settings.py file¶
You can change Fleio options and behavior from the settings.py
file as described below.
Note that, besides the backend settings described in this document, frontend settings are also available to personalize your installation.
Edit settings.py file¶
The settings.py
file is specific to your Fleio installation and contains details like database connection parameters
or features that are enabled/disabled in your case. We have implemented a model similar to inheritance, where we have
common_settings.py
and base_settings.py
files with default settings for all Fleio installations and the options
in the base file may be safely overwritten in settings.py
.
Warning
Do not edit base_settings.py
or common_settings.py
. These files are overwritten during Fleio upgrades
and your changes will be lost. Add your changes to settings.py
, which is not overwritten on upgrades.
Still, you can see the content of common_settings.py
and base_settings.py
for your reference. Some advanced
Fleio options may not be documented, this is when the source code comes in handy.
fleio bash cat /var/webapps/fleio/project/fleio/common_settings.py
fleio bash cat /var/webapps/fleio/project/fleio/base_settings.py
You can also display the content of settings.py
:
fleio bash cat /var/webapps/fleio/project/fleio/fleiosettings/settings.py
To edit the Fleio settings file please use the following command:
fleio edit settings.py
On exit, press “Y” if you want to restart Fleio and apply changes immediately. Or press “n” if you plan to manually restart Fleio later.
Warning
Changes to the settings.py
file only apply after the Fleio containers are restarted.
settings.py
is stored in a Docker volume, and you can also access it with the Fleio utils container. Docker volumes
are only accessible from within a Docker container. Here’s how you start bash
in a temporarily created Docker
container and show the full path to settings.py
.
# launch the Fleio utils Docker container
fleio bash
# path of the settings file:
ls /var/webapps/fleio/project/fleio/fleiosettings/settings.py
Restarting Fleio¶
In order to restart Fleio you need to use the following command:
fleio restart
Django and DRF settings¶
The Fleio backend is built on Django web framework and Django REST framework. You can overwrite Django and DRF settings
in the settings.py
file, as well. Read about their available settings
in the Django documentation and
in the DRF documentation.
Fleio specific settings¶
Some advanced Fleio settings can only be changed by editing the settings file:
Email settings¶
See Email Settings.
ADMINS setting¶
By default, Fleio sends emails to ADMINS
when errors occur. Errors may be caused by OpenStack API operations or by
unhandled exceptions. This offers visibility to what happens in Fleio and administrators can take action to correct
errors.
The error messages are not sent to the Fleio staff users because if the database server is down, the list of staff users cannot be read.
The same staff user details you fill in during Fleio install are added to ADMINS
. You can edit
editing settings and add or remove administrators like this:
ADMINS = (
('Jane Doe', 'jane@doe.com'),
('George Orwell', 'george@orwell.com'),
)
Emails sent to admins have the From
field defined by the SERVER_EMAIL
setting. See Email Settings.
Configure timezone¶
All dates and timestamps are saved on UTC timezone in the Fleio database. This makes things simpler and consistent between different Fleio installations.
The service billing cycles start at midnight on the TIME_ZONE configured in settings.py.
Most of the dates in the Fleio user interface are localized on the timezone of the user’s workstation operating system.
To change the time zone in settings.py, edit the following variable:
TIME_ZONE = 'UTC'
TIME_ZONE
is initially set to the value you fill in when installing Fleio.
To find out more about TIME_ZONE
, including valid values, see Django documentation.
How to enable/disable features¶
Fleio allows you to enable or disable features for end-user and staff panel. When a feature is disabled, some user interface elements, like a menu option or a button, may be hidden.
There are two Python dictionaries that define the features in your Fleio installation:
FEATURES
- dictionary defining end-user featuresSTAFF_FEATURES
- dictionary that defines features available in the staff panel
The dictionary entries may have one of the two values:
True
- feature is enabledFalse
- feature is disabled
Features toggles have a tree-like structure with child elements present after a dot (.
) in feature strings.
Disabling a top feature would disable all its children. For instance, setting 'openstack': False
, would disable all
features beneath, like 'openstack.instances'
, 'openstack.volumes'
, 'openstack.images'
etc.
To enable or disable a feature you need edit the settings.py file. Here are a few examples
added at the end of the settings.py
file:
FEATURES['openstack.dns'] = False # disable DNS zones management from end-user panel
FEATURES['openstack.routers'] = False # disable routers menu option from end-user panel
FEATURES['plugins.tickets'] = False # disable support tickets from end-user panel panel
FEATURES['openstack.dns.ptr'] = False # disable PTR (or reverse DNS) link next to IPs on instance view
FEATURES['plugins.domains'] = False # disable domain registration from end-user panel
FEATURES['billing.recurring_payments'] = True # enable recurring payment options
FEATURES['clients&users.switch-client'] = True # show switch client option the end-user panel
FEATURES['clients&users.signup'] = False # do not allow end-users to self-sign-up
STAFF_FEATURES['plugins.tickets'] = False # disable support tickets from staff panel
STAFF_FEATURES['plugins.domains'] = False # disable domain registration from staff panel
STAFF_FEATURES['openstack.floatingips'] = True # disable floating IPs in the staff panel
You can see the full list of available feature toggles in the following files.
Warning
Do not edit these files as they are updated on Fleio upgrades and you may lose your changes. You can use them for your reference, but only modify the settings.py file, which is specific to your installation and is not changed on Fleio upgrades.
fleio/common_settings.py
fleio/base_settings.py
Note that available features differ based on the Fleio edition you have installed (OpenStack Edition, Hosting Billing Edition or both). Use the following commands to see the content of these files:
fleio bash cat /var/webapps/fleio/project/fleio/common_settings.py
fleio bash cat /var/webapps/fleio/project/fleio/base_settings.py
Here’s how features are defined by default in the Fleio code as of version 2022.08.1.
Warning
Do not edit these files as they are overwritten on Fleio upgrades. You should only edit the settings.py file.
The content shown below is from Fleio release 2022.08.1 and it may not be up to date. To see the features available in your installation you can list the content of these files.
