File: api-configuration.rst

package info (click to toggle)
cinder 2%3A27.0.0-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 44,800 kB
  • sloc: python: 496,299; pascal: 2,230; sh: 394; makefile: 104; xml: 26
file content (78 lines) | stat: -rw-r--r-- 2,853 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
=================
API Configuration
=================

.. todo::

   This needs to be expanded to include information on e.g. PasteDeploy.

Rate limiting
-------------

.. warning::

   This is legacy functionality that is poorly tested and may be removed in the
   future. You may wish to enforce rate limiting through a proxy server
   instead.

Cinder supports admin-configured API limits. These are disabled by default but
can be configured by modifying :file:`api-paste.ini` to enabled the
``RateLimitingMiddleware`` middleware. For example, given the following
composite application definitions in e.g. ``/etc/cinder/api-paste.ini``:

.. code-block:: ini

  [composite:openstack_volume_api_v2]
  use = call:cinder.api.middleware.auth:pipeline_factory
  noauth = cors ... apiv2
  keystone = cors ... apiv2
  keystone_nolimit = cors ... apiv2

  [composite:openstack_volume_api_v3]
  use = call:cinder.api.middleware.auth:pipeline_factory
  noauth = cors ... apiv3
  keystone = cors ... apiv3
  keystone_nolimit = cors ... apiv3

You can configure rate limiting by adding a new filter to call
``RateLimitingMiddleware`` and configure the composite applications to use this
filter:

.. code-block:: ini

  [composite:openstack_volume_api_v2]
  use = call:cinder.api.middleware.auth:pipeline_factory
  noauth = cors ... ratelimit apiv2
  keystone = cors ... ratelimit apiv2
  keystone_nolimit = cors ... ratelimit apiv2

  [composite:openstack_volume_api_v3]
  use = call:cinder.api.middleware.auth:pipeline_factory
  noauth = cors ... ratelimit apiv3
  keystone = cors ... ratelimit apiv3
  keystone_nolimit = cors ... ratelimit apiv3

  [filter:ratelimit]
  paste.filter_factory = cinder.api.v2.limits:RateLimitingMiddleware.factory

Once configured, restart the :program:`cinder-api` service. Users can then view
API limits using the ``openstack limits show --rate`` command. For example:

.. code-block:: bash

   $ openstack limits show --rate
   +--------+-----------------+-------+--------+--------+---------------------+
   | Verb   | URI             | Value | Remain | Unit   | Next Available      |
   +--------+-----------------+-------+--------+--------+---------------------+
   | POST   | *               |    10 |     10 | MINUTE | 2021-03-23T12:36:09 |
   | PUT    | *               |    10 |     10 | MINUTE | 2021-03-23T12:36:09 |
   | DELETE | *               |   100 |    100 | MINUTE | 2021-03-23T12:36:09 |
   | POST   | */servers       |    50 |     50 | DAY    | 2021-03-23T12:36:09 |
   | GET    | *changes-since* |     3 |      3 | MINUTE | 2021-03-23T12:36:09 |
   +--------+-----------------+-------+--------+--------+---------------------+

.. note::

   Rate limits are entirely separate from absolute limits, which track resource
   utilization and can be seen using the ``openstack limits show --absolute``
   command.