Gudrun Wolfgram 08f0c4aa46 Cloud Admin Guide CLI chapter

Moving (copying) Admin User Guide CLI content to
the Cloud Admin Guide as a part of the reorganization
goal. This patch does not include any new or original
content.

This patch is Part 1 to create a new command-
line client section for Admin Users in the Cloud Admin
Guide, as disucssed in the User Guide Specialty team
meetings.

1) Creating a new CLI section with cli.rst

2) Moving the non common files from user-guide-admin to
admin-guide-cloud, along with their sub files. (Rename
user-guide-admin files to user cli_ prefix in admin-
guide-cloud.)
manage_projects_users_and_roles.rst
nova_cli_manage_projects_security.rst
cli_manage_services.rst
cli_manage_shares.rst
cli_manage_flavors.rst
cli_admin_manage_environment.rst
cli_set_quotas.rst
analyzing-log-files-with-swift-cli.rst
cli_cinder_scheduling.rst

3) Attempt updates to several links.

Change-Id: I97f4ced4f5033c7e0f3bf00c410288a75699d110
Implements: blueprint user-guides-reorganised

2016-03-07 15:51:49 -06:00

10 KiB

Raw Blame History

Manage Networking service quotas

A quota limits the number of available resources. A default quota might be enforced for all tenants. When you try to create more resources than the quota allows, an error occurs:

$ neutron net-create test_net
 Quota exceeded for resources: ['network']

Per-tenant quota configuration is also supported by the quota extension API. See cfg_quotas_per_tenant for details.

Basic quota configuration

In the Networking default quota mechanism, all tenants have the same quota values, such as the number of resources that a tenant can create.

The quota value is defined in the OpenStack Networking neutron.conf configuration file. To disable quotas for a specific resource, such as network, subnet, or port, remove a corresponding item from quota_items. This example shows the default quota values:

[quotas]
# resource name(s) that are supported in quota features
quota_items = network,subnet,port

# number of networks allowed per tenant, and minus means unlimited
quota_network = 10

# number of subnets allowed per tenant, and minus means unlimited
quota_subnet = 10

# number of ports allowed per tenant, and minus means unlimited
quota_port = 50

# default driver to use for quota checks
quota_driver = neutron.quota.ConfDriver

OpenStack Networking also supports quotas for L3 resources: router and floating IP. Add these lines to the quotas section in the neutron.conf file:

[quotas]
# number of routers allowed per tenant, and minus means unlimited
quota_router = 10

# number of floating IPs allowed per tenant, and minus means unlimited
quota_floatingip = 50

Note

The quota_items option does not affect these quotas.

OpenStack Networking also supports quotas for security group resources: number of security groups and the number of rules for each security group. Add these lines to the quotas section in the neutron.conf file:

[quotas]
# number of security groups per tenant, and minus means unlimited
quota_security_group = 10

# number of security rules allowed per tenant, and minus means unlimited
quota_security_group_rule = 100

Note

The quota_items option does not affect these quotas.

Configure per-tenant quotas

OpenStack Networking also supports per-tenant quota limit by quota extension API.

Use these commands to manage per-tenant quotas:

neutron quota-delete: Delete defined quotas for a specified tenant
neutron quota-list: Lists defined quotas for all tenants
neutron quota-show: Shows quotas for a specified tenant
neutron quota-update: Updates quotas for a specified tenant

Only users with the admin role can change a quota value. By default, the default set of quotas are enforced for all tenants, so no quota-create command exists.

Configure Networking to show per-tenant quotas

Set the quota_driver option in the neutron.conf file.
```
quota_driver = neutron.db.quota_db.DbQuotaDriver
```
When you set this option, the output for Networking commands shows quotas.

List Networking extensions.

To list the Networking extensions, run this command:

$ neutron ext-list -c alias -c name

The command shows the quotas extension, which provides per-tenant quota management support.

+-----------------+--------------------------+
| alias           | name                     |
+-----------------+--------------------------+
| agent_scheduler | Agent Schedulers         |
| security-group  | security-group           |
| binding         | Port Binding             |
| quotas          | Quota management support |
| agent           | agent                    |
| provider        | Provider Network         |
| router          | Neutron L3 Router        |
| lbaas           | LoadBalancing service    |
| extraroute      | Neutron Extra Route      |
+-----------------+--------------------------+

Show information for the quotas extension.

