[user-guide-admin] Fix rst markups whereever required

Implements: blueprint user-guides-reorganised

Change-Id: I147cd09381789a48f361552055e01469746cb398
This commit is contained in:
venkatamahesh 2015-12-16 00:27:09 +05:30
parent 96d208e736
commit d1808ed9c8
28 changed files with 906 additions and 692 deletions

View File

@ -6,10 +6,10 @@ Use the swift command-line client to analyze log files.
The swift client is simple to use, scalable, and flexible. The swift client is simple to use, scalable, and flexible.
Use the swift client ``-o`` or ``-output`` option to get short answers Use the swift client :option:`-o` or :option:`-output` option to get
to questions about logs. short answers to questions about logs.
You can use the ``-o`` or ``--output`` option with a single object You can use the :option:`-o` or :option:`--output` option with a single object
download to redirect the command output to a specific file or to STDOUT download to redirect the command output to a specific file or to STDOUT
(``-``). The ability to redirect the output to STDOUT enables you to (``-``). The ability to redirect the output to STDOUT enables you to
pipe (``|``) data without saving it to disk first. pipe (``|``) data without saving it to disk first.
@ -18,80 +18,94 @@ Upload and analyze log files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#. This example assumes that ``logtest`` directory contains the #. This example assumes that ``logtest`` directory contains the
following log files:: following log files.
2010-11-16-21_access.log .. code-block:: console
2010-11-16-22_access.log
2010-11-15-21_access.log 2010-11-16-21_access.log
2010-11-15-22_access.log 2010-11-16-22_access.log
2010-11-15-21_access.log
2010-11-15-22_access.log
Each file uses the following line format:: Each file uses the following line format.
Nov 15 21:53:52 lucid64 proxy-server - 127.0.0.1 15/Nov/2010/22/53/52 DELETE /v1/AUTH_cd4f57824deb4248a533f2c28bf156d3/2eefc05599d44df38a7f18b0b42ffedd HTTP/1.0 204 - \ .. code-block:: console
Nov 15 21:53:52 lucid64 proxy-server - 127.0.0.1 15/Nov/2010/22/53/52 DELETE /v1/AUTH_cd4f57824deb4248a533f2c28bf156d3/2eefc05599d44df38a7f18b0b42ffedd HTTP/1.0 204 - \
- test%3Atester%2CAUTH_tkcdab3c6296e249d7b7e2454ee57266ff - - - txaba5984c-aac7-460e-b04b-afc43f0c6571 - 0.0432 - test%3Atester%2CAUTH_tkcdab3c6296e249d7b7e2454ee57266ff - - - txaba5984c-aac7-460e-b04b-afc43f0c6571 - 0.0432
#. Change into the ``logtest`` directory:: #. Change into the ``logtest`` directory.
$ cd logtest .. code-block:: console
#. Upload the log files into the ``logtest`` container:: $ cd logtest
$ swift -A http://swift-auth.com:11000/v1.0 -U test:tester -K testing upload logtest *.log #. Upload the log files into the ``logtest`` container.
.. code:: .. code-block:: console
2010-11-16-21_access.log $ swift -A http://swift-auth.com:11000/v1.0 -U test:tester -K testing upload logtest *.log
2010-11-16-22_access.log
2010-11-15-21_access.log
2010-11-15-22_access.log
#. Get statistics for the account:: .. code-block:: console
$ swift -A http://swift-auth.com:11000/v1.0 -U test:tester -K testing \ 2010-11-16-21_access.log
-q stat 2010-11-16-22_access.log
2010-11-15-21_access.log
2010-11-15-22_access.log
.. code:: #. Get statistics for the account.
Account: AUTH_cd4f57824deb4248a533f2c28bf156d3 .. code-block:: console
Containers: 1
Objects: 4
Bytes: 5888268
#. Get statistics for the logtest container:: $ swift -A http://swift-auth.com:11000/v1.0 -U test:tester -K testing \
-q stat
$ swift -A http://swift-auth.com:11000/v1.0 -U test:tester -K testing \ .. code-block:: console
stat logtest
.. code:: Account: AUTH_cd4f57824deb4248a533f2c28bf156d3
Containers: 1
Objects: 4
Bytes: 5888268
Account: AUTH_cd4f57824deb4248a533f2c28bf156d3 #. Get statistics for the ``logtest`` container.
Container: logtest
Objects: 4
Bytes: 5864468
Read ACL:
Write ACL:
#. List all objects in the logtest container:: .. code-block:: console
$ swift -A http:///swift-auth.com:11000/v1.0 -U test:tester -K testing \ $ swift -A http://swift-auth.com:11000/v1.0 -U test:tester -K testing \
list logtest stat logtest
.. code:: .. code-block:: console
2010-11-15-21_access.log Account: AUTH_cd4f57824deb4248a533f2c28bf156d3
2010-11-15-22_access.log Container: logtest
2010-11-16-21_access.log Objects: 4
2010-11-16-22_access.log Bytes: 5864468
Read ACL:
Write ACL:
#. List all objects in the logtest container.
.. code-block:: console
$ swift -A http:///swift-auth.com:11000/v1.0 -U test:tester -K testing \
list logtest
.. code-block:: console
2010-11-15-21_access.log
2010-11-15-22_access.log
2010-11-16-21_access.log
2010-11-16-22_access.log
Download and analyze an object Download and analyze an object
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This example uses the ``-o`` option and a hyphen (``-``) to get This example uses the :option:`-o` option and a hyphen (``-``) to get
information about an object. information about an object.
Use the swift ``download`` command to download the object. On this Use the :command:`swift download` command to download the object. On this
command, stream the output to ``awk`` to break down requests by return command, stream the output to ``awk`` to break down requests by return
code and the date ``2200 on November 16th, 2010``. code and the date ``2200 on November 16th, 2010``.
@ -102,13 +116,15 @@ After ``awk`` processes the output, it pipes it to ``sort`` and ``uniq
-c`` to sum up the number of occurrences for each request type and -c`` to sum up the number of occurrences for each request type and
return code combination. return code combination.
#. Download an object:: #. Download an object.
$ swift -A http://swift-auth.com:11000/v1.0 -U test:tester -K testing \ .. code-block:: console
download -o - logtest 2010-11-16-22_access.log | awk '{ print \
$9"-"$12}' | sort | uniq -c
.. code:: $ swift -A http://swift-auth.com:11000/v1.0 -U test:tester -K testing \
download -o - logtest 2010-11-16-22_access.log | awk '{ print \
$9"-"$12}' | sort | uniq -c
.. code-block:: console
805 DELETE-204 805 DELETE-204
12 DELETE-404 12 DELETE-404
@ -143,25 +159,25 @@ return code combination.
#. Discover how many PUT requests are in each log file. #. Discover how many PUT requests are in each log file.
Use a bash for loop with awk and swift with the ``-o`` or Use a bash for loop with awk and swift with the :option:`-o` or
``--output`` option and a hyphen (``-``) to discover how many PUT :option:`--output` option and a hyphen (``-``) to discover how many
requests are in each log file. PUT requests are in each log file.
Run the swift ``list`` command to list objects in the logtest Run the :command:`swift list` command to list objects in the logtest
container. Then, for each item in the list, run the swift ``download container. Then, for each item in the list, run the
-o -`` command. Pipe the output into grep to filter the PUT requests. :command:`swift download -o -` command. Pipe the output into grep to
Finally, pipe into ``wc -l`` to count the lines. filter the PUT requests. Finally, pipe into ``wc -l`` to count the lines.
.. code:: .. code-block:: console
$ for f in `swift -A http://swift-auth.com:11000/v1.0 -U test:tester \ $ for f in `swift -A http://swift-auth.com:11000/v1.0 -U test:tester \
-K testing list logtest` ; \ -K testing list logtest` ; \
do echo -ne "PUTS - " ; swift -A \ do echo -ne "PUTS - " ; swift -A \
http://swift-auth.com:11000/v1.0 -U test:tester \ http://swift-auth.com:11000/v1.0 -U test:tester \
-K testing download -o - logtest $f | grep PUT | wc -l ; \ -K testing download -o - logtest $f | grep PUT | wc -l ; \
done done
.. code:: .. code-block:: console
2010-11-15-21_access.log - PUTS - 402 2010-11-15-21_access.log - PUTS - 402
2010-11-15-22_access.log - PUTS - 1091 2010-11-15-22_access.log - PUTS - 1091
@ -170,23 +186,26 @@ return code combination.
#. List the object names that begin with a specified string. #. List the object names that begin with a specified string.
#. Run the swift ``list -p 2010-11-15`` command to list objects in the #. Run the :command:`swift list -p 2010-11-15` command to list objects
logtest container that begin with the ``2010-11-15`` string. in the logtest container that begin with the ``2010-11-15`` string.
#. For each item in the list, run the swift **download -o -** command. #. For each item in the list, run the :command:`swift download -o -` command.
#. Pipe the output to **grep** and **wc**. Use the **echo** command to #. Pipe the output to :command:`grep` and :command:`wc`.
display the object name:: Use the :command:`echo` command to
display the object name.
.. code-block:: console
$ for f in `swift -A http://swift-auth.com:11000/v1.0 -U test:tester \ $ for f in `swift -A http://swift-auth.com:11000/v1.0 -U test:tester \
-K testing list -p 2010-11-15 logtest` ; \ -K testing list -p 2010-11-15 logtest` ; \
do echo -ne "$f - PUTS - " ; swift -A \ do echo -ne "$f - PUTS - " ; swift -A \
http://127.0.0.1:11000/v1.0 -U test:tester \ http://127.0.0.1:11000/v1.0 -U test:tester \
-K testing download -o - logtest $f | grep PUT | wc -l ; \ -K testing download -o - logtest $f | grep PUT | wc -l ; \
done done
.. code:: .. code-block:: console
2010-11-15-21_access.log - PUTS - 402 2010-11-15-21_access.log - PUTS - 402
2010-11-15-22_access.log - PUTS - 910 2010-11-15-22_access.log - PUTS - 910