# fleio/common_settings.py file
# do not edit, use just for your reference
# feature toggles for the end-user panel, for all Fleio editions
FEATURES = {
'demo': False,
'enduser': True,
'enduser.allow_changing_password': True,
'billing': True,
'billing.addcredit': True,
'billing.credit_auto_invoicing': True,
'billing.credit_estimate': True,
'billing.history': True,
'billing.invoices': True,
'billing.order': True,
'billing.pdf': True,
'billing.services': True,
'billing.recurring_payments': False,
'clients&users.api_tokens': True,
'clients&users.clients': True,
'clients&users.clients.allow_country_change': True,
'logger.email-message-log': True,
'clients&users.invitations': True,
'clients&users.roles': True,
'clients&users.signup': True,
'clients&users.users': True,
'clients&users.userprofile': True,
'clients&users.second_factor_auth': True,
'clients&users.second_factor_auth.google_authenticator': True,
'clients&users.second_factor_auth.sms_authenticator': True,
'clients&users.switch-client': True,
'dashboard': True,
'notifications': True,
'plugins': True,
'plugins.cpanel': True,
'plugins.todo': True,
'utils': True,
'utils.operations': True,
}
# feature toggles for the staff panel, for all Fleio editions
STAFF_FEATURES = {
'demo': False,
'staff': True,
'billing': True,
'billing.external_billing': True,
'billing.gateways': True,
'billing.journal': True,
'billing.invoices': True,
'billing.orders': True,
'billing.products': True,
'billing.pdf': True,
'billing.services': True,
'billing.history': True,
'billing.service-cycles': True,
'billing.taxrules': True,
'billing.transactions': True,
'billing.reporting': True,
'clients&users.api_tokens': True,
'clients&users.clients': True,
'clients&users.mass-mail': True,
'clients&users.roles': True,
'clients&users.clients.reset_usage': False,
'clients&users.clientgroups': True,
'clients&users.userprofile': True,
'clients&users.users': True,
'clients&users.usergroups': True,
'clients&users.second_factor_auth': True,
'clients&users.second_factor_auth.google_authenticator': True,
'clients&users.second_factor_auth.sms_authenticator': True,
'dashboard': True,
'app-status': True,
'logger': True,
'logger.periodic_task_log': True,
'logger.email-message-log': True,
'notifications': True,
'notifications.send': True,
'plugins': True,
'plugins.cpanel': True,
'plugins.todo': True,
'settings': True,
'settings.general': True,
'settings.general.single-sign-on': True,
'settings.configurations': True,
'settings.authorization': True,
'settings.message_templates': True,
'utils': True,
'utils.activitylog': True,
'utils.operations': True,
'utils.tasklog': True,
'utils.reports': True,
'utils.reports.yearly_revenue': True,
}
Besides the common_settings.py
file features are also defined in base_settings.py
:
# fleio/common_settings.py file
# do not edit, use just for your reference
# feature toggles for the end-user panel, for full Fleio edition
# Some of the features may be missing in your installation if you have a OpenStack Edition or Hosting Billing
# Edition license, instead of full license
FEATURES.update({
'openstack': True,
'openstack.apiusers': True,
'openstack.cleanup': True,
'openstack.cleanup.images': True,
'openstack.cleanup.images.showdate': True,
'openstack.coe.clusters': True,
'openstack.coe.clusters.create.master_lb_flag': False,
'openstack.coe.clusters.create.show_price': True,
'openstack.coe.cluster_templates': True,
'openstack.coe.cluster_templates.manage_cluster_templates': True,
'openstack.dbaas': True,
'openstack.dbaas.availability_zones': True,
'openstack.dbaas.replicas': True,
'openstack.dbaas.backups': True,
'openstack.dbaas.backup-schedules': True,
'openstack.dbaas.manage-root-access': True,
'openstack.dbaas.show-price-on-create': True,
'openstack.dns.ptr': True,
'openstack.dns.zones': True,
'openstack.flavors': True,
'openstack.floatingips': True,
'openstack.floatingips.show-price-on-create': True,
'openstack.images': True,
'openstack.images.copy': True,
'openstack.images.download': True,
'openstack.images.file_uploads': True,
'openstack.images.updatecreate': True,
'openstack.images.show-price-on-create': True,
'openstack.images.showcommunity': True,
'openstack.images.showshared': True,
'openstack.instances': True,
'openstack.instances.allow_changing_password': True,
'openstack.instances.availability_zones': False,
'openstack.instances.create-multiple': True,
'openstack.instances.show-price-on-create': True,
'openstack.instances.rescue': True,
'openstack.instances.resize.allow_resize_to_less_disk_space': True,
'openstack.instances.resize.show-price': True,
'openstack.instances.show_hypervisors': True,
'openstack.instances.snapshots': True,
'openstack.instances.snapshots.pricing': True,
'openstack.instances.shelving': True,
'openstack.instances.traffic': True,
'openstack.instances.networking.edit': True,
'openstack.instances.networking.ip-details': False,
'openstack.lbaas': True,
'openstack.lbaas.show-ip-address-input': False,
'openstack.lbaas.availability_zones': False,
'openstack.lbaas.show-region-select': True,
'openstack.lbaas.show-price-on-create': True,
'openstack.networks': True,
'openstack.networks.availability_zones': False,
'openstack.networks.display_external_networks': True,
'openstack.networks.display_shared_networks': True,
'openstack.networks.auto_create_network': True,
'openstack.osbackup': True,
'openstack.osbackup.pricing': True,
'openstack.osbackup.schedules': True,
'openstack.ports': True,
'openstack.ports.manage_public_network_related_ports': False,
'openstack.projects': True,
'openstack.routers': True,
'openstack.routers.availability_zones': False,
'openstack.securitygroups': True,
'openstack.sshkeys': True,
'openstack.subnetpools': True,
'openstack.volumes': True,
'openstack.volumes.availability_zones': False,
'openstack.volumes.backups': True,
'openstack.volumes.backups.show-price-on-create': True,
'openstack.volumes.show-price-on-create': True,
'openstack.volumes.snapshots': True,
'openstack.volumes.snapshots.show-price-on-create': True,
'openstack.volumes.boot': True,
'openstack.object-store': True,
'openstack.object-store.show-region-select': True,
'openstack.orchestration.heat-stacks': True,
'openstack.orchestration.heat-resource-types': True,
'openstack.orchestration.heat-template-versions': True,
'plugins.tickets': True,
'plugins.cpanelserver': True,
'plugins.domains': True,
'plugins.directadmin': True,
})
# feature toggles for the end-user panel, for full Fleio edition
# Some of the features may be missing in your installation if you have a OpenStack Edition or Hosting Billing
# Edition license, instead of full license
STAFF_FEATURES.update({
'openstack': True,
'openstack.apiusers': True,
'openstack.cleanup': True,
'openstack.cleanup.images': True,
'openstack.cleanup.images.showdate': True,
'openstack.coe.clusters': True,
'openstack.coe.clusters.create.master_lb_flag': False,
'openstack.coe.clusters.create.show_price': True,
'openstack.coe.cluster_templates': True,
'openstack.dbaas': True,
'openstack.dbaas.availability_zones': True,
'openstack.dbaas.replicas': True,
'openstack.dbaas.backups': True,
'openstack.dbaas.backup-schedules': True,
'openstack.dbaas.manage-root-access': True,
'openstack.dbaas.show-price-on-create': True,
'openstack.dns.ptr': True,
'openstack.dns.zones': True,
'openstack.flavors': True,
