1. 前言

    安装完openstack之后,为了对资源的限制,openstack内置了几种配额机制:nova计算资源的配额cinder存储资源的配额neutron网络资源的配额,防止资源的分过分配,默认的quota配置很低,比如nova默认只允许建立10个instance。未能能够正常使用openstack系统资源,需要调整quota的配置。本文主要讲述nova的配额修改,关于cinder和neutron的配额修改,请参考后续的的博文。

2. nova默认的配额

    nova默认的配额定义在/etc/nova/nova.conf中,初始用户创建之后,会集成该配置中的配额选项,nova的配额条目定义内容如下:

[root@controller ~]# vim /etc/nova/nova.conf 
quota_driver=nova.quota.DbQuotaDriver            nova配额使用的驱动,参考里面可以查看到配额源码的实现
max_age=0                                        利用率刷新的时间间隔
quota_instances=10                               instance个数
quota_cores=20                                   vcpus的个数
quota_ram=5120000                                内存显示,单位是MB 
quota_floating_ips=10                            floating-ip的个数
quota_fixed_ips=-1                               fixed-ip的个数
quota_metadata_items=128                         metadata的个数
quota_injected_files=10                          注入文件个数
quota_injected_file_content_bytes=10240          每个注入文件的大小
quota_injected_file_path_bytes=255               注入文件路径长度
quota_security_groups=10                         安全组的个数
quota_security_group_rules=20                    每个安全组中的规则
quota_key_pairs=100                              keys的个数

查看默认的quota:
[root@controller ~]# nova quota-defaults --tenant compayA    #最好用uuid的方式表示
+-----------------------------+---------+
| Quota                       | Limit   |
+-----------------------------+---------+
| instances                   | 10      |
| cores                       | 20      |
| ram                         | 1572864 |
| floating_ips                | 10      |
| fixed_ips                   | -1      |
| metadata_items              | 128     |
| injected_files              | 10      |
| injected_file_content_bytes | 10240   |
| injected_file_path_bytes    | 255     |
| key_pairs                   | 100     |
| security_groups             | 10      |
| security_group_rules        | 20      |
+-----------------------------+---------+

3. 修改nova的配额

1. 获取tenant的uuid号码
[root@controller ~]# keystone tenant-list
+----------------------------------+----------+---------+
|                id                |   name   | enabled |
+----------------------------------+----------+---------+
| 842ab3268a2c47e6a4b0d8774de805ae |  admin   |   True  |
| 7ff1dfb5a6f349958c3a949248e56236 | companyA |   True  |        #uuid号码
| 10d1465c00d049fab88dec1af0f56b1b |   demo   |   True  |
| 3b57a14f7c354a979c9f62b60f31a331 | service  |   True  |
+----------------------------------+----------+---------+

2. 修改nova的配额
[root@controller ~]# nova quota-update --instances 50  --cores 200 --ram 204800 --floating-ips 50  --fixed-ips -1 --metadata-items 256  --injected-files 2 --key-pairs 10 --security-groups 10 --security-group-rules 20  7ff1dfb5a6f349958c3a949248e56236     #没有设置的内容,将会从default中继承

3. 校验nova的配额
[root@controller ~]# nova quota-show --tenant  7ff1dfb5a6f349958c3a949248e56236 
+-----------------------------+--------+
| Quota                       | Limit  |
+-----------------------------+--------+
| instances                   | 50     |            #instance
| cores                       | 200    |            #vcpus
| ram                         | 204800 |            #memroy
| floating_ips                | 50     |            #floating-ip
| fixed_ips                   | -1     |        
| metadata_items              | 256    |
| injected_files              | 2      |
| injected_file_content_bytes | 10240  |
| injected_file_path_bytes    | 255    |
| key_pairs                   | 10     |
| security_groups             | 10     |
| security_group_rules        | 20     |
+-----------------------------+--------+

@@@修改完毕@@@@


4. 总结

    nova的配额在使用过程中,当quota达到限制之后,将无法建立虚拟机,关于报错信息,可以在nova的日志/var/log/nova/nova-api.log中查看到,具体不赘述,在运维的过程中,查看下日志即可获知是磁盘配额导致,修改tenant的配额即可。关于cinder和neutron的配额,请参考后续的博客。


