Difference between revisions of "KeystoneCentralizedQuotaManagement"
(→REST API) |
(→Design) |
||
(13 intermediate revisions by the same user not shown) | |||
Line 56: | Line 56: | ||
The proposed solution implies storing Quotas in Keystone. | The proposed solution implies storing Quotas in Keystone. | ||
− | Keystone API will get additional endpoint and set of operations to adjust Quotas for various resources for Users and Projects | + | Keystone API will get additional endpoint and set of operations to adjust Quotas for various resources for Users and Projects. Keystone DB will be extended with appropriate fields to store Quota information. Other Openstack components will be requesting resource reservations via Keystone API. |
<b>Sample workflow: Launching VM instance</b> | <b>Sample workflow: Launching VM instance</b> | ||
Line 63: | Line 63: | ||
2. Client sends request to Nova API to launch VM instance<br/> | 2. Client sends request to Nova API to launch VM instance<br/> | ||
3. Nova API verifies token in Keystone<br/> | 3. Nova API verifies token in Keystone<br/> | ||
− | 4. Nova requests Keystone to | + | 4. Nova requests Keystone to get all available quotas for project/user. Nova calculates amount of used resources and allows or permits operation<br/> |
− | + | 5. Nova API calls nova-compute via RPC to launch VM instance. <br/> | |
− | |||
− | |||
− | |||
===REST API=== | ===REST API=== | ||
Line 107: | Line 104: | ||
"resource": { | "resource": { | ||
"name": "nova.instances", | "name": "nova.instances", | ||
− | " | + | "default_limit": 10 |
} | } | ||
} | } | ||
Line 127: | Line 124: | ||
"resource": { | "resource": { | ||
"name": "nova.instances", | "name": "nova.instances", | ||
− | " | + | "default_limit": 10 |
} | } | ||
} | } | ||
Line 135: | Line 132: | ||
<b>Update resource</b> | <b>Update resource</b> | ||
<pre><nowiki> | <pre><nowiki> | ||
− | + | PATCH v3/OS-QUOTAS/resources/[resource-id] | |
Content-Type application/json | Content-Type application/json | ||
Accept application/json | Accept application/json | ||
Line 147: | Line 144: | ||
"resource": { | "resource": { | ||
"name": "nova.instances", | "name": "nova.instances", | ||
− | " | + | "default_limit": 10 |
} | } | ||
} | } | ||
Line 156: | Line 153: | ||
"resource": { | "resource": { | ||
"name": "nova.instances", | "name": "nova.instances", | ||
− | " | + | "default_limit": 10 |
} | } | ||
} | } | ||
Line 179: | Line 176: | ||
Accept application/json | Accept application/json | ||
</nowiki></pre> | </nowiki></pre> | ||
+ | (subject-type is 'user' or 'project')<br/> | ||
Normal Response Code: 200<br/> | Normal Response Code: 200<br/> | ||
Line 207: | Line 205: | ||
Accept application/json | Accept application/json | ||
</nowiki></pre> | </nowiki></pre> | ||
+ | (subject-type is 'user' or 'project')<br/> | ||
Normal Response Code: 200<br/> | Normal Response Code: 200<br/> | ||
Line 236: | Line 235: | ||
Accept application/json | Accept application/json | ||
</nowiki></pre> | </nowiki></pre> | ||
+ | (subject-type is 'user' or 'project')<br/> | ||
Normal Response Code: 200<br/> | Normal Response Code: 200<br/> | ||
Line 251: | Line 251: | ||
<b>Update quota</b> | <b>Update quota</b> | ||
<pre><nowiki> | <pre><nowiki> | ||
− | + | PATCH v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas/[quota-id] | |
Content-Type application/json | Content-Type application/json | ||
Accept application/json | Accept application/json | ||
</nowiki></pre> | </nowiki></pre> | ||
+ | (subject-type is 'user' or 'project')<br/> | ||
Normal Response Code: 200<br/> | Normal Response Code: 200<br/> | ||
Line 285: | Line 286: | ||
Accept application/json | Accept application/json | ||
</nowiki></pre> | </nowiki></pre> | ||
+ | (subject-type is 'user' or 'project')<br/> | ||
Normal Response Code: 200<br/> | Normal Response Code: 200<br/> | ||
Error Response Codes: Unauthorized (401), Not Found (404)<br/> | Error Response Codes: Unauthorized (401), Not Found (404)<br/> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Implementation == | == Implementation == | ||
Line 401: | Line 300: | ||
'project_quotas' table stores quotas information for projects.<br/> | 'project_quotas' table stores quotas information for projects.<br/> | ||
'user_quotas' table stores quotas information for users.<br/> | 'user_quotas' table stores quotas information for users.<br/> | ||
− | |||
− | |||
Details of fields of various DB tables is mentioned below, | Details of fields of various DB tables is mentioned below, | ||
Line 444: | Line 341: | ||
|- | |- | ||
| limit || absolute quota limit | | limit || absolute quota limit | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|} | |} | ||
Latest revision as of 11:07, 16 July 2013
- Launchpad Entry: Store Quota Data
- Created: 04 July 2013
- Contributors: Dmitry Russkikh, Dmitry Stepanenko, Yehia Beyh, Glaucimar Aguiar , Tiago Martins, Akshat Kakkar Ulrich Schwickerath,
Contents
Introduction
TBD
Openstack Quotas
quotas | type | default values | description |
---|---|---|---|
nova.instances | reservable | 10 | number of instances allowed per project |
nova.cores | reservable | 20 | number of instance cores allowed per project |
nova.ram | reservable | 50*1024 | megabytes of instance ram allowed per project |
nova.floating_ips | reservable | 10 | number of floating ips allowed per project |
nova.fixed_ips | reservable | -1 | number of fixed ips allowed per project |
