settings.py file

You can change Fleio options and behavior from the settings.py file as described below.

Note that, besides the backend settings described in this document, frontend settings are also available to personalize your installation.

Edit settings.py file

The settings.py file is specific to your Fleio installation and contains details like database connection parameters or features that are enabled/disabled in your case. We have implemented a model similar to inheritance, where we have common_settings.py and base_settings.py files with default settings for all Fleio installations and the options in the base file may be safely overwritten in settings.py.

Warning

Do not edit base_settings.py or common_settings.py. These files are overwritten during Fleio upgrades and your changes will be lost. Add your changes to settings.py, which is not overwritten on upgrades.

Still, you can see the content of common_settings.py and base_settings.py for your reference. Some advanced Fleio options may not be documented, this is when the source code comes in handy.

fleio bash cat /var/webapps/fleio/project/fleio/common_settings.py
fleio bash cat /var/webapps/fleio/project/fleio/base_settings.py

You can also display the content of settings.py:

fleio bash cat /var/webapps/fleio/project/fleio/fleiosettings/settings.py

To edit the Fleio settings file please use the following command:

fleio edit settings.py

On exit, press “Y” if you want to restart Fleio and apply changes immediately. Or press “n” if you plan to manually restart Fleio later.

Warning

Changes to the settings.py file only apply after the Fleio containers are restarted.

settings.py is stored in a Docker volume, and you can also access it with the Fleio utils container. Docker volumes are only accessible from within a Docker container. Here’s how you start bash in a temporarily created Docker container and show the full path to settings.py.

# launch the Fleio utils Docker container
fleio bash
# path of the settings file:
ls /var/webapps/fleio/project/fleio/fleiosettings/settings.py

Restarting Fleio

In order to restart Fleio you need to use the following command:

fleio restart

Django and DRF settings

The Fleio backend is built on Django web framework and Django REST framework. You can overwrite Django and DRF settings in the settings.py file, as well. Read about their available settings in the Django documentation and in the DRF documentation.

Fleio specific settings

Some advanced Fleio settings can only be changed by editing the settings file:

Email settings

See Email Settings.

ADMINS setting

By default, Fleio sends emails to ADMINS when errors occur. Errors may be caused by OpenStack API operations or by unhandled exceptions. This offers visibility to what happens in Fleio and administrators can take action to correct errors.

The error messages are not sent to the Fleio staff users because if the database server is down, the list of staff users cannot be read.

The same staff user details you fill in during Fleio install are added to ADMINS. You can edit editing settings and add or remove administrators like this:

ADMINS = (
    ('Jane Doe', 'jane@doe.com'),
    ('George Orwell', 'george@orwell.com'),
)

Emails sent to admins have the From field defined by the SERVER_EMAIL setting. See Email Settings.

Configure timezone

All dates and timestamps are saved on UTC timezone in the Fleio database. This makes things simpler and consistent between different Fleio installations.

The service billing cycles start at midnight on the TIME_ZONE configured in settings.py.

Most of the dates in the Fleio user interface are localized on the timezone of the user’s workstation operating system.

To change the time zone in settings.py, edit the following variable:

TIME_ZONE = 'UTC'

TIME_ZONE is initially set to the value you fill in when installing Fleio.

To find out more about TIME_ZONE, including valid values, see Django documentation.

How to add custom menu items and categories

You are able to customize your menu by adding top level menu options with links, menu options underneath existing categories or even add new categories with menu options. To do so, you just need to edit your settings.py.

You need to edit some settings (available for both end-user and staff panel). These settings are: CUSTOM_MENU_CATEGORIES_ENDUSER, CUSTOM_MENU_OPTIONS_ENDUSER, CUSTOM_MENU_CATEGORIES_STAFF, CUSTOM_MENU_OPTIONS_STAFF.

To add a category, follow this example:

CUSTOM_MENU_CATEGORIES_ENDUSER = {
    'Category one': {
        'main_feature': 'core',
        'location': 2,
    },
    'Category two': {
        'main_feature': 'core',
        'location': 3,
    }
}

You may condition the category by any existing feature name in fleio (more on that here). You can use the core feature if you want your category to be always visible (core feature is always enabled). Also note the location setting, which allows you to specify where in the menu should the category appear. Note that counting starts from 0. Also, you should be careful not to use the same location for more than 1 custom category because this may raise issues in your application.

To add a menu option underneath a menu category (already existing in fleio or one that you created like described above), you may use the CUSTOM_MENU_OPTIONS settings for end-user and staff like in the following example:

CUSTOM_MENU_OPTIONS_ENDUSER = [
    {
        'category': 'Category one',
        'label': 'Option one',
        'href': 'https://fleio.com',
        'open_in_new_tab': True,
        'icon_class': '',
        'icon': 'warning',
        'feature': 'core',
    },
    {
        'category': 'Billing',
        'label': 'Custom product',
        'href': 'https://fleio.com',
        'open_in_new_tab': True,
        'icon_class': '',
        'icon': 'product',
        'feature': 'billing',
        'location': 2,
    },
]

As you may notice, there are several settings that you can use. Use the category attribute to specify under what category the new menu option should be placed, use label attribute to specify what will be the menu option’s name, href attribute for redirecting to a custom link, open_in_new_tab to make users open the link in new tab when clicking it, icon for displaying an icon to the left and feature to condition this menu option by a fleio feature. You can choose the icon name from https://fonts.google.com/icons.

Again, you can use core feature to make sure it will appear forever. Also, you can use the location attribute just like you did for categories.

To add a top level menu option (it will not be under any category) add a new option in the CUSTOM_MENU_OPTIONS_ENDUSER setting just like above, but not using the category attribute. So, this may look like this:

CUSTOM_MENU_OPTIONS_ENDUSER = [
    {
        'label': 'Top level',
        'href': 'https://fleio.com',
        'open_in_new_tab': True,
        'icon_class': '',
        'icon': 'warning',
        'feature': 'core',
        'location': 6,
    },
]

For top level menu options, make sure their location is not the same with one defined for categories.

If you want to move the plugins position you can use the ENDUSER_PLUGINS_MENU_INSERT_INDEX variable. For example, if you want to make sure that the plugins (tickets and domains) are always at the bottom you need to add the following option in the settings.py file:

ENDUSER_PLUGINS_MENU_INSERT_INDEX = 1000

After editing the settings.py file, you must restart all the fleio services (see Restarting Fleio). If you are using the fleio edit settings.py command, you will be asked if you want to restart Fleio after saving any changes.

How to enable/disable features

Fleio allows you to enable or disable features for end-user and staff panel. When a feature is disabled, some user interface elements, like a menu option or a button, may be hidden.

There are two Python dictionaries that define the features in your Fleio installation:

  • FEATURES - dictionary defining end-user features

  • STAFF_FEATURES - dictionary that defines features available in the staff panel

The dictionary entries may have one of the two values:

  • True - feature is enabled

  • False - feature is disabled

Features toggles have a tree-like structure with child elements present after a dot (.) in feature strings. Disabling a top feature would disable all its children. For instance, setting 'openstack': False, would disable all features beneath, like 'openstack.instances', 'openstack.volumes', 'openstack.images' etc.

