Jump to: navigation, search

Quotas

Quotas

To prevent system capacities from being exhausted without notification, you can set up quotas. Quotas are operational limits. For example, the number of gigabytes allowed per tenant can be controlled to ensure that a single tenant cannot consume all of the disk space. Quotas are currently enforced at the tenant (or project) level, rather than the user level.

Warning icon.svg Warning

Because without sensible quotas a single tenant could use up all the available resources, default quotas are shipped with OpenStack. You should pay attention to which quota settings make sense for your hardware capabilities.

Using the command-line interface, you can manage quotas for the OpenStack Compute service and the Block Storage service.

Typically, default values are changed because a tenant requires more than the OpenStack default of 10 volumes per tenant, or more than the OpenStack default of 1 TB of disk space on a compute node.

45px-Information icon.svg.png Note

To view all tenants, run:
$ openstack project list
+---------------------------------+----------+
| ID                              | Name     |
+---------------------------------+----------+
| a981642d22c94e159a4a6540f70f9f8 | admin    |
| 934b662357674c7b9f5e4ec6ded4d0e | tenant01 |
| 7bc1dbfd7d284ec4a856ea1eb82dca8 | tenant02 |
| 9c554aaef7804ba49e1b21cbd97d218 | services |
+---------------------------------+----------+

Set Image Quotas

You can restrict a project’s image storage by total number of bytes. Currently, this quota is applied cloud-wide, so if you were to set an Image quota limit of 5 GB, then all projects in your cloud will be able to store only 5 GB of images and snapshots.

To enable this feature, edit the /etc/glance/glance-api.conf file, and under the [DEFAULT] section, add:

user_storage_quota = <bytes>

For example, to restrict a project’s image storage to 5 GB, do this:

user_storage_quota = 5368709120
45px-Information icon.svg.png Note

There is a configuration option in /etc/glance/glance-api.conf that limits the number of members allowed per image, called image_member_quota, set to 128 by default. That setting is a different quota from the storage quota.

Set Compute Service Quotas

As an administrative user, you can update the Compute service quotas for an existing tenant, as well as update the quota defaults for a new tenant. See Compute quota descriptions.

Compute quota descriptions
Quota Description Property name
Fixed IPs Number of fixed IP addresses allowed per project. This number must be equal to or greater than the number of allowed instances. fixed-ips
Floating IPs Number of floating IP addresses allowed per project. floating-ips{.docut ils .literal}
Injected file content bytes Number of content bytes allowed per injected file. injected-file-conten t-bytes
Injected file path bytes Number of bytes allowed per injected file path. injected-file-path-b ytes
Injected files Number of injected files allowed per project. injected-files{.doc utils .literal}
Instances Number of instances allowed per project. instances
Key pairs Number of key pairs allowed per user. key-pairs
Metadata items Number of metadata items allowed per instance. metadata-items{.doc utils .literal}
RAM Megabytes of instance RAM allowed per project. ram
Security group rules Number of security group rules per project. security-group-rules
Security groups Number of security groups per project. security-groups{.do cutils .literal}
VCPUs Number of instance cores allowed per project. cores
Server Groups Number of server groups per project. server_groups{.docu tils .literal}
Server Group Members Number of servers per server group. server_group_members

View and update compute quotas for a tenant (project)

As an administrative user, you can use the nova quota-* commands, which are provided by the python-novaclient package, to view and update tenant quotas.

To view and update default quota values

  1. List all default quotas for all tenants, as follows:
    $ nova quota-defaults
    
    For example:
    $ nova quota-defaults
    +-----------------------------+-------+
    | Quota                       | Limit |
    +-----------------------------+-------+
    | instances                   | 10    |
    | cores                       | 20    |
    | ram                         | 51200 |
    | floating_ips                | 10    |
    | fixed_ips                   | -1    |
    | metadata_items              | 128   |
    | injected_files              | 5     |
    | injected_file_content_bytes | 10240 |
    | injected_file_path_bytes    | 255   |
    | key_pairs                   | 100   |
    | security_groups             | 10    |
    | security_group_rules        | 20    |
    | server_groups               | 10    |
    | server_group_members        | 10    |
    +-----------------------------+-------+
    
  2. Update a default value for a new tenant, as follows:
    $ nova quota-class-update default key value
    
    For example:
    $ nova quota-class-update default --instances 15
    

To view quota values for a tenant (project)

  1. Place the tenant ID in a variable:
    $ tenant=$(openstack project list | awk '/tenantName/ {print $2}')
    
  2. List the currently set quota values for a tenant, as follows:
    $ nova quota-show --tenant $tenant
    
    For example:
    $ nova quota-show --tenant $tenant
    +-----------------------------+-------+
    | Quota                       | Limit |
    +-----------------------------+-------+
    | instances                   | 10    |
    | cores                       | 20    |
    | ram                         | 51200 |
    | floating_ips                | 10    |
    | fixed_ips                   | -1    |
    | metadata_items              | 128   |
    | injected_files              | 5     |
    | injected_file_content_bytes | 10240 |
    | injected_file_path_bytes    | 255   |
    | key_pairs                   | 100   |
    | security_groups             | 10    |
    | security_group_rules        | 20    |
    | server_groups               | 10    |
    | server_group_members        | 10    |
    +-----------------------------+-------+
    

