636abd5f42
Nicira NVP is to be replaced with VMware NSX as the product has been rebranded. Partial-implements blueprint nicira-plugin-renaming Change-Id: I1dd93a52984d473ec6cc5b905867711297495f67
273 lines
13 KiB
XML
273 lines
13 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xml:id="section_networking-advanced-quotas"
|
|
xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
|
|
<title>Manage Networking service quotas</title>
|
|
<para>A quota limits the number of available resources. A default
|
|
quota might be enforced for all tenants. When you try to create
|
|
more resources than the quota allows, an error occurs:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron net-create test_net</userinput></screen>
|
|
<screen><computeroutput>Quota exceeded for resources: ['network']</computeroutput></screen>
|
|
<para>Per-tenant quota configuration is also supported by the quota
|
|
extension API. See <link linkend="cfg_quotas_per_tenant">
|
|
Per-tenant quota configuration</link> for details.</para>
|
|
<section xml:id="cfg_quotas_common">
|
|
<title>Basic quota configuration</title>
|
|
<para>In the Networking default quota mechanism, all tenants have
|
|
the same quota values, such as the number of resources that a
|
|
tenant can create.</para>
|
|
<para>The quota value is defined in the OpenStack Networking
|
|
<filename>neutron.conf</filename> configuration file. To
|
|
disable quotas for a specific resource, such as network, subnet,
|
|
or port, remove a corresponding item from
|
|
<option>quota_items</option>. This example shows the default
|
|
quota values:</para>
|
|
<programlisting language="ini">[quotas]
|
|
# resource name(s) that are supported in quota features
|
|
quota_items = network,subnet,port
|
|
|
|
# number of networks allowed per tenant, and minus means unlimited
|
|
quota_network = 10
|
|
|
|
# number of subnets allowed per tenant, and minus means unlimited
|
|
quota_subnet = 10
|
|
|
|
# number of ports allowed per tenant, and minus means unlimited
|
|
quota_port = 50
|
|
|
|
# default driver to use for quota checks
|
|
quota_driver = neutron.quota.ConfDriver</programlisting>
|
|
<para>OpenStack Networking also supports quotas for L3 resources:
|
|
router and floating IP. Add these lines to the
|
|
<literal>quotas</literal> section in the
|
|
<filename>neutron.conf</filename> file.</para>
|
|
<programlisting language="ini">[quotas]
|
|
# number of routers allowed per tenant, and minus means unlimited
|
|
quota_router = 10
|
|
|
|
# number of floating IPs allowed per tenant, and minus means unlimited
|
|
quota_floatingip = 50</programlisting>
|
|
<note>
|
|
<para>The <option>quota_items</option> option does not affect
|
|
these quotas.</para>
|
|
</note>
|
|
<para>OpenStack Networking also supports quotas for security group
|
|
resources: number of security groups and the number of rules for
|
|
each security group. Add these lines to the
|
|
<literal>quotas</literal> section in the
|
|
<filename>neutron.conf</filename> file:</para>
|
|
<programlisting language="ini">[quotas]
|
|
# number of security groups per tenant, and minus means unlimited
|
|
quota_security_group = 10
|
|
|
|
# number of security rules allowed per tenant, and minus means unlimited
|
|
quota_security_group_rule = 100</programlisting>
|
|
<note>
|
|
<para>The <option>quota_items</option> option does not affect
|
|
these quotas.</para>
|
|
</note>
|
|
</section>
|
|
<section xml:id="cfg_quotas_per_tenant">
|
|
<title>Configure per-tenant quotas</title>
|
|
<para>OpenStack Networking also supports per-tenant quota limit by
|
|
quota extension API.</para>
|
|
<para>Use these commands to manage per-tenant quotas:<itemizedlist>
|
|
<listitem>
|
|
<para><command>neutron quota-delete</command>. Deletes
|
|
defined quotas for a specified tenant.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><command>neutron quota-list</command>. Lists defined
|
|
quotas for all tenants.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><command>neutron quota-show</command>. Shows quotas
