Advanced settings file¶
You can change Fleio options and behavior from the settings.py
file as described below.
Note that, besides the backend settings described in this document, frontend settings are also available to personalize your installation.
Edit settings.py file¶
The settings.py
file is specific to your Fleio installation and contains details like database connection parameters
or features that are enabled/disabled in your case. We have implemented a model similar to inheritance, where we have
common_settings.py
and base_settings.py
files with default settings for all Fleio installations and the options
in the base file may be safely overwritten in settings.py
.
Warning
Do not edit base_settings.py
or common_settings.py
. These files are frequently changed during Fleio upgrades
and your changes may get overwritten. Add your changes to settings.py
, which is not overwritten on upgrades.
Still, you can see the content of common_settings.py
and base_settings.py
for your reference. Some advanced
Fleio options may not be documented, this is when the source code comes in handy.
fleio bash cat /var/webapps/fleio/project/fleio/common_settings.py
fleio bash cat /var/webapps/fleio/project/fleio/base_settings.py
You can also display the content of settings.py
:
fleio bash cat /var/webapps/fleio/project/fleio/fleiosettings/settings.py
To edit the Fleio settings file please use the following command:
fleio edit settings.py
On exit, press “Y” if you want to restart Fleio and apply changes immediately. Or press “n” if you plan to manually restart Fleio later.
Warning
Changes to the settings.py
file only apply after the Fleio containers are restarted.
settings.py
is stored in a Docker volume, and you can also access it with the Fleio utils container. Docker volumes
are only accessible from within a Docker container. Here’s how you start bash
in a temporarily created Docker
container and show the full path to settings.py
.
# launch the Fleio utils Docker container
fleio bash
# path of the settings file:
ls /var/webapps/fleio/project/fleio/fleiosettings/settings.py
Restarting Fleio¶
In order to restart Fleio you need to use the following command:
fleio restart
Django and DRF settings¶
The Fleio backend is built on Django web framework and Django REST framework. You can overwrite Django and DRF settings
in the settings.py
file, as well. Read about their available settings
in the Django documentation and
in the DRF documentation.
Fleio specific settings¶
Some advanced Fleio settings can only be changed by editing the settings file:
Email settings¶
See Email Settings.
ADMINS setting¶
By default, Fleio sends emails to ADMINS
when errors occur. Errors may be caused by OpenStack API operations or by
unhandled exceptions. This offers visibility to what happens in Fleio and administrators can take action to correct
errors.
The error messages are not sent to the Fleio staff users because if the database server is down, the list of staff users cannot be read.
The same staff user details you fill in during Fleio install are added to ADMINS
. You can edit
editing settings and add or remove administrators like this:
ADMINS = (
('Jane Doe', 'jane@doe.com'),
('George Orwell', 'george@orwell.com'),
)
Emails sent to admins have the From
field defined by the SERVER_EMAIL
setting. See Email Settings.
How to enable/disable features¶
Fleio allows you to enable or disable features for end-user and staff panel. When a feature is disabled, some user interface elements, like a menu option or a button, may be hidden.
There are two Python dictionaries that define the features in your Fleio installation:
FEATURES
- dictionary defining end-user featuresSTAFF_FEATURES
- dictionary that defines features available in the staff panel
The dictionary entries may have one of the two values:
True
- feature is enabledFalse
- feature is disabled
Features toggles have a tree-like structure with child elements present after a dot (.
) in feature strings.
Disabling a top feature would disable all its children. For instance, setting 'openstack': False
, would disable all
features beneath, like 'openstack.instances'
, 'openstack.volumes'
, 'openstack.images'
etc.
To enable or disable a feature you need edit the settings.py file. Here are a few examples
added at the end of the settings.py
file:
FEATURES['openstack.dns'] = False # disable DNS zones management from end-user panel
FEATURES['openstack.routers'] = False # disable routers menu option from end-user panel
FEATURES['plugins.tickets'] = False # disable support tickets from end-user panel panel
FEATURES['openstack.dns.ptr'] = False # disable PTR (or reverse DNS) link next to IPs on instance view
FEATURES['plugins.domains'] = False # disable domain registration from end-user panel
FEATURES['billing.recurring_payments'] = True # enable recurring payment options
FEATURES['clients&users.switch-client'] = True # show switch client option the end-user panel
FEATURES['clients&users.signup'] = False # do not allow end-users to self-sign-up
STAFF_FEATURES['plugins.tickets'] = False # disable support tickets from staff panel
STAFF_FEATURES['plugins.domains'] = False # disable domain registration from staff panel
STAFF_FEATURES['openstack.floatingips'] = True # disable floating IPs in the staff panel
You can see the full list of available feature toggles in the following files.
Warning
Do not edit these files as they are updated on Fleio upgrades and you may lose your changes. You can use them for your reference, but only modify the settings.py file, which is specific to your installation and is not changed on Fleio upgrades.
fleio/common_settings.py
fleio/base_settings.py
Note that available features differ based on the Fleio edition you have installed (OpenStack Edition, Hosting Billing Edition or both). Use the following commands to see the content of these files:
fleio bash cat /var/webapps/fleio/project/fleio/common_settings.py
fleio bash cat /var/webapps/fleio/project/fleio/base_settings.py
Here’s how features are defined by default in the Fleio code as of version 2022.08.1.
Warning
Do not edit these files as they are overwritten on Fleio upgrades. Only edit the settings.py file.
The content shown below is from Fleio release 2022.08.1 and it may not be up to date. To see the features available in your installation you can list the content of these files.
# fleio/common_settings.py file
# do not edit, use just for your reference
# feature toggles for the end-user panel, for all Fleio editions
FEATURES = {
'demo': False,
'enduser': True,
'enduser.allow_changing_password': True,
'billing': True,
'billing.addcredit': True,
'billing.credit_auto_invoicing': True,
'billing.credit_estimate': True,
'billing.history': True,
'billing.invoices': True,
'billing.order': True,
'billing.pdf': True,
'billing.services': True,
'billing.recurring_payments': False,
'clients&users.clients': True,
'clients&users.clients.allow_country_change': True,
'logger.email-message-log': True,
'clients&users.invitations': True,
'clients&users.roles': True,
'clients&users.signup': True,
'clients&users.users': True,
'clients&users.userprofile': True,
'clients&users.second_factor_auth': True,
'clients&users.second_factor_auth.google_authenticator': True,
'clients&users.second_factor_auth.sms_authenticator': True,
'clients&users.switch-client': True,
'dashboard': True,
'notifications': True,
'plugins': True,
'plugins.cpanel': True,
'plugins.todo': True,
'utils': True,
'utils.operations': True,
}
# feature toggles for the staff panel, for all Fleio editions
STAFF_FEATURES = {
'demo': False,
'staff': True,
'billing': True,
'billing.external_billing': True,
'billing.gateways': True,
'billing.journal': True,
'billing.invoices': True,
'billing.orders': True,
'billing.products': True,
'billing.pdf': True,
'billing.services': True,
'billing.history': True,
'billing.service-cycles': True,
'billing.taxrules': True,
'billing.transactions': True,
'billing.reporting': True,
'clients&users.clients': True,
'clients&users.mass-mail': True,
'clients&users.roles': True,
'clients&users.clients.reset_usage': False,
'clients&users.clientgroups': True,
'clients&users.userprofile': True,
'clients&users.users': True,
'clients&users.usergroups': True,
'clients&users.second_factor_auth': True,
'clients&users.second_factor_auth.google_authenticator': True,
'clients&users.second_factor_auth.sms_authenticator': True,
'dashboard': True,
'app-status': True,
'logger': True,
'logger.periodic_task_log': True,
'logger.email-message-log': True,
'notifications': True,
'notifications.send': True,
'plugins': True,
'plugins.cpanel': True,
'plugins.todo': True,
'settings': True,
'settings.general': True,
'settings.general.single-sign-on': True,
'settings.configurations': True,
'settings.authorization': True,
'settings.message_templates': True,
'utils': True,
'utils.activitylog': True,
'utils.operations': True,
'utils.tasklog': True,
'utils.reports': True,
'utils.reports.yearly_revenue': True,
}
Besides the common_settings.py
file features are also defined in base_settings.py
:
# fleio/common_settings.py file
# do not edit, use just for your reference
# feature toggles for the end-user panel, for full Fleio edition
# Some of the features may be missing in your installation if you have a OpenStack Edition or Hosting Billing
# Edition license, instead of full license
FEATURES.update({
'openstack': True,
'openstack.apiusers': True,
'openstack.cleanup': True,
'openstack.cleanup.images': True,
'openstack.cleanup.images.showdate': True,
'openstack.coe.clusters': True,
'openstack.coe.clusters.create.master_lb_flag': False,
'openstack.coe.clusters.create.show_price': True,
'openstack.coe.cluster_templates': True,
'openstack.coe.cluster_templates.manage_cluster_templates': True,
'openstack.dbaas': False,
'openstack.dbaas.availability_zones': False,
'openstack.dbaas.replicas': False,
'openstack.dns.ptr': True,
'openstack.dns.zones': True,
'openstack.flavors': True,
'openstack.floatingips': True,
'openstack.floatingips.show-price-on-create': True,
'openstack.images': True,
'openstack.images.copy': True,
'openstack.images.download': True,
'openstack.images.file_uploads': True,
'openstack.images.updatecreate': True,
'openstack.images.show-price-on-create': True,
'openstack.images.showcommunity': True,
'openstack.images.showshared': True,
'openstack.instances': True,
'openstack.instances.allow_changing_password': True,
'openstack.instances.availability_zones': False,
'openstack.instances.show-price-on-create': True,
'openstack.instances.rescue': True,
'openstack.instances.resize.allow_resize_to_less_disk_space': True,
'openstack.instances.resize.show-price': True,
'openstack.instances.show_hypervisors': True,
'openstack.instances.snapshots': True,
'openstack.instances.snapshots.pricing': True,
'openstack.instances.traffic': True,
'openstack.instances.networking.edit': True,
'openstack.lbaas': True,
'openstack.networks': True,
'openstack.networks.availability_zones': False,
'openstack.networks.display_external_networks': True,
'openstack.networks.display_shared_networks': True,
'openstack.networks.auto_create_network': True,
'openstack.osbackup': True,
'openstack.osbackup.pricing': True,
'openstack.osbackup.schedules': True,
'openstack.ports': True,
'openstack.ports.manage_public_network_related_ports': False,
'openstack.projects': True,
'openstack.routers': True,
'openstack.routers.availability_zones': False,
'openstack.securitygroups': True,
'openstack.sshkeys': True,
'openstack.subnetpools': True,
'openstack.volumes': True,
'openstack.volumes.availability_zones': False,
'openstack.volumes.backups': True,
'openstack.volumes.backups.show-price-on-create': True,
