Manage quotas
Note
This section provides deployment information about the quota feature.
For end-user information about quotas, including information about the
type of quotas available, refer to the user guide </user/quotas>.
To prevent system capacities from being exhausted without
notification, you can set up quotas. Quotas are operational limits. For
example, the number of gigabytes allowed for each project can be
controlled so that cloud resources are optimized. Quotas can be enforced
at both the project and the project-user level.
Starting in the 16.0.0 Pike release, the quota calculation system in
nova was overhauled and the old reserve/commit/rollback flow was changed
to count
resource usage at the point of whatever operation is being
performed, such as creating or resizing a server. A check will be
performed by counting current usage for the relevant resource and then,
if quota.recheck_quota is True, another
check will be performed to ensure the initial check is still valid.
By default resource usage is counted using the API and cell databases
but nova can be configured to count some resource usage without using
the cell databases. See Quota
usage from placement for details.
Using the command-line interface, you can manage quotas for nova,
along with cinder <cli/cli-cinder-quotas.html> and
neutron. You would typically
<contributor/internals/quota.html>
change default values because, for example, a project requires more than
ten volumes or 1 TB on a compute node.
Checking quota
When calculating limits for a given resource and project, the
following checks are made in order:
-
Project-specific limits
Depending on the resource, is there a project-specific limit on the
resource in either thequotasor
project_user_quotastables in the database? If so, use that
as the limit. You can create these resources using:$ openstack quota set --instances 5 <project> -
Default limits
Check to see if there is a hard limit for the given resource in the
quota_classestable in the database for the
defaultquota class. If so, use that as the limit. You can
modify the default quota limit for a resource using:$ openstack quota set --instances 5 --class defaultNote
Only the
defaultclass is supported by nova. -
Config-driven limits
If the above does not provide a resource limit, then rely on the
configuration options in thequotaconfig group for the default
limits.
Note
The API sets the limit in the quota_classes table. Once
a default limit is set via the default
quota class, that takes precedence over any changes to that resource
limit in the configuration options. In other words, once you’ve changed
things via the API, you either have to keep those synchronized with the
configuration values or remove the default limit from the database
manually as there is no REST API for removing quota class values from
the database.
Quota usage from placement
Starting in the Train (20.0.0) release, it is possible to configure
quota usage counting of cores and RAM from the placement service and
instances from instance mappings in the API database instead of counting
resources from cell databases. This makes quota usage counting resilient
in the presence of down
or poor-performing cells.
Quota usage counting from placement is opt-in via the quota.count_usage_from_placement
config option:
[quota]
count_usage_from_placement = TrueThere are some things to note when opting in to counting quota usage
from placement:
- Counted usage will not be accurate in an environment where multiple
Nova deployments are sharing a placement deployment because currently
placement has no way of partitioning resource providers between
different Nova deployments. Operators who are running multiple Nova
deployments that share a placement deployment should not set thequota.count_usage_from_placement
configuration option toTrue. - Behavior will be different for resizes. During a resize, resource
allocations are held on both the source and destination (even on the
same host, see https://bugs.launchpad.net/nova/+bug/1790204)
until the resize is confirmed or reverted. Quota usage will be inflated
for servers in this state and operators should weigh the advantages and
disadvantages before enablingquota.count_usage_from_placement. - The
populate_queued_for_deleteand
populate_user_idonline data migrations must be completed
before usage can be counted from placement. Until the data migration is
complete, the system will fall back to legacy quota usage counting from
cell databases depending on the result of an EXISTS database query
during each quota check, ifquota.count_usage_from_placementis set
toTrue. Operators who want to avoid the performance hit
from the EXISTS queries should wait to set thequota.count_usage_from_placement
configuration option toTrueuntil after they have
completed their online data migrations via
nova-manage db online_data_migrations. - Behavior will be different for unscheduled servers in
ERRORstate. A server inERRORstate that has
never been scheduled to a compute host will not have placement
allocations, so it will not consume quota usage for cores and ram. - Behavior will be different for servers in
SHELVED_OFFLOADEDstate. A server in
SHELVED_OFFLOADEDstate will not have placement
allocations, so it will not consume quota usage for cores and ram. Note
that because of this, it will be possible for a request to unshelve a
server to be rejected if the user does not have enough quota available
to support the cores and ram needed by the server to be unshelved.
