管理网络服务配额

配额限制可用资源的数量。默认配额可能对所有项目强制执行。当您尝试创建超过配额允许的资源时，会发生错误

$ openstack network create test_net
 Error while executing command: ConflictException: 409, Quota exceeded for resources: ['network'].

配额扩展 API 也支持每个项目的配额配置。有关详细信息，请参阅 配置每个项目的配额。

基本配额配置

在网络默认配额机制中，所有项目具有相同的配额值，例如项目可以创建的资源数量。

配额值在 OpenStack Networking 的 /etc/neutron/neutron.conf 配置文件中定义。以下示例显示了默认配额值

[quotas]
# Default number of resources allowed per project. A negative value means
# unlimited. (integer value)
#default_quota = -1

# Number of networks allowed per project. A negative value means unlimited.
# (integer value)
quota_network = 100

# Number of subnets allowed per project, A negative value means unlimited.
# (integer value)
quota_subnet = 100

# Number of ports allowed per project. A negative value means unlimited.
# (integer value)
quota_port = 500

# default driver to use for quota checks
quota_driver = neutron.db.quota.driver_nolock.DbQuotaNoLockDriver

# When set to True, quota usage will be tracked in the Neutron database
# for each resource, by directly mapping to a data model class, for
# example, networks, subnets, ports, etc. When set to False, quota usage
# will be tracked by the quota engine as a count of the object type
# directly. For more information, see the Quota Management and
# Enforcement guide.
# (boolean value)
track_quota_usage = true

#
# From neutron.extensions
#

# Number of routers allowed per project. A negative value means unlimited.
# (integer value)
quota_router = 10

# Number of floating IPs allowed per project. A negative value means
# unlimited.
# (integer value)
quota_floatingip = 50

# Number of security groups allowed per project. A negative value means
# unlimited.
# (integer value)
quota_security_group = 10

# Number of security group rules allowed per project. A negative value means
# unlimited.
# (integer value)
quota_security_group_rule = 100

配置每个项目的配额

OpenStack Networking 还通过配额扩展 API 支持每个项目的配额限制。

使用以下命令管理每个项目的配额

openstack quota delete

删除为指定项目定义的配额

openstack quota list

列出具有非默认配额值的项目的已定义配额

openstack quota show

显示所有项目的已定义配额

openstack quota show <项目>

显示指定项目的配额

openstack quota show –default <项目>

显示指定项目的默认配额

openstack quota set –<资源> <值> <项目>

更新指定项目的配额

只有具有 admin 角色的用户才能更改配额值。默认情况下，默认配额集对所有项目强制执行，因此不存在 opentack quota create 命令。

1. 配置网络以显示每个项目的配额

   在 /etc/neutron/neutron.conf 文件中设置 quota_driver 选项。

   quota_driver = neutron.db.quota.driver.DbQuotaDriver
   

   设置此选项后，网络命令的输出将显示 quotas。

2. 列出网络扩展。

   要列出网络扩展，请运行此命令

   $ openstack extension list --network
   

   该命令显示 quotas 扩展，该扩展提供每个项目的配额管理支持。

   +------------------------+------------------------+--------------------------+
   | Name                   | Alias                  | Description              |
   +------------------------+------------------------+--------------------------+
   | ...                    | ...                    | ...                      |
   | Quota management       | quotas                 | Expose functions for     |
   | support                |                        | quotas management per    |
   |                        |                        | project                  |
   | ...                    | ...                    | ...                      |
   +------------------------+------------------------+--------------------------+
   

3. 显示配额扩展的信息。

   要显示 quotas 扩展的信息，请运行此命令

   $ openstack extension show quotas
   +-------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
   | Field       | Value                                                                                                                                                                                     |
   +-------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
   | alias       | quotas                                                                                                                                                                                    |
   | description | Expose functions for quotas management per project                                                                                                                                        |
   | id          | quotas                                                                                                                                                                                    |
   | links       | []                                                                                                                                                                                        |
   | location    | Munch({'cloud': '', 'region_name': 'RegionOne', 'zone': None, 'project': Munch({'id': 'afc55714081b4ef29f99ec128cb1fa30', 'name': 'demo', 'domain_id': 'default', 'domain_name': None})}) |
   | name        | Quota management support                                                                                                                                                                  |
   | updated     | 2012-07-29T10:00:00-00:00                                                                                                                                                                 |
   +-------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
   

