from coldfront.config.base import INSTALLED_APPS, MIDDLEWARE, AUTHENTICATION_BACKENDS
from coldfront.config.env import ENV
#------------------------------------------------------------------------------
# Enable OpenID Connect Authentication Backend
#------------------------------------------------------------------------------
INSTALLED_APPS += [
'mozilla_django_oidc',
]
if ENV.bool('PLUGIN_MOKEY', default=False):
#------------------------------------------------------------------------------
# Enable Mokey/Hydra OpenID Connect Authentication Backend
#------------------------------------------------------------------------------
INSTALLED_APPS += [
'coldfront.plugins.mokey_oidc',
]
AUTHENTICATION_BACKENDS += [
'coldfront.plugins.mokey_oidc.auth.OIDCMokeyAuthenticationBackend',
]
else:
AUTHENTICATION_BACKENDS += [
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
]
MIDDLEWARE += [
'mozilla_django_oidc.middleware.SessionRefresh',
]
OIDC_OP_JWKS_ENDPOINT = ENV.str('OIDC_OP_JWKS_ENDPOINT')
# Database settings #------------------------------------------------------------------------------ # Set this using the DB_URL env variable. Defaults to sqlite. # # Examples: # # MariaDB: # DB_URL=mysql://user:[email protected]:3306/database # # Postgresql: # DB_URL=psql://user:[email protected]:5432/database #------------------------------------------------------------------------------ DATABASES = { 'default': ENV.db_url(var='DB_URL', default='sqlite:///' + os.path.join(os.getcwd(), 'coldfront.db')) } #------------------------------------------------------------------------------ # Custom Database settings #------------------------------------------------------------------------------ # You can also override this manually in local_settings.py, for example: # # NOTE: For mysql you need to: pip install mysqlclient # # DATABASES = { # 'default': { # 'ENGINE': 'django.db.backends.mysql', # 'NAME': 'coldfront', # 'USER': '',
"""
Base Django settings for ColdFront project.
"""
import os
import coldfront
from django.core.exceptions import ImproperlyConfigured
from django.core.management.utils import get_random_secret_key
from coldfront.config.env import ENV, PROJECT_ROOT
#------------------------------------------------------------------------------
# Base Django config for ColdFront
#------------------------------------------------------------------------------
VERSION = coldfront.VERSION
BASE_DIR = PROJECT_ROOT()
ALLOWED_HOSTS = ENV.list('ALLOWED_HOSTS', default=['*'])
DEBUG = ENV.bool('DEBUG', default=False)
WSGI_APPLICATION = 'coldfront.config.wsgi.application'
ROOT_URLCONF = 'coldfront.config.urls'
SECRET_KEY = ENV.str('SECRET_KEY', default='')
if len(SECRET_KEY) == 0:
SECRET_KEY = get_random_secret_key()
#------------------------------------------------------------------------------
# Locale settings
#------------------------------------------------------------------------------
LANGUAGE_CODE = ENV.str('LANGUAGE_CODE', default='en-us')
TIME_ZONE = ENV.str('TIME_ZONE', default='America/New_York')
USE_I18N = True
USE_L10N = True
USE_TZ = True
from coldfront.config.base import SETTINGS_EXPORT
from coldfront.config.env import ENV
#------------------------------------------------------------------------------
