.. index:: settings file, settings.py
================
settings.py file
================
You can change Fleio options and behavior from the ``settings.py`` file as described below.
Note that, besides the backend settings described in this document,
:doc:`frontend settings ` are also available to personalize your installation.
.. contents:: :local:
:backlinks: none
.. _edit_settings-py:
Edit settings.py file
=====================
The ``settings.py`` file is specific to your Fleio installation and contains details like database connection parameters
or features that are enabled/disabled in your case. We have implemented a model similar to inheritance, where we have
``common_settings.py`` and ``base_settings.py`` files with default settings for all Fleio installations and the options
in the base file may be safely overwritten in ``settings.py``.
.. warning::
Do not edit ``base_settings.py`` or ``common_settings.py``. These files are overwritten during Fleio upgrades
and your changes will be lost. Add your changes to ``settings.py``, which is not overwritten on upgrades.
Still, you can see the content of ``common_settings.py`` and ``base_settings.py`` for your reference. Some advanced
Fleio options may not be documented, this is when the source code comes in handy.
.. code-block:: bash
fleio bash cat /var/webapps/fleio/project/fleio/common_settings.py
fleio bash cat /var/webapps/fleio/project/fleio/base_settings.py
You can also display the content of ``settings.py``:
.. code-block:: bash
fleio bash cat /var/webapps/fleio/project/fleio/fleiosettings/settings.py
To edit the Fleio settings file please use the following command:
.. code-block:: bash
fleio edit settings.py
On exit, press "Y" if you want to restart Fleio and apply changes immediately. Or press "n" if you plan to manually
restart Fleio later.
.. warning::
Changes to the ``settings.py`` file only apply after the Fleio containers are restarted.
``settings.py`` is stored in a Docker volume, and you can also access it with the Fleio utils container. Docker volumes
are only accessible from within a Docker container. Here's how you start ``bash`` in a temporarily created Docker
container and show the full path to ``settings.py``.
.. code-block:: bash
# launch the Fleio utils Docker container
fleio bash
# path of the settings file:
ls /var/webapps/fleio/project/fleio/fleiosettings/settings.py
.. _restart-fleio:
Restarting Fleio
================
In order to restart Fleio you need to use the following command:
.. code-block:: bash
fleio restart
Django and DRF settings
=======================
The Fleio backend is built on Django web framework and Django REST framework. You can overwrite Django and DRF settings
in the ``settings.py`` file, as well. Read about their available settings
`in the Django documentation `_ and
`in the DRF documentation `_.
Fleio specific settings
=======================
Some advanced Fleio settings can only be changed by :ref:`editing the settings file`:
Email settings
--------------
See :ref:`email-settings`.
.. _admins-setting:
ADMINS setting
--------------
By default, Fleio sends emails to ``ADMINS`` when errors occur. Errors may be caused by OpenStack API operations or by
unhandled exceptions. This offers visibility to what happens in Fleio and administrators can take action to correct
errors.
The error messages are not sent to the Fleio staff users because if the database server is down, the list of staff users
cannot be read.
The same staff user details you fill in during Fleio install are added to ``ADMINS``. You can edit
:ref:`editing settings ` and add or remove administrators like this:
.. code-block:: python
ADMINS = (
('Jane Doe', 'jane@doe.com'),
('George Orwell', 'george@orwell.com'),
)
Emails sent to admins have the ``From`` field defined by the ``SERVER_EMAIL`` setting. See :ref:`email-settings`.
.. _timezone-setting:
Configure timezone
------------------
All dates and timestamps are saved on UTC timezone in the Fleio database. This makes things simpler and consistent
between different Fleio installations.
The service billing cycles start at midnight **on the TIME_ZONE configured in settings.py**.
Most of the dates in the Fleio user interface are localized on the timezone of the user's workstation operating system.
To change the time zone in :ref:`settings.py`, edit the following variable:
.. code-block:: python
TIME_ZONE = 'UTC'
``TIME_ZONE`` is initially set to the value you fill in when installing Fleio.
To find out more about ``TIME_ZONE``, including valid values, see `Django documentation
`_.
.. _add-custom-menu-items:
How to add custom menu items and categories
-------------------------------------------
You are able to customize your menu by adding top level menu options with links, menu options underneath existing
categories or even add new categories with menu options. To do so, you just need to
:ref:`edit your settings.py`.
You need to edit some settings (available for both end-user and staff panel). These settings are:
``CUSTOM_MENU_CATEGORIES_ENDUSER``, ``CUSTOM_MENU_OPTIONS_ENDUSER``, ``CUSTOM_MENU_CATEGORIES_STAFF``,
``CUSTOM_MENU_OPTIONS_STAFF``.
To add a category, follow this example:
.. code-block:: python
CUSTOM_MENU_CATEGORIES_ENDUSER = {
'Category one': {
'main_feature': 'core',
'location': 2,
},
'Category two': {
'main_feature': 'core',
'location': 3,
}
}
You may condition the category by any existing feature name in fleio (more on that
:ref:`here`). You can use the ``core`` feature if you want your category to be always
visible (``core`` feature is always enabled). Also note the ``location`` setting, which allows you to specify where in
the menu should the category appear. Note that counting starts from ``0``. Also, you should be careful not to use the
same location for more than 1 custom category because this may raise issues in your application.
To add a menu option underneath a menu category (already existing in fleio or one that you created like described
above), you may use the ``CUSTOM_MENU_OPTIONS`` settings for end-user and staff like in the following example:
.. code-block:: python
CUSTOM_MENU_OPTIONS_ENDUSER = [
{
'category': 'Category one',
'label': 'Option one',
'href': 'https://fleio.com',
'open_in_new_tab': True,
'icon_class': '',
'icon': 'warning',
'feature': 'core',
},
{
'category': 'Billing',
'label': 'Custom product',
'href': 'https://fleio.com',
'open_in_new_tab': True,
'icon_class': '',
'icon': 'product',
'feature': 'billing',
'location': 2,
},
]
As you may notice, there are several settings that you can use. Use the ``category`` attribute to specify under what
category the new menu option should be placed, use ``label`` attribute to specify what will be the menu option's name,
``href`` attribute for redirecting to a custom link, ``open_in_new_tab`` to make users open the link in new tab when
clicking it, ``icon`` for displaying an icon to the left and ``feature`` to condition this menu option by a fleio
feature. You can choose the icon name from https://fonts.google.com/icons.
Again, you can use ``core`` feature to make sure it will appear forever. Also, you can use the ``location``
attribute just like you did for categories.
To add a top level menu option (it will not be under any category) add a new option in the
``CUSTOM_MENU_OPTIONS_ENDUSER`` setting just like above, but not using the ``category`` attribute. So, this may look
like this:
.. code-block:: python
CUSTOM_MENU_OPTIONS_ENDUSER = [
{
'label': 'Top level',
'href': 'https://fleio.com',
'open_in_new_tab': True,
'icon_class': '',
'icon': 'warning',
'feature': 'core',
'location': 6,
},
]
For top level menu options, make sure their location is not the same with one defined for categories.
If you want to move the plugins position you can use the ``ENDUSER_PLUGINS_MENU_INSERT_INDEX`` variable. For example,
if you want to make sure that the plugins (tickets and domains) are always at the bottom you need to add the following
option in the settings.py file:
.. code-block:: python
ENDUSER_PLUGINS_MENU_INSERT_INDEX = 1000
After editing the ``settings.py`` file, you must restart all the ``fleio`` services (see :ref:`restart-fleio`). If you
are using the ``fleio edit settings.py`` command, you will be asked if you want to restart Fleio after saving any
changes.
.. _feature-toggle:
How to enable/disable features
------------------------------
Fleio allows you to enable or disable features for end-user and staff panel. When a feature is disabled, some user
interface elements, like a menu option or a button, may be hidden.
