Jump to: navigation, search

Difference between revisions of "KeystoneCentralizedQuotaManagement"

(Design)
(Design)
 
(27 intermediate revisions by 2 users not shown)
Line 56: Line 56:
 
The proposed solution implies storing Quotas in Keystone.  
 
The proposed solution implies storing Quotas in Keystone.  
  
Keystone API will get additional endpoint and set of operations to adjust Quotas for various resources for Users and Projects (and Domains). Keystone DB will be extended with appropriate fields to store Quota information. Other Openstack components will be requesting resource reservations via Keystone API.
+
Keystone API will get additional endpoint and set of operations to adjust Quotas for various resources for Users and Projects. Keystone DB will be extended with appropriate fields to store Quota information. Other Openstack components will be requesting resource reservations via Keystone API.
  
[[File:KeystoneQuotasSampleWorkflow.png|400x768px]]
+
<b>Sample workflow: Launching VM instance</b>
 +
[[File:KeystoneQuotasSampleWorkflow.png]]<br/>
 +
1. Client obtains token from the Keystone<br/>
 +
2. Client sends request to Nova API to launch VM instance<br/>
 +
3. Nova API verifies token in Keystone<br/>
 +
4. Nova requests Keystone to get all available quotas for project/user. Nova calculates amount of used resources and allows or permits operation<br/>
 +
5. Nova API calls nova-compute via RPC to launch VM instance. <br/>
  
 
===REST API===
 
===REST API===
  
<b>Get resource list.</b>
+
<b>Get resource list</b>
 
<pre><nowiki>
 
<pre><nowiki>
GET v3/os-quotas/resources
+
GET v3/OS-QUOTAS/resources
 
Content-Type application/json
 
Content-Type application/json
 
Accept application/json
 
Accept application/json
Line 84: Line 90:
  
  
<b>Create resource.</b>
+
<b>Create resource</b>
 
<pre><nowiki>
 
<pre><nowiki>
POST v3/os-quotas/resources
+
POST v3/OS-QUOTAS/resources
 
Content-Type application/json
 
Content-Type application/json
 
Accept application/json
 
Accept application/json
Line 98: Line 104:
 
     "resource": {
 
     "resource": {
 
         "name": "nova.instances",
 
         "name": "nova.instances",
         "default_value": 10
+
         "default_limit": 10
 
     }
 
     }
 
}
 
}
Line 104: Line 110:
  
  
<b>Get resource.</b>
+
<b>Get resource</b>
 
<pre><nowiki>
 
<pre><nowiki>
GET v3/os-quotas/resources/[resource-id]
+
GET v3/OS-QUOTAS/resources/[resource-id]
 
Content-Type application/json
 
Content-Type application/json
 
Accept application/json
 
Accept application/json
Line 118: Line 124:
 
     "resource": {
 
     "resource": {
 
         "name": "nova.instances",
 
         "name": "nova.instances",
         "default_value": 10
+
         "default_limit": 10
 
     }
 
     }
 
}
 
}
Line 124: Line 130:
  
  
<b>Update resource.</b>
+
<b>Update resource</b>
 
<pre><nowiki>
 
<pre><nowiki>
PUT v3/os-quotas/resources/[resource-id]
+
PATCH v3/OS-QUOTAS/resources/[resource-id]
 
Content-Type application/json
 
Content-Type application/json
 
Accept application/json
 
Accept application/json
Line 138: Line 144:
 
     "resource": {
 
     "resource": {
 
         "name": "nova.instances",
 
         "name": "nova.instances",
         "default_value": 10
+
         "default_limit": 10
 
     }
 
     }
 
}
 
}
Line 147: Line 153:
 
     "resource": {
 
     "resource": {
 
         "name": "nova.instances",
 
         "name": "nova.instances",
         "default_value": 10
+
         "default_limit": 10
 
     }
 
     }
 
}
 
}
Line 153: Line 159:
  
  
<b>Delete resource.</b>
+
<b>Delete resource</b>
 
<pre><nowiki>
 
<pre><nowiki>
DELETE v3/os-quotas/resources/[resource-id]
+
DELETE v3/OS-QUOTAS/resources/[resource-id]
 
Content-Type application/json
 
Content-Type application/json
 
Accept application/json
 
Accept application/json
Line 164: Line 170:
  
  
<b>Get quota list.</b>
+
<b>Get quota list</b>
 
<pre><nowiki>
 
<pre><nowiki>
GET v3/os-quotas/[subject-type]/[subject-id]/quotas
+
GET v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas
 
