Global Settings

Mainly used to set three levels of permissions and password policies.

This function is used to set whether to enable three-level privileges and password policy related configuration. It takes 5 minutes to take effect after the parameters are set.

Entry: In the cloud management platform, click the top left corner of navigation menu, and click “Settings/Global Settings/Global Settings” menu item in the left menu bar that pops up to enter the global settings page.

The global settings currently support setting the following options.

Quota check switch: Set whether to enable quota check, and turn off quota check by default. If users have quota limit requirements, they can turn on quota checking. After turning on, users can set the resource quota limit under domain or project details. Subsequent users will be restricted by quota when creating new resources, and will fail to create when the new resources exceed the quota.
Global proxy switch: When users are in the intranet environment and cannot directly access the extranet, they need to turn on the global proxy, and the subsequent platform will download packages, download public cloud image list, download rates, image market list display, import images by URL, pull public image list, etc. through the global proxy.

Note

After configuring the global proxy, you still need to use the proxy of the cloud account module when nano-managing the cloud account.
1. Click the “Edit” button on the right side of the global agent to bring up the Global Settings dialog.
2. Configure the following parameters.
  - Value: Select whether to enable the global proxy switch.
  - https proxy: Psee use https proxy when the requested url connection is https. https proxy is empty then use http proxy. https proxy can be set to HTTP type proxy or socks5:// protocol proxy. If proxy is set, it is recommended to set at least one of https proxy or http proxy.
  - http proxy: Use http proxy when the requested url connection is http, or when the requested url connection is https but no https proxy is configured. http proxy can be set to HTTP type proxy or socks5:// protocol proxy. If proxy is set, it is recommended to set at least one of https proxy or http proxy.
3. Click the “OK” button to save the global proxy configuration.
Number of times the password is not repeated: the user password cannot be repeated for the last n times. That is, the newly set password cannot be repeated with the last n times. E.g. if set to 3, the new password cannot be the same as the previous 3 used historical passwords. The default is empty, which means there is no limit. Only applicable for local SQL users to change their passwords.
Minimum Password Length: Limit the minimum length of user password. When creating new user or resetting password, the length of password must meet the requirement. The default is 6 digits. Only applicable to local SQL user to change password.
Number of consecutive failed logins: Set the maximum number of consecutive failed login attempts. When the number of consecutive failed login attempts exceeds the set value, the account will be locked and the administrator will need to enable the user and reset the password. The default value is null, which means there is no limit. Valid only for local SQL users.
Password validity period: Set the default password expiration date for the user, 0 means no limit. Valid only for local SQL users.
User Password Complexity: Set the complexity of user password, you can restrict the password must contain any N kinds of uppercase letters, lowercase letters, numbers or symbols, 1 means no restriction, 4 means the password must contain the above 4 kinds. Only applicable to local SQL users to change password.
Session timeout period: Set the session timeout time, when the time is exceeded, the user needs to log in again, the default is 1 day.
The browser is closed to end the session: Set whether to end the session after the browser is closed, the default is closed.
Three-level Resource Hierarchy.

OneCloud after the platform is installed, the default is off for three-level permission. The comparison of the three levels of permissions is as follows.
- When the system does not open three levels of permission, only the default domain exists in the system, and users can create projects in the default domain.
- When the system is enabled with three levels of permission, the system can create other domains besides default domain, and create projects in any domain, etc.

Note

There is a slight difference in turning on or off the three-level permission for any operation involving domains and projects in the platform, so please be careful to turn on the three-level permission, which cannot be turned off after it is turned on.

If you don’t turn on the third level permission, the domain has no concept of quota, all projects belong to default domain; and after you turn on the third level permission, the domain can set the quota in the quota usage page.
E.g. if you open three levels of permissions, you must select the domain when creating new projects; when you do not open three levels of permissions, you can directly create projects to set quotas, etc.

Console address: Set the address for users to access the cloud management platform, support setting IP address and domain name. E.g. when deploying a highly available environment, you need to set the VIP address or access domain name as the console address, etc.
Verification Code Switch: Set whether to enable random captcha in the login page.
Two-Factor Authentication: I.e. Multi-Factor Authentication, users need to pass two or more authentication methods to log in to the OneCloud platform, i.e. after users enter their user name and password, they also need to enter a security code to log in to the OneCloud platform. Multiple authentication ensures the security of the OneCloud platform. To configure MFA, please enable two-factor globally here first, and then enable MFA for specific users.
Servers and disks trash: Set whether the host and disk are saved in the trash after deletion, and the host and disk saved in the trash can be recovered; if not turned on, the host and disk are directly deleted and cannot be recovered.
Servers and disks trash retention time: When the host and disk trash is turned on, set the retention time of the host and disk in the trash, and the host and disk that exceed the retention time will be deleted.
Image Trash: set whether the image is saved in the Trash after deletion The host and disk saved in the Trash can be recovered; if not turned on, the image will be deleted directly.
Account health check switch: The cloud account health check checks whether the cloud account has the ability to create resources based on the balance information, and can be turned off if the account does not need this check. Only public cloud accounts support cloud account health check.
Image Trash retention time: When the Image Trash is turned on, set the retention time of the image in the Trash. Images that exceed the retention time will be deleted.
Baremetal Hosts automatic registration: When baremetal hosts auto-registration is enabled, any baremetal hosts set to PXE boot will register the baremetal hosts to the OneCloud platform and reset the BMC information as long as the Baremetal Agent service can receive PXE requests from the baremetal hosts. Please be careful to enable the auto-registration feature. After disabling auto-registration, users can manually add physical machines through the Add Baremetal Hosts feature.
The default IPMI password of the baremetal hosts: The default password used when resetting the BMC information of the baremetal hosts through the pre-registration or auto-registration function.
Single session login switch: When the single session login switch is turned on, the same user can only login on one browser, and when it is turned off, the same user can login on multiple browsers.
Automatically assign IP switch: Since the OneCloud platform cannot detect the IP usage on public & private clouds in advance, and an IP address is assigned as the IP of the server when creating a server, the assigned IP may be occupied. The IP will no longer be automatically assigned after shutdown, and there is no guarantee that the IP reserved in this system will not be assigned.
Multi-Currency Bill Combined: When this switch is turned on, an exchange rate template will appear in the Expense module, and bills in different currencies will be converted to the same currency at a fixed rate for display.
Adjusted Price: When Adjusted Price is enabled, the Adjusted Price policy menu will appear under the admin backend. When the Adjusted Price policy is configured, the domain or project view will display the Adjusted Price bill. The original price and the Adjusted Price price can be viewed in the resource bill and the running bill in the management backend view.
Original Bill: When Adjusted Price is enabled, by default, the Adjusted Price bill will be displayed in the domain or project view, and when original billing is enabled, users can view the original bill in the domain or project view.
Shutdown Servers doesn’t occupy resources switch：Turned on by default, shutdown servers no longer occupy host CPU and memory resources, but when the host resources are fully allocated, it will cause the servers to fail to boot properly. When turned off, the shutdown servers will occupy the host CPU and memory resources so that they will not be allocated.