There are two Python dictionaries that define the features in your Fleio installation:
* ``FEATURES`` - dictionary defining end-user features
* ``STAFF_FEATURES`` - dictionary that defines features available in the staff panel
The dictionary entries may have one of the two values:
* ``True`` - feature is enabled
* ``False`` - feature is disabled
Features toggles have a tree-like structure with child elements present after a dot (``.``) in feature strings.
Disabling a top feature would disable all its children. For instance, setting ``'openstack': False``, would disable all
features beneath, like ``'openstack.instances'``, ``'openstack.volumes'``, ``'openstack.images'`` etc.
To enable or disable a feature you need :ref:`edit the settings.py file`. Here are a few examples
added at the end of the ``settings.py`` file:
.. code-block:: python
FEATURES['openstack.dns'] = False # disable DNS zones management from end-user panel
FEATURES['openstack.routers'] = False # disable routers menu option from end-user panel
FEATURES['plugins.tickets'] = False # disable support tickets from end-user panel panel
FEATURES['openstack.dns.ptr'] = False # disable PTR (or reverse DNS) link next to IPs on instance view
FEATURES['plugins.domains'] = False # disable domain registration from end-user panel
FEATURES['billing.recurring_payments'] = True # enable recurring payment options
FEATURES['clients&users.switch-client'] = True # show switch client option the end-user panel
FEATURES['clients&users.signup'] = False # do not allow end-users to self-sign-up
STAFF_FEATURES['plugins.tickets'] = False # disable support tickets from staff panel
STAFF_FEATURES['plugins.domains'] = False # disable domain registration from staff panel
STAFF_FEATURES['openstack.floatingips'] = True # disable floating IPs in the staff panel
You can see the full list of available feature toggles in the following files.
.. warning::
Do not edit these files as they are updated on Fleio upgrades and you may lose your changes. You can use them for
your reference, but only :ref:`modify the settings.py file`, which is specific to your
installation and is not changed on Fleio upgrades.
* ``fleio/common_settings.py``
* ``fleio/base_settings.py``
.. _list-base-settings:
Note that available features differ based on the Fleio edition you have installed (OpenStack Edition, Hosting Billing
Edition or both). Use the following commands to see the content of these files:
.. code-block:: bash
fleio bash cat /var/webapps/fleio/project/fleio/common_settings.py
fleio bash cat /var/webapps/fleio/project/fleio/base_settings.py
Here's how features are defined by default in the Fleio code as of version 2022.08.1.
.. warning::
Do not edit these files as they are overwritten on Fleio upgrades. You should only
:ref:`edit the settings.py file`.
The content shown below is from Fleio release 2022.08.1 and it may not be up to date. To see the features available
in your installation you can :ref:`list the content of these files`.
.. code-block:: python
# fleio/common_settings.py file
# do not edit, use just for your reference
# feature toggles for the end-user panel, for all Fleio editions
FEATURES = {
'demo': False,
'enduser': True,
'enduser.allow_changing_password': True,
'billing': True,
'billing.addcredit': True,
'billing.credit_auto_invoicing': True,
'billing.credit_estimate': True,
'billing.history': True,
'billing.invoices': True,
'billing.order': True,
'billing.pdf': True,
'billing.services': True,
'billing.recurring_payments': False,
'clients&users.clients': True,
'clients&users.clients.allow_country_change': True,
'logger.email-message-log': True,
'clients&users.invitations': True,
'clients&users.roles': True,
'clients&users.signup': True,
'clients&users.users': True,
'clients&users.userprofile': True,
'clients&users.second_factor_auth': True,
'clients&users.second_factor_auth.google_authenticator': True,
'clients&users.second_factor_auth.sms_authenticator': True,
'clients&users.switch-client': True,
'dashboard': True,
'notifications': True,
'plugins': True,
'plugins.cpanel': True,
'plugins.todo': True,
'utils': True,
'utils.operations': True,
}
# feature toggles for the staff panel, for all Fleio editions
STAFF_FEATURES = {
'demo': False,
'staff': True,
'billing': True,
'billing.external_billing': True,
'billing.gateways': True,
'billing.journal': True,
'billing.invoices': True,
'billing.orders': True,
'billing.products': True,
'billing.pdf': True,
'billing.services': True,
'billing.history': True,
'billing.service-cycles': True,
'billing.taxrules': True,
'billing.transactions': True,
'billing.reporting': True,
'clients&users.clients': True,
'clients&users.mass-mail': True,
'clients&users.roles': True,
'clients&users.clients.reset_usage': False,
'clients&users.clientgroups': True,
'clients&users.userprofile': True,
'clients&users.users': True,
'clients&users.usergroups': True,
'clients&users.second_factor_auth': True,
'clients&users.second_factor_auth.google_authenticator': True,
'clients&users.second_factor_auth.sms_authenticator': True,
'dashboard': True,
'app-status': True,
'logger': True,
'logger.periodic_task_log': True,
'logger.email-message-log': True,
'notifications': True,
'notifications.send': True,
'plugins': True,
'plugins.cpanel': True,
'plugins.todo': True,
'settings': True,
'settings.general': True,
'settings.general.single-sign-on': True,
'settings.configurations': True,
'settings.authorization': True,
'settings.message_templates': True,
'utils': True,
'utils.activitylog': True,
'utils.operations': True,
'utils.tasklog': True,
'utils.reports': True,
'utils.reports.yearly_revenue': True,
}
Besides the ``common_settings.py`` file features are also defined in ``base_settings.py``:
.. code-block:: python
# fleio/common_settings.py file
# do not edit, use just for your reference
# feature toggles for the end-user panel, for full Fleio edition
# Some of the features may be missing in your installation if you have a OpenStack Edition or Hosting Billing
# Edition license, instead of full license
FEATURES.update({
'openstack': True,
'openstack.apiusers': True,
'openstack.cleanup': True,
'openstack.cleanup.images': True,
'openstack.cleanup.images.showdate': True,
'openstack.coe.clusters': True,
'openstack.coe.clusters.create.master_lb_flag': False,
'openstack.coe.clusters.create.show_price': True,
'openstack.coe.cluster_templates': True,
'openstack.coe.cluster_templates.manage_cluster_templates': True,
'openstack.dbaas': True,
'openstack.dbaas.availability_zones': True,
'openstack.dbaas.replicas': True,
'openstack.dbaas.backups': True,
'openstack.dbaas.backup-schedules': True,
'openstack.dbaas.manage-root-access': True,
'openstack.dbaas.show-price-on-create': True,
'openstack.dns.ptr': True,
'openstack.dns.zones': True,
'openstack.flavors': True,
'openstack.floatingips': True,
'openstack.floatingips.show-price-on-create': True,
'openstack.images': True,
'openstack.images.copy': True,
'openstack.images.download': True,
'openstack.images.file_uploads': True,
'openstack.images.updatecreate': True,
'openstack.images.show-price-on-create': True,
'openstack.images.showcommunity': True,
'openstack.images.showshared': True,
'openstack.instances': True,
'openstack.instances.allow_changing_password': True,
'openstack.instances.availability_zones': False,
'openstack.instances.create-multiple': True,
