Quotas
Contents
Quotas
To prevent system capacities from being exhausted without notification, you can set up quotas. Quotas are operational limits. For example, the number of gigabytes allowed per tenant can be controlled to ensure that a single tenant cannot consume all of the disk space. Quotas are currently enforced at the tenant (or project) level, rather than the user level.
WarningBecause without sensible quotas a single tenant could use up all the available resources, default quotas are shipped with OpenStack. You should pay attention to which quota settings make sense for your hardware capabilities.
Using the command-line interface, you can manage quotas for the OpenStack Compute service and the Block Storage service.
Typically, default values are changed because a tenant requires more than the OpenStack default of 10 volumes per tenant, or more than the OpenStack default of 1 TB of disk space on a compute node.
NoteTo view all tenants, run:
$ openstack project list
+---------------------------------+----------+
| ID | Name |
+---------------------------------+----------+
| a981642d22c94e159a4a6540f70f9f8 | admin |
| 934b662357674c7b9f5e4ec6ded4d0e | tenant01 |
| 7bc1dbfd7d284ec4a856ea1eb82dca8 | tenant02 |
| 9c554aaef7804ba49e1b21cbd97d218 | services |
+---------------------------------+----------+
Set Image Quotas
You can restrict a project’s image storage by total number of bytes. Currently, this quota is applied cloud-wide, so if you were to set an Image quota limit of 5 GB, then all projects in your cloud will be able to store only 5 GB of images and snapshots.
To enable this feature, edit the /etc/glance/glance-api.conf file, and under the [DEFAULT] section, add:
user_storage_quota = <bytes>
For example, to restrict a project’s image storage to 5 GB, do this:
user_storage_quota = 5368709120
NoteThere is a configuration option in
/etc/glance/glance-api.conf that limits the number of members allowed per image, called image_member_quota, set to 128 by default. That setting is a different quota from the storage quota. Set Compute Service Quotas
As an administrative user, you can update the Compute service quotas for an existing tenant, as well as update the quota defaults for a new tenant. See Compute quota descriptions.
| Quota | Description | Property name |
|---|---|---|
| Fixed IPs | Number of fixed IP addresses allowed per project. This number must be equal to or greater than the number of allowed instances. | fixed-ips
|
| Floating IPs | Number of floating IP addresses allowed per project. | floating-ips{.docut ils .literal}
|
| Injected file content bytes | Number of content bytes allowed per injected file. | injected-file-conten t-bytes
|
| Injected file path bytes | Number of bytes allowed per injected file path. | injected-file-path-b ytes
|
| Injected files | Number of injected files allowed per project. | injected-files{.doc utils .literal}
|
| Instances | Number of instances allowed per project. | instances
|
| Key pairs | Number of key pairs allowed per user. | key-pairs
|
| Metadata items | Number of metadata items allowed per instance. | metadata-items{.doc utils .literal}
|
| RAM | Megabytes of instance RAM allowed per project. | ram
|
| Security group rules | Number of security group rules per project. | security-group-rules
|
| Security groups | Number of security groups per project. | security-groups{.do cutils .literal}
|
| VCPUs | Number of instance cores allowed per project. | cores
|
| Server Groups | Number of server groups per project. | server_groups{.docu tils .literal}
|
| Server Group Members | Number of servers per server group. | server_group_members
|
View and update compute quotas for a tenant (project)
As an administrative user, you can use the nova quota-* commands, which are provided by the python-novaclient package, to view and update tenant quotas.
To view and update default quota values
- List all default quotas for all tenants, as follows:
$ nova quota-defaults- For example:
$ nova quota-defaults +-----------------------------+-------+ | Quota | Limit | +-----------------------------+-------+ | instances | 10 | | cores | 20 | | ram | 51200 | | floating_ips | 10 | | fixed_ips | -1 | | metadata_items | 128 | | injected_files | 5 | | injected_file_content_bytes | 10240 | | injected_file_path_bytes | 255 | | key_pairs | 100 | | security_groups | 10 | | security_group_rules | 20 | | server_groups | 10 | | server_group_members | 10 | +-----------------------------+-------+
- Update a default value for a new tenant, as follows:
$ nova quota-class-update default key value- For example:
$ nova quota-class-update default --instances 15
To view quota values for a tenant (project)
- Place the tenant ID in a variable:
$ tenant=$(openstack project list | awk '/tenantName/ {print $2}')
- List the currently set quota values for a tenant, as follows:
$ nova quota-show --tenant $tenant- For example:
$ nova quota-show --tenant $tenant +-----------------------------+-------+ | Quota | Limit | +-----------------------------+-------+ | instances | 10 | | cores | 20 | | ram | 51200 | | floating_ips | 10 | | fixed_ips | -1 | | metadata_items | 128 | | injected_files | 5 | | injected_file_content_bytes | 10240 | | injected_file_path_bytes | 255 | | key_pairs | 100 | | security_groups | 10 | | security_group_rules | 20 | | server_groups | 10 | | server_group_members | 10 | +-----------------------------+-------+
To update quota values for a tenant (project)
- Obtain the tenant ID, as follows:
$ tenant=$(openstack project list | awk '/tenantName/ {print $2}')
- Update a particular quota value, as follows:
# nova quota-update --quotaName quotaValue tenantID- For example:
# nova quota-update --floating-ips 20 $tenant # nova quota-show --tenant $tenant +-----------------------------+-------+ | Quota | Limit | +-----------------------------+-------+ | instances | 10 | | cores | 20 | | ram | 51200 | | floating_ips | 20 | | fixed_ips | -1 | | metadata_items | 128 | | injected_files | 5 | | injected_file_content_bytes | 10240 | | injected_file_path_bytes | 255 | | key_pairs | 100 | | security_groups | 10 | | security_group_rules | 20 | | server_groups | 10 | | server_group_members | 10 | +-----------------------------+-------+
- To view a list of options for the
nova quota-updatecommand, run:$ nova help quota-update
Set Object Storage Quotas
There are currently two categories of quotas for Object Storage:
- Container quotas
- Limit the total size (in bytes) or number of objects that can be stored in a single container.
