Advanced settings file¶
You can change Fleio options and behavior from the settings.py
file as described below.
Note that, besides the backend settings described in this document, frontend settings are also available to personalize your installation.
Edit settings.py file¶
The settings.py
file is specific to your Fleio installation and contains details like database connection parameters
or features that are enabled/disabled in your case. We have implemented a model similar to inheritance, where we have
common_settings.py
and base_settings.py
files with default settings for all Fleio installations and the options
in the base file may be safely overwritten in settings.py
.
Warning
Do not edit base_settings.py
or common_settings.py
. These files are frequently changed during Fleio upgrades
and your changes may get overwritten. Add your changes to settings.py
, which is not overwritten on upgrades.
Still, you can see the content of common_settings.py
and base_settings.py
for your reference. Some advanced
Fleio options may not be documented, this is when the source code comes in handy.
fleio bash cat /var/webapps/fleio/project/fleio/common_settings.py
fleio bash cat /var/webapps/fleio/project/fleio/base_settings.py
You can also display the content of settings.py
:
fleio bash cat /var/webapps/fleio/project/fleio/fleiosettings/settings.py
To edit the Fleio settings file please use the following command:
fleio edit settings.py
On exit, press “Y” if you want to restart Fleio and apply changes immediately. Or press “n” if you plan to manually restart Fleio later.
Warning
Changes to the settings.py
file only apply after the Fleio containers are restarted.
settings.py
is stored in a Docker volume and you can also access it with the Fleio utils container. Docker volumes
are only accessible from within a Docker container. Here’s how you start bash
in a temporarily created Docker
container and show the full path to settings.py
.
# launch the Fleio utils Docker container
fleio bash
# path of the settings file:
ls /var/webapps/fleio/project/fleio/fleiosettings/settings.py
Restarting Fleio¶
In order to restart Fleio you need to use the following command:
fleio restart
Django and DRF settings¶
The Fleio backend is built on Django web framework and Django REST framework. You can overwrite Django and DRF settings
in the settings.py
file, as well. Read about their available settings
in the Django documentation and
in the DRF documentation.
Fleio specific settings¶
Some advanced Fleio settings can only be changed by editing the settings file:
How to enable/disable features¶
Fleio allows you to enable or disable features for end-user, staff, and reseller panel. When a feature is disabled some of the user interface elements, like a menu option or a button, may be hidden.
There are three Python dictionaries that define the features in your Fleio installation:
FEATURES
- dictionary defining end-user featuresSTAFF_FEATURES
- dictionary that defines features available in the staff panelRESELLER_FEATURES
- defines features from the staff panel (note that resell panel will be removed in the future)
The dictionary entries may have one of the two values:
True
- feature is enabledFalse
- feature is disabled
Features toggles have a tree-like structure with child elements present after a dot (.
) in feature strings.
Disabling a top feature would disable all it children. For instance, setting 'openstack': False
, would disable all
features beneath, like 'openstack.instances'
, 'openstack.volumes'
, 'openstack.images'
etc.
To enable or disable a feature you need edit the settings.py file. Here are a few examples
added at the end of the settings.py
file:
FEATURES['openstack.dns'] = False # disable DNS zones management from end-user panel
FEATURES['openstack.routers'] = False # disable routers menu option from end-user panel
FEATURES['plugins.tickets'] = False # disable support tickets from end-user panel panel
FEATURES['openstack.dns.ptr'] = False # disable PTR (or reverse DNS) link next to IPs on instance view
FEATURES['plugins.domains'] = False # disable domain registration from end-user panel
FEATURES['billing.recurring_payments'] = True # enable recurring payment options
FEATURES['clients&users.switch-client'] = True # show switch client option the end-user panel
FEATURES['clients&users.signup'] = False # do not allow end-users to self-sign-up
STAFF_FEATURES['plugins.tickets'] = False # disable support tickets from staff panel
STAFF_FEATURES['plugins.domains'] = False # disable domain registration from staff panel
STAFF_FEATURES['openstack.floatingips'] = True # disable floating IPs in the staff panel
You can see the full list of available feature toggles in the following files.
Warning
Do not edit these files as they are updated on Fleio upgrades and you may lose your changes. You can use them for your reference, but only modify the settings.py file, which is specific to your installation and is not changed on Fleio upgrades.
fleio/common_settings.py
fleio/base_settings.py
Note that available features differ based on the Fleio edition you have installed (OpenStack Edition, Hosting Billing Edition or both). Use the following commands to see the content of these files:
fleio bash cat /var/webapps/fleio/project/fleio/common_settings.py
fleio bash cat /var/webapps/fleio/project/fleio/base_settings.py
Here’s how features are defined by default in the Fleio code as of version 2022.08.1.
Warning
Do not edit these files as they are overwritten on Fleio upgrades. Only edit the settings.py file.
The content shown below is from Fleio release 2022.08.1 and it may not be up to date. To see the features available in your installation you can list the content of these files.