# Advanced ColdFront configurations
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# General Center Information
#------------------------------------------------------------------------------
CENTER_NAME = ENV.str('CENTER_NAME', default='HPC Resources')
CENTER_HELP_URL = ENV.str('CENTER_HELP_URL', default='')
CENTER_PROJECT_RENEWAL_HELP_URL = ENV.str('CENTER_PROJECT_RENEWAL_HELP_URL',
default='')
CENTER_BASE_URL = ENV.str('CENTER_BASE_URL', default='')
#------------------------------------------------------------------------------
# Enable Project Review
#------------------------------------------------------------------------------
PROJECT_ENABLE_PROJECT_REVIEW = ENV.bool('PROJECT_ENABLE_PROJECT_REVIEW',
default=True)
#------------------------------------------------------------------------------
# Allocation related
#------------------------------------------------------------------------------
ALLOCATION_ENABLE_CHANGE_REQUESTS_BY_DEFAULT = ENV.bool(
'ALLOCATION_ENABLE_CHANGE_REQUESTS', default=True)
ALLOCATION_CHANGE_REQUEST_EXTENSION_DAYS = ENV.list(
'ALLOCATION_CHANGE_REQUEST_EXTENSION_DAYS', cast=int, default=[30, 60, 90])
ALLOCATION_ENABLE_ALLOCATION_RENEWAL = ENV.bool(
'ALLOCATION_ENABLE_ALLOCATION_RENEWAL', default=True)
#------------------------------------------------------------------------------
# ColdFront default authentication settings
#------------------------------------------------------------------------------
AUTHENTICATION_BACKENDS += [
'django.contrib.auth.backends.ModelBackend',
]
LOGIN_URL = '/user/login'
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'
SU_LOGIN_CALLBACK = "coldfront.core.utils.common.su_login_callback"
SU_LOGOUT_REDIRECT_URL = "/admin/auth/user/"
SESSION_COOKIE_AGE = 60 * 15
SESSION_SAVE_EVERY_REQUEST = True
SESSION_COOKIE_SAMESITE = 'Strict'
SESSION_COOKIE_SECURE = True
#------------------------------------------------------------------------------
# Enable administrators to login as other users
#------------------------------------------------------------------------------
if ENV.bool('ENABLE_SU', default=True):
AUTHENTICATION_BACKENDS += [
'django_su.backends.SuBackend',
]
INSTALLED_APPS.insert(0, 'django_su')
TEMPLATES[0]['OPTIONS']['context_processors'].extend([
'django_su.context_processors.is_su',
])
from coldfront.config.env import ENV
from django.core.exceptions import ImproperlyConfigured
try:
import ldap
except ImportError:
raise ImproperlyConfigured('Please run: pip install ldap3')
#------------------------------------------------------------------------------
# This enables searching for users via LDAP
#------------------------------------------------------------------------------
LDAP_USER_SEARCH_SERVER_URI = ENV.str('LDAP_USER_SEARCH_SERVER_URI')
LDAP_USER_SEARCH_BASE = ENV.str('LDAP_USER_SEARCH_BASE')
LDAP_USER_SEARCH_BIND_DN = ENV.str('LDAP_USER_SEARCH_BIND_DN')
LDAP_USER_SEARCH_BIND_PASSWORD = ENV.str('LDAP_USER_SEARCH_BIND_PASSWORD')
LDAP_USER_SEARCH_CONNECT_TIMEOUT = ENV.float('LDAP_USER_SEARCH_CONNECT_TIMEOUT', default=2.5)
LDAP_USER_SEARCH_USE_SSL = ENV.bool('LDAP_USER_SEARCH_USE_SSL', default=True)
ADDITIONAL_USER_SEARCH_CLASSES = ['coldfront.plugins.ldap_user_search.utils.LDAPUserSearch',]
from coldfront.config.base import INSTALLED_APPS
from coldfront.config.env import ENV
INSTALLED_APPS += [
'coldfront.plugins.iquota',
