Advanced settings file

You can change Fleio options and behavior from the settings.py file as described below.

Note that, besides the backend settings described in this document, frontend settings are also available to personalize your installation.

Fleio backend settings file location:

The settings.py file is mounted in fleio_backend_1 container and the full file path is:

/var/webapps/fleio/project/fleio/fleiosettings/settings.py

Important

After editing the settings.py file, you must restart the fleio services. See Restarting Fleio.

DO NOT EDIT file /var/webapps/fleio/project/fleio/settings.py. This used to be (prior to 2020.05 release) the editable file for local Fleio settings. This file is now overwritten on Fleio upgrades. It simply points now to /var/webapps/fleio/project/fleio/fleiosettings/settings.py.

Edit settings.py file

To edit the Fleio settings file please use the following command:

fleio edit settings.py

On exit, press “Y” if you want to keep the changes that you added to the settings.py file. To discard the changes, press “N”.

Restarting Fleio

In order to restart Fleio you need to use the following command:

fleio restart

Django and DRF settings

The Fleio backend is built on Django web framework and Django REST framework. You can overwrite Django and DRF settings in the settings.py file, as well. Read about their available settings in the Django documentation and in the DRF documentation.

Fleio specific settings

Some advanced Fleio settings can only be changed by editing the settings.py file:

How to enable/disable features

Fleio is a modular application which allows you to enable or disable features for end-users and staff respectively.

The FEATURES dictionary allows you to enable or disable end-user features. The dictionary key identifies the feature and the dictionary value may have one of the following values:

• True - feature is enabled

• False - feature is disabled

The full features list is already present in base_settings.py, which contains default Fleio settings.

Important

Do not edit the base_settings.py file. It will be overwritten when Fleio is updated. Edit settings.py instead. settings.py contains your local installation information and is never overwritten by Fleio.

Features toggles have a tree-like structure and disabling a top feature would disable all it children. For instance, setting ‘openstack’: False, would all features beneath, like ‘openstack.instances’, ‘openstack.volumes’, ‘openstack.images’ etc.

Here’s how features are defined by default in base_settings.py.

FEATURES = {
    'demo': False,
    'enduser': True,
    'enduser.allow_changing_password': True,
    'billing': True,
    'billing.addcredit': True,
    'billing.credit_auto_invoicing': True,
    'billing.credit_estimate': True,
    'billing.history': True,
    'billing.invoices': True,
    'billing.order': True,
    'billing.pdf': True,
    'billing.services': True,
    'billing.recurring_payments': False,
    'clients&users.clients': True,
    'clients&users.clients.allow_country_change': True,
    'clients&users.invitations': True,
    'clients&users.roles': False,
    'clients&users.signup': True,
    'clients&users.users': True,
    'clients&users.userprofile': True,
    'clients&users.second_factor_auth': True,
    'clients&users.second_factor_auth.google_authenticator': True,
    'clients&users.second_factor_auth.sms_authenticator': True,
    'clients&users.switch-client': False,
    'dashboard': True,
    'notifications': True,
    'openstack': True,
    'openstack.apiusers': True,
    'openstack.cleanup': True,
    'openstack.cleanup.images': True,
    'openstack.cleanup.images.showdate': True,
    'openstack.coe.clusters': True,
    'openstack.coe.clusters.create.master_lb_flag': False,
    'openstack.coe.clusters.create.show_price': True,
    'openstack.coe.cluster_templates': True,
    'openstack.coe.cluster_templates.manage_cluster_templates': True,
    'openstack.dns.ptr': True,
    'openstack.dns.zones': True,
    'openstack.flavors': True,
    'openstack.floatingips': True,
    'openstack.floatingips.show-price-on-create': True,
    'openstack.images': True,
    'openstack.images.copy': True,
    'openstack.images.download': True,
    'openstack.images.file_uploads': True,
    'openstack.images.updatecreate': True,
    'openstack.images.show-price-on-create': True,
    'openstack.images.showcommunity': True,
    'openstack.images.showshared': True,
    'openstack.instances': True,
    'openstack.instances.allow_changing_password': True,
    'openstack.instances.availability_zones': True,
    'openstack.instances.show-price-on-create': True,
    'openstack.instances.rescue': True,
    'openstack.instances.resize.allow_resize_to_less_disk_space': True,
    'openstack.instances.resize.show-price': True,
    'openstack.instances.show_hypervisors': True,
    'openstack.instances.snapshots': True,
    'openstack.instances.snapshots.pricing': True,
    'openstack.instances.traffic': True,
    'openstack.instances.networking.edit': True,
    'openstack.lbaas': True,
    'openstack.networks': True,
    'openstack.networks.availability_zones': True,
    'openstack.networks.display_external_networks': True,
    'openstack.networks.display_shared_networks': True,
    'openstack.networks.auto_create_network': True,
    'openstack.osbackup': True,
    'openstack.osbackup.pricing': True,
    'openstack.osbackup.schedules': True,
    'openstack.ports': True,
    'openstack.ports.manage_public_network_related_ports': False,
    'openstack.projects': True,
    'openstack.routers': True,
    'openstack.routers.availability_zones': True,
    'openstack.securitygroups': True,
    'openstack.sshkeys': True,
    'openstack.subnetpools': True,
    'openstack.volumes': True,
    'openstack.volumes.availability_zones': True,
    'openstack.volumes.backups': True,
    'openstack.volumes.backups.show-price-on-create': True,
    'openstack.volumes.show-price-on-create': True,
    'openstack.volumes.snapshots': True,
    'openstack.volumes.snapshots.show-price-on-create': True,
    'openstack.volumes.boot': True,
    'openstack.object-store': True,
    'openstack.orchestration.heat-stacks': True,
    'openstack.orchestration.heat-resource-types': True,
    'openstack.orchestration.heat-template-versions': True,
    'plugins': True,
    'plugins.todo': True,
    'plugins.tickets': True,
    'plugins.cpanel': True,
    'plugins.cpanelserver': True,
    'plugins.domains': True,
    'plugins.hypanel': False,
    'utils': True,
    'utils.operations': True,
}

