openstack之neutron配额调整
1. 前言
neutron在安装配置完成之后,openstack为了实现对所有tenant对网络资源的使用,针对neutron设置有专门的配额,以防止租户使用过多的资源,而对其他的tenant造成影响。和nova的quota相类似,neutron也使用单独的一个驱动来实现网络neutron的配额控制。
2. neutron默认的配额
neutron默认的配额针对network,port,router,subnet,floatingip做了配额方面的限定,参考neutron的配置文件,获取quota的配额内容为:
[root@controller ~]# vim /etc/neutron/neutron.conf
[quotas]
quota_driver = neutron.db.quota_db.DbQuotaDriver 配额驱动
quota_items = network,subnet,port quota限定的范畴
default_quota = -1 默认的quota,-1表示没有限制(未启用)
quota_network = 10 建立的network个数
quota_subnet = 10 建立的subnet个数
quota_port = 50 允许的port个数
quota_security_group = 10 安全组的个数
quota_security_group_rule = 100 安全组规规则条数
quota_vip = 10 vip个数,以下的quota_member和quota_health_monitors 都用于LBaaS场景
quota_pool = 10 pool个数
quota_member = -1 member个数
quota_health_monitors = -1 monitor个数
quota_router = 10 router的个数
quota_floatingip = 50 floating-ip个数3. 修改neutron的配额
查看neutron默认的配额
[root@controller ~]# keystone tenant-list
+----------------------------------+----------+---------+
| id | name | enabled |
+----------------------------------+----------+---------+
| 842ab3268a2c47e6a4b0d8774de805ae | admin | True |
| 7ff1dfb5a6f349958c3a949248e56236 | companyA | True | #得到tenant的uuid号
| 10d1465c00d049fab88dec1af0f56b1b | demo | True |
| 3b57a14f7c354a979c9f62b60f31a331 | service | True |
+----------------------------------+----------+---------+
[root@controller ~]# neutron quota-show --tenant-id 7ff1dfb5a6f349958c3a949248e56236
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 50 |
| health_monitor | -1 |
| member | -1 |
| network | 10 |
| pool | 10 |
| port | 50 | #port,每台虚拟机都需要一个ip,即一个port,很容易就超过配额
| router | 10 |
| security_group | 10 |
| security_group_rule | 100 |
| subnet | 10 |
| vip | 10 |
+---------------------+-------+2. 修改neutron配额
[root@controller ~]# neutron quota-update --network 20 --subnet 20 --port 100 --router 5 --floatingip 100 --security-group 10 --security-group-rule 100 --tenant-id 7ff1dfb5a6f349958c3a949248e56236
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 100 |
| health_monitor | -1 |
| member | -1 |
| network | 20 |
| pool | 10 |
| port | 100 |
| router | 5 |
| security_group | 10 |
| security_group_rule | 100 |
| subnet | 20 |
| vip | 10 |
+---------------------+-------+
校验neutron的quota配置
[root@controller ~]# neutron quota-show --tenant-id 7ff1dfb5a6f349958c3a949248e56236
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 100 |
| health_monitor | -1 |
| member | -1 |
| network | 20 |
| pool | 10 |
| port | 100 |
| router | 5 |
| security_group | 10 |
| security_group_rule | 100 |
| subnet | 20 |
| vip | 10 |
+---------------------+-------+4. 统计port的个数
[root@controller ~]# neutron port-list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| 0060ec4a-957d-4571-b730-6b4a9bb3baf8 | | fa:16:3e:48:42:3d | {"subnet_id": "9654a807-d4fa-49f1-abb6-2e45d776c69f", "ip_address": "10.16.4.19"} |
| 00942be0-a3a9-471d-a4ba-336db0ee1539 | | fa:16:3e:73:75:03 | {"subnet_id": "ad4a5ffc-3ccc-42c4-89a1-61e7b18632a3", "ip_address": "10.16.6.96"} |
| 0119045c-8219-4744-bd58-a7e77294832c | | fa:16:3e:10:ed:7f | {"subnet_id": "9654a807-d4fa-49f1-abb6-2e45d776c69f", "ip_address": "10.16.4.71"} |