5. 附录

    nova关于quota的代码实现,仅供参考

[root@controller ~]# vim /usr/lib/python2.6/site-packages/nova/quota.py
"""Quotas for instances, and floating ips."""

import datetime

from oslo.config import cfg
import six

from nova import db
from nova import exception
from nova.objects import keypair as keypair_obj
from nova.openstack.common.gettextutils import _
from nova.openstack.common import importutils
from nova.openstack.common import log as logging
from nova.openstack.common import timeutils

LOG = logging.getLogger(__name__)

'''
定义配置文件的内容,即关于quota的资源配置,配置的关键字和对应的值,包括instance个数,vcpus,内存,floating-ip和fixed-ip等
'''
quota_opts = [
    cfg.IntOpt('quota_instances',
               default=10,
               help='Number of instances allowed per project'),
    cfg.IntOpt('quota_cores',
               default=20,
               help='Number of instance cores allowed per project'),
    cfg.IntOpt('quota_ram',
               default=50 * 1024,
               help='Megabytes of instance RAM allowed per project'),
    cfg.IntOpt('quota_floating_ips',
               default=10,
               help='Number of floating IPs allowed per project'),
    cfg.IntOpt('quota_fixed_ips',
               default=-1,
               help=('Number of fixed IPs allowed per project (this should be '
                     'at least the number of instances allowed)')),
    cfg.IntOpt('quota_metadata_items',
               default=128,
               help='Number of metadata items allowed per instance'),
    cfg.IntOpt('quota_injected_files',
               default=5,
               help='Number of injected files allowed'),
    cfg.IntOpt('quota_injected_file_content_bytes',
               default=10 * 1024,
               help='Number of bytes allowed per injected file'),
    cfg.IntOpt('quota_injected_file_path_bytes',
               default=255,
               help='Number of bytes allowed per injected file path'),
    cfg.IntOpt('quota_security_groups',
               default=10,
               help='Number of security groups per project'),
    cfg.IntOpt('quota_security_group_rules',
               default=20,
               help='Number of security rules per security group'),
    cfg.IntOpt('quota_key_pairs',
               default=100,
               help='Number of key pairs per user'),
    cfg.IntOpt('reservation_expire',
               default=86400,
               help='Number of seconds until a reservation expires'),
    cfg.IntOpt('until_refresh',
               default=0,
               help='Count of reservations until usage is refreshed'),
    cfg.IntOpt('max_age',
               default=0,
               help='Number of seconds between subsequent usage refreshes'),
    cfg.StrOpt('quota_driver',
               default='nova.quota.DbQuotaDriver',
               help='Default driver to use for quota checks'),
    ]

CONF = cfg.CONF
CONF.register_opts(quota_opts)

'''
nova quota处理相关的驱动管理类,包含了quota的增删改查相关的操作,都封装在该类里面
'''
class DbQuotaDriver(object):
    """Driver to perform necessary checks to enforce quotas and obtain
    quota information.  The default driver utilizes the local
    database.
    """
    #获取enant中user的quota配额信息,即nova quota-show [--tenant ] [--user ]
    def get_by_project_and_user(self, context, project_id, user_id, resource):
        """Get a specific quota by project and user."""

        return db.quota_get(context, project_id, resource, user_id=user_id)     #调用数据库,返回用户的配额信息

    #获取tenant的quota配置,即nova quota-show携带tenant的id号码,和上面相比,不懈怠用户的uuid号码
    def get_by_project(self, context, project_id, resource):
        """Get a specific quota by project."""

        return db.quota_get(context, project_id, resource)      #调用数据库,获取quota的配置

    def get_by_class(self, context, quota_class, resource):
        """Get a specific quota by quota class."""

        return db.quota_class_get(context, quota_class, resource)

    '''
                得到quota的默认配置
    '''
    def get_defaults(self, context, resources):
        """Given a list of resources, retrieve the default quotas.
        Use the class quotas named `_DEFAULT_QUOTA_NAME` as default quotas,
        if it exists.

        :param context: The request context, for access checks.
        :param resources: A dictionary of the registered resources.
        """

        quotas = {}
        default_quotas = db.quota_class_get_default(context)                #得到quota默认的配置
        for resource in resources.values():
            quotas[resource.name] = default_quotas.get(resource.name,
                                                       resource.default)

        return quotas

    def get_class_quotas(self, context, resources, quota_class,
                         defaults=True):
        """Given a list of resources, retrieve the quotas for the given
        quota class.