View File

@ -11,8 +11,8 @@ Internet.
- By default, both administrative and end users can associate floating IP - By default, both administrative and end users can associate floating IP
addresses with projects and instances. You can change user permissions for addresses with projects and instances. You can change user permissions for
managing IP addresses by updating the ``/etc/nova/policy.json`` managing IP addresses by updating the ``/etc/nova/policy.json``
file. For basic floating-IP procedures, refer to the *Manage IP file. For basic floating-IP procedures, refer to the ``Manage IP
Addresses* section in the `OpenStack End User Guide <http://docs.openstack.org/user-guide/>`_. Addresses`` section in the `OpenStack End User Guide <http://docs.openstack.org/user-guide/>`_.
- For details on creating public networks using OpenStack Networking - For details on creating public networks using OpenStack Networking
(``neutron``), refer to the `OpenStack Cloud Administrator Guide (``neutron``), refer to the `OpenStack Cloud Administrator Guide
@ -26,66 +26,81 @@ instances by end users.
List addresses for all projects List addresses for all projects
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To list all floating IP addresses for all projects, run::
$ nova floating-ip-bulk-list To list all floating IP addresses for all projects, run:
+------------+---------------+---------------+--------+-----------+
| project_id | address | instance_uuid | pool | interface | .. code-block:: console
+------------+---------------+---------------+--------+-----------+
| None | 172.24.4.225 | None | public | eth0 | $ nova floating-ip-bulk-list
| None | 172.24.4.226 | None | public | eth0 | +------------+---------------+---------------+--------+-----------+
| None | 172.24.4.227 | None | public | eth0 | | project_id | address | instance_uuid | pool | interface |
| None | 172.24.4.228 | None | public | eth0 | +------------+---------------+---------------+--------+-----------+
| None | 172.24.4.229 | None | public | eth0 | | None | 172.24.4.225 | None | public | eth0 |
| None | 172.24.4.230 | None | public | eth0 | | None | 172.24.4.226 | None | public | eth0 |
| None | 172.24.4.231 | None | public | eth0 | | None | 172.24.4.227 | None | public | eth0 |
| None | 172.24.4.232 | None | public | eth0 | | None | 172.24.4.228 | None | public | eth0 |
| None | 172.24.4.233 | None | public | eth0 | | None | 172.24.4.229 | None | public | eth0 |
| None | 172.24.4.234 | None | public | eth0 | | None | 172.24.4.230 | None | public | eth0 |
| None | 172.24.4.235 | None | public | eth0 | | None | 172.24.4.231 | None | public | eth0 |
| None | 172.24.4.236 | None | public | eth0 | | None | 172.24.4.232 | None | public | eth0 |
| None | 172.24.4.237 | None | public | eth0 | | None | 172.24.4.233 | None | public | eth0 |
| None | 172.24.4.238 | None | public | eth0 | | None | 172.24.4.234 | None | public | eth0 |
| None | 192.168.253.1 | None | test | eth0 | | None | 172.24.4.235 | None | public | eth0 |
| None | 192.168.253.2 | None | test | eth0 | | None | 172.24.4.236 | None | public | eth0 |
| None | 192.168.253.3 | None | test | eth0 | | None | 172.24.4.237 | None | public | eth0 |
| None | 192.168.253.4 | None | test | eth0 | | None | 172.24.4.238 | None | public | eth0 |
| None | 192.168.253.5 | None | test | eth0 | | None | 192.168.253.1 | None | test | eth0 |
| None | 192.168.253.6 | None | test | eth0 | | None | 192.168.253.2 | None | test | eth0 |
+------------+---------------+---------------+--------+-----------+ | None | 192.168.253.3 | None | test | eth0 |
| None | 192.168.253.4 | None | test | eth0 |
| None | 192.168.253.5 | None | test | eth0 |
| None | 192.168.253.6 | None | test | eth0 |
+------------+---------------+---------------+--------+-----------+
Bulk create floating IP addresses Bulk create floating IP addresses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To create a range of floating IP addresses, run::
$ nova floating-ip-bulk-create [--pool POOL_NAME] [--interface INTERFACE] RANGE_TO_CREATE To create a range of floating IP addresses, run:
For example:: .. code-block:: console
$ nova floating-ip-bulk-create --pool test 192.168.1.56/29 $ nova floating-ip-bulk-create [--pool POOL_NAME] [--interface INTERFACE] RANGE_TO_CREATE
By default, **floating-ip-bulk-create** uses the For example:
.. code-block:: console
$ nova floating-ip-bulk-create --pool test 192.168.1.56/29
By default, ``floating-ip-bulk-create`` uses the
``public`` pool and ``eth0`` interface values. ``public`` pool and ``eth0`` interface values.
.. note:: You should use a range of free IP addresses that is correct for your .. note::
network. If you are not sure, at least try to avoid the DHCP address
range:
- Pick a small range (/29 gives an 8 address range, 6 of You should use a range of free IP addresses that is correct for your
which will be usable). network. If you are not sure, at least try to avoid the DHCP address
range:
- Use **nmap** to check a range's availability. For example, - Pick a small range (/29 gives an 8 address range, 6 of
192.168.1.56/29 represents a small range of addresses which will be usable).
(192.168.1.56-63, with 57-62 usable), and you could run the
command **nmap -sn 192.168.1.56/29** to check whether the entire - Use :command:`nmap` to check a range's availability. For example,
range is currently unused. 192.168.1.56/29 represents a small range of addresses
(192.168.1.56-63, with 57-62 usable), and you could run the
command :command:`nmap -sn 192.168.1.56/29` to check whether the entire
range is currently unused.
Bulk delete floating IP addresses Bulk delete floating IP addresses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To delete a range of floating IP addresses, run::
$ nova floating-ip-bulk-delete RANGE_TO_DELETE To delete a range of floating IP addresses, run:
For example:: .. code-block:: console
$ nova floating-ip-bulk-delete 192.168.1.56/29 $ nova floating-ip-bulk-delete RANGE_TO_DELETE
For example:
.. code-block:: console
$ nova floating-ip-bulk-delete 192.168.1.56/29

View File

@ -27,7 +27,7 @@ As an administrator, you can also carry out stack functions
on behalf of your users. For example, to resume, suspend, on behalf of your users. For example, to resume, suspend,
or delete a stack, run: or delete a stack, run:
.. code:: .. code-block:: console
$ heat action-resume stackID $ heat action-resume stackID
$ heat action-suspend stackID $ heat action-suspend stackID

View File

@ -23,7 +23,7 @@ Administrative users can view Block Storage service quotas.
#. List the default quotas for all projects: #. List the default quotas for all projects:
.. code:: .. code-block:: console
$ cinder quota-defaults TENANT_ID $ cinder quota-defaults TENANT_ID
+-----------+-------+ +-----------+-------+
@ -34,13 +34,15 @@ Administrative users can view Block Storage service quotas.
| volumes | 10 | | volumes | 10 |
+-----------+-------+ +-----------+-------+
#. View Block Storage service quotas for a project:: #. View Block Storage service quotas for a project.
.. code-block:: console
$ cinder quota-show TENANT_NAME $ cinder quota-show TENANT_NAME
For example: For example:
.. code:: .. code-block:: console
$ cinder quota-show tenant01 $ cinder quota-show tenant01
+-----------+-------+ +-----------+-------+
@ -53,7 +55,7 @@ Administrative users can view Block Storage service quotas.
#. Show the current usage of a per-tenant quota: #. Show the current usage of a per-tenant quota:
.. code:: .. code-block:: console
$ cinder quota-usage tenantID $ cinder quota-usage tenantID
+-----------+--------+----------+-------+ +-----------+--------+----------+-------+
@ -70,28 +72,34 @@ Edit and update Block Storage service quotas
Administrative users can edit and update Block Storage Administrative users can edit and update Block Storage
service quotas. service quotas.
#. Clear per-tenant quota limits:: #. Clear per-tenant quota limits.
.. code-block:: console
$ cinder quota-delete tenantID $ cinder quota-delete tenantID
#. To update a default value for a new project, #. To update a default value for a new project,
update the property in the :guilabel:`cinder.quota` update the property in the :guilabel:`cinder.quota`
section of the :file:`/etc/cinder/cinder.conf` file. section of the ``/etc/cinder/cinder.conf`` file.
For more information, see the `Block Storage For more information, see the `Block Storage
Configuration Reference <http://docs.openstack.org/liberty/config-reference/content/ch_configuring-openstack-block-storage.html>`_. Configuration Reference <http://docs.openstack.org/liberty/config-reference/content/ch_configuring-openstack-block-storage.html>`_.
#. To update Block Storage service quotas, place #. To update Block Storage service quotas, place
the tenant ID in a variable:: the tenant ID in a variable.
.. code-block:: console
$ tenant=$(openstack project show -f value -c id tenantName) $ tenant=$(openstack project show -f value -c id tenantName)
#. Update a particular quota value:: #. Update a particular quota value.
.. code-block:: console
$ cinder quota-update --quotaName NewValue tenantID $ cinder quota-update --quotaName NewValue tenantID
For example: For example:
.. code:: .. code-block:: console
$ cinder quota-update --volumes 15 $tenant $ cinder quota-update --volumes 15 $tenant
$ cinder quota-show tenant01 $ cinder quota-show tenant01
@ -103,14 +111,18 @@ service quotas.
| volumes | 15 | | volumes | 15 |
+-----------+-------+ +-----------+-------+
#. Clear per-tenant quota limits:: #. Clear per-tenant quota limits.
.. code-block:: console
$ cinder quota-delete tenantID $ cinder quota-delete tenantID
Remove a service Remove a service
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
#. Determine the binary and host of the service you want to remove:: #. Determine the binary and host of the service you want to remove.
.. code-block:: console
$ cinder service-list $ cinder service-list
+------------------+----------------------+------+---------+-------+----------------------------+-----------------+ +------------------+----------------------+------+---------+-------+----------------------------+-----------------+
@ -120,10 +132,14 @@ Remove a service
| cinder-volume | devstack@lvmdriver-1 | nova | enabled | up | 2015-10-13T15:21:52.000000 | - | | cinder-volume | devstack@lvmdriver-1 | nova | enabled | up | 2015-10-13T15:21:52.000000 | - |
+------------------+----------------------+------+---------+-------+----------------------------+-----------------+ +------------------+----------------------+------+---------+-------+----------------------------+-----------------+
#. Disable the service:: #. Disable the service.
.. code-block:: console
$ cinder service-disable <host> <binary> $ cinder service-disable <host> <binary>
#. Remove the service from the database:: #. Remove the service from the database.
.. code-block:: console
$ cinder-manage service remove <binary> <host> $ cinder-manage service remove <binary> <host>

View File

@ -17,36 +17,36 @@ Example Usages
#. Create new volume on the same back end as Volume_A: #. Create new volume on the same back end as Volume_A:
.. code:: .. code-block:: console
$ cinder create --hint same_host=Volume_A-UUID SIZE $ cinder create --hint same_host=Volume_A-UUID SIZE
#. Create new volume on a different back end than Volume_A: #. Create new volume on a different back end than Volume_A:
.. code:: .. code-block:: console
$ cinder create --hint different_host=Volume_A-UUID SIZE $ cinder create --hint different_host=Volume_A-UUID SIZE
#. Create new volume on the same back end as Volume_A and Volume_B: #. Create new volume on the same back end as Volume_A and Volume_B:
.. code:: .. code-block:: console
$ cinder create --hint same_host=Volume_A-UUID --hint same_host=Volume_B-UUID SIZE $ cinder create --hint same_host=Volume_A-UUID --hint same_host=Volume_B-UUID SIZE
Or: Or:
.. code:: .. code-block:: console
$ cinder create --hint same_host="[Volume_A-UUID, Volume_B-UUID]" SIZE $ cinder create --hint same_host="[Volume_A-UUID, Volume_B-UUID]" SIZE
#. Create new volume on a different back end than both Volume_A and Volume_B: #. Create new volume on a different back end than both Volume_A and Volume_B:
.. code:: .. code-block:: console
$ cinder create --hint different_host=Volume_A-UUID --hint different_host=Volume_B-UUID SIZE $ cinder create --hint different_host=Volume_A-UUID --hint different_host=Volume_B-UUID SIZE
Or: Or:
.. code:: .. code-block:: console
$ cinder create --hint different_host="[Volume_A-UUID, Volume_B-UUID]" SIZE $ cinder create --hint different_host="[Volume_A-UUID, Volume_B-UUID]" SIZE

