Settings Reference¶

介绍¶

Horizon’s settings broadly fall into four categories

General Settings: this includes visual settings like the modal backdrop style, bug url and theme configuration, as well as settings that affect every service, such as page sizes on API requests.
Service-specific Settings: Many services that Horizon consumes, such as Nova and Neutron, don’t advertise their capabilities via APIs, so Horizon carries configuration for operators to enable or disable many items. This section covers all settings that are specific to a single service.
Django Settings, which are common to all Django applications. The only ones documented here are those that Horizon alters by default; however, you should read the Django settings documentation to see the other options available to you.
Other Settings: settings which do not fall into any of the above categories.

To modify your settings, you have two options

Preferred: Add .py settings snippets to the openstack_dashboard/local/local_settings.d/ directory. Several example files (appended with .example) can be found there. These must start with an underscore, and are evaluated alphabetically, after local_settings.py.
Modify your openstack_dashboard/local/local_settings.py. There is an file found at openstack_dashboard/local/local_settings.py.example.

General Settings¶

ANGULAR_FEATURES¶

Added in version 10.0.0(Newton).

Deprecated since version 22.2.0(Zed): The Django version of the Images, Keypairs, and Roles panels are deprecated. As a result, “images_panel”, “key_pairs_panel” and “roles_panel” keys in this setting are deprecated. Consider switching to the AngujarJS version by setting corresponding entries to True (the default value).

默认值

{
    'images_panel': True,
    'key_pairs_panel': True,
    'flavors_panel': False,
    'domains_panel': False,
    'users_panel': False,
    'groups_panel': False,
    'roles_panel': True
}

A dictionary of currently available AngularJS features. This allows simple toggling of legacy or rewritten features, such as new panels, workflows etc.

注意

If you toggle domains_panel to True, you also need to enable the setting of OPENSTACK_KEYSTONE_DEFAULT_DOMAIN and add OPENSTACK_KEYSTONE_DEFAULT_DOMAIN to REST_API_REQUIRED_SETTINGS.

API_RESULT_LIMIT¶

Added in version 2012.1(Essex).

Default: 1000

The maximum number of objects (e.g. Swift objects or Glance images) to display on a single page before providing a paging element (a “more” link) to paginate results.

API_RESULT_PAGE_SIZE¶

Added in version 2012.2(Folsom).

Default: 20

Similar to API_RESULT_LIMIT. This setting controls the number of items to be shown per page if API pagination support for this exists.

AVAILABLE_THEMES¶

Added in version 9.0.0(Mitaka).

默认值

AVAILABLE_THEMES = [
     ('default', 'Default', 'themes/default'),
     ('material', 'Material', 'themes/material'),
]

This setting tells Horizon which themes to use.

A list of tuples which define multiple themes. The tuple format is ('{{ theme_name }}', '{{ theme_label }}', '{{ theme_path }}').

The theme_name is the name used to define the directory which the theme is collected into, under /{{ THEME_COLLECTION_DIR }}. It also specifies the key by which the selected theme is stored in the browser’s cookie.

The theme_label is the user-facing label that is shown in the theme picker. The theme picker is only visible if more than one theme is configured, and shows under the topnav’s user menu.

By default, the theme path is the directory that will serve as the static root of the theme and the entire contents of the directory is served up at /{{ THEME_COLLECTION_DIR }}/{{ theme_name }}. If you wish to include content other than static files in a theme directory, but do not wish that content to be served up, then you can create a sub directory named static. If the theme folder contains a sub-directory with the name static, then static/custom/static will be used as the root for the content served at /static/custom.

The static root of the theme folder must always contain a _variables.scss file and a _styles.scss file. These must contain or import all the bootstrap and horizon specific variables and styles which are used to style the GUI. For example themes, see: /horizon/openstack_dashboard/themes/

Horizon ships with two themes configured. ‘default’ is the default theme, and ‘material’ is based on Google’s Material Design.

DEFAULT_POLICY_FILES¶

Added in version 19.1.0(Wallaby).

默认值

{
    'identity': 'default_policies/keystone.yaml',
    'compute': 'default_policies/nova.yaml',
    'volume': 'default_policies/cinder.yaml',
    'image': 'default_policies/glance.yaml',
    'network': 'default_policies/neutron.yaml',
}

This is a mapping from service types to YAML files including default policy definitions. Values of this mapping should be relative paths to POLICY_FILES_PATH or absolute paths. Policy files specified in this setting are generated from default policies of back-end services, so you rarely need to configure it. If you would like to override the default policies, consider customizing files under POLICY_FILES.

DEFAULT_THEME¶

Added in version 9.0.0(Mitaka).

Default: "default"

This setting tells Horizon which theme to use if the user has not yet selected a theme through the theme picker and therefore set the cookie value. This value represents the theme_name key that is used from AVAILABLE_THEMES. To use this setting, the theme must also be configured inside of AVAILABLE_THEMES. Your default theme must be configured as part of SELECTABLE_THEMES. If it is not, then your DEFAULT_THEME will default to the first theme in SELECTABLE_THEMES.

DISALLOW_IFRAME_EMBED¶

Added in version 8.0.0(Liberty).

Default: True

This setting can be used to defend against Clickjacking and prevent Horizon from being embedded within an iframe. Legacy browsers are still vulnerable to a Cross-Frame Scripting (XFS) vulnerability, so this option allows extra security hardening where iframes are not used in deployment. When set to true, a "frame-buster" script is inserted into the template header that prevents the web page from being framed and therefore defends against clickjacking.

For more information see: http://tinyurl.com/anticlickjack

注意

If your deployment requires the use of iframes, you can set this setting to False to exclude the frame-busting code and allow iframe embedding.

FILTER_DATA_FIRST¶

Added in version 10.0.0(Newton).

默认值

{
    'admin.instances': False,
    'admin.images': False,
    'admin.networks': False,
    'admin.routers': False,
    'admin.volumes': False
}

If the dict key-value is True, when the view loads, an empty table will be rendered and the user will be asked to provide a search criteria first (in case no search criteria was provided) before loading any data.

示例

Override the dict

{
    'admin.instances': True,
    'admin.images': True,
    'admin.networks': False,
    'admin.routers': False,
    'admin.volumes': False
}

Or, if you want to turn this on for an specific panel/view do

FILTER_DATA_FIRST['admin.instances'] = True

HORIZON_CONFIG¶

A dictionary of some Horizon configuration values. These are primarily separated for historic design reasons.

默认值

HORIZON_CONFIG = {
    'user_home': 'openstack_dashboard.views.get_user_home',
    'ajax_queue_limit': 10,
    'auto_fade_alerts': {
        'delay': 3000,
        'fade_duration': 1500,
        'types': [
            'alert-success',
            'alert-info'
        ]
    },
    'bug_url': None,
    'help_url': "https://docs.openstack.org/",
    'exceptions': {
        'recoverable': exceptions.RECOVERABLE,
        'not_found': exceptions.NOT_FOUND,
        'unauthorized': exceptions.UNAUTHORIZED
    },
    'modal_backdrop': 'static',
    'angular_modules': [],
    'js_files': [],
    'js_spec_files': [],
    'external_templates': [],
}

ajax_poll_interval¶

Added in version 2012.1(Essex).

Default: 2500

How frequently resources in transition states should be polled for updates, expressed in milliseconds.

ajax_queue_limit¶

Added in version 2012.1(Essex).

Default: 10

The maximum number of simultaneous AJAX connections the dashboard may try to make. This is particularly relevant when monitoring a large number of instances, volumes, etc. which are all actively trying to update/change state.

angular_modules¶

Added in version 2014.2(Juno).