'openstack.floatingips': True,
'openstack.floatingips.show-price-on-create': True,
'openstack.hypervisors': True,
'openstack.images': True,
'openstack.images.copy': True,
'openstack.images.download': True,
'openstack.images.file_uploads': True,
'openstack.images.shareoncreate': True,
'openstack.images.showcommunity': True,
'openstack.images.showshared': True,
'openstack.images.updatecreate': True,
'openstack.instances': True,
'openstack.instances.allow_changing_password': True,
'openstack.instances.availability_zones': False,
'openstack.instances.create-multiple': True,
'openstack.instances.show-price-on-create': True,
'openstack.instances.rescue': True,
'openstack.instances.resize.show-price': True,
'openstack.instances.snapshots': True,
'openstack.instances.snapshots.pricing': True,
'openstack.instances.shelving': True,
'openstack.instances.traffic': True,
'openstack.instances.networking.ip-details': False,
'openstack.networks': True,
'openstack.networks.availability_zones': False,
'openstack.networks.auto_create_network': True,
'openstack.ports': True,
'openstack.projects': True,
'openstack.rbac_policies': True,
'openstack.routers': True,
'openstack.routers.availability_zones': False,
'openstack.securitygroups': True,
'openstack.sshkeys': True,
'openstack.subnetpools': True,
'openstack.subnets': True,
'openstack.volumes': True,
'openstack.volumes.availability_zones': False,
'openstack.volumes.backups': True,
'openstack.volumes.backups.show-price-on-create': True,
'openstack.volumes.show-price-on-create': True,
'openstack.volumes.snapshots': True,
'openstack.volumes.snapshots.show-price-on-create': True,
'openstack.volumes.types': True,
'openstack.volumes.boot': True,
'openstack.osbackup': True,
'openstack.osbackup.pricing': True,
'openstack.osbackup.schedules': True,
'openstack.settings': True,
'openstack.plans': True,
'plugins.cpanelserver': True,
'plugins.domains': True,
'plugins.directadmin': True,
'plugins.tickets': True,
'servers': True,
'utils.reports.estimated_instance_monthly_revenue': True,
})
End-user features explained¶
demo
- enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.enduser
- feature is only available in the end-user panel, used to differentiate between enduser and staffenduser.allow_changing_password
- when set toFalse
end-users are not allowed to change their password, through Forgot password link or Edit user profilebilling.addcredit
- enables theAdd credit
button on dashboardbilling.credit_auto_invoicing
- enables the auto invoicing featurebilling.credit_estimate
- enables the credit estimate featurebilling.history
- enables billing history pagebilling.invoices
- enables invoice functionality, this may be needed forAdd credit
billing.order
- enables order functionality allowing end user to order servicesbilling.pdf
- enables pdf generation for invoicesbilling.services
- enables services view for end user, the user will be able to view and edit servicesbilling.recurring_payments
- enables recurring paymentsclients&users.api_tokens
- enables management of API tokens from frontend in my profile section for end-users, and on user details for staff users.clients&users.clients
- enables client feature for end users allowing to add or edit of clientsclients&users.clients.allow_country_change
- allow clients to change the countryclients&users.invitations
- enables the user invitation featureclients&users.roles
- enables the user roles featureclients&users.second_factor_auth
- enable second factor authentication(SFA) for end usersclients&users.second_factor_auth.google_authenticator
- enables google authenticator SFA methodclients&users.second_factor_auth.sms_authenticator
- enables sms authenticator SFA methodclients&users.switch-client
- enables the switch active client featureclients&users.signup
- enables signup for end users. If this is disabled, users can only be added by staff users or via the Fleio APIclients&users.userprofile
- enables used profile editing for end usersdashboard
- when disabled the dashboard page will be emptynotifications
- enables notifications for end useropenstack
- enables child OpenStack features. When this isFalse
, all OpenStack functionality is disabled.openstack.apiusers
- enables OpenStack API user managementopenstack.cleanup
- enables OpenStack objects cleanupopenstack.cleanup.images
- when enabled user uploaded images are automatically deleted in X daysopenstack.cleanup.images.showdate
- show the date when the user uploaded image will be automatically deletedopenstack.coe.clusters
- enables OpenStack Magnum cluster managementopenstack.coe.clusters.create.master_lb_flag
- enables the Master LB flag on the cluster create formopenstack.coe.clusters.create.show_price
- will show the estimated price on the cluster create formopenstack.coe.cluster_templates
- enables OpenStack Magnum cluster template managementopenstack.coe.cluster_templates.manage_cluster_templates
- allows the end user to manage and update clusters templateopenstack.dbaas
- enables OpenStack Trove database managementopenstack.dbaas.availability_zones
- enables availability zones for OpenStack Troveopenstack.dbaas.replicas
- enables replicas for OpenStack Troveopenstack.dbaas.backups
- enables backup support and shows a “Backups” tab on database instance details'openstack.dbaas.backup-schedules
- enables backup schedules support and shows a “Backup schedules” tab on database instance detailsopenstack.dbaas.manage-root-access
- enables support for managing root access and shows the “Root access” tab on database instance detailsopenstack.dbaas.show-price-on-create
- will show the estimated price on database instance createopenstack.dns.ptr
- enables dns ptr record editing for instancesopenstack.dns.zones
- enables dns zones editingopenstack.floatingips
- enables floating IPs management for end usersopenstack.floatingips.show-price-on-create
- will show the estimated price on floating IP createopenstack.images
- enables My images feature for end users where users can see snapshots and upload imagesopenstack.images.copy
- enables the image copy to other regions featureopenstack.images.createupdate
- enable create and update of images in My images pageopenstack.images.file_uploads
- allow end user to upload images using files as sourceopenstack.images.showcommunity
- show community images, on separate tab, in create instance formopenstack.images.showshared
- show shared images in create instance formopenstack.images.show-price-on-create
- show the estimated price on image create formopenstack.images.download
- allows the end user to download imagesopenstack.instances
- enables management of instances for end usersopenstack.instances.allow_changing_password
- enables and shows the instance menu option Change passwordopenstack.instances.availability_zones
- enables the availability zone dropdown on instance create formopenstack.instances.snapshots
- allows instance snapshots. This feature may requireopenstack.images
to be enabledopenstack.instances.snapshots.pricing
- shows the estimated price for instance snapshotsopenstack.instances.shelving
- enables instance shelving featureopenstack.instances.show_hypervisors
- enables the display of hypervisors name on instance detailsopenstack.instances.create-multiple