# fleio/common_settings.py file
# do not edit, use just for your reference
# feature toggles for the end-user panel, for all Fleio editions
FEATURES = {
'demo': False,
'enduser': True,
'enduser.allow_changing_password': True,
'billing': True,
'billing.addcredit': True,
'billing.credit_auto_invoicing': True,
'billing.credit_estimate': True,
'billing.history': True,
'billing.invoices': True,
'billing.order': True,
'billing.pdf': True,
'billing.services': True,
'billing.recurring_payments': False,
'clients&users.clients': True,
'clients&users.clients.allow_country_change': True,
'logger.email-message-log': True,
'clients&users.invitations': True,
'clients&users.roles': True,
'clients&users.signup': True,
'clients&users.users': True,
'clients&users.userprofile': True,
'clients&users.second_factor_auth': True,
'clients&users.second_factor_auth.google_authenticator': True,
'clients&users.second_factor_auth.sms_authenticator': True,
'clients&users.switch-client': False,
'dashboard': True,
'notifications': True,
'plugins': True,
'plugins.cpanel': True,
'plugins.todo': True,
'utils': True,
'utils.operations': True,
}
# feature toggles for the staff panel, for all Fleio editions
STAFF_FEATURES = {
'demo': False,
'staff': True,
'billing': True,
'billing.external_billing': True,
'billing.gateways': True,
'billing.journal': True,
'billing.invoices': True,
'billing.orders': True,
'billing.products': True,
'billing.pdf': True,
'billing.services': True,
'billing.history': True,
'billing.service-cycles': True,
'billing.taxrules': True,
'billing.transactions': True,
'billing.reporting': True,
'billing.reseller': False,
'clients&users.clients': True,
'clients&users.mass-mail': True,
'clients&users.roles': True,
'clients&users.clients.reset_usage': False,
'clients&users.clientgroups': True,
'clients&users.userprofile': True,
'clients&users.users': True,
'clients&users.usergroups': True,
'clients&users.second_factor_auth': True,
'clients&users.second_factor_auth.google_authenticator': True,
'clients&users.second_factor_auth.sms_authenticator': True,
'dashboard': True,
'app-status': True,
'logger': True,
'logger.periodic_task_log': True,
'logger.email-message-log': True,
'notifications': True,
'notifications.send': True,
'plugins': True,
'plugins.cpanel': True,
'plugins.todo': True,
'settings': True,
'settings.general': True,
'settings.configurations': True,
'settings.authorization': True,
'settings.notifications.templates': True,
'utils': True,
'utils.activitylog': True,
'utils.operations': True,
'utils.tasklog': True,
'utils.reports': True,
'utils.reports.yearly_revenue': True,
}
Besides the common_settings.py
file features are also defined in base_settings.py
:
# fleio/common_settings.py file
# do not edit, use just for your reference
# feature toggles for the end-user panel, for full Fleio edition
# Some of the features may be missing in your installation if you have a OpenStack Edition or Hosting Billing
# Edition license, instead of full license
FEATURES.update({
'openstack': True,
'openstack.apiusers': True,
'openstack.cleanup': True,
'openstack.cleanup.images': True,
'openstack.cleanup.images.showdate': True,
'openstack.coe.clusters': True,
'openstack.coe.clusters.create.master_lb_flag': False,
'openstack.coe.clusters.create.show_price': True,
'openstack.coe.cluster_templates': True,
'openstack.coe.cluster_templates.manage_cluster_templates': True,
'openstack.dns.ptr': True,
'openstack.dns.zones': True,
'openstack.flavors': True,
'openstack.floatingips': True,
'openstack.floatingips.show-price-on-create': True,
'openstack.images': True,
'openstack.images.copy': True,
'openstack.images.download': True,
'openstack.images.file_uploads': True,
'openstack.images.updatecreate': True,
'openstack.images.show-price-on-create': True,
'openstack.images.showcommunity': True,
'openstack.images.showshared': True,
'openstack.instances': True,
'openstack.instances.allow_changing_password': True,
'openstack.instances.availability_zones': False,
'openstack.instances.show-price-on-create': True,
'openstack.instances.rescue': True,
'openstack.instances.resize.allow_resize_to_less_disk_space': True,
'openstack.instances.resize.show-price': True,
'openstack.instances.show_hypervisors': True,
'openstack.instances.snapshots': True,
'openstack.instances.snapshots.pricing': True,
'openstack.instances.traffic': True,
'openstack.instances.networking.edit': True,
'openstack.lbaas': True,
'openstack.networks': True,
'openstack.networks.availability_zones': False,
'openstack.networks.display_external_networks': True,
'openstack.networks.display_shared_networks': True,
'openstack.networks.auto_create_network': True,
'openstack.osbackup': True,
'openstack.osbackup.pricing': True,
'openstack.osbackup.schedules': True,
'openstack.ports': True,
'openstack.ports.manage_public_network_related_ports': False,
'openstack.projects': True,
'openstack.routers': True,
'openstack.routers.availability_zones': False,
'openstack.securitygroups': True,
'openstack.sshkeys': True,
'openstack.subnetpools': True,
'openstack.volumes': True,
'openstack.volumes.availability_zones': False,
'openstack.volumes.backups': True,
'openstack.volumes.backups.show-price-on-create': True,
'openstack.volumes.show-price-on-create': True,
'openstack.volumes.snapshots': True,
'openstack.volumes.snapshots.show-price-on-create': True,
'openstack.volumes.boot': True,
'openstack.object-store': True,
'openstack.object-store.show-region-select': True,
'openstack.orchestration.heat-stacks': True,
'openstack.orchestration.heat-resource-types': True,
'openstack.orchestration.heat-template-versions': True,
'plugins.tickets': True,
'plugins.cpanelserver': True,
'plugins.domains': True,
'plugins.directadmin': True,
})
