Nested quotas

Nested quotas

Nested quota is a change in how OpenStack services (such as Block Storage and Compute) handle their quota resources by being hierarchy-aware. The main reason for this change is to fully appreciate the hierarchical multi-tenancy concept, which was introduced in keystone in the Kilo release.

Once you have a project hierarchy created in keystone, nested quotas let you define how much of a project’s quota you want to give to its subprojects. In that way, hierarchical projects can have hierarchical quotas (also known as nested quotas).

Projects and subprojects have similar behaviors, but they differ from each other when it comes to default quota values. The default quota value for resources in a subproject is 0, so that when a subproject is created it will not consume all of its parent’s quota.

In order to keep track of how much of each quota was allocated to a subproject, a column allocated was added to the quotas table. This column is updated after every delete and update quota operation.

This example shows you how to use nested quotas.

Note

Assume that you have created a project hierarchy in keystone, such as follows:

+-----------+
|           |
|     A     |
|    / \    |
|   B   C   |
|  /        |
| D         |
+-----------+

Getting default quotas

  1. Get the quota for root projects.

    Use the cinder quota-show command and specify:

    • The TENANT_ID of the relevant project. In this case, the id of project A.

      $ cinder quota-show TENANT_ID
      +-----------------------+-------+
      |        Property       | Value |
      +-----------------------+-------+
      |    backup_gigabytes   |  1000 |
      |        backups        |   10  |
      |       gigabytes       |  1000 |
      | gigabytes_lvmdriver-1 |   -1  |
      |  per_volume_gigabytes |   -1  |
      |       snapshots       |   10  |
      | snapshots_lvmdriver-1 |   -1  |
      |        volumes        |   10  |
      |  volumes_lvmdriver-1  |   -1  |
      +-----------------------+-------+
      

      Note

      This command returns the default values for resources. This is because the quotas for this project were not explicitly set.

  2. Get the quota for subprojects.

    In this case, use the same quota-show command and specify:

    • The TENANT_ID of the relevant project. In this case the id of project B, which is a child of A.

      $ cinder quota-show TENANT_ID
      +-----------------------+-------+
      |        Property       | Value |
      +-----------------------+-------+
      |    backup_gigabytes   |   0   |
      |        backups        |   0   |
      |       gigabytes       |   0   |
      | gigabytes_lvmdriver-1 |   0   |
      |  per_volume_gigabytes |   0   |
      |       snapshots       |   0   |
      | snapshots_lvmdriver-1 |   0   |
      |        volumes        |   0   |
      |  volumes_lvmdriver-1  |   0   |
      +-----------------------+-------+
      

      Note

      In this case, 0 was the value returned as the quota for all the resources. This is because project B is a subproject of A, thus, the default quota value is 0, so that it will not consume all the quota of its parent project.

Setting the quotas for subprojects

Now that the projects were created, assume that the admin of project B wants to use it. First of all, you need to set the quota limit of the project, because as a subproject it does not have quotas allocated by default.

In this example, when all of the parent project is allocated to its subprojects the user will not be able to create more resources in the parent project.

  1. Update the quota of B.

    Use the quota-update command and specify:

    • The TENANT_ID of the relevant project. In this case the id of project B.

    • The --volumes option, followed by the number to which you wish to increase the volumes quota.

      $ cinder quota-update TENANT_ID --volumes 10
      +-----------------------+-------+
      |        Property       | Value |
      +-----------------------+-------+
      |    backup_gigabytes   |   0   |
      |        backups        |   0   |
      |       gigabytes       |   0   |
      | gigabytes_lvmdriver-1 |   0   |
      |  per_volume_gigabytes |   0   |
      |       snapshots       |   0   |
      | snapshots_lvmdriver-1 |   0   |
      |        volumes        |   10  |
      |  volumes_lvmdriver-1  |   0   |
      +-----------------------+-------+
      

      Note

      The volumes resource quota is updated.

  2. Try to create a volume in project A.

    Use the create command and specify:

    • The SIZE of the volume that will be created;

    • The NAME of the volume.

      $ cinder create --size SIZE NAME
      VolumeLimitExceeded: Maximum number of volumes allowed (10) exceeded for quota 'volumes'. (HTTP 413) (Request-ID: req-f6f7cc89-998e-4a82-803d-c73c8ee2016c)
      

      Note

      As the entirety of project A’s volumes quota has been assigned to project B, it is treated as if all of the quota has been used. This is true even when project B has not created any volumes.

See cinder nested quota spec and hierarchical multi-tenancy spec for details.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.