Quotas
OpenStack has numerous quotas, and when you hit one of these quotas, it doesn’t always notify you clearly. Not every quota is exposed in the Horizon user interface. This article explains what quotas you may hit, what happens when you hit them, and how to modify them.
Table of Contents
- Introduction
- Other Limits You May Encounter
- Neutron vs. Nova Rule Precedence
- Common Questions
- Compute Quotas
- Network Quotas
- Storage Quotas
- Appendix
Introduction
You have an overall quota, which cannot be exceeded by the individual quotas you’ll set for each project you’re running within your cloud. The quotas you set depend on how many projects you have and how you want to distribute your resources among those projects. They’re really up to you. If you only foresee making one project, you could allocate all available resources to that project and leave it like that.
Here is an example of a capacity report for CPU, RAM, and Disk. You can use the # total numbers (shown in output like this one) to help guide the numbers you use for your quotas. The actual limits of the system are those Total (#) numbers below the line. The one exception in this example is the CPU, which is overcommitted 2x.
(+) Overcommit Ratio (%) Percent Used (#) Total (-) Used (=) Available
Hypervisor CPU+ MEM% DSK% CPU# CPU- MEM# MEM- MEM= DSK# DSK- DSK=
ds0.dal.bluebox.com 0.000 0.032 0.000 28 0 128828 4096 124732 723 0 723
ds11.dal.bluebox.com 0.000 0.032 0.000 28 0 128828 4096 124732 723 0 723
ds2.dal.bluebox.com 0.161 0.083 0.091 31 5 128828 10752 118076 989 90 899
---------------------------------------------------------------------------------------------------------------
TOTAL 0.057 0.049 0.037 87 5 386484 18944 367540 2435 90 2345
Other limits you may encounter:
Floating IPs: Please see /help-documentation/neutron/network_ip_availability/
Security Groups: Most customers go with the default limit and adjust upwards as needed. This keeps firewall rules to a manageable level, so as to not impact performance. At a certain point (we haven’t seen what particular point this is yet), it is theoretically possible to end up with too many firewall rules and not enough CPU to process them quickly enough. The default limits may seem low, but they’re more than enough for most people, who will never create more than a few security groups, with maybe half a dozen rules each.
Instances: Most customers go with the default limit and adjust upwards as needed. With enough hardware, you can get into hundreds of thousands of instances. For your particular hardware, you need to make your own calculations based on your desired resource consumption for each VM.
Maximum Number of Host Routes per Subnet: There is not (yet) a user-adjustable quota in Neutron that controls this. There is a hard limit in neutron.conf (max_subnet_host_routes
) that specifies a maximum number of host routes per subnet, and the default is 20.
Maximum Number of Volumes per Virtual Machine: There is no quota for this, but there is a hard-coded limit of 26. This manifests when you try to attach a another new volume via the command line and receive the error “No free disk device names for prefix ‘vd’”. You can view this hard-coded limit at https://github.com/openstack/nova/blob/master/nova/virt/libvirt/blockinfo.py#L162 You can run lspci
inside your VM to see all of the devices attached to the PCI bus in your VM. (The PCI bus itself is limited to 32 devices with KVM.)
Neutron vs. Nova Rule Precedence
There is some overlap between the quotas enforced by the Nova and Neutron services. In the event of a conflict, Neutron quotas always take precedence.
If you need to update security group rules, for instance, take note, there are three places you may need to make the update:
In Neutron: neutron quota-update --security-group-rule 250 <project-ID>
In Nova:
-
For the project:
nova quota-update --security-group-rules 250 <project-ID>
-
And potentially for the user:
nova quota-show --user <username> --tenant <project-ID>
Common Questions
The remaining sections of this document offer more detail about commons questions and errors you may encounter.
Common Quota Error Messages
The exact error you get depends on what interface you’re using, the version of your command line client, and the cluster stack version. Here are some examples of what you might see:
From Horizon:
From the Neutron command-line client:
From the log:
Most Commonly Hit Quotas
The most commonly hit is Number of Instances Allowed Per Tenant - (Nova Compute) - The default is 10. Read on to find out how to update this number.
Compute Quotas
How to list the Default Compute Quotas
List all default quotas for all tenants, as follows:
For example:
Update a default value for a new tenant, as follows:
For example:
How to view Tenant Compute Quotas
Place the tenant ID in a useable variable, as follows:
List the currently set quota values for a tenant, as follows:
For example:
How to update Tenant Compute Quotas
Obtain the tenant ID, as follows:
Update a particular quota value, as follows:
For example:
Network Quotas
How to list Tenant Network Quotas
For example:
How to update Tenant Network Quotas
If Neutron LBaaS is enabled in your cluster, you may encounter a problem that the quota of loadbalancer
can’t be updated via above command when you are using python-neutronclient
of version < 6.0.0
(there won’t be any error from the command, but the quota limit will be unchanged), that is a bug in older version of python-neutronclient
and had been fixed in version 6.0.0
and higher. Please upgrade your python-neutronclient
or use the following command as a workaround solution for python-neutronclient
of version < 6.0.0
.
Storage Quotas
How to list Cinder Quotas
How to see current Cinder Storage usage
How to update Cinder Quotas
Update a particular quota value, as follows: Known Limitation: When updating or viewing quota values corresponding to a tenant or project, always use ID of the project instead of its Name. Otherwise you might see inconsitent values.
For example:
Appendix
From http://docs.openstack.org/openstack-ops/content/projects_users.html#compute-quota-table
:
Table 9.1. Compute quota descriptions (Given as Quota, Description, Property name
)
Fixed IPs : Number of fixed IP addresses allowed per tenant. This number must be equal to or greater than the number of allowed instances.
fixed-ips
Floating IPs : Number of floating IP addresses allowed per tenant.
floating-ips
Injected file content bytes : Number of content bytes allowed per injected file.
injected-file-content-bytes
Injected file path bytes : Number of bytes allowed per injected file path.
injected-file-path-bytes
Injected files : Number of injected files allowed per tenant.
injected-files
Instances : Number of instances allowed per tenant.
instances
Key pairs : Number of key pairs allowed per user.
key-pairs
Metadata items : Number of metadata items allowed per instance.
metadata-items
RAM : Megabytes of instance RAM allowed per tenant.
ram
Security group rules : Number of rules per security group.
security-group-rules
Security groups : Number of security groups per tenant.
security-groups
VCPUs : Number of instance cores allowed per tenant.
cores