Default: []

A list of AngularJS modules to be loaded when Angular bootstraps. These modules are added as dependencies on the root Horizon application horizon.

auto_fade_alerts¶

Added in version 2013.2(Havana).

默认值

{
    'delay': 3000,
    'fade_duration': 1500,
    'types': []
}

If provided, will auto-fade the alert types specified. Valid alert types include: [‘alert-default’, ‘alert-success’, ‘alert-info’, ‘alert-warning’, ‘alert-danger’] Can also define the delay before the alert fades and the fade out duration.

bug_url¶

Added in version 9.0.0(Mitaka).

Default: None

If provided, a “Report Bug” link will be displayed in the site header which links to the value of this setting (ideally a URL containing information on how to report issues).

disable_password_reveal¶

Added in version 2015.1(Kilo).

Default: False

Setting this to True will disable the reveal button for password fields, including on the login form.

exceptions¶

Added in version 2012.1(Essex).

默认值

{
    'unauthorized': [],
    'not_found': [],
    'recoverable': []
}

A dictionary containing classes of exceptions which Horizon’s centralized exception handling should be aware of. Based on these exception categories, Horizon will handle the exception and display a message to the user.

help_url¶

Added in version 2012.2(Folsom).

Default: None

If provided, a “Help” link will be displayed in the site header which links to the value of this setting (ideally a URL containing help information).

js_files¶

Added in version 2014.2(Juno).

Default: []

A list of javascript source files to be included in the compressed set of files that are loaded on every page. This is needed for AngularJS modules that are referenced in angular_modules and therefore need to be include in every page.

js_spec_files¶

Added in version 2015.1(Kilo).

Default: []

A list of javascript spec files to include for integration with the Jasmine spec runner. Jasmine is a behavior-driven development framework for testing JavaScript code.

password_autocomplete¶

Added in version 2013.1(Grizzly).

Default: "off"

Controls whether browser autocompletion should be enabled on the login form. Valid values are "on" and "off".

password_validator¶

Added in version 2012.1(Essex).

默认值

{
    'regex': '.*',
    'help_text': _("Password is not accepted")
}

A dictionary containing a regular expression which will be used for password validation and help text which will be displayed if the password does not pass validation. The help text should describe the password requirements if there are any.

This setting allows you to set rules for passwords if your organization requires them.

user_home¶

Added in version 2012.1(Essex).

Default: settings.LOGIN_REDIRECT_URL

This can be either a literal URL path (such as the default), or Python’s dotted string notation representing a function which will evaluate what URL a user should be redirected to based on the attributes of that user.

LANGUAGE¶

Default: all languages with translation catalogs are enabled

If you would like to enable a specific set of languages, you can do this by setting LANGUAGES list below. Each entry is a tuple of language code and language name.

LANGUAGES = (
  ('cs', 'Czech'),
  ('de', 'German'),
  ('en', 'English'),
  ('en-au', 'Australian English'),
  ('en-gb', 'British English'),
  ('eo', 'Esperanto'),
  ('es', 'Spanish'),
  ('fr', 'French'),
  ('id', 'Indonesian'),
  ('it', 'Italian'),
  ('ja', 'Japanese'),
  ('ko', 'Korean (Korea)'),
  ('pl', 'Polish'),
  ('pt-br', 'Portuguese (Brazil)'),
  ('ru', 'Russian'),
  ('tr', 'Turkish'),
  ('zh-hans', 'Simplified Chinese'),
  ('zh-hant', 'Traditional Chinese'),
)

MESSAGES_PATH¶

Added in version 9.0.0(Mitaka).

Default: None

The absolute path to the directory where message files are collected.

When the user logins to horizon, the message files collected are processed and displayed to the user. Each message file should contain a JSON formatted data and must have a .json file extension. For example

{
    "level": "info",
    "message": "message of the day here"
}

Possible values for level are: success, info, warning and error.

NG_TEMPLATE_CACHE_AGE¶

Added in version 10.0.0(Newton).

Angular Templates are cached using this duration (in seconds) if DEBUG is set to False. Default value is 2592000 (or 30 days).

OPENSTACK_API_VERSIONS¶

Added in version 2013.2(Havana).

默认值

{
    "identity": 3,
    "volume": 3,
    "compute": 2
}

Overrides for OpenStack API versions. Use this setting to force the OpenStack dashboard to use a specific API version for a given service API.

注意

The version should be formatted as it appears in the URL for the service API. For example, the identity service APIs have inconsistent use of the decimal point, so valid options would be “3”. For example

OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "volume": 3,
    "compute": 2
}

OPENSTACK_CLOUDS_YAML_CUSTOM_TEMPLATE¶

Added in version 15.0.0(Stein).

Default: None

Example: my-clouds.yaml.template

A template name for a custom user’s clouds.yaml file. None means the default template for clouds.yaml is used.

If the default template is not suitable for your deployment, you can provide your own clouds.yaml by specifying this setting.

The default template is defined as clouds.yaml.template and available context parameters are found in _get_openrc_credentials() and download_clouds_yaml_file() functions in openstack_dashboard/dashboards/project/api_access/views.py

注意

Your template needs to be placed in the search paths of Django templates. You may need to configure ADD_TEMPLATE_DIRS setting to contain a path where your template exists.

OPENSTACK_CLOUDS_YAML_NAME¶

Added in version 12.0.0(Pike).

Default: "openstack"

The name of the entry to put into the user’s clouds.yaml file.

OPENSTACK_CLOUDS_YAML_PROFILE¶

Added in version 12.0.0(Pike).

Default: None

If set, the name of the vendor profile from os-client-config.

OPENSTACK_ENDPOINT_TYPE¶

Added in version 2012.1(Essex).

Default: "publicURL"

A string which specifies the endpoint type to use for the endpoints in the Keystone service catalog.

OPENSTACK_KEYSTONE_ENDPOINT_TYPE¶

Added in version 23.1.0(Antelope).

Default: None

A string which specifies the endpoint type to use for the Keystone (identity) endpoint when looking it up in the service catalog. This overrides the OPENSTACK_ENDPOINT_TYPE parameter. If set to None, OPENSTACK_ENDPOINT_TYPE is used for the identity endpoint.

OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED¶

Added in version 23.2.1(Bobcat).

Default: False

A boolean to activate TOTP support. If activated, the plugin must be present in AUTHENTICATION_PLUGINS.

OPENSTACK_HOST¶

Added in version 2012.1(Essex).

Default: "127.0.0.1"

The hostname of the Keystone server used for authentication if you only have one region. This is often the only setting that needs to be set for a basic deployment.

If you have multiple regions you should use the AVAILABLE_REGIONS setting instead.

OPENRC_CUSTOM_TEMPLATE¶

Added in version 15.0.0(Stein).

Default: None

Example: my-openrc.sh.template

A template name for a custom user’s openrc file. None means the default template for openrc is used.

If the default template is not suitable for your deployment, for example, if your deployment uses saml2, openid and so on for authentication, the default openrc would not be sufficient. You can provide your own clouds.yaml by specifying this setting.

The default template is defined as openrc.sh.template and available context parameters are found in _get_openrc_credentials() and download_rc_file() functions in openstack_dashboard/dashboards/project/api_access/views.py

注意

Your template needs to be placed in the search paths of Django templates. Check TEMPLATES[0]['DIRS']. You may need to specify somewhere your template exist to DIRS in TEMPLATES setting.