View File

@ -1,19 +1,20 @@
============================================ ============================================
Create and manage services and service users Create and manage services and service users
============================================ ============================================
The Identity Service enables you to define services, as
The Identity service enables you to define services, as
follows: follows:
- Service catalog template. The Identity Service acts - Service catalog template. The Identity service acts
as a service catalog of endpoints for other OpenStack as a service catalog of endpoints for other OpenStack
services. The :file:`etc/default_catalog.templates` services. The ``etc/default_catalog.templates``
template file defines the endpoints for services. When template file defines the endpoints for services. When
the Identity Service uses a template file back end, the Identity service uses a template file back end,
any changes that are made to the endpoints are cached. any changes that are made to the endpoints are cached.
These changes do not persist when you restart the These changes do not persist when you restart the
service or reboot the machine. service or reboot the machine.
- An SQL back end for the catalog service. When the - An SQL back end for the catalog service. When the
Identity Service is online, you must add the services Identity service is online, you must add the services
to the catalog. When you deploy a system for to the catalog. When you deploy a system for
production, use the SQL back end. production, use the SQL back end.
@ -21,7 +22,7 @@ The ``auth_token`` middleware supports the
use of either a shared secret or users for each use of either a shared secret or users for each
service. service.
To authenticate users against the Identity Service, you must To authenticate users against the Identity service, you must
create a service user for each OpenStack service. For example, create a service user for each OpenStack service. For example,
create a service user for the Compute, Block Storage, and create a service user for the Compute, Block Storage, and
Networking services. Networking services.
@ -37,7 +38,7 @@ Create a service
#. List the available services: #. List the available services:
.. code:: .. code-block:: console
$ openstack service list $ openstack service list
+----------------------------------+----------+------------+ +----------------------------------+----------+------------+
@ -54,9 +55,11 @@ Create a service
| 6feb2e0b98874d88bee221974770e372 | s3 | s3 | | 6feb2e0b98874d88bee221974770e372 | s3 | s3 |
+----------------------------------+----------+------------+ +----------------------------------+----------+------------+
#. To create a service, run this command:: #. To create a service, run this command:
$ openstack service create --name SERVICE_NAME --description SERVICE_DESCRIPTION SERVICE_TYPE .. code-block:: console
$ openstack service create --name SERVICE_NAME --description SERVICE_DESCRIPTION SERVICE_TYPE
The arguments are: The arguments are:
- ``service_name``: the unique name of the new service. - ``service_name``: the unique name of the new service.
@ -68,7 +71,7 @@ Create a service
For example, to create a ``swift`` service of type For example, to create a ``swift`` service of type
``object-store``, run this command: ``object-store``, run this command:
.. code:: .. code-block:: console
$ openstack service create --name swift --description "object store service" object-store $ openstack service create --name swift --description "object store service" object-store
+-------------+----------------------------------+ +-------------+----------------------------------+
@ -81,13 +84,15 @@ Create a service
| type | object-store | | type | object-store |
+-------------+----------------------------------+ +-------------+----------------------------------+
#. To get details for a service, run this command:: #. To get details for a service, run this command:
.. code-block:: console
$ openstack service show SERVICE_TYPE|SERVICE_NAME|SERVICE_ID $ openstack service show SERVICE_TYPE|SERVICE_NAME|SERVICE_ID
For example: For example:
.. code:: .. code-block:: console
$ openstack service show object-store $ openstack service show object-store
+-------------+----------------------------------+ +-------------+----------------------------------+
@ -105,11 +110,13 @@ Create service users
#. Create a project for the service users. #. Create a project for the service users.
Typically, this project is named ``service``, Typically, this project is named ``service``,
but choose any name you like:: but choose any name you like:
.. code-block:: console
$ openstack project create service $ openstack project create service
.. code:: .. code-block:: console
+-------------+----------------------------------+ +-------------+----------------------------------+
| Field | Value | | Field | Value |
@ -123,11 +130,13 @@ Create service users
#. Create service users for the relevant services for your #. Create service users for the relevant services for your
deployment. deployment.
#. Assign the admin role to the user-project pair:: #. Assign the admin role to the user-project pair.
.. code-block:: console
$ openstack role add --project service --user SERVICE_USER_NAME admin $ openstack role add --project service --user SERVICE_USER_NAME admin
.. code:: .. code-block:: console
+-------+----------------------------------+ +-------+----------------------------------+
| Field | Value | | Field | Value |
@ -138,12 +147,15 @@ Create service users
Delete a service Delete a service
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
To delete a specified service, specify its ID::
$ openstack service delete SERVICE_TYPE|SERVICE_NAME|SERVICE_ID To delete a specified service, specify its ID.
.. code-block:: console
$ openstack service delete SERVICE_TYPE|SERVICE_NAME|SERVICE_ID
For example: For example:
.. code:: .. code-block:: console
$ openstack service delete object-store $ openstack service delete object-store

View File

@ -5,10 +5,11 @@ Manage flavors
In OpenStack, flavors define the compute, memory, and In OpenStack, flavors define the compute, memory, and
storage capacity of nova computing instances. To put it storage capacity of nova computing instances. To put it
simply, a flavor is an available hardware configuration for a simply, a flavor is an available hardware configuration for a
server. It defines the "size" of a virtual server server. It defines the ``size`` of a virtual server
that can be launched. that can be launched.
.. note:: .. note::
Flavors can also determine on which compute host a flavor Flavors can also determine on which compute host a flavor
can be used to launch an instance. For information can be used to launch an instance. For information
about customizing flavors, refer to the `OpenStack Cloud Administrator Guide about customizing flavors, refer to the `OpenStack Cloud Administrator Guide
@ -70,17 +71,22 @@ Create a flavor
of memory, the amount of disk space for the root of memory, the amount of disk space for the root
partition and for the ephemeral partition, the partition and for the ephemeral partition, the
swap, and the number of virtual CPUs for each swap, and the number of virtual CPUs for each
flavor:: flavor:
$ nova flavor-list .. code-block:: console
$ nova flavor-list
#. To create a flavor, specify a name, ID, RAM #. To create a flavor, specify a name, ID, RAM
size, disk size, and the number of VCPUs for the size, disk size, and the number of VCPUs for the
flavor, as follows:: flavor, as follows:
$ nova flavor-create FLAVOR_NAME FLAVOR_ID RAM_IN_MB ROOT_DISK_IN_GB NUMBER_OF_VCPUS .. code-block:: console
$ nova flavor-create FLAVOR_NAME FLAVOR_ID RAM_IN_MB ROOT_DISK_IN_GB NUMBER_OF_VCPUS
.. note:: .. note::
Unique ID (integer or UUID) for the new flavor. If Unique ID (integer or UUID) for the new flavor. If
specifying 'auto', a UUID will be automatically generated. specifying 'auto', a UUID will be automatically generated.
@ -91,43 +97,53 @@ Create a flavor
one VCPU. The rxtx-factor indicates the slice of one VCPU. The rxtx-factor indicates the slice of
bandwidth that the instances with this flavor can bandwidth that the instances with this flavor can
use (through the Virtual Interface (vif) creation use (through the Virtual Interface (vif) creation
in the hypervisor):: in the hypervisor):
$ nova flavor-create --is-public true m1.extra_tiny auto 256 0 1 --rxtx-factor .1 .. code-block:: console
$ nova flavor-create --is-public true m1.extra_tiny auto 256 0 1 --rxtx-factor .1
#. If an individual user or group of users needs a custom #. If an individual user or group of users needs a custom
flavor that you do not want other tenants to have access to, flavor that you do not want other tenants to have access to,
you can change the flavor's access to make it a private flavor. you can change the flavor's access to make it a private flavor.
See `Private Flavors in the OpenStack Operations Guide <http://docs.openstack.org/openstack-ops/content/private-flavors.html>`_. See `Private Flavors in the OpenStack Operations Guide <http://docs.openstack.org/openstack-ops/content/private-flavors.html>`_.
For a list of optional parameters, run this command:: For a list of optional parameters, run this command:
$ nova help flavor-create .. code-block:: console
$ nova help flavor-create
#. After you create a flavor, assign it to a #. After you create a flavor, assign it to a
project by specifying the flavor name or ID and project by specifying the flavor name or ID and
the tenant ID:: the tenant ID:
$ nova flavor-access-add FLAVOR TENANT_ID .. code-block:: console
$ nova flavor-access-add FLAVOR TENANT_ID
#. In addition, you can set or unset ``extra_spec`` for the existing flavor. #. In addition, you can set or unset ``extra_spec`` for the existing flavor.
The ``extra_spec`` metadata keys can influence the instance directly when The ``extra_spec`` metadata keys can influence the instance directly when
it is launched. If a flavor sets the it is launched. If a flavor sets the
``extra_spec key/value quota:vif_outbound_peak=65536``, the instance's ``extra_spec key/value quota:vif_outbound_peak=65536``, the instance's
out bound peak bandwidth I/O should be LTE 512 Mbps. There are several out bound peak bandwidth I/O should be LTE 512 Mbps. There are several
aspects that can work for an instance including **CPU limits**, aspects that can work for an instance including ``CPU limits``,
**Disk tuning**, **Bandwidth I/O**, **Watchdog behavior**, and ``Disk tuning``, ``Bandwidth I/O``, ``Watchdog behavior``, and
**Random-number generator**. ``Random-number generator``.
For information about supporting metadata keys, see the For information about supporting metadata keys, see the
`OpenStack Cloud Administrator Guide `OpenStack Cloud Administrator Guide
<http://docs.openstack.org/admin-guide-cloud/compute-flavors.html>`__. <http://docs.openstack.org/admin-guide-cloud/compute-flavors.html>`__.
For a list of optional parameters, run this command:: For a list of optional parameters, run this command:
$ nova help flavor-key .. code-block:: console
$ nova help flavor-key
Delete a flavor Delete a flavor
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~
Delete a specified flavor, as follows:: Delete a specified flavor, as follows:
$ nova flavor-delete FLAVOR_ID .. code-block:: console
$ nova flavor-delete FLAVOR_ID

View File

@ -24,11 +24,13 @@ Possible use cases for data migration include:
- Free up space in a thinly-provisioned back end. - Free up space in a thinly-provisioned back end.
Migrate a share with the :command:`manila migrate` command, as shown in the Migrate a share with the :command:`manila migrate` command, as shown in the
following example:: following example:
$ manila migrate shareID destinationHost --force-host-copy True|False .. code-block:: console
In this example, ``--force-host-copy True`` forces the generic $ manila migrate shareID destinationHost --force-host-copy True|False
In this example, :option:`--force-host-copy True` forces the generic
host-based migration mechanism and bypasses any driver optimizations. host-based migration mechanism and bypasses any driver optimizations.
``destinationHost`` is in this format ``host#pool`` which includes ``destinationHost`` is in this format ``host#pool`` which includes
destination host and pool. destination host and pool.