'openstack.volumes.show-price-on-create': True,
'openstack.volumes.snapshots': True,
'openstack.volumes.snapshots.show-price-on-create': True,
'openstack.volumes.boot': True,
'openstack.object-store': True,
'openstack.object-store.show-region-select': True,
'openstack.orchestration.heat-stacks': True,
'openstack.orchestration.heat-resource-types': True,
'openstack.orchestration.heat-template-versions': True,
'plugins.tickets': True,
'plugins.cpanelserver': True,
'plugins.domains': True,
'plugins.directadmin': True,
})
# feature toggles for the end-user panel, for full Fleio edition
# Some of the features may be missing in your installation if you have a OpenStack Edition or Hosting Billing
# Edition license, instead of full license
STAFF_FEATURES.update({
'openstack': True,
'openstack.apiusers': True,
'openstack.cleanup': True,
'openstack.cleanup.images': True,
'openstack.cleanup.images.showdate': True,
'openstack.coe.clusters': True,
'openstack.coe.clusters.create.master_lb_flag': False,
'openstack.coe.clusters.create.show_price': True,
'openstack.coe.cluster_templates': True,
'openstack.dbaas': False,
'openstack.dbaas.availability_zones': False,
'openstack.dbaas.replicas': False,
'openstack.dns.ptr': True,
'openstack.dns.zones': True,
'openstack.flavors': True,
'openstack.floatingips': True,
'openstack.floatingips.show-price-on-create': True,
'openstack.hypervisors': True,
'openstack.images': True,
'openstack.images.copy': True,
'openstack.images.download': True,
'openstack.images.file_uploads': True,
'openstack.images.shareoncreate': True,
'openstack.images.showcommunity': True,
'openstack.images.showshared': True,
'openstack.images.updatecreate': True,
'openstack.instances': True,
'openstack.instances.allow_changing_password': True,
'openstack.instances.availability_zones': False,
'openstack.instances.show-price-on-create': True,
'openstack.instances.rescue': True,
'openstack.instances.resize.show-price': True,
'openstack.instances.snapshots': True,
'openstack.instances.snapshots.pricing': True,
'openstack.instances.traffic': True,
'openstack.lbaas': True,
'openstack.networks': True,
'openstack.networks.availability_zones': False,
'openstack.networks.auto_create_network': True,
'openstack.ports': True,
'openstack.projects': True,
'openstack.routers': True,
'openstack.routers.availability_zones': False,
'openstack.securitygroups': True,
'openstack.sshkeys': True,
'openstack.subnetpools': True,
'openstack.subnets': True,
'openstack.volumes': True,
'openstack.volumes.availability_zones': False,
'openstack.volumes.backups': True,
'openstack.volumes.backups.show-price-on-create': True,
'openstack.volumes.show-price-on-create': True,
'openstack.volumes.snapshots': True,
'openstack.volumes.snapshots.show-price-on-create': True,
'openstack.volumes.types': True,
'openstack.volumes.boot': True,
'openstack.osbackup': True,
'openstack.osbackup.pricing': True,
'openstack.osbackup.schedules': True,
'openstack.settings': True,
'openstack.plans': True,
'plugins.cpanelserver': True,
'plugins.domains': True,
'plugins.directadmin': True,
'plugins.tickets': True,
'servers': True,
'utils.reports.estimated_instance_monthly_revenue': True,
})
End-user features explained¶
demo
- enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.enduser
- feature is available only in end user mode, used to differentiate between enduser and staffenduser.allow_changing_password
- when set toFalse
end-users are not allowed to change their password, through Forgot password link or Edit user profilebilling.addcredit
- enables theAdd credit
button on dashboardbilling.credit_auto_invoicing
- enables the auto invoicing featurebilling.credit_estimate
- enables the credit estimate featurebilling.history
- enables billing history pagebilling.invoices
- enables invoice functionality, this may be needed forAdd credit
billing.order
- enables order functionality allowing end user to order servicesbilling.pdf
- enables pdf generation for invoicesbilling.services
- enables services view for end user, the user will be able to view and edit servicesbilling.recurring_payments
- enables recurring paymentsclients&users.clients
- enables client feature for end users allowing to add or edit of clientsclients&users.clients.allow_country_change
- allow clients to change the countryclients&users.invitations
- enables the user invitation featureclients&users.roles
- enables the user roles featureclients&users.second_factor_auth
- enable second factor authentication(SFA) for end usersclients&users.second_factor_auth.google_authenticator
- enables google authenticator SFA methodclients&users.second_factor_auth.sms_authenticator
- enables sms authenticator SFA methodclients&users.switch-client
- enables the switch active client featureclients&users.signup
- enables signup for end users. If this is disabled, users can only be added by staff users or via the Fleio APIclients&users.userprofile
- enables used profile editing for end usersdashboard
- when disabled the dashboard page will be emptynotifications
- enables notifications for end useropenstack
- enables child OpenStack features. When this isFalse
, all OpenStack functionality is disabled.openstack.apiusers
- enables OpenStack API user managementopenstack.cleanup
- enables OpenStack objects cleanupopenstack.cleanup.images
- when enabled user uploaded images are automatically deleted in X daysopenstack.cleanup.images.showdate
- show the date when the user uploaded image will be automatically deletedopenstack.coe.clusters
- enables openstack Magnum cluster managementopenstack.coe.clusters.create.master_lb_flag