To show information for the quotas extension, run this command:

$ neutron ext-show quotas
+-------------+------------------------------------------------------------+
| Field       | Value                                                      |
+-------------+------------------------------------------------------------+
| alias       | quotas                                                     |
| description | Expose functions for quotas management per tenant          |
| links       |                                                            |
| name        | Quota management support                                   |
| namespace   | http://docs.openstack.org/network/ext/quotas-sets/api/v2.0 |
| updated     | 2012-07-29T10:00:00-00:00                                  |
+-------------+------------------------------------------------------------+

Note

Only some plug-ins support per-tenant quotas. Specifically, Open vSwitch, Linux Bridge, and VMware NSX support them, but new versions of other plug-ins might bring additional functionality. See the documentation for each plug-in.

List tenants who have per-tenant quota support.

The quota-list command lists tenants for which the per-tenant quota is enabled. The command does not list tenants with default quota support. You must be an administrative user to run this command:

$ neutron quota-list
+------------+---------+------+--------+--------+----------------------------------+
| floatingip | network | port | router | subnet | tenant_id                        |
+------------+---------+------+--------+--------+----------------------------------+
|         20 |       5 |   20 |     10 |      5 | 6f88036c45344d9999a1f971e4882723 |
|         25 |      10 |   30 |     10 |     10 | bff5c9455ee24231b5bc713c1b96d422 |
+------------+---------+------+--------+--------+----------------------------------+

Show per-tenant quota values.

The quota-show command reports the current set of quota limits for the specified tenant. Non-administrative users can run this command without the --tenant_id parameter. If per-tenant quota limits are not enabled for the tenant, the command shows the default set of quotas.

$ neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723
+------------+-------+
| Field      | Value |
+------------+-------+
| floatingip | 20    |
| network    | 5     |
| port       | 20    |
| router     | 10    |
| subnet     | 5     |
+------------+-------+

The following command shows the command output for a non-administrative user.

$ neutron quota-show
+------------+-------+
| Field      | Value |
+------------+-------+
| floatingip | 20    |
| network    | 5     |
| port       | 20    |
| router     | 10    |
| subnet     | 5     |
+------------+-------+

Update quota values for a specified tenant.

Use the quota-update command to update a quota for a specified tenant.

$ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 5
+------------+-------+
| Field      | Value |
+------------+-------+
| floatingip | 50    |
| network    | 5     |
| port       | 50    |
| router     | 10    |
| subnet     | 10    |
+------------+-------+

You can update quotas for multiple resources through one command.

$ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --subnet 5 --port 20
+------------+-------+
| Field      | Value |
+------------+-------+
| floatingip | 50    |
| network    | 5     |
| port       | 20    |
| router     | 10    |
| subnet     | 5     |
+------------+-------+

To update the limits for an L3 resource such as, router or floating IP, you must define new values for the quotas after the -- directive.

This example updates the limit of the number of floating IPs for the specified tenant.

$ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 -- --floatingip 20
+------------+-------+
| Field      | Value |
+------------+-------+
| floatingip | 20    |
| network    | 5     |
| port       | 20    |
| router     | 10    |
| subnet     | 5     |
+------------+-------+

You can update the limits of multiple resources by including L2 resources and L3 resource through one command:

$ neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723
--network 3 --subnet 3 --port 3 -- --floatingip 3 --router 3
+------------+-------+
| Field      | Value |
+------------+-------+
| floatingip | 3     |
| network    | 3     |
| port       | 3     |
| router     | 3     |
| subnet     | 3     |
+------------+-------+

Delete per-tenant quota values.

To clear per-tenant quota limits, use the quota-delete command.

$ neutron quota-delete --tenant_id 6f88036c45344d9999a1f971e4882723
 Deleted quota: 6f88036c45344d9999a1f971e4882723

After you run this command, you can see that quota values for the tenant are reset to the default values.

$ neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723
+------------+-------+
| Field      | Value |
+------------+-------+
| floatingip | 50    |
| network    | 10    |
| port       | 50    |
| router     | 10    |
| subnet     | 10    |
+------------+-------+

10 KiB Raw Blame History

Manage Networking service quotas

Basic quota configuration

Configure per-tenant quotas

10 KiB

Raw Blame History