- allows selecting the number of instances on createopenstack.instances.show-price-on-create
- show the estimated price on the instance create formopenstack.instances.rescue
- enables the instance rescue featureopenstack.instances.resize.allow_resize_to_less_disk_space
- allow resizing of instances to flavors with less disk spaceopenstack.instances.resize.show-price
- show the estimated price on the instance resize formopenstack.instances.traffic
- enables instance traffic monitoring and billing functionalityopenstack.instances.networking.edit
- enables networking tab for end user. This feature may requireopenstack.ports
to be enabledopenstack.instances.networking.ip-details
- shows details about IP addresses (gateway, subnet mask …)openstack.lbaas
- enables the load balancers featureopenstack.lbaas.show-ip-address-input
- enables IP address input when creating a new load balanceropenstack.lbaas.availability_zones
- enables availability zone select when creating a load balanceropenstack.lbaas.show-region-select
- shows region selector on load balancer listopenstack.lbaas.show-price-on-create
- shows price estimation on load balancer create formopenstack.networks
- enables networks management for end usersopenstack.networks.availability_zones
- enables the availability zones dropdown on network create formopenstack.networks.auto_create_network
- enables auto creation of networksopenstack.networks.display_external_networks
- displays external networks. This only applies to current user’s networksopenstack.networks.display_shared_networks
- displays shared networks created by current end-user or by other end-users.openstack.ports.manage_public_network_related_ports
- allows end user to edit his ports that are publicopenstack.routers
- allow end-users to create and manage network routersopenstack.routers.availability_zones
- enables the availability zone dropdown on router create formopenstack.securitygroups
- enables security groups management for end usersopenstack.sshkeys
- enables SSH key management for end usersopenstack.subnetpools
- enables management of subnet pools for end usersopenstack.volumes
- enables management of volumes for end usersopenstack.volumes.show-price-on-create
- show the estimated price on volume create formopenstack.volumes.availability_zones
- enables the availability zones dropdown on volume create formopenstack.volumes.backups
- enables volume backup managementopenstack.volumes.backups.show-price-on-create
- show the estimated price on volume backup create formopenstack.volumes.boot
- show the boot from volume feature on instance create formopenstack.volumes.snapshots
- enables the volume snapshot featureopenstack.volumes.snapshots.show-price-on-create
- show the estimated price on volume snapshot create formopenstack.osbackup
- enables server backup functionality for end usersopenstack.osbackup.pricing
- show the estimated price on server backupopenstack.osbackup.schedules
- allow end-users to edit backup scheduleopenstack.object-store
- enables the object store featureopenstack.orchestration.heat-stacks
- enables the heat stacksopenstack.orchestration.heat-resource-types
- enables the heat resource typesopenstack.orchestration.heat-template-versions
- enables the heat template versionsplugins
- whenFalse
all below plugins will be disabledplugins.todo
- enables the TODO pluginplugins.tickets
- enables support tickets functionalityplugins.cpanel
- enables cPanel functionalityplugins.cpanelserver
- enables cPanel server functionalityplugins.domains
- enables domain name registration and managementutils
- enables the utils featureutils.operations
- enables the operations feature
Added in version 2022.05.1.
openstack.object-store.show-region-select
- enables the region select dropdown on the object store view
Staff user features explained¶
demo
- enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.staff
- feature is only available in the staff panel, used to differentiate between end user and staffbilling
- whenTrue
, enables billing features; whenFalse
disables all features that start withbilling. ...
billing.gateways
- enables gateways functionality for staffbilling.journal
- enables journal viewer for staffbilling.invoices
- enables invoice management for staffbilling.orders
- enables order management for staffbilling.reporting
- enables the reporting featurebilling.products
- enables products management for staffbilling.pdf
- enabled pdf generation for invoicesbilling.services
- enables services management for staffbilling.service-cycles
- enables the service cycles tab on servicesbilling.taxrules
- enables tax rules management for staffbilling.transactions
- enables transactions functionalityclients&users.clients
- enables clients management for staffclients&users.users
- enables users management for staffclients&users.userprofile
- enables used profile editing for staffclients&users.second_factor_auth
- enable second factor authentication(SFA) for end usersclients&users.second_factor_auth.google_authenticator
- enables google authenticator SFA methodclients&users.second_factor_auth.sms_authenticator
- enables sms authenticator SFA methodclients&users.roles
- enables the user roles managementclients&users.clientgroups
- enables client groups management for staffclients&users.usergroups
- enables user group management for staffclients&users.clients.reset_usage
- enables the reset usage featuredashboard
- when disabled the dashboard page will be emptyapp-status
- shows App services on staff dashboardopenstack.apiusers
- enables OpenStack API user managementopenstack.cleanup
- enables OpenStack objects cleanupopenstack.cleanup.images
- enables automatic deletion of user uploaded images after X daysopenstack.cleanup.images.showdate
- show the date when the user uploaded images will be automatically deletedopenstack.coe.clusters
- enables OpenStack Magnum cluster managementopenstack.coe.cluster_templates
- enables OpenStack Magnum cluster template managementopenstack.coe.clusters.create.master_lb_flag
- enables the Master LB flag on cluster create formopenstack.coe.clusters.create.show_price
- shows the estimated price on the cluster create formopenstack.dbaas
- enables OpenStack Trove database managementopenstack.dbaas.availability_zones
- enables availability zones for OpenStack Troveopenstack.dbaas.replicas
- enables replicas for OpenStack Troveopenstack.dns.ptr
- enables DNS PTR record editing for instancesopenstack.dns.zones
- enables DNS zone editingopenstack.flavors
- enables flavors managementopenstack.floatingips
- enables floating IPs management for staffopenstack.floatingips.show-price-on-create
- shows the estimated price on floating IP create formopenstack.images
- enables Image management for staff where staff users can see snapshots and upload imagesopenstack.images.copy
- enables the image copy to other regions featureopenstack.images.download
- allow staff users to download imagesopenstack.images.file_upload
- allow staff users to upload images from filesopenstack.images.shareoncreate
- enables instance creation based on an image from another project. The image will be shared between projects.openstack.images.showcommunity
- show community images, on separate tab, in create instance formopenstack.images.showshared
- show shared images in create instance formopenstack.instances