        :param context: The request context, for access checks.
        :param resources: A dictionary of the registered resources.
        :param quota_class: The name of the quota class to return
                            quotas for.
        :param defaults: If True, the default value will be reported
                         if there is no specific value for the
                         resource.
        """

        quotas = {}
        class_quotas = db.quota_class_get_all_by_name(context, quota_class)
        for resource in resources.values():
            if defaults or resource.name in class_quotas:
                quotas[resource.name] = class_quotas.get(resource.name,
                                                         resource.default)

        return quotas

    def _process_quotas(self, context, resources, project_id, quotas,
                        quota_class=None, defaults=True, usages=None,
                        remains=False):
        modified_quotas = {}
        # Get the quotas for the appropriate class.  If the project ID
        # matches the one in the context, we use the quota_class from
        # the context, otherwise, we use the provided quota_class (if
        # any)
        if project_id == context.project_id:
            quota_class = context.quota_class
        if quota_class:
            class_quotas = db.quota_class_get_all_by_name(context, quota_class)
        else:
            class_quotas = {}

        default_quotas = self.get_defaults(context, resources)

        for resource in resources.values():
            # Omit default/quota class values
            if not defaults and resource.name not in quotas:
                continue

            limit = quotas.get(resource.name, class_quotas.get(
                        resource.name, default_quotas[resource.name]))
            modified_quotas[resource.name] = dict(limit=limit)

            # Include usages if desired.  This is optional because one
            # internal consumer of this interface wants to access the
            # usages directly from inside a transaction.
            if usages:
                usage = usages.get(resource.name, {})
                modified_quotas[resource.name].update(
                    in_use=usage.get('in_use', 0),
                    reserved=usage.get('reserved', 0),
                    )
            # Initialize remains quotas.
            if remains:
                modified_quotas[resource.name].update(remains=limit)

        if remains:
            all_quotas = db.quota_get_all(context, project_id)
            for quota in all_quotas:
                if quota.resource in modified_quotas:
                    modified_quotas[quota.resource]['remains'] -= \
                            quota.hard_limit

        return modified_quotas

    def get_user_quotas(self, context, resources, project_id, user_id,
                        quota_class=None, defaults=True,
                        usages=True, project_quotas=None,
                        user_quotas=None):
        """Given a list of resources, retrieve the quotas for the given
        user and project.

        :param context: The request context, for access checks.
        :param resources: A dictionary of the registered resources.
        :param project_id: The ID of the project to return quotas for.
        :param user_id: The ID of the user to return quotas for.
        :param quota_class: If project_id != context.project_id, the
                            quota class cannot be determined.  This
                            parameter allows it to be specified.  It
                            will be ignored if project_id ==
                            context.project_id.
        :param defaults: If True, the quota class value (or the
                         default value, if there is no value from the
                         quota class) will be reported if there is no
                         specific value for the resource.
        :param usages: If True, the current in_use and reserved counts
                       will also be returned.
        :param project_quotas: Quotas dictionary for the specified project.
        :param user_quotas: Quotas dictionary for the specified project
                            and user.
        """
        user_quotas = user_quotas or db.quota_get_all_by_project_and_user(
            context, project_id, user_id)
        # Use the project quota for default user quota.
        proj_quotas = project_quotas or db.quota_get_all_by_project(
            context, project_id)
        for key, value in proj_quotas.iteritems():
            if key not in user_quotas.keys():
                user_quotas[key] = value
        user_usages = None
        if usages:
            user_usages = db.quota_usage_get_all_by_project_and_user(context,
                                                         project_id,
                                                         user_id)
        return self._process_quotas(context, resources, project_id,
                                    user_quotas, quota_class,
                                    defaults=defaults, usages=user_usages)

    def get_project_quotas(self, context, resources, project_id,
                           quota_class=None, defaults=True,
                           usages=True, remains=False, project_quotas=None):
        """Given a list of resources, retrieve the quotas for the given
        project.

        :param context: The request context, for access checks.
        :param resources: A dictionary of the registered resources.
        :param project_id: The ID of the project to return quotas for.
        :param quota_class: If project_id != context.project_id, the
                            quota class cannot be determined.  This
                            parameter allows it to be specified.  It
                            will be ignored if project_id ==
                            context.project_id.
        :param defaults: If True, the quota class value (or the
                         default value, if there is no value from the
                         quota class) will be reported if there is no
                         specific value for the resource.
        :param usages: If True, the current in_use and reserved counts
                       will also be returned.
        :param remains: If True, the current remains of the project will
                        will be returned.
        :param project_quotas: Quotas dictionary for the specified project.
        """
        project_quotas = project_quotas or db.quota_get_all_by_project(
            context, project_id)
        project_usages = None
        if usages:
            project_usages = db.quota_usage_get_all_by_project(context,
                                                               project_id)
        return self._process_quotas(context, resources, project_id,
                                    project_quotas, quota_class,
                                    defaults=defaults, usages=project_usages,
                                    remains=remains)

    def get_settable_quotas(self, context, resources, project_id,
                            user_id=None):
        """Given a list of resources, retrieve the range of settable quotas for
        the given user or project.

        :param context: The request context, for access checks.
        :param resources: A dictionary of the registered resources.
        :param project_id: The ID of the project to return quotas for.
        :param user_id: The ID of the user to return quotas for.
        """
        settable_quotas = {}
        db_proj_quotas = db.quota_get_all_by_project(context, project_id)
        project_quotas = self.get_project_quotas(context, resources,
                                                 project_id, remains=True,
                                                 project_quotas=db_proj_quotas)
        if user_id:
            setted_quotas = db.quota_get_all_by_project_and_user(context,
                                                     project_id,
                                                     user_id)
            user_quotas = self.get_user_quotas(context, resources,
                                               project_id, user_id,
                                               project_quotas=db_proj_quotas,
                                               user_quotas=setted_quotas)
            for key, value in user_quotas.items():
                maximum = project_quotas[key]['remains'] +\
                        setted_quotas.get(key, 0)
                settable_quotas[key] = dict(
                        minimum=value['in_use'] + value['reserved'],
                        maximum=maximum
                        )
        else:
            for key, value in project_quotas.items():
                minimum = max(int(value['limit'] - value['remains']),
                              int(value['in_use'] + value['reserved']))
                settable_quotas[key] = dict(minimum=minimum, maximum=-1)
        return settable_quotas

    def _get_quotas(self, context, resources, keys, has_sync, project_id=None,
                    user_id=None, project_quotas=None):
        """A helper method which retrieves the quotas for the specific
        resources identified by keys, and which apply to the current
        context.

        :param context: The request context, for access checks.
        :param resources: A dictionary of the registered resources.
        :param keys: A list of the desired quotas to retrieve.
        :param has_sync: If True, indicates that the resource must
                         have a sync function; if False, indicates
                         that the resource must NOT have a sync
                         function.
        :param project_id: Specify the project_id if current context
                           is admin and admin wants to impact on
                           common user's tenant.
        :param user_id: Specify the user_id if current context
                        is admin and admin wants to impact on
                        common user.
        :param project_quotas: Quotas dictionary for the specified project.
        """

        # Filter resources
        if has_sync:
            sync_filt = lambda x: hasattr(x, 'sync')
        else:
            sync_filt = lambda x: not hasattr(x, 'sync')
        desired = set(keys)
        sub_resources = dict((k, v) for k, v in resources.items()
                             if k in desired and sync_filt(v))

        # Make sure we accounted for all of them...
        if len(keys) != len(sub_resources):
            unknown = desired - set(sub_resources.keys())
            raise exception.QuotaResourceUnknown(unknown=sorted(unknown))

        if user_id:
            # Grab and return the quotas (without usages)
            quotas = self.get_user_quotas(context, sub_resources,
                                          project_id, user_id,
                                          context.quota_class, usages=False,
                                          project_quotas=project_quotas)
        else:
            # Grab and return the quotas (without usages)
            quotas = self.get_project_quotas(context, sub_resources,
                                             project_id,
                                             context.quota_class,
                                             usages=False,
                                             project_quotas=project_quotas)

        return dict((k, v['limit']) for k, v in quotas.items())

    def limit_check(self, context, resources, values, project_id=None,
                    user_id=None):
        """Check simple quota limits.

