Advanced settings file

You can change Fleio options and behavior from the settings.py file as described below.

Note that, besides the backend settings described in this document, frontend settings are also available to personalize your installation.

Fleio backend settings file location:

Full file path is:

/var/webapps/fleio/project/fleio/fleiosettings/settings.py

Important

After editing the settings.py file, you must restart the fleio services. See Restarting Fleio.

DO NOT EDIT file /var/webapps/fleio/project/fleio/settings.py. This used to be (prior to 2020.05 release) the editable file for local Fleio settings. This file is now overwritten on Fleio upgrades. It simply points now to /var/webapps/fleio/project/fleio/fleiosettings/settings.py.

Only edit /var/webapps/fleio/project/fleio/fleiosettings/settings.py as this is not overwritten on Fleio upgrades.

Restarting Fleio

Depending on operating system, in order to fully restart Fleio, you may want to restart the following services:

  • Centos:
systemctl restart uwsgi-fleio
systemctl restart celery
systemctl restart fleio
  • Ubuntu:
systemctl restart uwsgi
systemctl restart celery
systemctl restart fleio

Django and DRF settings

The Fleio backend is built on Django web framework and Django REST framework. You can overwrite Django and DRF settings in the settings.py file, as well. Read about their available settings in the Django documentation and in the DRF documentation.

Fleio specific settings

Some advanced Fleio settings can only be changed by editing the settings.py file:

How to enable/disable features

Fleio is a modular application which allows you to enable or disable features for end-users and staff respectively.

The FEATURES dictionary allows you to enable or disable end-user features. The dictionary key identifies the feature and the dictionary value may have one of the following values:

  • True - feature is enabled
  • False - feature is disabled

The full features list is already present in base_settings.py, which contains default Fleio settings.

Important

Do not edit the base_settings.py file. It will be overwritten when Fleio is updated. Edit settings.py instead. settings.py contains your local installation information and is never overwritten by Fleio.

Features toggles have a tree-like structure and disabling a top feature would disable all it children. For instance, setting ‘openstack’: False, would all features beneath, like ‘openstack.instances’, ‘openstack.volumes’, ‘openstack.images’ etc.

Here’s how features are defined by default in base_settings.py.

FEATURES = {
    'demo': False,
    'enduser': True,
    'enduser.allow_changing_password': True,
    'billing': True,
    'billing.addcredit': True,
    'billing.history': True,
    'billing.invoices': True,
    'billing.order': True,
    'billing.pdf': True,
    'billing.services': True,
    'billing.recurring_payments': False,
    'clients&users.clients': True,
    'clients&users.signup': True,
    'clients&users.users': True,
    'clients&users.userprofile': True,
    'clients&users.second_factor_auth': True,
    'clients&users.second_factor_auth.google_authenticator': True,
    'clients&users.second_factor_auth.sms_authenticator': True,
    'dashboard': True,
    'notifications': True,
    'openstack': True,
    'openstack.apiusers': True,
    'openstack.cleanup': True,
    'openstack.cleanup.images': True,
    'openstack.cleanup.images.showdate': True,
    'openstack.coe.clusters': True,
    'openstack.coe.cluster_templates': True,
    'openstack.coe.cluster_templates.manage_cluster_templates': True,
    'openstack.dns.ptr': True,
    'openstack.dns.zones': True,
    'openstack.flavors': True,
    'openstack.floatingips': True,
    'openstack.images': True,
    'openstack.images.download': True,
    'openstack.images.file_uploads': True,
    'openstack.images.updatecreate': True,
    'openstack.images.showcommunity': True,
    'openstack.images.showshared': True,
    'openstack.instances': True,
    'openstack.instances.allow_changing_password': True,
    'openstack.instances.resize.allow_resize_to_less_disk_space': True,
    'openstack.instances.show_hypervisors': True,
    'openstack.instances.snapshots': True,
    'openstack.instances.snapshots.pricing': True,
    'openstack.instances.traffic': True,
    'openstack.instances.networking.edit': True,
    'openstack.networks': True,
    'openstack.networks.display_external_networks': True,
    'openstack.networks.display_shared_networks': True,
    'openstack.networks.auto_create_network': True,
    'openstack.ports': True,
    'openstack.ports.manage_public_network_related_ports': False,
    'openstack.projects': True,
    'openstack.routers': True,
    'openstack.securitygroups': True,
    'openstack.sshkeys': True,
    'openstack.subnetpools': True,
    'openstack.volumes': True,
    'openstack.volumes.backups': True,
    'openstack.volumes.snapshots': True,
    'openstack.volumes.boot': True,
    'openstack.osbackup': True,
    'openstack.osbackup.schedules': True,
    'plugins': True,
    'plugins.todo': True,
    'plugins.tickets': True,
    'plugins.cpanel': True,
    'plugins.cpanelserver': True,
    'plugins.domains': True,
    'plugins.hypanel': False,
    'utils': True,
    'utils.operations': True,
}