# feature toggles for the end-user panel, for full Fleio edition
# Some of the features may be missing in your installation if you have a OpenStack Edition or Hosting Billing
# Edition license, instead of full license
STAFF_FEATURES.update({
'openstack': True,
'openstack.apiusers': True,
'openstack.cleanup': True,
'openstack.cleanup.images': True,
'openstack.cleanup.images.showdate': True,
'openstack.coe.clusters': True,
'openstack.coe.clusters.create.master_lb_flag': False,
'openstack.coe.clusters.create.show_price': True,
'openstack.coe.cluster_templates': True,
'openstack.dns.ptr': True,
'openstack.dns.zones': True,
'openstack.flavors': True,
'openstack.floatingips': True,
'openstack.floatingips.show-price-on-create': True,
'openstack.hypervisors': True,
'openstack.images': True,
'openstack.images.copy': True,
'openstack.images.download': True,
'openstack.images.file_uploads': True,
'openstack.images.shareoncreate': True,
'openstack.images.showcommunity': True,
'openstack.images.showshared': True,
'openstack.images.updatecreate': True,
'openstack.instances': True,
'openstack.instances.allow_changing_password': True,
'openstack.instances.availability_zones': False,
'openstack.instances.show-price-on-create': True,
'openstack.instances.rescue': True,
'openstack.instances.resize.show-price': True,
'openstack.instances.snapshots': True,
'openstack.instances.snapshots.pricing': True,
'openstack.instances.traffic': True,
'openstack.lbaas': True,
'openstack.networks': True,
'openstack.networks.availability_zones': False,
'openstack.networks.auto_create_network': True,
'openstack.ports': True,
'openstack.projects': True,
'openstack.routers': True,
'openstack.routers.availability_zones': False,
'openstack.securitygroups': True,
'openstack.sshkeys': True,
'openstack.subnetpools': True,
'openstack.subnets': True,
'openstack.volumes': True,
'openstack.volumes.availability_zones': False,
'openstack.volumes.backups': True,
'openstack.volumes.backups.show-price-on-create': True,
'openstack.volumes.show-price-on-create': True,
'openstack.volumes.snapshots': True,
'openstack.volumes.snapshots.show-price-on-create': True,
'openstack.volumes.types': True,
'openstack.volumes.boot': True,
'openstack.osbackup': True,
'openstack.osbackup.pricing': True,
'openstack.osbackup.schedules': True,
'openstack.settings': True,
'openstack.plans': True,
'plugins.cpanelserver': True,
'plugins.domains': True,
'plugins.directadmin': True,
'plugins.tickets': True,
'servers': True,
'utils.reports.estimated_instance_monthly_revenue': True,
})
With Fleio 2019.12.0 release we have added the reseller feature. With this we also have a new dictionary in order to
enable or disable RESELLER FEATURES
:
Warning
The reseller functionality in Fleio will be deprecated and removed from Fleio in the following months. We recommend that you do not use this feature any more.
# fleio/common_settings.py file
# do not edit, use just for your reference
# feature toggles for the reseller panel, for all Fleio editions
RESELLER_FEATURES = {
'demo': False,
'reseller': True,
'billing': True,
'billing.transactions': True,
'billing.journal': True,
'billing.invoices': True,
'billing.orders': True,
'billing.products': True,
'billing.pdf': True,
'billing.services': True,
'billing.history': True,
'clients&users.clients': True,
'clients&users.clientgroups': True,
'clients&users.userprofile': True,
'clients&users.users': True,
'clients&users.usergroups': True,
'clients&users.second_factor_auth': True,
'clients&users.second_factor_auth.google_authenticator': True,
'clients&users.second_factor_auth.sms_authenticator': True,
'dashboard': True,
'notifications': True,
'plugins': True,
'plugins.cpanel': True,
'plugins.todo': True,
'settings.configurations': True,
}
End-user features explained¶
demo
- enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.enduser
- feature is available only in end user mode, used to differentiate between enduser and staffenduser.allow_changing_password
- when set toFalse
end-users are not allowed to change their password, through Forgot password link or Edit user profilebilling.addcredit
- enables theAdd credit
button on dashboardbilling.credit_auto_invoicing
- enables the auto invoicing featurebilling.credit_estimate
- enables the credit estimate featurebilling.history
- enables billing history pagebilling.invoices
- enables invoice functionality, this may be needed forAdd credit
billing.order
- enables order functionality allowing end user to order servicesbilling.pdf
- enables pdf generation for invoicesbilling.services
- enables services view for end user, the user will be able to view and edit servicesbilling.recurring_payments
- enables recurring paymentsclients&users.clients
- enables client feature for end users allowing add or edit of clientsclients&users.clients.allow_country_change
- allow clients to change the countryclients&users.invitations
- enables the user invitation featureclients&users.roles
- enables the user roles featureclients&users.second_factor_auth
- enable second factor authentication(SFA) for end usersclients&users.second_factor_auth.google_authenticator
- enables google authenticator SFA methodclients&users.second_factor_auth.sms_authenticator
- enables sms authenticator SFA methodclients&users.switch-client
- enables the switch active client featureclients&users.signup
- enables signup for end users. If this is disabled, users can only be added by staff users or via the Fleio APIclients&users.userprofile
- enables used profile editing for end usersdashboard
- when disabled the dashboard page will be emptynotifications
- enables notifications for end useropenstack
- enables child OpenStack features. When this isFalse
, all OpenStack functionality is disabled.openstack.apiusers
- enables OpenStack API user managementopenstack.cleanup