To update quota values for a tenant (project)

  1. Obtain the tenant ID, as follows:
    $ tenant=$(openstack project list | awk '/tenantName/ {print $2}')
    
  2. Update a particular quota value, as follows:
    # nova quota-update --quotaName quotaValue tenantID
    
    For example:
    # nova quota-update --floating-ips 20 $tenant
    # nova quota-show --tenant $tenant
    +-----------------------------+-------+
    | Quota                       | Limit |
    +-----------------------------+-------+
    | instances                   | 10    |
    | cores                       | 20    |
    | ram                         | 51200 |
    | floating_ips                | 20    |
    | fixed_ips                   | -1    |
    | metadata_items              | 128   |
    | injected_files              | 5     |
    | injected_file_content_bytes | 10240 |
    | injected_file_path_bytes    | 255   |
    | key_pairs                   | 100   |
    | security_groups             | 10    |
    | security_group_rules        | 20    |
    | server_groups               | 10    |
    | server_group_members        | 10    |
    +-----------------------------+-------+
    
    To view a list of options for the nova quota-update command, run:
    $ nova help quota-update
    

Set Object Storage Quotas

There are currently two categories of quotas for Object Storage:

Container quotas
Limit the total size (in bytes) or number of objects that can be stored in a single container.
Account quotas
Limit the total size (in bytes) that a user has available in the Object Storage service.

To take advantage of either container quotas or account quotas, your Object Storage proxy server must have container_quotas or account_quotas (or both) added to the [pipeline:main] pipeline. Each quota type also requires its own section in the proxy-server.conf file:

[pipeline:main]
pipeline = catch_errors [...] slo dlo account_quotas proxy-server

[filter:account_quotas]
use = egg:swift#account_quotas

[filter:container_quotas]
use = egg:swift#container_quotas

To view and update Object Storage quotas, use the swift command provided by the python-swiftclient package. Any user included in the project can view the quotas placed on their project. To update Object Storage quotas on a project, you must have the role of ResellerAdmin in the project that the quota is being applied to.

To view account quotas placed on a project:

$ swift stat
   Account: AUTH_b36ed2d326034beba0a9dd1fb19b70f9
Containers: 0
   Objects: 0
     Bytes: 0
Meta Quota-Bytes: 214748364800
X-Timestamp: 1351050521.29419
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes

To apply or update account quotas on a project:

$ swift post -m quota-bytes:
     <bytes>

For example, to place a 5 GB quota on an account:

$ swift post -m quota-bytes:
     5368709120

To verify the quota, run the swift stat command again:

$ swift stat
   Account: AUTH_b36ed2d326034beba0a9dd1fb19b70f9
Containers: 0
   Objects: 0
     Bytes: 0
Meta Quota-Bytes: 5368709120
X-Timestamp: 1351541410.38328
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes

Set Block Storage Quotas

As an administrative user, you can update the Block Storage service quotas for a tenant, as well as update the quota defaults for a new tenant. See Table: Block Storage quota descriptions.

Table: Block Storage quota descriptions
Property name Description
gigabytes Number of volume gigabytes allowed per tenant
snapshots Number of Block Storage snapshots allowed per tenant.
volumesswift Number of Block Storage volumes allowed per tenant

View and update Block Storage quotas for a tenant (project)

As an administrative user, you can use the cinder quota-* commands, which are provided by the python-cinderclient package, to view and update tenant quotas.

To view and update default Block Storage quota values

  1. List all default quotas for all tenants, as follows:
    $ cinder quota-defaults tenantID
    
  2. Obtain the tenant ID, as follows:</p>
    $ tenant=$(openstack project list | awk '/tenantName/ {print $2}')
    
    For example:
    $ cinder quota-defaults $tenant
    +-----------+-------+
    |  Property | Value |
    +-----------+-------+
    | gigabytes |  1000 |
    | snapshots |   10  |
    |  volumes  |   10  |
    +-----------+-------+
    
  1. To update a default value for a new tenant, update the property in the /etc/cinder/cinder.conf file.

To view Block Storage quotas for a tenant (project)

  1. View quotas for the tenant, as follows:
    # cinder quota-show  tenantID
    
    For example:
    # cinder quota-show $tenant
    +-----------+-------+
    |  Property | Value |
    +-----------+-------+
    | gigabytes |  1000 |
    | snapshots |   10  |
    |  volumes  |   10  |
    +-----------+-------+
    

To update Block Storage quotas for a tenant (project)

  1. Place the tenant ID in a variable:
    $ tenant=$(openstack project list | awk '/tenantName/ {print $2}')
    
  2. Update a particular quota value, as follows:
    # cinder quota-update --quotaName NewValue tenantID
    
    For example:
    # cinder quota-update --volumes 15 $tenant
    #: # cinder quota-show $tenant
    +-----------+-------+
    |  Property | Value |
    +-----------+-------+
    | gigabytes |  1000 |
    | snapshots |   10  |
    |  volumes  |   15  |
    +-----------+-------+