'openstack.instances.show-price-on-create': True,
'openstack.instances.rescue': True,
'openstack.instances.resize.allow_resize_to_less_disk_space': True,
'openstack.instances.resize.show-price': True,
'openstack.instances.show_hypervisors': True,
'openstack.instances.snapshots': True,
'openstack.instances.snapshots.pricing': True,
'openstack.instances.shelving': True,
'openstack.instances.traffic': True,
'openstack.instances.networking.edit': True,
'openstack.instances.networking.ip-details': False,
'openstack.lbaas': True,
'openstack.lbaas.show-ip-address-input': False,
'openstack.lbaas.availability_zones': False,
'openstack.lbaas.show-region-select': True,
'openstack.lbaas.show-price-on-create': True,
'openstack.networks': True,
'openstack.networks.availability_zones': False,
'openstack.networks.display_external_networks': True,
'openstack.networks.display_shared_networks': True,
'openstack.networks.auto_create_network': True,
'openstack.osbackup': True,
'openstack.osbackup.pricing': True,
'openstack.osbackup.schedules': True,
'openstack.ports': True,
'openstack.ports.manage_public_network_related_ports': False,
'openstack.projects': True,
'openstack.routers': True,
'openstack.routers.availability_zones': False,
'openstack.securitygroups': True,
'openstack.sshkeys': True,
'openstack.subnetpools': True,
'openstack.volumes': True,
'openstack.volumes.availability_zones': False,
'openstack.volumes.backups': True,
'openstack.volumes.backups.show-price-on-create': True,
'openstack.volumes.show-price-on-create': True,
'openstack.volumes.snapshots': True,
'openstack.volumes.snapshots.show-price-on-create': True,
'openstack.volumes.boot': True,
'openstack.object-store': True,
'openstack.object-store.show-region-select': True,
'openstack.orchestration.heat-stacks': True,
'openstack.orchestration.heat-resource-types': True,
'openstack.orchestration.heat-template-versions': True,
'plugins.tickets': True,
'plugins.cpanelserver': True,
'plugins.domains': True,
'plugins.directadmin': True,
})
# feature toggles for the end-user panel, for full Fleio edition
# Some of the features may be missing in your installation if you have a OpenStack Edition or Hosting Billing
# Edition license, instead of full license
STAFF_FEATURES.update({
'openstack': True,
'openstack.apiusers': True,
'openstack.cleanup': True,
'openstack.cleanup.images': True,
'openstack.cleanup.images.showdate': True,
'openstack.coe.clusters': True,
'openstack.coe.clusters.create.master_lb_flag': False,
'openstack.coe.clusters.create.show_price': True,
'openstack.coe.cluster_templates': True,
'openstack.dbaas': True,
'openstack.dbaas.availability_zones': True,
'openstack.dbaas.replicas': True,
'openstack.dbaas.backups': True,
'openstack.dbaas.backup-schedules': True,
'openstack.dbaas.manage-root-access': True,
'openstack.dbaas.show-price-on-create': True,
'openstack.dns.ptr': True,
'openstack.dns.zones': True,
'openstack.flavors': True,
'openstack.floatingips': True,
'openstack.floatingips.show-price-on-create': True,
'openstack.hypervisors': True,
'openstack.images': True,
'openstack.images.copy': True,
'openstack.images.download': True,
'openstack.images.file_uploads': True,
'openstack.images.shareoncreate': True,
'openstack.images.showcommunity': True,
'openstack.images.showshared': True,
'openstack.images.updatecreate': True,
'openstack.instances': True,
'openstack.instances.allow_changing_password': True,
'openstack.instances.availability_zones': False,
'openstack.instances.create-multiple': True,
'openstack.instances.show-price-on-create': True,
'openstack.instances.rescue': True,
'openstack.instances.resize.show-price': True,
'openstack.instances.snapshots': True,
'openstack.instances.snapshots.pricing': True,
'openstack.instances.shelving': True,
'openstack.instances.traffic': True,
'openstack.instances.networking.ip-details': False,
'openstack.networks': True,
'openstack.networks.availability_zones': False,
'openstack.networks.auto_create_network': True,
'openstack.ports': True,
'openstack.projects': True,
'openstack.rbac_policies': True,
'openstack.routers': True,
'openstack.routers.availability_zones': False,
'openstack.securitygroups': True,
'openstack.sshkeys': True,
'openstack.subnetpools': True,
'openstack.subnets': True,
'openstack.volumes': True,
'openstack.volumes.availability_zones': False,
'openstack.volumes.backups': True,
'openstack.volumes.backups.show-price-on-create': True,
'openstack.volumes.show-price-on-create': True,
'openstack.volumes.snapshots': True,
'openstack.volumes.snapshots.show-price-on-create': True,
'openstack.volumes.types': True,
'openstack.volumes.boot': True,
'openstack.osbackup': True,
'openstack.osbackup.pricing': True,
'openstack.osbackup.schedules': True,
'openstack.settings': True,
'openstack.plans': True,
'plugins.cpanelserver': True,
'plugins.domains': True,
'plugins.directadmin': True,
'plugins.tickets': True,
'servers': True,
'utils.reports.estimated_instance_monthly_revenue': True,
})
.. _enduser-feature-toggle:
End-user features explained
----------------------------
* ``demo`` - enables demo mode - this will autofill demo/demo username and password on end-user login
page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow
anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.
* ``enduser`` - feature is only available in the end-user panel, used to differentiate between enduser and staff
* ``enduser.allow_changing_password`` - when set to ``False`` end-users are not allowed to change their password,
through **Forgot password** link or **Edit user profile**
* ``billing.addcredit`` - enables the ``Add credit`` button on dashboard
* ``billing.credit_auto_invoicing`` - enables the auto invoicing feature
* ``billing.credit_estimate`` - enables the credit estimate feature
* ``billing.history`` - enables billing history page
* ``billing.invoices`` - enables invoice functionality, this may be needed for ``Add credit``
* ``billing.order`` - enables order functionality allowing end user to order services
* ``billing.pdf`` - enables pdf generation for invoices
* ``billing.services`` - enables services view for end user, the user will be able to view and edit services
* ``billing.recurring_payments`` - enables recurring payments
* ``clients&users.clients`` - enables client feature for end users allowing to add or edit of clients
* ``clients&users.clients.allow_country_change`` - allow clients to change the country
* ``clients&users.invitations`` - enables the user invitation feature
* ``clients&users.roles`` - enables the user roles feature
* ``clients&users.second_factor_auth`` - enable second factor authentication(SFA) for end users
* ``clients&users.second_factor_auth.google_authenticator`` - enables google authenticator SFA method
* ``clients&users.second_factor_auth.sms_authenticator`` - enables sms authenticator SFA method
* ``clients&users.switch-client`` - enables the switch active client feature
* ``clients&users.signup`` - enables signup for end users. If this is disabled, users can only be added by staff users
or via the Fleio API
* ``clients&users.userprofile`` - enables used profile editing for end users
* ``dashboard``- when disabled the dashboard page will be empty
* ``notifications`` - enables notifications for end user
* ``openstack`` - enables child OpenStack features. When this is ``False``, all OpenStack functionality is disabled.
