<html dir="ltr">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>

</head>

<body ocsi="0" fpstyle="1" class="" style="word-wrap:break-word">

<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Yeah, as an op, I've run into a few things that need quota's that just have basically hardcoded values. heat stacks for example. its a single global in /etc/heat/heat.conf:max_stacks_per_tenant=100.

 Instead of being able to tweak it for just our one project that legitimately has to create over 200 stacks, I had to set it cloud wide and I had to bounce services to do it. Please don't do that.<br>

<br>

Ideally, it would be nice if the quota stuff could be pulled out into its own shared lib  (oslo?) and shared amongst projects so that they don't have to spend much effort implementing quota's. Maybe then things that need quota's that don't currently can more

 easily get them.<br>

<br>

Thanks,<br>

Kevin<br>

<br>

<div style="font-family: Times New Roman; color: #000000; font-size: 16px">

<hr tabindex="-1">

<div style="direction: ltr;" id="divRpF764434"><font face="Tahoma" size="2" color="#000000"><b>From:</b> Adrian Otto [adrian.otto@rackspace.com]<br>

<b>Sent:</b> Wednesday, December 16, 2015 2:48 PM<br>

<b>To:</b> James Bottomley<br>

<b>Cc:</b> OpenStack Development Mailing List (not for usage questions)<br>

<b>Subject:</b> Re: [openstack-dev] [openstack][magnum] Quota for Magnum Resources<br>

</font><br>

</div>

<div></div>

<div><br class="">

<div>

<blockquote type="cite" class="">

<div class="">On Dec 16, 2015, at 2:25 PM, James Bottomley <<a href="mailto:James.Bottomley@HansenPartnership.com" class="" target="_blank">James.Bottomley@HansenPartnership.com</a>> wrote:</div>

<br class="Apple-interchange-newline">

<div class=""><span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">On

 Wed, 2015-12-16 at 20:35 +0000, Adrian Otto wrote:</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<blockquote type="cite" class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

Clint,<br class="">

<br class="">

<blockquote type="cite" class="">On Dec 16, 2015, at 11:56 AM, Tim Bell <<a href="mailto:tim.bell@cern.ch" class="" target="_blank">tim.bell@cern.ch</a>> wrote:<br class="">

<br class="">

<blockquote type="cite" class="">-----Original Message-----<br class="">

From: Clint Byrum [<a href="mailto:clint@fewbar.com" class="" target="_blank">mailto:clint@fewbar.com</a>]<br class="">

Sent: 15 December 2015 22:40<br class="">

To: openstack-dev <<a href="mailto:openstack-dev@lists.openstack.org" class="" target="_blank">openstack-dev@lists.openstack.org</a>><br class="">

Subject: Re: [openstack-dev] [openstack][magnum] Quota for Magnum<br class="">

Resources<br class="">

<br class="">

Hi! Can I offer a counter point?<br class="">

<br class="">

Quotas are for _real_ resources.<br class="">

</blockquote>

</blockquote>

<br class="">

No. Beyond billable resources, quotas are a mechanism for limiting<span class="Apple-converted-space"> </span><br class="">

abusive use patterns from hostile users.<br class="">

</blockquote>

<br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">Actually,

 I believe this is the wrong way to look at it.  You're</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">confusing

 policy and mechanism.  Quotas are policy on resources.  The</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">mechanisms

 by which you implement quotas can also be used to limit</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">abuse

 by hostile users, but that doesn't mean that this limitation</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">should

 be part of the quota policy.</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

</div>

</blockquote>

<div><br class="">

</div>

I’m not convinced. Cloud operators already use quotas as a mechanism for limiting abuse (intentional or accidental). They can be configured with a system wide default, and can be set to a different value on a per-tenant basis. It would be silly to have a second

 mechanism for doing the same thing we already use quotas for. Quotas/limits can also be queried by a user so they can determine why they are getting a 4XX Rate Limit responses when they try to act on resources too rapidly.</div>

<div><br class="">

</div>

<div>The idea of hard coding system wide limits into the system is making my stomach turn. If you wanted to change the limit you’d need to edit the production system’s configuration, and restart the API services. Yuck! That’s why we put quotas/limits into OpenStack

 to begin with, so that we had a sensible, visible, account-level configurable place to configure limits.</div>

<div><br class="">

</div>

<div>Adrian</div>

<div><br class="">

<blockquote type="cite" class="">

<div class=""><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">For

 instance, in Linux, the memory limit policy is implemented by the</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">memgc.

  The user usually sees a single figure for "memory" but inside</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">the

 cgroup, that memory is split into user and kernel.  Kernel memory</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">limiting

 prevents things like fork bombs because you run out of your</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">kernel

 memory limit creating task structures before you can bring down</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">the

 host system.  However, we don't usually expose the kernel/user</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">split

 or the fact that the kmem limit mechanism can prevent fork and</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">inode

 bombs.</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">James</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

<blockquote type="cite" class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">

The rate at which Bays are created, and how many of them you can<br class="">

have in total are important limits to put in the hands of cloud<br class="">

operators. Each Bay contains a keypair, which takes resources to<br class="">

generate and securely distribute. Updates to and Deletion of bays<br class="">

causes a storm of activity in Heat, and even more activity in Nova.<br class="">

Cloud operators should have the ability to control the rate of<br class="">

activity by enforcing rate controls on Magnum resources before they<br class="">

become problematic further down in the control plane. Admission<br class="">

controls are best managed at the entrance to a system, not at the<br class="">

core.</blockquote>

</div>

</blockquote>

</div>

<br class="">

</div>

</div>

</div>

</body>

</html>