API Configuration¶
Rate limiting¶
Warning
This is legacy functionality that is poorly tested and may be removed in the future. You may wish to enforce rate limiting through a proxy server instead.
Cinder supports admin-configured API limits. These are disabled by default but
can be configured by modifying api-paste.ini
to enabled the
RateLimitingMiddleware
middleware. For example, given the following
composite application definitions in e.g. /etc/cinder/api-paste.ini
:
[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors ... apiv2
keystone = cors ... apiv2
keystone_nolimit = cors ... apiv2
[composite:openstack_volume_api_v3]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors ... apiv3
keystone = cors ... apiv3
keystone_nolimit = cors ... apiv3
You can configure rate limiting by adding a new filter to call
RateLimitingMiddleware
and configure the composite applications to use this
filter:
[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors ... ratelimit apiv2
keystone = cors ... ratelimit apiv2
keystone_nolimit = cors ... ratelimit apiv2
[composite:openstack_volume_api_v3]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors ... ratelimit apiv3
keystone = cors ... ratelimit apiv3
keystone_nolimit = cors ... ratelimit apiv3
[filter:ratelimit]
paste.filter_factory = cinder.api.v2.limits:RateLimitingMiddleware.factory
Once configured, restart the cinder-api service. Users can then view
API limits using the openstack limits show --rate
command. For example:
$ openstack limits show --rate
+--------+-----------------+-------+--------+--------+---------------------+
| Verb | URI | Value | Remain | Unit | Next Available |
+--------+-----------------+-------+--------+--------+---------------------+
| POST | * | 10 | 10 | MINUTE | 2021-03-23T12:36:09 |
| PUT | * | 10 | 10 | MINUTE | 2021-03-23T12:36:09 |
| DELETE | * | 100 | 100 | MINUTE | 2021-03-23T12:36:09 |
| POST | */servers | 50 | 50 | DAY | 2021-03-23T12:36:09 |
| GET | *changes-since* | 3 | 3 | MINUTE | 2021-03-23T12:36:09 |
+--------+-----------------+-------+--------+--------+---------------------+
Note
Rate limits are entirely separate from absolute limits, which track resource
utilization and can be seen using the openstack limits show --absolute
command.