Analogous there’s a STAFF_FEATURES dictionary which allows you to manipulate features for the staff panel.

STAFF_FEATURES = {
    'demo': False,
    'staff': True,

    'billing': True,
    'billing.gateways': True,
    'billing.journal': True,
    'billing.invoices': True,
    'billing.orders': True,
    'billing.products': True,
    'billing.pdf': True,
    'billing.services': True,
    'billing.taxrules': True,
    'billing.transactions': True,
    'billing.reporting': True,
    'billing.reseller': False,
    'clients&users.clients': True,
    'clients&users.clients.reset_usage': False,
    'clients&users.clientgroups': True,
    'clients&users.userprofile': True,
    'clients&users.users': True,
    'clients&users.usergroups': True,
    'clients&users.second_factor_auth': True,
    'clients&users.second_factor_auth.google_authenticator': True,
    'clients&users.second_factor_auth.sms_authenticator': True,
    'dashboard': True,
    'app-status': True,
    'notifications': True,
    'notifications.send': False,
    'openstack': True,
    'openstack.apiusers': True,
    'openstack.cleanup': True,
    'openstack.cleanup.images': True,
    'openstack.cleanup.images.showdate': True,
    'openstack.coe.clusters': True,
    'openstack.coe.cluster_templates': True,
    'openstack.dns.ptr': True,
    'openstack.dns.zones': True,
    'openstack.flavors': True,
    'openstack.floatingips': True,
    'openstack.images': True,
    'openstack.images.download': True,
    'openstack.images.file_uploads': True,
    'openstack.images.shareoncreate': True,
    'openstack.images.showcommunity': True,
    'openstack.images.showshared': True,
    'openstack.images.updatecreate': True,
    'openstack.instances': True,
    'openstack.instances.allow_changing_password': True,
    'openstack.instances.snapshots': True,
    'openstack.instances.traffic': True,
    'openstack.networks': True,
    'openstack.networks.auto_create_network': True,
    'openstack.ports': True,
    'openstack.projects': True,
    'openstack.routers': True,
    'openstack.securitygroups': True,
    'openstack.sshkeys': True,
    'openstack.subnetpools': True,
    'openstack.subnets': True,
    'openstack.volumes': True,
    'openstack.volumes.backups': True,
    'openstack.volumes.snapshots': True,
    'openstack.volumes.boot': True,
    'openstack.osbackup': True,
    'openstack.osbackup.schedules': True,
    'openstack.settings': True,
    'openstack.plans': True,
    'plugins': True,
    'plugins.cpanel': True,
    'plugins.cpanelserver': True,
    'plugins.domains': True,
    'plugins.todo': True,
    'plugins.tickets': True,
    'plugins.hypanel': False,
    'settings': True,
    'settings.general': True,
    'settings.configurations': True,
    'settings.authorization': True,
    'settings.notifications.templates': True,
    'utils': True,
    'utils.activitylog': True,
    'utils.operations': True,
    'utils.tasklog': True,
    'utils.reports': True,
    'servers': True,
}

