openstack之neutron配额调整
1. 前言
neutron在安装配置完成之后,openstack为了实现对所有tenant对网络资源的使用,针对neutron设置有专门的配额,以防止租户使用过多的资源,而对其他的tenant造成影响。和nova的quota相类似,neutron也使用单独的一个驱动来实现网络neutron的配额控制。
2. neutron默认的配额
neutron默认的配额针对network,port,router,subnet,floatingip做了配额方面的限定,参考neutron的配置文件,获取quota的配额内容为:
[root@controller ~]# vim /etc/neutron/neutron.conf
[quotas]
quota_driver = neutron.db.quota_db.DbQuotaDriver 配额驱动
quota_items = network,subnet,port quota限定的范畴
default_quota = -1 默认的quota,-1表示没有限制(未启用)
quota_network = 10 建立的network个数
quota_subnet = 10 建立的subnet个数
quota_port = 50 允许的port个数
quota_security_group = 10 安全组的个数
quota_security_group_rule = 100 安全组规规则条数
quota_vip = 10 vip个数,以下的quota_member和quota_health_monitors 都用于LBaaS场景
quota_pool = 10 pool个数
quota_member = -1 member个数
quota_health_monitors = -1 monitor个数
quota_router = 10 router的个数
quota_floatingip = 50 floating-ip个数3. 修改neutron的配额
查看neutron默认的配额
[root@controller ~]# keystone tenant-list
+----------------------------------+----------+---------+
| id | name | enabled |
+----------------------------------+----------+---------+
| 842ab3268a2c47e6a4b0d8774de805ae | admin | True |
| 7ff1dfb5a6f349958c3a949248e56236 | companyA | True | #得到tenant的uuid号
| 10d1465c00d049fab88dec1af0f56b1b | demo | True |
| 3b57a14f7c354a979c9f62b60f31a331 | service | True |
+----------------------------------+----------+---------+
[root@controller ~]# neutron quota-show --tenant-id 7ff1dfb5a6f349958c3a949248e56236
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 50 |
| health_monitor | -1 |
| member | -1 |
| network | 10 |
| pool | 10 |
| port | 50 | #port,每台虚拟机都需要一个ip,即一个port,很容易就超过配额
| router | 10 |
| security_group | 10 |
| security_group_rule | 100 |
| subnet | 10 |
| vip | 10 |
+---------------------+-------+2. 修改neutron配额
[root@controller ~]# neutron quota-update --network 20 --subnet 20 --port 100 --router 5 --floatingip 100 --security-group 10 --security-group-rule 100 --tenant-id 7ff1dfb5a6f349958c3a949248e56236
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 100 |
| health_monitor | -1 |
| member | -1 |
| network | 20 |
| pool | 10 |
| port | 100 |
| router | 5 |
| security_group | 10 |
| security_group_rule | 100 |
| subnet | 20 |
| vip | 10 |
+---------------------+-------+
校验neutron的quota配置
[root@controller ~]# neutron quota-show --tenant-id 7ff1dfb5a6f349958c3a949248e56236
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 100 |
| health_monitor | -1 |
| member | -1 |
| network | 20 |
| pool | 10 |
| port | 100 |
| router | 5 |
| security_group | 10 |
| security_group_rule | 100 |
| subnet | 20 |
| vip | 10 |
+---------------------+-------+4. 统计port的个数
[root@controller ~]# neutron port-list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| 0060ec4a-957d-4571-b730-6b4a9bb3baf8 | | fa:16:3e:48:42:3d | {"subnet_id": "9654a807-d4fa-49f1-abb6-2e45d776c69f", "ip_address": "10.16.4.19"} |
| 00942be0-a3a9-471d-a4ba-336db0ee1539 | | fa:16:3e:73:75:03 | {"subnet_id": "ad4a5ffc-3ccc-42c4-89a1-61e7b18632a3", "ip_address": "10.16.6.96"} |
| 0119045c-8219-4744-bd58-a7e77294832c | | fa:16:3e:10:ed:7f | {"subnet_id": "9654a807-d4fa-49f1-abb6-2e45d776c69f", "ip_address": "10.16.4.71"} |