]
IQUOTA_KEYTAB = ENV.str('IQUOTA_KEYTAB')
IQUOTA_CA_CERT = ENV.str('IQUOTA_CA_CERT')
IQUOTA_API_HOST = ENV.str('IQUOTA_API_HOST')
IQUOTA_API_PORT = ENV.str('IQUOTA_API_PORT', default='8080')
from coldfront.config.base import SETTINGS_EXPORT
from coldfront.config.env import ENV
#------------------------------------------------------------------------------
# Advanced ColdFront configurations
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# General Center Information
#------------------------------------------------------------------------------
CENTER_NAME = ENV.str('CENTER_NAME', default='HPC Resources')
CENTER_HELP_URL = ENV.str('CENTER_HELP_URL', default='')
CENTER_PROJECT_RENEWAL_HELP_URL = ENV.str('CENTER_PROJECT_RENEWAL_HELP_URL', default='')
CENTER_BASE_URL = ENV.str('CENTER_BASE_URL', default='')
#------------------------------------------------------------------------------
# Enable Project Review
#------------------------------------------------------------------------------
PROJECT_ENABLE_PROJECT_REVIEW = ENV.bool('PROJECT_ENABLE_PROJECT_REVIEW', default=True)
#------------------------------------------------------------------------------
# Allocation related
#------------------------------------------------------------------------------
ALLOCATION_ENABLE_ALLOCATION_RENEWAL = ENV.bool('ALLOCATION_ENABLE_ALLOCATION_RENEWAL', default=True)
ALLOCATION_FUNCS_ON_EXPIRE = ['coldfront.core.allocation.utils.test_allocation_function', ]
# This is in days
ALLOCATION_DEFAULT_ALLOCATION_LENGTH = ENV.int('ALLOCATION_DEFAULT_ALLOCATION_LENGTH', default=365)
#------------------------------------------------------------------------------
from coldfront.config.env import ENV
#------------------------------------------------------------------------------
# Email/Notification settings
#------------------------------------------------------------------------------
EMAIL_ENABLED = ENV.bool('EMAIL_ENABLED', default=False)
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = ENV.str('EMAIL_HOST', default='localhost')
EMAIL_PORT = ENV.int('EMAIL_PORT', default=25)
EMAIL_HOST_USER = ENV.str('EMAIL_HOST_USER', default='')
EMAIL_HOST_PASSWORD = ENV.str('EMAIL_HOST_PASSWORD', default='')
EMAIL_USE_TLS = ENV.bool('EMAIL_USE_TLS', default=False)
EMAIL_TIMEOUT = ENV.int('EMAIL_TIMEOUT', default=3)
EMAIL_SUBJECT_PREFIX = ENV.str('EMAIL_SUBJECT_PREFIX', default='[ColdFront]')
EMAIL_ADMIN_LIST = ENV.list('EMAIL_ADMIN_LIST')
EMAIL_SENDER = ENV.str('EMAIL_SENDER')
EMAIL_TICKET_SYSTEM_ADDRESS = ENV.str('EMAIL_TICKET_SYSTEM_ADDRESS')
EMAIL_DIRECTOR_EMAIL_ADDRESS = ENV.str('EMAIL_DIRECTOR_EMAIL_ADDRESS')
EMAIL_PROJECT_REVIEW_CONTACT = ENV.str('EMAIL_PROJECT_REVIEW_CONTACT')
EMAIL_DEVELOPMENT_EMAIL_LIST = ENV.list('EMAIL_DEVELOPMENT_EMAIL_LIST')
EMAIL_OPT_OUT_INSTRUCTION_URL = ENV.str('EMAIL_OPT_OUT_INSTRUCTION_URL',
default='')
EMAIL_ALLOCATION_EXPIRING_NOTIFICATION_DAYS = ENV.list(
'EMAIL_ALLOCATION_EXPIRING_NOTIFICATION_DAYS',
cast=int,
default=[7, 14, 30])
EMAIL_SIGNATURE = ENV.str('EMAIL_SIGNATURE', default='', multiline=True)
from coldfront.config.base import AUTHENTICATION_BACKENDS
from coldfront.config.env import ENV
from django.core.exceptions import ImproperlyConfigured
try:
import ldap
from django_auth_ldap.config import GroupOfNamesType, LDAPSearch