|
|
for a specified tenant.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><command>neutron quota-update</command>. Updates
|
|
quotas for a specified tenant.</para>
|
|
</listitem>
|
|
</itemizedlist>Only users with the <literal>admin</literal> role
|
|
can change a quota value. By default, the default set of quotas
|
|
are enforced for all tenants, so no
|
|
<command>quota-create</command> command exists.</para>
|
|
<procedure>
|
|
<step>
|
|
<title>Configure Networking to show per-tenant quotas</title>
|
|
<para>Set the <literal>quota_driver</literal> option in the
|
|
<literal>neutron.conf</literal> file:</para>
|
|
<programlisting language="ini">quota_driver = neutron.db.quota_db.DbQuotaDriver</programlisting>
|
|
<para>When you set this option, the output for Networking
|
|
commands shows <literal>quotas</literal>.</para>
|
|
</step>
|
|
<step>
|
|
<title>List Networking extensions</title>
|
|
<para>To list the Networking extensions, run this
|
|
command:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron ext-list -c alias -c name</userinput></screen>
|
|
<para>The command shows the <literal>quotas</literal>
|
|
extension, which provides per-tenant quota management
|
|
support:</para>
|
|
<screen><computeroutput>+-----------------+--------------------------+
|
|
| alias | name |
|
|
+-----------------+--------------------------+
|
|
| agent_scheduler | Agent Schedulers |
|
|
| security-group | security-group |
|
|
| binding | Port Binding |
|
|
| quotas | Quota management support |
|
|
| agent | agent |
|
|
| provider | Provider Network |
|
|
| router | Neutron L3 Router |
|
|
| lbaas | LoadBalancing service |
|
|
| extraroute | Neutron Extra Route |
|
|
+-----------------+--------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<title>Show information for the quotas extension</title>
|
|
<para>To show information for the <literal>quotas</literal>
|
|
extension, run this command:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron ext-show quotas</userinput></screen>
|
|
<screen><computeroutput>+-------------+------------------------------------------------------------+
|
|
| Field | Value |
|
|
+-------------+------------------------------------------------------------+
|
|
| alias | quotas |
|
|
| description | Expose functions for quotas management per tenant |
|
|
| links | |
|
|
| name | Quota management support |
|
|
| namespace | http://docs.openstack.org/network/ext/quotas-sets/api/v2.0 |
|
|
| updated | 2012-07-29T10:00:00-00:00 |
|
|
+-------------+------------------------------------------------------------+</computeroutput></screen>
|
|
<note>
|
|
<para>Only some plug-ins support per-tenant quotas.
|
|
Specifically, Open vSwitch, Linux Bridge, and VMware NSX
|
|
support them, but new versions of other plug-ins might
|
|
bring additional functionality. See the documentation for
|
|
each plug-in.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<title>List tenants who have per-tenant quota support</title>
|
|
<para>The <command>quota-list</command> command lists tenants
|
|
for which the per-tenant quota is enabled. The command does
|
|
not list tenants with default quota support. You must be an
|
|
administrative user to run this command:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron quota-list</userinput></screen>
|
|
<screen><computeroutput>+------------+---------+------+--------+--------+----------------------------------+
|
|
| floatingip | network | port | router | subnet | tenant_id |
|
|
+------------+---------+------+--------+--------+----------------------------------+
|
|
| 20 | 5 | 20 | 10 | 5 | 6f88036c45344d9999a1f971e4882723 |
|
|
| 25 | 10 | 30 | 10 | 10 | bff5c9455ee24231b5bc713c1b96d422 |
|
|
+------------+---------+------+--------+--------+----------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<title>Show per-tenant quota values</title>
|
|
<para>The <command>quota-show</command> reports the current
|
|
set of quota limits for the specified tenant.
