Jump to: navigation, search

KeystoneCentralizedQuotaManagement

Revision as of 07:29, 11 July 2013 by Drusskikh (talk | contribs) (Implementation)

Introduction

TBD

Openstack Quotas

quotas type default values description
nova.instances reservable 10 number of instances allowed per project
nova.cores reservable 20 number of instance cores allowed per project
nova.ram reservable 50*1024 megabytes of instance ram allowed per project
nova.floating_ips reservable 10 number of floating ips allowed per project
nova.fixed_ips reservable -1 number of fixed ips allowed per project
nova.metadata_items absolute 128 number of metadata items allowed per instance
nova.injected_files absolute 5 number of injected files allowed
nova.injected_files_content_bytes absolute 10*1024 number of bytes allowed per injected file
nova.injected_file_path_bytes absolute 255 number of bytes allowed per injected file path
nova.security_groups reservable 10 number of security groups per project
nova.security_groups_rules countable 20 number of security rules per security group
nova.key_pairs countable 100 number of key pairs per user
cinder.volumes reservable 10 number of volumes allowed per project
cinder.snapshots reservable 10 number of volume snapshots allowed per project
cinder.gigabytes reservable 1000 number of volume gigabytes (snapshots are also included) per project
quantum.network countable 10 Number of networks allowed per tenant
quantum.subnet countable 10 Number of subnets allowed per tenant
quantum.port countable 50 number of ports allowed per tenant

User Stories

TBD

Design

Our proposal have 2 main blocks: one in keystone we are calling the Domain Quota Proxy (DQP), the other we are calling Domain Quota Driver (DQD). The DQP is responsible to give to user one point of domain quota management, so it acts as a proxy. The DQP is a set of extensions that can be improved to serve as a single point of management for other quotas. The DQD is a piece of code located in the quota module of Nova, Cinder and Quantum projects, and it's designed in the same fashion as the other drivers present in such module.


Domainquota.png

Quota modules need to be refactored to add DQD. Also we should extend the services REST API to provide domain quotas usage to Domain Quota Proxy. The DQP is designed to be implemented as a discrete extension and not included in the default pipeline of Keystone. The Domain Quota Driver design is similar to the current quota driver from quota.py module, given the possibility to the user to option to use it or not; they will be responsible to enforce all quotas listed in the table above in the context of domains.

REST API

Get resource list.

GET v3/os-quotas/resources
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Response:

{
    "resources": [
        "nova.instances",
        "nova.cores",
        "nova.ram",
        "cinder.volumes"
    ]
}


Create resource.

POST v3/os-quotas/resources
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Request:

{
    "resource": {
        "name": "nova.instances",
        "default_value": 10
    }
}


Get resource.

GET v3/os-quotas/resources/[resource-id]
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Response:

{
    "resource": {
        "name": "nova.instances",
        "default_value": 10
    }
}


Update resource.

PUT v3/os-quotas/resources/[resource-id]
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Request:

{
    "resource": {
        "name": "nova.instances",
        "default_value": 10
    }
}

Response:

{
    "resource": {
        "name": "nova.instances",
        "default_value": 10
    }
}


Delete resource.

DELETE v3/os-quotas/resources/[resource-id]
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)


Get quota list.

GET v3/os-quotas/[subject-type]/[subject-id]/quotas
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Response:

{
    "quotas": [
        {
            "id": "000-id-000",
            "resource-name": "nova.ram",
            "limit": 1024
        },
        {
            "id": "111-id-111",
            "resource-name": "nova.vcpu",
            "limit": 16
        },
    ]
}


Create quota.

POST v3/os-quotas/[subject-type]/[subject-id]/quotas
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Request:

{
    "quota": {
        "resource-name": "nova.ram",
        "limit": 1024
    }
}

Response:

{
    "quota": {
        "resource-name": "nova.ram",
        "limit": 1024
    }
}


Get quota.

GET v3/os-quotas/[subject-type]/[subject-id]/quotas/[quota-id]
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Response:

{
    "quota": {
        "resource-name": "nova.ram",
        "limit": 1024
    }
}

Update quota.

PUT v3/os-quotas/[subject-type]/[subject-id]/quotas/[quota-id]
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Request:

{
    "quota": {
        "resource-name": "nova.ram",
        "limit": 1024
    }
}

Response:

{
    "quota": {
        "id": "000-id-000",
        "resource-name": "nova.ram",
        "limit": 1024
    }
}


Delete quota.

