RFE: Adopt Keystone unified limits as quota driver for Neutron
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Wishlist
|
Unassigned |
Bug Description
Keystone has the ability to store and relay project specific limits (see [1]). The API (see [2]) provides a way for the admin to create limits for each project for the resources.
The feature is considered ready and even the API (via oslo_limts) can be changed as more and more projects adopt it and based on user feedback.
For how to use unified limits and adopt in a project a nice guideline is under [3].
Currently Nova (see [4]) and Glance (see [5]) partly implemented the usage of unified limits. It is still experimental.
Cinder checked this option but decided to wait till unified limits is more mature (see [7])
Pros (as I see):
* Common Openstack wide API for admins to define Limits for projects.
* Long term support for other enforcement models like hierarchies (as I see it is still not supported in oslo_limits, see [8]).
* No isse if project is deleted and resource are left as with internal quota systems.
Cons (as I see):
* Keystone as bottleneck, for all operation an API req is needed (there is some cache in oslo_limit)
* How we can solve the concurency issue, it is now not a db_lock but we have to be sure that on the API level we handle concurrent resource usages.
* all resources must be first registered on Keystone API, otherwise the quota check/enforcement will fail.
* it is not yet ready (see the big warning on top of [1].
* I would keep it only as one of the Quota drivers which can be selected at deployment time. Note that you can't jump between the legacy and unified limits solution.
A spec is needed for this (see Nova and Glance examples, [9] & [10].
[1]: https:/
[2]: https:/
[3]: https:/
[4]: https:/
[5]: https:/
[6]: https:/
[7]: https:/
[8]: https:/
[9]: https:/
[10]: https:/
description: | updated |
Changed in neutron: | |
importance: | Undecided → Wishlist |
We discussed this topic during the PTG, and decided to wait with this till it become more mature, see the log in etherpad: /etherpad. opendev. org/p/neutron- antelope- ptg#L186
https:/