|
|
Non-administrative users can run this command without the
|
|
<parameter>--tenant_id</parameter> parameter. If
|
|
per-tenant quota limits are not enabled for the tenant, the
|
|
command shows the default set of quotas:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723</userinput></screen>
|
|
<screen><computeroutput>+------------+-------+
|
|
| Field | Value |
|
|
+------------+-------+
|
|
| floatingip | 20 |
|
|
| network | 5 |
|
|
| port | 20 |
|
|
| router | 10 |
|
|
| subnet | 5 |
|
|
+------------+-------+</computeroutput></screen>
|
|
<para>The following command shows the command output for a
|
|
non-administrative user:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron quota-show</userinput></screen>
|
|
<screen><computeroutput>+------------+-------+
|
|
| Field | Value |
|
|
+------------+-------+
|
|
| floatingip | 20 |
|
|
| network | 5 |
|
|
| port | 20 |
|
|
| router | 10 |
|
|
| subnet | 5 |
|
|
+------------+-------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<title>Update quota values for a specified tenant</title>
|
|
<para>Use the <command>quota-update</command> command to
|
|
update a quota for a specified tenant:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 5</userinput>
|
|
<computeroutput>+------------+-------+
|
|
| Field | Value |
|
|
+------------+-------+
|
|
| floatingip | 50 |
|
|
| network | 5 |
|
|
| port | 50 |
|
|
| router | 10 |
|
|
| subnet | 10 |
|
|
+------------+-------+</computeroutput></screen>
|
|
<para>You can update quotas for multiple resources through one
|
|
command:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --subnet 5 --port 20</userinput>
|
|
<computeroutput>+------------+-------+
|
|
| Field | Value |
|
|
+------------+-------+
|
|
| floatingip | 50 |
|
|
| network | 5 |
|
|
| port | 20 |
|
|
| router | 10 |
|
|
| subnet | 5 |
|
|
+------------+-------+</computeroutput></screen>
|
|
<para>To update the limits for an L3 resource such as, router
|
|
or floating IP, you must define new values for the quotas
|
|
after the <parameter>--</parameter> directive.</para>
|
|
<para>This example updates the limit of the number of floating
|
|
IPs for the specified tenant:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 -- --floatingip 20</userinput></screen>
|
|
<screen><computeroutput>+------------+-------+
|
|
| Field | Value |
|
|
+------------+-------+
|
|
| floatingip | 20 |
|
|
| network | 5 |
|
|
| port | 20 |
|
|
| router | 10 |
|
|
| subnet | 5 |
|
|
+------------+-------+</computeroutput></screen>
|
|
<para>You can update the limits of multiple resources by
|
|
including L2 resources and L3 resource through one
|
|
command.</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 3 --subnet 3 --port 3 -- --floatingip 3 --router 3</userinput>
|
|
<computeroutput>+------------+-------+
|
|
| Field | Value |
|
|
+------------+-------+
|
|
| floatingip | 3 |
|
|
| network | 3 |
|
|
| port | 3 |
|
|
| router | 3 |
|
|
| subnet | 3 |
|
|
+------------+-------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<title>Delete per-tenant quota values</title>
|
|
<para>To clear per-tenant quota limits, use the
|
|
<command>quota-delete</command> command:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron quota-delete --tenant_id 6f88036c45344d9999a1f971e4882723</userinput></screen>
|
|
<screen><computeroutput>Deleted quota: 6f88036c45344d9999a1f971e4882723</computeroutput></screen>
|
|
<para>After you run this command, you can see that quota
|
|
values for the tenant are reset to the default
|
|
values:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723</userinput></screen>
|
|
<screen><computeroutput>+------------+-------+
|
|
| Field | Value |
|
|
+------------+-------+
|
|
| floatingip | 50 |
|
|
| network | 10 |
|
|
| port | 50 |
|
|
| router | 10 |
|
|
| subnet | 10 |
|
|
+------------+-------+</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
</section>
|