View File

@ -12,34 +12,42 @@ To preserve user data on server disk, you must configure shared
storage on the target host. Also, you must validate that the current storage on the target host. Also, you must validate that the current
VM host is down; otherwise, the evacuation fails with an error. VM host is down; otherwise, the evacuation fails with an error.
#. To list hosts and find a different host for the evacuated instance, run:: #. To list hosts and find a different host for the evacuated instance, run:
$ nova host-list .. code-block:: console
$ nova host-list
#. Evacuate the instance. You can pass the instance password to the #. Evacuate the instance. You can pass the instance password to the
command by using the :option:`--password PWD` option. If you do not command by using the :option:`--password PWD` option. If you do not
specify a password, one is generated and printed after the command specify a password, one is generated and printed after the command
finishes successfully. The following command evacuates a server finishes successfully. The following command evacuates a server
without shared storage from a host that is down to the specified without shared storage from a host that is down to the specified
HOST_B:: HOST_B.
$ nova evacuate EVACUATED_SERVER_NAME HOST_B .. code-block:: console
$ nova evacuate EVACUATED_SERVER_NAME HOST_B
The instance is rebuilt from the original image or volume, but preserves The instance is rebuilt from the original image or volume, but preserves
its configuration including its ID, name, uid, IP address, and so on. its configuration including its ID, name, uid, IP address, and so on.
The command returns a password:: The command returns a password.
+-----------+--------------+ .. code-block:: console
| Property | Value |
+-----------+--------------+ +-----------+--------------+
| adminPass | kRAJpErnT4xZ | | Property | Value |
+-----------+--------------+ +-----------+--------------+
| adminPass | kRAJpErnT4xZ |
+-----------+--------------+
#. To preserve the user disk data on the evacuated server, deploy #. To preserve the user disk data on the evacuated server, deploy
OpenStack Compute with a shared file system. To configure your OpenStack Compute with a shared file system. To configure your
system, see `Configure migrations system, see `Configure migrations
<http://docs.openstack.org/admin-guide-cloud/compute-configuring-migrations.html>`_ <http://docs.openstack.org/admin-guide-cloud/compute-configuring-migrations.html>`_
in OpenStack Cloud Administrator Guide. In the following example, in OpenStack Cloud Administrator Guide. In the following example,
the password remains unchanged:: the password remains unchanged.
$ nova evacuate EVACUATED_SERVER_NAME HOST_B --on-shared-storage .. code-block:: console
$ nova evacuate EVACUATED_SERVER_NAME HOST_B --on-shared-storage

View File

@ -7,7 +7,7 @@ examples disable and enable the ``nova-compute`` service.
#. List the Compute services: #. List the Compute services:
.. code:: .. code-block:: console
$ nova service-list $ nova service-list
+------------------+----------+----------+---------+-------+----------------------------+-----------------+ +------------------+----------+----------+---------+-------+----------------------------+-----------------+
@ -23,7 +23,7 @@ examples disable and enable the ``nova-compute`` service.
#. Disable a nova service: #. Disable a nova service:
.. code:: .. code-block:: console
$ nova service-disable localhost.localdomain nova-compute --reason 'trial log' $ nova service-disable localhost.localdomain nova-compute --reason 'trial log'
+----------+--------------+----------+-------------------+ +----------+--------------+----------+-------------------+
@ -34,7 +34,7 @@ examples disable and enable the ``nova-compute`` service.
#. Check the service list: #. Check the service list:
.. code:: .. code-block:: console
$ nova service-list $ nova service-list
+------------------+----------+----------+---------+-------+----------------------------+------------------+ +------------------+----------+----------+---------+-------+----------------------------+------------------+
@ -50,7 +50,7 @@ examples disable and enable the ``nova-compute`` service.
#. Enable the service: #. Enable the service:
.. code:: .. code-block:: console
$ nova service-enable localhost.localdomain nova-compute $ nova service-enable localhost.localdomain nova-compute
+----------+--------------+---------+ +----------+--------------+---------+
@ -61,7 +61,7 @@ examples disable and enable the ``nova-compute`` service.
#. Check the service list: #. Check the service list:
.. code:: .. code-block:: console
$ nova service-list $ nova service-list
+------------------+----------+----------+---------+-------+----------------------------+-----------------+ +------------------+----------+----------+---------+-------+----------------------------+-----------------+

View File

@ -3,62 +3,69 @@ Migrate single instance to another compute host
=============================================== ===============================================
When you want to move an instance from one compute host to another, When you want to move an instance from one compute host to another,
you can use the ``nova migrate`` command. The scheduler chooses the you can use the :command:`nova migrate` command. The scheduler chooses the
destination compute host based on its settings. This process does destination compute host based on its settings. This process does
not assume that the instance has shared storage available on the not assume that the instance has shared storage available on the
target host. target host.
#. To list the VMs you want to migrate, run:: #. To list the VMs you want to migrate, run:
$ nova list .. code-block:: console
$ nova list
#. After selecting a VM from the list, run this command where :guilabel:`VM_ID` #. After selecting a VM from the list, run this command where :guilabel:`VM_ID`
is set to the ID in the list returned in the previous step:: is set to the ID in the list returned in the previous step:
$ nova show VM_ID .. code-block:: console
#. Now, use the ``nova migrate`` command:: $ nova show VM_ID
$ nova migrate VM_ID #. Now, use the :command:`nova migrate` command.
.. code-block:: console
$ nova migrate VM_ID
#. To migrate of an instance and watch the status, use this example script: #. To migrate of an instance and watch the status, use this example script:
.. code-block:: bash .. code-block:: bash
#!/bin/bash #!/bin/bash
# Provide usage # Provide usage
usage() { usage() {
echo "Usage: $0 VM_ID" echo "Usage: $0 VM_ID"
exit 1 exit 1
} }
[[ $# -eq 0 ]] && usage [[ $# -eq 0 ]] && usage
# Migrate the VM to an alternate hypervisor # Migrate the VM to an alternate hypervisor
echo -n "Migrating instance to alternate host" echo -n "Migrating instance to alternate host"
VM_ID=$1 VM_ID=$1
nova migrate $VM_ID nova migrate $VM_ID
VM_OUTPUT=`nova show $VM_ID` VM_OUTPUT=`nova show $VM_ID`
VM_STATUS=`echo "$VM_OUTPUT" | grep status | awk '{print $4}'` VM_STATUS=`echo "$VM_OUTPUT" | grep status | awk '{print $4}'`
while [[ "$VM_STATUS" != "VERIFY_RESIZE" ]]; do while [[ "$VM_STATUS" != "VERIFY_RESIZE" ]]; do
echo -n "." echo -n "."
sleep 2 sleep 2
VM_OUTPUT=`nova show $VM_ID` VM_OUTPUT=`nova show $VM_ID`
VM_STATUS=`echo "$VM_OUTPUT" | grep status | awk '{print $4}'` VM_STATUS=`echo "$VM_OUTPUT" | grep status | awk '{print $4}'`
done done
nova resize-confirm $VM_ID nova resize-confirm $VM_ID
echo " instance migrated and resized." echo " instance migrated and resized."
echo; echo;
# Show the details for the VM # Show the details for the VM
echo "Updated instance details:" echo "Updated instance details:"
nova show $VM_ID nova show $VM_ID
# Pause to allow users to examine VM details # Pause to allow users to examine VM details
read -p "Pausing, press <enter> to exit." read -p "Pausing, press <enter> to exit."
.. note:: .. note::
If you see this error, it means you are either If you see this error, it means you are either
trying the command with the wrong credentials, trying the command with the wrong credentials,
such as a non-admin user, or the ``policy.json`` such as a non-admin user, or the ``policy.json``

View File

@ -19,7 +19,7 @@ on the instance to the corresponding NUMA cells on the host. It will also
expose the NUMA topology of the instance to the guest OS. expose the NUMA topology of the instance to the guest OS.
If you want Compute to pin a particular vCPU as part of this process, If you want Compute to pin a particular vCPU as part of this process,
set the ``vcpu_pin_set`` parameter in the :file:`nova.conf` configuration set the ``vcpu_pin_set`` parameter in the ``nova.conf`` configuration
file. For more information about the ``vcpu_pin_set`` parameter, see the file. For more information about the ``vcpu_pin_set`` parameter, see the
Configuration Reference Guide. Configuration Reference Guide.

View File

@ -7,26 +7,30 @@ host instances are launched on and which roles can boot instances
on this host. on this host.
#. To select the host where instances are launched, use #. To select the host where instances are launched, use
the ``--availability_zone ZONE:HOST`` parameter on the the :option:`--availability_zone ZONE:HOST` parameter on the
:command:`nova boot` command. :command:`nova boot` command.
For example:: For example:
$ nova boot --image <uuid> --flavor m1.tiny --key_name test --availability-zone nova:server2 .. code-block:: console
$ nova boot --image <uuid> --flavor m1.tiny --key_name test --availability-zone nova:server2
#. To specify which roles can launch an instance on a #. To specify which roles can launch an instance on a
specified host, enable the :code:`create:forced_host` option in specified host, enable the ``create:forced_host`` option in
the :file:`policy.json` file. By default, this option is the ``policy.json`` file. By default, this option is
enabled for only the admin role. enabled for only the admin role.
#. To view the list of valid compute hosts, use the #. To view the list of valid compute hosts, use the
:command:`nova hypervisor-list` command, as follows:: :command:`nova hypervisor-list` command.
$ nova hypervisor-list .. code-block:: console
+----+---------------------+
| ID | Hypervisor hostname | $ nova hypervisor-list
+----+---------------------+ +----+---------------------+
| 1 | server2 | | ID | Hypervisor hostname |
| 2 | server3 | +----+---------------------+
| 3 | server4 | | 1 | server2 |
+----+---------------------+ | 2 | server3 |
| 3 | server4 |
+----+---------------------+

View File

@ -44,204 +44,256 @@ tenant user, as well as update the quota defaults for a new tenant.
View and update Compute quotas for a tenant (project) View and update Compute quotas for a tenant (project)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To view and update default quota values To view and update default quota values
--------------------------------------- ---------------------------------------
#. List all default quotas for all tenants, as follows:: #. List all default quotas for all tenants:
$ nova quota-defaults .. code-block:: console
For example:: $ nova quota-defaults
$ nova quota-defaults For example:
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 20 |
| ram | 51200 |
| floating_ips | 10 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
+-----------------------------+-------+
#. Update a default value for a new tenant, as follows:: .. code-block:: console
$ nova quota-class-update --KEY VALUE default $ nova quota-defaults
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 20 |
| ram | 51200 |
| floating_ips | 10 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
+-----------------------------+-------+
For example:: #. Update a default value for a new tenant.
$ nova quota-class-update --instances 15 default .. code-block:: console
$ nova quota-class-update --KEY VALUE default
For example:
.. code-block:: console
$ nova quota-class-update --instances 15 default
To view quota values for an existing tenant (project) To view quota values for an existing tenant (project)
----------------------------------------------------- -----------------------------------------------------
#. Place the tenant ID in a usable variable, as follows:: #. Place the tenant ID in a usable variable.
$ tenant=$(openstack project show -f value -c id TENANT_NAME) .. code-block:: console
#. List the currently set quota values for a tenant, as follows:: $ tenant=$(openstack project show -f value -c id TENANT_NAME)
$ nova quota-show --tenant $tenant #. List the currently set quota values for a tenant.
For example:: .. code-block:: console
$ nova quota-show --tenant $tenant $ nova quota-show --tenant $tenant
+-----------------------------+-------+
| Quota | Limit | For example:
+-----------------------------+-------+
| instances | 10 | .. code-block:: console
| cores | 20 |
| ram | 51200 | $ nova quota-show --tenant $tenant
| floating_ips | 10 | +-----------------------------+-------+
| fixed_ips | -1 | | Quota | Limit |
| metadata_items | 128 | +-----------------------------+-------+
| injected_files | 5 | | instances | 10 |
| injected_file_content_bytes | 10240 | | cores | 20 |
| injected_file_path_bytes | 255 | | ram | 51200 |
| key_pairs | 100 | | floating_ips | 10 |
| security_groups | 10 | | fixed_ips | -1 |
| security_group_rules | 20 | | metadata_items | 128 |
+-----------------------------+-------+ | injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
+-----------------------------+-------+
To update quota values for an existing tenant (project) To update quota values for an existing tenant (project)
------------------------------------------------------- -------------------------------------------------------
#. Obtain the tenant ID, as follows::
$ tenant=$(openstack project show -f value -c id TENANT_NAME) #. Obtain the tenant ID.
#. Update a particular quota value, as follows:: .. code-block:: console
$ nova quota-update --QUOTA_NAME QUOTA_VALUE TENANT_ID $ tenant=$(openstack project show -f value -c id TENANT_NAME)
For example:: #. Update a particular quota value.
$ nova quota-update --floating-ips 20 $tenant .. code-block:: console
$ nova quota-show --tenant $tenant
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 20 |
| ram | 51200 |
| floating_ips | 20 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
+-----------------------------+-------+
.. note:: To view a list of options for the :command:`quota-update` command, run:: $ nova quota-update --QUOTA_NAME QUOTA_VALUE TENANT_ID
$ nova help quota-update For example:
.. code-block:: console
$ nova quota-update --floating-ips 20 $tenant
$ nova quota-show --tenant $tenant
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 20 |
| ram | 51200 |
| floating_ips | 20 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
+-----------------------------+-------+
.. note::
To view a list of options for the :command:`quota-update` command, run:
.. code-block:: console
$ nova help quota-update
View and update Compute quotas for a tenant user View and update Compute quotas for a tenant user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To view quota values for a tenant user To view quota values for a tenant user
-------------------------------------- --------------------------------------
#. Place the user ID in a usable variable, as follows::
$ tenantUser=$(openstack user show -f value -c id USER_NAME) #. Place the user ID in a usable variable.
#. Place the user's tenant ID in a usable variable, as follows:: .. code-block:: console
$ tenant=$(openstack project show -f value -c id TENANT_NAME) $ tenantUser=$(openstack user show -f value -c id USER_NAME)
#. List the currently set quota values for a tenant user, as follows:: #. Place the user's tenant ID in a usable variable, as follows:
$ nova quota-show --user $tenantUser --tenant $tenant .. code-block:: console
For example:: $ tenant=$(openstack project show -f value -c id TENANT_NAME)
$ nova quota-show --user $tenantUser --tenant $tenant #. List the currently set quota values for a tenant user.
+-----------------------------+-------+
| Quota | Limit | .. code-block:: console
+-----------------------------+-------+
| instances | 10 | $ nova quota-show --user $tenantUser --tenant $tenant
| cores | 20 |
| ram | 51200 | For example:
| floating_ips | 20 |
| fixed_ips | -1 | .. code-block:: console
| metadata_items | 128 |
| injected_files | 5 | $ nova quota-show --user $tenantUser --tenant $tenant
| injected_file_content_bytes | 10240 | +-----------------------------+-------+
| injected_file_path_bytes | 255 | | Quota | Limit |
| key_pairs | 100 | +-----------------------------+-------+
| security_groups | 10 | | instances | 10 |
| security_group_rules | 20 | | cores | 20 |
+-----------------------------+-------+ | ram | 51200 |
| floating_ips | 20 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
+-----------------------------+-------+
To update quota values for a tenant user To update quota values for a tenant user
---------------------------------------- ----------------------------------------
#. Place the user ID in a usable variable, as follows::
$ tenantUser=$(openstack user show -f value -c id USER_NAME) #. Place the user ID in a usable variable.
#. Place the user's tenant ID in a usable variable, as follows:: .. code-block:: console
$ tenant=$(openstack project show -f value -c id TENANT_NAME) $ tenantUser=$(openstack user show -f value -c id USER_NAME)
#. Update a particular quota value, as follows:: #. Place the user's tenant ID in a usable variable, as follows:
$ nova quota-update --user $tenantUser --QUOTA_NAME QUOTA_VALUE $tenant .. code-block:: console
For example:: $ tenant=$(openstack project show -f value -c id TENANT_NAME)
$ nova quota-update --user $tenantUser --floating-ips 12 $tenant #. Update a particular quota value, as follows:
$ nova quota-show --user $tenantUser --tenant $tenant
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 20 |
| ram | 51200 |
| floating_ips | 12 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
+-----------------------------+-------+
.. note:: To view a list of options for the :command:`quota-update` command, run:: .. code-block:: console
$ nova help quota-update $ nova quota-update --user $tenantUser --QUOTA_NAME QUOTA_VALUE $tenant
For example:
.. code-block:: console
$ nova quota-update --user $tenantUser --floating-ips 12 $tenant
$ nova quota-show --user $tenantUser --tenant $tenant
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 20 |
| ram | 51200 |
| floating_ips | 12 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
+-----------------------------+-------+
.. note::
To view a list of options for the :command:`quota-update` command, run:
.. code-block:: console
$ nova help quota-update
To display the current quota usage for a tenant user To display the current quota usage for a tenant user
---------------------------------------------------- ----------------------------------------------------
Use :command:`nova absolute-limits` to get a list of the
current quota values and the current quota usage::
$ nova absolute-limits --tenant TENANT_NAME Use :command:`nova absolute-limits` to get a list of the
+-------------------------+-------+ current quota values and the current quota usage:
| Name | Value |
+-------------------------+-------+ .. code-block:: console
| maxServerMeta | 128 |
| maxPersonality | 5 | $ nova absolute-limits --tenant TENANT_NAME
| maxImageMeta | 128 | +-------------------------+-------+
| maxPersonalitySize | 10240 | | Name | Value |
| maxTotalRAMSize | 51200 | +-------------------------+-------+
| maxSecurityGroupRules | 20 | | maxServerMeta | 128 |
| maxTotalKeypairs | 100 | | maxPersonality | 5 |
| totalRAMUsed | 0 | | maxImageMeta | 128 |
| maxSecurityGroups | 10 | | maxPersonalitySize | 10240 |
| totalFloatingIpsUsed | 0 | | maxTotalRAMSize | 51200 |
| totalInstancesUsed | 0 | | maxSecurityGroupRules | 20 |
| totalSecurityGroupsUsed | 0 | | maxTotalKeypairs | 100 |
| maxTotalFloatingIps | 10 | | totalRAMUsed | 0 |
| maxTotalInstances | 10 | | maxSecurityGroups | 10 |
| totalCoresUsed | 0 | | totalFloatingIpsUsed | 0 |
| maxTotalCores | 20 | | totalInstancesUsed | 0 |
+-------------------------+-------+ | totalSecurityGroupsUsed | 0 |
| maxTotalFloatingIps | 10 |
| maxTotalInstances | 10 |
| totalCoresUsed | 0 |
| maxTotalCores | 20 |
+-------------------------+-------+

View File

@ -18,27 +18,32 @@ tenant requires more than ten volumes or 1 TB on a compute
node. node.
.. note:: .. note::
To view all tenants (projects), run::
$ openstack project list To view all tenants (projects), run:
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| e66d97ac1b704897853412fc8450f7b9 | admin |
| bf4a37b885fe46bd86e999e50adad1d3 | services |
| 21bd1c7c95234fd28f589b60903606fa | tenant01 |
| f599c5cd1cba4125ae3d7caed08e288c | tenant02 |
+----------------------------------+----------+
To display all current users for a tenant, run:: .. code-block:: console
$ openstack user list --project PROJECT_NAME $ openstack project list
+----------------------------------+--------+ +----------------------------------+----------+
| ID | Name | | ID | Name |
+----------------------------------+--------+ +----------------------------------+----------+
| ea30aa434ab24a139b0e85125ec8a217 | demo00 | | e66d97ac1b704897853412fc8450f7b9 | admin |
| 4f8113c1d838467cad0c2f337b3dfded | demo01 | | bf4a37b885fe46bd86e999e50adad1d3 | services |
+----------------------------------+--------+ | 21bd1c7c95234fd28f589b60903606fa | tenant01 |
| f599c5cd1cba4125ae3d7caed08e288c | tenant02 |
+----------------------------------+----------+
To display all current users for a tenant, run:
.. code-block:: console
$ openstack user list --project PROJECT_NAME
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| ea30aa434ab24a139b0e85125ec8a217 | demo00 |
| 4f8113c1d838467cad0c2f337b3dfded | demo01 |
+----------------------------------+--------+
.. toctree:: .. toctree::

View File

@ -4,7 +4,7 @@ OpenStack dashboard
As a cloud administrative user, the OpenStack dashboard lets you As a cloud administrative user, the OpenStack dashboard lets you
create and manage projects, users, images, and flavors. You can also create and manage projects, users, images, and flavors. You can also
set quotas and create and manage services. For information about using set quotas, and create and manage services. For information about using
the dashboard to perform end user tasks, see the `OpenStack End User the dashboard to perform end user tasks, see the `OpenStack End User
Guide <http://docs.openstack.org/user-guide/>`__. Guide <http://docs.openstack.org/user-guide/>`__.

View File

@ -6,15 +6,17 @@ A role is a personality that a user assumes to perform a specific set
of operations. A role includes a set of rights and privileges. A user of operations. A role includes a set of rights and privileges. A user
assumes that role inherits those rights and privileges. assumes that role inherits those rights and privileges.
.. note:: OpenStack Identity service defines a user's role on a .. note::
project, but it is completely up to the individual service
to define what that role means. This is referred to as the OpenStack Identity service defines a user's role on a
service's policy. To get details about what the privileges project, but it is completely up to the individual service
for each role are, refer to the :file:`policy.json` file to define what that role means. This is referred to as the
available for each service in the service's policy. To get details about what the privileges
:file:`/etc/SERVICE/policy.json` file. For example, the for each role are, refer to the ``policy.json`` file
policy defined for OpenStack Identity service is defined available for each service in the
in the :file:`/etc/keystone/policy.json` file. ``/etc/SERVICE/policy.json`` file. For example, the
policy defined for OpenStack Identity service is defined
in the ``/etc/keystone/policy.json`` file.
Create a role Create a role
~~~~~~~~~~~~~ ~~~~~~~~~~~~~
@ -38,8 +40,10 @@ Edit a role
In the :guilabel:`Update Role` window, enter a new name for the role. In the :guilabel:`Update Role` window, enter a new name for the role.
#. Click the :guilabel:`Update Role` button to confirm your changes. #. Click the :guilabel:`Update Role` button to confirm your changes.
.. note:: Using the dashboard, you can edit only the name assigned to .. note::
a role.
Using the dashboard, you can edit only the name assigned to
a role.
Delete a role Delete a role
~~~~~~~~~~~~~ ~~~~~~~~~~~~~

View File

@ -19,12 +19,13 @@ high availability.
For information about: For information about:
* administrative tasks on the command line, see * administrative tasks on the command-line, see
:doc:`cli_admin_manage_stacks`. :doc:`cli_admin_manage_stacks`.
.. note:: .. note::
There are no administration-specific tasks that can be done through
the Dashboard. There are no administration-specific tasks that can be done through
the Dashboard.
* the basic creation and deletion of Orchestration stacks, refer to * the basic creation and deletion of Orchestration stacks, refer to
the `OpenStack End User Guide the `OpenStack End User Guide

View File

@ -83,7 +83,7 @@ Update flavors
#. Click :guilabel:`Save`. #. Click :guilabel:`Save`.
Update Metadata Update Metadata
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~
#. Log in to the dashboard. #. Log in to the dashboard.

View File

@ -18,8 +18,8 @@ To create a host aggregate
#. Log in to the dashboard. #. Log in to the dashboard.
Choose the admin project from the drop-down list at the top of the Choose the :guilabel:`admin` project from the drop-down list at the top
page. of the page.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab and click #. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab and click
the :guilabel:`Host Aggregates` category. the :guilabel:`Host Aggregates` category.
@ -54,8 +54,8 @@ existing aggregate, edit the aggregate.
To manage host aggregates To manage host aggregates
~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~
#. Choose the admin project from the drop-down list at the top of the #. Choose the :guilabel:`admin` project from the drop-down list at the top
page. of the page.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab and click #. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab and click
the :guilabel:`Host Aggregates` category. the :guilabel:`Host Aggregates` category.

View File

@ -13,7 +13,7 @@ user, see the `OpenStack End User Guide <http://docs.openstack.org/user-guide/da
Create instance snapshots Create instance snapshots
~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~
#. Log in to the Dashboard and choose the admin project from the #. Log in to the Dashboard and choose the :guilabel:`admin` project from the
drop-down list at the top of the page. drop-down list at the top of the page.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab #. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
@ -35,7 +35,7 @@ Create instance snapshots
Control the state of an instance Control the state of an instance
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#. Log in to the Dashboard and choose the admin project from the #. Log in to the Dashboard and choose the :guilabel:`admin` project from the
drop-down list at the top of the page. drop-down list at the top of the page.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab #. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
@ -64,7 +64,7 @@ for each project.
You can track costs per month by showing meters like number of VCPUs, You can track costs per month by showing meters like number of VCPUs,
disks, RAM, and uptime of all your instances. disks, RAM, and uptime of all your instances.
#. Log in to the Dashboard and choose the admin project from the #. Log in to the Dashboard and choose the :guilabel:`admin` project from the
drop-down list at the top of the page. drop-down list at the top of the page.
#. On the :guilabel:`Admin` tab, click the :guilabel:`Instances` category. #. On the :guilabel:`Admin` tab, click the :guilabel:`Instances` category.

View File

@ -19,12 +19,12 @@ As an administrative user, you can view information for OpenStack services.
and whether or not the service is enabled. and whether or not the service is enabled.
* :guilabel:`Compute Services`: * :guilabel:`Compute Services`:
Displays information specific to the Compute Service. Both host Displays information specific to the Compute service. Both host
and zone are listed for each service, as well as its and zone are listed for each service, as well as its
activation status. activation status.
* :guilabel:`Block Storage Services`: * :guilabel:`Block Storage Services`:
Displays information specific to the Block Storage Service. Both host Displays information specific to the Block Storage service. Both host
and zone are listed for each service, as well as its and zone are listed for each service, as well as its
activation status. activation status.
@ -33,6 +33,6 @@ As an administrative user, you can view information for OpenStack services.
DHCP agents, and the status of each agent. DHCP agents, and the status of each agent.
* :guilabel:`Orchestration Services`: * :guilabel:`Orchestration Services`:
Displays information specific to the Orchestration Service. Name, Displays information specific to the Orchestration service. Name,
engine id, host and topic are listed for each service, as well as its engine id, host and topic are listed for each service, as well as its
activation status. activation status.