Content-Type application/json
 
Content-Type application/json
 
Accept application/json
 
Accept application/json
 
</nowiki></pre>
 
</nowiki></pre>
 +
(subject-type is 'user' or 'project')<br/>
  
 
Normal Response Code: 200<br/>
 
Normal Response Code: 200<br/>
Line 179: Line 186:
 
         {
 
         {
 
             "id": "000-id-000",
 
             "id": "000-id-000",
             "resource-name": "nova.ram",
+
             "resource_name": "nova.ram",
 
             "limit": 1024
 
             "limit": 1024
 
         },
 
         },
 
         {
 
         {
 
             "id": "111-id-111",
 
             "id": "111-id-111",
             "resource-name": "nova.vcpu",
+
             "resource_name": "nova.vcpu",
 
             "limit": 16
 
             "limit": 16
 
         },
 
         },
Line 192: Line 199:
  
  
<b>Create quota.</b>
+
<b>Create quota</b>
 
<pre><nowiki>
 
<pre><nowiki>
POST v3/os-quotas/[subject-type]/[subject-id]/quotas
+
POST v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas
 
Content-Type application/json
 
Content-Type application/json
 
Accept application/json
 
Accept application/json
 
</nowiki></pre>
 
</nowiki></pre>
 +
(subject-type is 'user' or 'project')<br/>
  
 
Normal Response Code: 200<br/>
 
Normal Response Code: 200<br/>
Line 205: Line 213:
 
{
 
{
 
     "quota": {
 
     "quota": {
         "resource-name": "nova.ram",
+
         "resource_name": "nova.ram",
 
         "limit": 1024
 
         "limit": 1024
 
     }
 
     }
Line 214: Line 222:
 
{
 
{
 
     "quota": {
 
     "quota": {
         "resource-name": "nova.ram",
+
         "resource_name": "nova.ram",
 
         "limit": 1024
 
         "limit": 1024
 
     }
 
     }
Line 221: Line 229:
  
  
<b>Get quota.</b>
+
<b>Get quota</b>
 
<pre><nowiki>
 
<pre><nowiki>
GET v3/os-quotas/[subject-type]/[subject-id]/quotas/[quota-id]
+
GET v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas/[quota-id]
 
Content-Type application/json
 
Content-Type application/json
 
Accept application/json
 
Accept application/json
 
</nowiki></pre>
 
</nowiki></pre>
 +
(subject-type is 'user' or 'project')<br/>
  
 
Normal Response Code: 200<br/>
 
Normal Response Code: 200<br/>
Line 234: Line 243:
 
{
 
{
 
     "quota": {
 
     "quota": {
         "resource-name": "nova.ram",
+
         "resource_name": "nova.ram",
 
         "limit": 1024
 
         "limit": 1024
 
     }
 
     }
Line 240: Line 249:
 
</nowiki></pre>
 
</nowiki></pre>
  
<b>Update quota.</b>
+
<b>Update quota</b>
 
<pre><nowiki>
 
<pre><nowiki>
PUT v3/os-quotas/[subject-type]/[subject-id]/quotas/[quota-id]
+
PATCH v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas/[quota-id]
 
Content-Type application/json
 
Content-Type application/json
 
Accept application/json
 
Accept application/json
 
</nowiki></pre>
 
</nowiki></pre>
 +
(subject-type is 'user' or 'project')<br/>
  
 
Normal Response Code: 200<br/>
 
Normal Response Code: 200<br/>
Line 253: Line 263:
 
{
 
{
 
     "quota": {
 
     "quota": {
         "resource-name": "nova.ram",
+
         "resource_name": "nova.ram",
 
         "limit": 1024
 
         "limit": 1024
 
     }
 
     }
Line 270: Line 280:
  
  
<b>Delete quota.</b>
+
<b>Delete quota</b>
 
<pre><nowiki>
 
<pre><nowiki>
DELETE v3/os-quotas/[subject-type]/[subject-id]/quotas/[quota-id]
+
DELETE v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas/[quota-id]
 
