Jump to: navigation, search

Difference between revisions of "APIs for Domain Quota Driver"

(Implementation)
(Implementation)
Line 9: Line 9:
 
= Implementation =
 
= Implementation =
  
=== APIs ====
+
=== APIs ===
 
Please check the following table for the APIs to manage Quotas for Domain, Project and User respectively. These APIs can be used by admin (i.e with role admin) to get the quota limits of any domain/project/user. A non-admin user can only use these APIs to see the quotas of a domain to which he/she belongs or of a project in which he/she is a member. In addition the non-admin user can see his/her own quota limits. To make this possible, Keystone V3 auth tokens needs to be used. The context provided by the token has domain_id, project_id and user_id respectively.  
 
Please check the following table for the APIs to manage Quotas for Domain, Project and User respectively. These APIs can be used by admin (i.e with role admin) to get the quota limits of any domain/project/user. A non-admin user can only use these APIs to see the quotas of a domain to which he/she belongs or of a project in which he/she is a member. In addition the non-admin user can see his/her own quota limits. To make this possible, Keystone V3 auth tokens needs to be used. The context provided by the token has domain_id, project_id and user_id respectively.  
  

Revision as of 12:44, 18 February 2014

Introduction

The existing DbQuotaDriver in Nova allows to set the Quotas at Project/Tenant and User Level. But there is a need to enforce the quotas at Domain Level as well. A new driver called "Domain Quota Driver" is available to enforce domain quotas in Nova. To use this driver, a new set of APIs and Command Line tools are required for CRUD operations on quotas at domain, project and user level.

Quotas in Nova

Currently, OpenStack services make usage of quotas to limit the resources for a project or for a user. For example, the “Instances” quota represents the number of instances that can be created in a project or by a user. Through Domain Quota Driver, the same options for Quotas are available in the context of domain. To read more about Domain Quota Driver and see the available options for quotas, check https://wiki.openstack.org/wiki/DomainQuotaDriver

Implementation

APIs

Please check the following table for the APIs to manage Quotas for Domain, Project and User respectively. These APIs can be used by admin (i.e with role admin) to get the quota limits of any domain/project/user. A non-admin user can only use these APIs to see the quotas of a domain to which he/she belongs or of a project in which he/she is a member. In addition the non-admin user can see his/her own quota limits. To make this possible, Keystone V3 auth tokens needs to be used. The context provided by the token has domain_id, project_id and user_id respectively.

Method URI Description
GET v2/{tenant_id}/domain-quota-sets/{domain_id} Shows quotas for a Domain
GET v2/{tenant_id}/domain-quota-sets/{domain_id}/defaults Shows default quotas for a Domain
GET v2/{tenant_id}/domain-quota-sets/{domain_id}?project_id={project_id} Shows quotas for a Project
GET v2/{tenant_id}/domain-quota-sets/{domain_id}?project_id={project_id}&user_id={user_id} Shows quotas for a User in a Project
DELETE v2/{tenant_id}/domain-quota-sets/{domain_id} Deletes quotas for the domain and for all the projects in this domain (In addition deletes quota for all the users in the projects)
DELETE v2/{tenant_id}/domain-quota-sets/{domain_id}?project_id={project_id} Deletes quotas for a Project and for all the Users in that Project
DELETE v2/{tenant_id}/domain-quota-sets/{domain_id}?project_id={project_id}&user_id={user_id} Delete quotas for a User in a Project
PUT v2/{tenant_id}/domain-quota-sets/{domain_id} Creates or Updates quotas for the domain
PUT v2/{tenant_id}/domain-quota-sets/{domain_id}?project_id={project_id} Creates or Updates quotas for a Project
PUT v2/{tenant_id}/domain-quota-sets/{domain_id}?project_id={project_id}&user_id={user_id} Creates or Updates quotas for a User in a Project

Nova Commands

Following commands have been added to nova for Domain Quota Management

$> nova domain-quota-show

List the quotas for a domain/tenant/user.

Positional arguments:

 <domain-id>           ID of domain to list the quotas for.

Optional arguments:

 --tenant <tenant-id>  ID of tenant to list the quotas for.
 --user <user-id>      ID of user to list the quotas for.


$> nova domain-quota-defaults List the default quotas for a domain.

Positional arguments:

 <domain-id>  ID of domain to list the default quotas for.


$> nova domain-quota-delete Delete quota for a domain/tenant/user so their quota will Revert back to default.

Positional arguments:

 <domain-id>           ID of domain to delete quota for.

Optional arguments:

 --tenant <tenant-id>  ID of tenant to delete quota for.
 --user <user-id>      ID of user to delete quota for.


$> nova domain-quota-update Update the quotas for a domain/tenant/user.

Positional arguments:

 <domain-id>           ID of domain to set the quotas for.

Optional arguments:

 --tenant <tenant-id>  ID of tenant to set the quotas for.
 --user <user-id>      ID of user to set the quotas for.
 --instances <instances>
                       New value for the "instances" quota.
 --cores <cores>       New value for the "cores" quota.
 --ram <ram>           New value for the "ram" quota.
 --floating-ips <floating-ips>
                       New value for the "floating-ips" quota.
 --fixed-ips <fixed-ips>
                       New value for the "fixed-ips" quota.
 --metadata-items <metadata-items>
                       New value for the "metadata-items" quota.
 --injected-files <injected-files>
                       New value for the "injected-files" quota.
 --injected-file-content-bytes <injected-file-content-bytes>
                       New value for the "injected-file-content-bytes" quota.
 --injected-file-path-bytes <injected-file-path-bytes>
                       New value for the "injected-file-path-bytes" quota.
 --key-pairs <key-pairs>
                       New value for the "key-pairs" quota.
 --security-groups <security-groups>
                       New value for the "security-groups" quota.
 --security-group-rules <security-group-rules>
                       New value for the "security-group-rules" quota.