- enables the Master LB flag on the cluster create formopenstack.coe.clusters.create.show_price
- will show the estimated price on the cluster create formopenstack.coe.cluster_templates
- enables openstack Magnum cluster template managementopenstack.coe.cluster_templates.manage_cluster_templates
- allows the end user to manage and update clusters templateopenstack.dbaas
- enables OpenStack Trove database managementopenstack.dbaas.availability_zones
- enables availability zones for OpenStack Troveopenstack.dbaas.replicas
- enables replicas for OpenStack Troveopenstack.dns.ptr
- enables dns ptr record editing for instancesopenstack.dns.zones
- enables dns zones editingopenstack.floatingips
- enables floating IPs management for end usersopenstack.floatingips.show-price-on-create
- will show the estimated price on floating IP createopenstack.images
- enables My images feature for end users where users can see snapshots and upload imagesopenstack.images.copy
- enables the image copy to other regions featureopenstack.images.createupdate
- enable create and update of images in My images pageopenstack.images.file_uploads
- allow end user to upload images using files as sourceopenstack.images.showcommunity
- show community images, on separate tab, in create instance formopenstack.images.showshared
- show shared images in create instance formopenstack.images.show-price-on-create
- show the estimated price on image create formopenstack.images.download
- allows the end user to download imagesopenstack.instances
- enables management of instances for end usersopenstack.instances.allow_changing_password
- enables and shows the instance menu option Change passwordopenstack.instances.availability_zones
- enables the availability zone dropdown on instance create formopenstack.instances.snapshots
- allows instance snapshots. This feature may requireopenstack.images
to be enabledopenstack.instances.snapshots.pricing
- shows the estimated price for instance snapshotsopenstack.instances.show_hypervisors
- enables the display of hypervisors name on instance detailsopenstack.instances.show-price-on-create
- show the estimated price on the instance create formopenstack.instances.rescue
- enables the instance rescue featureopenstack.instances.resize.allow_resize_to_less_disk_space
- allow resizing of instances to flavors with less disk spaceopenstack.instances.resize.show-price
- show the estimated price on the instance resize formopenstack.instances.traffic
- enables instance traffic monitoring and billing functionalityopenstack.instances.networking.edit
- enables networking tab for end user. This feature may requireopenstack.ports
to be enabledopenstack.lbaas
- enables the load balancers featureopenstack.networks
- enables networks management for end usersopenstack.networks.availability_zones
- enables the availability zones dropdown on network create formopenstack.networks.auto_create_network
- enables auto creation of networksopenstack.networks.display_external_networks
- displays external networks created by other usersopenstack.networks.display_shared_networks
- displays shared networks created by other usersopenstack.ports.manage_public_network_related_ports
- allows end user to edit his ports that are publicopenstack.routers
- allow end-users to create and manage network routersopenstack.routers.availability_zones
- enables the availability zone dropdown on router create formopenstack.securitygroups
- enables security groups management for end usersopenstack.sshkeys
- enables SSH key management for end usersopenstack.subnetpools
- enables management of subnet pools for end usersopenstack.volumes
- enables management of volumes for end usersopenstack.volumes.show-price-on-create
- show the estimated price on volume create formopenstack.volumes.availability_zones
- enables the availability zones dropdown on volume create formopenstack.volumes.backups
- enables volume backup managementopenstack.volumes.backups.show-price-on-create
- show the estimated price on volume backup create formopenstack.volumes.boot
- show the boot from volume feature on instance create formopenstack.volumes.snapshots
- enables the volume snapshot featureopenstack.volumes.snapshots.show-price-on-create
- show the estimated price on volume snapshot create formopenstack.osbackup
- enables server backup functionality for end usersopenstack.osbackup.pricing
- show the estimated price on server backupopenstack.osbackup.schedules
- allow end-users to edit backup scheduleopenstack.object-store
- enables the object store featureopenstack.orchestration.heat-stacks
- enables the heat stacksopenstack.orchestration.heat-resource-types
- enables the heat resource typesopenstack.orchestration.heat-template-versions
- enables the heat template versionsplugins
- whenFalse
all below plugins will be disabledplugins.todo
- enables the TODO pluginplugins.tickets
- enables support tickets functionalityplugins.cpanel
- enables cPanel functionalityplugins.cpanelserver
- enables cPanel server functionalityplugins.domains
- enables domain name registration and managementutils
- enables the utils featureutils.operations
- enables the operations feature
Added in version 2022.05.1.
openstack.object-store.show-region-select
- enables the region select dropdown on the object store view
Staff user features explained¶
demo
- enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.staff
- feature is available only in staff mode, used to differentiate between end user and staffbilling
- whenTrue
, enables billing features; whenFalse
disables all features that start withbilling. ...