* ``openstack.apiusers`` - enables OpenStack API user management
* ``openstack.cleanup`` - enables OpenStack objects cleanup
* ``openstack.cleanup.images`` - when enabled user uploaded images are automatically deleted in X days
* ``openstack.cleanup.images.showdate`` - show the date when the user uploaded image will be automatically deleted
* ``openstack.coe.clusters`` - enables openstack Magnum cluster management
* ``openstack.coe.clusters.create.master_lb_flag`` - enables the Master LB flag on the cluster create form
* ``openstack.coe.clusters.create.show_price`` - will show the estimated price on the cluster create form
* ``openstack.coe.cluster_templates`` - enables openstack Magnum cluster template management
* ``openstack.coe.cluster_templates.manage_cluster_templates`` - allows the end user to manage and update clusters
template
* ``openstack.dbaas`` - enables OpenStack Trove database management
* ``openstack.dbaas.availability_zones`` - enables availability zones for OpenStack Trove
* ``openstack.dbaas.replicas`` - enables replicas for OpenStack Trove
* ``openstack.dbaas.backups`` - enables backup support and shows a "Backups" tab on database instance details
* ``'openstack.dbaas.backup-schedules`` - enables backup schedules support and shows a "Backup schedules" tab on
database instance details
* ``openstack.dbaas.manage-root-access`` - enables support for managing root access and shows the "Root access" tab on
database instance details
* ``openstack.dbaas.show-price-on-create`` - will show the estimated price on database instance create
* ``openstack.dns.ptr`` - enables dns ptr record editing for instances
* ``openstack.dns.zones`` - enables dns zones editing
* ``openstack.floatingips`` - enables floating IPs management for end users
* ``openstack.floatingips.show-price-on-create`` - will show the estimated price on floating IP create
* ``openstack.images`` - enables My images feature for end users where users can see snapshots and upload images
* ``openstack.images.copy`` - enables the image copy to other regions feature
* ``openstack.images.createupdate`` - enable create and update of images in **My images** page
* ``openstack.images.file_uploads`` - allow end user to upload images using files as source
* ``openstack.images.showcommunity`` - show community images, on separate tab, in create instance form
* ``openstack.images.showshared`` - show shared images in create instance form
* ``openstack.images.show-price-on-create`` - show the estimated price on image create form
* ``openstack.images.download`` - allows the end user to download images
* ``openstack.instances`` - enables management of instances for end users
* ``openstack.instances.allow_changing_password`` - enables and shows the instance menu option **Change password**
* ``openstack.instances.availability_zones`` - enables the availability zone dropdown on instance create form
* ``openstack.instances.snapshots`` - allows instance snapshots. This feature may require ``openstack.images`` to be
enabled
* ``openstack.instances.snapshots.pricing`` - shows the estimated price for instance snapshots
* ``openstack.instances.shelving`` - enables instance shelving feature
* ``openstack.instances.show_hypervisors`` - enables the display of hypervisors name on instance details
* ``openstack.instances.create-multiple`` - allows selecting the number of instances on create
* ``openstack.instances.show-price-on-create`` - show the estimated price on the instance create form
* ``openstack.instances.rescue`` - enables the instance rescue feature
* ``openstack.instances.resize.allow_resize_to_less_disk_space`` - allow resizing of instances to flavors with less disk
space
* ``openstack.instances.resize.show-price`` - show the estimated price on the instance resize form
* ``openstack.instances.traffic`` - enables instance traffic monitoring and billing functionality
* ``openstack.instances.networking.edit`` - enables networking tab for end user. This feature may require
``openstack.ports`` to be enabled
* ``openstack.instances.networking.ip-details`` - shows details about IP addresses (gateway, subnet mask ...)
* ``openstack.lbaas`` - enables the load balancers feature
* ``openstack.lbaas.show-ip-address-input`` - enables IP address input when creating a new load balancer
* ``openstack.lbaas.availability_zones`` - enables availability zone select when creating a load balancer
* ``openstack.lbaas.show-region-select`` - shows region selector on load balancer list
* ``openstack.lbaas.show-price-on-create`` - shows price estimation on load balancer create form
* ``openstack.networks`` - enables networks management for end users
* ``openstack.networks.availability_zones`` - enables the availability zones dropdown on network create form
* ``openstack.networks.auto_create_network`` - enables auto creation of networks
* ``openstack.networks.display_external_networks`` - displays external networks. This only applies to current user's
networks
* ``openstack.networks.display_shared_networks`` - displays shared networks created by current end-user or by other
end-users.
* ``openstack.ports.manage_public_network_related_ports`` - allows end user to edit his ports that are public
* ``openstack.routers`` - allow end-users to create and manage network routers
* ``openstack.routers.availability_zones`` - enables the availability zone dropdown on router create form
* ``openstack.securitygroups`` - enables security groups management for end users
* ``openstack.sshkeys`` - enables SSH key management for end users
* ``openstack.subnetpools`` - enables management of subnet pools for end users
* ``openstack.volumes`` - enables management of volumes for end users
* ``openstack.volumes.show-price-on-create`` - show the estimated price on volume create form
* ``openstack.volumes.availability_zones`` - enables the availability zones dropdown on volume create form
* ``openstack.volumes.backups`` - enables volume backup management
* ``openstack.volumes.backups.show-price-on-create`` - show the estimated price on volume backup create form
* ``openstack.volumes.boot`` - show the boot from volume feature on instance create form
* ``openstack.volumes.snapshots`` - enables the volume snapshot feature
* ``openstack.volumes.snapshots.show-price-on-create`` - show the estimated price on volume snapshot create form
* ``openstack.osbackup`` - enables server backup functionality for end users
* ``openstack.osbackup.pricing`` - show the estimated price on server backup
* ``openstack.osbackup.schedules`` - allow end-users to edit backup schedule
* ``openstack.object-store`` - enables the object store feature
* ``openstack.orchestration.heat-stacks`` - enables the heat stacks
* ``openstack.orchestration.heat-resource-types`` - enables the heat resource types
* ``openstack.orchestration.heat-template-versions`` - enables the heat template versions
* ``plugins`` - when ``False`` all below plugins will be disabled
* ``plugins.todo`` - enables the TODO plugin
* ``plugins.tickets`` - enables support tickets functionality
* ``plugins.cpanel`` - enables cPanel functionality
* ``plugins.cpanelserver`` - enables cPanel server functionality
* ``plugins.domains`` - enables domain name registration and management
* ``utils`` - enables the utils feature
* ``utils.operations`` - enables the operations feature
.. versionadded:: 2022.05.1
* ``openstack.object-store.show-region-select`` - enables the region select dropdown on the object store view
Staff user features explained
------------------------------
* ``demo`` - enables demo mode - this will autofill demo/demo username and password on end-user login
page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow
anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.
* ``staff`` - feature is only available in the staff panel, used to differentiate between end user and staff
* ``billing`` - when ``True``, enables billing features; when ``False`` disables all features that start
with ``billing. ...``
* ``billing.gateways`` - enables gateways functionality for staff
* ``billing.journal`` - enables journal viewer for staff
* ``billing.invoices`` - enables invoice management for staff
* ``billing.orders`` - enables order management for staff
* ``billing.reporting`` - enables the reporting feature
* ``billing.products`` - enables products management for staff
* ``billing.pdf`` - enabled pdf generation for invoices
* ``billing.services`` - enables services management for staff
* ``billing.service-cycles`` - enables the service cycles tab on services
* ``billing.taxrules`` - enables tax rules management for staff
* ``billing.transactions`` - enables transactions functionality
* ``clients&users.clients`` - enables clients management for staff
* ``clients&users.users`` - enables users management for staff
* ``clients&users.userprofile`` - enables used profile editing for staff
* ``clients&users.second_factor_auth`` - enable second factor authentication(SFA) for end users
* ``clients&users.second_factor_auth.google_authenticator`` - enables google authenticator SFA method
* ``clients&users.second_factor_auth.sms_authenticator`` - enables sms authenticator SFA method
* ``clients&users.roles`` - enables the user roles management
* ``clients&users.clientgroups`` - enables client groups management for staff
* ``clients&users.usergroups`` - enables user group management for staff
* ``clients&users.clients.reset_usage`` - enables the reset usage feature
* ``dashboard``- when disabled the dashboard page will be empty
* ``app-status`` - shows **App services** on staff dashboard
* ``openstack.apiusers`` - enables OpenStack API user management
* ``openstack.cleanup`` - enables OpenStack objects cleanup
* ``openstack.cleanup.images`` - enables automatic deletion of user uploaded images after X days
* ``openstack.cleanup.images.showdate`` - show the date when the user uploaded images will be automatically deleted
* ``openstack.coe.clusters`` - enables openstack Magnum cluster management
* ``openstack.coe.cluster_templates`` - enables openstack Magnum cluster template management
* ``openstack.coe.clusters.create.master_lb_flag`` - enables the Master LB flag on cluster create form
* ``openstack.coe.clusters.create.show_price`` - shows the estimated price on the cluster create form
* ``openstack.dbaas`` - enables OpenStack Trove database management
* ``openstack.dbaas.availability_zones`` - enables availability zones for OpenStack Trove
* ``openstack.dbaas.replicas`` - enables replicas for OpenStack Trove
* ``openstack.dns.ptr`` - enables DNS PTR record editing for instances
* ``openstack.dns.zones`` - enables DNS zone editing
* ``openstack.flavors`` - enables flavors management
* ``openstack.floatingips`` - enables floating IPs management for staff
* ``openstack.floatingips.show-price-on-create`` - shows the estimated price on floating IP create form
* ``openstack.images`` - enables Image management for staff where staff users can see snapshots and upload images
* ``openstack.images.copy`` - enables the image copy to other regions feature
* ``openstack.images.download`` - allow staff users to download images
* ``openstack.images.file_upload`` - allow staff users to upload images from files
* ``openstack.images.shareoncreate`` - enables instance creation based on an image from another project. The image will
be shared between projects.