- enables management of instances for staffopenstack.instances.availability_zones
- enables availability zones dropdown menu on instance crate formopenstack.instances.create-multiple
- allows selecting the number of instances on createopenstack.instances.show-price-on-create
- show the price on instance create formopenstack.instances.rescue
- enables the instance rescue featureopenstack.instances.resize.show-price
– show the estimated price on instance resize formopenstack.instances.allow_changing_password
- enables and shows the instance menu option Change passwordopenstack.instances.snapshots
- allows instance snapshots. This feature may requireopenstack.images
to be enabledopenstack.instances.snapshots.pricing
- show the estimated price on instance snapshot create formopenstack.instances.shelving
- enables instance shelving featureopenstack.instances.traffic
- enables instance traffic monitoring and billing functionalityopenstack.networks
- enables networks management for staffopenstack.networks.availability_zones
- enables the availability zones dropdown on network create formopenstack.networks.auto_create_network
- enables the auto create network featureopenstack.ports
- enables ports management for staffopenstack.projects
- enables project management for staffopenstack.rbac_policies
- enables RBAC policies management for staffopenstack.routers
- enables routers management for staffopenstack.routers.availability_zones
- enables the availability zones dropdown on router create formopenstack.securitygroups
- enables security groups management for staffopenstack.sshkeys
- enables ssh key management for staffopenstack.subnetpools
- enables management of subnet pools for staffopenstack.subnets
- enables subnet management for staffopenstack.volumes
- enables management of volumes for staffopenstack.volumes.availability_zones
- enables the availability zones dropdown on volume create formopenstack.volumes.show-price-on-create
- show the estimated price on volume create formopenstack.volumes.backups
- enables volume backup managementopenstack.volumes.backups.show-price-on-create
- show the estimated price on volume backup create formopenstack.volumes.snapshots
- enables the volume snapshot featureopenstack.volumes.snapshots.show-price-on-create
- show the estimated price on volume snapshot create formopenstack.volumes.types
- enables the volumes type featureopenstack.volumes.boot
- allow staff users mark volume as bootableopenstack.osbackup
- enables backup of instancesopenstack.osbackup.schedules
- allow staff users to edit backup scheduleopenstack.osbackup.pricing
- show the estimated price on server backupopenstack.settings
- enables OpenStack settings on staff panelopenstack.plans
- enables management of OpenStack pricing plansplugins
- whenFalse
all below plugins will be disabledplugins.todo
- enables the TODO pluginplugins.tickets
- enables support tickets functionalityplugins.cpanel
- enables cPanel functionalityplugins.cpanelserver
- enables cPanel server functionalityplugins.domains
- enables domain name registration and managementsettings
- disables all settingssettings.general
- enables general settings on staff panelsettings.general.single-sign-on
- enables single sign-on tab in general settings on staff panelsettings.configurations
- enables management of configurationssettings.authorization
- enables authorization frontend for staffsettings.message_templates
- enables message templates frontend for staffutils
- whenFalse
disables Utils menu group and functionalityutils.activitylog
- enables activity log viewer on staff pageutils.tasklog
- enables task log viewer on staff pageutils.reports
- enables reportsutils.reports.yearly_revenue
- enables the yearly revenue reportutils.operations
- enables operations viewservers
- enables servers featureservers
- enables shared hosting servers managementnotifications.send
- enables important staff notifications (currently for invoices and new orders)
Override enduser features¶
End user features can be overridden for end users based on client group using the OVERRIDE_FEATURES setting. For example if you want to disable billing.addcredit for clients belonging to client group group1 your OVERRIDE_FEATURES settings should look like this:
OVERRIDE_FEATURES = {
'group1': {
'billing.addcredit': False
}
}
Note that the override features are only applied in frontend and only in the end-user panel.
Customize user session expiry time¶
The end-user and staff authentication sessions expire after a certain period of time. This period can be configured by editing settings.py and adding one of the following variables:
# Number of seconds in which the end-user authentication session expires when "Remember me" is disabled
ENDUSER_SHORT_SESSION_SECONDS = 3600 * 24 # 24 hours
# Number of seconds in which the end-user authentication session expires when "Remember me" is enabled
ENDUSER_LONG_SESSION_SECONDS = 3600 * 24 * 60 # 60 days
# Number of seconds in which the staff user authentication session expires when "Remember me" is disabled
STAFF_SHORT_SESSION_SECONDS = 3600 * 24 # 24 hours
# Number of seconds in which the staff user authentication session expires when "Remember me" is enabled
STAFF_LONG_SESSION_SECONDS = 3600 * 24 * 60 # 60 days
Configure custom add credit URL¶
You can use an external link, if you are using another system (like WHMCS) to handle invoicing and credit card payments rather than fleio. You can customize the add credit URL which will reflect in several places including the one in end-user dashboard. This will also be used when sending email notifications regarding client having low credit and being out of credit or on the end-user cloud resources create form when the client has a credit amount lower than the one required to create new resources (configurable from the fleio configurations)
Edit settings.py and add:
# Leave empty to use the default add credit URL of Fleio
# fill in 'client_group_name': 'http://url...' pairs when using an external billing
# when the dictionary has a single entry it will be used regardless of the 'client_group_name'
ADD_CREDIT_URLS = {}
Currency exchange settings¶
Fleio can update the currency exchange rate using one of the following connectors:
European Central Bank connector:
ECBConnector
relative to EUR currencyRomanian National Bank connector:
BNRConnector
relative to RON currencyUkraine Bank connector:
UAConnector
relative to UAH currency
Configure the connector by adding the lines below to settings.py. By default, ECBconnector
connector is used and automatic exchange rate update is not enabled:
# Possible connector values: 'ECBConnector', 'BNRConnector' or 'UAConnector'
# When set to None, 'ECBconnector' is used by default
DEFAULT_EXCHANGE_RATE_CONNECTOR = None
# Set value below to True to enable automatic exchange rate update. Also requires scheduled task enablement.
AUTO_UPDATE_EXCHANGE_RATES = False
To update currency exchange rates automatically, enable Update currency exchange rate task schedule.
OpenStack pricing rule settings¶
OpenStack pricing rule price decimals can be configured by updating INTER_PRICE_DECIMAL_PLACES
. Default
value is 9, we do not recommend using a value greater than 9 since the least significant decimals may be ignored.
