OpenStack Networking components use a Python logging module for logging. You can configure logging using any of the following: Update settings in the /etc/neutron/neutron.conf file. For example: [DEFAULT] # Default log level is INFO # verbose and debug has the same result. # One of them will set DEBUG log level output debug = False verbose = True # Where to store Neutron state files. This directory must be writable by the # user executing the agent. # state_path = /var/lib/neutron # Where to store lock files lock_path = $state_path/lock # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s # log_date_format = %Y-%m-%d %H:%M:%S # use_syslog -> syslog # log_file and log_dir -> log_dir/log_file # (not log_file) and log_dir -> log_dir/{binary_name}.log # use_stderr -> stderr # (not user_stderr) and (not log_file) -> stdout # publish_errors -> notification system # use_syslog = False # syslog_log_facility = LOG_USER # use_stderr = True # log_file = log_dir =/var/log/neutron Use command-line options. For example, use the --debug option when using the neutron command-line tool (see the OpenStack End User Guide for more information). Command-line options override options specified in neutron.conf. Use a python logging configuration file (see Python Logging HOWTO for more information).

You can send notifications when creating, updating, or deleting OpenStack Networking resources. To support a DHCP agent, you must set up an rpc_notifier driver. To configure notifications, update settings in the /etc/neutron/neutron.conf file. For example: ============ Notification System Options ===================== # Notifications can be sent when network/subnet/port are create, updated or deleted. # There are three methods of sending notifications: logging (via the # log_file directive), rpc (via a message queue) and # noop (no notifications sent, the default) # Notification_driver can be defined multiple times # Do nothing driver # notification_driver = neutron.openstack.common.notifier.no_op_notifier # Logging driver # notification_driver = neutron.openstack.common.notifier.log_notifier # RPC driver notification_driver = neutron.openstack.common.notifier.rpc_notifier # default_notification_level is used to form actual topic names or to set logging level # default_notification_level = INFO # default_publisher_id is a part of the notification payload # host = myhost.com # default_publisher_id = $host # Defined in rpc_notifier for rpc way, can be comma separated values. # The actual topic names will be %s.%(default_notification_level)s notification_topics = notifications

To make the OpenStack Networking server send notifications using logging and RPC, use the following configuration in the neutron.conf file. RPC notifications are sent to the notifications.info queue binded to a topic exchange defined by control_exchange (also defined in neutron.conf). Logging options are described in Logging Settings. # ============ Notification System Options ===================== # Notifications can be sent when network/subnet/port are create, updated or deleted. # There are three methods of sending notifications: logging (via the # log_file directive), rpc (via a message queue) and # noop (no notifications sent, the default) # Notification_driver can be defined multiple times # Do nothing driver # notification_driver = neutron.openstack.common.notifier.no_op_notifier # Logging driver notification_driver = neutron.openstack.common.notifier.log_notifier # RPC driver notification_driver = neutron.openstack.common.notifier.rpc_notifier # default_notification_level is used to form actual topic names or to set logging level default_notification_level = INFO # default_publisher_id is a part of the notification payload # host = myhost.com # default_publisher_id = $host # Defined in rpc_notifier for rpc way, can be comma separated values. # The actual topic names will be %s.%(default_notification_level)s notification_topics = notifications

To make the OpenStack Networking server send notifications to multiple RPC topics, use the following configuration in the neutron.conf file. RPC notifications are sent to the notifications_one.info and notifications_two.info queues, that are binded to a topic exchange defined by control_exchange (also defined in neutron.conf). Logging options are described in Logging Settings. # ============ Notification System Options ===================== # Notifications can be sent when network/subnet/port are create, updated or deleted. # There are three methods of sending notifications: logging (via the # log_file directive), rpc (via a message queue) and # noop (no notifications sent, the default) # Notification_driver can be defined multiple times # Do nothing driver # notification_driver = neutron.openstack.common.notifier.no_op_notifier # Logging driver # notification_driver = neutron.openstack.common.notifier.log_notifier # RPC driver notification_driver = neutron.openstack.common.notifier.rabbit_notifier # default_notification_level is used to form actual topic names or to set logging level default_notification_level = INFO # default_publisher_id is a part of the notification payload # host = myhost.com # default_publisher_id = $host # Defined in rpc_notifier for rpc way, can be comma separated values. # The actual topic names will be %s.%(default_notification_level)s notification_topics = notifications_one,notifications_two

Quota is a function to limit number of resources. You can enforce default quota for all tenants. You will get error when you try to create more resources than the limit. $ neutron net-create test_net Quota exceeded for resources: ['network'] Per-tenant quota configuration is also supported by quota extension API. See Per-tenant quota configuration for details.