Analogous there’s a STAFF_FEATURES dictionary which allows you to manipulate features for the staff panel.

STAFF_FEATURES = {
    'demo': False,
    'staff': True,
    'billing': True,
    'billing.external_billing': True,
    'billing.gateways': True,
    'billing.journal': True,
    'billing.invoices': True,
    'billing.orders': True,
    'billing.products': True,
    'billing.pdf': True,
    'billing.services': True,
    'billing.taxrules': True,
    'billing.transactions': True,
    'billing.reporting': True,
    'billing.reseller': False,
    'clients&users.clients': True,
    'clients&users.roles': False,
    'clients&users.clients.reset_usage': False,
    'clients&users.clientgroups': True,
    'clients&users.userprofile': True,
    'clients&users.users': True,
    'clients&users.usergroups': True,
    'clients&users.second_factor_auth': True,
    'clients&users.second_factor_auth.google_authenticator': True,
    'clients&users.second_factor_auth.sms_authenticator': True,
    'dashboard': True,
    'app-status': True,
    'logger': True,
    'logger.periodic_task_log': True,
    'notifications': True,
    'notifications.send': False,
    'openstack': True,
    'openstack.apiusers': True,
    'openstack.cleanup': True,
    'openstack.cleanup.images': True,
    'openstack.cleanup.images.showdate': True,
    'openstack.coe.clusters': True,
    'openstack.coe.clusters.create.master_lb_flag': False,
    'openstack.coe.clusters.create.show_price': True,
    'openstack.coe.cluster_templates': True,
    'openstack.dns.ptr': True,
    'openstack.dns.zones': True,
    'openstack.flavors': True,
    'openstack.floatingips': True,
    'openstack.floatingips.show-price-on-create': True,
    'openstack.images': True,
    'openstack.images.copy': True,
    'openstack.images.download': True,
    'openstack.images.file_uploads': True,
    'openstack.images.shareoncreate': True,
    'openstack.images.showcommunity': True,
    'openstack.images.showshared': True,
    'openstack.images.updatecreate': True,
    'openstack.instances': True,
    'openstack.instances.allow_changing_password': True,
    'openstack.instances.availability_zones': True,
    'openstack.instances.show-price-on-create': True,
    'openstack.instances.rescue': True,
    'openstack.instances.resize.show-price': True,
    'openstack.instances.snapshots': True,
    'openstack.instances.snapshots.pricing': True,
    'openstack.instances.traffic': True,
    'openstack.networks': True,
    'openstack.networks.availability_zones': True,
    'openstack.networks.auto_create_network': True,
    'openstack.ports': True,
    'openstack.projects': True,
    'openstack.routers': True,
    'openstack.routers.availability_zones': True,
    'openstack.securitygroups': True,
    'openstack.sshkeys': True,
    'openstack.subnetpools': True,
    'openstack.subnets': True,
    'openstack.volumes': True,
    'openstack.volumes.availability_zones': True,
    'openstack.volumes.backups': True,
    'openstack.volumes.backups.show-price-on-create': True,
    'openstack.volumes.show-price-on-create': True,
    'openstack.volumes.snapshots': True,
    'openstack.volumes.snapshots.show-price-on-create': True,
    'openstack.volumes.types': True,
    'openstack.volumes.boot': True,
    'openstack.osbackup': True,
    'openstack.osbackup.pricing': True,
    'openstack.osbackup.schedules': True,
    'openstack.settings': True,
    'openstack.plans': True,
    'plugins': True,
    'plugins.cpanel': True,
    'plugins.cpanelserver': True,
    'plugins.domains': True,
    'plugins.todo': True,
    'plugins.tickets': True,
    'plugins.hypanel': False,
    'settings': True,
    'settings.general': True,
    'settings.configurations': True,
    'settings.authorization': True,
    'settings.notifications.templates': True,
    'utils': True,
    'utils.activitylog': True,
    'utils.operations': True,
    'utils.tasklog': True,
    'utils.reports': True,
    'servers': True,
}

With Fleio 2019.12.0 release we have added the reseller feature. With this we also have a new dictionary in order to enable or disable RESELLER FEATURES:

RESELLER_FEATURES = {
    'demo': False,
    'reseller': True,
    'billing': True,
    'billing.transactions': True,
    'billing.journal': True,
    'billing.invoices': True,
    'billing.orders': True,
    'billing.products': True,
    'billing.pdf': True,
    'billing.services': True,
    'billing.service-cycles': True,
    'billing.history': True,
    'clients&users.clients': True,
    'clients&users.clientgroups': True,
    'clients&users.userprofile': True,
    'clients&users.users': True,
    'clients&users.usergroups': True,
    'clients&users.second_factor_auth': True,
    'clients&users.second_factor_auth.google_authenticator': True,
    'clients&users.second_factor_auth.sms_authenticator': True,
    'dashboard': True,
    'notifications': True,
    'notifications.send': False,
    'openstack': True,
    'openstack.apiusers': True,
    'openstack.cleanup': True,
    'openstack.cleanup.images': True,
    'openstack.cleanup.images.showdate': True,
    'openstack.coe.clusters': True,
    'openstack.coe.clusters.create.master_lb_flag': False,
    'openstack.coe.cluster_templates': True,
    'openstack.dns.ptr': True,
    'openstack.dns.zones': True,
    'openstack.flavors': True,
    'openstack.floatingips': True,
    'openstack.images': True,
    'openstack.images.copy': True,
    'openstack.images.download': True,
    'openstack.images.file_uploads': True,
    'openstack.images.shareoncreate': True,
    'openstack.images.showcommunity': True,
    'openstack.images.showshared': True,
    'openstack.images.updatecreate': True,
    'openstack.instances': True,
    'openstack.instances.allow_changing_password': True,
    'openstack.instances.availability_zones': True,
    'openstack.instances.rescue': True,
    'openstack.instances.show_hypervisors': True,
    'openstack.instances.show-price-on-create': True,
    'openstack.instances.snapshots': True,
    'openstack.instances.snapshots.pricing': True,
    'openstack.instances.traffic': True,
    'openstack.networks': True,
    'openstack.networks.availability_zones': True,
    'openstack.ports': True,
    'openstack.projects': True,
    'openstack.routers': True,
    'openstack.routers.availability_zones': True,
    'openstack.securitygroups': True,
    'openstack.sshkeys': True,
    'openstack.subnetpools': True,
    'openstack.subnets': True,
    'openstack.volumes': True,
    'openstack.volumes.availability_zones': True,
    'openstack.volumes.backups': True,
    'openstack.volumes.show-price-on-create': True,
    'openstack.volumes.snapshots': True,
    'openstack.volumes.boot': True,
    'openstack.osbackup': True,
    'openstack.osbackup.schedules': True,
    'openstack.plans': True,
    'plugins': True,
    'plugins.cpanel': True,
    'plugins.cpanelserver': True,
    'plugins.domains': True,
    'plugins.todo': True,
    'plugins.tickets': True,
    'plugins.hypanel': False,
    'settings.configurations': True,
    'servers': True,
}

And here’s how to enable or disable a feature. Let’s say we want to disable new users sign-up. Add the following line at the end of settings.py:

FEATURES['clients&users.signup'] = False

And let’s say that we want to enable floating IPs for staff. In order to enable a feature you have to make sure the top level feature is also enabled. To enable floating IPs just add the following lines at the end of settings.py:

STAFF_FEATURES['openstack'] = True
STAFF_FEATURES['openstack.floatingips'] = True

End-user features explained

• demo - enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.

• enduser - feature is available only in end user mode, used to differentiate between enduser and staff

• enduser.allow_changing_password - when set to False end-users are not allowed to change their password, through Forgot password link or Edit user profile

• billing.addcredit - enables the Add credit button on dashboard

• billing.credit_auto_invoicing - enables the auto invoicing feature

• billing.credit_estimate - enables the credit estimate feature

• billing.history - enables billing history page

• billing.invoices - enables invoice functionality, this may be needed for Add credit

• billing.order - enables order functionality allowing end user to order services

• billing.pdf - enables pdf generation for invoices

• billing.services - enables services view for end user, the user will be able to view and edit services

• billing.recurring_payments - enables recurring payments

• clients&users.clients - enables client feature for end users allowing add or edit of clients

• clients&users.clients.allow_country_change - allow clients to change the country

• clients&users.invitations - enables the user invitiation feature

• clients&users.roles - enables the user roles feature

• clients&users.second_factor_auth - enable second factor authentication(SFA) for end users

• clients&users.second_factor_auth.google_authenticator - enables google authenticator SFA method

• clients&users.second_factor_auth.sms_authenticator - enables sms authenticator SFA method

• clients&users.switch-client - enables the switch active client feature

• clients&users.signup - enables signup for end users. If this is disabled, users can only be added by staff users or via the Fleio API

• clients&users.userprofile - enables used profile editing for end users

• dashboard- when disabled the dashboard page will be empty

• notifications - enables notifications for end user

• openstack - enables child OpenStack features. When this is False, all OpenStack functionality is disabled.

