Red Hat SummitChapter 6. Viewing and managing quotas on DNS resources
Red Hat OpenStack Platform (RHOSP) provides a set of DNS resource quotas that cloud administrators can modify using the DNS service (designate). Using DNS quotas can help you to secure your RHOSP site from events like denial-of-service attacks, by setting a limit on projects' DNS resources. Using DNS quotas can also help you to track your users' DNS resource consumption. Cloud administrators can set DNS quota values that apply to all projects, or configure one or more quotas on a project-by-project basis.
The topics included in this section are:
6.1. Viewing quotas for DNS resources
You can view resource quotas for Red Hat OpenStack Platform (RHOSP) projects by using the DNS service (designate).
Prerequisites
- You must be a member of the project whose quotas you want to view.
-
A RHOSP user with the
adminrole can view quotas for any project.
Procedure
Source your credentials file.
- Example
$ source ~/overcloudrc
View the DNS resource quotas set for your project:
$ openstack dns quota list- Sample output
+-------------------+-------+ | Field | Value | +-------------------+-------+ | api_export_size | 1000 | | recordset_records | 20 | | zone_records | 500 | | zone_recordsets | 500 | | zones | 10 | +-------------------+-------+
A RHOSP user with the
adminrole can query the quotas for other projects:Obtain the ID for the project whose quotas you want to modify.
Remember the ID, because you need it for a later step.
$ openstack project listUsing the project ID, view the DNS resource quotas set for the project.
- Example
In this example, the DNS quotas for project ID
ecd4341280d645e5959d32a4b7659da1are displayed:$ openstack dns quota list --project-id ecd4341280d645e5959d32a4b7659da1- Sample output
+-------------------+-------+ | Field | Value | +-------------------+-------+ | api_export_size | 2500 | | recordset_records | 25 | | zone_records | 750 | | zone_recordsets | 750 | | zones | 25 | +-------------------+-------+
6.2. Modifying quotas for DNS resources
You can change DNS resource quotas for Red Hat OpenStack Platform (RHOSP) projects by using the DNS service (designate).
Prerequisites
-
You must be a RHOSP user with the
adminrole.
Procedure
As a cloud administrator, source your credentials file.
- Example
$ source ~/overcloudrc
Obtain the ID for the project whose quotas you want to modify.
Remember the ID, because you need it for a later step.
$ openstack project listUsing the project ID, modify a DNS resource quota for a project. For a list of available quotas, see Section 6.4, “DNS service quotas and their default values”.
- Example
In this example, the
zonesquota has been modified. The total number of zones that project IDecd4341280d645e5959d32a4b7659da1can contain is 30:$ openstack dns quota set --project-id ecd4341280d645e5959d32a4b7659da1 --zones 30- Sample output
+-------------------+-------+ | Field | Value | +-------------------+-------+ | api_export_size | 1000 | | recordset_records | 20 | | zone_records | 500 | | zone_recordsets | 500 | | zones | 30 | +-------------------+-------+
6.3. Resetting DNS resource quotas to their default values
You can reset DNS resource quotas for Red Hat OpenStack Platform (RHOSP) projects to their default values by using the DNS service (designate).
Prerequisites
-
You must be a RHOSP user with the
adminrole.
Procedure
As a cloud administrator, source your credentials file.
- Example
$ source ~/overcloudrc
Obtain the ID for the project whose quotas you want to reset.
Remember the ID, because you need it for a later step.
$ openstack project listUsing the project ID, reset the DNS resource quotas for a project.
- Example
In this example, the quotas for a project whose ID is
ecd4341280d645e5959d32a4b7659da1are being reset to the default values:$ openstack dns quota reset --project-id ecd4341280d645e5959d32a4b7659da1There is no output from a successful
openstack dns quota resetcommand.
Verification
Confirm that the DNS resource quotas for the project have been reset:
- Example
$ openstack dns quota list --project-id ecd4341280d645e5959d32a4b7659da1- Sample output
+-------------------+-------+ | Field | Value | +-------------------+-------+ | api_export_size | 1000 | | recordset_records | 20 | | zone_records | 500 | | zone_recordsets | 500 | | zones | 10 | +-------------------+-------+
6.4. DNS service quotas and their default values
The Red Hat OpenStack Platform (RHOSP) DNS service (designate) has quotas that a cloud administrator can set to limit DNS resource consumption by cloud users in one or in all RHOSP projects.
| Quota | Default | Description |
|---|---|---|
|
| 10 | The number of zones allowed per project. |
| Quota | Default | Description |
|---|---|---|
|
| 500 | The number of record sets allowed per zone. |
|
| 500 | The number of records allowed per zone. |
|
| 20 | The number of records allowed per record set. |
| Quota | Default | Description |
|---|---|---|
|
| 1000 | The number of record sets allowed in a zone export. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}