OPENSTACK_PROFILER¶

Added in version 11.0.0(Ocata).

Default: {"enabled": False}

Various settings related to integration with osprofiler library. Since it is a developer feature, it starts as disabled. To enable it, more than a single "enabled" key should be specified. Additional keys that should be specified in that dictionary are

"keys" is a list of strings, which are secret keys used to encode/decode the profiler data contained in request headers. Encryption is used for security purposes, other OpenStack components that are expected to profile themselves with osprofiler using the data from the request that Horizon initiated must share a common set of keys with the ones in Horizon config. List of keys is used so that security keys could be changed in non-obtrusive manner for every component in the cloud. Example: "keys": ["SECRET_KEY", "MORE_SECRET_KEY"]. For more details see osprofiler documentation.
"notifier_connection_string" is a url to which trace messages are sent by Horizon. For other components it is usually the only URL specified in config, because other components act mostly as traces producers. Example: "notifier_connection_string": "mongodb://%s" % OPENSTACK_HOST.
"receiver_connection_string" is a url from which traces are retrieved by Horizon, needed because Horizon is not only the traces producer, but also a consumer. Having 2 settings which usually contain the same value is legacy feature from older versions of osprofiler when OpenStack components could use oslo.messaging for notifications and the trace client used ceilometer as a receiver backend. By default Horizon uses the same URL pointing to a MongoDB cluster for both purposes. Example: "receiver_connection_string": "mongodb://%s" % OPENSTACK_HOST.

OPENSTACK_SSL_CACERT¶

Added in version 2013.2(Havana).

Default: None

When unset or set to None the default CA certificate on the system is used for SSL verification.

When set with the path to a custom CA certificate file, this overrides use of the default system CA certificate. This custom certificate is used to verify all connections to openstack services when making API calls.

OPENSTACK_SSL_NO_VERIFY¶

Added in version 2012.2(Folsom).

Default: False

Disable SSL certificate checks in the OpenStack clients (useful for self-signed certificates).

OPERATION_LOG_ENABLED¶

Added in version 10.0.0(Newton).

Default: False

This setting can be used to enable logging of all operations carried out by users of Horizon. The format of the logs is configured via OPERATION_LOG_OPTIONS

注意

If you use this feature, you need to configure the logger setting like an outputting path for operation log in local_settings.py.

OPERATION_LOG_OPTIONS¶

Added in version 10.0.0(Newton).

Changed in version 12.0.0(Pike): Added ignored_urls parameter and added %(client_ip)s to format

默认值

{
    'mask_fields': ['password', 'current_password', 'original_password',
                    'new_password', 'confirm_password'],
    'target_methods': ['POST'],
    'ignored_urls': ['/js/', '/static/', '^/api/'],
    'format': ("[%(domain_name)s] [%(domain_id)s] [%(project_name)s]"
        " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
        " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
        " [%(http_status)s] [%(param)s]"),
}

This setting controls the behavior of the operation log.

mask_fields is a list of keys of post data which should be masked from the point of view of security. Fields like password should be included. The fields specified in mask_fields are logged as ********.
target_methods is a request method which is logged to an operation log. The valid methods are POST, GET, PUT, DELETE.
ignored_urls is a list of request URLs to be hidden from a log.
format defines the operation log format. Currently you can use the following keywords. The default value contains all keywords.
- %(client_ip)s
- %(domain_name)s
- %(domain_id)s
- %(project_name)s
- %(project_id)s
- %(user_name)s
- %(user_id)s
- %(request_scheme)s
- %(referer_url)s
- %(request_url)s
- %(message)s
- %(method)s
- %(http_status)s
- %(param)s

OVERVIEW_DAYS_RANGE¶

Added in version 10.0.0(Newton).

Default: 1

When set to an integer N (as by default), the start date in the Overview panel meters will be today minus N days. This setting is used to limit the amount of data fetched by default when rendering the Overview panel. If set to None (which corresponds to the behavior in past Horizon versions), the start date will be from the beginning of the current month until the current date. The legacy behaviour is not recommended for large deployments as Horizon suffers significant lag in this case.

POLICY_CHECK_FUNCTION¶

Added in version 2013.2(Havana).

Default: openstack_auth.policy.check

This value should not be changed, although removing it or setting it to None would be a means to bypass all policy checks.

POLICY_DIRS¶

Added in version 13.0.0(Queens).

默认值

{
    'compute': ['nova_policy.d'],
    'volume': ['cinder_policy.d'],
}

Specifies a list of policy directories per service types. The directories are relative to POLICY_FILES_PATH. Services whose additional policies are defined here must be defined in POLICY_FILES too. Otherwise, additional policies specified in POLICY_DIRS are not loaded.

注意

cinder_policy.d and nova_policy.d are registered by default to maintain policies which have ben dropped from nova and cinder but horizon still uses. We recommend not to drop them.

POLICY_FILES¶

Added in version 2013.2(Havana).

Changed in version 19.1.0(Wallaby): The default files are changed to YAML format. JSON format still continues to be supported.

默认值

{
    'compute': 'nova_policy.yaml',
    'identity': 'keystone_policy.yaml',
    'image': 'glance_policy.yaml',
    'network': 'neutron_policy.yaml',
    'volume': 'cinder_policy.yaml',
}

This should essentially be the mapping of the contents of POLICY_FILES_PATH to service types. When policy files are added to POLICY_FILES_PATH, they should be included here too.

POLICY_FILES_PATH¶

Added in version 2013.2(Havana).

Default: os.path.join(ROOT_PATH, "conf")

Specifies where service based policy files are located. These are used to define the policy rules actions are verified against.

REST_API_REQUIRED_SETTINGS¶

Added in version 2014.2(Kilo).

默认值

[
    'CREATE_IMAGE_DEFAULTS',
    'DEFAULT_BOOT_SOURCE',
    'ENFORCE_PASSWORD_CHECK',
    'LAUNCH_INSTANCE_DEFAULTS',
    'OPENSTACK_HYPERVISOR_FEATURES',
    'OPENSTACK_IMAGE_FORMATS',
    'OPENSTACK_KEYSTONE_BACKEND',
    'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN',
]

This setting allows you to expose configuration values over Horizons internal REST API, so that the AngularJS panels can access them. Please be cautious about which values are listed here (and thus exposed on the frontend). For security purpose, this exposure of settings should be recognized explicitly by operator. So REST_API_REQUIRED_SETTINGS is not set by default. Please refer local_settings.py.example and confirm your local_settings.py.

SELECTABLE_THEMES¶

Added in version 12.0.0(Pike).

Default: AVAILABLE_THEMES

This setting tells Horizon which themes to expose to the user as selectable in the theme picker widget. This value defaults to all themes configured in AVAILABLE_THEMES, but a brander may wish to simply inherit from an existing theme and not allow that parent theme to be selected by the user. SELECTABLE_THEMES takes the exact same format as AVAILABLE_THEMES.

SESSION_REFRESH¶

Added in version 15.0.0(Stein).

Default: True

Control whether the SESSION_TIMEOUT period is refreshed due to activity. If False, SESSION_TIMEOUT acts as a hard limit.

SESSION_TIMEOUT¶

Added in version 2013.2(Havana).

Default: "3600"

This SESSION_TIMEOUT is a method to supercede the token timeout with a shorter horizon session timeout (in seconds). If SESSION_REFRESH is True (the default) SESSION_TIMEOUT acts like an idle timeout rather than being a hard limit, but will never exceed the token expiry. If your token expires in 60 minutes, a value of 1800 will log users out after 30 minutes of inactivity, or 60 minutes with activity. Setting SESSION_REFRESH to False will make SESSION_TIMEOUT act like a hard limit on session times.