With Fleio 2019.12.0 release we have added the reseller feature. With this we also have a new dictionary in order to enable or disable RESELLER FEATURES:

RESELLER_FEATURES = {
    'demo': False,
    'reseller': True,
    'billing': True,
    'billing.transactions': True,
    'billing.journal': True,
    'billing.invoices': True,
    'billing.orders': True,
    'billing.products': True,
    'billing.pdf': True,
    'billing.services': True,
    'billing.history': True,
    'clients&users.clients': True,
    'clients&users.clientgroups': True,
    'clients&users.userprofile': True,
    'clients&users.users': True,
    'clients&users.usergroups': True,
    'clients&users.second_factor_auth': True,
    'clients&users.second_factor_auth.google_authenticator': True,
    'clients&users.second_factor_auth.sms_authenticator': True,
    'dashboard': True,
    'notifications': True,
    'notifications.send': False,
    'openstack': True,
    'openstack.apiusers': True,
    'openstack.cleanup': True,
    'openstack.cleanup.images': True,
    'openstack.cleanup.images.showdate': True,
    'openstack.coe.clusters': True,
    'openstack.coe.cluster_templates': True,
    'openstack.dns.ptr': True,
    'openstack.dns.zones': True,
    'openstack.flavors': True,
    'openstack.floatingips': True,
    'openstack.images': True,
    'openstack.images.download': True,
    'openstack.images.file_uploads': True,
    'openstack.images.shareoncreate': True,
    'openstack.images.showcommunity': True,
    'openstack.images.showshared': True,
    'openstack.images.updatecreate': True,
    'openstack.instances': True,
    'openstack.instances.allow_changing_password': True,
    'openstack.instances.show_hypervisors': True,
    'openstack.instances.snapshots': True,
    'openstack.instances.traffic': True,
    'openstack.networks': True,
    'openstack.ports': True,
    'openstack.projects': True,
    'openstack.routers': True,
    'openstack.securitygroups': True,
    'openstack.sshkeys': True,
    'openstack.subnetpools': True,
    'openstack.subnets': True,
    'openstack.volumes': True,
    'openstack.volumes.backups': True,
    'openstack.volumes.snapshots': True,
    'openstack.volumes.boot': True,
    'openstack.osbackup': True,
    'openstack.osbackup.schedules': True,
    'openstack.plans': True,
    'plugins': True,
    'plugins.cpanel': True,
    'plugins.cpanelserver': True,
    'plugins.domains': True,
    'plugins.todo': True,
    'plugins.tickets': True,
    'plugins.hypanel': False,
    'settings.configurations': True,
    'servers': True,
}

And here’s how to enable or disable a feature. Let’s say we want to disable new users sign-up. Add the following line at the end of settings.py:

FEATURES['clients&users.signup'] = False

And let’s say that we want to enable floating IPs for staff. In order to enable a feature you have to make sure the top level feature is also enabled. To enable floating IPs just add the following lines at the end of settings.py:

STAFF_FEATURES['openstack'] = True
STAFF_FEATURES['openstack.floatingips'] = True

