openstack之neutron配额调整
1. 前言
neutron在安装配置完成之后,openstack为了实现对所有tenant对网络资源的使用,针对neutron设置有专门的配额,以防止租户使用过多的资源,而对其他的tenant造成影响。和nova的quota相类似,neutron也使用单独的一个驱动来实现网络neutron的配额控制。
2. neutron默认的配额
neutron默认的配额针对network,port,router,subnet,floatingip做了配额方面的限定,参考neutron的配置文件,获取quota的配额内容为:
[root@controller ~]# vim /etc/neutron/neutron.conf
[quotas]
quota_driver = neutron.db.quota_db.DbQuotaDriver 配额驱动
quota_items = network,subnet,port quota限定的范畴
default_quota = -1 默认的quota,-1表示没有限制(未启用)
quota_network = 10 建立的network个数
quota_subnet = 10 建立的subnet个数
quota_port = 50 允许的port个数
quota_security_group = 10 安全组的个数
quota_security_group_rule = 100 安全组规规则条数
quota_vip = 10 vip个数,以下的quota_member和quota_health_monitors 都用于LBaaS场景
quota_pool = 10 pool个数
quota_member = -1 member个数
quota_health_monitors = -1 monitor个数
quota_router = 10 router的个数
quota_floatingip = 50 floating-ip个数3. 修改neutron的配额
查看neutron默认的配额
[root@controller ~]# keystone tenant-list
+----------------------------------+----------+---------+
| id | name | enabled |
+----------------------------------+----------+---------+
| 842ab3268a2c47e6a4b0d8774de805ae | admin | True |
| 7ff1dfb5a6f349958c3a949248e56236 | companyA | True | #得到tenant的uuid号
| 10d1465c00d049fab88dec1af0f56b1b | demo | True |
| 3b57a14f7c354a979c9f62b60f31a331 | service | True |
+----------------------------------+----------+---------+
[root@controller ~]# neutron quota-show --tenant-id 7ff1dfb5a6f349958c3a949248e56236
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 50 |
| health_monitor | -1 |
| member | -1 |
| network | 10 |
| pool | 10 |
| port | 50 | #port,每台虚拟机都需要一个ip,即一个port,很容易就超过配额
| router | 10 |
| security_group | 10 |
| security_group_rule | 100 |
| subnet | 10 |
| vip | 10 |
+---------------------+-------+2. 修改neutron配额
[root@controller ~]# neutron quota-update --network 20 --subnet 20 --port 100 --router 5 --floatingip 100 --security-group 10 --security-group-rule 100 --tenant-id 7ff1dfb5a6f349958c3a949248e56236
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 100 |
| health_monitor | -1 |
| member | -1 |
| network | 20 |
| pool | 10 |
| port | 100 |
| router | 5 |
| security_group | 10 |
| security_group_rule | 100 |
| subnet | 20 |
| vip | 10 |
+---------------------+-------+
校验neutron的quota配置
[root@controller ~]# neutron quota-show --tenant-id 7ff1dfb5a6f349958c3a949248e56236
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 100 |
| health_monitor | -1 |
| member | -1 |
| network | 20 |
| pool | 10 |
| port | 100 |
| router | 5 |
| security_group | 10 |
| security_group_rule | 100 |
| subnet | 20 |
| vip | 10 |
+---------------------+-------+4. 统计port的个数
[root@controller ~]# neutron port-list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| 0060ec4a-957d-4571-b730-6b4a9bb3baf8 | | fa:16:3e:48:42:3d | {"subnet_id": "9654a807-d4fa-49f1-abb6-2e45d776c69f", "ip_address": "10.16.4.19"} |
| 00942be0-a3a9-471d-a4ba-336db0ee1539 | | fa:16:3e:73:75:03 | {"subnet_id": "ad4a5ffc-3ccc-42c4-89a1-61e7b18632a3", "ip_address": "10.16.6.96"} |
| 0119045c-8219-4744-bd58-a7e77294832c | | fa:16:3e:10:ed:7f | {"subnet_id": "9654a807-d4fa-49f1-abb6-2e45d776c69f", "ip_address": "10.16.4.71"} |