MEMOIZED_MAX_SIZE_DEFAULT¶

Added in version 15.0.0(Stein).

Default: "25"

MEMOIZED_MAX_SIZE_DEFAULT allows setting a global default to help control memory usage when caching. It should at least be 2 x the number of threads with a little bit of extra buffer.

SHOW_OPENRC_FILE¶

Added in version 15.0.0(Stein).

Default: True

Controls whether the keystone openrc file is accesible from the user menu and the api access panel.

参见

OPENRC_CUSTOM_TEMPLATE to provide a custom openrc.

SHOW_OPENSTACK_CLOUDS_YAML¶

Added in version 15.0.0(Stein).

Default: True

Controls whether clouds.yaml is accesible from the user menu and the api access panel.

参见

OPENSTACK_CLOUDS_YAML_CUSTOM_TEMPLATE to provide a custom clouds.yaml.

SIMULTANEOUS_SESSIONS¶

Added in version 21.1.0(Yoga).

Default: allow

Controls whether a user can have multiple simultaneous sessions. Valid values are allow and disconnect.

The value allow enables more than one simultaneous sessions for a user. The Value disconnect disables more than one simultaneous sessions for a user. Only one active session is allowed. The newer session will be considered as the valid one and any existing session will be disconnected after a subsequent successful login.

THEME_COLLECTION_DIR¶

Added in version 9.0.0(Mitaka).

Default: "themes"

This setting tells Horizon which static directory to collect the available themes into, and therefore which URL points to the theme collection root. For example, the default theme would be accessible via /{{ STATIC_URL }}/themes/default.

USER_MENU_LINKS¶

Added in version 13.0.0(Queens).

Default up to Caracal (2024.1)

[
  {'name': _('OpenStack RC File'),
   'icon_classes': ['fa-download', ],
   'url': 'horizon:project:api_access:openrc',
   'external': False,
   }
]

默认值

[
  {'name': _('OpenStack RC File'),
   'icon_classes': ['fa-download', ],
   'url': 'horizon:project:api_access:openrc',
   'external': False,
   },
  {'name': _('OpenStack clouds.yaml File'),
   'icon_classes': ['fa-download', ],
   'url': 'horizon:project:api_access:clouds.yaml',
   'external': False,
  }
]

This setting controls the additional links on the user drop down menu. A list of dictionaries defining all of the links should be provided. This defaults to the standard OpenStack RC files.

Each dictionary should contain these values

name: The name of the link
url: Either the reversible Django url name or an absolute url
external: True for absolute URLs, False for django urls.
icon_classes: A list of classes for the icon next to the link. If ‘None’ or an empty list is provided a download icon will show

WEBROOT¶

Added in version 2015.1(Kilo).

Default: "/"

Specifies the location where the access to the dashboard is configured in the web server.

For example, if you’re accessing the Dashboard via https://<your server>/dashboard, you would set this to "/dashboard/".

注意

Additional settings may be required in the config files of your webserver of choice. For example to make "/dashboard/" the web root in Apache, the "sites-available/horizon.conf" requires a couple of additional aliases set

Alias /dashboard/static %HORIZON_DIR%/static

Alias /dashboard/media %HORIZON_DIR%/openstack_dashboard/static

Apache also requires changing your WSGIScriptAlias to reflect the desired path. For example, you’d replace / with /dashboard for the alias.

Service-specific Settings¶

The following settings inform the OpenStack Dashboard of information about the other OpenStack projects which are part of this cloud and control the behavior of specific dashboards, panels, API calls, etc.

Cinder¶

OPENSTACK_CINDER_FEATURES¶

Added in version 2014.2(Juno).

Default: {'enable_backup': False}

A dictionary of settings which can be used to enable optional services provided by cinder. Currently only the backup service is available.

Glance¶

CREATE_IMAGE_DEFAULTS¶

Added in version 12.0.0(Pike).

默认值

{
    'image_visibility': "public",
}

A dictionary of default settings for create image modal.

The image_visibility setting specifies the default visibility option. Valid values are "public" and "private". By default, the visibility option is public on create image modal. If it’s set to "private", the default visibility option is private.

HORIZON_IMAGES_UPLOAD_MODE¶

Added in version 10.0.0(Newton).

Default: "legacy"

Valid values are "direct", "legacy" (default) and "off". "off" disables the ability to upload images via Horizon. legacy enables local file upload by piping the image file through the Horizon’s web-server. direct sends the image file directly from the web browser to Glance. This bypasses Horizon web-server which both reduces network hops and prevents filling up Horizon web-server’s filesystem. direct is the preferred mode, but due to the following requirements it is not the default. The direct setting requires a modern web browser, network access from the browser to the public Glance endpoint, and CORS support to be enabled on the Glance API service. Without CORS support, the browser will forbid the PUT request to a location different than the Horizon server. To enable CORS support for Glance API service, you will need to edit [cors] section of glance-api.conf file (see here how to do it). Set allowed_origin to the full hostname of Horizon web-server (e.g. http://<HOST_IP>/dashboard) and restart glance-api process.

IMAGE_CUSTOM_PROPERTY_TITLES¶

Added in version 2014.1(Icehouse).

默认值

{
    "architecture": _("Architecture"),
    "kernel_id": _("Kernel ID"),
    "ramdisk_id": _("Ramdisk ID"),
    "image_state": _("Euca2ools state"),
    "project_id": _("Project ID"),
    "image_type": _("Image Type")
}

Used to customize the titles for image custom property attributes that appear on image detail pages.

IMAGE_RESERVED_CUSTOM_PROPERTIES¶

Added in version 2014.2(Juno).

Default: []

A list of image custom property keys that should not be displayed in the Update Metadata tree.

This setting can be used in the case where a separate panel is used for managing a custom property or if a certain custom property should never be edited.

IMAGES_ALLOW_LOCATION¶

Added in version 10.0.0(Newton).

Default: False

If set to True, this setting allows users to specify an image location (URL) as the image source when creating or updating images. Depending on the Glance version, the ability to set an image location is controlled by policies and/or the Glance configuration. Therefore IMAGES_ALLOW_LOCATION should only be set to True if Glance is configured to allow specifying a location. This setting has no effect when the Keystone catalog doesn’t contain a Glance v2 endpoint.

IMAGES_LIST_FILTER_TENANTS¶

Added in version 2013.1(Grizzly).

Default: None

A list of dictionaries to add optional categories to the image fixed filters in the Images panel, based on project ownership.

Each dictionary should contain a tenant attribute with the project id, and optionally a text attribute specifying the category name, and an icon attribute that displays an icon in the filter button. The icon names are based on the default icon theme provided by Bootstrap.

示例

[{'text': 'Official',
  'tenant': '27d0058849da47c896d205e2fc25a5e8',
  'icon': 'fa-check'}]

OPENSTACK_IMAGE_BACKEND¶

Added in version 2013.2(Havana).

默认值

{
    'image_formats': [
        ('', _('Select format')),
        ('aki', _('AKI - Amazon Kernel Image')),
        ('ami', _('AMI - Amazon Machine Image')),
        ('ari', _('ARI - Amazon Ramdisk Image')),
        ('docker', _('Docker')),
        ('iso', _('ISO - Optical Disk Image')),
        ('qcow2', _('QCOW2 - QEMU Emulator')),
        ('raw', _('Raw')),
        ('vdi', _('VDI')),
        ('vhd', _('VHD')),
        ('vmdk', _('VMDK'))
    ]
}

Used to customize features related to the image service, such as the list of supported image formats.