You can also configure minimum price per pricing rule by changing OSBILLING_MINIMUM_PRICE_PER_RULE
. Default value of 0.01
means any rule that applies to a resource will generate a price of at least 0.01 in the rule currency.
Note
Note that the OSBILLING_MINIMUM_PRICE_PER_RULE
setting will apply to all pricing rules and resources, except on the
resources from the pricing rules that have the pricing rule for free
setting (e.g. instance IPs).
SSO_MAX_AGE¶
External billing systems, like WHMCS, generate single sign-on URLs. For security reasons, SSO URLs contain a timestamp from the moment they were generated.
SSO_MAX_AGE
specifies after how many seconds, from the generation time, the single sign-on URL expires.
If single sign-on ULR is expired, it won’t work anymore.
PROXY_SETTINGS¶
If you are behind a proxy server, you must set this variable, to access the licensing server for setting the license.
Set it to: PROXY_SETTINGS = {‘https’: ‘<ip>:<port>’, }. For example:
PROXY_SETTINGS = {'https': '10.10.1.11:1080', }
Adjusting throttle rates¶
To protect against brute force or denial-of-service attacks, Fleio uses the throttling mechanism provided by the Django REST framework.
Here is an examples of how to change the limit rates. Lines below would be added to the settings.py file:
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['signup'] = '10/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['password_reset'] = '100/hour'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['resend_email_verification'] = '100/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['accept_client_invitation'] = '100/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['send_client_invitation'] = '50/day'
You can see the default throttling rates and the values that you can adjust by listing the content of common_settings.py.
Warning
Do not assign a value directly to REST_FRAMEWORK
(e.g. REST_FRAMEWORK = ...
). This will overwrite any
additions to REST_FRAMEWORK
in future Fleio upgrades. Assign individual dictionary keys instead, like
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['signup'] = '10/day'
.
Note
Do not edit common_settings.py
as it is overwritten on Fleio upgrades. Only
edit the settings.py file.
The content shown below is from Fleio release 2022.08.1 and it may not be up to date. To see the default throttling values for your version, list the content of common_settings.py.
# code from common_settings.py
# do not edit common_settings.py
REST_FRAMEWORK = {
# ...
'DEFAULT_THROTTLE_RATES': {
'login': '60/hour',
'django_admin': '60/hour',
'signup': '2/day',
'confirm_email': '100/day',
'resend_email_verification': '100/day',
'password_reset': '10/hour',
'gateway_callback': '1000/hour',
'anonymous_sms_authenticator': '60/hour',
'sms_sending': '15/hour',
'ticket_attachments_create': '100/day',
'accept_client_invitation': '100/day',
'send_client_invitation': '50/day',
},
# ...
}
Adjusting the celery beat tasks schedule¶
To change the time interval at which scheduled tasks run or to enable some scheduled tasks that are disabled by default, you need to add lines at the end of the settings.py file.
Note
If you initially installed Fleio before the 2022.11.0 release, you will have several lines in settings.py
that start with # CELERY_BEAT_SCHEDULE = {
or CELERY_BEAT_SCHEDULE = {
.
If all the lines are commented (you haven’t made any adjustment until now to task schedule), it’s best to remove
all commented lines (about 30 lines) starting with # CELERY_BEAT_SCHEDULE = {
. This way you will avoid any
confusion on future changes.
If you have made changes (so CELERY_BEAT_SCHEDULE = {
is uncommented, as well as some lines below it), we
recommend that you redefine the scheduled tasks by using the samples below, then delete the entire
CELERY_BEAT_SCHEDULE = {
section. Note that some tasks have changed their name, e.g.
'collect_traffic_data_task_every_15_minutes'
became 'collect_traffic_data'
. Use the names below.
Frequency of scheduled tasks is set by using the crontab
Celery function. For available options, see
crontab in Celery documentation.
For example, you may want to run “process clients” every minute: use crontab(minute='*')
. This makes sense in a
test installation and may be too frequent for a production Fleio installation.
Process clients task schedule¶
To adjust the frequency of “process clients” scheduled task, add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['process_clients_task_every_15_minutes'] = {
'task': 'Process clients task',
'schedule': crontab(minute='*/15')
}
crontab(minute='*/15')
means every 15 minutes.
If you want “process clients” to update prices for product billing cycles that have the Auto calculate prices checkbox checked, you need to enable it by adding the following line to settings.py.
UPDATE_RELATIVE_PRICES_BEFORE_PROCESSING_CLIENTS = True
Update currency exchange rate task schedule¶
To add a scheduled task that updates exchange rates at midnight, add this at the end of settings.py file:
# Enable automatic currency update
AUTO_UPDATE_EXCHANGE_RATES = True
CELERY_BEAT_SCHEDULE['update_exchange_rates'] = {
'task': 'Update exchange rates task',
'schedule': crontab(hour='0', minute='0')
}
Collect OpenStack traffic data task schedule¶
To enable scheduled OpenStack traffic data collection add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['collect_traffic_data'] = {
'task': 'Collect traffic data task',
'schedule': crontab(hour='*/6')
}
crontab(hour='*/6')
means every 6 hours.
Warning
Collect traffic data task will launch a subtask for each region. Each task will use a separate celery worker. If you have several regions and lots of instances on each region this may prevent other tasks from running until collect traffic data finishes. You should make sure you have more celery workers than regions to avoid this.
Scheduled backups task schedule¶
Scheduled backups task schedule is not enabled by default. If you are using the instance scheduled backup feature, you need to add the code below to enable it.
To enable scheduled backups that you or your end-users define on compute instances, add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['process_scheduled_backups'] = {
'task': 'Process scheduled backups task',
'schedule': crontab(minute='5,20,35,50')
}
crontab(minute='5,20,35,50')
translates to “run every hour at minutes 5, 20, 35 and 50”.
Database instance scheduled backups task schedule¶
Scheduled database instance backups task is not enabled by default. If you are using the database instance backup schedules feature, you need to add the code below to enable it.
To enable scheduled backups that you or your end-users define on database instances, add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['process_scheduled_dbaas_backups'] = {
'task': 'Process scheduled database instance backups task',
'schedule': crontab(minute='5,20,35,50')
}
crontab(minute='5,20,35,50')
translates to “run every hour at minutes 5, 20, 35 and 50”.