| 04f7d8ea-1849-4938-9ef7-e8114893132f | | fa:16:3e:50:86:1b | {"subnet_id": "ad4a5ffc-3ccc-42c4-89a1-61e7b18632a3", "ip_address": "10.16.6.27"} |
[root@controller ~]# neutron port-list |wc -l #超过配额时,需要修改
1945. 总结
随着时间的推移,当越来越多得instance加入到openstack中,port也会相应增加,一个ip对应一个port,所以当port达到配额时,openstack会组织用户继续分配虚拟机,此时,就需要修改neutron的配额了,关于neutron配额的报错,可以参考neutron的日志/var/log/neutron/neutron-server.log,可以根据日志的信息,定位到报错的原因,具体不赘述。
6. 附录
neutron实现quota的代码解读
[root@controller ~]# vim /usr/lib/python2.6/site-packages/neutron/db/quota_db.py
import sqlalchemy as sa
from neutron.common import exceptions
from neutron.db import model_base
from neutron.db import models_v2
'''
quota数据库表的表结构,tenant默认集成的配额从这里获取
mysql> desc quotas;
+-----------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| tenant_id | varchar(255) | YES | MUL | NULL | |
| resource | varchar(255) | YES | | NULL | |
| limit | int(11) | YES | | NULL | |
+-----------+--------------+------+-----+---------+-------+
'''
class Quota(model_base.BASEV2, models_v2.HasId):
"""Represent a single quota override for a tenant.
If there is no row for a given tenant id and resource, then the
default for the quota class is used.
"""
tenant_id = sa.Column(sa.String(255), index=True)
resource = sa.Column(sa.String(255))
limit = sa.Column(sa.Integer)
'''
quota配额的具体实现,根据数据库的配置内容,实现quota的控制,即quota的增删改查方法
'''
class DbQuotaDriver(object):
"""Driver to perform necessary checks to enforce quotas and obtain quota
information.
The default driver utilizes the local database.
"""
'''
得到租户tenant的quota,执行neutron quota-show --tenant-id uuid时调用的方法
'''
@staticmethod
def get_tenant_quotas(context, resources, tenant_id):
"""Given a list of resources, retrieve the quotas for the given
tenant.
:param context: The request context, for access checks.
:param resources: A dictionary of the registered resource keys.
:param tenant_id: The ID of the tenant to return quotas for.
:return dict: from resource name to dict of name and limit
"""
# init with defaults 得到quota默认的配额项item,即所谓的network,subnet,port和router等,以及对应的值
tenant_quota = dict((key, resource.default)
for key, resource in resources.items())
# update with tenant specific limits 从数据库中获取最新的quota配置信息,并更新
q_qry = context.session.query(Quota).filter_by(tenant_id=tenant_id)
tenant_quota.update((q['resource'], q['limit']) for q in q_qry)
return tenant_quota
'''
quota的删除,即执行neutron quota-delete 的方法,删除之后,tenant将会集成默认的的quota配置
'''
@staticmethod
def delete_tenant_quota(context, tenant_id):
"""Delete the quota entries for a given tenant_id.
Atfer deletion, this tenant will use default quota values in conf.
"""
#从neutron。quotas数据库中查询到所有的quota配置之后,过略某个具体的tenant的quota,之后执行delete()方法将其删除
with context.session.begin():
tenant_quotas = context.session.query(Quota)
tenant_quotas = tenant_quotas.filter_by(tenant_id=tenant_id)
tenant_quotas.delete()
'''
得到所有租户tenant的配额资源,即执行neutron quota-list所查看的内容
'''
@staticmethod
def get_all_quotas(context, resources):
"""Given a list of resources, retrieve the quotas for the all tenants.
:param context: The request context, for access checks.
:param resources: A dictionary of the registered resource keys.
:return quotas: list of dict of tenant_id:, resourcekey1:
resourcekey2: ...