Content-Type application/json
 
Content-Type application/json
 
Accept application/json
 
Accept application/json
 
</nowiki></pre>
 
</nowiki></pre>
 +
(subject-type is 'user' or 'project')<br/>
  
 
Normal Response Code: 200<br/>
 
Normal Response Code: 200<br/>
 
Error Response Codes: Unauthorized (401), Not Found (404)<br/>
 
Error Response Codes: Unauthorized (401), Not Found (404)<br/>
 
 
<b>Create reservation.</b>
 
<pre><nowiki>
 
POST v3/os-quotas/[subject-type]/[subject-id]/reservations
 
Content-Type application/json
 
Accept application/json
 
</nowiki></pre>
 
 
Normal Response Code: 200<br/>
 
Error Response Codes: Unauthorized (401)<br/>
 
Request:<br/>
 
<pre><nowiki>
 
{
 
    "reservations": [
 
        {
 
            "resource-name": "nova.ram",
 
            "amount": 1024
 
        },
 
        {
 
            "resource-name": "nova.vcpu",
 
            "amount": 1
 
        }
 
    ]
 
}
 
</nowiki></pre>
 
Response:<br/>
 
<pre><nowiki>
 
{
 
    "reservations": [
 
        {
 
            "id": "000-id-000",
 
            "resource-name": "nova.ram",
 
            "amount": 1024
 
        },
 
        {
 
            "id": "111-id-111",
 
            "resource-name": "nova.vcpu",
 
            "amount": 1
 
        }
 
    ]
 
}
 
</nowiki></pre>
 
 
 
<b>Delete reservation.</b>
 
<pre><nowiki>
 
DELETE v3/os-quotas/[subject-type]/[subject-id]/reservations
 
Content-Type application/json
 
Accept application/json
 
</nowiki></pre>
 
 
Normal Response Code: 200<br/>
 
Error Response Codes: Unauthorized (401), Not Found (404)<br/>
 
 
 
<b>Get reservation.</b>
 
<pre><nowiki>
 
GET v3/os-quotas/[subject-type]/[subject-id]/reservations/[reservation-id]
 
Content-Type application/json
 
Accept application/json
 
</nowiki></pre>
 
 
Normal Response Code: 200<br/>
 
Error Response Codes: Unauthorized (401), Not Found (404)<br/>
 
Response:<br/>
 
<pre><nowiki>
 
{
 
    "reservation": {
 
        "id": "000-id-000",
 
        "resource-name": "nova.ram",
 
        "amount": 1024
 
    }
 
}
 
</nowiki></pre>
 
 
<b>Get reservation list.</b>
 
<pre><nowiki>
 
GET v3/os-quotas/[subject-type]/[subject-id]/reservations?filter=...
 
Content-Type application/json
 
Accept application/json
 
</nowiki></pre>
 
 
Normal Response Code: 200<br/>
 
Error Response Codes: Unauthorized (401)<br/>
 
 
Response:<br/>
 
<pre><nowiki>
 
{
 
    "reservations": [
 
        {
 
            "id": "000-id-000",
 
            "resource-name": "nova.ram",
 
            "amount": 1024
 
        },
 
        {
 
            "id": "111-id-111",
 
            "resource-name": "nova.vcpu",
 
            "amount": 1
 
        }
 
    ]
 
}
 
</nowiki></pre>
 
  
 
== Implementation ==
 
== Implementation ==
Line 389: Line 297:
  
  
'resources' table stores the information required for the resources. <br/>
+
'resources' table stores information required for the resources. <br/>
 
'project_quotas' table stores quotas information for projects.<br/>
 
'project_quotas' table stores quotas information for projects.<br/>
 
'user_quotas' table stores quotas information for users.<br/>
 
'user_quotas' table stores quotas information for users.<br/>
'project_reservations' stores the information about used by projects resources.<br/>
 
'user_reservations' stores the information about used by users resources.<br/>
 
  
 
Details of fields of various DB tables is mentioned below,
 
Details of fields of various DB tables is mentioned below,
Line 404: Line 310:
 
|id || primary key
 
|id || primary key
 
|-
 
|-
|name || name of the resource in the format <Service-Name>.<Resource Name>. For eg., nova.instances
+
|name || name of the resource in the format <Service-Name>.<Resource Name>. For example, nova.instances
 
|-
 
|-
 
|description || resource description
 
|description || resource description
Line 435: Line 341:
 
|-
 
|-
 
| limit || absolute quota limit
 
| limit || absolute quota limit
|}
 
 
'''Project_Reservations Table'''
 
{| class="wikitable"
 
|-
 
! Column || Description
 
|-
 
| id || primary key
 
|-
 
| project_id || foreign key to projects table
 
|-
 
| resource_id || foreign key to resources table
 
|-
 
| delta || resource usage delta
 
|-
 
| object_id || id of target object (VM instance, volume, image)
 
|-
 
| expiration_time || time for confirmation waiting
 
|-
 
| confirmed || confirmation flag
 
|}
 
 
'''User_Reservations Table'''
 
