Statistics
| Branch: | Tag: | Revision:

root / docs / design / resource-pool-projects.rst @ 111adca0

History | View | Annotate | Download (16.9 kB)

1 f68199bd Giorgos Korfiatis
Resource-pool projects
2 f68199bd Giorgos Korfiatis
^^^^^^^^^^^^^^^^^^^^^^
3 f68199bd Giorgos Korfiatis
4 f68199bd Giorgos Korfiatis
This document describes the current state of the quota and projects system,
5 f68199bd Giorgos Korfiatis
and proposes a new design for projects that would function as resource
6 f68199bd Giorgos Korfiatis
pools. It sketches implementation details and migration concerns.
7 f68199bd Giorgos Korfiatis
8 f68199bd Giorgos Korfiatis
Current state and shortcomings
9 f68199bd Giorgos Korfiatis
==============================
10 f68199bd Giorgos Korfiatis
11 f68199bd Giorgos Korfiatis
Each Synnefo user is granted quota for several resources. These quota
12 f68199bd Giorgos Korfiatis
originate from two different sources: the system and projects. By default
13 f68199bd Giorgos Korfiatis
a user holds so-called base quota granted by the system upon activation;
14 f68199bd Giorgos Korfiatis
base quota can be customized per user. When a user joins a project,
15 f68199bd Giorgos Korfiatis
resources offered by the project add up to the existing quota, increasing
16 f68199bd Giorgos Korfiatis
the total amount of resources one can reserve.
17 f68199bd Giorgos Korfiatis
18 f68199bd Giorgos Korfiatis
This design fails to associate an actual (reserved) resource (e.g. VM) with
19 f68199bd Giorgos Korfiatis
a particular project. There is no way to tell which project a resource
20 f68199bd Giorgos Korfiatis
originates from and is thus not possible to employ any targeted policy when
21 f68199bd Giorgos Korfiatis
a user leaves a project, such as reclaiming the granted resource. It is also
22 f68199bd Giorgos Korfiatis
not possible to employ more advanced access control on resources, such as
23 f68199bd Giorgos Korfiatis
sharing VMs among members of a project.
24 f68199bd Giorgos Korfiatis
25 f68199bd Giorgos Korfiatis
Proposed changes
26 f68199bd Giorgos Korfiatis
================
27 f68199bd Giorgos Korfiatis
28 f68199bd Giorgos Korfiatis
We will alter project semantics so that a project is viewed as a pool of
29 f68199bd Giorgos Korfiatis
finite resources. Each project member can reserve a portion of these
30 f68199bd Giorgos Korfiatis
resources up to a specified limit. Each actual resource (e.g. VM) is
31 f68199bd Giorgos Korfiatis
associated with a particular project. Admission of a user to a project will
32 f68199bd Giorgos Korfiatis
no more result in increasing the user's existing overall quota, but in
33 f68199bd Giorgos Korfiatis
defining new project-specific quota for the user.
34 f68199bd Giorgos Korfiatis
35 f68199bd Giorgos Korfiatis
A project defines a pair of limits for each resource that it grants (e.g.
36 f68199bd Giorgos Korfiatis
cyclades.vm): project-level limit and member-level limit; The former is the
37 f68199bd Giorgos Korfiatis
total amount of a resource that this project can grant; the latter is the
38 f68199bd Giorgos Korfiatis
maximum amount that an individual user (project member) can reserve and
39 f68199bd Giorgos Korfiatis
cannot exceed the former. A limit on the number of members allowed is still
40 f68199bd Giorgos Korfiatis
enforced.
41 f68199bd Giorgos Korfiatis
42 f68199bd Giorgos Korfiatis
Projects will be the sole source of resources. Current base quota offered to
43 f68199bd Giorgos Korfiatis
users by the system will be expressed in terms of special-purpose *base*
44 f68199bd Giorgos Korfiatis
projects.
45 f68199bd Giorgos Korfiatis
46 f68199bd Giorgos Korfiatis
Implementation details
47 f68199bd Giorgos Korfiatis
======================
48 f68199bd Giorgos Korfiatis
49 f68199bd Giorgos Korfiatis
Project-related quota holdings
50 f68199bd Giorgos Korfiatis
------------------------------
51 f68199bd Giorgos Korfiatis
52 f68199bd Giorgos Korfiatis
The Quotaholder is responsible to record all resource allocations and
53 f68199bd Giorgos Korfiatis
deallocations, and enforce the limits. It keeps counters of the following
54 f68199bd Giorgos Korfiatis
structure:
55 f68199bd Giorgos Korfiatis
 * resource: the resource name (e.g. cyclades.vm)
56 f68199bd Giorgos Korfiatis
 * holder: the entity holding the resource (user or project)
57 f68199bd Giorgos Korfiatis
 * source: the origin of the resource; a user-holder reserves from a
58 f68199bd Giorgos Korfiatis
   project, a project is a top-level entity and reserves from nowhere (None)
59 f68199bd Giorgos Korfiatis