* ``openstack.images.showcommunity`` - show community images, on separate tab, in create instance form
* ``openstack.images.showshared`` - show shared images in create instance form
* ``openstack.instances`` - enables management of instances for staff
* ``openstack.instances.availability_zones`` - enables availability zones dropdown menu on instance crate form
* ``openstack.instances.create-multiple`` - allows selecting the number of instances on create
* ``openstack.instances.show-price-on-create`` - show the price on instance create form
* ``openstack.instances.rescue`` - enables the instance rescue feature
* ``openstack.instances.resize.show-price`` -- show the estimated price on instance resize form
* ``openstack.instances.allow_changing_password`` - enables and shows the instance menu option **Change password**
* ``openstack.instances.snapshots`` - allows instance snapshots. This feature may require ``openstack.images`` to be
enabled
* ``openstack.instances.snapshots.pricing`` - show the estimated price on instance snapshot create form
* ``openstack.instances.shelving`` - enables instance shelving feature
* ``openstack.instances.traffic`` - enables instance traffic monitoring and billing functionality
* ``openstack.networks`` - enables networks management for staff
* ``openstack.networks.availability_zones`` - enables the availability zones dropdown on network create form
* ``openstack.networks.auto_create_network`` - enables the auto create network feature
* ``openstack.ports`` - enables ports management for staff
* ``openstack.projects`` - enables project management for staff
* ``openstack.rbac_policies`` - enables RBAC policies management for staff
* ``openstack.routers`` - enables routers management for staff
* ``openstack.routers.availability_zones`` - enables the availability zones dropdown on router create form
* ``openstack.securitygroups`` - enables security groups management for staff
* ``openstack.sshkeys`` - enables ssh key management for staff
* ``openstack.subnetpools`` - enables management of subnet pools for staff
* ``openstack.subnets`` - enables subnet management for staff
* ``openstack.volumes`` - enables management of volumes for staff
* ``openstack.volumes.availability_zones`` - enables the availability zones dropdown on volume create form
* ``openstack.volumes.show-price-on-create`` - show the estimated price on volume create form
* ``openstack.volumes.backups`` - enables volume backup management
* ``openstack.volumes.backups.show-price-on-create`` - show the estimated price on volume backup create form
* ``openstack.volumes.snapshots``- enables the volume snapshot feature
* ``openstack.volumes.snapshots.show-price-on-create`` - show the estimated price on volume snapshot create form
* ``openstack.volumes.types`` - enables the volumes type feature
* ``openstack.volumes.boot`` - allow staff users mark volume as bootable
* ``openstack.osbackup`` - enables backup of instances
* ``openstack.osbackup.schedules`` - allow staff users to edit backup schedule
* ``openstack.osbackup.pricing`` - show the estimated price on server backup
* ``openstack.settings`` - enables OpenStack settings on staff panel
* ``openstack.plans`` - enables management of OpenStack pricing plans
* ``plugins`` - when ``False`` all below plugins will be disabled
* ``plugins.todo`` - enables the TODO plugin
* ``plugins.tickets`` - enables support tickets functionality
* ``plugins.cpanel`` - enables cPanel functionality
* ``plugins.cpanelserver`` - enables cPanel server functionality
* ``plugins.domains`` - enables domain name registration and management
* ``settings`` - disables all settings
* ``settings.general`` - enables general settings on staff panel
* ``settings.general.single-sign-on`` - enables single sign-on tab in general settings on staff panel
* ``settings.configurations`` - enables management of configurations
* ``settings.authorization`` - enables authorization frontend for staff
* ``settings.message_templates`` - enables message templates frontend for staff
* ``utils`` - when ``False`` disables **Utils** menu group and functionality
* ``utils.activitylog`` - enables activity log viewer on staff page
* ``utils.tasklog`` - enables task log viewer on staff page
* ``utils.reports`` - enables reports
* ``utils.reports.yearly_revenue`` - enables the yearly revenue report
* ``utils.operations`` - enables operations view
* ``servers`` - enables servers feature
* ``servers`` - enables shared hosting servers management
* ``notifications.send`` - enables important staff notifications (currently for invoices and new orders)
Override enduser features
-------------------------
End user features can be overridden for end users based on client group using the `OVERRIDE_FEATURES` setting.
For example if you want to disable `billing.addcredit` for clients belonging to client group `group1` your
`OVERRIDE_FEATURES` settings should look like this:
.. code-block:: python
OVERRIDE_FEATURES = {
'group1': {
'billing.addcredit': False
}
}
Note that the override features are only applied in frontend and only in the end-user panel.
.. _session-seconds-setting:
Customize user session expiry time
----------------------------------
The end-user and staff authentication sessions expire after a certain period of time. This period can be configured by
:ref:`editing settings.py` and adding one of the following variables:
.. code-block:: python
# Number of seconds in which the end-user authentication session expires when "Remember me" is disabled
ENDUSER_SHORT_SESSION_SECONDS = 3600 * 24 # 24 hours
# Number of seconds in which the end-user authentication session expires when "Remember me" is enabled
ENDUSER_LONG_SESSION_SECONDS = 3600 * 24 * 60 # 60 days
# Number of seconds in which the staff user authentication session expires when "Remember me" is disabled
STAFF_SHORT_SESSION_SECONDS = 3600 * 24 # 24 hours
# Number of seconds in which the staff user authentication session expires when "Remember me" is enabled
STAFF_LONG_SESSION_SECONDS = 3600 * 24 * 60 # 60 days
.. _backend-add-credit-url:
Configure custom add credit URL
-------------------------------
You can use an external link, if you are using another system (like WHMCS) to handle invoicing and credit
card payments rather than fleio. You can customize the add credit URL which will reflect in several places including
:ref:`the one in end-user dashboard`. This will also be used when sending email notifications
regarding client having low credit and being out of credit or on the end-user cloud resources create form when the
client has a credit amount lower than the one required to create new resources (configurable from the fleio
configurations)
Edit :ref:`settings.py` and add:
.. code-block:: Python
# Leave empty to use the default add credit URL of Fleio
# fill in 'client_group_name': 'http://url...' pairs when using an external billing
# when the dictionary has a single entry it will be used regardless of the 'client_group_name'
ADD_CREDIT_URLS = {}
.. _exchange-rate-settings:
Currency exchange settings
--------------------------
Fleio can update the currency exchange rate using one of the following connectors:
* *European Central Bank connector*: ``ECBConnector`` relative to EUR currency
* *Romanian National Bank connector*: ``BNRConnector`` relative to RON currency
* *Ukraine Bank connector*: ``UAConnector`` relative to UAH currency
Configure the connector by adding the lines below to :ref:`settings.py`. By default, ``ECBconnector``
connector is used and automatic exchange rate update is not enabled:
.. code-block:: python
# Possible connector values: 'ECBConnector', 'BNRConnector' or 'UAConnector'
# When set to None, 'ECBconnector' is used by default
DEFAULT_EXCHANGE_RATE_CONNECTOR = None
# Set value below to True to enable automatic exchange rate update. Also requires scheduled task enablement.
AUTO_UPDATE_EXCHANGE_RATES = False
To update currency exchange rates automatically, enable :ref:`update-exchange-schedule`.