Keystone¶

ALLOW_USERS_CHANGE_EXPIRED_PASSWORD¶

Added in version 16.0.0(Train).

Default: True

When enabled, this setting lets users change their password after it has expired or when it is required to be changed on first use. Disabling it will force such users to either use the command line interface to change their password, or contact the system administrator.

AUTHENTICATION_PLUGINS¶

Added in version 2015.1(Kilo).

默认值

[
    'openstack_auth.plugin.password.PasswordPlugin',
    'openstack_auth.plugin.token.TokenPlugin'
]

A list of authentication plugins to be used. In most cases, there is no need to configure this.

If OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED is true, then this should look like this

[
    'openstack_auth.plugin.totp.TotpPlugin',
    'openstack_auth.plugin.password.PasswordPlugin',
    'openstack_auth.plugin.token.TokenPlugin'
]

AUTHENTICATION_URLS¶

Added in version 2015.1(Kilo).

Default: ['openstack_auth.urls']

A list of modules from which to collate authentication URLs from. The default option adds URLs from the django-openstack-auth module however others will be required for additional authentication mechanisms.

AVAILABLE_REGIONS¶

Added in version 2012.1(Essex).

Default: None

A list of tuples which define multiple regions. The tuple format is ('http://{{ keystone_host }}/identity/v3', '{{ region_name }}'). If any regions are specified the login form will have a dropdown selector for authenticating to the appropriate region, and there will be a region switcher dropdown in the site header when logged in.

You should also define OPENSTACK_KEYSTONE_URL to indicate which of the regions is the default one.

DEFAULT_SERVICE_REGIONS¶

Added in version 12.0.0(Pike).

Default: {}

The default service region is set on a per-endpoint basis, meaning that once the user logs into some Keystone endpoint, if a default service region is defined for it in this setting and exists within Keystone catalog, it will be set as the initial service region in this endpoint. By default it is an empty dictionary because upstream can neither predict service region names in a specific deployment, nor tell whether this behavior is desired. The key of the dictionary is a full url of a Keystone endpoint with version suffix, the value is a region name.

示例

DEFAULT_SERVICE_REGIONS = {
    OPENSTACK_KEYSTONE_URL: 'RegionOne'
}

As of Rocky you can optionally you can set '*' as the key, and if no matching endpoint is found this will be treated as a global default.

示例

DEFAULT_SERVICE_REGIONS = {
    '*': 'RegionOne',
    OPENSTACK_KEYSTONE_URL: 'RegionTwo'
}

ENABLE_CLIENT_TOKEN¶

Added in version 10.0.0(Newton).

Default: True

This setting will Enable/Disable access to the Keystone Token to the browser.

ENFORCE_PASSWORD_CHECK¶

Added in version 2015.1(Kilo).

Default: False

This setting will display an ‘Admin Password’ field on the Change Password form to verify that it is indeed the admin logged-in who wants to change the password.

KEYSTONE_PROVIDER_IDP_ID¶

Added in version 11.0.0(Ocata).

Default: "localkeystone"

This ID is only used for comparison with the service provider IDs. This ID should not match any service provider IDs.

KEYSTONE_PROVIDER_IDP_NAME¶

Added in version 11.0.0(Ocata).

Default: "Local Keystone"

The Keystone Provider drop down uses Keystone to Keystone federation to switch between Keystone service providers. This sets the display name for the Identity Provider (dropdown display name).

OPENSTACK_KEYSTONE_ADMIN_ROLES¶

Added in version 2015.1(Kilo).

Default: ["admin"]

The list of roles that have administrator privileges in this OpenStack installation. This check is very basic and essentially only works with keystone v3 with the default policy file. The setting assumes there is a common admin like role(s) across services. Example uses of this setting are

to rename the admin role to cloud-admin
allowing multiple roles to have administrative privileges, like ["admin", "cloud-admin", "net-op"]

OPENSTACK_KEYSTONE_BACKEND¶

Added in version 2012.1(Essex).

默认值

{
    'name': 'native',
    'can_edit_user': True,
    'can_edit_group': True,
    'can_edit_project': True,
    'can_edit_domain': True,
    'can_edit_role': True,
}

A dictionary containing settings which can be used to identify the capabilities of the auth backend for Keystone.

If Keystone has been configured to use LDAP as the auth backend then set can_edit_user and can_edit_project to False and name to "ldap".

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN¶

Added in version 2013.2(Havana).

Default: "Default"

Overrides the default domain used when running on single-domain model with Keystone V3. All entities will be created in the default domain.

OPENSTACK_KEYSTONE_DEFAULT_ROLE¶

Added in version 2011.3(Diablo).

Changed in version 21.0.0(Yoga).

Default: "member"

The default value is changed from _member_ to member to conform with what keystone-bootstrap creates.

The name of the role which will be assigned to a user when added to a project. This value must correspond to an existing role name in Keystone. In general, the value should match the member_role_name defined in keystone.conf.

OPENSTACK_KEYSTONE_DOMAIN_CHOICES¶

Added in version 12.0.0(Pike).

默认值

(
    ('Default', 'Default'),
)

If OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN is enabled, this option can be used to set the available domains to choose from. This is a list of pairs whose first value is the domain name and the second is the display name.

OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT¶

Added in version 9.0.0(Mitaka).

Default: False

Set this to True to enable panels that provide the ability for users to manage Identity Providers (IdPs) and establish a set of rules to map federation protocol attributes to Identity API attributes. This extension requires v3.0+ of the Identity API.

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT¶

Added in version 2013.2(Havana).

Default: False

Set this to True if running on multi-domain model. When this is enabled, it will require user to enter the Domain name in addition to username for login.

OPENSTACK_KEYSTONE_URL¶

Added in version 2011.3(Diablo).

Changed in version 17.1.0(Ussuri): The default value was changed to "http://%s/identity/v3" % OPENSTACK_HOST

参见

Horizon’s OPENSTACK_HOST documentation

Default: "http://%s/identity/v3" % OPENSTACK_HOST

The full URL for the Keystone endpoint used for authentication. Unless you are using HTTPS, running your Keystone server on a nonstandard port, or using a nonstandard URL scheme you shouldn’t need to touch this setting.

PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS¶

Added in version 12.0.0(Pike).

Default: -1

Password will have an expiration date when using keystone v3 and enabling the feature. This setting allows you to set the number of days that the user will be alerted prior to the password expiration. Once the password expires keystone will deny the access and users must contact an admin to change their password. Setting this value to N days means the user will be alerted when the password expires in less than N+1 days. -1 disables the feature.

PROJECT_TABLE_EXTRA_INFO¶

Added in version 10.0.0(Newton).

参见

USER_TABLE_EXTRA_INFO for the equivalent setting on the Users table

Default: {}

Adds additional information for projects as extra attributes. Projects can have extra attributes as defined by Keystone v3. This setting allows those attributes to be shown in Horizon.

例如

PROJECT_TABLE_EXTRA_INFO = {
    'phone_num': _('Phone Number'),
}

SECURE_PROXY_ADDR_HEADER¶

Default: False

If horizon is behind a proxy server and the proxy is configured, the IP address from request is passed using header variables inside the request. The header name depends on a proxy or a load-balancer. This setting specifies the name of the header with remote IP address. The main use is for authentication log (success or fail) displaying the IP address of the user. The commom value for this setting is HTTP_X_REAL_IP or HTTP_X_FORWARDED_FOR. If not present, then REMOTE_ADDR header is used. (REMOTE_ADDR is the field of Django HttpRequest object which contains IP address of the client.)