End-user features explained

  • demo - enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.
  • enduser - feature is available only in end user mode, used to differentiate between enduser and staff
  • enduser.allow_changing_password - when set to False end-users are not allowed to change their password, through Forgot password link or Edit user profile
  • billing.addcredit - enables the Add credit button on dashboard
  • billing.history - enabled billing history page
  • billing.invoices - enables invoice functionality, this may be needed for Add credit
  • billing.order - enables order functionality allowing end user to order services
  • billing.pdf - enabled pdf generation for invoices
  • billing.services - enables services view for end user, the user will be able to view and edit services
  • billing.recurring_payments - enables recurring payments
  • clients&users.clients - enables client feature for end users allowing add or edit of clients
  • clients&users.second_factor_auth - enable second factor authentication(SFA) for end users
  • clients&users.second_factor_auth.google_authenticator - enables google authenticator SFA method
  • clients&users.second_factor_auth.sms_authenticator - enables sms authenticator SFA method
  • clients&users.signup - enables signup for end users. If this is disabled, users can only be added by staff users or via the Fleio API
  • clients&users.userprofile - enables used profile editing for end users
  • dashboard- when disabled the dashboard page will be empty
  • notifications - enables notifications for end user
  • openstack - enables child OpenStack features. When this is False, all OpenStack functionality is disabled.
  • openstack.apiusers - enables OpenStack API user management
  • openstack.cleanup - enables OpenStack objects cleanup
  • openstack.cleanup.images - when enabled user uploaded images are automatically deleted in X days
  • openstack.cleanup.images.showdate - show the date when the user uploaded image will be automatically deleted
  • openstack.coe.clusters - enables openstack Magnum cluster management
  • openstack.coe.cluster_templates - enables openstack Magnum cluster template management
  • openstack.coe.cluster_templates.manage_cluster_templates - allows the end user to manage and update clusters template
  • openstack.dns.ptr - enables dns ptr record editing for instances
  • openstack.dns.zones - enables dns zones editing
  • openstack.floatingips - enables floating IPs management for end users
  • openstack.images - enables My images feature for end users where users can see snapshots and upload images
  • openstack.images.createupdate - enable create and update of images in My images page
  • openstack.images.showcommunity - show community images, on separate tab, in create instance form
  • openstack.images.showshared - show shared images in create instance form
  • openstack.images.download - allows the end user to download images
  • openstack.instances - enables management of instances for end users
  • openstack.instances.allow_changing_password - enables and shows the instance menu option Change password
  • openstack.instances.snapshots - allows instance snapshots. This feature may require openstack.images to be enabled
  • openstack.instances.show_hypervisors - enables the display of hypervisors name on instance details
  • openstack.instances.traffic - enables instance traffic monitoring and billing functionality
  • openstack.instances.networking.edit - enable networking tab for end user. This feature may require openstack.ports to be enabled
  • openstack.networks - enable networks management for end users
  • openstack.networks.auto_create_network - enables auto creation of networks
  • openstack.networks.display_external_networks - displays external networks created by other users
  • openstack.networks.display_shared_networks - displays shared networks created by other users
  • openstack.ports.manage_public_network_related_ports - allows end user to edit his ports that are public
  • openstack.routers - allow end-users to create and manage network routers
  • openstack.securitygroups - enables security groups management for end users
  • openstack.sshkeys - enables SSH key management for end users
  • openstack.subnetpools - enables management of subnet pools for end users
  • openstack.volumes - enables management of volumes for end users
  • openstack.volumes.backups - enables volume backup management
  • openstack.volumes.boot - show the boot from volume feature on instance create form
  • openstack.osbackup - enables backup functionality for end users
  • openstack.osbackup.schedules - allow end-users to edit backup schedule
  • plugins - when False all below plugins will be disabled
  • plugins.todo - enables the TODO plugin
  • plugins.tickets - enables support tickets functionality
  • plugins.cpanel - enables cPanel functionality
  • plugins.cpanelserver - enables cPanel server functionality
  • plugins.domains - enables domain name registration and management

