openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #08842
Re: Quota classes
On 03/19/2012 10:42 AM, Mark Washenberger wrote:
>> Out of curiosity, why prefer keystone for centrally managing quota groups rather than an admin api in nova? From my perspective, a nova admin api would save a data migration and preserve nova-manage backwards compatibility.
>Because more services than Nova can/should have Quotas/limits. Glance would like to piggy back on some common quota code if possible, instead of inventing something new :)
And more than one Nova instance can be using the same central user management system. For example if I have a number of separate Nova instances I'd like to not have to manage the quota settings for a user separately in each one.
>> Also, since quota clearly isn't an auth-n thing, is keystone way more auth-z than I realized?
>RBAC and other functionality planned for Keystone is all about auth-z.
>But, that said, I would not be opposed to having the quota/limits stuff outside of Keystone. I think Kevin's Turnstile is a pretty good solution that offers middleware that does distributed ratelimiting in a flexible architecture and has some nice advantages over the Swift ratelimit middleware, including having a control thread that allows admins to reconfigure the ratelimit middleware without restarting the service that houses the middleware -- just send a
message to the control daemon's pubsub channel...
I agree it doesn't have to Keystone - what I meant was that it should be possible to have a system outside of Nova manage these per-user settings, given that with Keystone users/projects are in effect foreign keys to entities who's life cycle is manages elsewhere.
Phil
> "Day, Phil"<philip.day@xxxxxx> said:
>
>> +1
>>
>> And make the whole combine quota/limits module pluggable - so that
>> all of these "per-user" configuration items can be managed in a
>> central system (e.g keystone)
>>
>> -----Original Message-----
>> From: openstack-bounces+philip.day=hp.com@xxxxxxxxxxxxxxxxxxx
>> [mailto:openstack-bounces+philip.day=hp.com@xxxxxxxxxxxxxxxxxxx] On
>> Behalf Of Jay Pipes
>> Sent: 17 March 2012 16:25
>> To: openstack@xxxxxxxxxxxxxxxxxxx
>> Subject: Re: [Openstack] Quota classes
>>
>> On 03/16/2012 07:02 PM, Jesse Andrews wrote:
>>> There is the concept of "limits" that are very similar. Should we
>>> align quotas& limits?
>>
>> Oh, yes please! :)
>>
>> And make it configurable via a REST API, since editing config files
>> ain't the most admin-friendly thang ;)
>>
>> /me waits for Jorge to bring up Repose...
>>
>> best,
>> -jay
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
References