View File

@ -36,7 +36,9 @@ Create a share type
#. Click :guilabel:`Create Share Type` button to confirm your changes. #. Click :guilabel:`Create Share Type` button to confirm your changes.
.. note:: A message indicates whether the action succeeded. .. note::
A message indicates whether the action succeeded.
Update share type Update share type
~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
@ -59,7 +61,9 @@ Update share type
#. Click :guilabel:`Update Share Type` button to confirm your changes. #. Click :guilabel:`Update Share Type` button to confirm your changes.
.. note:: A message indicates whether the action succeeded. .. note::
A message indicates whether the action succeeded.
Delete share types Delete share types
~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
@ -80,7 +84,9 @@ When you delete a share type, shares of that type are not deleted.
#. In the :guilabel:`Confirm Delete Share Types` window, click the #. In the :guilabel:`Confirm Delete Share Types` window, click the
:guilabel:`Delete Share Types` button to confirm the action. :guilabel:`Delete Share Types` button to confirm the action.
.. note:: A message indicates whether the action succeeded. .. note::
A message indicates whether the action succeeded.
Delete shares Delete shares
~~~~~~~~~~~~~ ~~~~~~~~~~~~~
@ -98,7 +104,9 @@ Delete shares
#. In the :guilabel:`Confirm Delete Shares` window, click the #. In the :guilabel:`Confirm Delete Shares` window, click the
:guilabel:`Delete Shares` button to confirm the action. :guilabel:`Delete Shares` button to confirm the action.
.. note:: A message indicates whether the action succeeded. .. note::
A message indicates whether the action succeeded.
Delete share server Delete share server
~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
@ -116,7 +124,9 @@ Delete share server
#. In the :guilabel:`Confirm Delete Share Server` window, click the #. In the :guilabel:`Confirm Delete Share Server` window, click the
:guilabel:`Delete Share Server` button to confirm the action. :guilabel:`Delete Share Server` button to confirm the action.
.. note:: A message indicates whether the action succeeded. .. note::
A message indicates whether the action succeeded.
Delete share networks Delete share networks
~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
@ -134,4 +144,6 @@ Delete share networks
#. In the :guilabel:`Confirm Delete Share Networks` window, click the #. In the :guilabel:`Confirm Delete Share Networks` window, click the
:guilabel:`Delete Share Networks` button to confirm the action. :guilabel:`Delete Share Networks` button to confirm the action.
.. note:: A message indicates whether the action succeeded. .. note::
A message indicates whether the action succeeded.

View File

@ -30,7 +30,9 @@ Create a volume type
#. Click :guilabel:`Create Volume Type` button to confirm your changes. #. Click :guilabel:`Create Volume Type` button to confirm your changes.
.. note:: A message indicates whether the action succeeded. .. note::
A message indicates whether the action succeeded.
Create an encrypted volume type Create an encrypted volume type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -56,6 +58,7 @@ Create an encrypted volume type
#. Click :guilabel:`Create Volume Type Encryption`. #. Click :guilabel:`Create Volume Type Encryption`.
.. note:: .. note::
Once a volume type is updated by the :guilabel:`Create Once a volume type is updated by the :guilabel:`Create
Encryption` option, the volume type cannot be deleted. Encryption` option, the volume type cannot be deleted.
@ -133,7 +136,9 @@ When you delete a volume type, volumes of that type are not deleted.
#. In the :guilabel:`Confirm Delete Volume Types` window, click the #. In the :guilabel:`Confirm Delete Volume Types` window, click the
:guilabel:`Delete Volume Types` button to confirm the action. :guilabel:`Delete Volume Types` button to confirm the action.
.. note:: A message indicates whether the action succeeded. .. note::
A message indicates whether the action succeeded.
Delete volumes Delete volumes
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
@ -154,4 +159,6 @@ destroyed.
#. In the :guilabel:`Confirm Delete Volumes` window, click the #. In the :guilabel:`Confirm Delete Volumes` window, click the
:guilabel:`Delete Volumes` button to confirm the action. :guilabel:`Delete Volumes` button to confirm the action.
.. note:: A message indicates whether the action succeeded. .. note::
A message indicates whether the action succeeded.

View File

@ -20,6 +20,7 @@ Using the Dashboard, you can view default Compute and Block Storage
quotas for new tenants, as well as update quotas for existing tenants. quotas for new tenants, as well as update quotas for existing tenants.
.. note:: .. note::
Using the command-line interface, you can manage quotas for the Using the command-line interface, you can manage quotas for the
OpenStack Compute service, the OpenStack Block Storage service, and OpenStack Compute service, the OpenStack Block Storage service, and
the OpenStack Networking service (see :doc:`cli_set_quotas`). the OpenStack Networking service (see :doc:`cli_set_quotas`).
@ -84,6 +85,7 @@ View default project quotas
#. The default quota values are displayed. #. The default quota values are displayed.
.. note:: .. note::
You can sort the table by clicking on either the You can sort the table by clicking on either the
:guilabel:`Quota Name` or :guilabel:`Limit` column headers. :guilabel:`Quota Name` or :guilabel:`Limit` column headers.
@ -105,6 +107,7 @@ Update project quotas
#. Click the :guilabel:`Update Defaults` button. #. Click the :guilabel:`Update Defaults` button.
.. note:: .. note::
The dashboard does not show all possible project quotas. The dashboard does not show all possible project quotas.
To view and update the quotas for a service, use its To view and update the quotas for a service, use its
command-line client. See :doc:`cli_set_quotas`. command-line client. See :doc:`cli_set_quotas`.

View File

@ -44,7 +44,7 @@ List projects
List all projects with their ID, name, and whether they are List all projects with their ID, name, and whether they are
enabled or disabled: enabled or disabled:
.. code:: console .. code-block:: console
$ openstack project list $ openstack project list
+----------------------------------+--------------------+ +----------------------------------+--------------------+
@ -63,7 +63,7 @@ Create a project
Create a project named ``new-project``: Create a project named ``new-project``:
.. code:: console .. code-block:: console
$ openstack project create --description 'my new project' new-project $ openstack project create --description 'my new project' new-project
+-------------+----------------------------------+ +-------------+----------------------------------+
@ -83,42 +83,42 @@ description, and enabled status of a project.
- To temporarily disable a project: - To temporarily disable a project:
.. code:: console .. code-block:: console
$ openstack project set PROJECT_ID --disable $ openstack project set PROJECT_ID --disable
- To enable a disabled project: - To enable a disabled project:
.. code:: console .. code-block:: console
$ openstack project set PROJECT_ID --enable $ openstack project set PROJECT_ID --enable
- To update the name of a project: - To update the name of a project:
.. code:: console .. code-block:: console
$ openstack project set PROJECT_ID --name project-new $ openstack project set PROJECT_ID --name project-new
- To verify your changes, show information for the updated project: - To verify your changes, show information for the updated project:
.. code:: console .. code-block:: console
$ openstack project show PROJECT_ID $ openstack project show PROJECT_ID
+-------------+----------------------------------+ +-------------+----------------------------------+
| Field | Value | | Field | Value |
+-------------+----------------------------------+ +-------------+----------------------------------+
| description | my new project | | description | my new project |
| enabled | True | | enabled | True |
| id | 1a4a0618b306462c9830f876b0bd6af2 | | id | 1a4a0618b306462c9830f876b0bd6af2 |
| name | project-new | | name | project-new |
+-------------+----------------------------------+ +-------------+----------------------------------+
Delete a project Delete a project
^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^
Specify the project ID to delete a project: Specify the project ID to delete a project:
.. code:: console .. code-block:: console
$ openstack project delete PROJECT_ID $ openstack project delete PROJECT_ID
@ -130,7 +130,7 @@ List users
List all users: List all users:
.. code:: console .. code-block:: console
$ openstack user list $ openstack user list
+----------------------------------+----------+ +----------------------------------+----------+
@ -152,7 +152,7 @@ log in to the dashboard without this information.
Create the ``new-user`` user: Create the ``new-user`` user:
.. code:: console .. code-block:: console
$ openstack user create --project new-project --password PASSWORD new-user $ openstack user create --project new-project --password PASSWORD new-user
+----------+----------------------------------+ +----------+----------------------------------+
@ -172,9 +172,9 @@ You can update the name, email address, and enabled status for a user.
- To temporarily disable a user account: - To temporarily disable a user account:
.. code:: console .. code-block:: console
$ openstack user set USER_NAME --disable $ openstack user set USER_NAME --disable
If you disable a user account, the user cannot log in to the If you disable a user account, the user cannot log in to the
dashboard. However, data for the user account is maintained, so you dashboard. However, data for the user account is maintained, so you
@ -182,23 +182,23 @@ You can update the name, email address, and enabled status for a user.
- To enable a disabled user account: - To enable a disabled user account:
.. code:: console .. code-block:: console
$ openstack user set USER_NAME --enable $ openstack user set USER_NAME --enable
- To change the name and description for a user account: - To change the name and description for a user account:
.. code:: console .. code-block:: console
$ openstack user set USER_NAME --name user-new --email new-user@example.com $ openstack user set USER_NAME --name user-new --email new-user@example.com
User has been updated. User has been updated.
Delete a user Delete a user
^^^^^^^^^^^^^ ^^^^^^^^^^^^^
Delete a specified user account: Delete a specified user account:
.. code:: console .. code-block:: console
$ openstack user delete USER_NAME $ openstack user delete USER_NAME
@ -210,7 +210,7 @@ List available roles
List the available roles: List the available roles:
.. code:: console .. code-block:: console
$ openstack role list $ openstack role list
+----------------------------------+---------------+ +----------------------------------+---------------+
@ -231,7 +231,7 @@ projects, define a role and assign that role to a user-project pair.
Create the ``new-role`` role: Create the ``new-role`` role:
.. code:: console .. code-block:: console
$ openstack role create new-role $ openstack role create new-role
+--------+----------------------------------+ +--------+----------------------------------+
@ -250,7 +250,7 @@ IDs.
#. List users and note the user ID you want to assign to the role: #. List users and note the user ID you want to assign to the role:
.. code:: console .. code-block:: console
$ openstack user list $ openstack user list
+----------------------------------+----------+---------+----------------------+ +----------------------------------+----------+---------+----------------------+
@ -266,7 +266,7 @@ IDs.
#. List role IDs and note the role ID you want to assign: #. List role IDs and note the role ID you want to assign:
.. code:: console .. code-block:: console
$ openstack role list $ openstack role list
+----------------------------------+---------------+ +----------------------------------+---------------+
@ -282,7 +282,7 @@ IDs.
#. List projects and note the project ID you want to assign to the role: #. List projects and note the project ID you want to assign to the role:
.. code:: console .. code-block:: console
$ openstack project list $ openstack project list
+----------------------------------+--------------------+---------+ +----------------------------------+--------------------+---------+
@ -301,13 +301,13 @@ IDs.
#. Assign a role to a user-project pair. In this example, assign the #. Assign a role to a user-project pair. In this example, assign the
``new-role`` role to the ``demo`` and ``test-project`` pair: ``new-role`` role to the ``demo`` and ``test-project`` pair:
.. code:: console .. code-block:: console
$ openstack role add --user USER_NAME --project TENANT_ID ROLE_NAME $ openstack role add --user USER_NAME --project TENANT_ID ROLE_NAME
#. Verify the role assignment: #. Verify the role assignment:
.. code:: console .. code-block:: console
$ openstack role list --user USER_NAME --project TENANT_ID $ openstack role list --user USER_NAME --project TENANT_ID
+--------------+----------+---------------------------+--------------+ +--------------+----------+---------------------------+--------------+
@ -321,7 +321,7 @@ View role details
View details for a specified role: View details for a specified role:
.. code:: console .. code-block:: console
$ openstack role show ROLE_NAME $ openstack role show ROLE_NAME
+----------+----------------------------------+ +----------+----------------------------------+
@ -336,15 +336,15 @@ Remove a role
Remove a role from a user-project pair: Remove a role from a user-project pair:
#. Run :command:`openstack role remove`: #. Run the :command:`openstack role remove` command:
.. code:: console .. code-block:: console
$ openstack role remove --user USER_NAME --project TENANT_ID ROLE_NAME $ openstack role remove --user USER_NAME --project TENANT_ID ROLE_NAME
#. Verify the role removal: #. Verify the role removal:
.. code:: console .. code-block:: console
$ openstack role list --user USER_NAME --project TENANT_ID $ openstack role list --user USER_NAME --project TENANT_ID

View File

@ -5,7 +5,7 @@ A quota limits the number of available resources. A default
quota might be enforced for all tenants. When you try to create quota might be enforced for all tenants. When you try to create
more resources than the quota allows, an error occurs: more resources than the quota allows, an error occurs:
.. code:: ini .. code-block:: ini
$ neutron net-create test_net $ neutron net-create test_net
Quota exceeded for resources: ['network'] Quota exceeded for resources: ['network']
@ -20,61 +20,63 @@ the same quota values, such as the number of resources that a
tenant can create. tenant can create.
The quota value is defined in the OpenStack Networking The quota value is defined in the OpenStack Networking
:file:`neutron.conf` configuration file. To disable quotas for ``neutron.conf`` configuration file. To disable quotas for
a specific resource, such as network, subnet, a specific resource, such as network, subnet,
or port, remove a corresponding item from :code:`quota_items`. or port, remove a corresponding item from ``quota_items``.
This example shows the default quota values: This example shows the default quota values:
.. code:: ini .. code-block:: ini
[quotas] [quotas]
# resource name(s) that are supported in quota features # resource name(s) that are supported in quota features
quota_items = network,subnet,port quota_items = network,subnet,port
# number of networks allowed per tenant, and minus means unlimited # number of networks allowed per tenant, and minus means unlimited
quota_network = 10 quota_network = 10
# number of subnets allowed per tenant, and minus means unlimited # number of subnets allowed per tenant, and minus means unlimited
quota_subnet = 10 quota_subnet = 10
# number of ports allowed per tenant, and minus means unlimited # number of ports allowed per tenant, and minus means unlimited
quota_port = 50 quota_port = 50
# default driver to use for quota checks # default driver to use for quota checks
quota_driver = neutron.quota.ConfDriver quota_driver = neutron.quota.ConfDriver
OpenStack Networking also supports quotas for L3 resources: OpenStack Networking also supports quotas for L3 resources:
router and floating IP. Add these lines to the router and floating IP. Add these lines to the
``quotas`` section in the :file:`neutron.conf` file: ``quotas`` section in the ``neutron.conf`` file:
.. code:: ini .. code-block:: ini
[quotas] [quotas]
# number of routers allowed per tenant, and minus means unlimited # number of routers allowed per tenant, and minus means unlimited
quota_router = 10 quota_router = 10
# number of floating IPs allowed per tenant, and minus means unlimited # number of floating IPs allowed per tenant, and minus means unlimited
quota_floatingip = 50 quota_floatingip = 50
.. note:: .. note::
The :code:`quota_items` option does not affect these quotas.
The ``quota_items`` option does not affect these quotas.
OpenStack Networking also supports quotas for security group OpenStack Networking also supports quotas for security group
resources: number of security groups and the number of rules for resources: number of security groups and the number of rules for
each security group. Add these lines to the each security group. Add these lines to the
``quotas`` section in the :file:`neutron.conf` file: ``quotas`` section in the ``neutron.conf`` file:
.. code:: ini .. code-block:: ini
[quotas] [quotas]
# number of security groups per tenant, and minus means unlimited # number of security groups per tenant, and minus means unlimited
quota_security_group = 10 quota_security_group = 10
# number of security rules allowed per tenant, and minus means unlimited # number of security rules allowed per tenant, and minus means unlimited
quota_security_group_rule = 100 quota_security_group_rule = 100
.. note:: .. note::
The :code:`quota_items` option does not affect these quotas.
The ``quota_items`` option does not affect these quotas.
.. _cfg_quotas_per_tenant: .. _cfg_quotas_per_tenant:
@ -103,50 +105,58 @@ the default set of quotas are enforced for all tenants, so no
#. Configure Networking to show per-tenant quotas #. Configure Networking to show per-tenant quotas
Set the :code:`quota_driver` option in the :file:`neutron.conf` file:: Set the ``quota_driver`` option in the ``neutron.conf`` file.
quota_driver = neutron.db.quota_db.DbQuotaDriver .. code-block:: ini
quota_driver = neutron.db.quota_db.DbQuotaDriver
When you set this option, the output for Networking commands shows ``quotas``. When you set this option, the output for Networking commands shows ``quotas``.
#. List Networking extensions. #. List Networking extensions.
To list the Networking extensions, run this command:: To list the Networking extensions, run this command:
$ neutron ext-list -c alias -c name .. code-block:: console
$ neutron ext-list -c alias -c name