Known issues
If not counting quota usage from placement <quota-usage-from-placement>
it is possible for down or poor-performing cells to impact quota
calculations. See the cells documentation <cells-counting-quotas> for
details.
Future plans
Hierarchical quotas
There has long been a desire to support hierarchical or nested quotas
leveraging support in the identity service for hierarchical projects.
See the unified
limits spec for details.
Configuration
View and update default
quota values
To list all default quotas for a project, run:
$ openstack quota show --defaultNote
This lists default quotas for all services and not just nova.
To update a default value for a new project, run:
$ openstack quota set --class --instances 15 defaultView and
update quota values for a project or class
To list quotas for a project, run:
$ openstack quota show PROJECTNote
This lists project quotas for all services and not just nova.
To update quotas for a project, run:
$ openstack quota set --QUOTA QUOTA_VALUE PROJECTTo update quotas for a class, run:
$ openstack quota set --class --QUOTA QUOTA_VALUE CLASSNote
Only the default class is supported by nova.
For example:
$ openstack quota set --instances 12 my-project
$ openstack quota show my-project
+----------------------+----------------------------------+
| Field | Value |
+----------------------+----------------------------------+
| backup-gigabytes | 1000 |
| backups | 10 |
| cores | 32 |
| fixed-ips | -1 |
| floating-ips | 10 |
| gigabytes | 1000 |
| health_monitors | None |
| injected-file-size | 10240 |
| injected-files | 5 |
| injected-path-size | 255 |
| instances | 12 |
| key-pairs | 100 |
| l7_policies | None |
| listeners | None |
| load_balancers | None |
| location | None |
| name | None |
| networks | 20 |
| per-volume-gigabytes | -1 |
| pools | None |
| ports | 60 |
| project | c8156b55ec3b486193e73d2974196993 |
| project_name | project |
| properties | 128 |
| ram | 65536 |
| rbac_policies | 10 |
| routers | 10 |
| secgroup-rules | 50 |
| secgroups | 50 |
| server-group-members | 10 |
| server-groups | 10 |
| snapshots | 10 |
| subnet_pools | -1 |
| subnets | 20 |
| volumes | 10 |
+----------------------+----------------------------------+To view a list of options for the openstack quota show and openstack quota set
commands, run:
$ openstack quota show --help
$ openstack quota set --helpView and update
quota values for a project user
Note
User-specific quotas are legacy and will be removed when migration to
unified limits </admin/unified-limits.html>
is complete. User-specific quotas were added as a way to provide
two-level hierarchical quotas and this feature is already being offered
in unified limits. For this reason, the below commands have not and will
not be ported to openstackclient.
To show quotas for a specific project user, run:
$ nova quota-show --user USER PROJECTTo update quotas for a specific project user, run:
$ nova quota-update --user USER --QUOTA QUOTA_VALUE PROJECTFor example:
$ projectUser=$(openstack user show -f value -c id USER)
$ project=$(openstack project show -f value -c id PROJECT)
$ nova quota-update --user $projectUser --instance 12 $project
$ nova quota-show --user $projectUser --tenant $project
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 12 |
| cores | 20 |
| ram | 51200 |
| floating_ips | 10 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
| server_groups | 10 |
| server_group_members | 10 |
+-----------------------------+-------+To view the quota usage for the current user, run:
$ nova limits --tenant PROJECTFor example:
$ nova limits --tenant my-project
+------+-----+-------+--------+------+----------------+
| Verb | URI | Value | Remain | Unit | Next_Available |
+------+-----+-------+--------+------+----------------+
+------+-----+-------+--------+------+----------------+
+--------------------+------+-------+
| Name | Used | Max |
+--------------------+------+-------+
| Cores | 0 | 20 |
| Instances | 0 | 10 |
| Keypairs | - | 100 |
| Personality | - | 5 |
| Personality Size | - | 10240 |
| RAM | 0 | 51200 |
| Server Meta | - | 128 |
| ServerGroupMembers | - | 10 |
| ServerGroups | 0 | 10 |
+--------------------+------+-------+Note
The nova limits
command generates an empty table as a result of the Compute API, which
prints an empty list for backward compatibility purposes.
To view a list of options for the nova quota-show and nova quota-update commands, run:
$ nova help quota-show
$ nova help quota-update