billing.gateways
- enables gateways functionality for staffbilling.journal
- enables journal viewer for staffbilling.invoices
- enables invoice management for staffbilling.orders
- enables order management for staffbilling.reporting
- enables the reporting featurebilling.products
- enables products management for staffbilling.pdf
- enabled pdf generation for invoicesbilling.services
- enables services management for staffbilling.service-cycles
- enables the service cycles tab on servicesbilling.taxrules
- enables tax rules management for staffbilling.transactions
- enables transactions functionalityclients&users.clients
- enables clients management for staffclients&users.users
- enables users management for staffclients&users.userprofile
- enables used profile editing for staffclients&users.second_factor_auth
- enable second factor authentication(SFA) for end usersclients&users.second_factor_auth.google_authenticator
- enables google authenticator SFA methodclients&users.second_factor_auth.sms_authenticator
- enables sms authenticator SFA methodclients&users.roles
- enables the user roles managementclients&users.clientgroups
- enables client groups management for staffclients&users.usergroups
- enables user group management for staffclients&users.clients.reset_usage
- enables the reset usage featuredashboard
- when disabled the dashboard page will be emptyapp-status
- shows App services on staff dashboardopenstack.apiusers
- enables OpenStack API user managementopenstack.cleanup
- enables OpenStack objects cleanupopenstack.cleanup.images
- enables automatic deletion of user uploaded images after X daysopenstack.cleanup.images.showdate
- show the date when the user uploaded images will be automatically deletedopenstack.coe.clusters
- enables openstack Magnum cluster managementopenstack.coe.cluster_templates
- enables openstack Magnum cluster template managementopenstack.coe.clusters.create.master_lb_flag
- enables the Master LB flag on cluster create formopenstack.coe.clusters.create.show_price
- shows the estimated price on the cluster create formopenstack.dbaas
- enables OpenStack Trove database managementopenstack.dbaas.availability_zones
- enables availability zones for OpenStack Troveopenstack.dbaas.replicas
- enables replicas for OpenStack Troveopenstack.dns.ptr
- enables DNS PTR record editing for instancesopenstack.dns.zones
- enables DNS zone editingopenstack.flavors
- enables flavors managementopenstack.floatingips
- enables floating IPs management for staffopenstack.floatingips.show-price-on-create
- shows the estimated price on floating IP create formopenstack.images
- enables Image management for staff where staff users can see snapshots and upload imagesopenstack.images.copy
- enables the image copy to other regions featureopenstack.images.download
- allow staff users to download imagesopenstack.images.file_upload
- allow staff users to upload images from filesopenstack.images.shareoncreate
- enables instance creation based on an image from another project. The image will be shared between projects.openstack.images.showcommunity
- show community images, on separate tab, in create instance formopenstack.images.showshared
- show shared images in create instance formopenstack.instances
- enables management of instances for staffopenstack.instances.availability_zones
- enables availability zones dropdown menu on instance crate formopenstack.instances.show-price-on-create
- show the price on instance crate formopenstack.instances.rescue
- enables the instance rescue featureopenstack.instances.resize.show-price
– show the estimated price on instance resize formopenstack.instances.snapshots.pricing
- show the estimated price on instance snapshot create formopenstack.instances.allow_changing_password
- enables and shows the instance menu option Change passwordopenstack.instances.snapshots
- allows instance snapshots. This feature may requireopenstack.images
to be enabledopenstack.instances.traffic
- enables instance traffic monitoring and billing functionalityopenstack.networks
- enables networks management for staffopenstack.networks.availability_zones
- enables the availability zones dropdown on network create formopenstack.networks.auto_create_network
- enables the auto create network featureopenstack.ports
- enables ports management for staffopenstack.projects
- enables project management for staffopenstack.routers
- enables routers management for staffopenstack.routers.availability_zones
- enables the availability zones dropdown on router create formopenstack.securitygroups
- enables security groups management for staffopenstack.sshkeys
- enables ssh key management for staffopenstack.subnetpools
- enables management of subnet pools for staffopenstack.subnets
- enables subnet management for staffopenstack.volumes
- enables management of volumes for staffopenstack.volumes.availability_zones
- enables the availability zones dropdown on volume create formopenstack.volumes.show-price-on-create
- show the estimated price on volume create formopenstack.volumes.backups
- enables volume backup managementopenstack.volumes.backups.show-price-on-create
- show the estimated price on volume backup create formopenstack.volumes.snapshots
- enables the volume snapshot featureopenstack.volumes.snapshots.show-price-on-create
- show the estimated price on volume snapshot create formopenstack.volumes.types
- enables the volumes type featureopenstack.volumes.boot
- allow staff users mark volume as bootableopenstack.osbackup
- enables backup of instancesopenstack.osbackup.schedules
- allow staff users to edit backup scheduleopenstack.osbackup.pricing
- show the estimated price on server backupopenstack.settings
- enables OpenStack settings on staff panelopenstack.plans
- enables management of OpenStack pricing plansplugins
- whenFalse
all below plugins will be disabledplugins.todo
- enables the TODO pluginplugins.tickets
- enables support tickets functionalityplugins.cpanel
- enables cPanel functionalityplugins.cpanelserver
- enables cPanel server functionalityplugins.domains
- enables domain name registration and managementsettings
- disables all settingssettings.general
- enables general settings on staff panelsettings.general.single-sign-on
- enables single sign-on tab in general settings on staff panelsettings.configurations
- enables management of configurationssettings.authorization
- enables authorization frontend for staffsettings.message_templates
- enables message templates frontend for staffutils
- whenFalse
disables Utils menu group and functionalityutils.activitylog
- enables activity log viewer on staff pageutils.tasklog
- enables task log viewer on staff pageutils.reports
- enables reportsutils.reports.yearly_revenue
- enables the yearly revenue reportutils.operations
- enables operations viewservers
- enables servers featureservers
- enables shared hosting servers managementnotifications.send
- enables important staff notifications (currently for invoices and new orders)
Override enduser features¶
End user features can be overridden for end users based on client group using the OVERRIDE_FEATURES setting. For example if you want to disable billing.addcredit for clients belonging to client group group1 your OVERRIDE_FEATURES settings should look like this:
OVERRIDE_FEATURES = {
'group1': {
'billing.addcredit': False
}
}
Note that the override features are applied only in frontend and only in end user panel.
