← Back to team overview

openstack team mailing list archive

Problem with security_groups quota exceeded.

 

Hi! I would like some help with security group quotas. I'm using juju with
Essex, all from 12.04 repos.

I have two charms to create a hadoop cluster. Everything works fine up to 6
instances, then juju can't instantiate no one more.

#!/bin/bash
clear
juju bootstrap
sleep 60;
juju deploy --repository ~/charms local:hadoop-master
juju deploy --repository ~/charms local:hadoop-slave
sleep 200;
juju add-relation hadoop-slave hadoop-master
juju expose hadoop-master
sleep 10;
for i in {1..10} ; do
juju add-unit hadoop-slave; sleep 20;
done

The problem is in "juju add-unit hadoop-slave; sleep 20;" call, when 6
instances have already been instantiated.


The error in /var/log/nova/nova.api.log is:

2012-05-07 10:42:29 INFO nova.api.ec2
[req-f6d4cb5d-0e78-42b6-9ec9-3576ea8e882d f542658cb19a45319b765d58e7dcd320
31861e37c6be41b797ea9454c758f5a1] 0.207494s 172.16.0.2 GET /services/Cloud
CloudController:DescribeSecurityGroups 200 [Twisted PageGetter] text/plain
text/xml
2012-05-07 10:42:30 DEBUG nova.api.ec2
[req-6cb8c3ea-87d7-411d-9f9a-780f56a9c5f4 f542658cb19a45319b765d58e7dcd320
31861e37c6be41b797ea9454c758f5a1] action: CreateSecurityGroup from
(pid=9798) __call__
/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py:435
2012-05-07 10:42:30 DEBUG nova.api.ec2
[req-6cb8c3ea-87d7-411d-9f9a-780f56a9c5f4 f542658cb19a45319b765d58e7dcd320
31861e37c6be41b797ea9454c758f5a1] arg: GroupName              val:
juju-sample-8 from (pid=9798) __call__
/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py:437
2012-05-07 10:42:30 DEBUG nova.api.ec2
[req-6cb8c3ea-87d7-411d-9f9a-780f56a9c5f4 f542658cb19a45319b765d58e7dcd320
31861e37c6be41b797ea9454c758f5a1] arg: GroupDescription               val:
juju group for sample machine 8 from (pid=9798) __call__
/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py:437
2012-05-07 10:42:30 AUDIT nova.api.ec2.cloud
[req-6cb8c3ea-87d7-411d-9f9a-780f56a9c5f4 f542658cb19a45319b765d58e7dcd320
31861e37c6be41b797ea9454c758f5a1] Create Security Group juju-sample-8
2012-05-07 10:42:30 ERROR nova.api.ec2
[req-6cb8c3ea-87d7-411d-9f9a-780f56a9c5f4 f542658cb19a45319b765d58e7dcd320
31861e37c6be41b797ea9454c758f5a1] EC2APIError raised: Quota exceeded, too
many security groups.
2012-05-07 10:42:30 TRACE nova.api.ec2 Traceback (most recent call last):
2012-05-07 10:42:30 TRACE nova.api.ec2   File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py", line 582, in
__call__
2012-05-07 10:42:30 TRACE nova.api.ec2     result =
api_request.invoke(context)
2012-05-07 10:42:30 TRACE nova.api.ec2   File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/apirequest.py", line 81, in
invoke
2012-05-07 10:42:30 TRACE nova.api.ec2     result = method(context, **args)
2012-05-07 10:42:30 TRACE nova.api.ec2   File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/cloud.py", line 797, in
create_security_group
2012-05-07 10:42:30 TRACE nova.api.ec2     raise exception.EC2APIError(msg)
2012-05-07 10:42:30 TRACE nova.api.ec2 EC2APIError: Quota exceeded, too
many security groups.
2012-05-07 10:42:30 TRACE nova.api.ec2
2012-05-07 10:42:30 ERROR nova.api.ec2
[req-6cb8c3ea-87d7-411d-9f9a-780f56a9c5f4 f542658cb19a45319b765d58e7dcd320
31861e37c6be41b797ea9454c758f5a1] EC2APIError: Quota exceeded, too many
security groups.

---

The quotas have already been changed.

root@044:~# nova-manage project quota admin
2012-05-07 10:57:17 DEBUG nova.utils
[req-c516e88b-f184-4def-8106-9f1e884ddc8d None None] backend <module
'nova.db.sqlalchemy.api' from
'/usr/lib/python2.7/dist-packages/nova/db/sqlalchemy/api.pyc'> from
(pid=27673) __get_backend /usr/lib/python2.7/dist-packages/nova/utils.py:658
metadata_items: 128
volumes: 10
gigabytes: 1000
ram: 51200
security_group_rules: 500 <<<<<<<<<<
instances: 50
security_groups: 100 <<<<<<<<<<<<<
injected_file_content_bytes: 10240
floating_ips: 62
injected_files: 20
cores: 24


Analyzing the security groups, less than 10:

root@044:/var/lib/nova# nova secgroup-list
+---------------+---------------------------------+
|      Name     |           Description           |
+---------------+---------------------------------+
| default       | default                         |
| juju-sample   | juju group for sample           |
| juju-sample-0 | juju group for sample machine 0 |
| juju-sample-1 | juju group for sample machine 1 |
| juju-sample-2 | juju group for sample machine 2 |
| juju-sample-3 | juju group for sample machine 3 |
| juju-sample-4 | juju group for sample machine 4 |
| juju-sample-5 | juju group for sample machine 5 |
| juju-sample-6 | juju group for sample machine 6 |
| juju-sample-7 | juju group for sample machine 7 |
+---------------+---------------------------------+


When the error occurs, an instance is kept on "ERROR" state.

root@044:/var/log/nova# nova list
+--------------------------------------+------------+--------+-----------------------------------+
|                  ID                  |    Name    | Status |
 Networks             |
+--------------------------------------+------------+--------+-----------------------------------+
| 020e96f1-3c3a-4bbd-906f-befe2968857a | Server 93  | ACTIVE |
private=172.16.0.2, 10.1**** |
| 1550a1ff-cdab-4554-8b0c-80de0a835318 | Server 99  | ERROR  |
                      |
| 3e838865-3d33-4f4c-a142-92b38f9f5e14 | Server 94  | ACTIVE |
private=172.16.0.3, 10.1**** |
| 4b6b86e8-8f60-4911-ba04-7b75c75c067a | Server 97  | ACTIVE |
private=172.16.0.6, 10.1**** |
| 6cac491c-54da-4179-9afa-c96ebbbc4110 | Server 96  | ACTIVE |
private=172.16.0.5, 10.1**** |
| 9f6a8ab6-c4aa-44c0-b0e0-4bf47768302d | Server 95  | ACTIVE |
private=172.16.0.4, 10.1**** |
| b07be21f-d68e-4fd1-b5ba-f3e3693b20cf | Server 100 | ACTIVE |
private=172.16.0.9, 10.1**** |
| b2afca7f-1162-44ac-a2e3-74196fd35d9b | Server 98  | ACTIVE |
private=172.16.0.7, 10.1**** |
+--------------------------------------+------------+--------+-----------------------------------+


Thanks!


-- 
- MSc. Correa, J.L.

Follow ups