• openstack.apiusers - enables OpenStack API user management

• openstack.cleanup - enables OpenStack objects cleanup

• openstack.cleanup.images - when enabled user uploaded images are automatically deleted in X days

• openstack.cleanup.images.showdate - show the date when the user uploaded image will be automatically deleted

• openstack.coe.clusters - enables openstack Magnum cluster management

• openstack.coe.clusters.create.master_lb_flag - enables the Master LB flag on the cluster create form

• openstack.coe.clusters.create.show_price - will show the estimated price on the cluster create form

• openstack.coe.cluster_templates - enables openstack Magnum cluster template management

• openstack.coe.cluster_templates.manage_cluster_templates - allows the end user to manage and update clusters template

• openstack.dns.ptr - enables dns ptr record editing for instances

• openstack.dns.zones - enables dns zones editing

• openstack.floatingips - enables floating IPs management for end users

• openstack.floatingips.show-price-on-create - will show the estimated price on floating IP create

• openstack.images - enables My images feature for end users where users can see snapshots and upload images

• openstack.images.copy - enables the image copy to other regions feature

• openstack.images.createupdate - enable create and update of images in My images page

• openstack.images.file_uploads - allow end user to upload images using files as source

• openstack.images.showcommunity - show community images, on separate tab, in create instance form

• openstack.images.showshared - show shared images in create instance form

• openstack.images.show-price-on-create - show the estimated price on image create form

• openstack.images.download - allows the end user to download images

• openstack.instances - enables management of instances for end users

• openstack.instances.allow_changing_password - enables and shows the instance menu option Change password

• openstack.instances.availability_zones - enables the availability zone dropdown on instance create form

• openstack.instances.snapshots - allows instance snapshots. This feature may require openstack.images to be enabled openstack.instances.snapshots.pricing - shows the estimated price for instance snapshots

• openstack.instances.show_hypervisors - enables the display of hypervisors name on instance details

• openstack.instances.show-price-on-create - show the estimated price on the instance create form

• openstack.instances.rescue - enables the instance rescue feature

• openstack.instances.resize.allow_resize_to_less_disk_space - allow resizing of instances to flavors with less disk space

• openstack.instances.resize.show-price - show the estimated price on the instance resize form

• openstack.instances.traffic - enables instance traffic monitoring and billing functionality

• openstack.instances.networking.edit - enables networking tab for end user. This feature may require openstack.ports to be enabled

• openstack.lbaas - enables the load balancers feature

• openstack.networks - enables networks management for end users

• openstack.networks.availability_zones - enables the availability zones dropdown on network create form

• openstack.networks.auto_create_network - enables auto creation of networks

• openstack.networks.display_external_networks - displays external networks created by other users

• openstack.networks.display_shared_networks - displays shared networks created by other users

• openstack.ports.manage_public_network_related_ports - allows end user to edit his ports that are public

• openstack.routers - allow end-users to create and manage network routers

• openstack.routers.availability_zones - enables the availability zone dropdown on router create form

• openstack.securitygroups - enables security groups management for end users

• openstack.sshkeys - enables SSH key management for end users

• openstack.subnetpools - enables management of subnet pools for end users

• openstack.volumes - enables management of volumes for end users

• openstack.volumes.show-price-on-create - show the estimated price on volume create form

• openstack.volumes.availability_zones - enables the availability zones dropdown on volume create form

• openstack.volumes.backups - enables volume backup management

• openstack.volumes.backups.show-price-on-create - show the estimated price on volume backup create form

• openstack.volumes.boot - show the boot from volume feature on instance create form

• openstack.volumes.snapshots - enables the volume snapshot feature

• openstack.volumes.snapshots.show-price-on-create - show the estimated price on volume snapshot create form

• openstack.osbackup - enables server backup functionality for end users

• openstack.osbackup.pricing - show the estimated price on server backup

• openstack.osbackup.schedules - allow end-users to edit backup schedule

• openstack.object-store - enables the object store feature

• openstack.orchestration.heat-stacks - enables the heat stacks

• openstack.orchestration.heat-resource-types - enables the heat resource types

• openstack.orchestration.heat-template-versions - enables the heat template versions

• plugins - when False all below plugins will be disabled

• plugins.todo - enables the TODO plugin

• plugins.tickets - enables support tickets functionality

• plugins.cpanel - enables cPanel functionality

• plugins.cpanelserver - enables cPanel server functionality

• plugins.domains - enables domain name registration and management

• utils - enables the utils feature

• utils.operations - enables the operations feature

Staff user features explained

• demo - enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.

• staff - feature is available only in staff mode, used to differentiate between end user and staff

• billing - when True, enables billing features; when False disables all features that start with billing. ...

• billing.gateways - enables gateways functionality for staff

• billing.journal - enables journal viewer for staff

• billing.invoices - enables invoice management for staff

• billing.orders - enables order management for staff

• billing.reporting - enables the reporting feature

• billing.products - enables products management for staff

• billing.pdf - enabled pdf generation for invoices

• billing.services - enables services management for staff

• billing.service-cycles - enables the service cycles tab on services

• billing.taxrules - enables tax rules management for staff

• billing.transactions - enables transactions functionality

• billing.reseller - enables reseller billing

• clients&users.clients - enables clients management for staff

• clients&users.users - enables users management for staff

• clients&users.userprofile - enables used profile editing for staff

• clients&users.second_factor_auth - enable second factor authentication(SFA) for end users

• clients&users.second_factor_auth.google_authenticator - enables google authenticator SFA method

• clients&users.second_factor_auth.sms_authenticator - enables sms authenticator SFA method