   注意

   只有一些插件支持每个项目的配额。具体来说，OVN 和 Open vSwitch 支持它们，但其他插件的新版本可能会带来额外的功能。请参阅每个插件的文档。

4. 列出具有每个项目配额支持的项目。

   openstack quota list 命令列出已启用每个项目配额的项目。该命令不列出具有默认配额支持的项目。您必须是管理员才能运行此命令

   $ openstack quota list --network
   +----------------------------------+--------------+----------+-------+---------------+---------+-----------------+----------------------+---------+--------------+
   | Project ID                       | Floating IPs | Networks | Ports | RBAC Policies | Routers | Security Groups | Security Group Rules | Subnets | Subnet Pools |
   +----------------------------------+--------------+----------+-------+---------------+---------+-----------------+----------------------+---------+--------------+
   | 6f88036c45344d9999a1f971e4882723 |           50 |      100 |   500 |            10 |      20 |              10 |                  100 |     100 |           -1 |
   | bff5c9455ee24231b5bc713c1b96d422 |          100 |      100 |   500 |            10 |      10 |              10 |                  100 |     100 |           -1 |
   +----------------------------------+--------------+----------+-------+---------------+---------+-----------------+----------------------+---------+--------------+
   

5. 显示每个项目的配额值。

   openstack quota show 命令报告指定项目的当前配额限制集。非管理员用户可以在不使用 <项目> 参数的情况下运行此命令。如果项目未启用每个项目的配额限制，则该命令将显示默认配额集。

   $ openstack quota show 6f88036c45344d9999a1f971e4882723
   +----------------+-------+
   | Resource       | Limit |
   +----------------+-------+
   | networks       |   100 |
   | ports          |   500 |
   | rbac_policies  |    10 |
   | routers        |    20 |
   | subnets        |   100 |
   | subnet_pools   |    -1 |
   | floating-ips   |    50 |
   | secgroup-rules |   100 |
   | secgroups      |    10 |
   +----------------+-------+
   

   以下命令显示非管理员用户的命令输出。

   $ openstack quota show
   +----------------+-------+
   | Resource       | Limit |
   +----------------+-------+
   | networks       |   100 |
   | ports          |   500 |
   | rbac_policies  |    10 |
   | routers        |    20 |
   | subnets        |   100 |
   | subnet_pools   |    -1 |
   | floating-ips   |    50 |
   | secgroup-rules |   100 |
   | secgroups      |    10 |
   +----------------+-------+
   

6. 更新指定项目的配额值。

   使用 openstack quota set 命令更新指定项目的配额。

   $ openstack quota set --routers 20 6f88036c45344d9999a1f971e4882723
   

   您可以通过一个命令更新多个资源的配额。

   $ openstack quota set --subnets 50 --ports 100 6f88036c45344d9999a1f971e4882723
   

   您可以通过一个命令更新多个资源的限制

   $ openstack quota set --networks 50 --subnets 50 --ports 100 \
     --floating-ips 20 --routers 5 6f88036c45344d9999a1f971e4882723
   

7. 删除每个项目的配额值。

   要清除每个项目的配额限制，请使用 openstack quota delete 命令。

   $ openstack quota delete 6f88036c45344d9999a1f971e4882723
   

   运行此命令后，您将看到该项目的配额值重置为默认值。

   $ openstack quota show --network 6f88036c45344d9999a1f971e4882723
   +----------------+-------+
   | Resource       | Limit |
   +----------------+-------+
   | networks       |   100 |
   | ports          |   500 |
   | rbac_policies  |    10 |
   | routers        |    20 |
   | subnets        |   100 |
   | subnet_pools   |    -1 |
   | floating-ips   |    50 |
   | secgroup-rules |   100 |
   | secgroups      |    10 |
   +----------------+-------+
   

注意

使用 OpenStack 命令行客户端列出默认配额将提供网络和其他服务的全部配额。