Open pns005 opened 7 years ago
This might not be enough for more complicated network topology - instances connected to multiple subnets. I'd do ports=2*vms or even -1.
On 18.10.2017 г. 08:46 ч., pns005 wrote:
Jeremy Freudberg jfreud@bu.edu mailto:jfreud@bu.edu Reply all| Yesterday, 10:35 PM Saowarattitada, Piyanai; MOC Team kaizen@lists.massopen.cloud mailto:kaizen@lists.massopen.cloud Actually, I just looked into this more closely now.
In my own project on Kaizen, I have one instance and the "standard" network topology which we recommend to users. This actually takes up 4 ports:
- the project's router
- two DHCP agents
- one instance
I just added myself to Kia's project as well, and I see 3 ports in use:
- the project's router
- two DHCP agents
- zero instances
So actually we need to tweak our default quotas a bit. It should really be 13 ports and 10 instances for the default quota, not 10 and
- From that point onward, if a user requests more instances, then we can just keep adding 1 to that number. But there has to be an extra 3 ports "reserved" for holding the necessary networky bits.
(Worth noting that if a user creates a "non-standard" network topology, for example multiple interfaces on one VM, extra routers, no DHCP, etc, then this "extra" 3 ports might be a different number. But if they are doing that then they are probably smart enough to know what a port is in the Neutron sense.)
10 - 3 = 7 which fits with Kia's observed problem.
But what I can't remember, from back in the old days of Liberty/Mitaka, was it always 3 ports taken up? I mean, was there always 2 DHCP agents there? I really can't remember.
TL;DR -- Increase the default port quota by 3 and everyone is happy.
From: kaizen kaizen-bounces@lists.massopen.cloud <mailto:kaizen-bounces@lists.massopen.cloud> on behalf of Jeremy Freudberg jeremy@massopen.cloud <mailto:jeremy@massopen.cloud> Sent: Tuesday, October 17, 2017 12:01:54 AM To: kaizen@lists.massopen.cloud <mailto:kaizen@lists.massopen.cloud> Subject: [Kaizen] Fwd: Error - Maximum number of ports exceeded (HTTP 403) Hmm... I thought this problem was already fixed, generally: 2c9b599 <https://github.com/CCI-MOC/moc-openstack-tools/commit/2c9b5998388bcb9af883908d64b4f099cb855be2> -------- Original Message -------- Subject: [Kaizen] Error - Maximum number of ports exceeded (HTTP 403) Date: 2017-10-16 23:52 From: Kia Teymourian kiat@bu.edu <mailto:kiat@bu.edu> To: kaizen@lists.massopen.cloud <mailto:kaizen@lists.massopen.cloud> Hi, when I try to start more than 7 instances, I get the following error "Maximum number of ports exceeded (HTTP 403) (Request-ID: req-339c4be6-7272-481a-b71d-2eb3263a6efb)" My project name is "DataStreamAnalysis" I have only two public IPs and assign only one IP to the one of the machines (my Master machine). I need that all ports are open inside the cluster network (inside my own VPC). Could you please help me with this. Thanks, Kia Teymourian
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/CCI-MOC/moc-openstack-tools/issues/91, or mute the thread https://github.com/notifications/unsubscribe-auth/ABfSV7eoqdiLsSUFPJ203FqkQ2ZRenfPks5stfMugaJpZM4P9p1C.
Rado, isn't an unlimited (infinite) quota a bit dangerous? A malevolent user can create \<insert massive number> ports, and overwhelm Openvswitch... (What I'm not sure about is if infinite ports is any more risky than infinite security groups)
In theory yes but current restrictions make a lot of hassle.... Make it 3*VMs then....
I'll be picking this up. @radonm I'll let you know before editing the value on the VM.
Jeremy Freudberg jfreud@bu.edu Reply all| Yesterday, 10:35 PM Saowarattitada, Piyanai; MOC Team kaizen@lists.massopen.cloud Actually, I just looked into this more closely now.
In my own project on Kaizen, I have one instance and the "standard" network topology which we recommend to users. This actually takes up 4 ports:
I just added myself to Kia's project as well, and I see 3 ports in use:
So actually we need to tweak our default quotas a bit. It should really be 13 ports and 10 instances for the default quota, not 10 and
(Worth noting that if a user creates a "non-standard" network topology, for example multiple interfaces on one VM, extra routers, no DHCP, etc, then this "extra" 3 ports might be a different number. But if they are doing that then they are probably smart enough to know what a port is in the Neutron sense.)
10 - 3 = 7 which fits with Kia's observed problem.
But what I can't remember, from back in the old days of Liberty/Mitaka, was it always 3 ports taken up? I mean, was there always 2 DHCP agents there? I really can't remember.
TL;DR -- Increase the default port quota by 3 and everyone is happy.