To enable or disable a feature you need edit the settings.py file. Here are a few examples added at the end of the settings.py file:

FEATURES['openstack.dns'] = False  # disable DNS zones management from end-user panel
FEATURES['openstack.routers'] = False  # disable routers menu option from end-user panel
FEATURES['plugins.tickets'] = False  # disable support tickets from end-user panel panel
FEATURES['openstack.dns.ptr'] = False  # disable PTR (or reverse DNS) link next to IPs on instance view
FEATURES['plugins.domains'] = False  # disable domain registration from end-user panel
FEATURES['billing.recurring_payments'] = True  # enable recurring payment options
FEATURES['clients&users.switch-client'] = True  # show switch client option the end-user panel
FEATURES['clients&users.signup'] = False  # do not allow end-users to self-sign-up
STAFF_FEATURES['plugins.tickets'] = False  # disable support tickets from staff panel
STAFF_FEATURES['plugins.domains'] = False  # disable domain registration from staff panel
STAFF_FEATURES['openstack.floatingips'] = True  # disable floating IPs in the staff panel

You can see the full list of available feature toggles in the following files.

Warning

Do not edit these files as they are updated on Fleio upgrades and you may lose your changes. You can use them for your reference, but only modify the settings.py file, which is specific to your installation and is not changed on Fleio upgrades.

  • fleio/common_settings.py

  • fleio/base_settings.py

Note that available features differ based on the Fleio edition you have installed (OpenStack Edition, Hosting Billing Edition or both). Use the following commands to see the content of these files:

fleio bash cat /var/webapps/fleio/project/fleio/common_settings.py
fleio bash cat /var/webapps/fleio/project/fleio/base_settings.py

Here’s how features are defined by default in the Fleio code as of version 2022.08.1.

Warning

Do not edit these files as they are overwritten on Fleio upgrades. You should only edit the settings.py file.

The content shown below is from Fleio release 2022.08.1 and it may not be up to date. To see the features available in your installation you can list the content of these files.

# fleio/common_settings.py file
# do not edit, use just for your reference

# feature toggles for the end-user panel, for all Fleio editions
FEATURES = {
    'demo': False,
    'enduser': True,
    'enduser.allow_changing_password': True,
    'billing': True,
    'billing.addcredit': True,
    'billing.credit_auto_invoicing': True,
    'billing.credit_estimate': True,
    'billing.history': True,
    'billing.invoices': True,
    'billing.order': True,
    'billing.pdf': True,
    'billing.services': True,
    'billing.recurring_payments': False,
    'clients&users.api_tokens': True,
    'clients&users.clients': True,
    'clients&users.clients.allow_country_change': True,
    'logger.email-message-log': True,
    'clients&users.invitations': True,
    'clients&users.roles': True,
    'clients&users.signup': True,
    'clients&users.users': True,
    'clients&users.userprofile': True,
    'clients&users.second_factor_auth': True,
    'clients&users.second_factor_auth.google_authenticator': True,
    'clients&users.second_factor_auth.sms_authenticator': True,
    'clients&users.switch-client': True,
    'dashboard': True,
    'notifications': True,
    'plugins': True,
    'plugins.cpanel': True,
    'plugins.todo': True,
    'utils': True,
    'utils.operations': True,
}

# feature toggles for the staff panel, for all Fleio editions
STAFF_FEATURES = {
    'demo': False,
    'staff': True,
    'billing': True,
    'billing.external_billing': True,
    'billing.gateways': True,
    'billing.journal': True,
    'billing.invoices': True,
    'billing.orders': True,
    'billing.products': True,
    'billing.pdf': True,
    'billing.services': True,
    'billing.history': True,
    'billing.service-cycles': True,
    'billing.taxrules': True,
    'billing.transactions': True,
    'billing.reporting': True,
    'clients&users.api_tokens': True,
    'clients&users.clients': True,
    'clients&users.mass-mail': True,
    'clients&users.roles': True,
    'clients&users.clients.reset_usage': False,
    'clients&users.clientgroups': True,
    'clients&users.userprofile': True,
    'clients&users.users': True,
    'clients&users.usergroups': True,
    'clients&users.second_factor_auth': True,
    'clients&users.second_factor_auth.google_authenticator': True,
    'clients&users.second_factor_auth.sms_authenticator': True,
    'dashboard': True,
    'app-status': True,
    'logger': True,
    'logger.periodic_task_log': True,
    'logger.email-message-log': True,
    'notifications': True,
    'notifications.send': True,
    'plugins': True,
    'plugins.cpanel': True,
    'plugins.todo': True,
    'settings': True,
    'settings.general': True,
    'settings.general.single-sign-on': True,
    'settings.configurations': True,
    'settings.authorization': True,
    'settings.message_templates': True,
    'utils': True,
    'utils.activitylog': True,
    'utils.operations': True,
    'utils.tasklog': True,
    'utils.reports': True,
    'utils.reports.yearly_revenue': True,
}

Besides the common_settings.py file features are also defined in base_settings.py:

# fleio/common_settings.py file
# do not edit, use just for your reference

# feature toggles for the end-user panel, for full Fleio edition
# Some of the features may be missing in your installation if you have a OpenStack Edition or Hosting Billing
# Edition license, instead of full license
FEATURES.update({
    'openstack': True,
    'openstack.apiusers': True,
    'openstack.cleanup': True,
    'openstack.cleanup.images': True,
    'openstack.cleanup.images.showdate': True,
    'openstack.coe.clusters': True,
    'openstack.coe.clusters.create.master_lb_flag': False,
    'openstack.coe.clusters.create.show_price': True,
    'openstack.coe.cluster_templates': True,
    'openstack.coe.cluster_templates.manage_cluster_templates': True,
    'openstack.dbaas': True,
    'openstack.dbaas.availability_zones': True,
    'openstack.dbaas.replicas': True,
    'openstack.dbaas.backups': True,
    'openstack.dbaas.backup-schedules': True,
    'openstack.dbaas.manage-root-access': True,
    'openstack.dbaas.show-price-on-create': True,
    'openstack.dns.ptr': True,
    'openstack.dns.zones': True,
    'openstack.flavors': True,
    'openstack.floatingips': True,
    'openstack.floatingips.show-price-on-create': True,
    'openstack.images': True,
    'openstack.images.copy': True,
    'openstack.images.download': True,
    'openstack.images.file_uploads': True,
    'openstack.images.updatecreate': True,
    'openstack.images.show-price-on-create': True,
    'openstack.images.showcommunity': True,
    'openstack.images.showshared': True,
    'openstack.instances': True,
    'openstack.instances.allow_changing_password': True,
    'openstack.instances.availability_zones': False,
    'openstack.instances.create-multiple': True,
    'openstack.instances.show-price-on-create': True,
    'openstack.instances.rescue': True,
    'openstack.instances.resize.allow_resize_to_less_disk_space': True,
    'openstack.instances.resize.show-price': True,
    'openstack.instances.show_hypervisors': True,
    'openstack.instances.snapshots': True,
    'openstack.instances.snapshots.pricing': True,
    'openstack.instances.shelving': True,
    'openstack.instances.traffic': True,
    'openstack.instances.networking.edit': True,
    'openstack.instances.networking.ip-details': False,
    'openstack.lbaas': True,
    'openstack.lbaas.show-ip-address-input': False,
    'openstack.lbaas.availability_zones': False,
    'openstack.lbaas.show-region-select': True,
    'openstack.lbaas.show-price-on-create': True,
    'openstack.networks': True,
    'openstack.networks.availability_zones': False,
    'openstack.networks.display_external_networks': True,
    'openstack.networks.display_shared_networks': True,
    'openstack.networks.auto_create_network': True,
    'openstack.osbackup': True,
    'openstack.osbackup.pricing': True,
    'openstack.osbackup.schedules': True,
    'openstack.ports': True,
    'openstack.ports.manage_public_network_related_ports': False,
    'openstack.projects': True,
    'openstack.routers': True,
    'openstack.routers.availability_zones': False,
    'openstack.securitygroups': True,
    'openstack.sshkeys': True,
    'openstack.subnetpools': True,
    'openstack.volumes': True,
    'openstack.volumes.availability_zones': False,
    'openstack.volumes.backups': True,
    'openstack.volumes.backups.show-price-on-create': True,
    'openstack.volumes.show-price-on-create': True,
    'openstack.volumes.snapshots': True,
    'openstack.volumes.snapshots.show-price-on-create': True,
    'openstack.volumes.boot': True,
    'openstack.object-store': True,
    'openstack.object-store.show-region-select': True,
    'openstack.orchestration.heat-stacks': True,
    'openstack.orchestration.heat-resource-types': True,
    'openstack.orchestration.heat-template-versions': True,
    'plugins.tickets': True,
    'plugins.cpanelserver': True,
    'plugins.domains': True,
    'plugins.directadmin': True,
})

# feature toggles for the end-user panel, for full Fleio edition
# Some of the features may be missing in your installation if you have a OpenStack Edition or Hosting Billing
# Edition license, instead of full license
STAFF_FEATURES.update({
    'openstack': True,
    'openstack.apiusers': True,
    'openstack.cleanup': True,
    'openstack.cleanup.images': True,
    'openstack.cleanup.images.showdate': True,
    'openstack.coe.clusters': True,
    'openstack.coe.clusters.create.master_lb_flag': False,
    'openstack.coe.clusters.create.show_price': True,
    'openstack.coe.cluster_templates': True,
    'openstack.dbaas': True,
    'openstack.dbaas.availability_zones': True,
    'openstack.dbaas.replicas': True,
    'openstack.dbaas.backups': True,
    'openstack.dbaas.backup-schedules': True,
    'openstack.dbaas.manage-root-access': True,
    'openstack.dbaas.show-price-on-create': True,
    'openstack.dns.ptr': True,
    'openstack.dns.zones': True,
    'openstack.flavors': True,
    'openstack.floatingips': True,
    'openstack.floatingips.show-price-on-create': True,
    'openstack.hypervisors': True,
    'openstack.images': True,
    'openstack.images.copy': True,
    'openstack.images.download': True,
    'openstack.images.file_uploads': True,
    'openstack.images.shareoncreate': True,
    'openstack.images.showcommunity': True,
    'openstack.images.showshared': True,
    'openstack.images.updatecreate': True,
    'openstack.instances': True,
    'openstack.instances.allow_changing_password': True,
    'openstack.instances.availability_zones': False,
    'openstack.instances.create-multiple': True,
    'openstack.instances.show-price-on-create': True,
    'openstack.instances.rescue': True,
    'openstack.instances.resize.show-price': True,
    'openstack.instances.snapshots': True,
    'openstack.instances.snapshots.pricing': True,
    'openstack.instances.shelving': True,
    'openstack.instances.traffic': True,
    'openstack.instances.networking.ip-details': False,
    'openstack.networks': True,
    'openstack.networks.availability_zones': False,
    'openstack.networks.auto_create_network': True,
    'openstack.ports': True,
    'openstack.projects': True,
    'openstack.rbac_policies': True,
    'openstack.routers': True,
    'openstack.routers.availability_zones': False,
    'openstack.securitygroups': True,
    'openstack.sshkeys': True,
    'openstack.subnetpools': True,
    'openstack.subnets': True,
    'openstack.volumes': True,
    'openstack.volumes.availability_zones': False,
    'openstack.volumes.backups': True,
    'openstack.volumes.backups.show-price-on-create': True,
    'openstack.volumes.show-price-on-create': True,
    'openstack.volumes.snapshots': True,
    'openstack.volumes.snapshots.show-price-on-create': True,
    'openstack.volumes.types': True,
    'openstack.volumes.boot': True,
    'openstack.osbackup': True,
    'openstack.osbackup.pricing': True,
    'openstack.osbackup.schedules': True,
    'openstack.settings': True,
    'openstack.plans': True,
    'plugins.cpanelserver': True,
    'plugins.domains': True,
    'plugins.directadmin': True,
    'plugins.tickets': True,
    'servers': True,
    'utils.reports.estimated_instance_monthly_revenue': True,
})

End-user features explained

  • demo - enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.

  • enduser - feature is only available in the end-user panel, used to differentiate between enduser and staff

  • enduser.allow_changing_password - when set to False end-users are not allowed to change their password, through Forgot password link or Edit user profile

  • billing.addcredit - enables the Add credit button on dashboard

  • billing.credit_auto_invoicing - enables the auto invoicing feature

  • billing.credit_estimate - enables the credit estimate feature

  • billing.history - enables billing history page

  • billing.invoices - enables invoice functionality, this may be needed for Add credit

  • billing.order - enables order functionality allowing end user to order services

  • billing.pdf - enables pdf generation for invoices

  • billing.services - enables services view for end user, the user will be able to view and edit services

  • billing.recurring_payments - enables recurring payments

  • clients&users.api_tokens - enables management of API tokens from frontend in my profile section for end-users, and on user details for staff users.

  • clients&users.clients - enables client feature for end users allowing to add or edit of clients

  • clients&users.clients.allow_country_change - allow clients to change the country

  • clients&users.invitations - enables the user invitation feature

  • clients&users.roles - enables the user roles feature

  • clients&users.second_factor_auth - enable second factor authentication(SFA) for end users

  • clients&users.second_factor_auth.google_authenticator - enables google authenticator SFA method

  • clients&users.second_factor_auth.sms_authenticator - enables sms authenticator SFA method

  • clients&users.switch-client - enables the switch active client feature

  • clients&users.signup - enables signup for end users. If this is disabled, users can only be added by staff users or via the Fleio API

  • clients&users.userprofile - enables used profile editing for end users

  • dashboard- when disabled the dashboard page will be empty

  • notifications - enables notifications for end user

  • openstack - enables child OpenStack features. When this is False, all OpenStack functionality is disabled.