Staff user features explained

  • demo - enables demo mode - this will autofill demo/demo username and password on end-user login page, demoadmin/demoadmin are autofilled on staff login page, many features are disabled that would otherwise allow anonymous visitors to break the Fleio installation. Demo mode is enabled on https://demo.fleio.com installation.
  • staff - feature is available only in staff mode, used to differentiate between end user and staff
  • billing - when True, enables billing features; when False disables all features that start with billing. ...
  • billing.gateways - enables gateways functionality for staff
  • billing.journal - enables journal viewer for staff
  • billing.invoices - enables invoice management for staff
  • billing.order - enables order management for staff
  • billing.products - enables products management for staff
  • billing.pdf - enabled pdf generation for invoices
  • billing.services - enables services management for staff
  • billing.taxrules - enables tax rules management for staff
  • billing.transactions - enables transactions functionality
  • billing.reseller - enables reseller billing
  • clients&users.clients - enables clients management for staff
  • clients&users.users - enables users management for staff
  • clients&users.clientgroups - enables client groups management for staff
  • clients&users.usergroups - enables user group management for staff
  • clients&users.clients.reset_usage - enables the reset usage feature
  • dashboard- when disabled the dashboard page will be empty
  • app-status - shows App services on staff dashboard
  • openstack.apiusers - enables OpenStack API user management
  • openstack.cleanup - enables OpenStack objects cleanup
  • openstack.cleanup.images - enables automatic deletion of user uploaded images after X days
  • openstack.cleanup.images.showdate - show the date when the user uploaded images will be automatically deleted
  • openstack.coe.clusters - enables openstack Magnum cluster management
  • openstack.coe.cluster_templates - enables openstack Magnum cluster template management
  • openstack.dns.ptr - enables DNS PTR record editing for instances
  • openstack.dns.zones - enables DNS zone editing
  • openstack.flavors - enables flavors management
  • openstack.floatingips - enables floating IPs management for staff
  • openstack.images - enables Image management for staff where staff users can see snapshots and upload images
  • openstack.images.shareoncreate - enable instance creation based on an image from another project. The image will be shared between projects.
  • openstack.images.showcommunity - show community images, on separate tab, in create instance form
  • openstack.images.showshared - show shared images in create instance form
  • openstack.instances - enables management of instances for staff
  • openstack.instances.allow_changing_password - enables and shows the instance menu option Change password
  • openstack.instances.snapshots - allows instance snapshots. This feature may require openstack.images to be enabled
  • openstack.instances.traffic - enables instance traffic monitoring and billing functionality
  • openstack.networks - enable networks management for staff
  • openstack.ports - enables ports management for staff
  • openstack.projects - enables project management for staff
  • openstack.routers - enables routers management for staff
  • openstack.securitygroups - enables security groups management for staff
  • openstack.sshkeys - enables ssh key management for staff
  • openstack.subnetpools - enables management of subnet pools for staff
  • openstack.subnets - enables subnet management for staff
  • openstack.volumes - enables management of volumes for staff
  • openstack.volumes.backups - enables volume backup management
  • openstack.osbackup - enables backup of instances
  • openstack.osbackup.schedules - allow staff users to edit backup schedule
  • openstack.settings - enables OpenStack settings on staff panel
  • openstack.plans - enables management of OpenStack pricing plans
  • plugins - when False all below plugins will be disabled
  • plugins.todo - enables the TODO plugin
  • plugins.tickets - enables support tickets functionality
  • plugins.cpanel - enables cPanel functionality
  • plugins.cpanelserver - enables cPanel server functionality
  • plugins.domains - enables domain name registration and management
  • settings - disables all settings
  • settings.general - enables general settings on staff panel
  • settings.configurations - enables management of configurations
  • settings.authorization - enables authorization frontend for staff
  • settings.notification.templates - enables notification templates frontend for staff
  • utils - when False disables Utils menu group and functionality
  • utils.activitylog - enables activity log viewer on staff page
  • utils.tasklog - enables task log viewer on staff page
  • utils.reports - enables reports
  • utils.operations - enables operations view
  • servers - enables servers feature
  • servers - enables shared hosting servers management
  • notifications.send - enables important staff notifications (currently for invoices and new orders)