"""
tenant_default = dict((key, resource.default)
for key, resource in resources.items())
all_tenant_quotas = {}
for quota in context.session.query(Quota):
tenant_id = quota['tenant_id']
# avoid setdefault() because only want to copy when actually req'd
#如果quotas表中,没有找到配置选项,说明使用默认的quota配置,直接用默认的copy过来即可,有配置则继承quotas表中的配置
tenant_quota = all_tenant_quotas.get(tenant_id)
if tenant_quota is None:
tenant_quota = tenant_default.copy()
tenant_quota['tenant_id'] = tenant_id
all_tenant_quotas[tenant_id] = tenant_quota
tenant_quota[quota['resource']] = quota['limit']
return all_tenant_quotas.values()
'''
更新quota的配置,即执行neutron quota-update命令的具体实现
'''
@staticmethod
def update_quota_limit(context, tenant_id, resource, limit):
with context.session.begin():
tenant_quota = context.session.query(Quota).filter_by(
tenant_id=tenant_id, resource=resource).first()
#有配置内容,则更新,没有则根据资源的配置内容,在数据库中添加对应的条目
if tenant_quota:
tenant_quota.update({'limit': limit})
else:
tenant_quota = Quota(tenant_id=tenant_id,
resource=resource,
limit=limit)
context.session.add(tenant_quota)
def _get_quotas(self, context, tenant_id, resources, keys):
"""Retrieves the quotas for specific resources.
A helper method which retrieves the quotas for the specific
resources identified by keys, and which apply to the current
context.
:param context: The request context, for access checks.
:param tenant_id: the tenant_id to check quota.
:param resources: A dictionary of the registered resources.
:param keys: A list of the desired quotas to retrieve.
"""
desired = set(keys)
sub_resources = dict((k, v) for k, v in resources.items()
if k in desired)
# Make sure we accounted for all of them...
if len(keys) != len(sub_resources):
unknown = desired - set(sub_resources.keys())
raise exceptions.QuotaResourceUnknown(unknown=sorted(unknown))
# Grab and return the quotas (without usages)
quotas = DbQuotaDriver.get_tenant_quotas(
context, sub_resources, tenant_id)
return dict((k, v) for k, v in quotas.items())
'''
neutron quota的校验,即在执行过程中,调用该方法,确认tenant的quota是否在合理的范围内
'''
def limit_check(self, context, tenant_id, resources, values):
"""Check simple quota limits.
For limits--those quotas for which there is no usage
synchronization function--this method checks that a set of
proposed values are permitted by the limit restriction.
This method will raise a QuotaResourceUnknown exception if a
given resource is unknown or if it is not a simple limit
resource.
If any of the proposed values is over the defined quota, an
OverQuota exception will be raised with the sorted list of the
resources which are too high. Otherwise, the method returns
nothing.
:param context: The request context, for access checks.
:param tenant_id: The tenant_id to check the quota.
:param resources: A dictionary of the registered resources.
:param values: A dictionary of the values to check against the
quota.
"""
# Ensure no value is less than zero quota的配置值不能为负数
unders = [key for key, val in values.items() if val < 0]
if unders:
raise exceptions.InvalidQuotaValue(unders=sorted(unders))
# Get the applicable quotas
quotas = self._get_quotas(context, tenant_id, resources, values.keys())
# Check the quotas and construct a list of the resources that
# would be put over limit by the desired values
overs = [key for key, val in values.items()
if quotas[key] >= 0 and quotas[key] < val]
if overs:
raise exceptions.OverQuota(overs=sorted(overs)) openstack之neutron配额调整的更多相关文章
- OpenStack:安装Neutron与provider network
1. 安装(1)Install Networking services on a dedicated network node# apt-get install neutron-server neut ...
- openstack之neutron
Neutron neutron主要就是用于网络虚拟化,之前将nova的时候说过,网络部分没有写,因为openstack中的网络属于一个大部分,所以今天咱们就来看看neutron到底是怎么样实现网络虚拟 ...
- openstack核心组件——neutron网络服务 抓取ip(9)
云计算openstack核心组件——neutron网络服务(9) 一.虚拟机获取 ip: 用 namspace 隔离 DHCP 服务 Neutron 通过 dnsmasq 提供 DHCP 服务 ...