• clients&users.roles - enables the user roles management

• clients&users.clientgroups - enables client groups management for staff

• clients&users.usergroups - enables user group management for staff

• clients&users.clients.reset_usage - enables the reset usage feature

• dashboard- when disabled the dashboard page will be empty

• app-status - shows App services on staff dashboard

• openstack.apiusers - enables OpenStack API user management

• openstack.cleanup - enables OpenStack objects cleanup

• openstack.cleanup.images - enables automatic deletion of user uploaded images after X days

• openstack.cleanup.images.showdate - show the date when the user uploaded images will be automatically deleted

• openstack.coe.clusters - enables openstack Magnum cluster management

• openstack.coe.cluster_templates - enables openstack Magnum cluster template management

• openstack.coe.clusters.create.master_lb_flag - enables the Master LB flag on cluster create form

• openstack.coe.clusters.create.show_price - shows the estimated price on the cluster create form

• openstack.dns.ptr - enables DNS PTR record editing for instances

• openstack.dns.zones - enables DNS zone editing

• openstack.flavors - enables flavors management

• openstack.floatingips - enables floating IPs management for staff

• openstack.floatingips.show-price-on-create - shows the estimated price on floating IP create form

• openstack.images - enables Image management for staff where staff users can see snapshots and upload images

• openstack.images.copy - enables the image copy to other regions feature

• openstack.images.download - allow staff users to download images

• openstack.images.file_upload - allow staff users to upload images from files

• openstack.images.shareoncreate - enables instance creation based on an image from another project. The image will be shared between projects.

• openstack.images.showcommunity - show community images, on separate tab, in create instance form

• openstack.images.showshared - show shared images in create instance form

• openstack.instances - enables management of instances for staff

• openstack.instances.availability_zones - enables availability zones dropdown menu on instance crate form

• openstack.instances.show-price-on-create - show the price on instance crate form

• openstack.instances.rescue - enables the instance rescue feature

• openstack.instances.resize.show-price – show the estimated price on instance resize form

• openstack.instances.snapshots.pricing - show the estimated price on instance snapshot create form

• openstack.instances.allow_changing_password - enables and shows the instance menu option Change password

• openstack.instances.snapshots - allows instance snapshots. This feature may require openstack.images to be enabled

• openstack.instances.traffic - enables instance traffic monitoring and billing functionality

• openstack.networks - enables networks management for staff

• openstack.networks.availability_zones - enables the availability zones dropdown on network create form

• openstack.networks.auto_create_network - enables the auto create network featuer

• openstack.ports - enables ports management for staff

• openstack.projects - enables project management for staff

• openstack.routers - enables routers management for staff

• openstack.routers.availability_zones - enables the availability zones dropdown on router create form

• openstack.securitygroups - enables security groups management for staff

• openstack.sshkeys - enables ssh key management for staff

• openstack.subnetpools - enables management of subnet pools for staff

• openstack.subnets - enables subnet management for staff

• openstack.volumes - enables management of volumes for staff

• openstack.volumes.availability_zones - enables the availability zones dropdown on volume create form

• openstack.volumes.show-price-on-create - show the estimated price on volume create form

• openstack.volumes.backups - enables volume backup management

• openstack.volumes.backups.show-price-on-create - show the estimated price on volume backup create form

• openstack.volumes.snapshots- enables the volume snapshot feature

• openstack.volumes.snapshots.show-price-on-create - show the estimated price on volume snapshot create form

• openstack.volumes.types - enables the volumes type feature

• openstack.volumes.boot - allow staff users mark volume as bootable

• openstack.osbackup - enables backup of instances

• openstack.osbackup.schedules - allow staff users to edit backup schedule

• openstack.osbackup.pricing - show the estimated price on server backup

• openstack.settings - enables OpenStack settings on staff panel

• openstack.plans - enables management of OpenStack pricing plans

• plugins - when False all below plugins will be disabled

• plugins.todo - enables the TODO plugin

• plugins.tickets - enables support tickets functionality

• plugins.cpanel - enables cPanel functionality

• plugins.cpanelserver - enables cPanel server functionality

• plugins.domains - enables domain name registration and management

• settings - disables all settings

• settings.general - enables general settings on staff panel

• settings.configurations - enables management of configurations

• settings.authorization - enables authorization frontend for staff

• settings.notifications.templates - enables notification templates frontend for staff

• utils - when False disables Utils menu group and functionality

• utils.activitylog - enables activity log viewer on staff page

• utils.tasklog - enables task log viewer on staff page

• utils.reports - enables reports

• utils.operations - enables operations view

• servers - enables servers feature

• servers - enables shared hosting servers management

• notifications.send - enables important staff notifications (currently for invoices and new orders)

Reseller user features explained

• reseller - Enables the reseller feature. Mandatory to be True if reseller is active

• billing - Enables billing

• billing.transactions - enables transactions functionality

• billing.journal - enables journal viewer for reseller

• billing.invoices - enable invoice management for reseller

• billing.orders - enable order management for reseller

• billing.products - enable product management for reseller

• billing.pdf - enable pdf generation for invoices

• billing.services - Enable service management for reseller

• billing.history - Enables billing history for reseller

• clients&users.clients - enables clients management for reseller

• clients&users.users - enables users management for reseller

• clients&users.clientgroups - enables client groups management for reseller

• clients&users.usergroups - enables user group management for reseller

• clients&users.second_factor_auth - enable second factor authentication(SFA) for reseller

• clients&users.second_factor_auth.google_authenticator - enables google authenticator SFA method

• clients&users.second_factor_auth.sms_authenticator - enables sms authenticator SFA method

• notifications - enables notifications for reseller

• openstack - enables child OpenStack features. When this is False, all OpenStack functionality is disabled.