Customize user session expiry time¶
The end-user and staff authentication sessions expire after a certain period of time. This period can be configured by editing settings.py and adding one of the following variables:
# Number of seconds in which the end-user authentication session expires when "Remember me" is disabled
ENDUSER_SHORT_SESSION_SECONDS = 3600 * 24 # 24 hours
# Number of seconds in which the end-user authentication session expires when "Remember me" is enabled
ENDUSER_LONG_SESSION_SECONDS = 3600 * 24 * 60 # 60 days
# Number of seconds in which the staff user authentication session expires when "Remember me" is disabled
STAFF_SHORT_SESSION_SECONDS = 3600 * 24 # 24 hours
# Number of seconds in which the staff user authentication session expires when "Remember me" is enabled
STAFF_LONG_SESSION_SECONDS = 3600 * 24 * 60 # 60 days
Configure custom add credit URL¶
You can use an external link, if you are using another system (like WHMCS) to handle invoicing and credit card payments rather than fleio. You can customize the add credit URL which will reflect in several places including the one in end-user dashboard. This will also be used when sending email notifications regarding client having low credit and being out of credit or on the end-user cloud resources create form when the client has a credit amount lower than the one required to create new resources (configurable from the fleio configurations)
Edit settings.py and add:
# Leave empty to use the default add credit URL of Fleio
# fill in 'client_group_name': 'http://url...' pairs when using an external billing
# when the dictionary has a single entry it will be used regardless of the 'client_group_name'
ADD_CREDIT_URLS = {}
Openstack pricing rule settings¶
Openstack pricing rule price decimals can be configured by updating PRICING_RULE_PRICE_MAX_DECIMAL_PLACES
. Default
value is 8, we do not recommend using a value greater than 8 since the least significant decimals may be ignored.
You can also configure minimum price per pricing rule by changing MINIMUM_PRICE_PER_RULE
. Default value of 0.01
means any rule that applies to a resource will generate a price of at least 0.01 in the rule currency.
Note
Note that the MINIMUM_PRICE_PER_RULE
setting will apply to all pricing rules and resources, except on the
resources from the pricing rules that have the pricing rule for free
setting (e.g. instance IPs).
SSO_MAX_AGE¶
External billing systems, like WHMCS, generate single sign-on URLs. For security reasons, SSO URLs contain a timestamp from the moment they were generated.
SSO_MAX_AGE
specifies after how many seconds, from the generation time, the single sign-on URL expires.
If single sign-on ULR is expired, it won’t work anymore.
PROXY_SETTINGS¶
If you are behind a proxy server, you must set this variable, to access the licensing server for setting the license.
Set it to: PROXY_SETTINGS = {‘https’: ‘<ip>:<port>’, }. For example:
PROXY_SETTINGS = {'https': '10.10.1.11:1080', }
Adjusting throttle rates¶
To protect against brute force or denial-of-service attacks, Fleio uses the throttling mechanism provided by the Django REST framework.
Here is an examples of how to change the limit rates. Lines below would be added to the settings.py file:
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['signup'] = '10/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['password_reset'] = '100/hour'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['resend_email_verification'] = '100/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['accept_client_invitation'] = '100/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['send_client_invitation'] = '50/day'
You can see the default throttling rates and the values that you can adjust by listing the content of common_settings.py.
Warning
Do not assign a value directly to REST_FRAMEWORK
(e.g. REST_FRAMEWORK = ...
). This will overwrite any
additions to REST_FRAMEWORK
in future Fleio upgrades. Assign individual dictionary keys instead, like
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['signup'] = '10/day'
.
Note
Do not edit common_settings.py
as it is overwritten on Fleio upgrades. Only
edit the settings.py file.
The content shown below is from Fleio release 2022.08.1 and it may not be up to date. To see the default throttling values for your version, list the content of common_settings.py.
# code from common_settings.py
# do not edit common_settings.py
REST_FRAMEWORK = {
# ...
'DEFAULT_THROTTLE_RATES': {
'login': '60/hour',
'django_admin': '60/hour',
'signup': '2/day',
'confirm_email': '100/day',
'resend_email_verification': '100/day',
'password_reset': '10/hour',
'gateway_callback': '1000/hour',
'anonymous_sms_authenticator': '60/hour',
'sms_sending': '15/hour',
'ticket_attachments_create': '100/day',
'accept_client_invitation': '100/day',
'send_client_invitation': '50/day',
},
# ...
}
Adjusting the celery beat tasks schedule¶
To change the time interval at which scheduled tasks run or to enable some scheduled tasks that are disabled by default, you need to add lines at the end of the settings.py file.