- enables OpenStack objects cleanupopenstack.cleanup.images
- when enabled user uploaded images are automatically deleted in X daysopenstack.cleanup.images.showdate
- show the date when the user uploaded image will be automatically deletedopenstack.coe.clusters
- enables openstack Magnum cluster managementopenstack.coe.clusters.create.master_lb_flag
- enables the Master LB flag on the cluster create formopenstack.coe.clusters.create.show_price
- will show the estimated price on the cluster create formopenstack.coe.cluster_templates
- enables openstack Magnum cluster template managementopenstack.coe.cluster_templates.manage_cluster_templates
- allows the end user to manage and update clusters templateopenstack.dns.ptr
- enables dns ptr record editing for instancesopenstack.dns.zones
- enables dns zones editingopenstack.floatingips
- enables floating IPs management for end usersopenstack.floatingips.show-price-on-create
- will show the estimated price on floating IP createopenstack.images
- enables My images feature for end users where users can see snapshots and upload imagesopenstack.images.copy
- enables the image copy to other regions featureopenstack.images.createupdate
- enable create and update of images in My images pageopenstack.images.file_uploads
- allow end user to upload images using files as sourceopenstack.images.showcommunity
- show community images, on separate tab, in create instance formopenstack.images.showshared
- show shared images in create instance formopenstack.images.show-price-on-create
- show the estimated price on image create formopenstack.images.download
- allows the end user to download imagesopenstack.instances
- enables management of instances for end usersopenstack.instances.allow_changing_password
- enables and shows the instance menu option Change passwordopenstack.instances.availability_zones
- enables the availability zone dropdown on instance create formopenstack.instances.snapshots
- allows instance snapshots. This feature may requireopenstack.images
to be enabledopenstack.instances.snapshots.pricing
- shows the estimated price for instance snapshotsopenstack.instances.show_hypervisors
- enables the display of hypervisors name on instance detailsopenstack.instances.show-price-on-create
- show the estimated price on the instance create formopenstack.instances.rescue
- enables the instance rescue featureopenstack.instances.resize.allow_resize_to_less_disk_space
- allow resizing of instances to flavors with less disk spaceopenstack.instances.resize.show-price
- show the estimated price on the instance resize formopenstack.instances.traffic
- enables instance traffic monitoring and billing functionalityopenstack.instances.networking.edit
- enables networking tab for end user. This feature may requireopenstack.ports
to be enabledopenstack.lbaas
- enables the load balancers featureopenstack.networks
- enables networks management for end usersopenstack.networks.availability_zones
- enables the availability zones dropdown on network create formopenstack.networks.auto_create_network
- enables auto creation of networksopenstack.networks.display_external_networks
- displays external networks created by other usersopenstack.networks.display_shared_networks
- displays shared networks created by other usersopenstack.ports.manage_public_network_related_ports
- allows end user to edit his ports that are publicopenstack.routers
- allow end-users to create and manage network routersopenstack.routers.availability_zones
- enables the availability zone dropdown on router create formopenstack.securitygroups
- enables security groups management for end usersopenstack.sshkeys
- enables SSH key management for end usersopenstack.subnetpools
- enables management of subnet pools for end usersopenstack.volumes
- enables management of volumes for end usersopenstack.volumes.show-price-on-create
- show the estimated price on volume create formopenstack.volumes.availability_zones
- enables the availability zones dropdown on volume create formopenstack.volumes.backups
- enables volume backup managementopenstack.volumes.backups.show-price-on-create
- show the estimated price on volume backup create formopenstack.volumes.boot
- show the boot from volume feature on instance create formopenstack.volumes.snapshots
- enables the volume snapshot featureopenstack.volumes.snapshots.show-price-on-create
- show the estimated price on volume snapshot create formopenstack.osbackup
- enables server backup functionality for end usersopenstack.osbackup.pricing
- show the estimated price on server backupopenstack.osbackup.schedules
- allow end-users to edit backup scheduleopenstack.object-store
- enables the object store featureopenstack.orchestration.heat-stacks
- enables the heat stacksopenstack.orchestration.heat-resource-types
- enables the heat resource typesopenstack.orchestration.heat-template-versions
- enables the heat template versionsplugins
- whenFalse
all below plugins will be disabledplugins.todo
- enables the TODO pluginplugins.tickets
- enables support tickets functionalityplugins.cpanel
- enables cPanel functionalityplugins.cpanelserver
- enables cPanel server functionalityplugins.domains
- enables domain name registration and managementutils
- enables the utils featureutils.operations
- enables the operations feature
New in version 2022.05.1.
openstack.object-store.show-region-select
- enables the region select dropdown on the object store view
Staff user features explained¶
demo
- enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.staff
- feature is available only in staff mode, used to differentiate between end user and staffbilling
- whenTrue
, enables billing features; whenFalse
disables all features that start withbilling. ...