  • openstack.apiusers - enables OpenStack API user management

  • openstack.cleanup - enables OpenStack objects cleanup

  • openstack.cleanup.images - when enabled user uploaded images are automatically deleted in X days

  • openstack.cleanup.images.showdate - show the date when the user uploaded image will be automatically deleted

  • openstack.coe.clusters - enables OpenStack Magnum cluster management

  • openstack.coe.clusters.create.master_lb_flag - enables the Master LB flag on the cluster create form

  • openstack.coe.clusters.create.show_price - will show the estimated price on the cluster create form

  • openstack.coe.cluster_templates - enables OpenStack Magnum cluster template management

  • openstack.coe.cluster_templates.manage_cluster_templates - allows the end user to manage and update clusters template

  • openstack.dbaas - enables OpenStack Trove database management

  • openstack.dbaas.availability_zones - enables availability zones for OpenStack Trove

  • openstack.dbaas.replicas - enables replicas for OpenStack Trove

  • openstack.dbaas.backups - enables backup support and shows a “Backups” tab on database instance details

  • 'openstack.dbaas.backup-schedules - enables backup schedules support and shows a “Backup schedules” tab on database instance details

  • openstack.dbaas.manage-root-access - enables support for managing root access and shows the “Root access” tab on database instance details

  • openstack.dbaas.show-price-on-create - will show the estimated price on database instance create

  • openstack.dns.ptr - enables dns ptr record editing for instances

  • openstack.dns.zones - enables dns zones editing

  • openstack.floatingips - enables floating IPs management for end users

  • openstack.floatingips.show-price-on-create - will show the estimated price on floating IP create

  • openstack.images - enables My images feature for end users where users can see snapshots and upload images

  • openstack.images.copy - enables the image copy to other regions feature

  • openstack.images.createupdate - enable create and update of images in My images page

  • openstack.images.file_uploads - allow end user to upload images using files as source

  • openstack.images.showcommunity - show community images, on separate tab, in create instance form

  • openstack.images.showshared - show shared images in create instance form

  • openstack.images.show-price-on-create - show the estimated price on image create form

  • openstack.images.download - allows the end user to download images

  • openstack.instances - enables management of instances for end users

  • openstack.instances.allow_changing_password - enables and shows the instance menu option Change password

  • openstack.instances.availability_zones - enables the availability zone dropdown on instance create form

  • openstack.instances.snapshots - allows instance snapshots. This feature may require openstack.images to be enabled

  • openstack.instances.snapshots.pricing - shows the estimated price for instance snapshots

  • openstack.instances.shelving - enables instance shelving feature

  • openstack.instances.show_hypervisors - enables the display of hypervisors name on instance details

  • openstack.instances.create-multiple - allows selecting the number of instances on create

  • openstack.instances.show-price-on-create - show the estimated price on the instance create form

  • openstack.instances.rescue - enables the instance rescue feature

  • openstack.instances.resize.allow_resize_to_less_disk_space - allow resizing of instances to flavors with less disk space

  • openstack.instances.resize.show-price - show the estimated price on the instance resize form

  • openstack.instances.traffic - enables instance traffic monitoring and billing functionality

  • openstack.instances.networking.edit - enables networking tab for end user. This feature may require openstack.ports to be enabled

  • openstack.instances.networking.ip-details - shows details about IP addresses (gateway, subnet mask …)

  • openstack.lbaas - enables the load balancers feature

  • openstack.lbaas.show-ip-address-input - enables IP address input when creating a new load balancer

  • openstack.lbaas.availability_zones - enables availability zone select when creating a load balancer

  • openstack.lbaas.show-region-select - shows region selector on load balancer list

  • openstack.lbaas.show-price-on-create - shows price estimation on load balancer create form

  • openstack.networks - enables networks management for end users

  • openstack.networks.availability_zones - enables the availability zones dropdown on network create form

  • openstack.networks.auto_create_network - enables auto creation of networks

  • openstack.networks.display_external_networks - displays external networks. This only applies to current user’s networks

  • openstack.networks.display_shared_networks - displays shared networks created by current end-user or by other end-users.

  • openstack.ports.manage_public_network_related_ports - allows end user to edit his ports that are public

  • openstack.routers - allow end-users to create and manage network routers

  • openstack.routers.availability_zones - enables the availability zone dropdown on router create form

  • openstack.securitygroups - enables security groups management for end users

  • openstack.sshkeys - enables SSH key management for end users

  • openstack.subnetpools - enables management of subnet pools for end users

  • openstack.volumes - enables management of volumes for end users

  • openstack.volumes.show-price-on-create - show the estimated price on volume create form

  • openstack.volumes.availability_zones - enables the availability zones dropdown on volume create form

  • openstack.volumes.backups - enables volume backup management

  • openstack.volumes.backups.show-price-on-create - show the estimated price on volume backup create form

  • openstack.volumes.boot - show the boot from volume feature on instance create form

  • openstack.volumes.snapshots - enables the volume snapshot feature

  • openstack.volumes.snapshots.show-price-on-create - show the estimated price on volume snapshot create form

  • openstack.osbackup - enables server backup functionality for end users

  • openstack.osbackup.pricing - show the estimated price on server backup

  • openstack.osbackup.schedules - allow end-users to edit backup schedule

  • openstack.object-store - enables the object store feature

  • openstack.orchestration.heat-stacks - enables the heat stacks

  • openstack.orchestration.heat-resource-types - enables the heat resource types

  • openstack.orchestration.heat-template-versions - enables the heat template versions

  • plugins - when False all below plugins will be disabled

  • plugins.todo - enables the TODO plugin

  • plugins.tickets - enables support tickets functionality

  • plugins.cpanel - enables cPanel functionality

  • plugins.cpanelserver - enables cPanel server functionality

  • plugins.domains - enables domain name registration and management

  • utils - enables the utils feature

  • utils.operations - enables the operations feature

Added in version 2022.05.1.

  • openstack.object-store.show-region-select - enables the region select dropdown on the object store view

Staff user features explained

  • demo - enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.

  • staff - feature is only available in the staff panel, used to differentiate between end user and staff

  • billing - when True, enables billing features; when False disables all features that start with billing. ...