Reseller user features explained

  • reseller - Enables the reseller feature. Mandatory to be True if reseller is active
  • billing - Enables billing
  • billing.transactions - enables transactions functionality
  • billing.journal - enables journal viewer for reseller
  • billing.invoices - enable invoice management for reseller
  • billing.orders - enable order management for reseller
  • billing.products - enable product management for reseller
  • billing.pdf - enable pdf generation for invoices
  • billing.services - Enable service management for reseller
  • billing.history - Enables billing history for reseller
  • clients&users.clients - enables clients management for reseller
  • clients&users.users - enables users management for reseller
  • clients&users.clientgroups - enables client groups management for reseller
  • clients&users.usergroups - enables user group management for reseller
  • clients&users.second_factor_auth - enable second factor authentication(SFA) for reseller
  • clients&users.second_factor_auth.google_authenticator - enables google authenticator SFA method
  • clients&users.second_factor_auth.sms_authenticator - enables sms authenticator SFA method
  • notifications - enables notifications for reseller
  • openstack - enables child OpenStack features. When this is False, all OpenStack functionality is disabled.
  • openstack.apiusers - enables OpenStack API user management
  • openstack.cleanup - enables OpenStack objects cleanup
  • openstack.cleanup.images - when enabled user uploaded images are automatically deleted in X days
  • openstack.cleanup.images.showdate - show the date when the user uploaded image will be automatically deleted
  • openstack.coe.clusters - enables openstack Magnum cluster management
  • openstack.coe.cluster_templates - enables openstack Magnum cluster template management
  • openstack.dns.ptr - enables dns ptr record editing for instances
  • openstack.dns.zones - enables dns zones editing
  • openstack.flavors - enables flavors management for resellers
  • openstack.floatingips - enables floating IPs management for resellers
  • openstack.images - enables My images feature for end users where users can see snapshots and upload images
  • openstack.images.file_uploads - enables image file uploads for reseller
  • openstack.images.updatecreate - enable create and update of images in My images page
  • openstack.images.showcommunity - show community images, on separate tab, in create instance form
  • openstack.images.showshared - show shared images in create instance form
  • openstack.instances - enables management of instances for reseller
  • openstack.instances.allow_changing_password - enables and shows the instance menu option Change password
  • openstack.instances.snapshots - allows instance snapshots. This feature may require openstack.images to be enabled
  • openstack.instances.show_hypervisors - enables the display of hypervisors name on instance details
  • openstack.instances.traffic - enables instance traffic monitoring and billing functionality
  • openstack.networks - enable networks management for reseller
  • openstack.ports - enable ports management for reseller
  • openstack.projects - enables projects management for reseller
  • openstack.routers - allow end-users to create and manage network routers
  • openstack.securitygroups - enables security groups management for reseller
  • openstack.sshkeys - enables SSH key management for reseller
  • openstack.subnets - enable subnets management for resellers
  • openstack.volumes - enables management of volumes for reseller
  • openstack.volumes.backups - enables volume backup management
  • openstack.volumes.boot - show the boot from volume feature on instance create form
  • openstack.volumes.snapshots - enable volume snapshots functionality for resellers
  • openstack.osbackup - enables backup functionality for reseller
  • openstack.osbackup.schedules - allow resellers to edit backup schedule
  • openstack.plans - enables openstack plans management for resellers

Override enduser features

End user features can be overridden for end users based on client group using the OVERRIDE_FEATURES setting. For example if you want to disable billing.addcredit for clients belonging to client group group1 your OVERRIDE_FEATURES settings should look like this:

OVERRIDE_FEATURES = {
    'group1': {
        'billing.addcredit': False
    }
}

Note that the override features are applied only in frontend and only in end user panel.

Configure custom add credit URL

You can use an external link, if you are using another system (like WHMCS) to handle invoicing and credit card payments rather than fleio. You can customize the add credit URL which will reflect in several places including the one in end-user dashboard. This will also be used when sending email notifications regarding client having low credit and being out of credit or on the end-user cloud resources create form when the client has a credit amount lower than the one required to create new resources (configurable from the fleio configurations)

Edit settings.py and add:

# Leave empty to use the default add credit URL of Fleio
# fill in 'client_group_name': 'http://url...' pairs when using an external billing
# when the dictionary has a single entry it will be used regardless of the 'client_group_name'
ADD_CREDIT_URLS = {}

Openstack pricing rule settings

Openstack pricing rule price decimals can be configured by updating PRICING_RULE_PRICE_MAX_DECIMAL_PLACES. Default value is 8, we do not recommend using a value greater than 8 since the least significant decimals may be ignored.

You can also configure minimum price per pricing rule by changing MINIMUM_PRICE_PER_RULE. Default value of 0.01 means any rule that applies to a resource will generate a price of at least 0.01 in the rule currency.