Openstack pricing rule settings
-------------------------------
Openstack pricing rule price decimals can be configured by updating ``PRICING_RULE_PRICE_MAX_DECIMAL_PLACES``. Default
value is 8, we do not recommend using a value greater than 8 since the least significant decimals may be ignored.
You can also configure minimum price per pricing rule by changing ``MINIMUM_PRICE_PER_RULE``. Default value of 0.01
means any rule that applies to a resource will generate a price of at least 0.01 in the rule currency.
.. note::
Note that the ``MINIMUM_PRICE_PER_RULE`` setting will apply to all pricing rules and resources, except on the
resources from the pricing rules that have the ``pricing rule for free`` setting (e.g. instance IPs).
SSO_MAX_AGE
-----------
External billing systems, like WHMCS, generate single sign-on URLs. For security reasons, SSO URLs contain a timestamp
from the moment they were generated.
``SSO_MAX_AGE`` specifies after how many seconds, from the generation time, the single sign-on URL expires.
If single sign-on ULR is expired, it won't work anymore.
PROXY_SETTINGS
--------------
If you are behind a proxy server, you must set this variable, to access the licensing server for setting the license.
Set it to: PROXY_SETTINGS = {'https': ':', }. For example:
.. code-block:: python
PROXY_SETTINGS = {'https': '10.10.1.11:1080', }
.. _throttle-rates:
Adjusting throttle rates
------------------------
To protect against brute force or denial-of-service attacks, Fleio uses the
`throttling mechanism provided by the Django REST framework
`_.
Here is an examples of how to change the limit rates. Lines below would be :ref:`added to the settings.py
file`:
.. code-block:: python
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['signup'] = '10/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['password_reset'] = '100/hour'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['resend_email_verification'] = '100/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['accept_client_invitation'] = '100/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['send_client_invitation'] = '50/day'
You can see the default throttling rates and the values that you can adjust by :ref:`listing the content of
common_settings.py`.
.. warning::
Do not assign a value directly to ``REST_FRAMEWORK`` (e.g. ``REST_FRAMEWORK = ...``). This will overwrite any
additions to ``REST_FRAMEWORK`` in future Fleio upgrades. Assign individual dictionary keys instead, like
``REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['signup'] = '10/day'``.
.. note::
Do not edit ``common_settings.py`` as it is overwritten on Fleio upgrades. Only
:ref:`edit the settings.py file`.
The content shown below is from Fleio release 2022.08.1 and it may not be up to date. To see the default throttling
values for your version, :ref:`list the content of common_settings.py`.
.. code-block:: python
# code from common_settings.py
# do not edit common_settings.py
REST_FRAMEWORK = {
# ...
'DEFAULT_THROTTLE_RATES': {
'login': '60/hour',
'django_admin': '60/hour',
'signup': '2/day',
'confirm_email': '100/day',
'resend_email_verification': '100/day',
'password_reset': '10/hour',
'gateway_callback': '1000/hour',
'anonymous_sms_authenticator': '60/hour',
'sms_sending': '15/hour',
'ticket_attachments_create': '100/day',
'accept_client_invitation': '100/day',
'send_client_invitation': '50/day',
},
# ...
}
.. _celery_beat_tasks_schedule:
Adjusting the celery beat tasks schedule
----------------------------------------
To change the time interval at which scheduled tasks run or to enable some scheduled tasks that are disabled by default,
you need to add lines at the end of the :ref:`settings.py file `.
.. note::
If you initially installed Fleio before the 2022.11.0 release, you will have several lines in ``settings.py``
that start with ``# CELERY_BEAT_SCHEDULE = {`` or ``CELERY_BEAT_SCHEDULE = {``.
If all the lines are commented (you haven't made any adjustment until now to task schedule), it's best to remove
all commented lines (about 30 lines) starting with ``# CELERY_BEAT_SCHEDULE = {``. This way you will avoid any
confusion on future changes.
If you have made changes (so ``CELERY_BEAT_SCHEDULE = {`` is uncommented, as well as some lines below it), we
recommend that you redefine the scheduled tasks by using the samples below, then delete the entire
``CELERY_BEAT_SCHEDULE = {`` section. Note that some tasks have changed their name, e.g.
``'collect_traffic_data_task_every_15_minutes'`` became ``'collect_traffic_data'``. Use the names below.
Frequency of scheduled tasks is set by using the ``crontab`` Celery function. For available options, see
`crontab in Celery documentation `_.
For example, you may want to run "process clients" every minute: use ``crontab(minute='*')``. This makes sense in a
test installation and may be too frequent for a production Fleio installation.
.. _process-clients-task-schedule:
Process clients task schedule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To adjust the frequency of "process clients" scheduled task, add this at the end of
:ref:`settings.py file `:
.. code-block:: python
CELERY_BEAT_SCHEDULE['process_clients_task_every_15_minutes'] = {
'task': 'Process clients task',
'schedule': crontab(minute='*/15')
}
``crontab(minute='*/15')`` means every 15 minutes.
If you want "process clients" to update prices for product billing cycles that have the **Auto calculate prices**
checkbox checked, you need to enable it by adding the following line to :ref:`settings.py`.
.. code-block:: python
UPDATE_RELATIVE_PRICES_BEFORE_PROCESSING_CLIENTS = True
.. _update-exchange-schedule:
Update currency exchange rate task schedule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To add a scheduled task that updates exchange rates at midnight, add this at the end of
:ref:`settings.py file `:
.. code-block:: python
# Enable automatic currency update
AUTO_UPDATE_EXCHANGE_RATES = True
CELERY_BEAT_SCHEDULE['update_exchange_rates'] = {
'task': 'Update exchange rates task',
'schedule': crontab(hour='0', minute='0')
}
Collect OpenStack traffic data task schedule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To enable scheduled OpenStack traffic data collection add this at the end of
:ref:`settings.py file `:
.. code-block:: python
CELERY_BEAT_SCHEDULE['collect_traffic_data'] = {
'task': 'Collect traffic data task',
'schedule': crontab(minute='*/15')
}
``crontab(minute='*/15')`` means every 15 minutes.
.. _backups-schedule-setting:
Scheduled backups task schedule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scheduled backups task schedule is not enabled by default. If you are using the instance scheduled backup feature, you
need to add the code below to enable it.
To enable scheduled backups that you or your end-users define on compute instances, add this at the end of
:ref:`settings.py file `:
.. code-block:: python
CELERY_BEAT_SCHEDULE['process_scheduled_backups'] = {
'task': 'Process scheduled backups task',
'schedule': crontab(minute='5,20,35,50')
}
``crontab(minute='5,20,35,50')`` translates to "run every hour at minutes 5, 20, 35 and 50".
.. _dbaas-backup-schedules-setting:
Database instance scheduled backups task schedule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scheduled database instance backups task is not enabled by default. If you are using the database instance backup
schedules feature, you need to add the code below to enable it.
To enable scheduled backups that you or your end-users define on database instances, add this at the end of
:ref:`settings.py file `:
.. code-block:: python
CELERY_BEAT_SCHEDULE['process_scheduled_dbaas_backups'] = {
'task': 'Process scheduled database instance backups task',
'schedule': crontab(minute='5,20,35,50')
}
``crontab(minute='5,20,35,50')`` translates to "run every hour at minutes 5, 20, 35 and 50".
