| Thread Previous • Date Previous • Date Next • Thread Next |
On 03/19/2012 10:42 AM, Mark Washenberger wrote: >> Out of curiosity, why prefer keystone for centrally managing quota groups rather than an admin api in nova? From my perspective, a nova admin api would save a data migration and preserve nova-manage backwards compatibility. >Because more services than Nova can/should have Quotas/limits. Glance would like to piggy back on some common quota code if possible, instead of inventing something new :) And more than one Nova instance can be using the same central user management system. For example if I have a number of separate Nova instances I'd like to not have to manage the quota settings for a user separately in each one. >> Also, since quota clearly isn't an auth-n thing, is keystone way more auth-z than I realized? >RBAC and other functionality planned for Keystone is all about auth-z. >But, that said, I would not be opposed to having the quota/limits stuff outside of Keystone. I think Kevin's Turnstile is a pretty good solution that offers middleware that does distributed ratelimiting in a flexible architecture and has some nice advantages over the Swift ratelimit middleware, including having a control thread that allows admins to reconfigure the ratelimit middleware without restarting the service that houses the middleware -- just send a message to the control daemon's pubsub channel... I agree it doesn't have to Keystone - what I meant was that it should be possible to have a system outside of Nova manage these per-user settings, given that with Keystone users/projects are in effect foreign keys to entities who's life cycle is manages elsewhere. Phil > "Day, Phil"<philip.day@xxxxxx> said: > >> +1 >> >> And make the whole combine quota/limits module pluggable - so that >> all of these "per-user" configuration items can be managed in a >> central system (e.g keystone) >> >> -----Original Message----- >> From: openstack-bounces+philip.day=hp.com@xxxxxxxxxxxxxxxxxxx >> [mailto:openstack-bounces+philip.day=hp.com@xxxxxxxxxxxxxxxxxxx] On >> Behalf Of Jay Pipes >> Sent: 17 March 2012 16:25 >> To: openstack@xxxxxxxxxxxxxxxxxxx >> Subject: Re: [Openstack] Quota classes >> >> On 03/16/2012 07:02 PM, Jesse Andrews wrote: >>> There is the concept of "limits" that are very similar. Should we >>> align quotas& limits? >> >> Oh, yes please! :) >> >> And make it configurable via a REST API, since editing config files >> ain't the most admin-friendly thang ;) >> >> /me waits for Jorge to bring up Repose... >> >> best, >> -jay >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@xxxxxxxxxxxxxxxxxxx >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@xxxxxxxxxxxxxxxxxxx >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@xxxxxxxxxxxxxxxxxxx > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@xxxxxxxxxxxxxxxxxxx Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
| Thread Previous • Date Previous • Date Next • Thread Next |