nova.metadata_items | absolute | 128 | number of metadata items allowed per instance |
nova.injected_files | absolute | 5 | number of injected files allowed |
nova.injected_files_content_bytes | absolute | 10*1024 | number of bytes allowed per injected file |
nova.injected_file_path_bytes | absolute | 255 | number of bytes allowed per injected file path |
nova.security_groups | reservable | 10 | number of security groups per project |
nova.security_groups_rules | countable | 20 | number of security rules per security group |
nova.key_pairs | countable | 100 | number of key pairs per user |
cinder.volumes | reservable | 10 | number of volumes allowed per project |
cinder.snapshots | reservable | 10 | number of volume snapshots allowed per project |
cinder.gigabytes | reservable | 1000 | number of volume gigabytes (snapshots are also included) per project |
quantum.network | countable | 10 | Number of networks allowed per tenant |
quantum.subnet | countable | 10 | Number of subnets allowed per tenant |
quantum.port | countable | 50 | number of ports allowed per tenant |
User Stories
TBD
Design
The proposed solution implies storing Quotas in Keystone.
Keystone API will get additional endpoint and set of operations to adjust Quotas for various resources for Users and Projects. Keystone DB will be extended with appropriate fields to store Quota information. Other Openstack components will be requesting resource reservations via Keystone API.
Sample workflow: Launching VM instance
1. Client obtains token from the Keystone
2. Client sends request to Nova API to launch VM instance
3. Nova API verifies token in Keystone
4. Nova requests Keystone to get all available quotas for project/user. Nova calculates amount of used resources and allows or permits operation
5. Nova API calls nova-compute via RPC to launch VM instance.
REST API
Get resource list
GET v3/OS-QUOTAS/resources Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Response:
{ "resources": [ "nova.instances", "nova.cores", "nova.ram", "cinder.volumes" ] }
Create resource
POST v3/OS-QUOTAS/resources Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Request:
{ "resource": { "name": "nova.instances", "default_limit": 10 } }
Get resource
GET v3/OS-QUOTAS/resources/[resource-id] Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Response:
{ "resource": { "name": "nova.instances", "default_limit": 10 } }
Update resource
PATCH v3/OS-QUOTAS/resources/[resource-id] Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Request:
{ "resource": { "name": "nova.instances", "default_limit": 10 } }
Response:
{ "resource": { "name": "nova.instances", "default_limit": 10 } }
Delete resource
DELETE v3/OS-QUOTAS/resources/[resource-id] Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Get quota list
GET v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas Content-Type application/json Accept application/json
(subject-type is 'user' or 'project')
Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Response:
{ "quotas": [ { "id": "000-id-000", "resource_name": "nova.ram", "limit": 1024 }, { "id": "111-id-111", "resource_name": "nova.vcpu", "limit": 16 }, ] }
Create quota
POST v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas Content-Type application/json Accept application/json
(subject-type is 'user' or 'project')
Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Request:
{ "quota": { "resource_name": "nova.ram", "limit": 1024 } }
Response:
{ "quota": { "resource_name": "nova.ram", "limit": 1024 } }
Get quota
GET v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas/[quota-id] Content-Type application/json Accept application/json
(subject-type is 'user' or 'project')
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Response:
{ "quota": { "resource_name": "nova.ram", "limit": 1024 } }
Update quota
PATCH v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas/[quota-id] Content-Type application/json Accept application/json
(subject-type is 'user' or 'project')
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Request:
{ "quota": { "resource_name": "nova.ram", "limit": 1024 } }
Response:
{ "quota": { "id": "000-id-000", "resource-name": "nova.ram", "limit": 1024 } }
Delete quota
DELETE v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas/[quota-id] Content-Type application/json Accept application/json
(subject-type is 'user' or 'project')
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Implementation
Information will be stored in new tables in keystone which are as shown below
'resources' table stores information required for the resources.
'project_quotas' table stores quotas information for projects.
'user_quotas' table stores quotas information for users.
Details of fields of various DB tables is mentioned below,
Resources Table
Column | Description |
---|---|
id | primary key |
name | name of the resource in the format <Service-Name>.<Resource Name>. For example, nova.instances |
description | resource description |
Project_Quotas Table
Column | Description |
---|---|
id | primary key |
project_id | foreign key to projects table |
resource_id | foreign key to resources table |
limit | absolute quota limit |
User_Quotas Table
Column | Description |
---|---|
id | primary key |
user_id | foreign key to users table |
resource_id | foreign key to resources table |
limit | absolute quota limit |
Open Stack Quota References
This is a list of URLs which shows current status of work on quotas within OpenStack.