Delete expired HTTP sessions task schedule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To delete expired sessions from the database, add this at the end of :ref:`settings.py file `:
.. code-block:: python
CELERY_BEAT_SCHEDULE['clear_expired_sessions_every_12_hours'] = {
'task': 'Clear expired sessions task',
'schedule': crontab(hour='*/12', minute='45')
}
``crontab(hour='*/12', minute='45')`` defines "run daily at 00:45 and at 12:45".
Delete old logs task schedule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To delete old logs (based on policy defined in the staff panel **Settings** > **General** > **ADVANCED SETTINGS** tab),
add at the end of :ref:`settings.py file `:
.. code-block:: python
CELERY_BEAT_SCHEDULE['cleanup_old_logs_every_24_hours'] = {
'task': 'Cleanup old logs',
'schedule': crontab(hour='3', minute='30')
}
``crontab(hour='3', minute='30')`` runs the task nightly at 3:30.
.. _process-referrals-schedule-setting:
Process referrals task schedule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This task processes referred clients and their referrers.
You must set this at the end of :ref:`settings.py file ` in order for the "Process referrals task"
scheduled task to run:
.. code-block:: python
CELERY_BEAT_SCHEDULE['process_referrals'] = {
'task': 'Process referrals task',
'schedule': crontab(hour='*/12', minute='0')
}
``crontab(hour='*/12', minute='0')`` means "At minute 0 past every 12th hour".
Note: clients are not processed unless you also enable the referral system
from :doc:`related section `.
Update clients tax exempt status task schedule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This tasks connects to the VIES VAT ID's database and checks if client's VAT ID's from Fleio database are still valid.
To adjust the frequency of "Update clients tax exempt" scheduled task, add this at the end of
:ref:`settings.py file `:
.. code-block:: python
CELERY_BEAT_SCHEDULE['update_clients_tax_exempt'] = {
'task': 'Update clients tax exempt',
'schedule': crontab(hour='*/12', minute='0')
}
``crontab(hour='*/12', minute='0')`` means "At minute 0 past every 12th hour".
OpenStack hypervisors sync task schedule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To schedule OpenStack hypervisors sync add the lines below at the end of :ref:`settings.py file `.
This is useful when you frequently add hypervisors to your OpenStack cloud. Alternatively, you can run
``fleio sync --hypervisors`` at the console after you add a hypervisor in OpenStack, instead of this scheduled task.
.. code-block:: python
CELERY_BEAT_SCHEDULE['sync_hypervisors'] = {
'task': 'Hypervisors background synchronization',
'schedule': crontab(minute='40')
}
``crontab(minute='40')`` runs every hour at minute 40.
.. _configure-celery-task-time-limits:
Configure Celery task time limits
---------------------------------
Celery tasks have time limits defined in seconds that are configurable. The soft time limit allows the task to catch an
exception to clean up before it is killed and the hard timeout force terminates the task. You may overwrite those in
``settings.py``. Here are the default values defined in Fleio (values are in seconds):
.. code-block:: python
CELERY_TASK_SOFT_TIME_LIMIT = 1200
CELERY_TASK_TIME_LIMIT = 1500
LONG_RUNNING_TASK_TIME_LIMIT = 36 * 3600
As you can see, the `LONG_RUNNING_TASK_TIME_LIMIT` has a value of 36 hours defined (36 * 3600 seconds). This is used for
tasks that we expect to take much longer to finish than other tasks. Those using the longer limit are for example:
'Process clients task', 'Update clients tax exempt', 'Cleanup old logs', etc.
.. _password-settings:
Configure password complexity requirements
------------------------------------------
Fleio handles the password complexity requirements using several variables that you may overwrite in ``settings.py``.
The default complexity is the following:
.. code-block:: python
ENDUSER_PASSWORD_MIN_LEN = 8
ENDUSER_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
ENDUSER_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
ENDUSER_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
ENDUSER_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
ENDUSER_ROOT_PASSWORD_MIN_LEN = 8
ENDUSER_ROOT_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
ENDUSER_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
ENDUSER_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
ENDUSER_ROOT_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
STAFF_PASSWORD_MIN_LEN = 8
STAFF_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
STAFF_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
STAFF_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
STAFF_ROOT_PASSWORD_MIN_LEN = 8
STAFF_ROOT_PASSWORD_REGEXES = [
# '[a-z]', # password should contain a lower case letter
# '[A-Z]', # password should contain a upper case letter
# '[0-9]', # password should contain a digit
# r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
STAFF_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
STAFF_ROOT_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
Variables ending with `_PASSWORD_REGEXES` contain a list of regular expressions used for password validation.
A password is considered valid if it matches all the regexes.
After you configure them by your needs you must restart the ``fleio`` services. See :ref:`restart-fleio`.
Default OpenStack object names
------------------------------
Fleio creates a new security group for each client (OpenStack project) the first time an instance is created.
And this new security group will be automatically added to all instances the end-user creates.
By default, this security group is called `fleio` and has description `fleio`. You can change the default name and
description by adding these lines in your :ref:`settings.py` file:
.. code-block:: python
# Name of the security group that is automatically created when the end-user creates the first instance
SECURITY_GROUP_NAME = 'fleio'
# Description of the same automatically created security group
SECURITY_GROUP_DESCRIPTION = 'fleio'
Default security group rules
----------------------------
Security groups are actually firewall rules in OpenStack. Though, the rules are not defined inside the virtual machine
(instance), but on the networking layer (OpenStack Neutron project).
Fleio creates a security group automatically when the first instance is created for a client. To customize the name and
the description of this security group see previous section.
The default Fleio security rules of this automatically created security group will allow all IPv4 and IPv6 traffic:
.. code-block:: python
DEFAULT_IPV4_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
},
]
DEFAULT_IPV6_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
},
]
You can customize the two list of rules in your :ref:`settings.py`. Note that each of the two settings
consists of a list of Python dictionaries. Each dictionary is a security rule.
You can find here the possible dictionary keys:
https://github.com/openstack/neutron/blob/34448578cba471a0a4f1b49308eeb5c54009a725/neutron/db/securitygroups_db.py#L403
And a description of each key here:
https://docs.openstack.org/python-openstackclient/train/cli/command-objects/security-group-rule.html
One dictionary key is a parameter of a security rule. For security group rules that uses ports you will have to specify
the protocol type.
The most common security group rules are the following:
.. code-block:: python
DEFAULT_IPV4_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '22',
'port_range_max': '22',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '80',
'port_range_max': '80',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '443',
'port_range_max': '443',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '3389',
'port_range_max': '3389',
'protocol': 'tcp',
},
]
DEFAULT_IPV6_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '22',
'port_range_max': '22',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '80',
'port_range_max': '80',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '443',
'port_range_max': '443',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '3389',
'port_range_max': '3389',
'protocol': 'tcp',
},
]
Note that you do not need to set security group for all outbound traffic (egress on 0.0.0.0/0 and ::/0) since these are
created by default on each security group.
.. _default-ptr-settings:
Default IP PTR record (reverse DNS)
-----------------------------------
.. versionremoved:: 2024.03.0
Default PTR settings: ``PTR_DEFAULT_FORMAT``, ``PTR_DEFAULT_FORMAT_IPV6``, ``INVERSE_ADDRESS_ZONE_DEFAULT_EMAIL`` and
``PTR_RECORDS_FORCE_LOWERCASE`` from settings.py are no longer used as they were moved to frontend in the
Settings -> OpenStack page on Defaults tab. Starting with Fleio version 2024.03, you must edit them
from :doc:`related section `.
