openstack/openstack-manuals
Code Issues Proposed changes
8de2f0f3c1
openstack-manuals/doc/admin-guide-network/ch_adv_operational_features.xml
Andreas Jaeger 62810ddf28 Remove extra whitespace 
Fixes output of tools/validate.py --force (except training-guide and
generated files)

Change-Id: I720846d97ab150915b26fb56926f0971d1808a2a
2013-09-13 04:09:26 +02:00

398 lines
19 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="ch_adv_operational_features">
<title>Advanced Operational Features</title>
<section xml:id="ch_adv_logging">
<title>Logging Configuration</title>
<para>OpenStack Networking components use a Python logging module for logging. You can
configure logging using any of the following:</para>
<para>
<itemizedlist>
<listitem>
<para>Update settings in the <filename>/etc/neutron/neutron.conf</filename> file. For
example:</para>
<programlisting language="ini">[DEFAULT]
# Default log level is INFO
# verbose and debug has the same result.
# One of them will set DEBUG log level output
debug = False
verbose = True
# Where to store Neutron state files. This directory must be writable by the
# user executing the agent.
# state_path = /var/lib/neutron
# Where to store lock files
lock_path = $state_path/lock
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
# log_date_format = %Y-%m-%d %H:%M:%S
# use_syslog -> syslog
# log_file and log_dir -> log_dir/log_file
# (not log_file) and log_dir -> log_dir/{binary_name}.log
# use_stderr -> stderr
# (not user_stderr) and (not log_file) -> stdout
# publish_errors -> notification system
# use_syslog = False
# syslog_log_facility = LOG_USER
# use_stderr = True
# log_file =
log_dir =/var/log/neutron</programlisting>
</listitem>
<listitem>
<para>Use command-line options. For example, use the <systemitem>--debug</systemitem>
option when using the <systemitem>neutron</systemitem> command-line tool (see the
<citetitle>OpenStack End User Guide</citetitle> for more information).</para>
<para>Command-line options override options specified in
<filename>neutron.conf</filename>.</para>
</listitem>
<listitem>
<para>Use a python logging configuration file (see <link
xlink:href="http://docs.python.org/howto/logging.html">Python Logging HOWTO</link> for
more information).</para>
</listitem>
</itemizedlist>
</para>
</section>
<section xml:id="ch_adv_notification">
<title>Notifications</title>
<section xml:id="ch_adv_notification_overview">
<title>Notification Options</title>
<para>You can send notifications when creating, updating, or deleting OpenStack Networking
resources. To support a DHCP agent, you must set up an <literal>rpc_notifier</literal>
driver.</para>
<para>To configure notifications, update settings in the
<filename>/etc/neutron/neutron.conf</filename> file. For example:</para>
<programlisting language="ini">============ Notification System Options =====================
# Notifications can be sent when network/subnet/port are create, updated or deleted.
# There are three methods of sending notifications: logging (via the
# log_file directive), rpc (via a message queue) and
# noop (no notifications sent, the default)
# Notification_driver can be defined multiple times
# Do nothing driver
# notification_driver = neutron.openstack.common.notifier.no_op_notifier
# Logging driver
# notification_driver = neutron.openstack.common.notifier.log_notifier
# RPC driver
notification_driver = neutron.openstack.common.notifier.rpc_notifier
# default_notification_level is used to form actual topic names or to set logging level
# default_notification_level = INFO
# default_publisher_id is a part of the notification payload
# host = myhost.com
# default_publisher_id = $host
# Defined in rpc_notifier for rpc way, can be comma separated values.
# The actual topic names will be %s.%(default_notification_level)s
notification_topics = notifications</programlisting>
</section>
<section xml:id="ch_adv_notification_cases">
<title>Notification Use Cases</title>
<section xml:id="ch_adv_notification_cases_log_rpc">
<title>Logging and RPC</title>
<para>To make the OpenStack Networking server send notifications using logging and RPC, use
the following configuration in the <filename>neutron.conf</filename> file.</para>
<para>RPC notifications are sent to the <systemitem>notifications.info</systemitem> queue
binded to a topic exchange defined by <systemitem>control_exchange</systemitem> (also
defined in <systemitem>neutron.conf</systemitem>). Logging options are described in <link
linkend="ch_adv_logging">Logging Settings</link>.</para>
<programlisting language="ini"># ============ Notification System Options =====================
# Notifications can be sent when network/subnet/port are create, updated or deleted.
# There are three methods of sending notifications: logging (via the
# log_file directive), rpc (via a message queue) and
# noop (no notifications sent, the default)
# Notification_driver can be defined multiple times
# Do nothing driver
# notification_driver = neutron.openstack.common.notifier.no_op_notifier
# Logging driver
notification_driver = neutron.openstack.common.notifier.log_notifier
# RPC driver
notification_driver = neutron.openstack.common.notifier.rpc_notifier
# default_notification_level is used to form actual topic names or to set logging level
default_notification_level = INFO
# default_publisher_id is a part of the notification payload
# host = myhost.com
# default_publisher_id = $host
# Defined in rpc_notifier for rpc way, can be comma separated values.
# The actual topic names will be %s.%(default_notification_level)s
notification_topics = notifications</programlisting>
</section>
<section xml:id="ch_adv_notification_cases_multi_rpc_topics">
<title>Multiple RPC Topics</title>
<para>To make the OpenStack Networking server send notifications to multiple RPC topics, use
the following configuration in the <filename>neutron.conf</filename> file.</para>
<para>RPC notifications are sent to the <systemitem>notifications_one.info</systemitem> and
<systemitem>notifications_two.info</systemitem> queues, that are binded to a topic
exchange defined by <systemitem>control_exchange</systemitem> (also defined in
<systemitem>neutron.conf</systemitem>). Logging options are described in <link
linkend="ch_adv_logging">Logging Settings</link>.</para>
<programlisting language="ini"># ============ Notification System Options =====================
# Notifications can be sent when network/subnet/port are create, updated or deleted.
# There are three methods of sending notifications: logging (via the
# log_file directive), rpc (via a message queue) and
# noop (no notifications sent, the default)
# Notification_driver can be defined multiple times
# Do nothing driver
# notification_driver = neutron.openstack.common.notifier.no_op_notifier
# Logging driver
# notification_driver = neutron.openstack.common.notifier.log_notifier
# RPC driver
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
# default_notification_level is used to form actual topic names or to set logging level
default_notification_level = INFO
# default_publisher_id is a part of the notification payload
# host = myhost.com
# default_publisher_id = $host
# Defined in rpc_notifier for rpc way, can be comma separated values.
# The actual topic names will be %s.%(default_notification_level)s
notification_topics = notifications_one,notifications_two</programlisting>
</section>
</section>
</section>
<section xml:id="ch_adv_quotas">
<title>Quotas</title>
<para>Quota is a function to limit number of resources. You can enforce default quota for all
tenants. You will get error when you try to create more resources than the limit.</para>
<screen><prompt>$</prompt> <userinput>neutron net-create test_net
Quota exceeded for resources: ['network']</userinput></screen>
<para>
Per-tenant quota configuration is also supported by quota
extension API. See <link linkend="cfg_quotas_per_tenant">
Per-tenant quota configuration</link> for details.
</para>
<section xml:id="cfg_quotas_common">
<title>Basic quota configuration</title>
<para>In OpenStack Networking default quota mechanism, all
tenants have a same quota value, i.e., a number of resources
that a tenant can create. This is enabled by default.</para>
<para>The value of quota is defined in the OpenStack Networking configuration file
(<filename>neutron.conf</filename>). If you want to disable quotas for a specific resource
(e.g., network, subnet, port), remove a corresponding item from
<literal>quota_items</literal>. Each of the quota values in the example below is the
default value.</para>
<programlisting language="ini">[quotas]
# resource name(s) that are supported in quota features
quota_items = network,subnet,port
# number of networks allowed per tenant, and minus means unlimited
quota_network = 10
# number of subnets allowed per tenant, and minus means unlimited
quota_subnet = 10
# number of ports allowed per tenant, and minus means unlimited
quota_port = 50
# default driver to use for quota checks
quota_driver = neutron.quota.ConfDriver</programlisting>
<para>OpenStack Networking also supports quotas for L3 resources: router and floating IP. You
can configure them by adding the following lines to <literal>quotas</literal> section in
<filename>neutron.conf</filename>. (Note that <literal>quota_items</literal> does not
affect these quotas.)</para>
<programlisting language="ini">[quotas]
# number of routers allowed per tenant, and minus means unlimited
quota_router = 10
# number of floating IPs allowed per tenant, and minus means unlimited
quota_floatingip = 50</programlisting>
<para>OpenStack Networking also supports quotas for security group resources: number of
security groups and the number of rules per security group. You can configure them by adding
the following lines to <literal>quotas</literal> section in
<filename>neutron.conf</filename>. (Note that <literal>quota_items</literal> does not
affect these quotas.)</para>
<programlisting language="ini">[quotas]
# number of security groups per tenant, and minus means unlimited
quota_security_group = 10
# number of security rules allowed per tenant, and minus means unlimited
quota_security_group_rule = 100</programlisting>
</section>
<section xml:id="cfg_quotas_per_tenant">
<title>Per-tenant quota configuration</title>
<para>OpenStack Networking also supports per-tenant quota limit by quota extension API. To
enable per-tenant quota, you need to set <literal>quota_driver</literal> in
<literal>neutron.conf</literal>. For example:</para>
<programlisting language="ini">quota_driver = neutron.db.quota_db.DbQuotaDriver</programlisting>
<para>When per-tenant quota is enabled, the output of the following commands contain
<literal>quotas</literal>.</para>
<screen><prompt>$</prompt> <userinput>neutron ext-list -c alias -c name</userinput>
<computeroutput>+-----------------+--------------------------+
| alias | name |
+-----------------+--------------------------+
| agent_scheduler | Agent Schedulers |
| security-group | security-group |
| binding | Port Binding |
| quotas | Quota management support |
| agent | agent |
| provider | Provider Network |
| router | Neutron L3 Router |
| lbaas | LoadBalancing service |
| extraroute | Neutron Extra Route |
+-----------------+--------------------------+</computeroutput></screen>
<screen>
<prompt>$</prompt> <userinput>neutron ext-show quotas</userinput>
<computeroutput>+-------------+------------------------------------------------------------+
| Field | Value |
+-------------+------------------------------------------------------------+
| alias | quotas |
| description | Expose functions for quotas management per tenant |
| links | |
| name | Quota management support |
| namespace | http://docs.openstack.org/network/ext/quotas-sets/api/v2.0 |
| updated | 2012-07-29T10:00:00-00:00 |
+-------------+------------------------------------------------------------+</computeroutput></screen>
<note><para>
Per-tenant quotas are supported only supported by some plugins. At least Open vSwitch,
Linux Bridge, and Nicira NVP are known to work but new versions of other plugins may
bring additional functionality - consult the documentation for each plugin.
</para></note>
<para>There are four CLI commands to manage per-tenant quotas:<itemizedlist>
<listitem>
<para><command>neutron quota-delete</command> - Delete defined quotas of a given
tenant.</para>
</listitem>
<listitem>
<para><command>neutron quota-list</command> - List defined quotas of all tenants.</para>
</listitem>
<listitem>
<para><command>neutron quota-show</command> - Show quotas of a given tenant.</para>
</listitem>
<listitem>
<para><command>neutron quota-update</command> - Define tenant's quotas not to use
defaults.</para>
</listitem>
</itemizedlist>Only users with 'admin' role can change a quota value. Note that the default
set of quotas are enforced for all tenants by default, so there is no
<literal>quota-create</literal> command.</para>
<para>
<literal>quota-list</literal> displays a list of tenants for which per-tenant quota is enabled.
The tenants who have the default set of quota limits are not listed.
This command is permitted to only 'admin' users.
</para>
<screen><prompt>$</prompt> <userinput>neutron quota-list</userinput>
<computeroutput>+------------+---------+------+--------+--------+----------------------------------+
| floatingip | network | port | router | subnet | tenant_id |
+------------+---------+------+--------+--------+----------------------------------+
| 20 | 5 | 20 | 10 | 5 | 6f88036c45344d9999a1f971e4882723 |
| 25 | 10 | 30 | 10 | 10 | bff5c9455ee24231b5bc713c1b96d422 |
+------------+---------+------+--------+--------+----------------------------------+</computeroutput></screen>
<para>
<literal>quota-show</literal> reports the current set of quota limits for the specified tenant.
Regular (non-admin) users can call this command (without --tenant_id parameter).
If per-tenant quota limits are not defined for the tenant, the default set of
quotas are displayed.
</para>
<screen><prompt>$</prompt> <userinput>neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723</userinput>
<computeroutput>+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 20 |
| network | 5 |
| port | 20 |
| router | 10 |
| subnet | 5 |
+------------+-------+</computeroutput></screen>
<para>
The below is an example called by a non-admin user.
</para>
<screen><prompt>$</prompt> <userinput>neutron quota-show</userinput>
<computeroutput>+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 20 |
| network | 5 |
| port | 20 |
| router | 10 |
| subnet | 5 |
+------------+-------+</computeroutput></screen>
<para>You can update a quota of the given tenant by <literal>quota-update</literal> command.</para>
<para>Update the limit of network quota.</para>
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 5</userinput>
<computeroutput>+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 50 |
| network | 5 |
| port | 50 |
| router | 10 |
| subnet | 10 |
+------------+-------+</computeroutput></screen>
<para>You can update quotas of multiple resources in one command.</para>
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --subnet 5 --port 20</userinput>
<computeroutput>+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 50 |
| network | 5 |
| port | 20 |
| router | 10 |
| subnet | 5 |
+------------+-------+</computeroutput></screen>
<para>
To update the limits of L3 resource (router, floating IP), we need to
specify new values of the quotas after '--'. The example below updates
the limit of the number of floating IPs for the given tenant.
</para>
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 -- --floatingip 20</userinput>
<computeroutput>+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 20 |
| network | 5 |
| port | 20 |
| router | 10 |
| subnet | 5 |
+------------+-------+</computeroutput></screen>
<para>
You can update the limits of multiple resources including L2 resources and L3 resource in one command.
</para>
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 3 --subnet 3 --port 3 -- --floatingip 3 --router 3</userinput>
<computeroutput>+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 3 |
| network | 3 |
| port | 3 |
| router | 3 |
| subnet | 3 |
+------------+-------+</computeroutput></screen>
<para>
To clear per-tenant quota limits, use <literal>quota-delete</literal>.
After <literal>quota-delete</literal>, quota limits enforced to the tenant are reset to
the default set of quotas.
</para>
<screen><prompt>$</prompt> <userinput>neutron quota-delete --tenant_id 6f88036c45344d9999a1f971e4882723</userinput>
<computeroutput>Deleted quota: 6f88036c45344d9999a1f971e4882723</computeroutput></screen>
<screen>
<prompt>$</prompt> <userinput>neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723</userinput>
<computeroutput>+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 50 |
| network | 10 |
| port | 50 |
| router | 10 |
| subnet | 10 |
+------------+-------+</computeroutput></screen>
</section>
</section>
</chapter>
View Git Blame Copy Permalink