• openstack.apiusers - enables OpenStack API user management

• openstack.cleanup - enables OpenStack objects cleanup

• openstack.cleanup.images - when enabled user uploaded images are automatically deleted in X days

• openstack.cleanup.images.showdate - show the date when the user uploaded image will be automatically deleted

• openstack.coe.clusters - enables openstack Magnum cluster management

• openstack.coe.cluster_templates - enables openstack Magnum cluster template management

• openstack.dns.ptr - enables dns ptr record editing for instances

• openstack.dns.zones - enables dns zones editing

• openstack.flavors - enables flavors management for resellers

• openstack.floatingips - enables floating IPs management for resellers

• openstack.images - enables My images feature for end users where users can see snapshots and upload images

• openstack.images.copy - enables the image copy to other regions feature

• openstack.images.file_uploads - enables image file uploads for reseller

• openstack.images.updatecreate - enable create and update of images in My images page

• openstack.images.showcommunity - show community images, on separate tab, in create instance form

• openstack.images.showshared - show shared images in create instance form

• openstack.instances - enables management of instances for reseller

• openstack.instances.allow_changing_password - enables and shows the instance menu option Change password

• openstack.instances.snapshots - allows instance snapshots. This feature may require openstack.images to be enabled

• openstack.instances.show_hypervisors - enables the display of hypervisors name on instance details

• openstack.instances.traffic - enables instance traffic monitoring and billing functionality

• openstack.networks - enable networks management for reseller

• openstack.ports - enable ports management for reseller

• openstack.projects - enables projects management for reseller

• openstack.routers - allow end-users to create and manage network routers

• openstack.securitygroups - enables security groups management for reseller

• openstack.sshkeys - enables SSH key management for reseller

• openstack.subnets - enable subnets management for resellers

• openstack.volumes - enables management of volumes for reseller

• openstack.volumes.backups - enables volume backup management

• openstack.volumes.boot - show the boot from volume feature on instance create form

• openstack.volumes.snapshots - enable volume snapshots functionality for resellers

• openstack.osbackup - enables backup functionality for reseller

• openstack.osbackup.schedules - allow resellers to edit backup schedule

• openstack.plans - enables openstack plans management for resellers

Override enduser features

End user features can be overridden for end users based on client group using the OVERRIDE_FEATURES setting. For example if you want to disable billing.addcredit for clients belonging to client group group1 your OVERRIDE_FEATURES settings should look like this:

OVERRIDE_FEATURES = {
    'group1': {
        'billing.addcredit': False
    }
}

Note that the override features are applied only in frontend and only in end user panel.

Configure custom add credit URL

You can use an external link, if you are using another system (like WHMCS) to handle invoicing and credit card payments rather than fleio. You can customize the add credit URL which will reflect in several places including the one in end-user dashboard. This will also be used when sending email notifications regarding client having low credit and being out of credit or on the end-user cloud resources create form when the client has a credit amount lower than the one required to create new resources (configurable from the fleio configurations)

Edit settings.py and add:

# Leave empty to use the default add credit URL of Fleio
# fill in 'client_group_name': 'http://url...' pairs when using an external billing
# when the dictionary has a single entry it will be used regardless of the 'client_group_name'
ADD_CREDIT_URLS = {}

Openstack pricing rule settings

Openstack pricing rule price decimals can be configured by updating PRICING_RULE_PRICE_MAX_DECIMAL_PLACES. Default value is 8, we do not recommend using a value greater than 8 since the least significant decimals may be ignored.

You can also configure minimum price per pricing rule by changing MINIMUM_PRICE_PER_RULE. Default value of 0.01 means any rule that applies to a resource will generate a price of at least 0.01 in the rule currency.

Note

Note that the MINIMUM_PRICE_PER_RULE setting will apply to all pricing rules and resources, except on the resources from the pricing rules that have the pricing rule for free setting (e.g. instance IPs).

SSO_MAX_AGE

External billing systems, like WHMCS, generate single sign-on URL’s. For security reasons, SSO URL’s contain a timestamp from the moment they were generated.

SSO_MAX_AGE specifies after how many seconds, from the generation time, the single sign-on URL expires.

If single sign-on ULR is expired, it won’t work anymore.

PROXY_SETTINGS

If you are behind a proxy server, you must set this variable, to access the licensing server for setting the license.

Set it to: PROXY_SETTINGS = {‘https’: ‘<ip>:<port>’, }. For example:

PROXY_SETTINGS = {'https': '10.10.1.11:1080', }

Adjusting throttle rates

The default throttle rates are defined in /var/webapps/fleio/project/fleio/base_settings.py file. This means that at every update they will be reset to their default value so in order to change them you need to overwrite them in the settings.py file file.