Note
If you initially installed Fleio before the 2022.11.0 release, you will have several lines in settings.py
that start with # CELERY_BEAT_SCHEDULE = {
or CELERY_BEAT_SCHEDULE = {
.
If all the lines are commented (you haven’t made any adjustment until now to task schedule), it’s best to remove
all commented lines (about 30 lines) starting with # CELERY_BEAT_SCHEDULE = {
. This way you will avoid any
confusion on future changes.
If you have made changes (so CELERY_BEAT_SCHEDULE = {
is uncommented, as well as some lines below it), we
recommend that you redefine the scheduled tasks by using the samples below, then delete the entire
CELERY_BEAT_SCHEDULE = {
section. Note that some tasks have changed their name, e.g.
'collect_traffic_data_task_every_15_minutes'
became 'collect_traffic_data'
. Use the names below.
Frequency of scheduled tasks is set by using the crontab
Celery function. For available options, see
crontab in Celery documentation.
For example, you may want to run “process clients” every minute: use crontab(minute='*')
. This makes sense in a
test installation and may be too frequent for a production Fleio installation.
To adjust the frequency of “process clients” scheduled task, add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['process_clients_task_every_15_minutes'] = {
'task': 'Process clients task',
'schedule': crontab(minute='*/15')
}
crontab(minute='*/15')
means every 15 minutes.
To add a scheduled task that updates exchange rates at midnight add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['update_exchange_rates'] = {
'task': 'Update exchange rates task',
'schedule': crontab(hour='0', minute='0')
}
To enable scheduled OpenStack traffic data collection add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['collect_traffic_data'] = {
'task': 'Collect traffic data task',
'schedule': crontab(minute='*/15')
}
crontab(minute='*/15')
means every 15 minutes.
To enable scheduled backups that you or your end-users define on compute instances, add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['process_scheduled_backups'] = {
'task': 'Process scheduled backups task',
'schedule': crontab(minute='5,20,35,50')
}
crontab(minute='5,20,35,50')
translates to “run every hour at minutes 5, 20, 35 and 50”.
To delete expired sessions from the database, add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['clear_expired_sessions_every_12_hours'] = {
'task': 'Clear expired sessions task',
'schedule': crontab(hour='*/12', minute='45')
}
crontab(hour='*/12', minute='45')
defines “run daily at 00:45 and at 12:45”.
To delete old logs (based on policy defined in staff panel “Settings” > “General” > “Advanced settings” tab), add at the end of settings.py file:
CELERY_BEAT_SCHEDULE['cleanup_old_logs_every_24_hours'] = {
'task': 'Cleanup old logs',
'schedule': crontab(hour='3', minute='30')
}
crontab(hour='3', minute='30')
runs the task nightly at 3:30.
To adjust the frequency of “Update clients tax exempt” scheduled task, add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['update_clients_tax_exempt'] = {
'task': 'Update clients tax exempt',
'schedule': crontab(hour='*/12', minute='0')
}
crontab(hour='*/12', minute='0')
means “At minute 0 past every 12th hour”.
To schedule OpenStack hypervisors sync add the lines below at the end of settings.py file.
This is useful when you frequently add hypervisors to your OpenStack cloud. Alternatively, you can run
fleio sync --hypervisors
at the console after you add a hypervisor in OpenStack, instead of this scheduled task.
CELERY_BEAT_SCHEDULE['sync_hypervisors'] = {
'task': 'Hypervisors background synchronization',
'schedule': crontab(minute='40')
}
crontab(minute='40')
runs every hour at minute 40.
Configure password complexity requirements¶
Fleio handles the password complexity requirements using several variables that you may overwrite in settings.py
.
The default complexity is the following:
ENDUSER_PASSWORD_MIN_LEN = 8
ENDUSER_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
ENDUSER_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
ENDUSER_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
ENDUSER_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
ENDUSER_ROOT_PASSWORD_MIN_LEN = 8
ENDUSER_ROOT_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
ENDUSER_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
ENDUSER_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
ENDUSER_ROOT_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
STAFF_PASSWORD_MIN_LEN = 8
STAFF_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
STAFF_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
STAFF_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
STAFF_ROOT_PASSWORD_MIN_LEN = 8
STAFF_ROOT_PASSWORD_REGEXES = [
# '[a-z]', # password should contain a lower case letter
# '[A-Z]', # password should contain a upper case letter
# '[0-9]', # password should contain a digit
# r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
STAFF_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
STAFF_ROOT_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
Variables ending with _PASSWORD_REGEXES contain a list of regular expressions used for password validation. A password is considered valid if it matches all the regexes.
After you configure them by your needs you must restart the fleio
services. See Restarting Fleio.
Default OpenStack object names¶
Fleio creates a new security group for each client (OpenStack project) the first time an instance is created. And this new security group will be automatically added to all instances the end-user creates.