- Account quotas
- Limit the total size (in bytes) that a user has available in the Object Storage service.
To take advantage of either container quotas or account quotas, your Object Storage proxy server must have container_quotas or account_quotas (or both) added to the [pipeline:main] pipeline. Each quota type also requires its own section in the proxy-server.conf file:
[pipeline:main]
pipeline = catch_errors [...] slo dlo account_quotas proxy-server
[filter:account_quotas]
use = egg:swift#account_quotas
[filter:container_quotas]
use = egg:swift#container_quotas
To view and update Object Storage quotas, use the swift command provided by the python-swiftclient package. Any user included in the project can view the quotas placed on their project. To update Object Storage quotas on a project, you must have the role of ResellerAdmin in the project that the quota is being applied to.
To view account quotas placed on a project:
$ swift stat
Account: AUTH_b36ed2d326034beba0a9dd1fb19b70f9
Containers: 0
Objects: 0
Bytes: 0
Meta Quota-Bytes: 214748364800
X-Timestamp: 1351050521.29419
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
To apply or update account quotas on a project:
$ swift post -m quota-bytes:
<bytes>
For example, to place a 5 GB quota on an account:
$ swift post -m quota-bytes:
5368709120
To verify the quota, run the swift stat command again:
$ swift stat
Account: AUTH_b36ed2d326034beba0a9dd1fb19b70f9
Containers: 0
Objects: 0
Bytes: 0
Meta Quota-Bytes: 5368709120
X-Timestamp: 1351541410.38328
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
Set Block Storage Quotas
As an administrative user, you can update the Block Storage service quotas for a tenant, as well as update the quota defaults for a new tenant. See Table: Block Storage quota descriptions.
| Property name | Description |
|---|---|
| gigabytes | Number of volume gigabytes allowed per tenant |
| snapshots | Number of Block Storage snapshots allowed per tenant. |
| volumesswift | Number of Block Storage volumes allowed per tenant |
View and update Block Storage quotas for a tenant (project)
As an administrative user, you can use the cinder quota-* commands, which are provided by the python-cinderclient package, to view and update tenant quotas.
To view and update default Block Storage quota values
- List all default quotas for all tenants, as follows:
$ cinder quota-defaults tenantID
- Obtain the tenant ID, as follows:</p>
$ tenant=$(openstack project list | awk '/tenantName/ {print $2}')
- For example:
$ cinder quota-defaults $tenant +-----------+-------+ | Property | Value | +-----------+-------+ | gigabytes | 1000 | | snapshots | 10 | | volumes | 10 | +-----------+-------+
- To update a default value for a new tenant, update the property in the
/etc/cinder/cinder.conffile.
To view Block Storage quotas for a tenant (project)
- View quotas for the tenant, as follows:
# cinder quota-show tenantID- For example:
# cinder quota-show $tenant +-----------+-------+ | Property | Value | +-----------+-------+ | gigabytes | 1000 | | snapshots | 10 | | volumes | 10 | +-----------+-------+
To update Block Storage quotas for a tenant (project)
- Place the tenant ID in a variable:
$ tenant=$(openstack project list | awk '/tenantName/ {print $2}')
- Update a particular quota value, as follows:
# cinder quota-update --quotaName NewValue tenantID- For example:
# cinder quota-update --volumes 15 $tenant #: # cinder quota-show $tenant +-----------+-------+ | Property | Value | +-----------+-------+ | gigabytes | 1000 | | snapshots | 10 | | volumes | 15 | +-----------+-------+