In OpenStack Networking default quota mechanism, all tenants have a same quota value, i.e., a number of resources that a tenant can create. This is enabled by default. The value of quota is defined in the OpenStack Networking configuration file (neutron.conf). If you want to disable quotas for a specific resource (e.g., network, subnet, port), remove a corresponding item from quota_items. Each of the quota values in the example below is the default value. [quotas] # resource name(s) that are supported in quota features quota_items = network,subnet,port # number of networks allowed per tenant, and minus means unlimited quota_network = 10 # number of subnets allowed per tenant, and minus means unlimited quota_subnet = 10 # number of ports allowed per tenant, and minus means unlimited quota_port = 50 # default driver to use for quota checks quota_driver = neutron.quota.ConfDriver OpenStack Networking also supports quotas for L3 resources: router and floating IP. You can configure them by adding the following lines to quotas section in neutron.conf. (Note that quota_items does not affect these quotas.) [quotas] # number of routers allowed per tenant, and minus means unlimited quota_router = 10 # number of floating IPs allowed per tenant, and minus means unlimited quota_floatingip = 50 OpenStack Networking also supports quotas for security group resources: number of security groups and the number of rules per security group. You can configure them by adding the following lines to quotas section in neutron.conf. (Note that quota_items does not affect these quotas.) [quotas] # number of security groups per tenant, and minus means unlimited quota_security_group = 10 # number of security rules allowed per tenant, and minus means unlimited quota_security_group_rule = 100

OpenStack Networking also supports per-tenant quota limit by quota extension API. To enable per-tenant quota, you need to set quota_driver in neutron.conf. For example: quota_driver = neutron.db.quota_db.DbQuotaDriver When per-tenant quota is enabled, the output of the following commands contain quotas. $ neutron ext-list -c alias -c name +-----------------+--------------------------+ | alias | name | +-----------------+--------------------------+ | agent_scheduler | Agent Schedulers | | security-group | security-group | | binding | Port Binding | | quotas | Quota management support | | agent | agent | | provider | Provider Network | | router | Neutron L3 Router | | lbaas | LoadBalancing service | | extraroute | Neutron Extra Route | +-----------------+--------------------------+ $ neutron ext-show quotas +-------------+------------------------------------------------------------+ | Field | Value | +-------------+------------------------------------------------------------+ | alias | quotas | | description | Expose functions for quotas management per tenant | | links | | | name | Quota management support | | namespace | http://docs.openstack.org/network/ext/quotas-sets/api/v2.0 | | updated | 2012-07-29T10:00:00-00:00 | +-------------+------------------------------------------------------------+ Per-tenant quotas are supported only supported by some plugins. At least Open vSwitch, Linux Bridge, and Nicira NVP are known to work but new versions of other plugins may bring additional functionality - consult the documentation for each plugin. There are four CLI commands to manage per-tenant quotas: neutron quota-delete - Delete defined quotas of a given tenant. neutron quota-list - List defined quotas of all tenants. neutron quota-show - Show quotas of a given tenant. neutron quota-update - Define tenant's quotas not to use defaults. Only users with 'admin' role can change a quota value. Note that the default set of quotas are enforced for all tenants by default, so there is no quota-create command. quota-list displays a list of tenants for which per-tenant quota is enabled. The tenants who have the default set of quota limits are not listed. This command is permitted to only 'admin' users. $ neutron quota-list +------------+---------+------+--------+--------+----------------------------------+ | floatingip | network | port | router | subnet | tenant_id | +------------+---------+------+--------+--------+----------------------------------+ | 20 | 5 | 20 | 10 | 5 | 6f88036c45344d9999a1f971e4882723 | | 25 | 10 | 30 | 10 | 10 | bff5c9455ee24231b5bc713c1b96d422 | +------------+---------+------+--------+--------+----------------------------------+ quota-show reports the current set of quota limits for the specified tenant. Regular (non-admin) users can call this command (without --tenant_id parameter). If per-tenant quota limits are not defined for the tenant, the default set of quotas are displayed. $ neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723 +------------+-------+ | Field | Value | +------------+-------+ | floatingip | 20 | | network | 5 | | port | 20 | | router | 10 | | subnet | 5 | +------------+-------+ The below is an example called by a non-admin user. $ neutron quota-show +------------+-------+ | Field | Value | +------------+-------+ | floatingip | 20 | | network | 5 | | port | 20 | | router | 10 | | subnet | 5 | +------------+-------+ You can update a quota of the given tenant by quota-update command. Update the limit of network quota. $ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 5 +------------+-------+ | Field | Value | +------------+-------+ | floatingip | 50 | | network | 5 | | port | 50 | | router | 10 | | subnet | 10 | +------------+-------+ You can update quotas of multiple resources in one command. $ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --subnet 5 --port 20 +------------+-------+ | Field | Value | +------------+-------+ | floatingip | 50 | | network | 5 | | port | 20 | | router | 10 | | subnet | 5 | +------------+-------+ To update the limits of L3 resource (router, floating IP), we need to specify new values of the quotas after '--'. The example below updates the limit of the number of floating IPs for the given tenant. $ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 -- --floatingip 20 +------------+-------+ | Field | Value | +------------+-------+ | floatingip | 20 | | network | 5 | | port | 20 | | router | 10 | | subnet | 5 | +------------+-------+ You can update the limits of multiple resources including L2 resources and L3 resource in one command. $ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 3 --subnet 3 --port 3 -- --floatingip 3 --router 3 +------------+-------+ | Field | Value | +------------+-------+ | floatingip | 3 | | network | 3 | | port | 3 | | router | 3 | | subnet | 3 | +------------+-------+ To clear per-tenant quota limits, use quota-delete. After quota-delete, quota limits enforced to the tenant are reset to the default set of quotas. $ neutron quota-delete --tenant_id 6f88036c45344d9999a1f971e4882723 Deleted quota: 6f88036c45344d9999a1f971e4882723 $ neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723 +------------+-------+ | Field | Value | +------------+-------+ | floatingip | 50 | | network | 10 | | port | 50 | | router | 10 | | subnet | 10 | +------------+-------+