billing.gateways
- enables gateways functionality for staffbilling.journal
- enables journal viewer for staffbilling.invoices
- enables invoice management for staffbilling.orders
- enables order management for staffbilling.reporting
- enables the reporting featurebilling.products
- enables products management for staffbilling.pdf
- enabled pdf generation for invoicesbilling.services
- enables services management for staffbilling.service-cycles
- enables the service cycles tab on servicesbilling.taxrules
- enables tax rules management for staffbilling.transactions
- enables transactions functionalitybilling.reseller
- enables reseller billingclients&users.clients
- enables clients management for staffclients&users.users
- enables users management for staffclients&users.userprofile
- enables used profile editing for staffclients&users.second_factor_auth
- enable second factor authentication(SFA) for end usersclients&users.second_factor_auth.google_authenticator
- enables google authenticator SFA methodclients&users.second_factor_auth.sms_authenticator
- enables sms authenticator SFA methodclients&users.roles
- enables the user roles managementclients&users.clientgroups
- enables client groups management for staffclients&users.usergroups
- enables user group management for staffclients&users.clients.reset_usage
- enables the reset usage featuredashboard
- when disabled the dashboard page will be emptyapp-status
- shows App services on staff dashboardopenstack.apiusers
- enables OpenStack API user managementopenstack.cleanup
- enables OpenStack objects cleanupopenstack.cleanup.images
- enables automatic deletion of user uploaded images after X daysopenstack.cleanup.images.showdate
- show the date when the user uploaded images will be automatically deletedopenstack.coe.clusters
- enables openstack Magnum cluster managementopenstack.coe.cluster_templates
- enables openstack Magnum cluster template managementopenstack.coe.clusters.create.master_lb_flag
- enables the Master LB flag on cluster create formopenstack.coe.clusters.create.show_price
- shows the estimated price on the cluster create formopenstack.dns.ptr
- enables DNS PTR record editing for instancesopenstack.dns.zones
- enables DNS zone editingopenstack.flavors
- enables flavors managementopenstack.floatingips
- enables floating IPs management for staffopenstack.floatingips.show-price-on-create
- shows the estimated price on floating IP create formopenstack.images
- enables Image management for staff where staff users can see snapshots and upload imagesopenstack.images.copy
- enables the image copy to other regions featureopenstack.images.download
- allow staff users to download imagesopenstack.images.file_upload
- allow staff users to upload images from filesopenstack.images.shareoncreate
- enables instance creation based on an image from another project. The image will be shared between projects.openstack.images.showcommunity
- show community images, on separate tab, in create instance formopenstack.images.showshared
- show shared images in create instance formopenstack.instances
- enables management of instances for staffopenstack.instances.availability_zones
- enables availability zones dropdown menu on instance crate formopenstack.instances.show-price-on-create
- show the price on instance crate formopenstack.instances.rescue
- enables the instance rescue featureopenstack.instances.resize.show-price
– show the estimated price on instance resize formopenstack.instances.snapshots.pricing
- show the estimated price on instance snapshot create formopenstack.instances.allow_changing_password
- enables and shows the instance menu option Change passwordopenstack.instances.snapshots
- allows instance snapshots. This feature may requireopenstack.images
to be enabledopenstack.instances.traffic
- enables instance traffic monitoring and billing functionalityopenstack.networks
- enables networks management for staffopenstack.networks.availability_zones
- enables the availability zones dropdown on network create formopenstack.networks.auto_create_network
- enables the auto create network featureopenstack.ports
- enables ports management for staffopenstack.projects
- enables project management for staffopenstack.routers
- enables routers management for staffopenstack.routers.availability_zones
- enables the availability zones dropdown on router create formopenstack.securitygroups
- enables security groups management for staffopenstack.sshkeys
- enables ssh key management for staffopenstack.subnetpools
- enables management of subnet pools for staffopenstack.subnets
- enables subnet management for staffopenstack.volumes
- enables management of volumes for staffopenstack.volumes.availability_zones
- enables the availability zones dropdown on volume create formopenstack.volumes.show-price-on-create
- show the estimated price on volume create formopenstack.volumes.backups
- enables volume backup managementopenstack.volumes.backups.show-price-on-create
- show the estimated price on volume backup create formopenstack.volumes.snapshots
- enables the volume snapshot featureopenstack.volumes.snapshots.show-price-on-create
- show the estimated price on volume snapshot create formopenstack.volumes.types
- enables the volumes type featureopenstack.volumes.boot
- allow staff users mark volume as bootableopenstack.osbackup
- enables backup of instancesopenstack.osbackup.schedules
- allow staff users to edit backup scheduleopenstack.osbackup.pricing
- show the estimated price on server backupopenstack.settings
- enables OpenStack settings on staff panelopenstack.plans
- enables management of OpenStack pricing plansplugins
- whenFalse
all below plugins will be disabledplugins.todo
- enables the TODO pluginplugins.tickets
- enables support tickets functionalityplugins.cpanel
- enables cPanel functionalityplugins.cpanelserver
- enables cPanel server functionalityplugins.domains
- enables domain name registration and managementsettings
- disables all settingssettings.general
- enables general settings on staff panelsettings.configurations
- enables management of configurationssettings.authorization
- enables authorization frontend for staffsettings.notifications.templates
- enables notification templates frontend for staffutils
- whenFalse
disables Utils menu group and functionalityutils.activitylog
- enables activity log viewer on staff pageutils.tasklog
- enables task log viewer on staff pageutils.reports
- enables reportsutils.reports.yearly_revenue
- enables the yearly revenue reportutils.operations
- enables operations viewservers
- enables servers featureservers
- enables shared hosting servers managementnotifications.send
- enables important staff notifications (currently for invoices and new orders)
Reseller user features explained¶
Warning
The reseller functionality in Fleio will be deprecated and removed from Fleio in the following months. We recommend that you do not use this feature any more.
reseller
- Enables the reseller feature. Mandatory to be True if reseller is activebilling
- Enables billingbilling.transactions
- enables transactions functionalitybilling.journal
- enables journal viewer for resellerbilling.invoices
- enable invoice management for resellerbilling.orders
- enable order management for resellerbilling.products
- enable product management for resellerbilling.pdf
- enable pdf generation for invoicesbilling.services
- Enable service management for resellerbilling.history
- Enables billing history for resellerclients&users.clients
- enables clients management for resellerclients&users.users
- enables users management for resellerclients&users.clientgroups
- enables client groups management for resellerclients&users.usergroups
- enables user group management for resellerclients&users.second_factor_auth
- enable second factor authentication(SFA) for resellerclients&users.second_factor_auth.google_authenticator
- enables google authenticator SFA methodclients&users.second_factor_auth.sms_authenticator
- enables sms authenticator SFA methodnotifications
- enables notifications for reselleropenstack
- enables child OpenStack features. When this isFalse
, all OpenStack functionality is disabled.openstack.apiusers
- enables OpenStack API user managementopenstack.cleanup
- enables OpenStack objects cleanupopenstack.cleanup.images
- when enabled user uploaded images are automatically deleted in X daysopenstack.cleanup.images.showdate
- show the date when the user uploaded image will be automatically deletedopenstack.coe.clusters
- enables openstack Magnum cluster managementopenstack.coe.cluster_templates
- enables openstack Magnum cluster template managementopenstack.dns.ptr
- enables dns ptr record editing for instancesopenstack.dns.zones
- enables dns zones editingopenstack.flavors
- enables flavors management for resellersopenstack.floatingips
- enables floating IPs management for resellersopenstack.images
- enables My images feature for end users where users can see snapshots and upload imagesopenstack.images.copy
- enables the image copy to other regions featureopenstack.images.file_uploads
- enables image file uploads for reselleropenstack.images.updatecreate
- enable create and update of images in My images pageopenstack.images.showcommunity
- show community images, on separate tab, in create instance formopenstack.images.showshared
- show shared images in create instance formopenstack.instances
- enables management of instances for reselleropenstack.instances.allow_changing_password
- enables and shows the instance menu option Change passwordopenstack.instances.snapshots
- allows instance snapshots. This feature may requireopenstack.images
to be enabledopenstack.instances.show_hypervisors
- enables the display of hypervisors name on instance detailsopenstack.instances.traffic
- enables instance traffic monitoring and billing functionalityopenstack.networks
- enable networks management for reselleropenstack.ports
- enable ports management for reselleropenstack.projects
- enables projects management for reselleropenstack.routers
- allow end-users to create and manage network routersopenstack.securitygroups
- enables security groups management for reselleropenstack.sshkeys
- enables SSH key management for reselleropenstack.subnets
- enable subnets management for resellersopenstack.volumes
- enables management of volumes for reselleropenstack.volumes.backups
- enables volume backup managementopenstack.volumes.boot
- show the boot from volume feature on instance create formopenstack.volumes.snapshots
- enable volume snapshots functionality for resellersopenstack.osbackup
- enables backup functionality for reselleropenstack.osbackup.schedules
- allow resellers to edit backup scheduleopenstack.plans
- enables openstack plans management for resellers
Override enduser features¶
End user features can be overridden for end users based on client group using the OVERRIDE_FEATURES setting. For example if you want to disable billing.addcredit for clients belonging to client group group1 your OVERRIDE_FEATURES settings should look like this:
OVERRIDE_FEATURES = {
'group1': {
'billing.addcredit': False
}
}
Note that the override features are applied only in frontend and only in end user panel.
Customize user session expiry time¶
The end-user and staff authentication sessions expire after a certain period of time. This period can be configured by editing settings.py and adding one of the following variables:
# Number of seconds in which the end-user authentication session expires when "Remember me" is disabled
ENDUSER_SHORT_SESSION_SECONDS = 3600 * 24 # 24 hours
# Number of seconds in which the end-user authentication session expires when "Remember me" is enabled
ENDUSER_LONG_SESSION_SECONDS = 3600 * 24 * 60 # 60 days
# Number of seconds in which the staff user authentication session expires when "Remember me" is disabled
STAFF_SHORT_SESSION_SECONDS = 3600 * 24 # 24 hours
# Number of seconds in which the staff user authentication session expires when "Remember me" is enabled
STAFF_LONG_SESSION_SECONDS = 3600 * 24 * 60 # 60 days
Configure custom add credit URL¶
You can use an external link, if you are using another system (like WHMCS) to handle invoicing and credit card payments rather than fleio. You can customize the add credit URL which will reflect in several places including the one in end-user dashboard. This will also be used when sending email notifications regarding client having low credit and being out of credit or on the end-user cloud resources create form when the client has a credit amount lower than the one required to create new resources (configurable from the fleio configurations)
Edit settings.py and add:
# Leave empty to use the default add credit URL of Fleio
# fill in 'client_group_name': 'http://url...' pairs when using an external billing
# when the dictionary has a single entry it will be used regardless of the 'client_group_name'
ADD_CREDIT_URLS = {}
Openstack pricing rule settings¶
Openstack pricing rule price decimals can be configured by updating PRICING_RULE_PRICE_MAX_DECIMAL_PLACES
. Default
value is 8, we do not recommend using a value greater than 8 since the least significant decimals may be ignored.