  • billing.gateways - enables gateways functionality for staff

  • billing.journal - enables journal viewer for staff

  • billing.invoices - enables invoice management for staff

  • billing.orders - enables order management for staff

  • billing.reporting - enables the reporting feature

  • billing.products - enables products management for staff

  • billing.pdf - enabled pdf generation for invoices

  • billing.services - enables services management for staff

  • billing.service-cycles - enables the service cycles tab on services

  • billing.taxrules - enables tax rules management for staff

  • billing.transactions - enables transactions functionality

  • clients&users.clients - enables clients management for staff

  • clients&users.users - enables users management for staff

  • clients&users.userprofile - enables used profile editing for staff

  • clients&users.second_factor_auth - enable second factor authentication(SFA) for end users

  • clients&users.second_factor_auth.google_authenticator - enables google authenticator SFA method

  • clients&users.second_factor_auth.sms_authenticator - enables sms authenticator SFA method

  • clients&users.roles - enables the user roles management

  • clients&users.clientgroups - enables client groups management for staff

  • clients&users.usergroups - enables user group management for staff

  • clients&users.clients.reset_usage - enables the reset usage feature

  • dashboard- when disabled the dashboard page will be empty

  • app-status - shows App services on staff dashboard

  • openstack.apiusers - enables OpenStack API user management

  • openstack.cleanup - enables OpenStack objects cleanup

  • openstack.cleanup.images - enables automatic deletion of user uploaded images after X days

  • openstack.cleanup.images.showdate - show the date when the user uploaded images will be automatically deleted

  • openstack.coe.clusters - enables OpenStack Magnum cluster management

  • openstack.coe.cluster_templates - enables OpenStack Magnum cluster template management

  • openstack.coe.clusters.create.master_lb_flag - enables the Master LB flag on cluster create form

  • openstack.coe.clusters.create.show_price - shows the estimated price on the cluster create form

  • openstack.dbaas - enables OpenStack Trove database management

  • openstack.dbaas.availability_zones - enables availability zones for OpenStack Trove

  • openstack.dbaas.replicas - enables replicas for OpenStack Trove

  • openstack.dns.ptr - enables DNS PTR record editing for instances

  • openstack.dns.zones - enables DNS zone editing

  • openstack.flavors - enables flavors management

  • openstack.floatingips - enables floating IPs management for staff

  • openstack.floatingips.show-price-on-create - shows the estimated price on floating IP create form

  • openstack.images - enables Image management for staff where staff users can see snapshots and upload images

  • openstack.images.copy - enables the image copy to other regions feature

  • openstack.images.download - allow staff users to download images

  • openstack.images.file_upload - allow staff users to upload images from files

  • openstack.images.shareoncreate - enables instance creation based on an image from another project. The image will be shared between projects.

  • openstack.images.showcommunity - show community images, on separate tab, in create instance form

  • openstack.images.showshared - show shared images in create instance form

  • openstack.instances - enables management of instances for staff

  • openstack.instances.availability_zones - enables availability zones dropdown menu on instance crate form

  • openstack.instances.create-multiple - allows selecting the number of instances on create

  • openstack.instances.show-price-on-create - show the price on instance create form

  • openstack.instances.rescue - enables the instance rescue feature

  • openstack.instances.resize.show-price – show the estimated price on instance resize form

  • openstack.instances.allow_changing_password - enables and shows the instance menu option Change password

  • openstack.instances.snapshots - allows instance snapshots. This feature may require openstack.images to be enabled

  • openstack.instances.snapshots.pricing - show the estimated price on instance snapshot create form

  • openstack.instances.shelving - enables instance shelving feature

  • openstack.instances.traffic - enables instance traffic monitoring and billing functionality

  • openstack.networks - enables networks management for staff

  • openstack.networks.availability_zones - enables the availability zones dropdown on network create form

  • openstack.networks.auto_create_network - enables the auto create network feature

  • openstack.ports - enables ports management for staff

  • openstack.projects - enables project management for staff

  • openstack.rbac_policies - enables RBAC policies management for staff

  • openstack.routers - enables routers management for staff

  • openstack.routers.availability_zones - enables the availability zones dropdown on router create form

  • openstack.securitygroups - enables security groups management for staff

  • openstack.sshkeys - enables ssh key management for staff

  • openstack.subnetpools - enables management of subnet pools for staff

  • openstack.subnets - enables subnet management for staff

  • openstack.volumes - enables management of volumes for staff

  • openstack.volumes.availability_zones - enables the availability zones dropdown on volume create form

  • openstack.volumes.show-price-on-create - show the estimated price on volume create form

  • openstack.volumes.backups - enables volume backup management

  • openstack.volumes.backups.show-price-on-create - show the estimated price on volume backup create form

  • openstack.volumes.snapshots- enables the volume snapshot feature

  • openstack.volumes.snapshots.show-price-on-create - show the estimated price on volume snapshot create form

  • openstack.volumes.types - enables the volumes type feature

  • openstack.volumes.boot - allow staff users mark volume as bootable

  • openstack.osbackup - enables backup of instances

  • openstack.osbackup.schedules - allow staff users to edit backup schedule

  • openstack.osbackup.pricing - show the estimated price on server backup

  • openstack.settings - enables OpenStack settings on staff panel

  • openstack.plans - enables management of OpenStack pricing plans

  • plugins - when False all below plugins will be disabled

  • plugins.todo - enables the TODO plugin

  • plugins.tickets - enables support tickets functionality

  • plugins.cpanel - enables cPanel functionality

  • plugins.cpanelserver - enables cPanel server functionality

  • plugins.domains - enables domain name registration and management

  • settings - disables all settings

  • settings.general - enables general settings on staff panel

  • settings.general.single-sign-on - enables single sign-on tab in general settings on staff panel

  • settings.configurations - enables management of configurations

  • settings.authorization - enables authorization frontend for staff

  • settings.message_templates - enables message templates frontend for staff

  • utils - when False disables Utils menu group and functionality

  • utils.activitylog - enables activity log viewer on staff page

  • utils.tasklog - enables task log viewer on staff page

  • utils.reports - enables reports

  • utils.reports.yearly_revenue - enables the yearly revenue report

  • utils.operations - enables operations view

  • servers - enables servers feature

  • servers - enables shared hosting servers management

  • notifications.send - enables important staff notifications (currently for invoices and new orders)

Override enduser features

End user features can be overridden for end users based on client group using the OVERRIDE_FEATURES setting. For example if you want to disable billing.addcredit for clients belonging to client group group1 your OVERRIDE_FEATURES settings should look like this:

OVERRIDE_FEATURES = {
    'group1': {
        'billing.addcredit': False
    }
}

Note that the override features are only applied in frontend and only in the end-user panel.

Customize user session expiry time

The end-user and staff authentication sessions expire after a certain period of time. This period can be configured by editing settings.py and adding one of the following variables:

# Number of seconds in which the end-user authentication session expires when "Remember me" is disabled
ENDUSER_SHORT_SESSION_SECONDS = 3600 * 24 # 24 hours
# Number of seconds in which the end-user authentication session expires when "Remember me" is enabled
ENDUSER_LONG_SESSION_SECONDS = 3600 * 24 * 60  # 60 days

# Number of seconds in which the staff user authentication session expires when "Remember me" is disabled
STAFF_SHORT_SESSION_SECONDS = 3600 * 24  # 24 hours
# Number of seconds in which the staff user authentication session expires when "Remember me" is enabled
STAFF_LONG_SESSION_SECONDS = 3600 * 24 * 60  # 60 days

Configure custom add credit URL

You can use an external link, if you are using another system (like WHMCS) to handle invoicing and credit card payments rather than fleio. You can customize the add credit URL which will reflect in several places including the one in end-user dashboard. This will also be used when sending email notifications regarding client having low credit and being out of credit or on the end-user cloud resources create form when the client has a credit amount lower than the one required to create new resources (configurable from the fleio configurations)