DELETE v3/os-quotas/[subject-type]/[subject-id]/quotas/[quota-id]
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)


Create reservation.

POST v3/os-quotas/[subject-type]/[subject-id]/reservations
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401)
Request:

{
    "reservations": [
        {
            "resource-name": "nova.ram",
            "amount": 1024
        },
        {
            "resource-name": "nova.vcpu",
            "amount": 1
        }
    ]
}

Response:

{
    "reservations": [
        {
            "id": "000-id-000",
            "resource-name": "nova.ram",
            "amount": 1024
        },
        {
            "id": "111-id-111",
            "resource-name": "nova.vcpu",
            "amount": 1
        }
    ]
}


Delete reservation.

DELETE v3/os-quotas/[subject-type]/[subject-id]/reservations
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)


Get reservation.

GET v3/os-quotas/[subject-type]/[subject-id]/reservations/[reservation-id]
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401), Not Found (404)
Response:

{
    "reservation": {
        "id": "000-id-000",
        "resource-name": "nova.ram",
        "amount": 1024
    }
}

Get reservation list.

GET v3/os-quotas/[subject-type]/[subject-id]/reservations?filter=...
Content-Type application/json
Accept application/json

Normal Response Code: 200
Error Response Codes: Unauthorized (401)

Response:

{
    "reservations": [
        {
            "id": "000-id-000",
            "resource-name": "nova.ram",
            "amount": 1024
        },
        {
            "id": "111-id-111",
            "resource-name": "nova.vcpu",
            "amount": 1
        }
    ]
}

Implementation


Information will be stored in new tables in keystone which are as shown below 


'resources' table stores the information required for the resources. 'project_quotas' table stores quotas information for projects. 'user_quotas' table stores quotas information for users. 'project_reservations' stores the information about used by projects resources. 'user_reservations' stores the information about used by users resources.

Details of fields of various DB tables is mentioned below,

Resources Table

Column Description
id primary key
name name of the resource in the format <Service-Name>.<Resource Name>. For eg., nova.instances
description resource description

Project_Quotas Table

Column Description
id primary key
project_id foreign key to projects table
resource_id foreign key to resources table
limit absolute quota limit

User_Quotas Table

Column Description
id primary key
user_id foreign key to users table
resource_id foreign key to resources table
limit absolute quota limit

Project_Reservations Table

Column Description
id primary key
project_id foreign key to projects table
resource_id foreign key to resources table
delta resource usage delta
object_id object id
expiration_time expiration time

User_Reservations Table

Column Description
id primary key
user_id foreign key to users table
resource_id foreign key to resources table
delta resource usage delta
object_id object id
expiration_time expiration time


For history tracking, updates done in table <table-name> (orange heading) will be stored in the corresponding history table h_<table-name> (blue heading). For eg., 'h_quotas' table will be used for keeping track of updates done in the table 'quotas'.

For Domain Quota Driver, the information will be stored in new tables in services which are as shown below 
DB Tables Domain Quota Driver.png
Columns of 'domain_quotas' table are similar to columns of 'quotas' table in keystone mentioned above. It will be used to store only domain quotas, as there are other tables already present to store other quotas. This can be used in future to store all types of quotas in a single table. 'resource_id' is a foreign key to already existing resource table in corresponding service.

Open Stack Quota References

This is a list of URLs of work on quotas within OpenStack.

Topic URI Notes
Per-user quotas support https://blueprints.launchpad.net/nova/+spec/per-user-quotas Blocked to be re-introduced in Grizzly
Stores Quotas centrally in Keystone http://wiki.openstack.org/KeystoneStoreQuotaData
Quantum Quotas http://docs.openstack.org/api/openstack-network/2.0/content/List_Quotas.html
Swift Quotas https://blueprints.launchpad.net/swift/+spec/storage-quotas Implementation status unknown
Quota Project: An effective way to manage the usage of your Swift-based storage cloud http://www.zmanda.com/blogs/?cat=22
Update Limits and Quotas to Key On volume_type https://blueprints.launchpad.net/cinder/+spec/quotas-limits-by-voltype Not started, grizzly-3 target
Demystifying OpenStack Folsom Quotas http://ops.anthonygoddard.com/OpenStack/demystifying-openstack-folsom-quotas/ Explains Cinder/Nova quota separation
per-user quotas support https://blueprints.launchpad.net/nova/+spec/per-user-quotas Blocked by bug https://bugs.launchpad.net/nova/+bug/1034384. It will be re-introduced into Grizzly