| 04f7d8ea-1849-4938-9ef7-e8114893132f | | fa:16:3e:50:86:1b | {"subnet_id": "ad4a5ffc-3ccc-42c4-89a1-61e7b18632a3", "ip_address": "10.16.6.27"} |
[root@controller ~]# neutron port-list |wc -l #超过配额时,需要修改
1945. 总结
随着时间的推移,当越来越多得instance加入到openstack中,port也会相应增加,一个ip对应一个port,所以当port达到配额时,openstack会组织用户继续分配虚拟机,此时,就需要修改neutron的配额了,关于neutron配额的报错,可以参考neutron的日志/var/log/neutron/neutron-server.log,可以根据日志的信息,定位到报错的原因,具体不赘述。
6. 附录
neutron实现quota的代码解读
[root@controller ~]# vim /usr/lib/python2.6/site-packages/neutron/db/quota_db.py
import sqlalchemy as sa
from neutron.common import exceptions
from neutron.db import model_base
from neutron.db import models_v2
'''
quota数据库表的表结构,tenant默认集成的配额从这里获取
mysql> desc quotas;
+-----------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| tenant_id | varchar(255) | YES | MUL | NULL | |
| resource | varchar(255) | YES | | NULL | |
| limit | int(11) | YES | | NULL | |
+-----------+--------------+------+-----+---------+-------+
'''
class Quota(model_base.BASEV2, models_v2.HasId):
"""Represent a single quota override for a tenant.
If there is no row for a given tenant id and resource, then the
default for the quota class is used.
"""
tenant_id = sa.Column(sa.String(255), index=True)
resource = sa.Column(sa.String(255))
limit = sa.Column(sa.Integer)
'''
quota配额的具体实现,根据数据库的配置内容,实现quota的控制,即quota的增删改查方法
'''
class DbQuotaDriver(object):
"""Driver to perform necessary checks to enforce quotas and obtain quota
information.
The default driver utilizes the local database.
"""
'''
得到租户tenant的quota,执行neutron quota-show --tenant-id uuid时调用的方法
'''
@staticmethod
def get_tenant_quotas(context, resources, tenant_id):
"""Given a list of resources, retrieve the quotas for the given
tenant.
:param context: The request context, for access checks.
:param resources: A dictionary of the registered resource keys.
:param tenant_id: The ID of the tenant to return quotas for.
:return dict: from resource name to dict of name and limit
"""
# init with defaults 得到quota默认的配额项item,即所谓的network,subnet,port和router等,以及对应的值
tenant_quota = dict((key, resource.default)
for key, resource in resources.items())
# update with tenant specific limits 从数据库中获取最新的quota配置信息,并更新
q_qry = context.session.query(Quota).filter_by(tenant_id=tenant_id)
tenant_quota.update((q['resource'], q['limit']) for q in q_qry)
return tenant_quota
'''
quota的删除,即执行neutron quota-delete 的方法,删除之后,tenant将会集成默认的的quota配置
'''
@staticmethod
def delete_tenant_quota(context, tenant_id):
"""Delete the quota entries for a given tenant_id.
Atfer deletion, this tenant will use default quota values in conf.
"""
#从neutron。quotas数据库中查询到所有的quota配置之后,过略某个具体的tenant的quota,之后执行delete()方法将其删除
with context.session.begin():
tenant_quotas = context.session.query(Quota)
tenant_quotas = tenant_quotas.filter_by(tenant_id=tenant_id)
tenant_quotas.delete()
'''
得到所有租户tenant的配额资源,即执行neutron quota-list所查看的内容
'''
@staticmethod
def get_all_quotas(context, resources):
"""Given a list of resources, retrieve the quotas for the all tenants.
:param context: The request context, for access checks.
:param resources: A dictionary of the registered resource keys.
:return quotas: list of dict of tenant_id:, resourcekey1:
resourcekey2: ...