Edit settings.py and add:

# Leave empty to use the default add credit URL of Fleio
# fill in 'client_group_name': 'http://url...' pairs when using an external billing
# when the dictionary has a single entry it will be used regardless of the 'client_group_name'
ADD_CREDIT_URLS = {}

Currency exchange settings

Fleio can update the currency exchange rate using one of the following connectors:

  • European Central Bank connector: ECBConnector relative to EUR currency

  • Romanian National Bank connector: BNRConnector relative to RON currency

  • Ukraine Bank connector: UAConnector relative to UAH currency

Configure the connector by adding the lines below to settings.py. By default, ECBconnector connector is used and automatic exchange rate update is not enabled:

# Possible connector values: 'ECBConnector', 'BNRConnector' or 'UAConnector'
# When set to None, 'ECBconnector' is used by default
DEFAULT_EXCHANGE_RATE_CONNECTOR = None
# Set value below to True to enable automatic exchange rate update. Also requires scheduled task enablement.
AUTO_UPDATE_EXCHANGE_RATES = False

To update currency exchange rates automatically, enable Update currency exchange rate task schedule.

OpenStack pricing rule settings

OpenStack pricing rule price decimals can be configured by updating INTER_PRICE_DECIMAL_PLACES. Default value is 9, we do not recommend using a value greater than 9 since the least significant decimals may be ignored.

You can also configure minimum price per pricing rule by changing OSBILLING_MINIMUM_PRICE_PER_RULE. Default value of 0.01 means any rule that applies to a resource will generate a price of at least 0.01 in the rule currency.

Note

Note that the OSBILLING_MINIMUM_PRICE_PER_RULE setting will apply to all pricing rules and resources, except on the resources from the pricing rules that have the pricing rule for free setting (e.g. instance IPs).

SSO_MAX_AGE

External billing systems, like WHMCS, generate single sign-on URLs. For security reasons, SSO URLs contain a timestamp from the moment they were generated.

SSO_MAX_AGE specifies after how many seconds, from the generation time, the single sign-on URL expires.

If single sign-on ULR is expired, it won’t work anymore.

PROXY_SETTINGS

If you are behind a proxy server, you must set this variable, to access the licensing server for setting the license.

Set it to: PROXY_SETTINGS = {‘https’: ‘<ip>:<port>’, }. For example:

PROXY_SETTINGS = {'https': '10.10.1.11:1080', }

Adjusting throttle rates

To protect against brute force or denial-of-service attacks, Fleio uses the throttling mechanism provided by the Django REST framework.

Here is an examples of how to change the limit rates. Lines below would be added to the settings.py file:

REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['signup'] = '10/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['password_reset'] = '100/hour'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['resend_email_verification'] = '100/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['accept_client_invitation'] = '100/day'
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['send_client_invitation'] = '50/day'

You can see the default throttling rates and the values that you can adjust by listing the content of common_settings.py.

Warning

Do not assign a value directly to REST_FRAMEWORK (e.g. REST_FRAMEWORK = ...). This will overwrite any additions to REST_FRAMEWORK in future Fleio upgrades. Assign individual dictionary keys instead, like REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['signup'] = '10/day'.

Note

Do not edit common_settings.py as it is overwritten on Fleio upgrades. Only edit the settings.py file.

The content shown below is from Fleio release 2022.08.1 and it may not be up to date. To see the default throttling values for your version, list the content of common_settings.py.

# code from common_settings.py
# do not edit common_settings.py

REST_FRAMEWORK = {
    # ...
    'DEFAULT_THROTTLE_RATES': {
        'login': '60/hour',
        'django_admin': '60/hour',
        'signup': '2/day',
        'confirm_email': '100/day',
        'resend_email_verification': '100/day',
        'password_reset': '10/hour',
        'gateway_callback': '1000/hour',
        'anonymous_sms_authenticator': '60/hour',
        'sms_sending': '15/hour',
        'ticket_attachments_create': '100/day',
        'accept_client_invitation': '100/day',
        'send_client_invitation': '50/day',
    },
    # ...
}

Adjusting the celery beat tasks schedule

To change the time interval at which scheduled tasks run or to enable some scheduled tasks that are disabled by default, you need to add lines at the end of the settings.py file.

Note

If you initially installed Fleio before the 2022.11.0 release, you will have several lines in settings.py that start with # CELERY_BEAT_SCHEDULE = { or CELERY_BEAT_SCHEDULE = {.

If all the lines are commented (you haven’t made any adjustment until now to task schedule), it’s best to remove all commented lines (about 30 lines) starting with # CELERY_BEAT_SCHEDULE = {. This way you will avoid any confusion on future changes.

If you have made changes (so CELERY_BEAT_SCHEDULE = { is uncommented, as well as some lines below it), we recommend that you redefine the scheduled tasks by using the samples below, then delete the entire CELERY_BEAT_SCHEDULE = { section. Note that some tasks have changed their name, e.g. 'collect_traffic_data_task_every_15_minutes' became 'collect_traffic_data'. Use the names below.

Frequency of scheduled tasks is set by using the crontab Celery function. For available options, see crontab in Celery documentation.

For example, you may want to run “process clients” every minute: use crontab(minute='*'). This makes sense in a test installation and may be too frequent for a production Fleio installation.

Process clients task schedule

To adjust the frequency of “process clients” scheduled task, add this at the end of settings.py file:

CELERY_BEAT_SCHEDULE['process_clients_task_every_15_minutes'] = {
    'task': 'Process clients task',
    'schedule': crontab(minute='*/15')
}

crontab(minute='*/15') means every 15 minutes.

If you want “process clients” to update prices for product billing cycles that have the Auto calculate prices checkbox checked, you need to enable it by adding the following line to settings.py.

UPDATE_RELATIVE_PRICES_BEFORE_PROCESSING_CLIENTS = True

Update currency exchange rate task schedule

To add a scheduled task that updates exchange rates at midnight, add this at the end of settings.py file:

# Enable automatic currency update
AUTO_UPDATE_EXCHANGE_RATES = True

CELERY_BEAT_SCHEDULE['update_exchange_rates'] = {
    'task': 'Update exchange rates task',
    'schedule': crontab(hour='0', minute='0')
}

Collect OpenStack traffic data task schedule

To enable scheduled OpenStack traffic data collection add this at the end of settings.py file:

CELERY_BEAT_SCHEDULE['collect_traffic_data'] = {
    'task': 'Collect traffic data task',
    'schedule': crontab(hour='*/6')
}

crontab(hour='*/6') means every 6 hours.

Warning

Collect traffic data task will launch a subtask for each region. Each task will use a separate celery worker. If you have several regions and lots of instances on each region this may prevent other tasks from running until collect traffic data finishes. You should make sure you have more celery workers than regions to avoid this.

Scheduled backups task schedule

Scheduled backups task schedule is not enabled by default. If you are using the instance scheduled backup feature, you need to add the code below to enable it.

