neutron

RFE: Adopt Keystone unified limits as quota driver for Neutron

Bug #1993288 reported by Lajos Katona on 2022-10-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	New	Wishlist	Unassigned

Bug Description

Keystone has the ability to store and relay project specific limits (see [1]). The API (see [2]) provides a way for the admin to create limits for each project for the resources.
The feature is considered ready and even the API (via oslo_limts) can be changed as more and more projects adopt it and based on user feedback.

For how to use unified limits and adopt in a project a nice guideline is under [3].

Currently Nova (see [4]) and Glance (see [5]) partly implemented the usage of unified limits. It is still experimental.

Cinder checked this option but decided to wait till unified limits is more mature (see [7])

Pros (as I see):
* Common Openstack wide API for admins to define Limits for projects.
* Long term support for other enforcement models like hierarchies (as I see it is still not supported in oslo_limits, see [8]).
* No isse if project is deleted and resource are left as with internal quota systems.

Cons (as I see):
* Keystone as bottleneck, for all operation an API req is needed (there is some cache in oslo_limit)
* How we can solve the concurency issue, it is now not a db_lock but we have to be sure that on the API level we handle concurrent resource usages.
* all resources must be first registered on Keystone API, otherwise the quota check/enforcement will fail.
* it is not yet ready (see the big warning on top of [1].
* I would keep it only as one of the Quota drivers which can be selected at deployment time. Note that you can't jump between the legacy and unified limits solution.

A spec is needed for this (see Nova and Glance examples, [9] & [10].

[1]: https://docs.openstack.org/keystone/latest/admin/unified-limits.html
[2]: https://docs.openstack.org/api-ref/identity/v3/#unified-limits
[3]: https://docs.openstack.org/project-team-guide/technical-guides/unified-limits.html
[4]: https://review.opendev.org/q/topic:bp%252Funified-limits-nova
[5]: https://review.opendev.org/q/topic:bp%252Fglance-unified-quotas
[6]: https://docs.openstack.org/keystone/latest/admin/unified-limits.html#strict-two-level
[7]: https://specs.openstack.org/openstack/cinder-specs/specs/zed/quota-system.html#unified-limits
[8]: https://opendev.org/openstack/oslo.limit/src/branch/master/oslo_limit/limit.py#L223-L240
[9]: https://specs.openstack.org/openstack/nova-specs/specs/yoga/implemented/unified-limits-nova.html
[10]: https://specs.openstack.org/openstack/glance-specs/specs/xena/approved/glance/glance-unified-quotas.html

See original description

Tags:

Lajos Katona (lajos-katona) on 2022-10-18

description:

updated

Oleg Bondarev (obondarev) on 2022-10-18

Changed in neutron:
importance:	Undecided → Wishlist

Revision history for this message

Lajos Katona (lajos-katona) wrote on 2022-10-21:

We discussed this topic during the PTG, and decided to wait with this till it become more mature, see the log in etherpad:
https://etherpad.opendev.org/p/neutron-antelope-ptg#L186

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.