        For limits--those quotas for which there is no usage
        synchronization function--this method checks that a set of
        proposed values are permitted by the limit restriction.

        This method will raise a QuotaResourceUnknown exception if a
        given resource is unknown or if it is not a simple limit
        resource.

        If any of the proposed values is over the defined quota, an
        OverQuota exception will be raised with the sorted list of the
        resources which are too high.  Otherwise, the method returns
        nothing.

        :param context: The request context, for access checks.
        :param resources: A dictionary of the registered resources.
        :param values: A dictionary of the values to check against the
                       quota.
        :param project_id: Specify the project_id if current context
                           is admin and admin wants to impact on
                           common user's tenant.
        :param user_id: Specify the user_id if current context
                        is admin and admin wants to impact on
                        common user.
        """

        # Ensure no value is less than zero
        unders = [key for key, val in values.items() if val < 0]
        if unders:
            raise exception.InvalidQuotaValue(unders=sorted(unders))

        # If project_id is None, then we use the project_id in context
        if project_id is None:
            project_id = context.project_id
        # If user id is None, then we use the user_id in context
        if user_id is None:
            user_id = context.user_id

        # Get the applicable quotas
        project_quotas = db.quota_get_all_by_project(context, project_id)
        quotas = self._get_quotas(context, resources, values.keys(),
                                  has_sync=False, project_id=project_id,
                                  project_quotas=project_quotas)
        user_quotas = self._get_quotas(context, resources, values.keys(),
                                       has_sync=False, project_id=project_id,
                                       user_id=user_id,
                                       project_quotas=project_quotas)

        # Check the quotas and construct a list of the resources that
        # would be put over limit by the desired values
        overs = [key for key, val in values.items()
                 if quotas[key] >= 0 and quotas[key] < val or
                 (user_quotas[key] >= 0 and user_quotas[key] < val)]
        if overs:
            headroom = {}
            # Check project_quotas:
            for key in quotas:
                if quotas[key] >= 0 and quotas[key] < val:
                    headroom[key] = quotas[key]
            # Check user quotas:
            for key in user_quotas:
                if (user_quotas[key] >= 0 and user_quotas[key] < val and
                        headroom.get(key) > user_quotas[key]):
                    headroom[key] = user_quotas[key]

            raise exception.OverQuota(overs=sorted(overs), quotas=quotas,
                                      usages={}, headroom=headroom)

    def reserve(self, context, resources, deltas, expire=None,
                project_id=None, user_id=None):
        """Check quotas and reserve resources.

        For counting quotas--those quotas for which there is a usage
        synchronization function--this method checks quotas against
        current usage and the desired deltas.

        This method will raise a QuotaResourceUnknown exception if a
        given resource is unknown or if it does not have a usage
        synchronization function.

        If any of the proposed values is over the defined quota, an
        OverQuota exception will be raised with the sorted list of the
        resources which are too high.  Otherwise, the method returns a
        list of reservation UUIDs which were created.

        :param context: The request context, for access checks.
        :param resources: A dictionary of the registered resources.
        :param deltas: A dictionary of the proposed delta changes.
        :param expire: An optional parameter specifying an expiration
                       time for the reservations.  If it is a simple
                       number, it is interpreted as a number of
                       seconds and added to the current time; if it is
                       a datetime.timedelta object, it will also be
                       added to the current time.  A datetime.datetime
                       object will be interpreted as the absolute
                       expiration time.  If None is specified, the
                       default expiration time set by
                       --default-reservation-expire will be used (this
                       value will be treated as a number of seconds).
        :param project_id: Specify the project_id if current context
                           is admin and admin wants to impact on
                           common user's tenant.
        :param user_id: Specify the user_id if current context
                        is admin and admin wants to impact on
                        common user.
        """

        # Set up the reservation expiration
        if expire is None:
            expire = CONF.reservation_expire
        if isinstance(expire, (int, long)):
            expire = datetime.timedelta(seconds=expire)
        if isinstance(expire, datetime.timedelta):
            expire = timeutils.utcnow() + expire
        if not isinstance(expire, datetime.datetime):
            raise exception.InvalidReservationExpiration(expire=expire)

