Nested Quota for Magnum resources
OpenStack is moving towards support for hierarchical ownership of projects. In this regard, the Keystone will change the organizational structure of Openstack, creating nested projects.
The proposal is to add nested quota support regarding the same in Magnum.
Blueprint information
- Status:
- Started
- Approver:
- Adrian Otto
- Priority:
- Undefined
- Drafter:
- Vilobh Meshram
- Direction:
- Approved
- Assignee:
- Vilobh Meshram
- Definition:
- New
- Series goal:
- None
- Implementation:
- Blocked
- Milestone target:
- None
- Started by
- Spyros Trigazis
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Please elaborate more about what quotas we will offer. For example:
Limit total bay creates allowed, and bay creations per hour, minute, second?
Limit rate of resource deletion?
Limit rate of bay updates?
Limit total number of baymodels?
Note that any limits on container creation can be effectively bypassed by using the native API for the bay. Any such limits would only apply to containers created through the magnum API. For example, if I create a Docker Swarm bay, regardless what limits are in OpenStack, I can use the native Docker API in the bay to create containers in that bay that OpenStack does not know about. This is fine, as long as cloud operators do not expect to use limits as a way to control a unit of measure for billing purposes. Say I have a certain fee that allows you to create 100 containers, and expect to enforce that limit using a quota. If they never use the Magnum API to create containers, and simply use the native Docker API, they can create an unlimited number of containers, until resources on the bay hosts are exhausted. For that reason, it might make sense not to have a total container limit on an account, and only limit the rate at which containers can be added through the OpenStack API as a way to prevent DoS use patterns against the shared control plane. --adrian_otto
ML : Where we are discussing Magnum Quotas and Magnum Nested Quotas
http://
(hongbin) Defer to a future release. The contributor told me that he won't be available to work on this in the near future.