except ImportError:
raise ImproperlyConfigured(
'Please run: pip install ldap3 django_auth_ldap')
#------------------------------------------------------------------------------
# LDAP user authentication using django-auth-ldap. This will enable LDAP
# user/password logins. You can also override this in local_settings.py
#------------------------------------------------------------------------------
AUTH_LDAP_SERVER_URI = ENV.str('AUTH_LDAP_SERVER_URI')
AUTH_LDAP_USER_SEARCH_BASE = ENV.str('AUTH_LDAP_USER_SEARCH_BASE')
AUTH_LDAP_START_TLS = ENV.bool('AUTH_LDAP_START_TLS', default=True)
AUTH_LDAP_BIND_DN = ENV.str('AUTH_LDAP_BIND_DN', default='')
AUTH_LDAP_BIND_PASSWORD = ENV.str('AUTH_LDAP_BIND_PASSWORD', default='')
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = ENV.bool(
'AUTH_LDAP_BIND_AS_AUTHENTICATING_USER', default=False)
AUTH_LDAP_MIRROR_GROUPS = ENV.bool('AUTH_LDAP_MIRROR_GROUPS', default=True)
AUTH_LDAP_GROUP_SEARCH_BASE = ENV.str('AUTH_LDAP_GROUP_SEARCH_BASE')
AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASE,
ldap.SCOPE_ONELEVEL, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASE,
ldap.SCOPE_ONELEVEL,
'(objectClass=groupOfNames)')
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_USER_ATTR_MAP = ENV.dict('AUTH_LDAP_USER_ATTR_MAP',
from coldfront.config.base import INSTALLED_APPS
from coldfront.config.env import ENV
#------------------------------------------------------------------------------
# Enable XDMoD support
#------------------------------------------------------------------------------
INSTALLED_APPS += [
'coldfront.plugins.xdmod',
]
XDMOD_API_URL = ENV.str('XDMOD_API_URL')
from coldfront.config.env import ENV
from coldfront.config.base import INSTALLED_APPS, AUTHENTICATION_BACKENDS, TEMPLATES
#------------------------------------------------------------------------------
# ColdFront default authentication settings
#------------------------------------------------------------------------------
AUTHENTICATION_BACKENDS += [
'django.contrib.auth.backends.ModelBackend',
]
LOGIN_URL = '/user/login'
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = ENV.str('LOGOUT_REDIRECT_URL', LOGIN_URL)
SU_LOGIN_CALLBACK = "coldfront.core.utils.common.su_login_callback"
SU_LOGOUT_REDIRECT_URL = "/admin/auth/user/"
SESSION_COOKIE_AGE = 60 * 15
SESSION_SAVE_EVERY_REQUEST = True
SESSION_COOKIE_SAMESITE = 'Strict'
SESSION_COOKIE_SECURE = True
#------------------------------------------------------------------------------
# Enable administrators to login as other users
#------------------------------------------------------------------------------
if ENV.bool('ENABLE_SU', default=True):
AUTHENTICATION_BACKENDS += [
'django_su.backends.SuBackend',
]
INSTALLED_APPS.insert(0, 'django_su')
TEMPLATES[0]['OPTIONS']['context_processors'].extend([
from coldfront.config.auth import AUTHENTICATION_BACKENDS
from coldfront.config.env import ENV
from django.core.exceptions import ImproperlyConfigured
try:
import ldap
from django_auth_ldap.config import GroupOfNamesType, LDAPSearch
except ImportError:
raise ImproperlyConfigured(
'Please run: pip install ldap3 django_auth_ldap')
#------------------------------------------------------------------------------