        # If project_id is None, then we use the project_id in context
        if project_id is None:
            project_id = context.project_id
        # If user_id is None, then we use the project_id in context
        if user_id is None:
            user_id = context.user_id

        # Get the applicable quotas.
        # NOTE(Vek): We're not worried about races at this point.
        #            Yes, the admin may be in the process of reducing
        #            quotas, but that's a pretty rare thing.
        project_quotas = db.quota_get_all_by_project(context, project_id)
        quotas = self._get_quotas(context, resources, deltas.keys(),
                                  has_sync=True, project_id=project_id,
                                  project_quotas=project_quotas)
        user_quotas = self._get_quotas(context, resources, deltas.keys(),
                                       has_sync=True, project_id=project_id,
                                       user_id=user_id,
                                       project_quotas=project_quotas)

        # NOTE(Vek): Most of the work here has to be done in the DB
        #            API, because we have to do it in a transaction,
        #            which means access to the session.  Since the
        #            session isn't available outside the DBAPI, we
        #            have to do the work there.
        return db.quota_reserve(context, resources, quotas, user_quotas,
                                deltas, expire,
                                CONF.until_refresh, CONF.max_age,
                                project_id=project_id, user_id=user_id)

    def commit(self, context, reservations, project_id=None, user_id=None):
        """Commit reservations.

        :param context: The request context, for access checks.
        :param reservations: A list of the reservation UUIDs, as
                             returned by the reserve() method.
        :param project_id: Specify the project_id if current context
                           is admin and admin wants to impact on
                           common user's tenant.
        :param user_id: Specify the user_id if current context
                        is admin and admin wants to impact on
                        common user.
        """
        # If project_id is None, then we use the project_id in context
        if project_id is None:
            project_id = context.project_id
        # If user_id is None, then we use the user_id in context
        if user_id is None:
            user_id = context.user_id

        db.reservation_commit(context, reservations, project_id=project_id,
                              user_id=user_id)

    def rollback(self, context, reservations, project_id=None, user_id=None):
        """Roll back reservations.

        :param context: The request context, for access checks.
        :param reservations: A list of the reservation UUIDs, as
                             returned by the reserve() method.
        :param project_id: Specify the project_id if current context
                           is admin and admin wants to impact on
                           common user's tenant.
        :param user_id: Specify the user_id if current context
                        is admin and admin wants to impact on
                        common user.
        """
        # If project_id is None, then we use the project_id in context
        if project_id is None:
            project_id = context.project_id
        # If user_id is None, then we use the user_id in context
        if user_id is None:
            user_id = context.user_id

        db.reservation_rollback(context, reservations, project_id=project_id,
                                user_id=user_id)

    def usage_reset(self, context, resources):
        """Reset the usage records for a particular user on a list of
        resources.  This will force that user's usage records to be
        refreshed the next time a reservation is made.

        Note: this does not affect the currently outstanding
        reservations the user has; those reservations must be
        committed or rolled back (or expired).

        :param context: The request context, for access checks.
        :param resources: A list of the resource names for which the
                          usage must be reset.
        """

        # We need an elevated context for the calls to
        # quota_usage_update()
        elevated = context.elevated()

        for resource in resources:
            try:
                # Reset the usage to -1, which will force it to be
                # refreshed
                db.quota_usage_update(elevated, context.project_id,
                                      context.user_id,
                                      resource, in_use=-1)
            except exception.QuotaUsageNotFound:
                # That means it'll be refreshed anyway
                pass

    def destroy_all_by_project_and_user(self, context, project_id, user_id):
        """Destroy all quotas, usages, and reservations associated with a
        project and user.

        :param context: The request context, for access checks.
        :param project_id: The ID of the project being deleted.
        :param user_id: The ID of the user being deleted.
        """

        db.quota_destroy_all_by_project_and_user(context, project_id, user_id)

    def destroy_all_by_project(self, context, project_id):
        """Destroy all quotas, usages, and reservations associated with a
        project.

        :param context: The request context, for access checks.
        :param project_id: The ID of the project being deleted.
        """

        db.quota_destroy_all_by_project(context, project_id)

    def expire(self, context):
        """Expire reservations.

        Explores all currently existing reservations and rolls back
        any that have expired.

        :param context: The request context, for access checks.
        """

        db.reservation_expire(context)