- openstack核心组件——neutron网络服务(8)
云计算openstack核心组件——neutron网络服务(8) 一.neutron 介绍: Neutron 概述 传统的网络管理方式很大程度上依赖于管理员手工配置和维护各种网络硬件设备:而云 ...
- openstack之neutron linuxbridge + vlan组网
linuxbridge是和linuxbridge plugin匹配的core agent,主要实现L2层的功能和security group的功能.security group的功能逐渐会被neutr ...
- openstack之Neutron网络模式vlan,gre,vxlan详解
第一:neutron openvswitch + vlan虚拟网络 一:基础知识 vlan基础知识 1.vlan介绍 1.1:首先说下lan,LAN 表示 Local Area Network,本地局 ...
- openstack之Neutron网络虚拟化
第一:为什么需要网络虚拟化? 一.数据中心的现有网络不能满足云计算的物理需求: 互联网行业数据中心的基本特征就是服务器的规模偏大.进入云计算时代后,其业务特征变得更加复杂,包括:虚拟化支持.多业务承载 ...
- OpenStack之Neutron分配VIP提供给两台虚拟机做高可用
一. 简单介绍 在openstack私有云平台的应用场景中,涉及多台虚拟机实例进行高可用的绑定,这里我们需要在云平台中提供一个IP给高可用场景切换,这里介绍keepalived + allow_add ...
- OpenStack之Neutron网络服务(一)
1.Neutron概要 OpenStack网络服务提供了一个API接口,允许用户在云上设置和定义网络连接和地址.这个网络服务的项目代码名称是Neutron.OpenStack网络处理虚拟设备的创建和管 ...
随机推荐
- js的原型/原型链/构造函数
js里一切皆对象.有js自己内部的对象,还有用户自定义的对象.所有的对象都是从原型上衍生出来的. 原型本身也是对象,原型链的最高层就是Object. 两个重要的属性:prototype, __prot ...
- Flutter采坑之路 用真机跑起来的时候提示 initGradle失败,IO异常,downloading Gradle-4.6-all.zip失败
这个异常就是Gradle下载异常,进而下面会提示一行IO异常 我这里的原因就是Gradle对应的4.6-all版本下载不下来(一般情况下确实很难下载下来) 所以在正常AS工程呢,我们选择一下Gradl ...
- 华为的云计算基于openstack #stackalytics#
华为的云计算基于openstack,具体实力可以参考openstack 社区提供的stackalytics http://stackalytics.com/
- 人生苦短,我用python(目录)
一.python基础篇 python中闭包及延时绑定问题 python中的装饰器.生成器 二.前端 bootstrap框架 BOM&DOM JavaScript中的词法分析 三.数据库 mys ...
- SQL Pretty Printer for SSMS 很不错的SQL格式化插件
写SQL语句或者脚本时,看到凌乱的格式就头大了,于是决心找一款SQL语句格式化的工具. 功夫不负有心人还真的被我找到一款很好用,很方便的SQL Server插件:SQL Pretty Printer ...
- 记MySQL的一次查询经历
今天在MySQL查数据,sql语句如下: SELECT * FROM `admins` where dep_ids = 24;
- 爬虫(四)requests模块1
引入 Requests 唯一的一个非转基因的 Python HTTP 库,人类可以安全享用. 警告:非专业使用其他 HTTP 库会导致危险的副作用,包括:安全缺陷症.冗余代码症.重新发明轮子症.啃文档 ...
- mysql 执行sql流程
客户端发送sql 语句后的堆栈 #0 0x0000000100370565 in do_command(THD*) at percona-server-Percona-Server-5.6.37-82 ...
- DBLookupCombobox实现下拉联动
这次用DBLookupCombobox实现省份-城市-地区的下拉联动,用以学习DBLookupCombobox的一些用法 效果图: 首先建立数据表(数据表形式可以多种多样:数据库表.文本.xml等,最 ...
- jdk 版本切换
由于要创建一个新的项目,启动时报错了,Spring boot 启动报错 Unsupported major.minor version 52.0,是因为jdk版本太低了,从目前是1.7,我已经安装过了 ...