diff --git a/config.yaml b/config.yaml index 8e6444c4..e92b017e 100644 --- a/config.yaml +++ b/config.yaml @@ -66,6 +66,71 @@ options: gre vxlan . + # Quota configuration settings + quota_security_group: + default: 10 + type: int + description: | + Number of security groups allowed per tenant. A negative value means + unlimited. + quota_security_group_rule: + default: 100 + type: int + description: | + Number of security group rules allowed per tenant. A negative value means + unlimited + quota_network: + default: 10 + type: int + description: | + Number of networks allowed per tenant. A negative value means unlimited. + quota_subnet: + default: 10 + type: int + description: | + Number of subnets allowed per tenant. A negative value means unlimited. + quota_port: + default: 50 + type: int + description: | + Number of ports allowed per tenant. A negative value means unlimited. + quota_vip: + default: 10 + type: int + description: | + Number of vips allowed per tenant. A negative value means unlimited. + quota_pool: + default: 10 + type: int + description: | + Number of pools allowed per tenant. A negative value means unlimited. + quota_member: + default: -1 + type: int + description: | + Number of pool members allowed per tenant. A negative value means unlimited. + The default is unlimited because a member is not a real resource consumer + on Openstack. However, on back-end, a member is a resource consumer + and that is the reason why quota is possible. + quota_health_monitors: + default: -1 + type: int + description: | + Number of health monitors allowed per tenant. A negative value means + unlimited. + The default is unlimited because a health monitor is not a real resource + consumer on Openstack. However, on back-end, a member is a resource consumer + and that is the reason why quota is possible. + quota_router: + default: 10 + type: int + description: | + Number of routers allowed per tenant. A negative value means unlimited. + quota_floatingip: + default: 50 + type: int + description: | + Number of floating IPs allowed per tenant. A negative value means unlimited. # HA configuration settings vip: type: string diff --git a/hooks/neutron_api_context.py b/hooks/neutron_api_context.py index 38cf9330..6b81363b 100644 --- a/hooks/neutron_api_context.py +++ b/hooks/neutron_api_context.py @@ -98,6 +98,19 @@ class NeutronCCContext(context.NeutronContext): ctxt['neutron_bind_port'] = \ determine_api_port(api_port('neutron-server'), singlenode_mode=True) + ctxt['quota_security_group'] = config('quota_security_group') + ctxt['quota_security_group_rule'] = \ + config('quota_security_group_rule') + ctxt['quota_network'] = config('quota_network') + ctxt['quota_subnet'] = config('quota_subnet') + ctxt['quota_port'] = config('quota_port') + ctxt['quota_vip'] = config('quota_vip') + ctxt['quota_pool'] = config('quota_pool') + ctxt['quota_member'] = config('quota_member') + ctxt['quota_health_monitors'] = config('quota_health_monitors') + ctxt['quota_router'] = config('quota_router') + ctxt['quota_floatingip'] = config('quota_floatingip') + for rid in relation_ids('neutron-api'): for unit in related_units(rid): rdata = relation_get(rid=rid, unit=unit) diff --git a/templates/icehouse/neutron.conf b/templates/icehouse/neutron.conf index 519a6278..87e2f527 100644 --- a/templates/icehouse/neutron.conf +++ b/templates/icehouse/neutron.conf @@ -50,7 +50,20 @@ nova_admin_auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/v2.0 quota_driver = neutron.db.quota_db.DbQuotaDriver {% if neutron_security_groups -%} quota_items = network,subnet,port,security_group,security_group_rule +quota_security_group = {{ quota_security_group }} +quota_security_group_rule = {{ quota_security_group_rule }} +{% else %} +quota_items = network,subnet,port {% endif -%} +quota_network = {{ quota_network }} +quota_subnet = {{ quota_subnet }} +quota_port = {{ quota_port }} +quota_vip = {{ quota_vip }} +quota_pool = {{ quota_pool }} +quota_member = {{ quota_member }} +quota_health_monitors = {{ quota_health_monitors }} +quota_router = {{ quota_router }} +quota_floatingip = {{ quota_floatingip }} [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf diff --git a/unit_tests/test_neutron_api_context.py b/unit_tests/test_neutron_api_context.py index b0ad2907..60134bac 100644 --- a/unit_tests/test_neutron_api_context.py +++ b/unit_tests/test_neutron_api_context.py @@ -157,6 +157,17 @@ class NeutronCCContextTest(CharmTestCase): 'verbose': True, 'l2_population': True, 'overlay_network_type': 'gre', + 'quota_floatingip': 50, + 'quota_health_monitors': -1, + 'quota_member': -1, + 'quota_network': 10, + 'quota_pool': 10, + 'quota_port': 50, + 'quota_router': 10, + 'quota_security_group': 10, + 'quota_security_group_rule': 100, + 'quota_subnet': 10, + 'quota_vip': 10, } napi_ctxt = context.NeutronCCContext() with patch.object(napi_ctxt, '_ensure_packages'): @@ -175,6 +186,17 @@ class NeutronCCContextTest(CharmTestCase): 'verbose': True, 'l2_population': True, 'overlay_network_type': 'vxlan', + 'quota_floatingip': 50, + 'quota_health_monitors': -1, + 'quota_member': -1, + 'quota_network': 10, + 'quota_pool': 10, + 'quota_port': 50, + 'quota_router': 10, + 'quota_security_group': 10, + 'quota_security_group_rule': 100, + 'quota_subnet': 10, + 'quota_vip': 10, } napi_ctxt = context.NeutronCCContext() with patch.object(napi_ctxt, '_ensure_packages'):