Delete expired HTTP sessions task schedule¶
To delete expired sessions from the database, add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['clear_expired_sessions_every_12_hours'] = {
'task': 'Clear expired sessions task',
'schedule': crontab(hour='*/12', minute='45')
}
crontab(hour='*/12', minute='45')
defines “run daily at 00:45 and at 12:45”.
Delete old logs task schedule¶
To delete old logs (based on policy defined in the staff panel Settings > General > ADVANCED SETTINGS tab), add at the end of settings.py file:
CELERY_BEAT_SCHEDULE['cleanup_old_logs_every_24_hours'] = {
'task': 'Cleanup old logs',
'schedule': crontab(hour='3', minute='30')
}
crontab(hour='3', minute='30')
runs the task nightly at 3:30.
Process referrals task schedule¶
This task processes referred clients and their referrers.
You must set this at the end of settings.py file in order for the “Process referrals task” scheduled task to run:
CELERY_BEAT_SCHEDULE['process_referrals'] = {
'task': 'Process referrals task',
'schedule': crontab(hour='*/12', minute='0')
}
crontab(hour='*/12', minute='0')
means “At minute 0 past every 12th hour”.
Note: clients are not processed unless you also enable the referral system from related section.
Update clients tax exempt status task schedule¶
This tasks connects to the VIES VAT ID’s database and checks if client’s VAT ID’s from Fleio database are still valid.
To adjust the frequency of “Update clients tax exempt” scheduled task, add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['update_clients_tax_exempt'] = {
'task': 'Update clients tax exempt',
'schedule': crontab(hour='*/12', minute='0')
}
crontab(hour='*/12', minute='0')
means “At minute 0 past every 12th hour”.
OpenStack hypervisors sync task schedule¶
To schedule OpenStack hypervisors sync add the lines below at the end of settings.py file.
This is useful when you frequently add hypervisors to your OpenStack cloud. Alternatively, you can run
fleio sync --hypervisors
at the console after you add a hypervisor in OpenStack, instead of this scheduled task.
CELERY_BEAT_SCHEDULE['sync_hypervisors'] = {
'task': 'Hypervisors background synchronization',
'schedule': crontab(minute='40')
}
crontab(minute='40')
runs every hour at minute 40.
Cleanup images task schedule¶
Cleanup images settings can be configured in configurations, OpenStack tab: Automatic images cleanup. To schedule images cleanup add the lines below at the end of settings.py file.
CELERY_BEAT_SCHEDULE['cleanup_images'] = {
'task': 'Cleanup images',
'schedule': crontab(hour='*/12', minute='0')
}
crontab(hour='*/12', minute='0')
means “At minute 0 past every 12th hour”.
Update domains task schedule¶
To add a scheduled task that updates domains data, add this at the end of settings.py file:
CELERY_BEAT_SCHEDULE['update_domains'] = {
'task': 'Update domains',
'schedule': crontab(minute='*/60')
}
crontab(minute='*/60')
means every 60 minutes.
Configure Celery task time limits¶
Celery tasks have time limits defined in seconds that are configurable. The soft time limit allows the task to catch an
exception to clean up before it is killed and the hard timeout force terminates the task. You may overwrite those in
settings.py
. Here are the default values defined in Fleio (values are in seconds):
CELERY_TASK_SOFT_TIME_LIMIT = 1200
CELERY_TASK_TIME_LIMIT = 1500
LONG_RUNNING_TASK_TIME_LIMIT = 36 * 3600
As you can see, the LONG_RUNNING_TASK_TIME_LIMIT has a value of 36 hours defined (36 * 3600 seconds). This is used for tasks that we expect to take much longer to finish than other tasks. Those using the longer limit are for example: ‘Process clients task’, ‘Update clients tax exempt’, ‘Cleanup old logs’, etc.
Configure password complexity requirements¶
Fleio handles the password complexity requirements using several variables that you may overwrite in settings.py
.
The default complexity is the following:
ENDUSER_PASSWORD_MIN_LEN = 8
ENDUSER_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
ENDUSER_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
ENDUSER_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
ENDUSER_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
ENDUSER_ROOT_PASSWORD_MIN_LEN = 8
ENDUSER_ROOT_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
ENDUSER_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
ENDUSER_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
ENDUSER_ROOT_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
STAFF_PASSWORD_MIN_LEN = 8
STAFF_PASSWORD_REGEXES = [
'[a-z]', # password should contain a lower case letter
'[A-Z]', # password should contain a upper case letter
'[0-9]', # password should contain a digit
r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
STAFF_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
STAFF_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
STAFF_ROOT_PASSWORD_MIN_LEN = 8
STAFF_ROOT_PASSWORD_REGEXES = [
# '[a-z]', # password should contain a lower case letter
# '[A-Z]', # password should contain a upper case letter
# '[0-9]', # password should contain a digit
# r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
STAFF_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
'Password should have at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
STAFF_ROOT_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)
Variables ending with _PASSWORD_REGEXES contain a list of regular expressions used for password validation. A password is considered valid if it matches all the regexes.
After you configure them by your needs you must restart the fleio
services. See Restarting Fleio.
Default OpenStack object names¶
Fleio creates a new security group for each client (OpenStack project) the first time an instance is created. And this new security group will be automatically added to all instances the end-user creates.
By default, this security group is called fleio and has description fleio. You can change the default name and description by adding these lines in your settings.py file:
# Name of the security group that is automatically created when the end-user creates the first instance
SECURITY_GROUP_NAME = 'fleio'
# Description of the same automatically created security group
SECURITY_GROUP_DESCRIPTION = 'fleio'
Default security group rules¶
Security groups are actually firewall rules in OpenStack. Though, the rules are not defined inside the virtual machine (instance), but on the networking layer (OpenStack Neutron project).
Fleio creates a security group automatically when the first instance is created for a client. To customize the name and the description of this security group see previous section.
The default Fleio security rules of this automatically created security group will allow all IPv4 and IPv6 traffic:
DEFAULT_IPV4_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
},
]
DEFAULT_IPV6_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
},
]
You can customize the two list of rules in your settings.py. Note that each of the two settings consists of a list of Python dictionaries. Each dictionary is a security rule.
You can find here the possible dictionary keys: https://github.com/openstack/neutron/blob/34448578cba471a0a4f1b49308eeb5c54009a725/neutron/db/securitygroups_db.py#L403
And a description of each key here: https://docs.openstack.org/python-openstackclient/train/cli/command-objects/security-group-rule.html
One dictionary key is a parameter of a security rule. For security group rules that uses ports you will have to specify the protocol type.
