Configure the Compute APIThe Compute API, run by the nova-api daemon, is the component of
OpenStack Compute that receives and responds to user requests,
whether they be direct API calls, or via the CLI tools or
dashboard.Configure Compute API password handlingThe OpenStack Compute API enables users to specify an
administrative password when they create or rebuild a
server instance. If the user does not specify a password,
a random password is generated and returned in the API
response.In practice, how the admin password is handled depends
on the hypervisor in use and might require additional
configuration of the instance. For example, you might have
to install an agent to handle the password setting. If the
hypervisor and instance configuration do not support
setting a password at server create time, the password
that is returned by the create API call is misleading
because it was ignored.To prevent this confusion, use the
configuration option to disable the return of the admin
password for installations that do not support setting
instance passwords.Configure Compute API rate limitingOpenStack Compute supports API rate limiting for the
OpenStack API. The rate limiting allows an administrator
to configure limits on the type and number of API calls
that can be made in a specific time interval.When API rate limits are exceeded, HTTP requests return
an error with a status code of 413Request entity too large, and
includes an HTTP Retry-After header.
The response body includes the error details and the delay
before you should retry the request.Rate limiting is not available for the EC2 API.Define limitsTo define limits, set these values:The HTTP method
used in the API call, typically one of GET, PUT,
POST, or DELETE.A human readable
URI that is used as a friendly
description of where the limit is applied.A regular
expression. The limit is applied to
all URIs that match the regular expression and
HTTP method.A limit value
that specifies the maximum count of units before
the limit takes effect.An interval
that specifies time frame to which the limit is
applied. The interval can be SECOND, MINUTE, HOUR,
or DAY.Rate limits are applied in relative order to the HTTP
method, going from least to most specific. For example,
although the default threshold for POST to */servers is 50
each day, you cannot POST to */servers more than 10 times
in a single minute because the rate limits for any POST is
10 each minute.Default limitsNormally, you install OpenStack Compute with the
following limits enabled:
Default API rate limits
HTTP method
API URI
API regular expression
Limit
POST
any URI (*)
.*
10 per minute
POST
/servers
^/servers
50 per day
PUT
any URI (*)
.*
10 per minute
GET
*changes-since*
.*changes-since.*
3 per minute
DELETE
any URI (*)
.*
100 per minute
Configure and change limitsAs part of the WSGI pipeline, the
etc/nova/api-paste.ini file
defines the actual limits.To enable limits, include the
' filter in the API pipeline
specification. If the filter is
removed from the pipeline, limiting is disabled. You must
also define the rate limit filter. The lines appear as
follows:[pipeline:openstack_compute_api_v2]
pipeline = faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2
[pipeline:openstack_volume_api_v1]
pipeline = faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1
[filter:ratelimit]
paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factoryTo modify the limits, add a limits
specification to the [filter:ratelimit]
section of the file. Specify the limits in this
order:HTTP methodfriendly URIregexlimitintervalThe following example shows the default rate-limiting
values:[filter:ratelimit]
paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
limits =(POST, "*", .*, 10, MINUTE);(POST, "*/servers", ^/servers, 50, DAY);(PUT, "*", .*, 10, MINUTE);(GET, "*changes-since*", .*changes-since.*, 3, MINUTE);(DELETE, "*", .*, 100, MINUTE)Configuration referenceThe following table lists the Compute API configuration options: