Manage Networking service quotasA quota limits the number of available resources. A default
quota might be enforced for all tenants. When you try to create
more resources than the quota allows, an error occurs:$neutron net-create test_netQuota exceeded for resources: ['network']Per-tenant quota configuration is also supported by the quota
extension API. See
Per-tenant quota configuration for details.Basic quota configurationIn the Networking default quota mechanism, all tenants have
the same quota values, such as the number of resources that a
tenant can create.The quota value is defined in the OpenStack Networking
neutron.conf configuration file. To
disable quotas for a specific resource, such as network, subnet,
or port, remove a corresponding item from
. This example shows the default
quota values:[quotas]
# resource name(s) that are supported in quota features
quota_items = network,subnet,port
# number of networks allowed per tenant, and minus means unlimited
quota_network = 10
# number of subnets allowed per tenant, and minus means unlimited
quota_subnet = 10
# number of ports allowed per tenant, and minus means unlimited
quota_port = 50
# default driver to use for quota checks
quota_driver = neutron.quota.ConfDriverOpenStack Networking also supports quotas for L3 resources:
router and floating IP. Add these lines to the
quotas section in the
neutron.conf file.[quotas]
# number of routers allowed per tenant, and minus means unlimited
quota_router = 10
# number of floating IPs allowed per tenant, and minus means unlimited
quota_floatingip = 50The option does not affect
these quotas.OpenStack Networking also supports quotas for security group
resources: number of security groups and the number of rules for
each security group. Add these lines to the
quotas section in the
neutron.conf file:[quotas]
# number of security groups per tenant, and minus means unlimited
quota_security_group = 10
# number of security rules allowed per tenant, and minus means unlimited
quota_security_group_rule = 100The option does not affect
these quotas.Configure per-tenant quotasOpenStack Networking also supports per-tenant quota limit by
quota extension API.Use these commands to manage per-tenant quotas:neutron quota-delete. Deletes
defined quotas for a specified tenant.neutron quota-list. Lists defined
quotas for all tenants.neutron quota-show. Shows quotas
for a specified tenant.neutron quota-update. Updates
quotas for a specified tenant.Only users with the admin role
can change a quota value. By default, the default set of quotas
are enforced for all tenants, so no
quota-create command exists.Configure Networking to show per-tenant quotasSet the quota_driver option in the
neutron.conf file:quota_driver = neutron.db.quota_db.DbQuotaDriverWhen you set this option, the output for Networking
commands shows quotas.List Networking extensionsTo list the Networking extensions, run this
command:$neutron ext-list -c alias -c nameThe command shows the quotas
extension, which provides per-tenant quota management
support:+-----------------+--------------------------+
| alias | name |
+-----------------+--------------------------+
| agent_scheduler | Agent Schedulers |
| security-group | security-group |
| binding | Port Binding |
| quotas | Quota management support |
| agent | agent |
| provider | Provider Network |
| router | Neutron L3 Router |
| lbaas | LoadBalancing service |
| extraroute | Neutron Extra Route |
+-----------------+--------------------------+Show information for the quotas extensionTo show information for the quotas
extension, run this command:$neutron ext-show quotas+-------------+------------------------------------------------------------+
| Field | Value |
+-------------+------------------------------------------------------------+
| alias | quotas |
| description | Expose functions for quotas management per tenant |
| links | |
| name | Quota management support |
| namespace | http://docs.openstack.org/network/ext/quotas-sets/api/v2.0 |
| updated | 2012-07-29T10:00:00-00:00 |
+-------------+------------------------------------------------------------+Only some plug-ins support per-tenant quotas.
Specifically, Open vSwitch, Linux Bridge, and Nicira NVP
support them, but new versions of other plug-ins might
bring additional functionality. See the documentation for
each plug-in.List tenants who have per-tenant quota supportThe quota-list command lists tenants
for which the per-tenant quota is enabled. The command does
not list tenants with default quota support. You must be an
administrative user to run this command:$neutron quota-list+------------+---------+------+--------+--------+----------------------------------+
| floatingip | network | port | router | subnet | tenant_id |
+------------+---------+------+--------+--------+----------------------------------+
| 20 | 5 | 20 | 10 | 5 | 6f88036c45344d9999a1f971e4882723 |
| 25 | 10 | 30 | 10 | 10 | bff5c9455ee24231b5bc713c1b96d422 |
+------------+---------+------+--------+--------+----------------------------------+Show per-tenant quota valuesThe quota-show reports the current
set of quota limits for the specified tenant.
Non-administrative users can run this command without the
--tenant_id parameter. If
per-tenant quota limits are not enabled for the tenant, the
command shows the default set of quotas:$neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 20 |
| network | 5 |
| port | 20 |
| router | 10 |
| subnet | 5 |
+------------+-------+The following command shows the command output for a
non-administrative user:$neutron quota-show+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 20 |
| network | 5 |
| port | 20 |
| router | 10 |
| subnet | 5 |
+------------+-------+Update quota values for a specified tenantUse the quota-update command to
update a quota for a specified tenant:$neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 5+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 50 |
| network | 5 |
| port | 50 |
| router | 10 |
| subnet | 10 |
+------------+-------+You can update quotas for multiple resources through one
command:$neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --subnet 5 --port 20+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 50 |
| network | 5 |
| port | 20 |
| router | 10 |
| subnet | 5 |
+------------+-------+To update the limits for an L3 resource such as, router
or floating IP, you must define new values for the quotas
after the -- directive.This example updates the limit of the number of floating
IPs for the specified tenant:$neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 -- --floatingip 20+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 20 |
| network | 5 |
| port | 20 |
| router | 10 |
| subnet | 5 |
+------------+-------+You can update the limits of multiple resources by
including L2 resources and L3 resource through one
command.$neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 3 --subnet 3 --port 3 -- --floatingip 3 --router 3+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 3 |
| network | 3 |
| port | 3 |
| router | 3 |
| subnet | 3 |
+------------+-------+Delete per-tenant quota valuesTo clear per-tenant quota limits, use the
quota-delete command:$neutron quota-delete --tenant_id 6f88036c45344d9999a1f971e4882723Deleted quota: 6f88036c45344d9999a1f971e4882723After you run this command, you can see that quota
values for the tenant are reset to the default
values:$neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723+------------+-------+
| Field | Value |
+------------+-------+
| floatingip | 50 |
| network | 10 |
| port | 50 |
| router | 10 |
| subnet | 10 |
+------------+-------+