The code from bellow must be added at the end of the settings.py file:

REST_FRAMEWORK = {
    'DEFAULT_MODEL_SERIALIZER_CLASS': 'rest_framework.serializers.HyperlinkedModelSerializer',
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
        'fleio.core.drf.FakeFormBasedAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ),
    'PAGE_SIZE': 20,
    'DEFAULT_PAGINATION_CLASS': 'fleio.core.drf.FleioPaginationSerializer',
    'NUM_PROXIES': 0,
    'DEFAULT_THROTTLE_RATES': {
        'login': '60/hour',
        'django_admin': '60/hour',
        'signup': '2/day',
        'confirm_email': '100/day',
        'resend_email_verification': '100/day',
        'password_reset': '10/hour',
        'gateway_callback': '1000/hour',
        'anonymous_sms_authenticator': '60/hour',
        'sms_sending': '15/hour',
    },
    'DEFAULT_VERSIONING_CLASS': 'fleio.core.drf.FleioVersioning',
    'DEFAULT_RENDERER_CLASSES': (
        'rest_framework.renderers.JSONRenderer',
        # uncomment the following line to enable the browsable api
        # 'rest_framework.renderers.BrowsableAPIRenderer',
        'fleio.core.drf.FleioJsonRenderer',
    ),
    'EXCEPTION_HANDLER': 'fleio.core.drf_exception_handler.drf_exception_handler'
}

After editing the settings.py file, you must restart the fleio services. See Restarting Fleio.

Adjusting the celery beat tasks schedule

If you want to change the schedule of the celery beat tasks (such as process clients cron, collect traffic data and so on), you will need to uncomment the following code from the settings.py file.

After that, you need to replace the default value (15) with the desired value. We recommend that the process clients cron and collect traffic data to be run at least once every 15 minutes.

CELERY_BEAT_SCHEDULE = {
    'process_clients_task_every_15_minutes': {
        'task': 'Process clients task',
        'schedule': crontab(minute='*/15')
    },
    'collect_traffic_data_task_every_15_minutes': {
        'task': 'Collect traffic data task',
        'schedule': crontab(minute='*/15')
    },
    'update_exchange_rates_task_at_midnight': {
        'task': 'Update exchange rates task',
        'schedule': crontab()
    },
    'process_scheduled_backups_task_every_15_minutes': {
        'task': 'Process scheduled backups task',
        'schedule': crontab(minute='*/15')
    },
    'sync_hypervisors_task_every_60_minutes': {
        'task': 'Hypervisors background synchronization',
        'schedule': crontab(minute='*/60')
    },
}

After changing the settings.py file you will have to restart Fleio services. Please see Restarting Fleio.

Configurable password strength

Fleio handles the password strength using several variables. The default complexity is the following:

ENDUSER_PASSWORD_MIN_LEN = 8
ENDUSER_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
ENDUSER_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN))
ENDUSER_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

ENDUSER_ROOT_PASSWORD_MIN_LEN = 8
ENDUSER_ROOT_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
ENDUSER_ROOT_PASSWORD_LENGTH_ERROR = _(
    'Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN)
)
ENDUSER_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

RESELLER_PASSWORD_MIN_LEN = 8
RESELLER_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
RESELLER_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN))
RESELLER_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

RESELLER_ROOT_PASSWORD_MIN_LEN = 8
RESELLER_ROOT_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
RESELLER_ROOT_PASSWORD_LENGTH_ERROR = _(
    'Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN)
)
RESELLER_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

STAFF_PASSWORD_MIN_LEN = 8
STAFF_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
STAFF_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(STAFF_PASSWORD_MIN_LEN))
STAFF_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

STAFF_ROOT_PASSWORD_MIN_LEN = 8
STAFF_ROOT_PASSWORD_REGEXES = [
    # '[a-z]',  # password should contain a lower case letter
    # '[A-Z]',  # password should contain a upper case letter
    # '[0-9]',  # password should contain a digit
    # r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(STAFF_PASSWORD_MIN_LEN))
STAFF_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

Variables ending with _PASSWORD_REGEXES contain a list of regular expressions used for password validation. A password is considered valid if it matches all the regexes.

After you configure them by your needs you must restart the fleio services. See Restarting Fleio.

Default OpenStack object names

Fleio creates a new security group for each client (OpenStack project) the first time an instance is created. And this new security group will be automatically added to all instances the end-user creates.

By default this security group is called fleio and has description fleio. You can change the default name and description by adding these lines in your settings.py file:

# Name of the security group that is automatically created when the end-user creates the first instance
SECURITY_GROUP_NAME = 'fleio'
# Description of the same automatically created security group
SECURITY_GROUP_DESCRIPTION = 'fleio'

Default security group rules

Security groups are actually firewall rules in OpenStack. Though, the rules are not defined inside the virtual machine (instance), but on the networking layer (OpenStack Neutron project).

Fleio creates a security group automatically when the first instance is created for a client. To customize the name and the description of this security group see previous section.

The default Fleio security rules of this automatically created security group will allow all IPv4 and IPv6 traffic:

DEFAULT_IPV4_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
    },
]

DEFAULT_IPV6_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
    },
]

You can customize the two list of rules in your settings.py. Note that each of the two settings consists of a list of Python dictionaries. Each dictionary is a security rule.