TOKEN_DELETION_DISABLED¶

Added in version 10.0.0(Newton).

Default: False

This setting allows deployers to control whether a token is deleted on log out. This can be helpful when there are often long running processes being run in the Horizon environment.

TOKEN_TIMEOUT_MARGIN¶

Default: 0

A time margin in seconds to subtract from the real token’s validity. An example use case is that the token can be valid once the middleware passed, and invalid (timed-out) during a view rendering and this generates authorization errors during the view rendering. By setting this value to a few seconds, you can avoid token expiration during a view rendering.

USER_TABLE_EXTRA_INFO¶

Added in version 10.0.0(Newton).

参见

PROJECT_TABLE_EXTRA_INFO for the equivalent setting on the Projects table

Default: {}

Adds additional information for users as extra attributes. Users can have extra attributes as defined by Keystone v3. This setting allows those attributes to be shown in Horizon.

例如

USER_TABLE_EXTRA_INFO = {
    'phone_num': _('Phone Number'),
}

WEBSSO_CHOICES¶

Added in version 2015.1(Kilo).

默认值

(
    ("credentials", _("Keystone Credentials")),
    ("oidc", _("OpenID Connect")),
    ("saml2", _("Security Assertion Markup Language"))
)

This is the list of authentication mechanisms available to the user. It includes Keystone federation protocols such as OpenID Connect and SAML, and also keys that map to specific identity provider and federation protocol combinations (as defined in WEBSSO_IDP_MAPPING). The list of choices is completely configurable, so as long as the id remains intact. Do not remove the credentials mechanism unless you are sure. Once removed, even admins will have no way to log into the system via the dashboard.

WEBSSO_ENABLED¶

Added in version 2015.1(Kilo).

Default: False

Enables keystone web single-sign-on if set to True. For this feature to work, make sure that you are using Keystone V3 and Django OpenStack Auth V1.2.0 or later.

WEBSSO_IDP_MAPPING¶

Added in version 8.0.0(Liberty).

Default: {}

A dictionary of specific identity provider and federation protocol combinations. From the selected authentication mechanism, the value will be looked up as keys in the dictionary. If a match is found, it will redirect the user to a identity provider and federation protocol specific WebSSO endpoint in keystone, otherwise it will use the value as the protocol_id when redirecting to the WebSSO by protocol endpoint.

示例

WEBSSO_CHOICES =  (
    ("credentials", _("Keystone Credentials")),
    ("oidc", _("OpenID Connect")),
    ("saml2", _("Security Assertion Markup Language")),
    ("acme_oidc", "ACME - OpenID Connect"),
    ("acme_saml2", "ACME - SAML2")
)

WEBSSO_IDP_MAPPING = {
    "acme_oidc": ("acme", "oidc"),
    "acme_saml2": ("acme", "saml2")
}

注意

The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>)

WEBSSO_INITIAL_CHOICE¶

Added in version 2015.1(Kilo).

Default: "credentials"

Specifies the default authentication mechanism. When user lands on the login page, this is the first choice they will see.

WEBSSO_DEFAULT_REDIRECT¶

Added in version 15.0.0(Stein).

Default: False

Allows to redirect on login to the IdP provider defined on PROTOCOL and REGION In cases you have a single IdP providing websso, in order to improve user experience, you can redirect on the login page to the IdP directly by specifying WEBSSO_DEFAULT_REDIRECT_PROTOCOL and WEBSSO_DEFAULT_REDIRECT_REGION variables.

WEBSSO_DEFAULT_REDIRECT_PROTOCOL¶

Added in version 15.0.0(Stein).

Default: None

Allows to specify the protocol for the IdP to contact if the WEBSSO_DEFAULT_REDIRECT is set to True

WEBSSO_DEFAULT_REDIRECT_REGION¶

Added in version 15.0.0(Stein).

Default: OPENSTACK_KEYSTONE_URL

Allows to specify thee region of the IdP to contact if the WEBSSO_DEFAULT_REDIRECT is set to True

WEBSSO_DEFAULT_REDIRECT_LOGOUT¶

Added in version 15.0.0(Stein).

Default: None

Allows to specify a callback to the IdP to cleanup the SSO resources. Once the user logs out it will redirect to the IdP log out method.

WEBSSO_KEYSTONE_URL¶

Added in version 15.0.0(Stein).

默认值：无

The full auth URL for the Keystone endpoint used for web single-sign-on authentication. Use this when OPENSTACK_KEYSTONE_URL is set to an internal Keystone endpoint and is not reachable from the external network where the identity provider lives. This URL will take precedence over OPENSTACK_KEYSTONE_URL if the login choice is an external identity provider (IdP).

WEBSSO_USE_HTTP_REFERER¶

Added in version 21.0.0(Yoga).

Default: True

For use in cases of web single-sign-on authentication when the control plane has no outbound connectivity to the external service endpoints. By default the HTTP_REFERER is used to derive the Keystone endpoint to pass requests to. As previous requests to an external IdP will be using Keystone’s external endpoint, this HTTP_REFERER will be Keystone’s external endpoint. When Horizon is unable to connect to Keystone’s external endpoint in this setup this leads to a time out. WEBSSO_USE_HTTP_REFERER can be set to False to use the OPENSTACK_KEYSTONE_URL instead, which should be set to an internal Keystone endpoint, so that this request will succeed.

Neutron¶

ALLOWED_PRIVATE_SUBNET_CIDR¶

Added in version 10.0.0(Newton).

默认值

{
    'ipv4': [],
    'ipv6': []
}

A dictionary used to restrict user private subnet CIDR range. An empty list means that user input will not be restricted for a corresponding IP version. By default, there is no restriction for both IPv4 and IPv6.

示例

{
    'ipv4': [
        '192.168.0.0/16',
        '10.0.0.0/8'
    ],
    'ipv6': [
        'fc00::/7',
    ]
}

OPENSTACK_NEUTRON_NETWORK¶

Added in version 2013.1(Grizzly).

默认值

{
    'default_dns_nameservers': [],
    'enable_auto_allocated_network': False,
    'enable_distributed_router': False,
    'enable_fip_topology_check': True,
    'enable_ha_router': False,
    'enable_ipv6': True,
    'enable_quotas': True,
    'enable_rbac_policy': True,
    'enable_router': True,
    'extra_provider_types': {},
    'physical_networks': [],
    'segmentation_id_range': {},
    'supported_provider_types': ["*"],
    'supported_vnic_types': ["*"],
    'show_agents_column': True,
}

A dictionary of settings which can be used to enable optional services provided by Neutron and configure Neutron specific features. The following options are available.

default_dns_nameservers¶

Added in version 10.0.0(Newton).

display_name: string displayed in the network creation form.
require_physical_network: a boolean parameter which indicates this network type requires a physical network.
require_segmentation_id: a boolean parameter which indicates this network type requires a segmentation ID. If True, a valid segmentation ID range must be configured in segmentation_id_range settings above.

示例

{
    'awesome': {
        'display_name': 'Awesome',
        'require_physical_network': False,
        'require_segmentation_id': True,
    },
}

physical_networks¶

Added in version 12.0.0(Pike).

Default: []

Default to an empty list and the physical network field on the admin create network modal will be a regular input field where users can type in the name of the physical network to be used. If it is set to a list of available physical networks, the physical network field will be shown as a dropdown menu where users can select a physical network to be used.

