Difference between revisions of "KeystoneCentralizedQuotaManagement"
Dstepanenko (talk | contribs) (→Design) |
Dstepanenko (talk | contribs) (→Design) |
||
Line 64: | Line 64: | ||
3. Nova API verifies token in Keystone<br/> | 3. Nova API verifies token in Keystone<br/> | ||
4. Nova requests Keystone to provide Quota for resources needed for VM launch<br/> | 4. Nova requests Keystone to provide Quota for resources needed for VM launch<br/> | ||
− | 5. If available amount of Quota is sufficient | + | 5. If available amount of Quota is sufficient, Keystone creates quota booking record<br/> |
− | 6. If available amount of Quota is | + | 6. If available amount of Quota is insufficient, Keystone returns “insufficient <quota_name>” error to Nova. END OF WORKFLOW.<br/> |
7. Nova API calls nova-compute via RPC to launch VM instance. <br/> | 7. Nova API calls nova-compute via RPC to launch VM instance. <br/> | ||
− | 8. When User shuts down a VM | + | 8. When User shuts down a VM, Nova requests Keystone to close quota booking from step 4a. END OF WORKFLOW.<br/> |
===REST API=== | ===REST API=== |
Revision as of 06:36, 12 July 2013
- Launchpad Entry: Store Quota Data
- Created: 04 July 2013
- Contributors: Dmitry Russkikh, Dmitry Stepanenko, Yehia Beyh, Glaucimar Aguiar , Tiago Martins, Akshat Kakkar Ulrich Schwickerath,
Contents
Introduction
TBD
Openstack Quotas
quotas | type | default values | description |
---|---|---|---|
nova.instances | reservable | 10 | number of instances allowed per project |
nova.cores | reservable | 20 | number of instance cores allowed per project |
nova.ram | reservable | 50*1024 | megabytes of instance ram allowed per project |
nova.floating_ips | reservable | 10 | number of floating ips allowed per project |
nova.fixed_ips | reservable | -1 | number of fixed ips allowed per project |
nova.metadata_items | absolute | 128 | number of metadata items allowed per instance |
nova.injected_files | absolute | 5 | number of injected files allowed |
nova.injected_files_content_bytes | absolute | 10*1024 | number of bytes allowed per injected file |
nova.injected_file_path_bytes | absolute | 255 | number of bytes allowed per injected file path |
nova.security_groups | reservable | 10 | number of security groups per project |
nova.security_groups_rules | countable | 20 | number of security rules per security group |
nova.key_pairs | countable | 100 | number of key pairs per user |
cinder.volumes | reservable | 10 | number of volumes allowed per project |
cinder.snapshots | reservable | 10 | number of volume snapshots allowed per project |
cinder.gigabytes | reservable | 1000 | number of volume gigabytes (snapshots are also included) per project |
quantum.network | countable | 10 | Number of networks allowed per tenant |
quantum.subnet | countable | 10 | Number of subnets allowed per tenant |
quantum.port | countable | 50 | number of ports allowed per tenant |
User Stories
TBD
Design
The proposed solution implies storing Quotas in Keystone.
Keystone API will get additional endpoint and set of operations to adjust Quotas for various resources for Users and Projects (and Domains). Keystone DB will be extended with appropriate fields to store Quota information. Other Openstack components will be requesting resource reservations via Keystone API. Each created reservation requires confirmation, otherwise it will be deleted after confirmation time.
Sample workflow: Launching VM instance
1. Client obtains token from the Keystone
2. Client sends request to Nova API to launch VM instance
3. Nova API verifies token in Keystone
4. Nova requests Keystone to provide Quota for resources needed for VM launch
5. If available amount of Quota is sufficient, Keystone creates quota booking record
6. If available amount of Quota is insufficient, Keystone returns “insufficient <quota_name>” error to Nova. END OF WORKFLOW.
7. Nova API calls nova-compute via RPC to launch VM instance.
8. When User shuts down a VM, Nova requests Keystone to close quota booking from step 4a. END OF WORKFLOW.
REST API
Get resource list.
GET v3/os-quotas/resources Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Response:
{ "resources": [ "nova.instances", "nova.cores", "nova.ram", "cinder.volumes" ] }
Create resource.
POST v3/os-quotas/resources Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Request:
{ "resource": { "name": "nova.instances", "default_value": 10 } }
Get resource.