To enable scheduled backups that you or your end-users define on compute instances, add this at the end of settings.py file:

CELERY_BEAT_SCHEDULE['process_scheduled_backups'] = {
    'task': 'Process scheduled backups task',
    'schedule': crontab(minute='5,20,35,50')
}

crontab(minute='5,20,35,50') translates to “run every hour at minutes 5, 20, 35 and 50”.

Database instance scheduled backups task schedule

Scheduled database instance backups task is not enabled by default. If you are using the database instance backup schedules feature, you need to add the code below to enable it.

To enable scheduled backups that you or your end-users define on database instances, add this at the end of settings.py file:

CELERY_BEAT_SCHEDULE['process_scheduled_dbaas_backups'] = {
    'task': 'Process scheduled database instance backups task',
    'schedule': crontab(minute='5,20,35,50')
}

crontab(minute='5,20,35,50') translates to “run every hour at minutes 5, 20, 35 and 50”.

Delete expired HTTP sessions task schedule

To delete expired sessions from the database, add this at the end of settings.py file:

CELERY_BEAT_SCHEDULE['clear_expired_sessions_every_12_hours'] = {
    'task': 'Clear expired sessions task',
    'schedule': crontab(hour='*/12', minute='45')
}

crontab(hour='*/12', minute='45') defines “run daily at 00:45 and at 12:45”.

Delete old logs task schedule

To delete old logs (based on policy defined in the staff panel Settings > General > ADVANCED SETTINGS tab), add at the end of settings.py file:

CELERY_BEAT_SCHEDULE['cleanup_old_logs_every_24_hours'] = {
    'task': 'Cleanup old logs',
    'schedule': crontab(hour='3', minute='30')
}

crontab(hour='3', minute='30') runs the task nightly at 3:30.

Process referrals task schedule

This task processes referred clients and their referrers.

You must set this at the end of settings.py file in order for the “Process referrals task” scheduled task to run:

CELERY_BEAT_SCHEDULE['process_referrals'] = {
    'task': 'Process referrals task',
    'schedule': crontab(hour='*/12', minute='0')
}

crontab(hour='*/12', minute='0') means “At minute 0 past every 12th hour”.

Note: clients are not processed unless you also enable the referral system from related section.

Update clients tax exempt status task schedule

This tasks connects to the VIES VAT ID’s database and checks if client’s VAT ID’s from Fleio database are still valid.

To adjust the frequency of “Update clients tax exempt” scheduled task, add this at the end of settings.py file:

CELERY_BEAT_SCHEDULE['update_clients_tax_exempt'] = {
    'task': 'Update clients tax exempt',
    'schedule': crontab(hour='*/12', minute='0')
}

crontab(hour='*/12', minute='0') means “At minute 0 past every 12th hour”.

OpenStack hypervisors sync task schedule

To schedule OpenStack hypervisors sync add the lines below at the end of settings.py file. This is useful when you frequently add hypervisors to your OpenStack cloud. Alternatively, you can run fleio sync --hypervisors at the console after you add a hypervisor in OpenStack, instead of this scheduled task.

CELERY_BEAT_SCHEDULE['sync_hypervisors'] = {
    'task': 'Hypervisors background synchronization',
    'schedule': crontab(minute='40')
}

crontab(minute='40') runs every hour at minute 40.

Cleanup images task schedule

Cleanup images settings can be configured in configurations, OpenStack tab: Automatic images cleanup. To schedule images cleanup add the lines below at the end of settings.py file.

CELERY_BEAT_SCHEDULE['cleanup_images'] = {
    'task': 'Cleanup images',
    'schedule': crontab(hour='*/12', minute='0')
}

crontab(hour='*/12', minute='0') means “At minute 0 past every 12th hour”.

Update domains task schedule

To add a scheduled task that updates domains data, add this at the end of settings.py file:

CELERY_BEAT_SCHEDULE['update_domains'] = {
    'task': 'Update domains',
    'schedule': crontab(minute='*/60')
}

crontab(minute='*/60') means every 60 minutes.

Configure Celery task time limits

Celery tasks have time limits defined in seconds that are configurable. The soft time limit allows the task to catch an exception to clean up before it is killed and the hard timeout force terminates the task. You may overwrite those in settings.py. Here are the default values defined in Fleio (values are in seconds):

CELERY_TASK_SOFT_TIME_LIMIT = 1200
CELERY_TASK_TIME_LIMIT = 1500
LONG_RUNNING_TASK_TIME_LIMIT = 36 * 3600

As you can see, the LONG_RUNNING_TASK_TIME_LIMIT has a value of 36 hours defined (36 * 3600 seconds). This is used for tasks that we expect to take much longer to finish than other tasks. Those using the longer limit are for example: ‘Process clients task’, ‘Update clients tax exempt’, ‘Cleanup old logs’, etc.

Configure password complexity requirements

Fleio handles the password complexity requirements using several variables that you may overwrite in settings.py. The default complexity is the following:

ENDUSER_PASSWORD_MIN_LEN = 8
ENDUSER_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
ENDUSER_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
ENDUSER_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
ENDUSER_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
    'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)

ENDUSER_ROOT_PASSWORD_MIN_LEN = 8
ENDUSER_ROOT_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
ENDUSER_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
ENDUSER_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
ENDUSER_ROOT_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
    'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)

STAFF_PASSWORD_MIN_LEN = 8
STAFF_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
STAFF_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
STAFF_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
STAFF_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
    'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)

STAFF_ROOT_PASSWORD_MIN_LEN = 8
STAFF_ROOT_PASSWORD_REGEXES = [
    # '[a-z]',  # password should contain a lower case letter
    # '[A-Z]',  # password should contain a upper case letter
    # '[0-9]',  # password should contain a digit
    # r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long')
STAFF_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)
STAFF_ROOT_PASSWORD_LENGTH_AND_COMPLEXITY_ERROR = _(
    'Password should have at least {} characters and at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{{|}}~")'
)

Variables ending with _PASSWORD_REGEXES contain a list of regular expressions used for password validation. A password is considered valid if it matches all the regexes.

After you configure them by your needs you must restart the fleio services. See Restarting Fleio.

Default OpenStack object names

Fleio creates a new security group for each client (OpenStack project) the first time an instance is created. And this new security group will be automatically added to all instances the end-user creates.

By default, this security group is called fleio and has description fleio. You can change the default name and description by adding these lines in your settings.py file:

# Name of the security group that is automatically created when the end-user creates the first instance
SECURITY_GROUP_NAME = 'fleio'
# Description of the same automatically created security group
SECURITY_GROUP_DESCRIPTION = 'fleio'

Default security group rules

Security groups are actually firewall rules in OpenStack. Though, the rules are not defined inside the virtual machine (instance), but on the networking layer (OpenStack Neutron project).

Fleio creates a security group automatically when the first instance is created for a client. To customize the name and the description of this security group see previous section.