| 04f7d8ea-1849-4938-9ef7-e8114893132f | | fa:16:3e:50:86:1b | {"subnet_id": "ad4a5ffc-3ccc-42c4-89a1-61e7b18632a3", "ip_address": "10.16.6.27"} |
[root@controller ~]# neutron port-list |wc -l #超过配额时,需要修改
1945. 总结
随着时间的推移,当越来越多得instance加入到openstack中,port也会相应增加,一个ip对应一个port,所以当port达到配额时,openstack会组织用户继续分配虚拟机,此时,就需要修改neutron的配额了,关于neutron配额的报错,可以参考neutron的日志/var/log/neutron/neutron-server.log,可以根据日志的信息,定位到报错的原因,具体不赘述。
6. 附录
neutron实现quota的代码解读
[root@controller ~]# vim /usr/lib/python2.6/site-packages/neutron/db/quota_db.py
import sqlalchemy as sa
from neutron.common import exceptions
from neutron.db import model_base
from neutron.db import models_v2
'''
quota数据库表的表结构,tenant默认集成的配额从这里获取
mysql> desc quotas;
+-----------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| tenant_id | varchar(255) | YES | MUL | NULL | |
| resource | varchar(255) | YES | | NULL | |
| limit | int(11) | YES | | NULL | |
+-----------+--------------+------+-----+---------+-------+
'''
class Quota(model_base.BASEV2, models_v2.HasId):
"""Represent a single quota override for a tenant.
If there is no row for a given tenant id and resource, then the
default for the quota class is used.
"""
tenant_id = sa.Column(sa.String(255), index=True)
resource = sa.Column(sa.String(255))
limit = sa.Column(sa.Integer)
'''
quota配额的具体实现,根据数据库的配置内容,实现quota的控制,即quota的增删改查方法
'''
class DbQuotaDriver(object):
"""Driver to perform necessary checks to enforce quotas and obtain quota
information.
The default driver utilizes the local database.
"""
'''
得到租户tenant的quota,执行neutron quota-show --tenant-id uuid时调用的方法
'''
@staticmethod
def get_tenant_quotas(context, resources, tenant_id):
"""Given a list of resources, retrieve the quotas for the given
tenant.
:param context: The request context, for access checks.
:param resources: A dictionary of the registered resource keys.
:param tenant_id: The ID of the tenant to return quotas for.
:return dict: from resource name to dict of name and limit
"""
# init with defaults 得到quota默认的配额项item,即所谓的network,subnet,port和router等,以及对应的值
tenant_quota = dict((key, resource.default)
for key, resource in resources.items())
# update with tenant specific limits 从数据库中获取最新的quota配置信息,并更新
q_qry = context.session.query(Quota).filter_by(tenant_id=tenant_id)
tenant_quota.update((q['resource'], q['limit']) for q in q_qry)
return tenant_quota
'''
quota的删除,即执行neutron quota-delete 的方法,删除之后,tenant将会集成默认的的quota配置
'''
@staticmethod
def delete_tenant_quota(context, tenant_id):
"""Delete the quota entries for a given tenant_id.
Atfer deletion, this tenant will use default quota values in conf.
"""
#从neutron。quotas数据库中查询到所有的quota配置之后,过略某个具体的tenant的quota,之后执行delete()方法将其删除
with context.session.begin():
tenant_quotas = context.session.query(Quota)
tenant_quotas = tenant_quotas.filter_by(tenant_id=tenant_id)
tenant_quotas.delete()
'''
得到所有租户tenant的配额资源,即执行neutron quota-list所查看的内容
'''
@staticmethod
def get_all_quotas(context, resources):
"""Given a list of resources, retrieve the quotas for the all tenants.
:param context: The request context, for access checks.
:param resources: A dictionary of the registered resource keys.
:return quotas: list of dict of tenant_id:, resourcekey1:
resourcekey2: ...