By default, this security group is called fleio and has description fleio. You can change the default name and description by adding these lines in your settings.py file:
# Name of the security group that is automatically created when the end-user creates the first instance
SECURITY_GROUP_NAME = 'fleio'
# Description of the same automatically created security group
SECURITY_GROUP_DESCRIPTION = 'fleio'
Default security group rules¶
Security groups are actually firewall rules in OpenStack. Though, the rules are not defined inside the virtual machine (instance), but on the networking layer (OpenStack Neutron project).
Fleio creates a security group automatically when the first instance is created for a client. To customize the name and the description of this security group see previous section.
The default Fleio security rules of this automatically created security group will allow all IPv4 and IPv6 traffic:
DEFAULT_IPV4_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
},
]
DEFAULT_IPV6_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
},
]
You can customize the two list of rules in your settings.py. Note that each of the two settings consists of a list of Python dictionaries. Each dictionary is a security rule.
You can find here the possible dictionary keys: https://github.com/openstack/neutron/blob/34448578cba471a0a4f1b49308eeb5c54009a725/neutron/db/securitygroups_db.py#L403
And a description of each key here: https://docs.openstack.org/python-openstackclient/train/cli/command-objects/security-group-rule.html
One dictionary key is a parameter of a security rule. For security group rules that uses ports you will have to specify the protocol type.
The most common security group rules are the following:
DEFAULT_IPV4_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '22',
'port_range_max': '22',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '80',
'port_range_max': '80',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '443',
'port_range_max': '443',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '3389',
'port_range_max': '3389',
'protocol': 'tcp',
},
]
DEFAULT_IPV6_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '22',
'port_range_max': '22',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '80',
'port_range_max': '80',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '443',
'port_range_max': '443',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '3389',
'port_range_max': '3389',
'protocol': 'tcp',
},
]
Note that you do not need to set security group for all outbound traffic (egress on 0.0.0.0/0 and ::/0) since these are created by default on each security group.
Notifications logging settings¶
For debug purposes, you can enable logging of RabbitMQ notifications that Fleio receives from OpenStack.
You can define a list of strings in OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS
. When notification messages
are received, if the notification name contains any of the strings in the
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS
list, it will be logged. Notifications are logged in the
fleio_log
Docker volume. You can see the log content by entering the utils container with the fleio bash
command and then running cat /var/log/fleio/os_event_notifications.txt
.
Configuration example:
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'project']
# Will log event notification to /var/log/fleio/os_event_notifications.txt that contain or ar the same as the keywords
# defined here. Example: OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'snapshot.update.start', 'identity']
# Change OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE value to show whole notification or just a summary
If '*'
is specified, it will log all notification messages received from OpenStack. Note that this may generate a
high number of I/O operations on local storage. Therefore, it is not recommended to permanently have all notifications
logged in a busy production environment.
Here’s how you can use OpenStack notifications logging for debugging:
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['*'] # will log all notifications
By default, OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE
is False
and Fleio will simply log the notification
name. If you want to log the detailed JSON notification payload, then set:
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE = True
Direct admin licensing module¶
In order to be able to use the Direct Admin licensing module you need to add the following dictionary in your settings.py file:
DIRECT_ADMIN = {
'CLIENT_UID': '<YOUR_DA_ACCOUNT_UID>',
'CLIENT_PASSWORD': '<YOUR_DA_ACCOUNT_PASSWORD>',
'REMOTE_HOST': 'https://www.directadmin.com',
'USER_AGENT': 'Fleio'
}
After that you need to go into the Staff -> Billing -> Products and define your DA license product. For that, you will
have to choose the DirectAdmin billing
module. On the DirectAdmin module configuration part, you will be able to
choose the license type.
OpenStack sync settings¶
Exclude backup volumes from sync¶
Added in version 2022.05.1.
During some operations (e.g. volume backup) OpenStack will create temporary, short-lived volumes that are of no interest. No notifications are generated for these volumes, and they will not usually be visible in Fleio however if you run sync with this setting set to False these volumes may be added to Fleio database. Enabling this setting will exclude volumes named backup-vol-UUID where UUID is a valid uuid during sync. This setting will have effect only if consumes_quota attribute is not available for volumes (cinder API ver < 3.65). If consume_quota attribute is available all volumes with consume_quota will be ignored during sync.
EXCLUDE_SYNC_RESLOG_BACKUP_TEMP_VOLUMES = False
Sync batch size¶
To change the number of OpenStack objects (e.g. compute instances or security groups) that are synced at once, add the
following variable to settings.py and adjust the value. A low value for
SYNC_FETCH_OBJECTS_BATCH_SIZE
is useful if your OpenStack API connection is slow and tends to time out.
SYNC_FETCH_OBJECTS_BATCH_SIZE = 100
Bind user sessions to IP address¶
Added in version 2022.11.0.
Fleio is able to bind user session to IP address so that the same authentication tokens (Fleio frontend token, Django session token) used by someone from a client IP address will not work when used from another IP address (user will be considered unauthenticated/logged out). This is the default behaviour and can be controlled separately for end-users and staff users by changing the following settings.
BIND_SESSION_IP_STAFF_USER = True
BIND_SESSION_IP_END_USER = True
Note that Fleio API tokens (FleioToken-s with frontend flag set to False) are not affected by these settings.
Enable Django admin¶
See Django admin.