[openstack-dev] Hierarchical quotas at the PTG?

Boris Bobrov bbobrov at mirantis.com
Sun Feb 12 11:13:01 UTC 2017

I would like to talk about it too.

On 02/10/2017 11:56 PM, Matt Riedemann wrote:
> Operators want hierarchical quotas [1]. Nova doesn't have them yet and
> we've been hesitant to invest scarce developer resources in them since
> we've heard that the implementation for hierarchical quotas in Cinder
> has some issues. But it's unclear to some (at least me) what those
> issues are.

I don't know what the actual issue is, but from from keystone POV
the issue is that it basically replicates project tree that is stored
in keystone. On top of usual replication issues, there is another one --
it requires too many permissions. Basically, it requires service user
to be cloud admin.

> Has anyone already planned on talking about hierarchical quotas at the
> PTG, like the architecture work group?
> I know there was a bunch of razzle dazzle before the Austin summit about
> quotas, but I have no idea what any of that led to. Is there still a
> group working on that and can provide some guidance here?

In my opinion, projects should not re-implements quotas every time.
I would like to have a common library for enforcing quotas (usages)
and a service for storing quotas (limits). We should also think of a
way to transfer necessary projects subtree from keystone to quota

We could store quota limits in keystone and distribute it in token
body, for example. Here is a POC that we did some time ago --
https://review.openstack.org/#/c/403588/ and
But it still has the issue with permissions.

> [1]
> http://lists.openstack.org/pipermail/openstack-operators/2017-January/012450.html

More information about the OpenStack-dev mailing list