Chapter 15. Managing project quotas

15.1. Configuring project quotas

OpenStack Networking (neutron) supports the use of quotas to constrain the number of resources created by tenants/projects.

Procedure

  • You can set project quotas for various network components in the /var/lib/config-data/puppet-generated/neutron/etc/neutron/neutron.conf file.

    For example, to limit the number of routers that a project can create, change the quota_router value:

    quota_router = 10

    In this example, each project is limited to a maximum of 10 routers.

For a listing of the quota settings, see sections that immediately follow.

15.2. L3 quota options

Here are quota options available for layer 3 (L3) networking:

  • quota_floatingip - The number of floating IPs available to a project.
  • quota_network - The number of networks available to a project.
  • quota_port - The number of ports available to a project.
  • quota_router - The number of routers available to a project.
  • quota_subnet - The number of subnets available to a project.
  • quota_vip - The number of virtual IP addresses available to a project.

15.3. Firewall quota options

Here are quota options available for managing firewalls for projects:

  • quota_firewall - The number of firewalls available to a project.
  • quota_firewall_policy - The number of firewall policies available to a project.
  • quota_firewall_rule - The number of firewall rules available to a project.

15.4. Security group quota options

The Networking service quota engine manages security groups and security group rules, and it is not possible to set all quotas to zero before creating the default security group (and the two default security group rules that accepts all egress traffic for IPv4 and IPv6). When you create a new project, the Networking service does not create the default security group until a network or a port is created, or until you list the security group or the security group rules.

Here are quota options available for managing the number of security groups that projects can create:

  • quota_security_group - The number of security groups available to a project.
  • quota_security_group_rule - The number of security group rules available to a project.

15.5. Management quota options

Here are additional options available to administrators for managing quotas for projects:

  • default_quota* - The default number of resources available to a project.
  • quota_health_monitor* - The number of health monitors available to a project.

    Health monitors do not consume resources, however the quota option is available because OpenStack Networking considers health monitors as resource consumers.

  • quota_member - The number of pool members available to a project.

    Pool members do not consume resources, however the quota option is available because OpenStack Networking considers pool members as resource consumers.

  • quota_pool - The number of pools available to a project.