You can find here the possible dictionary keys: https://github.com/openstack/neutron/blob/34448578cba471a0a4f1b49308eeb5c54009a725/neutron/db/securitygroups_db.py#L403

And a description of each key here: https://docs.openstack.org/python-openstackclient/train/cli/command-objects/security-group-rule.html

One dictionary key is a parameter of a security rule. For security group rules that uses ports you will have to specify the protocol type.

The most common security group rules are the following:

DEFAULT_IPV4_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '22',
        'port_range_max': '22',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '80',
        'port_range_max': '80',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '443',
        'port_range_max': '443',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '3389',
        'port_range_max': '3389',
        'protocol': 'tcp',
    },
]

DEFAULT_IPV6_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '22',
        'port_range_max': '22',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '80',
        'port_range_max': '80',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '443',
        'port_range_max': '443',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '3389',
        'port_range_max': '3389',
        'protocol': 'tcp',
    },
]

Note that you do not need to set security group for all outbound traffic (egress on 0.0.0.0/0 and ::/0) since these are created by default on each security group.

Image related settings

Fleio offers some customisable options regarding openstack images, options that can be adjusted by editing the settings.py file:

OS_IMAGE_CREATE_DISK_FORMATS = ['ami', 'ari', 'aki', 'vhd', 'vmdk', 'raw', 'qcow2', 'vdi', 'iso']
IMPORT_IMAGE_FROM_URL_MAX_PARALLEL_OPERATIONS = 5
IMPORT_IMAGE_FROM_URL_MAX_GB_PER_IMAGE = 20
IMPORT_IMAGE_FROM_FILE_MAX_PARALLEL_UPLOADS = 10
IMPORT_IMAGE_FROM_FILE_MAX_GB_PER_IMAGE = 20

Note that you need to add uwsgi_request_buffering off; in the nginx domain configuration. File location is usually in /etc/nginx/sites-enabled/{ your domain }.conf or /etc/nginx/conf.d/{ your domain }.conf.

The line needs to be added in the location /backend/ configuration:

location /backend/ {
    uwsgi_pass  django;
    include uwsgi_params;
    uwsgi_request_buffering off;
}

After editing the nginx configuration make sure that everything is ok by running nginx -t.

If the configuration is ok you can restart nginx using systemctl restart nginx

• OS_IMAGE_CREATE_DISK_FORMATS: will filter the files that are available for upload at image creation

• IMPORT_IMAGE_FROM_URL_MAX_PARALLEL_OPERATIONS: will limit the image download from url to maximum X concurrent downloads

• IMPORT_IMAGE_FROM_URL_MAX_GB_PER_IMAGE: will limit the maximum download for each image to X GB

Notifications logging settings

For debug purposes, you can enable logging of RabbitMQ notifications that Fleio receives from OpenStack.

You can define a list of strings in OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS. When notification messages are received, if the notification name contains any of the strings in the OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS list, it will be logged. Notifications are logged in the fleio_log docker volume. You can see the log content by entering the utils container with the fleio bash command and then running cat /var/log/fleio/os_event_notifications.txt.

Configuration example:

OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'project']
# Will log event notification to /var/log/fleio/os_event_notifications.txt that contain or ar the same as the keywords
# defined here. Example: OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'snapshot.update.start', 'identity']
# Change OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE value to show whole notification or just a summary

If '*' is specified, it will log all notification messages received from OpenStack. Note that this may generate a high number of I/O operations on local storage. Therefore it is not recommended to permanently have all notifications logged in a busy production environment.

Here’s how you can use OpenStack notifications logging for debugging:

OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['*']  # will log all notifications

By default, OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE is False and Fleio will simply log the notification name. If you want to log the detailed JSON notification payload, then set:

OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE = True

Direct admin licensing module

In order to be able to use the Direct Admin licensing module you need to add the following dictionary in your settings.py file:

DIRECT_ADMIN = {
    'CLIENT_UID': '<YOUR_DA_ACCOUNT_UID>',
    'CLIENT_PASSWORD': '<YOUR_DA_ACCOUNT_PASSWORD>',
    'REMOTE_HOST': 'https://www.directadmin.com',
    'USER_AGENT': 'Fleio'
}

After that you need to go into the Staff -> Billing -> Products and define your DA license product. For that, you will have to choose the DirectAdmin billing module. On the DirectAdmin module configuration part, you will be able to choose the license type.

Enable/disable new Angular frontend

We are migrating the Fleio frontend from the legacy AngularJS framework to Angular. For a smooth migration we are gradually rewriting and releasing pages from the staff panel in Angular. After the staff panel is successfully migrated to Angular we will do the same for the end-user panel.

The new Angular pages are temporarily located a under the /newstaff URL, while the previous pages remain for now under /staff URL.

By default some of the staff panel menu options already point to /newstaff links, while the pages that are not yet migrated to Angular will still link to a /staff URL. For instance, one of the first pages migrated to Angular is Settings > Configurations and it links to /newstaff/settings/configurations.

If for any reason you want to switch the staff panel to only use old AngularJS pages set this to False in your settings.py file:

ANGULAR_STAFF_FRONTEND = False

Note that this is a temporary setting. Eventually the entire Fleio frontend will be switched to Angular.