from coldfront.config.env import ENV
from django.core.exceptions import ImproperlyConfigured
try:
import ldap
except ImportError:
raise ImproperlyConfigured('Please run: pip install ldap3')
#------------------------------------------------------------------------------
# This enables searching for users via LDAP
#------------------------------------------------------------------------------
LDAP_USER_SEARCH_SERVER_URI = ENV.str('LDAP_USER_SEARCH_SERVER_URI')
LDAP_USER_SEARCH_BASE = ENV.str('LDAP_USER_SEARCH_BASE')
LDAP_USER_SEARCH_BIND_DN = ENV.str('LDAP_USER_SEARCH_BIND_DN')
LDAP_USER_SEARCH_BIND_PASSWORD = ENV.str('LDAP_USER_SEARCH_BIND_PASSWORD')
ADDITIONAL_USER_SEARCH_CLASSES = [
'coldfront.plugins.ldap_user_search.utils.LDAPUserSearch',
]
'PLUGIN_AUTH_LDAP': 'plugins/ldap.py',
'PLUGIN_LDAP_USER_SEARCH': 'plugins/ldap_user_search.py',
}
# This allows plugins to be enabled via environment variables. Can alternatively
# add the relevant configs to local_settings.py
for key, pc in plugin_configs.items():
if ENV.bool(key, default=False):
coldfront_configs.append(pc)
# Local settings overrides
local_configs = [
# Local settings relative to coldfront.config package
'local_settings.py',
# System wide settings for production deployments
'/etc/coldfront/local_settings.py',
# Local settings relative to coldfront project root
PROJECT_ROOT('local_settings.py')
]
if ENV.str('COLDFRONT_CONFIG', default='') != '':
# Local settings from path specified via environment variable
local_configs.append(environ.Path(ENV.str('COLDFRONT_CONFIG'))())
for lc in local_configs:
coldfront_configs.append(optional(lc))
include(*coldfront_configs)
from coldfront.config.base import SETTINGS_EXPORT
from coldfront.config.env import ENV
#------------------------------------------------------------------------------
# Advanced ColdFront configurations
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# General Center Information
#------------------------------------------------------------------------------
CENTER_NAME = ENV.str('CENTER_NAME', default='HPC Resources')
CENTER_HELP_URL = ENV.str('CENTER_HELP_URL', default='')
CENTER_PROJECT_RENEWAL_HELP_URL = ENV.str('CENTER_PROJECT_RENEWAL_HELP_URL',
default='')
CENTER_BASE_URL = ENV.str('CENTER_BASE_URL', default='')
#------------------------------------------------------------------------------
# Enable Project Review
#------------------------------------------------------------------------------
PROJECT_ENABLE_PROJECT_REVIEW = ENV.bool('PROJECT_ENABLE_PROJECT_REVIEW',
default=True)
#------------------------------------------------------------------------------
# Allocation related
#------------------------------------------------------------------------------
ALLOCATION_ENABLE_CHANGE_REQUESTS_BY_DEFAULT = ENV.bool(
'ALLOCATION_ENABLE_CHANGE_REQUESTS', default=True)
ALLOCATION_CHANGE_REQUEST_EXTENSION_DAYS = ENV.list(
'ALLOCATION_CHANGE_REQUEST_EXTENSION_DAYS', cast=int, default=[30, 60, 90])
ALLOCATION_ENABLE_ALLOCATION_RENEWAL = ENV.bool(
'ALLOCATION_ENABLE_ALLOCATION_RENEWAL', default=True)
if ENV.bool('PLUGIN_MOKEY', default=False):
#------------------------------------------------------------------------------
# Enable Mokey/Hydra OpenID Connect Authentication Backend
#------------------------------------------------------------------------------
INSTALLED_APPS += [
'coldfront.plugins.mokey_oidc',
]
AUTHENTICATION_BACKENDS += [
'coldfront.plugins.mokey_oidc.auth.OIDCMokeyAuthenticationBackend',
]
else:
AUTHENTICATION_BACKENDS += [
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
]
MIDDLEWARE += [
'mozilla_django_oidc.middleware.SessionRefresh',
]
OIDC_OP_JWKS_ENDPOINT = ENV.str('OIDC_OP_JWKS_ENDPOINT')
OIDC_RP_SIGN_ALGO = ENV.str('OIDC_RP_SIGN_ALGO')
OIDC_RP_CLIENT_ID = ENV.str('OIDC_RP_CLIENT_ID')
OIDC_RP_CLIENT_SECRET = ENV.str('OIDC_RP_CLIENT_SECRET')
OIDC_OP_AUTHORIZATION_ENDPOINT = ENV.str('OIDC_OP_AUTHORIZATION_ENDPOINT')
OIDC_OP_TOKEN_ENDPOINT = ENV.str('OIDC_OP_TOKEN_ENDPOINT')
OIDC_OP_USER_ENDPOINT = ENV.str('OIDC_OP_USER_ENDPOINT')
OIDC_VERIFY_SSL = ENV.bool('OIDC_VERIFY_SSL', default=True)
OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = ENV.int(
'OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS', default=3600)
from coldfront.config.base import INSTALLED_APPS
from coldfront.config.env import ENV
INSTALLED_APPS += [
'coldfront.plugins.slurm',
]
SLURM_SACCTMGR_PATH = ENV.str('SLURM_SACCTMGR_PATH',
default='/usr/bin/sacctmgr')
SLURM_NOOP = ENV.str('SLURM_NOOP', False)
SLURM_IGNORE_USERS = ENV.list('SLURM_IGNORE_USERS', default=['root'])
SLURM_IGNORE_ACCOUNTS = ENV.list('SLURM_IGNORE_ACCOUNTS', default=[])
import coldfront
from django.core.exceptions import ImproperlyConfigured
from django.core.management.utils import get_random_secret_key
from coldfront.config.env import ENV, PROJECT_ROOT
#------------------------------------------------------------------------------
# Base Django config for ColdFront
#------------------------------------------------------------------------------
VERSION = coldfront.VERSION
BASE_DIR = PROJECT_ROOT()
ALLOWED_HOSTS = ENV.list('ALLOWED_HOSTS', default=['*'])
DEBUG = ENV.bool('DEBUG', default=False)
WSGI_APPLICATION = 'coldfront.config.wsgi.application'
ROOT_URLCONF = 'coldfront.config.urls'
SECRET_KEY = ENV.str('SECRET_KEY', default='')
if len(SECRET_KEY) == 0:
SECRET_KEY = get_random_secret_key()
#------------------------------------------------------------------------------
# Locale settings
#------------------------------------------------------------------------------
LANGUAGE_CODE = ENV.str('LANGUAGE_CODE', default='en-us')
TIME_ZONE = ENV.str('TIME_ZONE', default='America/New_York')
USE_I18N = True
USE_L10N = True
USE_TZ = True
#------------------------------------------------------------------------------
# Django Apps
#------------------------------------------------------------------------------
from coldfront.config.base import AUTHENTICATION_BACKENDS
from coldfront.config.env import ENV
from django.core.exceptions import ImproperlyConfigured
try:
import ldap
from django_auth_ldap.config import GroupOfNamesType, LDAPSearch
except ImportError:
raise ImproperlyConfigured(
'Please run: pip install ldap3 django_auth_ldap')
#------------------------------------------------------------------------------
# LDAP user authentication using django-auth-ldap. This will enable LDAP
# user/password logins. You can also override this in local_settings.py
#------------------------------------------------------------------------------
AUTH_LDAP_SERVER_URI = ENV.str('AUTH_LDAP_SERVER_URI')
AUTH_LDAP_USER_SEARCH_BASE = ENV.str('AUTH_LDAP_USER_SEARCH_BASE')
AUTH_LDAP_START_TLS = ENV.bool('AUTH_LDAP_START_TLS', default=True)
AUTH_LDAP_BIND_DN = ENV.str('AUTH_LDAP_BIND_DN', default='')
AUTH_LDAP_BIND_PASSWORD = ENV.str('AUTH_LDAP_BIND_PASSWORD', default='')
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = ENV.bool(
'AUTH_LDAP_BIND_AS_AUTHENTICATING_USER', default=False)
AUTH_LDAP_MIRROR_GROUPS = ENV.bool('AUTH_LDAP_MIRROR_GROUPS', default=True)
AUTH_LDAP_GROUP_SEARCH_BASE = ENV.str('AUTH_LDAP_GROUP_SEARCH_BASE')
AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASE,
ldap.SCOPE_ONELEVEL, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASE,
ldap.SCOPE_ONELEVEL,
'(objectClass=groupOfNames)')
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_USER_ATTR_MAP = ENV.dict('AUTH_LDAP_USER_ATTR_MAP',
from coldfront.config.base import INSTALLED_APPS
from coldfront.config.env import ENV
INSTALLED_APPS += [
'coldfront.plugins.iquota',
]
IQUOTA_KEYTAB = ENV.str('IQUOTA_KEYTAB')
IQUOTA_CA_CERT = ENV.str('IQUOTA_CA_CERT')
IQUOTA_API_HOST = ENV.str('IQUOTA_API_HOST')
IQUOTA_API_PORT = ENV.str('IQUOTA_API_PORT', default='8080')
from coldfront.config.env import ENV
#------------------------------------------------------------------------------
# Email/Notification settings
#------------------------------------------------------------------------------
EMAIL_ENABLED = ENV.bool('EMAIL_ENABLED', default=False)
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = ENV.str('EMAIL_HOST', default='localhost')
EMAIL_PORT = ENV.int('EMAIL_PORT', default=25)
EMAIL_HOST_USER = ENV.str('EMAIL_HOST_USER', default='')
EMAIL_HOST_PASSWORD = ENV.str('EMAIL_HOST_PASSWORD', default='')
EMAIL_USE_TLS = ENV.bool('EMAIL_USE_TLS', default=False)
EMAIL_TIMEOUT = ENV.int('EMAIL_TIMEOUT', default=3)
EMAIL_SUBJECT_PREFIX = ENV.str('EMAIL_SUBJECT_PREFIX', default='[ColdFront]')
EMAIL_ADMIN_LIST = ENV.list('EMAIL_ADMIN_LIST')
EMAIL_SENDER = ENV.str('EMAIL_SENDER')
EMAIL_TICKET_SYSTEM_ADDRESS = ENV.str('EMAIL_TICKET_SYSTEM_ADDRESS')
EMAIL_DIRECTOR_EMAIL_ADDRESS = ENV.str('EMAIL_DIRECTOR_EMAIL_ADDRESS')
EMAIL_PROJECT_REVIEW_CONTACT = ENV.str('EMAIL_PROJECT_REVIEW_CONTACT')
EMAIL_DEVELOPMENT_EMAIL_LIST = ENV.list('EMAIL_DEVELOPMENT_EMAIL_LIST')
EMAIL_OPT_OUT_INSTRUCTION_URL = ENV.str('EMAIL_OPT_OUT_INSTRUCTION_URL',
default='')
EMAIL_ALLOCATION_EXPIRING_NOTIFICATION_DAYS = ENV.list(
'EMAIL_ALLOCATION_EXPIRING_NOTIFICATION_DAYS',
cast=int,
default=[7, 14, 30])
EMAIL_SIGNATURE = ENV.str('EMAIL_SIGNATURE', default='', multiline=True)
from coldfront.config.base import INSTALLED_APPS
from coldfront.config.env import ENV
#------------------------------------------------------------------------------
# Enable XDMoD support
#------------------------------------------------------------------------------
INSTALLED_APPS += [
'coldfront.plugins.xdmod',
]
XDMOD_API_URL = ENV.str('XDMOD_API_URL')
from coldfront.config.env import ENV
from coldfront.config.base import INSTALLED_APPS, AUTHENTICATION_BACKENDS, TEMPLATES
#------------------------------------------------------------------------------
# ColdFront default authentication settings
#------------------------------------------------------------------------------
AUTHENTICATION_BACKENDS += [
'django.contrib.auth.backends.ModelBackend',
]
LOGIN_URL = '/user/login'
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = ENV.str('LOGOUT_REDIRECT_URL', LOGIN_URL)
SU_LOGIN_CALLBACK = "coldfront.core.utils.common.su_login_callback"
SU_LOGOUT_REDIRECT_URL = "/admin/auth/user/"
SESSION_COOKIE_AGE = 60 * 15
SESSION_SAVE_EVERY_REQUEST = True
SESSION_COOKIE_SAMESITE = 'Strict'
SESSION_COOKIE_SECURE = True
#------------------------------------------------------------------------------
# Enable administrators to login as other users
#------------------------------------------------------------------------------
if ENV.bool('ENABLE_SU', default=True):
AUTHENTICATION_BACKENDS += [
'django_su.backends.SuBackend',
]
INSTALLED_APPS.insert(0, 'django_su')
TEMPLATES[0]['OPTIONS']['context_processors'].extend([
from coldfront.config.auth import AUTHENTICATION_BACKENDS
from coldfront.config.env import ENV
from django.core.exceptions import ImproperlyConfigured
try:
import ldap
from django_auth_ldap.config import GroupOfNamesType, LDAPSearch
except ImportError:
raise ImproperlyConfigured(
'Please run: pip install ldap3 django_auth_ldap')
#------------------------------------------------------------------------------
# LDAP user authentication using django-auth-ldap. This will enable LDAP
# user/password logins. You can also override this in local_settings.py
#------------------------------------------------------------------------------
AUTH_LDAP_SERVER_URI = ENV.str('AUTH_LDAP_SERVER_URI')
AUTH_LDAP_USER_SEARCH_BASE = ENV.str('AUTH_LDAP_USER_SEARCH_BASE')
AUTH_LDAP_START_TLS = ENV.bool('AUTH_LDAP_START_TLS', default=True)
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
AUTH_LDAP_MIRROR_GROUPS = ENV.bool('AUTH_LDAP_MIRROR_GROUPS', default=True)
AUTH_LDAP_GROUP_SEARCH_BASE = ENV.str('AUTH_LDAP_GROUP_SEARCH_BASE')
AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASE,
ldap.SCOPE_ONELEVEL, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASE,
ldap.SCOPE_ONELEVEL,
'(objectClass=groupOfNames)')
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_USER_ATTR_MAP = ENV.dict('AUTH_LDAP_USER_ATTR_MAP',
default={
'username': '******',
'first_name': 'givenName',
from coldfront.config.base import INSTALLED_APPS
from coldfront.config.env import ENV
INSTALLED_APPS += ['coldfront.plugins.system_monitor']
SYSTEM_MONITOR_PANEL_TITLE = ENV.str('SYSMON_TITLE',
default='HPC Cluster Status')
SYSTEM_MONITOR_ENDPOINT = ENV.str('SYSMON_ENDPOINT')
SYSTEM_MONITOR_DISPLAY_MORE_STATUS_INFO_LINK = ENV.str('SYSMON_LINK')
SYSTEM_MONITOR_DISPLAY_XDMOD_LINK = ENV.str('SYSMON_XDMOD_LINK')