You can also configure minimum price per pricing rule by changing MINIMUM_PRICE_PER_RULE
. Default value of 0.01
means any rule that applies to a resource will generate a price of at least 0.01 in the rule currency.
Note
Note that the MINIMUM_PRICE_PER_RULE
setting will apply to all pricing rules and resources, except on the
resources from the pricing rules that have the pricing rule for free
setting (e.g. instance IPs).
SSO_MAX_AGE¶
External billing systems, like WHMCS, generate single sign-on URLs. For security reasons, SSO URLs contain a timestamp from the moment they were generated.
SSO_MAX_AGE
specifies after how many seconds, from the generation time, the single sign-on URL expires.
If single sign-on ULR is expired, it won’t work anymore.
PROXY_SETTINGS¶
If you are behind a proxy server, you must set this variable, to access the licensing server for setting the license.
Set it to: PROXY_SETTINGS = {‘https’: ‘<ip>:<port>’, }. For example:
PROXY_SETTINGS = {'https': '10.10.1.11:1080', }
Adjusting throttle rates¶
To protect against against brute force or denial-of-service attacks, Fleio uses the throttling mechanism provided by the Django REST framework.
Here is an examples of how to change the limit rates. Lines below would be added to the settings.py file:
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['signup'] = '10/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['password_reset'] = '100/hour'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['resend_email_verification'] = '100/day'
You can see the default throttling rates and the values that you can adjust by listing the content of common_settings.py.
Warning
Do not assign a value directly to REST_FRAMEWORK
(e.g. REST_FRAMEWORK = ...
). This will overwrite any
additions to REST_FRAMEWORK
in future Fleio upgrades. Assign individual dictionary keys instead, like
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['signup'] = '10/day'
.
Note
Do not edit common_settings.py
as it is overwritten on Fleio upgrades. Only
edit the settings.py file.
The content shown below is from Fleio release 2022.08.1 and it may not be up to date. To see the default throttling values for your version, list the content of common_settings.py.
# code from common_settings.py
# do not edit common_settings.py
REST_FRAMEWORK = {
# ...
'DEFAULT_THROTTLE_RATES': {
'login': '60/hour',
'django_admin': '60/hour',
'signup': '2/day',
'confirm_email': '100/day',
'resend_email_verification': '100/day',
'password_reset': '10/hour',
'gateway_callback': '1000/hour',
'anonymous_sms_authenticator': '60/hour',
'sms_sending': '15/hour',
'ticket_attachments_create': '100/day',
},
# ...
}
Adjusting the celery beat tasks schedule¶
If you want to change the schedule of the celery beat tasks (such as process clients cron, collect traffic data and so on), you will need to uncomment the following code from the settings.py file.
After that, you need to replace the default value (15) with the desired value. We recommend that the process clients cron and collect traffic data to be run at least once every 15 minutes.
CELERY_BEAT_SCHEDULE = {
'process_clients_task_every_15_minutes': {
'task': 'Process clients task',
'schedule': crontab(minute='*/15')
},
'collect_traffic_data_task_every_15_minutes': {
'task': 'Collect traffic data task',
'schedule': crontab(minute='*/15')
},
'update_exchange_rates_task_at_midnight': {
'task': 'Update exchange rates task',
'schedule': crontab()
},
'process_scheduled_backups_task_every_15_minutes': {
'task': 'Process scheduled backups task',
'schedule': crontab(minute='*/15')
},
'sync_hypervisors_task_every_60_minutes': {
'task': 'Hypervisors background synchronization',
'schedule': crontab(minute='*/60')
},
'clear_expired_sessions_every_12_hours': {
'task': 'Clear expired sessions task',
'schedule': crontab(hour='*/12')
},
}
After changing the settings.py file you will have to restart Fleio services. Please see Restarting Fleio.
Configurable password strength¶
Fleio handles the password strength using several variables. The default complexity is the following:
ENDUSER_PASSWORD_MIN_LEN = 8
ENDUSER_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
ENDUSER_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN))
ENDUSER_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
ENDUSER_ROOT_PASSWORD_MIN_LEN = 8
ENDUSER_ROOT_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
ENDUSER_ROOT_PASSWORD_LENGTH_ERROR = _(
'Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN)
)
ENDUSER_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
RESELLER_PASSWORD_MIN_LEN = 8
RESELLER_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
RESELLER_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN))
RESELLER_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
RESELLER_ROOT_PASSWORD_MIN_LEN = 8
RESELLER_ROOT_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
RESELLER_ROOT_PASSWORD_LENGTH_ERROR = _(
'Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN)
)
RESELLER_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
STAFF_PASSWORD_MIN_LEN = 8
STAFF_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(STAFF_PASSWORD_MIN_LEN))
STAFF_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
STAFF_ROOT_PASSWORD_MIN_LEN = 8
STAFF_ROOT_PASSWORD_REGEXES = [
# '[a-z]', # password should contain a lower case letter
# '[A-Z]', # password should contain a upper case letter
# '[0-9]', # password should contain a digit
# r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(STAFF_PASSWORD_MIN_LEN))
STAFF_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
Variables ending with _PASSWORD_REGEXES contain a list of regular expressions used for password validation. A password is considered valid if it matches all the regexes.