"""
tenant_default = dict((key, resource.default)
for key, resource in resources.items())
all_tenant_quotas = {}
for quota in context.session.query(Quota):
tenant_id = quota['tenant_id']
# avoid setdefault() because only want to copy when actually req'd
#如果quotas表中,没有找到配置选项,说明使用默认的quota配置,直接用默认的copy过来即可,有配置则继承quotas表中的配置
tenant_quota = all_tenant_quotas.get(tenant_id)
if tenant_quota is None:
tenant_quota = tenant_default.copy()
tenant_quota['tenant_id'] = tenant_id
all_tenant_quotas[tenant_id] = tenant_quota
tenant_quota[quota['resource']] = quota['limit']
return all_tenant_quotas.values()
'''
更新quota的配置,即执行neutron quota-update命令的具体实现
'''
@staticmethod
def update_quota_limit(context, tenant_id, resource, limit):
with context.session.begin():
tenant_quota = context.session.query(Quota).filter_by(
tenant_id=tenant_id, resource=resource).first()
#有配置内容,则更新,没有则根据资源的配置内容,在数据库中添加对应的条目
if tenant_quota:
tenant_quota.update({'limit': limit})
else:
tenant_quota = Quota(tenant_id=tenant_id,
resource=resource,
limit=limit)
context.session.add(tenant_quota)
def _get_quotas(self, context, tenant_id, resources, keys):
"""Retrieves the quotas for specific resources.
A helper method which retrieves the quotas for the specific
resources identified by keys, and which apply to the current
context.
:param context: The request context, for access checks.
:param tenant_id: the tenant_id to check quota.
:param resources: A dictionary of the registered resources.
:param keys: A list of the desired quotas to retrieve.
"""
desired = set(keys)
sub_resources = dict((k, v) for k, v in resources.items()
if k in desired)
# Make sure we accounted for all of them...
if len(keys) != len(sub_resources):
unknown = desired - set(sub_resources.keys())
raise exceptions.QuotaResourceUnknown(unknown=sorted(unknown))
# Grab and return the quotas (without usages)
quotas = DbQuotaDriver.get_tenant_quotas(
context, sub_resources, tenant_id)
return dict((k, v) for k, v in quotas.items())
'''
neutron quota的校验,即在执行过程中,调用该方法,确认tenant的quota是否在合理的范围内
'''
def limit_check(self, context, tenant_id, resources, values):
"""Check simple quota limits.
For limits--those quotas for which there is no usage
synchronization function--this method checks that a set of
proposed values are permitted by the limit restriction.
This method will raise a QuotaResourceUnknown exception if a
given resource is unknown or if it is not a simple limit
resource.
If any of the proposed values is over the defined quota, an
OverQuota exception will be raised with the sorted list of the
resources which are too high. Otherwise, the method returns
nothing.
:param context: The request context, for access checks.
:param tenant_id: The tenant_id to check the quota.
:param resources: A dictionary of the registered resources.
:param values: A dictionary of the values to check against the
quota.
"""
# Ensure no value is less than zero quota的配置值不能为负数
unders = [key for key, val in values.items() if val < 0]
if unders:
raise exceptions.InvalidQuotaValue(unders=sorted(unders))
# Get the applicable quotas
quotas = self._get_quotas(context, tenant_id, resources, values.keys())
# Check the quotas and construct a list of the resources that
# would be put over limit by the desired values
overs = [key for key, val in values.items()
if quotas[key] >= 0 and quotas[key] < val]
if overs:
raise exceptions.OverQuota(overs=sorted(overs)) openstack之neutron配额调整的更多相关文章
- OpenStack:安装Neutron与provider network
1. 安装(1)Install Networking services on a dedicated network node# apt-get install neutron-server neut ...
- openstack之neutron
Neutron neutron主要就是用于网络虚拟化,之前将nova的时候说过,网络部分没有写,因为openstack中的网络属于一个大部分,所以今天咱们就来看看neutron到底是怎么样实现网络虚拟 ...
- openstack核心组件——neutron网络服务 抓取ip(9)
云计算openstack核心组件——neutron网络服务(9) 一.虚拟机获取 ip: 用 namspace 隔离 DHCP 服务 Neutron 通过 dnsmasq 提供 DHCP 服务 ...