SSO_MAX_AGE

External billing systems, like WHMCS, generate single sign-on URL’s. For security reasons, SSO URL’s contain a timestamp from the moment they were generated.

SSO_MAX_AGE specifies after how many seconds, from the generation time, the single sign-on URL expires.

If single sign-on ULR is expired, it won’t work anymore.

PROXY_SETTINGS

If you are behind a proxy server, you must set this variable, to access the licensing server for setting the license.

Set it to: PROXY_SETTINGS = {‘https’: ‘<ip>:<port>’, }. For example:

PROXY_SETTINGS = {'https': '10.10.1.11:1080', }

Adjusting throttle rates

The default throttle rates are defined in /var/webapps/fleio/project/fleio/base_settings.py file. This means that at every update they will be reset to their default value so in order to change them you need to overwrite them in /var/webapps/fleio/project/fleio/fleiosettings/settings.py file.

The code from bellow must be added at the end of the settings.py file:

REST_FRAMEWORK = {
    'DEFAULT_MODEL_SERIALIZER_CLASS': 'rest_framework.serializers.HyperlinkedModelSerializer',
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
        'fleio.core.drf.FakeFormBasedAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ),
    'PAGE_SIZE': 20,
    'DEFAULT_PAGINATION_CLASS': 'fleio.core.drf.FleioPaginationSerializer',
    'NUM_PROXIES': 0,
    'DEFAULT_THROTTLE_RATES': {
        'login': '60/hour',
        'django_admin': '60/hour',
        'signup': '2/day',
        'confirm_email': '100/day',
        'resend_email_verification': '100/day',
        'password_reset': '10/hour',
        'gateway_callback': '1000/hour',
        'anonymous_sms_authenticator': '60/hour',
        'sms_sending': '15/hour',
    },
    'DEFAULT_VERSIONING_CLASS': 'fleio.core.drf.FleioVersioning',
    'DEFAULT_RENDERER_CLASSES': (
        'rest_framework.renderers.JSONRenderer',
        # uncomment the following line to enable the browsable api
        # 'rest_framework.renderers.BrowsableAPIRenderer',
        'fleio.core.drf.FleioJsonRenderer',
    ),
    'EXCEPTION_HANDLER': 'fleio.core.drf_exception_handler.drf_exception_handler'
}

After editing the settings.py file, you must restart the fleio services. See Restarting Fleio.

Configurable password strength

Fleio handles the password strength using several variables. The default complexity is the following:

ENDUSER_PASSWORD_MIN_LEN = 8
ENDUSER_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
ENDUSER_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN))
ENDUSER_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

ENDUSER_ROOT_PASSWORD_MIN_LEN = 8
ENDUSER_ROOT_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
ENDUSER_ROOT_PASSWORD_LENGTH_ERROR = _(
    'Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN)
)
ENDUSER_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

RESELLER_PASSWORD_MIN_LEN = 8
RESELLER_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
RESELLER_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN))
RESELLER_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

RESELLER_ROOT_PASSWORD_MIN_LEN = 8
RESELLER_ROOT_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
RESELLER_ROOT_PASSWORD_LENGTH_ERROR = _(
    'Password should be at least {} characters long'.format(ENDUSER_PASSWORD_MIN_LEN)
)
RESELLER_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

STAFF_PASSWORD_MIN_LEN = 8
STAFF_PASSWORD_REGEXES = [
    '[a-z]',  # password should contain a lower case letter
    '[A-Z]',  # password should contain a upper case letter
    '[0-9]',  # password should contain a digit
    r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]'  # password should contain one of the special characters
]
STAFF_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(STAFF_PASSWORD_MIN_LEN))
STAFF_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