The command shows the ``quotas`` extension, which provides The command shows the ``quotas`` extension, which provides
per-tenant quota management support:: per-tenant quota management support.
+-----------------+--------------------------+ .. code-block:: console
| alias | name |
+-----------------+--------------------------+ +-----------------+--------------------------+
| agent_scheduler | Agent Schedulers | | alias | name |
| security-group | security-group | +-----------------+--------------------------+
| binding | Port Binding | | agent_scheduler | Agent Schedulers |
| quotas | Quota management support | | security-group | security-group |
| agent | agent | | binding | Port Binding |
| provider | Provider Network | | quotas | Quota management support |
| router | Neutron L3 Router | | agent | agent |
| lbaas | LoadBalancing service | | provider | Provider Network |
| extraroute | Neutron Extra Route | | router | Neutron L3 Router |
+-----------------+--------------------------+ | lbaas | LoadBalancing service |
| extraroute | Neutron Extra Route |
+-----------------+--------------------------+
#. Show information for the quotas extension. #. Show information for the quotas extension.
To show information for the ``quotas`` extension, run this command:: To show information for the ``quotas`` extension, run this command:
$ neutron ext-show quotas .. code-block:: console
+-------------+------------------------------------------------------------+
| Field | Value | $ neutron ext-show quotas
+-------------+------------------------------------------------------------+ +-------------+------------------------------------------------------------+
| alias | quotas | | Field | Value |
| description | Expose functions for quotas management per tenant | +-------------+------------------------------------------------------------+
| links | | | alias | quotas |
| name | Quota management support | | description | Expose functions for quotas management per tenant |
| namespace | http://docs.openstack.org/network/ext/quotas-sets/api/v2.0 | | links | |
| updated | 2012-07-29T10:00:00-00:00 | | name | Quota management support |
+-------------+------------------------------------------------------------+ | namespace | http://docs.openstack.org/network/ext/quotas-sets/api/v2.0 |
| updated | 2012-07-29T10:00:00-00:00 |
+-------------+------------------------------------------------------------+
.. note:: .. note::
@ -160,40 +170,46 @@ the default set of quotas are enforced for all tenants, so no
The :command:`quota-list` command lists tenants for which the per-tenant The :command:`quota-list` command lists tenants for which the per-tenant
quota is enabled. The command does not list tenants with default quota is enabled. The command does not list tenants with default
quota support. You must be an administrative user to run this command:: quota support. You must be an administrative user to run this command:
$ neutron quota-list .. code-block:: console
+------------+---------+------+--------+--------+----------------------------------+
| floatingip | network | port | router | subnet | tenant_id | $ neutron quota-list
+------------+---------+------+--------+--------+----------------------------------+ +------------+---------+------+--------+--------+----------------------------------+
| 20 | 5 | 20 | 10 | 5 | 6f88036c45344d9999a1f971e4882723 | | floatingip | network | port | router | subnet | tenant_id |
| 25 | 10 | 30 | 10 | 10 | bff5c9455ee24231b5bc713c1b96d422 | +------------+---------+------+--------+--------+----------------------------------+
+------------+---------+------+--------+--------+----------------------------------+ | 20 | 5 | 20 | 10 | 5 | 6f88036c45344d9999a1f971e4882723 |
| 25 | 10 | 30 | 10 | 10 | bff5c9455ee24231b5bc713c1b96d422 |
+------------+---------+------+--------+--------+----------------------------------+
#. Show per-tenant quota values. #. Show per-tenant quota values.
The :command:`quota-show` command reports the current The :command:`quota-show` command reports the current
set of quota limits for the specified tenant. set of quota limits for the specified tenant.
Non-administrative users can run this command without the Non-administrative users can run this command without the
``--tenant_id`` parameter. If per-tenant quota limits are :option:`--tenant_id` parameter. If per-tenant quota limits are
not enabled for the tenant, the command shows the default not enabled for the tenant, the command shows the default
set of quotas:: set of quotas.
$ neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723 .. code-block:: console
+------------+-------+
| Field | Value | $ neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723
+------------+-------+ +------------+-------+
| floatingip | 20 | | Field | Value |
| network | 5 | +------------+-------+
| port | 20 | | floatingip | 20 |
| router | 10 | | network | 5 |
| subnet | 5 | | port | 20 |
+------------+-------+ | router | 10 |
| subnet | 5 |
+------------+-------+
The following command shows the command output for a The following command shows the command output for a
non-administrative user:: non-administrative user.
$ neutron quota-show .. code-block:: console
$ neutron quota-show
+------------+-------+ +------------+-------+
| Field | Value | | Field | Value |
+------------+-------+ +------------+-------+
@ -207,84 +223,96 @@ the default set of quotas are enforced for all tenants, so no
#. Update quota values for a specified tenant. #. Update quota values for a specified tenant.
Use the :command:`quota-update` command to Use the :command:`quota-update` command to
update a quota for a specified tenant:: update a quota for a specified tenant.
$ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 5 .. code-block:: console
+------------+-------+
| Field | Value | $ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 5
+------------+-------+ +------------+-------+
| floatingip | 50 | | Field | Value |
| network | 5 | +------------+-------+
| port | 50 | | floatingip | 50 |
| router | 10 | | network | 5 |
| subnet | 10 | | port | 50 |
+------------+-------+ | router | 10 |
| subnet | 10 |
+------------+-------+
You can update quotas for multiple resources through one You can update quotas for multiple resources through one
command:: command.
$ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --subnet 5 --port 20 .. code-block:: console
+------------+-------+
| Field | Value | $ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --subnet 5 --port 20
+------------+-------+ +------------+-------+
| floatingip | 50 | | Field | Value |
| network | 5 | +------------+-------+
| port | 20 | | floatingip | 50 |
| router | 10 | | network | 5 |
| subnet | 5 | | port | 20 |
+------------+-------+ | router | 10 |
| subnet | 5 |
+------------+-------+
To update the limits for an L3 resource such as, router To update the limits for an L3 resource such as, router
or floating IP, you must define new values for the quotas or floating IP, you must define new values for the quotas
after the ``--`` directive. after the ``--`` directive.
This example updates the limit of the number of floating This example updates the limit of the number of floating
IPs for the specified tenant:: IPs for the specified tenant.
$ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 -- --floatingip 20 .. code-block:: console
+------------+-------+
| Field | Value | $ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 -- --floatingip 20
+------------+-------+ +------------+-------+
| floatingip | 20 | | Field | Value |
| network | 5 | +------------+-------+
| port | 20 | | floatingip | 20 |
| router | 10 | | network | 5 |
| subnet | 5 | | port | 20 |
+------------+-------+ | router | 10 |
| subnet | 5 |
+------------+-------+
You can update the limits of multiple resources by You can update the limits of multiple resources by
including L2 resources and L3 resource through one including L2 resources and L3 resource through one
command:: command:
$ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 3 --subnet 3 --port 3 -- --floatingip 3 --router 3 .. code-block:: console
+------------+-------+
| Field | Value | $ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 3 --subnet 3 --port 3 -- --floatingip 3 --router 3
+------------+-------+ +------------+-------+
| floatingip | 3 | | Field | Value |
| network | 3 | +------------+-------+
| port | 3 | | floatingip | 3 |
| router | 3 | | network | 3 |
| subnet | 3 | | port | 3 |
+------------+-------+ | router | 3 |
| subnet | 3 |
+------------+-------+
#. Delete per-tenant quota values. #. Delete per-tenant quota values.
To clear per-tenant quota limits, use the To clear per-tenant quota limits, use the
:command:`quota-delete` command:: :command:`quota-delete` command.
$ neutron quota-delete --tenant_id 6f88036c45344d9999a1f971e4882723 .. code-block:: console
Deleted quota: 6f88036c45344d9999a1f971e4882723
$ neutron quota-delete --tenant_id 6f88036c45344d9999a1f971e4882723
Deleted quota: 6f88036c45344d9999a1f971e4882723
After you run this command, you can see that quota After you run this command, you can see that quota
values for the tenant are reset to the default values:: values for the tenant are reset to the default values.
$ neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723 .. code-block:: console
+------------+-------+
| Field | Value | $ neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723
+------------+-------+ +------------+-------+
| floatingip | 50 | | Field | Value |
| network | 10 | +------------+-------+
| port | 50 | | floatingip | 50 |
| router | 10 | | network | 10 |
| subnet | 10 | | port | 50 |
+------------+-------+ | router | 10 |
| subnet | 10 |
+------------+-------+

View File

@ -7,13 +7,13 @@ project instances, which define networking access to the instance. Group
rules are project specific; project members can edit the default rules rules are project specific; project members can edit the default rules
for their group and add new rule sets. for their group and add new rule sets.
All projects have a "default" security group which is applied to any All projects have a ``default`` security group which is applied to any
instance that has no other defined security group. Unless you change the instance that has no other defined security group. Unless you change the
default, this security group denies all incoming traffic and allows only default, this security group denies all incoming traffic and allows only
outgoing traffic to your instance. outgoing traffic to your instance.
You can use the ``allow_same_net_traffic`` option in the You can use the ``allow_same_net_traffic`` option in the
:file:`/etc/nova/nova.conf` file to globally control whether the rules apply ``/etc/nova/nova.conf`` file to globally control whether the rules apply
to hosts which share a network. to hosts which share a network.
If set to: If set to:
@ -35,47 +35,48 @@ section).
List and view current security groups List and view current security groups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the command line you can get a list of security groups for the
project, using the nova command: From the command-line you can get a list of security groups for the
project, using the :command:`nova` command:
#. Ensure your system variables are set for the user and tenant for #. Ensure your system variables are set for the user and tenant for
which you are checking security group rules for. For example: which you are checking security group rules for. For example:
.. code:: .. code-block:: console
export OS_USERNAME=demo00 export OS_USERNAME=demo00
export OS_TENANT_NAME=tenant01 export OS_TENANT_NAME=tenant01
#. Output security groups, as follows: #. Output security groups, as follows:
.. code:: .. code-block:: console
$ nova secgroup-list $ nova secgroup-list
+---------+-------------+ +---------+-------------+
| Name | Description | | Name | Description |
+---------+-------------+ +---------+-------------+
| default | default | | default | default |
| open | all ports | | open | all ports |
+---------+-------------+ +---------+-------------+
#. View the details of a group, as follows: #. View the details of a group, as follows:
.. code:: .. code-block:: console
$ nova secgroup-list-rules groupName $ nova secgroup-list-rules groupName
For example: For example:
.. code:: .. code-block:: console
$ nova secgroup-list-rules open $ nova secgroup-list-rules open
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group | | IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
| icmp | -1 | 255 | 0.0.0.0/0 | | | icmp | -1 | 255 | 0.0.0.0/0 | |
| tcp | 1 | 65535 | 0.0.0.0/0 | | | tcp | 1 | 65535 | 0.0.0.0/0 | |
| udp | 1 | 65535 | 0.0.0.0/0 | | | udp | 1 | 65535 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
These rules are allow type rules as the default is deny. The first These rules are allow type rules as the default is deny. The first
column is the IP protocol (one of icmp, tcp, or udp). The second and column is the IP protocol (one of icmp, tcp, or udp). The second and
@ -96,90 +97,92 @@ easier to understand than "bobs\_group" or "secgrp1".
#. Add the new security group, as follows: #. Add the new security group, as follows:
.. code:: .. code-block:: console
$ nova secgroup-create Group Name Description $ nova secgroup-create Group Name Description
For example: For example:
.. code:: .. code-block:: console
$ nova secgroup-create global_http "Allows Web traffic anywhere on the Internet." $ nova secgroup-create global_http "Allows Web traffic anywhere on the Internet."
+--------------------------------------+-------------+----------------------------------------------+ +--------------------------------------+-------------+----------------------------------------------+
| Id | Name | Description | | Id | Name | Description |
+--------------------------------------+-------------+----------------------------------------------+ +--------------------------------------+-------------+----------------------------------------------+
| 1578a08c-5139-4f3e-9012-86bd9dd9f23b | global_http | Allows Web traffic anywhere on the Internet. | | 1578a08c-5139-4f3e-9012-86bd9dd9f23b | global_http | Allows Web traffic anywhere on the Internet. |
+--------------------------------------+-------------+----------------------------------------------+ +--------------------------------------+-------------+----------------------------------------------+
#. Add a new group rule, as follows: #. Add a new group rule, as follows:
.. code:: .. code-block:: console
$ nova secgroup-add-rule secGroupName ip-protocol from-port to-port CIDR $ nova secgroup-add-rule secGroupName ip-protocol from-port to-port CIDR
The arguments are positional, and the "from-port" and "to-port" The arguments are positional, and the ``from-port`` and ``to-port``
arguments specify the local port range connections are allowed to arguments specify the local port range connections are allowed to
access, not the source and destination ports of the connection. For access, not the source and destination ports of the connection. For
example: example:
.. code:: .. code-block:: console
$ nova secgroup-add-rule global_http tcp 80 80 0.0.0.0/0 $ nova secgroup-add-rule global_http tcp 80 80 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group | | IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
| tcp | 80 | 80 | 0.0.0.0/0 | | | tcp | 80 | 80 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
You can create complex rule sets by creating additional rules. For You can create complex rule sets by creating additional rules. For
example, if you want to pass both HTTP and HTTPS traffic, run: example, if you want to pass both HTTP and HTTPS traffic, run:
.. code:: .. code-block:: console
$ nova secgroup-add-rule global_http tcp 443 443 0.0.0.0/0 $ nova secgroup-add-rule global_http tcp 443 443 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group | | IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
| tcp | 443 | 443 | 0.0.0.0/0 | | | tcp | 443 | 443 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
Despite only outputting the newly added rule, this operation is Despite only outputting the newly added rule, this operation is
additive (both rules are created and enforced). additive (both rules are created and enforced).
#. View all rules for the new security group, as follows: #. View all rules for the new security group, as follows:
.. code:: .. code-block:: console
$ nova secgroup-list-rules global_http $ nova secgroup-list-rules global_http
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group | | IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
| tcp | 80 | 80 | 0.0.0.0/0 | | | tcp | 80 | 80 | 0.0.0.0/0 | |
| tcp | 443 | 443 | 0.0.0.0/0 | | | tcp | 443 | 443 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
Delete a security group Delete a security group
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~
#. Ensure your system variables are set for the user and tenant for #. Ensure your system variables are set for the user and tenant for
which you are deleting a security group for. which you are deleting a security group for.
#. Delete the new security group, as follows: #. Delete the new security group, as follows:
.. code:: .. code-block:: console
$ nova secgroup-delete GroupName $ nova secgroup-delete GroupName
For example: For example:
.. code:: .. code-block:: console
$ nova secgroup-delete global_http $ nova secgroup-delete global_http
Create security group rules for a cluster of instances Create security group rules for a cluster of instances
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Source Groups are a special, dynamic way of defining the CIDR of allowed Source Groups are a special, dynamic way of defining the CIDR of allowed
sources. The user specifies a Source Group (Security Group name), and sources. The user specifies a Source Group (Security Group name), and
all the users' other Instances using the specified Source Group are all the user's other Instances using the specified Source Group are
selected dynamically. This alleviates the need for individual rules to selected dynamically. This alleviates the need for individual rules to
allow each new member of the cluster. allow each new member of the cluster.
@ -188,15 +191,15 @@ allow each new member of the cluster.
#. Add a source group, as follows: #. Add a source group, as follows:
.. code:: .. code-block:: console
$ nova secgroup-add-group-rule secGroupName source-group ip-protocol from-port to-port $ nova secgroup-add-group-rule secGroupName source-group ip-protocol from-port to-port
For example: For example:
.. code:: .. code-block:: console
$ nova secgroup-add-group-rule cluster global_http tcp 22 22 $ nova secgroup-add-group-rule cluster global_http tcp 22 22
The ``cluster`` rule allows ssh access from any other instance that The ``cluster`` rule allows ssh access from any other instance that
uses the ``global_http`` group. uses the ``global_http`` group.