{| class="wikitable"
 
|-
 
! Column || Description
 
|-
 
| id || primary key
 
|-
 
| user_id || foreign key to users table
 
|-
 
| resource_id || foreign key to resources table
 
|-
 
| delta || resource usage delta
 
|-
 
| object_id || id of target object (VM instance, volume, image)
 
|-
 
| expiration_time || time for confirmation waiting
 
|-
 
| confirmed || confirmation flag
 
 
|}
 
|}
  
 
== Open Stack Quota References ==
 
== Open Stack Quota References ==
This is a list of URLs of work on quotas within OpenStack.
+
This is a list of URLs which shows current status of work on quotas within OpenStack.
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
 
! Topic || URI || Notes
 
! Topic || URI || Notes
 
|-
 
|-
| Per-user quotas support || https://blueprints.launchpad.net/nova/+spec/per-user-quotas || Blocked to be re-introduced in Grizzly
+
| Per-user quotas support || https://blueprints.launchpad.net/nova/+spec/per-user-quotas || Blocked. To be re-introduced in Grizzly
 
|-
 
|-
| Stores Quotas centrally in Keystone || http://wiki.openstack.org/KeystoneStoreQuotaData ||  
+
| Keystone as a central Quota Storage || http://wiki.openstack.org/KeystoneStoreQuotaData ||  
 
|-
 
|-
 
| Quantum Quotas ||  http://docs.openstack.org/api/openstack-network/2.0/content/List_Quotas.html ||
 
| Quantum Quotas ||  http://docs.openstack.org/api/openstack-network/2.0/content/List_Quotas.html ||
Line 493: Line 359:
 
| Quota Project: An effective way to manage the usage of your Swift-based storage cloud || http://www.zmanda.com/blogs/?cat=22 ||
 
| Quota Project: An effective way to manage the usage of your Swift-based storage cloud || http://www.zmanda.com/blogs/?cat=22 ||
 
|-
 
|-
! Update Limits and Quotas to Key On volume_type || https://blueprints.launchpad.net/cinder/+spec/quotas-limits-by-voltype ||  Not started, grizzly-3 target
+
! Update Limits and Quotas to Key On volume_type || https://blueprints.launchpad.net/cinder/+spec/quotas-limits-by-voltype ||  Not started yet, targeted at grizzly-3  
 
|-
 
|-
 
| Demystifying OpenStack Folsom Quotas ||  http://ops.anthonygoddard.com/OpenStack/demystifying-openstack-folsom-quotas/ || Explains Cinder/Nova quota separation
 
| Demystifying OpenStack Folsom Quotas ||  http://ops.anthonygoddard.com/OpenStack/demystifying-openstack-folsom-quotas/ || Explains Cinder/Nova quota separation

Latest revision as of 11:07, 16 July 2013

Introduction

TBD

Openstack Quotas

quotas type default values description
nova.instances reservable 10 number of instances allowed per project
nova.cores reservable 20 number of instance cores allowed per project
nova.ram reservable 50*1024 megabytes of instance ram allowed per project
nova.floating_ips reservable 10 number of floating ips allowed per project
nova.fixed_ips reservable -1 number of fixed ips allowed per project
nova.metadata_items absolute 128 number of metadata items allowed per instance
nova.injected_files absolute 5 number of injected files allowed
nova.injected_files_content_bytes absolute 10*1024 number of bytes allowed per injected file
nova.injected_file_path_bytes absolute 255 number of bytes allowed per injected file path
nova.security_groups reservable 10 number of security groups per project
nova.security_groups_rules countable 20 number of security rules per security group
nova.key_pairs countable 100 number of key pairs per user
cinder.volumes reservable 10 number of volumes allowed per project
cinder.snapshots reservable 10 number of volume snapshots allowed per project
cinder.gigabytes reservable 1000 number of volume gigabytes (snapshots are also included) per project
quantum.network countable 10 Number of networks allowed per tenant
quantum.subnet countable 10 Number of subnets allowed per tenant
quantum.port countable 50 number of ports allowed per tenant

User Stories

TBD

Design

The proposed solution implies storing Quotas in Keystone.

Keystone API will get additional endpoint and set of operations to adjust Quotas for various resources for Users and Projects. Keystone DB will be extended with appropriate fields to store Quota information. Other Openstack components will be requesting resource reservations via Keystone API.

Sample workflow: Launching VM instance KeystoneQuotasSampleWorkflow.png
1. Client obtains token from the Keystone
2. Client sends request to Nova API to launch VM instance
3. Nova API verifies token in Keystone
4. Nova requests Keystone to get all available quotas for project/user. Nova calculates amount of used resources and allows or permits operation
5. Nova API calls nova-compute via RPC to launch VM instance.