The default Fleio security rules of this automatically created security group will allow all IPv4 and IPv6 traffic:

DEFAULT_IPV4_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
    },
]

DEFAULT_IPV6_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
    },
]

You can customize the two list of rules in your settings.py. Note that each of the two settings consists of a list of Python dictionaries. Each dictionary is a security rule.

You can find here the possible dictionary keys: https://github.com/openstack/neutron/blob/34448578cba471a0a4f1b49308eeb5c54009a725/neutron/db/securitygroups_db.py#L403

And a description of each key here: https://docs.openstack.org/python-openstackclient/train/cli/command-objects/security-group-rule.html

One dictionary key is a parameter of a security rule. For security group rules that uses ports you will have to specify the protocol type.

The most common security group rules are the following:

DEFAULT_IPV4_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '22',
        'port_range_max': '22',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '80',
        'port_range_max': '80',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '443',
        'port_range_max': '443',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '3389',
        'port_range_max': '3389',
        'protocol': 'tcp',
    },
]

DEFAULT_IPV6_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '22',
        'port_range_max': '22',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '80',
        'port_range_max': '80',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '443',
        'port_range_max': '443',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '3389',
        'port_range_max': '3389',
        'protocol': 'tcp',
    },
]

Note that you do not need to set security group for all outbound traffic (egress on 0.0.0.0/0 and ::/0) since these are created by default on each security group.

Default IP PTR record (reverse DNS)

Removed in version 2024.03.0.

Default PTR settings: PTR_DEFAULT_FORMAT, PTR_DEFAULT_FORMAT_IPV6, INVERSE_ADDRESS_ZONE_DEFAULT_EMAIL and PTR_RECORDS_FORCE_LOWERCASE from settings.py are no longer used as they were moved to frontend in the Settings -> OpenStack page on Defaults tab. Starting with Fleio version 2024.03, you must edit them from related section.

Default user language

Default user language is set in Fleio to English. This means that whenever an end-user signs up, English is assigned to his account. In order to override this setting, add it to settings.py file like in the following example:

DEFAULT_USER_LANGUAGE = 'en'

Default message template language code

Email messages and notifications are sent to Fleio users in their chosen language. When a message template with the user language is not found in Fleio, the template using the language defined in DEFAULT_MESSAGE_TEMPLATE_LANGUAGE_CODE is used. The setting defaults to English and in order to override that, add it to settings.py file like in the following example:

# if you're going to modify this, make sure you have all current message templates translated in the new language
DEFAULT_MESSAGE_TEMPLATE_LANGUAGE_CODE = 'en'

Notifications logging settings

For debug purposes, you can enable logging of RabbitMQ notifications that Fleio receives from OpenStack.

You can define a list of strings in OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS. When notification messages are received, if the notification name contains any of the strings in the OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS list, it will be logged. Notifications are logged in the fleio_log Docker volume. You can see the log content by entering the utils container with the fleio bash command and then running cat /var/log/fleio/os_event_notifications.txt.

Configuration example:

OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'project']
# Will log event notification to /var/log/fleio/os_event_notifications.txt that contain or ar the same as the keywords
# defined here. Example: OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['instance', 'snapshot.update.start', 'identity']
# Change OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE value to show whole notification or just a summary

If '*' is specified, it will log all notification messages received from OpenStack. Note that this may generate a high number of I/O operations on local storage. Therefore, it is not recommended to permanently have all notifications logged in a busy production environment.

Here’s how you can use OpenStack notifications logging for debugging:

OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_KEYWORDS = ['*']  # will log all notifications

By default, OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE is False and Fleio will simply log the notification name. If you want to log the detailed JSON notification payload, then set:

OPENSTACK_EVENT_NOTIFICATIONS_LOGGING_VERBOSE = True

MaxMind fraud check

Fleio can use MaxMind fraud detection to check new orders. In order tot be able to use MaxMind fraud detection you need to add the following settings in your settings.py file:

MAXMIND_CLIENTID = "<client id>"
MAXMIND_LICENSE = "<license>"

Replace <client id> and <license> in the above code with authentication details received from MaxMind.

Once these settings are added to settings.py MaxMind fraud check can be enabled on a configuration basis. See MaxMind fraud check configuration

Direct admin licensing module

In order to be able to use the Direct Admin licensing module you need to add the following dictionary in your settings.py file:

DIRECT_ADMIN = {
    'CLIENT_UID': '<YOUR_DA_ACCOUNT_UID>',
    'CLIENT_PASSWORD': '<YOUR_DA_ACCOUNT_PASSWORD>',
    'REMOTE_HOST': 'https://www.directadmin.com',
    'USER_AGENT': 'Fleio'
}

After that you need to go into the Staff -> Billing -> Products and define your DA license product. For that, you will have to choose the DirectAdmin billing module. On the DirectAdmin module configuration part, you will be able to choose the license type.

OpenStack sync settings

Exclude backup volumes from sync

Added in version 2022.05.1.

During some operations (e.g. volume backup) OpenStack will create temporary, short-lived volumes that are of no interest. No notifications are generated for these volumes, and they will not usually be visible in Fleio however if you run sync with this setting set to False these volumes may be added to Fleio database. Enabling this setting will exclude volumes named backup-vol-UUID where UUID is a valid uuid during sync. This setting will only have effect if consumes_quota attribute is not available for volumes (cinder API ver < 3.65). If consume_quota attribute is available all volumes with consume_quota will be ignored during sync.

EXCLUDE_SYNC_RESLOG_BACKUP_TEMP_VOLUMES = False

Sync batch size

To change the number of OpenStack objects (e.g. compute instances or security groups) that are synced at once, add the following variable to settings.py and adjust the value. A low value for SYNC_FETCH_OBJECTS_BATCH_SIZE is useful if your OpenStack API connection is slow and tends to time out.

SYNC_FETCH_OBJECTS_BATCH_SIZE = 100

Bind user sessions to IP address

Added in version 2022.11.0.

Fleio is able to bind user session to IP address so that the same authentication tokens (Fleio frontend token, Django session token) used by someone from a client IP address will not work when used from another IP address (user will be considered unauthenticated/logged out). This is the default behaviour and can be controlled separately for end-users and staff users by changing the following settings.

BIND_SESSION_IP_STAFF_USER = True
BIND_SESSION_IP_END_USER = True

Note that Fleio API tokens (FleioToken-s with frontend flag set to False) are not affected by these settings.

Enable Django admin

See Django admin.

Enable logging for incoming ticket emails

See Debug incoming ticket emails.

Allowing negative rule prices

To allow negative prices for OpenStack pricing rules set OSBILLING_NEGATIVE_PRICE_ALWAYS_ZERO to False. This setting will affect final rule price, after all filters and modifiers are applied.

If this is set to True if a rule has negative price it will be set to zero.

Load balancer cost estimate default amphorae count

When no flavor is selected on load balancer create form, OPENSTACK_LB_DEFAULT_AMPHORAE_COUNT is used for price estimation. You can override the default in settings.py file:

OPENSTACK_LB_DEFAULT_AMPHORAE_COUNT = 2