API 配置

速率限制

警告

这是遗留功能，测试不足，未来可能会被移除。建议通过代理服务器来实施速率限制。

Cinder 支持管理员配置的 API 限制。默认情况下这些限制是禁用的，但可以通过修改 api-paste.ini 来启用 RateLimitingMiddleware 中间件。例如，给定以下在例如 /etc/cinder/api-paste.ini 中的复合应用定义

[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors ... apiv2
keystone = cors ... apiv2
keystone_nolimit = cors ... apiv2

[composite:openstack_volume_api_v3]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors ... apiv3
keystone = cors ... apiv3
keystone_nolimit = cors ... apiv3

可以通过添加一个新的过滤器来调用 RateLimitingMiddleware 并配置复合应用来使用此过滤器来配置速率限制

[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors ... ratelimit apiv2
keystone = cors ... ratelimit apiv2
keystone_nolimit = cors ... ratelimit apiv2

[composite:openstack_volume_api_v3]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors ... ratelimit apiv3
keystone = cors ... ratelimit apiv3
keystone_nolimit = cors ... ratelimit apiv3

[filter:ratelimit]
paste.filter_factory = cinder.api.v2.limits:RateLimitingMiddleware.factory

配置完成后，重启 cinder-api 服务。用户可以使用 openstack limits show --rate 命令查看 API 限制。例如

$ openstack limits show --rate
+--------+-----------------+-------+--------+--------+---------------------+
| Verb   | URI             | Value | Remain | Unit   | Next Available      |
+--------+-----------------+-------+--------+--------+---------------------+
| POST   | *               |    10 |     10 | MINUTE | 2021-03-23T12:36:09 |
| PUT    | *               |    10 |     10 | MINUTE | 2021-03-23T12:36:09 |
| DELETE | *               |   100 |    100 | MINUTE | 2021-03-23T12:36:09 |
| POST   | */servers       |    50 |     50 | DAY    | 2021-03-23T12:36:09 |
| GET    | *changes-since* |     3 |      3 | MINUTE | 2021-03-23T12:36:09 |
+--------+-----------------+-------+--------+--------+---------------------+

注意

速率限制与绝对限制完全分开，绝对限制跟踪资源利用率，可以使用 openstack limits show --absolute 命令查看。