Image related settings
----------------------
Fleio offers some customisable options regarding openstack images, options that can be adjusted by editing the
:ref:`settings.py file`:
.. code-block:: python
OS_IMAGE_CREATE_DISK_FORMATS = ['ami', 'ari', 'aki', 'vhd', 'vmdk', 'raw', 'qcow2', 'vdi', 'iso']
IMPORT_IMAGE_FROM_URL_MAX_PARALLEL_OPERATIONS = 5
IMPORT_IMAGE_FROM_URL_MAX_GB_PER_IMAGE = 20
IMPORT_IMAGE_FROM_FILE_MAX_PARALLEL_UPLOADS = 10
IMPORT_IMAGE_FROM_FILE_MAX_GB_PER_IMAGE = 20
* ``OS_IMAGE_CREATE_DISK_FORMATS``: filters the files that are available for upload at image creation
* ``IMPORT_IMAGE_FROM_URL_MAX_PARALLEL_OPERATIONS``: limits image uploads from URL to maximum X concurrent operations
* ``IMPORT_IMAGE_FROM_URL_MAX_GB_PER_IMAGE``: limits the maximum upload from URL for each image to X GB
* ``IMPORT_IMAGE_FROM_FILE_MAX_PARALLEL_UPLOADS``: limits image uploads from a file to maximum X concurrent uploads
* ``IMPORT_IMAGE_FROM_FILE_MAX_GB_PER_IMAGE``: limits the maximum upload from a file for each image to X GB
Beware that Fleio comes with a default value of 5GB for `client_max_body_size` setting in nginx configuration. To change
it, you need to override the ``/etc/nginx/templates/web.conf.template`` file from the ``fleio-web-1`` container by
applying the same principles as in this guide: :ref:`change-docker-files`. The docker command that changes the setting
from 5GB to 20GB, for example, can look like this:
.. code-block:: Dockerfile
RUN sed -i \
's/client_max_body_size 5000m;/client_max_body_size 20000m;/g' \
"/etc/nginx/templates/web.conf.template"
.. _default-user-language:
Default user language
---------------------
Default user language is set in Fleio to English. This means that whenever an end-user signs up, English is assigned to
his account. In order to override this setting, add it to :ref:`settings.py file` like in the
following example:
.. code-block:: python
DEFAULT_USER_LANGUAGE = 'en'
.. _default-message-template-language-code:
Default message template language code
--------------------------------------
Email messages and notifications are sent to Fleio users in their chosen language. When a message template with the user
language is not found in Fleio, the template using the language defined in ``DEFAULT_MESSAGE_TEMPLATE_LANGUAGE_CODE`` is
used. The setting defaults to English and in order to override that, add it to :ref:`settings.py file`
like in the following example:
.. code-block:: python
# if you're going to modify this, make sure you have all current message templates translated in the new language
DEFAULT_MESSAGE_TEMPLATE_LANGUAGE_CODE = 'en'
.. _log-notifications:
Notifications logging settings
------------------------------
For debug purposes, you can enable logging of RabbitMQ notifications that Fleio receives from OpenStack.
You can define a list of strings in ``OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS``. When notification messages
are received, if the notification name contains any of the strings in the
``OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS`` list, it will be logged. Notifications are logged in the
``fleio_log`` Docker volume. You can see the log content by entering the utils container with the ``fleio bash``
command and then running ``cat /var/log/fleio/os_event_notifications.txt``.
Configuration example:
.. code-block:: python
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'project']
# Will log event notification to /var/log/fleio/os_event_notifications.txt that contain or ar the same as the keywords
# defined here. Example: OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'snapshot.update.start', 'identity']
# Change OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE value to show whole notification or just a summary
If ``'*'`` is specified, it will log all notification messages received from OpenStack. Note that this may generate a
high number of I/O operations on local storage. Therefore, it is not recommended to permanently have all notifications
logged in a busy production environment.
Here's how you can use OpenStack notifications logging for debugging:
.. raw:: html
.. code-block:: python
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['*'] # will log all notifications
By default, ``OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE`` is ``False`` and Fleio will simply log the notification
name. If you want to log the detailed JSON notification payload, then set:
.. code-block:: python
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE = True
.. _max-mind-settings:
MaxMind fraud check
-------------------
Fleio can use MaxMind fraud detection to check new orders. In order tot be able to use MaxMind fraud detection you need
to add the following settings in your :ref:`settings.py file`:
.. code-block:: python
MAXMIND_CLIENTID = ""
MAXMIND_LICENSE = ""
Replace ```` and ```` in the above code with authentication details received from MaxMind.
Once these settings are added to ``settings.py`` MaxMind fraud check can be enabled on a configuration basis. See
:ref:`MaxMind fraud check configuration`
.. _direct-admin:
Direct admin licensing module
-----------------------------
In order to be able to use the Direct Admin licensing module you need to add the following dictionary in your
:ref:`settings.py file`:
.. code-block:: python
DIRECT_ADMIN = {
'CLIENT_UID': '',
'CLIENT_PASSWORD': '',
'REMOTE_HOST': 'https://www.directadmin.com',
'USER_AGENT': 'Fleio'
}
After that you need to go into the Staff -> Billing -> Products and define your DA license product. For that, you will
have to choose the ``DirectAdmin billing`` module. On the DirectAdmin module configuration part, you will be able to
choose the license type.
.. _sync-settings:
OpenStack sync settings
-----------------------
.. _exclude-backup-volumes-from-sync:
Exclude backup volumes from sync
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. versionadded:: 2022.05.1
During some operations (e.g. volume backup) OpenStack will create temporary, short-lived volumes that are of no
interest. No notifications are generated for these volumes, and they will not usually be visible in Fleio however if you
run `sync` with this setting set to `False` these volumes may be added to Fleio database. Enabling this setting will
exclude volumes named `backup-vol-UUID` where UUID is a valid uuid during sync. This setting will only have effect if
`consumes_quota` attribute is not available for volumes (cinder API ver < 3.65). If `consume_quota` attribute is
available all volumes with `consume_quota` will be ignored during sync.
.. code-block:: python
EXCLUDE_SYNC_RESLOG_BACKUP_TEMP_VOLUMES = False
Sync batch size
~~~~~~~~~~~~~~~
To change the number of OpenStack objects (e.g. compute instances or security groups) that are synced at once, add the
following variable to :ref:`settings.py` and adjust the value. A low value for
``SYNC_FETCH_OBJECTS_BATCH_SIZE`` is useful if your OpenStack API connection is slow and tends to time out.
.. code-block:: python
SYNC_FETCH_OBJECTS_BATCH_SIZE = 100
.. _bind-user-sessions-to-ip-address:
Bind user sessions to IP address
--------------------------------
.. versionadded:: 2022.11.0
Fleio is able to bind user session to IP address so that the same authentication tokens (Fleio frontend token, Django
session token) used by someone from a client IP address will not work when used from another IP address (user will be
considered unauthenticated/logged out). This is the default behaviour and can be controlled separately for end-users and
staff users by changing the following :ref:`settings`.
.. code-block:: python
BIND_SESSION_IP_STAFF_USER = True
BIND_SESSION_IP_END_USER = True
Note that Fleio API tokens (FleioToken-s with frontend flag set to False) are not affected by these settings.
Enable Django admin
-------------------
See :ref:`enable_django_admin`.
Enable logging for incoming ticket emails
-----------------------------------------
See :ref:`log-ticket-emails`.
.. _allow-negative-rule-prices:
Allowing negative rule prices
-----------------------------
To allow negative prices for OpenStack pricing rules set `OSBILLING_NEGATIVE_PRICE_ALWAYS_ZERO` to `False`.
This setting will affect final rule price, after all filters and modifiers are applied.
If this is set to `True` if a rule has negative price it will be set to zero.
.. _load-balancer-cost-estimate-default-amphorae-count:
Load balancer cost estimate default amphorae count
--------------------------------------------------
When no flavor is selected on load balancer create form, `OPENSTACK_LB_DEFAULT_AMPHORAE_COUNT` is used for price
estimation. You can override the default in :ref:`settings.py file`:
.. code-block:: python
OPENSTACK_LB_DEFAULT_AMPHORAE_COUNT = 2