# LDAP user authentication using django-auth-ldap. This will enable LDAP
# user/password logins. You can also override this in local_settings.py
#------------------------------------------------------------------------------
AUTH_LDAP_SERVER_URI = ENV.str('AUTH_LDAP_SERVER_URI')
AUTH_LDAP_USER_SEARCH_BASE = ENV.str('AUTH_LDAP_USER_SEARCH_BASE')
AUTH_LDAP_START_TLS = ENV.bool('AUTH_LDAP_START_TLS', default=True)
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
AUTH_LDAP_MIRROR_GROUPS = ENV.bool('AUTH_LDAP_MIRROR_GROUPS', default=True)
AUTH_LDAP_GROUP_SEARCH_BASE = ENV.str('AUTH_LDAP_GROUP_SEARCH_BASE')
AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASE,
ldap.SCOPE_ONELEVEL, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASE,
ldap.SCOPE_ONELEVEL,
'(objectClass=groupOfNames)')
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_USER_ATTR_MAP = ENV.dict('AUTH_LDAP_USER_ATTR_MAP',
default={
'username': '******',
'first_name': 'givenName',
from coldfront.config.env import ENV
from django.core.exceptions import ImproperlyConfigured
try:
import ldap
except ImportError:
raise ImproperlyConfigured('Please run: pip install ldap3')
#------------------------------------------------------------------------------
# This enables searching for users via LDAP
#------------------------------------------------------------------------------
LDAP_USER_SEARCH_SERVER_URI = ENV.str('LDAP_USER_SEARCH_SERVER_URI')
LDAP_USER_SEARCH_BASE = ENV.str('LDAP_USER_SEARCH_BASE')
LDAP_USER_SEARCH_BIND_DN = ENV.str('LDAP_USER_SEARCH_BIND_DN')
LDAP_USER_SEARCH_BIND_PASSWORD = ENV.str('LDAP_USER_SEARCH_BIND_PASSWORD')
ADDITIONAL_USER_SEARCH_CLASSES = [
'coldfront.plugins.ldap_user_search.utils.LDAPUserSearch',
]
from coldfront.config.base import INSTALLED_APPS
from coldfront.config.env import ENV
INSTALLED_APPS += [
'coldfront.plugins.slurm',
]
SLURM_SACCTMGR_PATH = ENV.str('SLURM_SACCTMGR_PATH',
default='/usr/bin/sacctmgr')
SLURM_NOOP = ENV.str('SLURM_NOOP', False)
SLURM_IGNORE_USERS = ENV.list('SLURM_IGNORE_USERS', default=['root'])
SLURM_IGNORE_ACCOUNTS = ENV.list('SLURM_IGNORE_ACCOUNTS', default=[])
import os
from split_settings.tools import optional, include
from coldfront.config.env import ENV, PROJECT_ROOT
# ColdFront split settings
coldfront_configs = [
'base.py',
'database.py',
'auth.py',
'logging.py',
'core.py',
]
if ENV.bool('EMAIL_ENABLED', default=False):
coldfront_configs.append('email.py')
# ColdFront plugin settings
plugin_configs = {
'PLUGIN_SLURM': 'plugins/slurm.py',
'PLUGIN_IQUOTA': 'plugins/iquota.py',
'PLUGIN_FREEIPA': 'plugins/freeipa.py',
'PLUGIN_SYSMON': 'plugins/system_montior.py',
'PLUGIN_XDMOD': 'plugins/xdmod.py',
'PLUGIN_AUTH_OIDC': 'plugins/openid.py',
'PLUGIN_AUTH_LDAP': 'plugins/ldap.py',
'PLUGIN_LDAP_USER_SEARCH': 'plugins/ldap_user_search.py',
}
# This allows plugins to be enabled via environment variables. Can alternatively
# add the relevant configs to local_settings.py
for key, pc in plugin_configs.items():
from coldfront.config.base import INSTALLED_APPS
from coldfront.config.env import ENV
INSTALLED_APPS += ['coldfront.plugins.system_monitor']
SYSTEM_MONITOR_PANEL_TITLE = ENV.str('SYSMON_TITLE',
default='HPC Cluster Status')
SYSTEM_MONITOR_ENDPOINT = ENV.str('SYSMON_ENDPOINT')
SYSTEM_MONITOR_DISPLAY_MORE_STATUS_INFO_LINK = ENV.str('SYSMON_LINK')
SYSTEM_MONITOR_DISPLAY_XDMOD_LINK = ENV.str('SYSMON_XDMOD_LINK')