The most common security group rules are the following:
DEFAULT_IPV4_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '22',
'port_range_max': '22',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '80',
'port_range_max': '80',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '443',
'port_range_max': '443',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '0.0.0.0/0',
'port_range_min': '3389',
'port_range_max': '3389',
'protocol': 'tcp',
},
]
DEFAULT_IPV6_SECURITY_RULE_LIST = [
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '22',
'port_range_max': '22',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '80',
'port_range_max': '80',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '443',
'port_range_max': '443',
'protocol': 'tcp',
},
{
'direction': 'ingress',
'remote_ip_prefix': '::/0',
'ethertype': 'IPv6',
'port_range_min': '3389',
'port_range_max': '3389',
'protocol': 'tcp',
},
]
Note that you do not need to set security group for all outbound traffic (egress on 0.0.0.0/0 and ::/0) since these are created by default on each security group.
Default IP PTR record (reverse DNS)¶
Removed in version 2024.03.0.
Default PTR settings: PTR_DEFAULT_FORMAT
, PTR_DEFAULT_FORMAT_IPV6
, INVERSE_ADDRESS_ZONE_DEFAULT_EMAIL
and
PTR_RECORDS_FORCE_LOWERCASE
from settings.py are no longer used as they were moved to frontend in the
Settings -> OpenStack page on Defaults tab. Starting with Fleio version 2024.03, you must edit them
from related section.
Default user language¶
Default user language is set in Fleio to English. This means that whenever an end-user signs up, English is assigned to his account. In order to override this setting, add it to settings.py file like in the following example:
DEFAULT_USER_LANGUAGE = 'en'
Default message template language code¶
Email messages and notifications are sent to Fleio users in their chosen language. When a message template with the user
language is not found in Fleio, the template using the language defined in DEFAULT_MESSAGE_TEMPLATE_LANGUAGE_CODE
is
used. The setting defaults to English and in order to override that, add it to settings.py file
like in the following example:
# if you're going to modify this, make sure you have all current message templates translated in the new language
DEFAULT_MESSAGE_TEMPLATE_LANGUAGE_CODE = 'en'
Notifications logging settings¶
For debug purposes, you can enable logging of RabbitMQ notifications that Fleio receives from OpenStack.
You can define a list of strings in OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS
. When notification messages
are received, if the notification name contains any of the strings in the
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS
list, it will be logged. Notifications are logged in the
fleio_log
Docker volume. You can see the log content by entering the utils container with the fleio bash
command and then running cat /var/log/fleio/os_event_notifications.txt
.
Configuration example:
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'project']
# Will log event notification to /var/log/fleio/os_event_notifications.txt that contain or ar the same as the keywords
# defined here. Example: OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'snapshot.update.start', 'identity']
# Change OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE value to show whole notification or just a summary
If '*'
is specified, it will log all notification messages received from OpenStack. Note that this may generate a
high number of I/O operations on local storage. Therefore, it is not recommended to permanently have all notifications
logged in a busy production environment.
Here’s how you can use OpenStack notifications logging for debugging:
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['*'] # will log all notifications
By default, OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE
is False
and Fleio will simply log the notification
name. If you want to log the detailed JSON notification payload, then set:
OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE = True
MaxMind fraud check¶
Fleio can use MaxMind fraud detection to check new orders. In order tot be able to use MaxMind fraud detection you need to add the following settings in your settings.py file:
MAXMIND_CLIENTID = "<client id>"
MAXMIND_LICENSE = "<license>"
Replace <client id>
and <license>
in the above code with authentication details received from MaxMind.
Once these settings are added to settings.py
MaxMind fraud check can be enabled on a configuration basis. See
MaxMind fraud check configuration
Direct admin licensing module¶
In order to be able to use the Direct Admin licensing module you need to add the following dictionary in your settings.py file:
DIRECT_ADMIN = {
'CLIENT_UID': '<YOUR_DA_ACCOUNT_UID>',
'CLIENT_PASSWORD': '<YOUR_DA_ACCOUNT_PASSWORD>',
'REMOTE_HOST': 'https://www.directadmin.com',
'USER_AGENT': 'Fleio'
}
After that you need to go into the Staff -> Billing -> Products and define your DA license product. For that, you will
have to choose the DirectAdmin billing
module. On the DirectAdmin module configuration part, you will be able to
choose the license type.
OpenStack sync settings¶
Exclude backup volumes from sync¶
Added in version 2022.05.1.
During some operations (e.g. volume backup) OpenStack will create temporary, short-lived volumes that are of no interest. No notifications are generated for these volumes, and they will not usually be visible in Fleio however if you run sync with this setting set to False these volumes may be added to Fleio database. Enabling this setting will exclude volumes named backup-vol-UUID where UUID is a valid uuid during sync. This setting will only have effect if consumes_quota attribute is not available for volumes (cinder API ver < 3.65). If consume_quota attribute is available all volumes with consume_quota will be ignored during sync.
EXCLUDE_SYNC_RESLOG_BACKUP_TEMP_VOLUMES = False
Sync batch size¶
To change the number of OpenStack objects (e.g. compute instances or security groups) that are synced at once, add the
following variable to settings.py and adjust the value. A low value for
SYNC_FETCH_OBJECTS_BATCH_SIZE
is useful if your OpenStack API connection is slow and tends to time out.
SYNC_FETCH_OBJECTS_BATCH_SIZE = 100
Bind user sessions to IP address¶
Added in version 2022.11.0.
Fleio is able to bind user session to IP address so that the same authentication tokens (Fleio frontend token, Django session token) used by someone from a client IP address will not work when used from another IP address (user will be considered unauthenticated/logged out). This is the default behaviour and can be controlled separately for end-users and staff users by changing the following settings.
BIND_SESSION_IP_STAFF_USER = True
BIND_SESSION_IP_END_USER = True
Note that Fleio API tokens (FleioToken-s with frontend flag set to False) are not affected by these settings.
Enable Django admin¶
See Django admin.
Enable logging for incoming ticket emails¶
Allowing negative rule prices¶
To allow negative prices for OpenStack pricing rules set OSBILLING_NEGATIVE_PRICE_ALWAYS_ZERO to False. This setting will affect final rule price, after all filters and modifiers are applied.
If this is set to True if a rule has negative price it will be set to zero.
Load balancer cost estimate default amphorae count¶
When no flavor is selected on load balancer create form, OPENSTACK_LB_DEFAULT_AMPHORAE_COUNT is used for price estimation. You can override the default in settings.py file:
OPENSTACK_LB_DEFAULT_AMPHORAE_COUNT = 2