After you configure them by your needs you must restart the fleio
services. See Restarting Fleio.
Default OpenStack object names¶
Fleio creates a new security group for each client (OpenStack project) the first time an instance is created. And this new security group will be automatically added to all instances the end-user creates.
By default this security group is called fleio and has description fleio. You can change the default name and description by adding these lines in your settings.py file:
# Name of the security group that is automatically created when the end-user creates the first instance
SECURITY_GROUP_NAME = 'fleio'
# Description of the same automatically created security group
SECURITY_GROUP_DESCRIPTION = 'fleio'
Default security group rules¶
Security groups are actually firewall rules in OpenStack. Though, the rules are not defined inside the virtual machine (instance), but on the networking layer (OpenStack Neutron project).
Fleio creates a security group automatically when the first instance is created for a client. To customize the name and the description of this security group see previous section.
The default Fleio security rules of this automatically created security group will allow all IPv4 and IPv6 traffic:
DEFAULT_IPV4_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
},
]
DEFAULT_IPV6_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
},
]
You can customize the two list of rules in your settings.py. Note that each of the two settings consists of a list of Python dictionaries. Each dictionary is a security rule.
You can find here the possible dictionary keys: https://github.com/openstack/neutron/blob/34448578cba471a0a4f1b49308eeb5c54009a725/neutron/db/securitygroups_db.py#L403
And a description of each key here: https://docs.openstack.org/python-openstackclient/train/cli/command-objects/security-group-rule.html
One dictionary key is a parameter of a security rule. For security group rules that uses ports you will have to specify the protocol type.
The most common security group rules are the following:
DEFAULT_IPV4_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '22',
'port_range_max': '22',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '80',
'port_range_max': '80',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '443',
'port_range_max': '443',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '3389',
'port_range_max': '3389',
'protocol': 'tcp',
},
]
DEFAULT_IPV6_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '22',
'port_range_max': '22',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '80',
'port_range_max': '80',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '443',
'port_range_max': '443',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '3389',
'port_range_max': '3389',
'protocol': 'tcp',
},
]
Note that you do not need to set security group for all outbound traffic (egress on 0.0.0.0/0 and ::/0) since these are created by default on each security group.
Notifications logging settings¶
For debug purposes, you can enable logging of RabbitMQ notifications that Fleio receives from OpenStack.
You can define a list of strings in OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS
. When notification messages
are received, if the notification name contains any of the strings in the
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS
list, it will be logged. Notifications are logged in the
fleio_log
docker volume. You can see the log content by entering the utils container with the fleio bash
command and then running cat /var/log/fleio/os_event_notifications.txt
.
Configuration example:
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'project']
# Will log event notification to /var/log/fleio/os_event_notifications.txt that contain or ar the same as the keywords
# defined here. Example: OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'snapshot.update.start', 'identity']
# Change OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE value to show whole notification or just a summary
If '*'
is specified, it will log all notification messages received from OpenStack. Note that this may generate a
high number of I/O operations on local storage. Therefore it is not recommended to permanently have all notifications
logged in a busy production environment.
Here’s how you can use OpenStack notifications logging for debugging:
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['*'] # will log all notifications
By default, OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE
is False
and Fleio will simply log the notification
name. If you want to log the detailed JSON notification payload, then set:
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE = True
Direct admin licensing module¶
In order to be able to use the Direct Admin licensing module you need to add the following dictionary in your settings.py file:
DIRECT_ADMIN = {
'CLIENT_UID': '<YOUR_DA_ACCOUNT_UID>',
'CLIENT_PASSWORD': '<YOUR_DA_ACCOUNT_PASSWORD>',
'REMOTE_HOST': 'https://www.directadmin.com',
'USER_AGENT': 'Fleio'
}
After that you need to go into the Staff -> Billing -> Products and define your DA license product. For that, you will have to
choose the DirectAdmin billing
module. On the DirectAdmin module configuration part, you will be able to choose the license type.
Exclude backup volumes from sync¶
New in version 2022.05.1.
During some operations (e.g. volume backup) OpenStack will create temporary, short lived volumes that are of no interest. No notifications are generated for these volumes and they will not usually be visible in Fleio however if you run sync with this setting set to False these volumes may be added to Fleio database. Enabling this setting will exclude volumes named backup-vol-UUID where UUID is a valid uuid during sync. This setting will have effect only if consumes_quota attribute is not available for volumes (cinder API ver < 3.65). If consume_quota attribute is available all volumes with consume_quota will be ignored during sync.
EXCLUDE_SYNC_RESLOG_BACKUP_TEMP_VOLUMES = False