"""
tenant_default = dict((key, resource.default)
for key, resource in resources.items())
all_tenant_quotas = {}
for quota in context.session.query(Quota):
tenant_id = quota['tenant_id']
# avoid setdefault() because only want to copy when actually req'd
#如果quotas表中,没有找到配置选项,说明使用默认的quota配置,直接用默认的copy过来即可,有配置则继承quotas表中的配置
tenant_quota = all_tenant_quotas.get(tenant_id)
if tenant_quota is None:
tenant_quota = tenant_default.copy()
tenant_quota['tenant_id'] = tenant_id
all_tenant_quotas[tenant_id] = tenant_quota
tenant_quota[quota['resource']] = quota['limit']
return all_tenant_quotas.values()
'''
更新quota的配置,即执行neutron quota-update命令的具体实现
'''
@staticmethod
def update_quota_limit(context, tenant_id, resource, limit):
with context.session.begin():
tenant_quota = context.session.query(Quota).filter_by(
tenant_id=tenant_id, resource=resource).first()
#有配置内容,则更新,没有则根据资源的配置内容,在数据库中添加对应的条目
if tenant_quota:
tenant_quota.update({'limit': limit})
else:
tenant_quota = Quota(tenant_id=tenant_id,
resource=resource,
limit=limit)
context.session.add(tenant_quota)
def _get_quotas(self, context, tenant_id, resources, keys):
"""Retrieves the quotas for specific resources.
A helper method which retrieves the quotas for the specific
resources identified by keys, and which apply to the current
context.
:param context: The request context, for access checks.
:param tenant_id: the tenant_id to check quota.
:param resources: A dictionary of the registered resources.
:param keys: A list of the desired quotas to retrieve.
"""
desired = set(keys)
sub_resources = dict((k, v) for k, v in resources.items()
if k in desired)
# Make sure we accounted for all of them...
if len(keys) != len(sub_resources):
unknown = desired - set(sub_resources.keys())
raise exceptions.QuotaResourceUnknown(unknown=sorted(unknown))
# Grab and return the quotas (without usages)
quotas = DbQuotaDriver.get_tenant_quotas(
context, sub_resources, tenant_id)
return dict((k, v) for k, v in quotas.items())
'''
neutron quota的校验,即在执行过程中,调用该方法,确认tenant的quota是否在合理的范围内
'''
def limit_check(self, context, tenant_id, resources, values):
"""Check simple quota limits.
For limits--those quotas for which there is no usage
synchronization function--this method checks that a set of
proposed values are permitted by the limit restriction.
This method will raise a QuotaResourceUnknown exception if a
given resource is unknown or if it is not a simple limit
resource.
If any of the proposed values is over the defined quota, an
OverQuota exception will be raised with the sorted list of the
resources which are too high. Otherwise, the method returns
nothing.
:param context: The request context, for access checks.
:param tenant_id: The tenant_id to check the quota.
:param resources: A dictionary of the registered resources.
:param values: A dictionary of the values to check against the
quota.
"""
# Ensure no value is less than zero quota的配置值不能为负数
unders = [key for key, val in values.items() if val < 0]
if unders:
raise exceptions.InvalidQuotaValue(unders=sorted(unders))
# Get the applicable quotas
quotas = self._get_quotas(context, tenant_id, resources, values.keys())
# Check the quotas and construct a list of the resources that
# would be put over limit by the desired values
overs = [key for key, val in values.items()
if quotas[key] >= 0 and quotas[key] < val]
if overs:
raise exceptions.OverQuota(overs=sorted(overs)) openstack之neutron配额调整的更多相关文章
- OpenStack:安装Neutron与provider network
1. 安装(1)Install Networking services on a dedicated network node# apt-get install neutron-server neut ...
- openstack之neutron
Neutron neutron主要就是用于网络虚拟化,之前将nova的时候说过,网络部分没有写,因为openstack中的网络属于一个大部分,所以今天咱们就来看看neutron到底是怎么样实现网络虚拟 ...
- openstack核心组件——neutron网络服务 抓取ip(9)
云计算openstack核心组件——neutron网络服务(9) 一.虚拟机获取 ip: 用 namspace 隔离 DHCP 服务 Neutron 通过 dnsmasq 提供 DHCP 服务 ...
