From 281ed567278fbe3a343782de4046532ed0265974 Mon Sep 17 00:00:00 2001 From: Yosef Hoffman Date: Wed, 17 Aug 2016 11:55:10 -0400 Subject: [PATCH] New Resource Type OS::Nova::Quota This creates new resource type whose intended use case is for admin-only use and specifically to manage the Compute service quota. This would be an enhancement to avoid manual, post- deployment modifications of the project's (and user's) Compute service quota. This will enable the admin to fully orchestrate the project by using heat without the need to make manual updates afterwards. Change-Id: I78cb376d60a826d21c3bad9657bda11dcc51c3f1 --- specs/ocata/nova-quota-resource.rst | 234 ++++++++++++++++++++++++++++ 1 file changed, 234 insertions(+) create mode 100644 specs/ocata/nova-quota-resource.rst diff --git a/specs/ocata/nova-quota-resource.rst b/specs/ocata/nova-quota-resource.rst new file mode 100644 index 00000000..62632945 --- /dev/null +++ b/specs/ocata/nova-quota-resource.rst @@ -0,0 +1,234 @@ +.. + This work is licensed under a Creative Commons Attribution 3.0 Unported + License. + + http://creativecommons.org/licenses/by/3.0/legalcode + +.. + This template should be in ReSTructured text. The filename in the git + repository should match the launchpad URL, for example a URL of + https://blueprints.launchpad.net/heat/+spec/awesome-thing should be named + awesome-thing.rst . Please do not delete any of the sections in this + template. If you have nothing to say for a whole section, just write: None + For help with syntax, see http://sphinx-doc.org/rest.html + To test out your formatting, see http://www.tele3.cz/jbar/rest/rest.html + +============================ +New Nova Quota Resource Type +============================ + +https://blueprints.launchpad.net/heat/+spec/nova-quota-resource + +An administrator would like to have the ability to specify a project's nova +quota and a project user's nova quota in a HOT template. This blueprint +proposes to create a new heat resource type for nova quotas. + +Problem description +=================== + +Today, an administrator can create a new keystone project using heat +using a template similar to this: + +.. code-block:: yaml + + resources: + test_role: + type: OS::Keystone::Role + properties: + name: test_role + + test_project: + type: OS::Keystone::Project + properties: + name: test_project + enabled: True + + test_user: + type: OS::Keystone::User + properties: + name: test_user + domain: default + default_project: {get_resource: test_project} + roles: + - role: {get_resource: test_role} + domain: default + - role: {get_resource: test_role} + project: {get_resource: test_project} + + +However, to specify the nova quota associated with the project, the +administrator would need to execute post-orchestration something similar to: + +.. code-block:: bash + + $ os quota set --cores 5 --ram 51200 + $ nova quota-update --user --floating-ips 20 + +Use Cases +--------- + +For an Openstack admin, it would be ideal to be able to manage projects +holistically, using templates that will define the project, the users to +project membership and the allocated quotas of projects and users. + +Proposed change +=============== + +This blueprint proposes to add a new resource type ``OS::Nova::Quota`` +to heat to address the problem described. A sample ``OS::Nova::Quota`` +template: + +.. code-block:: yaml + + resources: + nova_user_quota: + type: OS::Nova::Quota + properties: + project: {get_param: project} + user: {get_param: user} + cores: 5 + fixed_ips: 5 + floating_ips: 5 + instances: 5 + injected_files: 5 + injected_file_content_bytes: 5 + injected_file_path_bytes: 5 + key_pairs: 5 + metadata_items: 5 + ram: 5 + security_groups: 5 + security_group_rules: 5 + server_groups: 5 + server_group_members: 5 + + outputs: + nova_user_quota_id: + value: {get_resource: nova_user_quota} + +**Properties**: + +* project: + - **required**: True + - **type**: String + - **description**: OpenStack keystone project + - **constraints**: Must be a valid keystone project +* user: + - **type**: String + - **description**: OpenStack keystone user + - **constraints**: Must be a valid keystone user +* cores: + - **type**: Integer + - **description**: Quota for the number of cores + - **constraints**: Range minimum is -1 +* fixed_ips: + - **type**: Integer + - **description**: Quota for the number of fixed IPs + - **constraints**: Range minimum is -1 +* floating_ips: + - **type**: Integer + - **description**: Quota for the number of floating IPs + - **constraints**: Range minimum is -1 +* instances: + - **type**: Integer + - **description**: Quota for the number of instances + - **constraints**: Range minimum is -1 +* injected_files: + - **type**: Integer + - **description**: Quota for the number of injected files + - **constraints**: Range minimum is -1 +* injected_file_content_bytes: + - **type**: Integer + - **description**: Quota for the number of injected file content bytes + - **constraints**: Range minimum is -1 +* injected_file_path_bytes: + - **type**: Integer + - **description**: Quota for the number of injected file path bytes + - **constraints**: Range minimum is -1 +* key_pairs: + - **type**: Integer + - **description**: Quota for the number of key pairs + - **constraints**: Range minimum is -1 +* metadata_items: + - **type**: Integer + - **description**: Quota for the number of metadata items + - **constraints**: Range minimum is -1 +* ram: + - **type**: Integer + - **description**: Quota for the amount of ram (in megabytes) + - **constraints**: Range minimum is -1 +* security_groups: + - **type**: Integer + - **description**: Quota for the number of security groups + - **constraints**: Range minimum is -1 +* security_group_rules: + - **type**: Integer + - **description**: Quota for the number of security group rules + - **constraints**: Range minimum is -1 +* server_groups: + - **type**: Integer + - **description**: Quota for the number of server groups + - **constraints**: Range minimum is -1 +* server_group_members: + - **type**: Integer + - **description**: Quota for the number of server group members + - **constraints**: Range minimum is -1 + +If a user is provided, then the user's quota for that project will be +updated. Otherwise, the project's quota will be updated. + +A default policy rule will be added for this resource to be limited to +administrators. + +.. code-block:: json + + "resource_types:OS::Nova::Quota": "rule:project_admin" + +This Quota Resource will handle create, update, and delete. For handling +create and update, the resource will call the Nova client's quota-set update +method, since there is no quota create call. For the handling delete, the +Resource will call the Nova client's quota delete method. This will reset the +quota to the default value. Note that creating multiple resources and deleting +one will reset the quota even though other resources still exist. + +Alternatives +------------ + +The administrator or the operator can change a project's default quota manually +post project orchestration. + +The OS::Keystone::Project can contain an optional Quota property. However, +the addition seems out of Keystone's scope, since Keystone has no concept of +quotas. + +Implementation +============== + +Assignee(s) +----------- + +Primary assignee: + +* Yosef Hoffman - yohoffman + +Additional assignees: + +* Julian Sy - syjulian +* Andy Hsiang - yh418t + +Milestones +---------- + +Target Milestone for completion: + ocata-1 + +Work Items +---------- + +* Implement new resource type OS::Nova::Quota +* Implement appropriate unit and functional tests + +Dependencies +============ + +None +