Example: ['default', 'test']

segmentation_id_range¶

Added in version 2014.2(Juno).

Default: {}

For use with the provider network extension. This is a dictionary where each key is a provider network type and each value is a list containing two numbers. The first number is the minimum segmentation ID that is valid. The second number is the maximum segmentation ID. Pertains only to the vlan, gre, and vxlan network types. By default this option is not provided and each minimum and maximum value will be the default for the provider network type.

示例

{
    'vlan': [1024, 2048],
    'gre': [4094, 65536]
}

supported_provider_types¶

Added in version 2014.2(Juno).

Default: ["*"]

供提供商网络扩展使用。使用此选项明确设置支持的网络类型。创建网络时，只能从列表中选择此处列出的网络类型。在此列表中可以指定在 Horizon 中定义或在 extra_provider_types 设置中定义的网络类型。截至 Newton 版本，Horizon 中定义了以下网络类型：Neutron ML2 插件与 Open vSwitch 驱动程序支持的网络类型（local、flat、vlan、gre、vxlan 和 geneve）以及 Midonet 插件支持的网络类型（midonet 和 uplink）。["*"] 表示 Neutron ML2 插件支持的所有提供商网络类型都将可用供选择。

示例： ['local', 'flat', 'gre']

supported_vnic_types¶

Added in version 2015.1(Kilo).

版本 12.0.0(Pike) 中已更改：添加了 virtio-forwarder VNIC 类型。为用户和操作员澄清了 VNIC 类型可用性。

默认 ['*']

供端口绑定扩展使用。使用此选项可以明确设置在创建或编辑端口时，用户可供选择的 VNIC 类型。实际支持的 VNIC 类型由资源可用性和 Neutron ML2 插件支持决定。当前，对于用户选择不兼容或不可用的 VNIC 类型，错误报告仅限于从调度程序收到一条消息，说明实例因资源不足而无法启动。VNIC 类型包括 normal、direct、direct-physical、macvtap、baremetal 和 virtio-forwarder。默认情况下，所有 VNIC 类型都可用供选择。

示例： ['normal', 'direct']

要禁用 VNIC 类型选择，请设置一个空列表（[]）或 None。

show_agents_column¶

版本 2024.1(Caracal) 中添加。

默认 True

决定是否在“管理员网络”面板上显示 DHCP 代理程序列。检索该列的数据需要时间，在大型部署中有大量网络的情况下，禁用此列可能有助于加快此视图的显示速度。

Nova¶

CREATE_INSTANCE_FLAVOR_SORT¶

Added in version 2013.2(Havana).

默认值

{
    'key': 'ram'
}

启动新实例时，默认的实例类型（flavor）将按 RAM 使用量升序排序。您可以通过 id、name、ram、disk 和 vCPUs 来自定义排序顺序。此外，您还可以插入任何自定义回调函数。您还可以提供一个反向排序标志。有关更多信息，请参阅 local_settings.py.example 中的说明。

此示例按 vCPUs 降序对实例类型进行排序。

CREATE_INSTANCE_FLAVOR_SORT = {
     'key':'vcpus',
     'reverse': True,
}

CONSOLE_TYPE¶

Added in version 2013.2(Havana).

版本 2014.2(Juno) 中已更改：添加了 None 选项，该选项将禁用浏览器内控制台。

版本 2015.1(Kilo) 中已更改：添加了 SERIAL 选项。

版本 2017.11(Queens) 中已更改：添加了 MKS 选项。

默认： "AUTO"

此设置指定用于访问虚拟机的浏览器内控制台的类型。有效值包括 "AUTO"、"VNC"、"SPICE"、"RDP"、"SERIAL"、"MKS" 和 None。

DEFAULT_BOOT_SOURCE¶

版本 18.1.0(Ussuri) 中添加。

默认： image

默认实例启动源。允许的值为：

image - 从镜像启动实例（默认选项）。
snapshot - 从实例快照启动实例。
volume - 从卷启动实例。
volume_snapshot - 从卷快照启动实例。

INSTANCE_LOG_LENGTH¶

Added in version 2015.1(Kilo).

默认： 35

此设置允许您更改实例日志显示的默认行数。有效值必须是正整数。

LAUNCH_INSTANCE_DEFAULTS¶

Added in version 9.0.0(Mitaka).

版本 10.0.0(Newton) 中已更改：添加了 disable_image、disable_instance_snapshot、disable_volume 和 disable_volume_snapshot 选项。

版本 12.0.0(Pike) 中已更改：添加了 create_volume 选项。

版本 15.0.0(Stein) 中已更改：添加了 hide_create_volume 选项。

版本 19.1.0(Wallaby) 中已更改：添加了 default_availability_zone 选项。

版本 23.0.0(Zed) 中已更改：添加了 enable_metadata、enable_net_ports 选项。

版本 2025.2(Flamingo) 中已更改：添加了 vol_delete_on_instance_delete 选项。

默认值

{
    "config_drive": False,
    "create_volume": True,
    "hide_create_volume": False,
    "disable_image": False,
    "disable_instance_snapshot": False,
    "disable_volume": False,
    "disable_volume_snapshot": False,
    "enable_scheduler_hints": True,
    "enable_metadata": True,
    "enable_net_ports": True,
    "default_availability_zone": "Any",
    "vol_delete_on_instance_delete": False
}

默认值

{
    'can_set_mount_point': False,
    'can_set_password': False,
    'requires_keypair': False,
    'enable_quotas': True
}

一个包含设置的字典，可用于识别 Nova 的虚拟机监控程序的功能。

Xen 虚拟机监控程序能够设置附加到实例的卷的挂载点（其他虚拟机监控程序目前不支持）。将 can_set_mount_point 设置为 True 将添加从 UI 设置挂载点的选项。

将 can_set_password 设置为 True 将启用在启动或重建实例时设置管理员密码的选项。

将 requires_keypair 设置为 True 将要求用户在启动实例时选择密钥对。

将 enable_quotas 设置为 False 将使 Horizon 将所有 Nova 配额视为禁用状态，因此它不会尝试修改它们。默认情况下，配额是启用的。

OPENSTACK_INSTANCE_RETRIEVE_IP_ADDRESSES¶

Added in version 13.0.0(Queens).

Default: True

此设置控制是否在项目实例表中从 neutron 检索服务器的 IP 地址。将其设置为 False 可能会缓解大型部署中项目实例表的性能问题。

如果您的部署不支持提供商网络场景等浮动 IP，在大多数情况下，您可以将其设置为 False。如果您的部署支持浮动 IP，请阅读下面的详细信息，并在设置为 False 之前了解其内部机制。

Nova 有一个缓存网络信息的机制，但在某些情况下速度不够快。例如，当用户关联浮动 IP 或更新服务器端口的 IP 地址时，它不会立即反映到 nova 网络信息缓存中。这意味着用户从 horizon 实例表执行的操作在操作后不会立即反映到表内容中。为了避免这种情况，horizon 在从 nova 检索服务器列表时会从 neutron 检索 IP 地址信息。

另一方面，此操作需要完整的 neutron 端口列表，并且可能导致大型部署的性能问题（bug 1722417）。通过跳过对 neutron 的 IP 地址查询可以避免此问题，将此设置为 False 即可实现。请注意，禁用对 neutron 的查询需要一段时间后关联的浮动 IP 才能在项目实例表中可见，并且用户可能需要刷新该表来查看它们。

OPENSTACK_USE_SIMPLE_TENANT_USAGE¶

版本 19.0.0(Wallaby) 中添加。

Default: True

此设置控制是否在用法概览中使用 SimpleTenantUsage nova API。根据向 horizon 团队反馈的信息，SimpleTenantUsage 的使用可能导致大型部署中的 nova API 性能问题。在此类情况下，尝试将其设置为 False。

Swift¶

SWIFT_FILE_TRANSFER_CHUNK_SIZE¶

Added in version 2015.1(Kilo).

