'uuid',
'CBM', 'bitarray', 'size', 'setbits'))
for cache_type in cache_types:
for bank in banks:
default_s = hextoset(mask=default_schemata[cache_type][bank])
@ -247,12 +251,12 @@ def print_all_instance_schematas(l3_info=None, default_schemata=None, schematas=
default_d = int(default_h, 16)
name = 'default'
print('%6s %4d : %*s : %08x : %s : %4d : %s'
% (cache_type, bank, uuid_len, name, default_d,
format(default_d, '020b'), bin(default_d).count('1'),
list_to_range(input_list=default_s)))
% (cache_type, bank, uuid_len, name, default_d,
format(default_d, '020b'), bin(default_d).count('1'),
list_to_range(input_list=default_s)))
for name, schemata in sorted(schematas.items(),
key=lambda x: msb(int(x[1][cache_type][bank], 16))):
key=lambda x: msb(int(x[1][cache_type][bank], 16))):
if schemata[cache_type][bank] == cbm_mask:
cbm_s = set()
@ -261,11 +265,12 @@ def print_all_instance_schematas(l3_info=None, default_schemata=None, schematas=
cbm_h = settohex(setbits=cbm_s)
cbm_d = int(cbm_h, 16)
print('%6s %4d : %s : %08x : %s : %4d : %s'
% (cache_type, bank, name, cbm_d,
format(cbm_d, '020b'), bin(cbm_d).count('1'),
list_to_range(input_list=cbm_s) or '-'))
% (cache_type, bank, name, cbm_d,
format(cbm_d, '020b'), bin(cbm_d).count('1'),
list_to_range(input_list=cbm_s) or '-'))
print('CLOSIDS/type: %d total, %d used' % (closids_total, closids_used))
def main():
l3_info = get_l3_cache_allocation_info()
if not _L3_RESCTRL_SUPPORT:
@ -276,6 +281,7 @@ def main():
default_schemata=default_schemata,
schematas=schematas)
if __name__ == '__main__':
main()
sys.exit(0)

View File

@ -1,3 +1,4 @@
bashate >= 0.2
PyYAML >= 3.1.0
yamllint >= 0.5.2
flake8 >= 2.5.4 # MIT

22
tox.ini
View File

@ -1,5 +1,5 @@
[tox]
envlist = linters
envlist = linters,pep8
minversion = 2.3
skipsdist = True
@ -30,11 +30,23 @@ commands =
[testenv:pep8]
usedevelop = False
skip_install = True
deps =
pep8
description =
Run style checks.
commands =
pep8
flake8
[flake8]
# E123, E125 skipped as they are invalid PEP-8.
# E501 skipped because some of the code files include templates
# that end up quite wide
# H405: multi line docstring summary not separated with an empty line
show-source = True
ignore = E123,E125,E501,H405
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-*
[testenv:venv]
commands = {posargs}