REST API

Get resource list

GET v3/OS-QUOTAS/resources
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Response:

{
    "resources": [
        "nova.instances",
        "nova.cores",
        "nova.ram",
        "cinder.volumes"
    ]
}


Create resource

POST v3/OS-QUOTAS/resources
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Request:

{
    "resource": {
        "name": "nova.instances",
        "default_limit": 10
    }
}


Get resource

GET v3/OS-QUOTAS/resources/[resource-id]
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Response:

{
    "resource": {
        "name": "nova.instances",
        "default_limit": 10
    }
}


Update resource

PATCH v3/OS-QUOTAS/resources/[resource-id]
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Request:

{
    "resource": {
        "name": "nova.instances",
        "default_limit": 10
    }
}

Response:

{
    "resource": {
        "name": "nova.instances",
        "default_limit": 10
    }
}


Delete resource

DELETE v3/OS-QUOTAS/resources/[resource-id]
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)


Get quota list

GET v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas
Content-Type application/json
Accept application/json

(subject-type is 'user' or 'project')

Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Response:

{
    "quotas": [
        {
            "id": "000-id-000",
            "resource_name": "nova.ram",
            "limit": 1024
        },
        {
            "id": "111-id-111",
            "resource_name": "nova.vcpu",
            "limit": 16
        },
    ]
}


Create quota

POST v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas
Content-Type application/json
Accept application/json

(subject-type is 'user' or 'project')

Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Request:

{
    "quota": {
        "resource_name": "nova.ram",
        "limit": 1024
    }
}

Response:

{
    "quota": {
        "resource_name": "nova.ram",
        "limit": 1024
    }
}


Get quota

GET v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas/[quota-id]
Content-Type application/json
Accept application/json

(subject-type is 'user' or 'project')

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Response:

{
    "quota": {
        "resource_name": "nova.ram",
        "limit": 1024
    }
}

Update quota

PATCH v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas/[quota-id]
Content-Type application/json
Accept application/json

(subject-type is 'user' or 'project')

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Request:

{
    "quota": {
        "resource_name": "nova.ram",
        "limit": 1024
    }
}

Response:

{
    "quota": {
        "id": "000-id-000",
        "resource-name": "nova.ram",
        "limit": 1024
    }
}


Delete quota

DELETE v3/OS-QUOTAS/[subject-type]/[subject-id]/quotas/[quota-id]
Content-Type application/json
Accept application/json

(subject-type is 'user' or 'project')

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)

Implementation


Information will be stored in new tables in keystone which are as shown below 


'resources' table stores information required for the resources.
'project_quotas' table stores quotas information for projects.
'user_quotas' table stores quotas information for users.

Details of fields of various DB tables is mentioned below,

Resources Table

Column Description
id primary key
name name of the resource in the format <Service-Name>.<Resource Name>. For example, nova.instances
description resource description

Project_Quotas Table

Column Description
id primary key
project_id foreign key to projects table
resource_id foreign key to resources table
limit absolute quota limit

User_Quotas Table

Column Description
id primary key
user_id foreign key to users table
resource_id foreign key to resources table
limit absolute quota limit

Open Stack Quota References

This is a list of URLs which shows current status of work on quotas within OpenStack.

Topic URI Notes
Per-user quotas support https://blueprints.launchpad.net/nova/+spec/per-user-quotas Blocked. To be re-introduced in Grizzly
Keystone as a central Quota Storage http://wiki.openstack.org/KeystoneStoreQuotaData
Quantum Quotas http://docs.openstack.org/api/openstack-network/2.0/content/List_Quotas.html
Swift Quotas https://blueprints.launchpad.net/swift/+spec/storage-quotas Implementation status unknown
Quota Project: An effective way to manage the usage of your Swift-based storage cloud http://www.zmanda.com/blogs/?cat=22
Update Limits and Quotas to Key On volume_type https://blueprints.launchpad.net/cinder/+spec/quotas-limits-by-voltype Not started yet, targeted at grizzly-3
Demystifying OpenStack Folsom Quotas http://ops.anthonygoddard.com/OpenStack/demystifying-openstack-folsom-quotas/ Explains Cinder/Nova quota separation
per-user quotas support https://blueprints.launchpad.net/nova/+spec/per-user-quotas Blocked by bug https://bugs.launchpad.net/nova/+bug/1034384. It will be re-introduced into Grizzly