默认： 512 * 1024

此设置指定从 Swift 下载对象的块大小（以字节为单位）。不要设置得太大（高于几十兆字节，具体数字取决于您的连接速度），否则可能会遇到套接字超时。默认值为 524288 字节（或 512 千字节）。

SWIFT_STORAGE_POLICY_DISPLAY_NAMES¶

注意

设置自定义密钥

您可以将其设置为特定值，也可以让 Horizon 生成一个唯一的默认密钥（与 Python WSGI 工作人员数量无关，如果使用 Apache+mod_wsgi）。但是，在某些情况下，您可能希望显式设置此值，例如，当多个仪表板实例分布在不同计算机上（通常位于负载均衡器后面）时。您必须确保一个会话的所有请求都路由到同一个仪表板实例，或者为所有实例设置相同的 SECRET_KEY。

from horizon.utils import secret_key

SECRET_KEY = secret_key.generate_or_read_from_file(
os.path.join(LOCAL_PATH, '.secret_key_store'))

local_settings.py.example 文件包含一种简单快捷的方法来为单个安装生成密钥。

STATIC_ROOT¶

Added in version 8.0.0(Liberty).

参见

Django 的 STATIC_ROOT 文档。

默认： <path_to_horizon>/static

运行 collectstatic 时，静态文件收集到的目录的绝对路径。

STATIC_URL¶

Added in version 8.0.0(Liberty).

参见

Django 的 STATIC_URL 文档。

默认： /static/

引用 STATIC_ROOT 中文件的 URL。

默认情况下，此值为 WEBROOT/static/。

此值可以从默认值更改。更改后，您的 Web 服务器配置中的别名应进行相应更新。

注意

STATIC_URL 的值必须以 ‘/’ 结尾。

在 scss 命名空间中，此值也可通过变量名 $static_url 访问。请确保在 settings.py 中对此值进行任何更改后，运行 python manage.py collectstatic 和 python manage.py compress。

TEMPLATES¶

Added in version 10.0.0(Newton).

参见

Django 的 TEMPLATES 文档。

Horizon 使用 TEMPLATES，涉及以下 3 个附加设置；通常建议在尝试修改 TEMPLATES 设置本身之前，先使用这些设置。

ADD_TEMPLATE_DIRS¶

Added in version 15.0.0(Stein).

此处定义的模板目录将添加到 Django TEMPLATES 设置的 DIRS 选项中。当您想加载特定于部署的模板时，这将非常有用。

ADD_TEMPLATE_LOADERS¶

Added in version 10.0.0(Newton).

此处定义的模板加载器将在 TEMPLATE_LOADERS 的末尾加载，在 CACHED_TEMPLATE_LOADERS 之后加载，并且永远不会有缓存的输出。

CACHED_TEMPLATE_LOADERS¶

Added in version 10.0.0(Newton).

如果 DEBUG 设置为 False，此处定义的模板加载器将缓存其输出。

TEMPLATE_LOADERS¶

Added in version 10.0.0(Newton).

这些模板加载器将是第一个加载器，并在 CACHED_TEMPLATE_LOADERS 之前加载。如果您想在末尾添加加载器而不缓存已加载的模板，请使用 ADD_TEMPLATE_LOADERS。在整个设置过程完成后，TEMPLATE_LOADERS 将是：

TEMPLATE_LOADERS += (
    ('django.template.loaders.cached.Loader', CACHED_TEMPLATE_LOADERS),
) + tuple(ADD_TEMPLATE_LOADERS)

使用 KUBECONFIG_ENABLED 来启用 kubeconfig 文件生成。

SYSTEM_SCOPE_SERVICES¶

Added in version 21.1.0(Yoga).

Default: []

应使用系统范围令牌的服务名称列表。如果为空，则系统范围将从上下文切换菜单中移除。如果不为空，上下文切换菜单将显示“系统范围”选项，并且列出的服务的管理员面板将移至该上下文，不再显示在项目上下文中。

设置参考

Settings Reference¶

介绍¶

General Settings¶

ANGULAR_FEATURES¶

API_RESULT_LIMIT¶

API_RESULT_PAGE_SIZE¶

AVAILABLE_THEMES¶

DEFAULT_POLICY_FILES¶

DEFAULT_THEME¶

DISALLOW_IFRAME_EMBED¶

DROPDOWN_MAX_ITEMS¶

FILTER_DATA_FIRST¶

HORIZON_CONFIG¶

ajax_poll_interval¶

ajax_queue_limit¶

angular_modules¶

auto_fade_alerts¶

bug_url¶

disable_password_reveal¶

exceptions¶

help_url¶

js_files¶

js_spec_files¶

modal_backdrop¶

password_autocomplete¶

password_validator¶

user_home¶

LANGUAGE¶

MESSAGES_PATH¶

NG_TEMPLATE_CACHE_AGE¶

OPENSTACK_API_VERSIONS¶

OPENSTACK_CLOUDS_YAML_CUSTOM_TEMPLATE¶

OPENSTACK_CLOUDS_YAML_NAME¶

OPENSTACK_CLOUDS_YAML_PROFILE¶

OPENSTACK_ENDPOINT_TYPE¶

OPENSTACK_KEYSTONE_ENDPOINT_TYPE¶

OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED¶

OPENSTACK_HOST¶

OPENRC_CUSTOM_TEMPLATE¶

OPENSTACK_PROFILER¶

OPENSTACK_SSL_CACERT¶

OPENSTACK_SSL_NO_VERIFY¶

OPERATION_LOG_ENABLED¶

OPERATION_LOG_OPTIONS¶

OVERVIEW_DAYS_RANGE¶

POLICY_CHECK_FUNCTION¶

POLICY_DIRS¶

POLICY_FILES¶

POLICY_FILES_PATH¶

REST_API_REQUIRED_SETTINGS¶

SELECTABLE_THEMES¶

SESSION_REFRESH¶

SESSION_TIMEOUT¶

MEMOIZED_MAX_SIZE_DEFAULT¶

SHOW_OPENRC_FILE¶

SHOW_OPENSTACK_CLOUDS_YAML¶

SIMULTANEOUS_SESSIONS¶

THEME_COLLECTION_DIR¶

THEME_COOKIE_NAME¶

USER_MENU_LINKS¶

WEBROOT¶

Service-specific Settings¶

Cinder¶

OPENSTACK_CINDER_FEATURES¶

Glance¶

CREATE_IMAGE_DEFAULTS¶

HORIZON_IMAGES_UPLOAD_MODE¶

IMAGE_CUSTOM_PROPERTY_TITLES¶

IMAGE_RESERVED_CUSTOM_PROPERTIES¶

IMAGES_ALLOW_LOCATION¶

IMAGES_LIST_FILTER_TENANTS¶

OPENSTACK_IMAGE_BACKEND¶

Keystone¶

ALLOW_USERS_CHANGE_EXPIRED_PASSWORD¶

AUTHENTICATION_PLUGINS¶

AUTHENTICATION_URLS¶

AVAILABLE_REGIONS¶

DEFAULT_SERVICE_REGIONS¶

ENABLE_CLIENT_TOKEN¶