GET v3/os-quotas/resources/[resource-id] Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Response:
{ "resource": { "name": "nova.instances", "default_value": 10 } }
Update resource.
PUT v3/os-quotas/resources/[resource-id] Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Request:
{ "resource": { "name": "nova.instances", "default_value": 10 } }
Response:
{ "resource": { "name": "nova.instances", "default_value": 10 } }
Delete resource.
DELETE v3/os-quotas/resources/[resource-id] Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Get quota list.
GET v3/os-quotas/[subject-type]/[subject-id]/quotas Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Response:
{ "quotas": [ { "id": "000-id-000", "resource-name": "nova.ram", "limit": 1024 }, { "id": "111-id-111", "resource-name": "nova.vcpu", "limit": 16 }, ] }
Create quota.
POST v3/os-quotas/[subject-type]/[subject-id]/quotas Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Request:
{ "quota": { "resource-name": "nova.ram", "limit": 1024 } }
Response:
{ "quota": { "resource-name": "nova.ram", "limit": 1024 } }
Get quota.
GET v3/os-quotas/[subject-type]/[subject-id]/quotas/[quota-id] Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Response:
{ "quota": { "resource-name": "nova.ram", "limit": 1024 } }
Update quota.
PUT v3/os-quotas/[subject-type]/[subject-id]/quotas/[quota-id] Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Request:
{ "quota": { "resource-name": "nova.ram", "limit": 1024 } }
Response:
{ "quota": { "id": "000-id-000", "resource-name": "nova.ram", "limit": 1024 } }
Delete quota.
DELETE v3/os-quotas/[subject-type]/[subject-id]/quotas/[quota-id] Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Create reservation.
POST v3/os-quotas/[subject-type]/[subject-id]/reservations Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Request:
{ "reservations": [ { "resource-name": "nova.ram", "amount": 1024 }, { "resource-name": "nova.vcpu", "amount": 1 } ] }
Response:
{ "reservations": [ { "id": "000-id-000", "resource-name": "nova.ram", "amount": 1024 }, { "id": "111-id-111", "resource-name": "nova.vcpu", "amount": 1 } ] }
Delete reservation.
DELETE v3/os-quotas/[subject-type]/[subject-id]/reservations Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Get reservation.
GET v3/os-quotas/[subject-type]/[subject-id]/reservations/[reservation-id] Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Response:
{ "reservation": { "id": "000-id-000", "resource-name": "nova.ram", "amount": 1024 } }
Get reservation list.
GET v3/os-quotas/[subject-type]/[subject-id]/reservations?filter=... Content-Type application/json Accept application/json
Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Response:
{ "reservations": [ { "id": "000-id-000", "resource-name": "nova.ram", "amount": 1024 }, { "id": "111-id-111", "resource-name": "nova.vcpu", "amount": 1 } ] }
Implementation
Information will be stored in new tables in keystone which are as shown below
'resources' table stores the information required for the resources.
'project_quotas' table stores quotas information for projects.
'user_quotas' table stores quotas information for users.
'project_reservations' stores the information about used by projects resources.
'user_reservations' stores the information about used by users resources.
Details of fields of various DB tables is mentioned below,
Resources Table
Column | Description |
---|---|
id | primary key |
name | name of the resource in the format <Service-Name>.<Resource Name>. For eg., nova.instances |
description | resource description |
Project_Quotas Table
Column | Description |
---|---|
id | primary key |
project_id | foreign key to projects table |
resource_id | foreign key to resources table |
limit | absolute quota limit |
User_Quotas Table
Column | Description |
---|---|
id | primary key |
user_id | foreign key to users table |
resource_id | foreign key to resources table |
limit | absolute quota limit |
Project_Reservations Table
Column | Description |
---|---|
id | primary key |
project_id | foreign key to projects table |
resource_id | foreign key to resources table |
delta | resource usage delta |
object_id | id of target object (VM instance, volume, image) |
expiration_time | time for confirmation waiting |
confirmed | confirmation flag |
User_Reservations Table
Column | Description |
---|---|
id | primary key |
user_id | foreign key to users table |
resource_id | foreign key to resources table |
delta | resource usage delta |
object_id | id of target object (VM instance, volume, image) |
expiration_time | time for confirmation waiting |
confirmed | confirmation flag |
Open Stack Quota References
This is a list of URLs of work on quotas within OpenStack.