STAFF_ROOT_PASSWORD_MIN_LEN = 8
STAFF_ROOT_PASSWORD_REGEXES = [
    # '[a-z]',  # password should contain a lower case letter
    # '[A-Z]',  # password should contain a upper case letter
    # '[0-9]',  # password should contain a digit
    # r"[ !#$@%&'()*+?><,-./[\\\]\^_`{|}~" + r'"]' # password should contain one of the special characters
]
STAFF_ROOT_PASSWORD_LENGTH_ERROR = _('Password should be at least {} characters long'.format(STAFF_PASSWORD_MIN_LEN))
STAFF_ROOT_PASSWORD_COMPLEXITY_ERROR = _(
    'Password should have at least: one lower case letter, one upper case letter,'
    ' one number and one special character ( !#$@%&\'()*+?><,-./[\\\\]^_`{|}~")'
)

Variables ending with _PASSWORD_REGEXES contain a list of regular expressions used for password validation. A password is considered valid if it matches all the regexes.

After you configure them by your needs you must restart the fleio services. See Restarting Fleio.

Default OpenStack object names

Fleio creates a new security group for each client (OpenStack project) the first time an instance is created. And this new security group will be automatically added to all instances the end-user creates.

By default this security group is called fleio and has description fleio. You can change the default name and description by adding these lines in your settings.py file:

# Name of the security group that is automatically created when the end-user creates the first instance
SECURITY_GROUP_NAME = 'fleio'
# Description of the same automatically created security group
SECURITY_GROUP_DESCRIPTION = 'fleio'

Default security group rules

Security groups are actually firewall rules in OpenStack. Though, the rules are not defined inside the virtual machine (instance), but on the networking layer (OpenStack Neutron project).

Fleio creates a security group automatically when the first instance is created for a client. To customize the name and the description of this security group see previous section.

The default Fleio security rules of this automatically created security group will allow all IPv4 and IPv6 traffic:

DEFAULT_IPV4_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
    },
]

DEFAULT_IPV6_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
    },
]

You can customize the two list of rules in your settings.py. Note that each of the two settings consists of a list of Python dictionaries. Each dictionary is a security rule.

You can find here the possible dictionary keys: https://github.com/openstack/neutron/blob/34448578cba471a0a4f1b49308eeb5c54009a725/neutron/db/securitygroups_db.py#L403

And a description of each key here: https://docs.openstack.org/python-openstackclient/train/cli/command-objects/security-group-rule.html

One dictionary key is a parameter of a security rule. For security group rules that uses ports you will have to specify the protocol type.

The most common security group rules are the following:

DEFAULT_IPV4_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '22',
        'port_range_max': '22',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '80',
        'port_range_max': '80',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '443',
        'port_range_max': '443',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '0.0.0.0/0',
        'port_range_min': '3389',
        'port_range_max': '3389',
        'protocol': 'tcp',
    },
]

DEFAULT_IPV6_SECURITY_RULE_LIST = [
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '22',
        'port_range_max': '22',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '80',
        'port_range_max': '80',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '443',
        'port_range_max': '443',
        'protocol': 'tcp',
    },
    {
        'direction': 'ingress',
        'remote_ip_prefix': '::/0',
        'ethertype': 'IPv6',
        'port_range_min': '3389',
        'port_range_max': '3389',
        'protocol': 'tcp',
    },
]

Note that you do not need to set security group for all outbound traffic (egress on 0.0.0.0/0 and ::/0) since these are created by default on each security group.

Enable/disable new Angular frontend

We are migrating the Fleio frontend from the legacy AngularJS framework to Angular. For a smooth migration we are gradually rewriting and releasing pages from the staff panel in Angular. After the staff panel is successfully migrated to Angular we will do the same for the end-user panel.

The new Angular pages are temporarily located a under the /newstaff URL, while the previous pages remain for now under /staff URL.

By default some of the staff panel menu options already point to /newstaff links, while the pages that are not yet migrated to Angular will still link to a /staff URL. For instance, one of the first pages migrated to Angular is Settings > Configurations and it links to /newstaff/settings/configurations.

If for any reason you want to switch the staff panel to only use old AngularJS pages set this to False in your settings.py file:

ANGULAR_STAFF_FRONTEND = False

Note that this is a temporary setting. Eventually the entire Fleio frontend will be switched to Angular.