- openstack核心组件——neutron网络服务(8)
云计算openstack核心组件——neutron网络服务(8) 一.neutron 介绍: Neutron 概述 传统的网络管理方式很大程度上依赖于管理员手工配置和维护各种网络硬件设备:而云 ...
- openstack之neutron linuxbridge + vlan组网
linuxbridge是和linuxbridge plugin匹配的core agent,主要实现L2层的功能和security group的功能.security group的功能逐渐会被neutr ...
- openstack之Neutron网络模式vlan,gre,vxlan详解
第一:neutron openvswitch + vlan虚拟网络 一:基础知识 vlan基础知识 1.vlan介绍 1.1:首先说下lan,LAN 表示 Local Area Network,本地局 ...
- openstack之Neutron网络虚拟化
第一:为什么需要网络虚拟化? 一.数据中心的现有网络不能满足云计算的物理需求: 互联网行业数据中心的基本特征就是服务器的规模偏大.进入云计算时代后,其业务特征变得更加复杂,包括:虚拟化支持.多业务承载 ...
- OpenStack之Neutron分配VIP提供给两台虚拟机做高可用
一. 简单介绍 在openstack私有云平台的应用场景中,涉及多台虚拟机实例进行高可用的绑定,这里我们需要在云平台中提供一个IP给高可用场景切换,这里介绍keepalived + allow_add ...
- OpenStack之Neutron网络服务(一)
1.Neutron概要 OpenStack网络服务提供了一个API接口,允许用户在云上设置和定义网络连接和地址.这个网络服务的项目代码名称是Neutron.OpenStack网络处理虚拟设备的创建和管 ...
随机推荐
- 关于RedHat Linux无法使用yum命令安装gcc-c++问题
初入职场,在给RedHat Linux安装环境的时候遇到这么个问题. 参考:http://www.linuxidc.com/Linux/2017-08/146548.htm [root@localho ...
- c#+Unity3D
Windows系统unity3d中的快捷键 自己整理常用; f2 改名 shift + 三维轴中间:45度 点击左键时 F:聚焦 V顶点贴合 ws拉近拉远 ad左右 qe 上下 长按右键 自由调换视角 ...
- c++ switch和case的用法
#include "pch.h" #include<iostream> using namespace std; const float PI = 3.1415926; ...
- iOS 底层解析weak的实现原理(包含weak对象的初始化,引用,释放的分析)
原文 很少有人知道weak表其实是一个hash(哈希)表,Key是所指对象的地址,Value是weak指针的地址数组.更多人的人只是知道weak是弱引用,所引用对象的计数器不会加一,并在引用对象被释放 ...
- postman-SSL证书问题-支持HTTPS请求
使用Google接口调试插件postman请求https协议的接口,postman提示: 为此,需要解决这个问题,提示信息已经给出了解决方案!Using self-signed SSL certifi ...
- 3DsMax 自动化操作(maxScript)
这是我编写的一部分maxScript 脚本,专注于3DsMax 快速建模,程序化地为我们完成一些繁琐的工作. 可以极大提高公司开发的效率! 2019年04月09日 :上传 今年新开发的插件,还有很多, ...
- 总结get和post区别---面试用
总结get和post区别---面试用 我是搬运工!!!! get参数通过url传递,post放在request body中. get请求在url中传递的参数是有长度限制的,而post没有. get比p ...
- vue+uwsgi+nginx部署路飞学城
vue+uwsgi+nginx部署路飞学城 有一天,老男孩的苑日天给我发来了两个神秘代码,听说是和mjj的结晶 超哥将这两个代码,放到了一个网站上,大家可以自行下载 路飞学城django代码 ht ...
- DBUtils——handler
ArrayHandler: 把结果集中的第一行数据转成对象数组. ArrayListHandler: 把结果集中的每一行数据都转成一个对象数组,再存放到List中. BeanHandler: 将结果集 ...
- BUG调试: Jump to the invalid address stated on the next line at 0x0: ???
gdb或者vlagrind报告: ==14569== Jump to the invalid address stated on the next line ==14569== at 0x0: ??? ...