- openstack核心组件——neutron网络服务(8)
云计算openstack核心组件——neutron网络服务(8) 一.neutron 介绍: Neutron 概述 传统的网络管理方式很大程度上依赖于管理员手工配置和维护各种网络硬件设备:而云 ...
- openstack之neutron linuxbridge + vlan组网
linuxbridge是和linuxbridge plugin匹配的core agent,主要实现L2层的功能和security group的功能.security group的功能逐渐会被neutr ...
- openstack之Neutron网络模式vlan,gre,vxlan详解
第一:neutron openvswitch + vlan虚拟网络 一:基础知识 vlan基础知识 1.vlan介绍 1.1:首先说下lan,LAN 表示 Local Area Network,本地局 ...
- openstack之Neutron网络虚拟化
第一:为什么需要网络虚拟化? 一.数据中心的现有网络不能满足云计算的物理需求: 互联网行业数据中心的基本特征就是服务器的规模偏大.进入云计算时代后,其业务特征变得更加复杂,包括:虚拟化支持.多业务承载 ...
- OpenStack之Neutron分配VIP提供给两台虚拟机做高可用
一. 简单介绍 在openstack私有云平台的应用场景中,涉及多台虚拟机实例进行高可用的绑定,这里我们需要在云平台中提供一个IP给高可用场景切换,这里介绍keepalived + allow_add ...
- OpenStack之Neutron网络服务(一)
1.Neutron概要 OpenStack网络服务提供了一个API接口,允许用户在云上设置和定义网络连接和地址.这个网络服务的项目代码名称是Neutron.OpenStack网络处理虚拟设备的创建和管 ...
随机推荐
- Docker生态会重蹈Hadoop的覆辙吗?
Docker生态会重蹈Hadoop的覆辙吗? http://mp.weixin.qq.com/s?__biz=MzA5NDg3ODMxNw==&mid=2649535024&idx=1 ...
- echarts常用方法(一)
目前,项目中涉及到图表的,使用echarts的频率较多,因为UI设计一般不会考虑到是否能实现的问题,他们专注的只是显示的效果.所以作为前端开发,要对echarts进行不同程度的改造,组合,甚至重写等. ...
- 微信小程序笔记
1.文件的作用 js,wxml,wxss,json 所有页面中要用到的变量,都放在可了pages目录下 wxml:类似于html文件 wxss:类似于css文件(类, id, 标签,子代,后代,bef ...
- reactjs-swiper react轮播图组件基于swiper
react轮播图组件基于swiper demo地址:http://reactjs-ui.github.io/reactjs-swiper/simple.html 1. 下载安装 npm install ...
- 第一次提交 nacos 代码
新建 issue认领 issuefork修改 nacos 项目 .git/config 中的用户信息pushcreate pull request 到 develop 分支
- idea怎么创建properties文件
我们在idea当中新建一个properties时,就要新建一个ResourceBundle类型的文件
- MSDN订户下载权限被屏蔽的办法
使用Chrome浏览器,在加载完成页面之后,按F12,在控制台选项卡当中输入下面代码,即可解除屏蔽. $("#SubMigratedMessageArea").remove(); ...
- python day1 之三级菜单的正确姿势
看了几个同学有关三级菜单的实现,都是通过一级一级输出,是较为过程的实现.另外如果菜单(树形结构)更多级这样处理起来就比较麻烦了. 可以使用python强大的列表和字典,实现的更优美或简洁一些: 注:复 ...
- Python列表操作集合
对于python列表里元素的操作主要分为以下几个方面: 1.向列表里面加元素: 向python列表里面添加元素主要有三种方法: (1)append() append()对于列表的操作主要实现的是在特定 ...
- Linux快捷键 Linux权限
第1章 回顾昨天内容 1.1 取出网卡ip地址 取出文件权限 1.2 awk '找谁{干啥}' awk 'NR==2{print $4}' 1.3 系统时间 [root@oldboyedu-40-n ...