 * limit: maximum allowed allocation (an integer)
60 f68199bd Giorgos Korfiatis
 * usage: current allocation (an integer)
61 f68199bd Giorgos Korfiatis
62 f68199bd Giorgos Korfiatis
[Due to the transactional nature of the mechanism, there are actually two
63 f68199bd Giorgos Korfiatis
usage fields (usage_min and usage_max). Details are beyond the scope of
64 f68199bd Giorgos Korfiatis
this document.]
65 f68199bd Giorgos Korfiatis
66 f68199bd Giorgos Korfiatis
Creation of a new project triggers the creation of counters like::
67 f68199bd Giorgos Korfiatis
68 f68199bd Giorgos Korfiatis
  resource      holder              source   limit   usage
69 f68199bd Giorgos Korfiatis
  ------------|-------------------|--------|-------|------
70 f68199bd Giorgos Korfiatis
  cyclades.vm   project:projectID   None     50      0
71 f68199bd Giorgos Korfiatis
72 f68199bd Giorgos Korfiatis
When a user is admitted in a project, counters are created like::
73 f68199bd Giorgos Korfiatis
74 f68199bd Giorgos Korfiatis
  resource      holder          source              limit   usage
75 f68199bd Giorgos Korfiatis
  ------------|---------------|-------------------|-------|------
76 f68199bd Giorgos Korfiatis
  cyclades.vm   user:userUUID   project:ProjectID   5       0
77 f68199bd Giorgos Korfiatis
78 f68199bd Giorgos Korfiatis
Note that the two types of holders (and sources) are made distinguishable with
79 f68199bd Giorgos Korfiatis
a prefix: ``user:`` or ``project:``.
80 f68199bd Giorgos Korfiatis
81 f68199bd Giorgos Korfiatis
When a user leaves a project, the latter limit is set to zero. This results
82 f68199bd Giorgos Korfiatis
in the project-specific user quota being over limit and prohibits any
83 f68199bd Giorgos Korfiatis
further allocation that would increase this counter. When a project
84 f68199bd Giorgos Korfiatis
is deactivated, the limit of both types of counters is set to zero.
85 f68199bd Giorgos Korfiatis
No user can perform any allocation related to this project. However, the
86 f68199bd Giorgos Korfiatis
holdings cannot be deleted as long as a non-zero usage is recorded.
87 f68199bd Giorgos Korfiatis
Deallocation is always allowed as long as usage does not fall below zero.
88 f68199bd Giorgos Korfiatis
Counters with zero usage and limit could by garbage collected by Astakos, if
89 f68199bd Giorgos Korfiatis
needed.
90 f68199bd Giorgos Korfiatis
91 f68199bd Giorgos Korfiatis
Base projects
92 f68199bd Giorgos Korfiatis
-------------
93 f68199bd Giorgos Korfiatis
94 f68199bd Giorgos Korfiatis
For reasons of uniformity, we replace the base quota mechanism with projects.
95 f68199bd Giorgos Korfiatis
In a similar vein to OpenStack tenants, we define new user-specific *base*
96 f68199bd Giorgos Korfiatis
projects to account for the base quota for each user. These projects should
97 f68199bd Giorgos Korfiatis
be clearly associated with a single user, restrict join/leave actions and
98 f68199bd Giorgos Korfiatis
specify the quota granted by the system. When a new user is created,
99 f68199bd Giorgos Korfiatis
their base project will be automatically created and linked back to the user.
100 f68199bd Giorgos Korfiatis
User activation will trigger project activation, granting the default resource
101 f68199bd Giorgos Korfiatis
quota. Base projects will have no owner, marked thusly as `system' projects.
102 f68199bd Giorgos Korfiatis
The administrator can, following the usual project logic, alter quota by
103 f68199bd Giorgos Korfiatis
modifying the project. Users cannot apply for modification of their base
104 f68199bd Giorgos Korfiatis
projects.
105 f68199bd Giorgos Korfiatis
106 f68199bd Giorgos Korfiatis
Projects will, from now on, be identified by a UUID. Base projects will
107 f68199bd Giorgos Korfiatis
receive the same UUID as the user itself. ProjectID, which appears above in
108 f68199bd Giorgos Korfiatis
the Quotaholder entries, refers to the project UUID.
109 f68199bd Giorgos Korfiatis
110 f68199bd Giorgos Korfiatis
Base quota will be expressed both in terms of a project-level and a
111 f68199bd Giorgos Korfiatis
member-level limit. This will result in two operationally equivalent
112 f68199bd Giorgos Korfiatis
Quotaholder counters, as in the following example. In the future, we could
113 f68199bd Giorgos Korfiatis
admit third-party users to a user's base project; in that case, those
114 f68199bd Giorgos Korfiatis
counters would differ.
115 f68199bd Giorgos Korfiatis
116 f68199bd Giorgos Korfiatis
::
117 f68199bd Giorgos Korfiatis
118 f68199bd Giorgos Korfiatis
  resource      holder         source         limit   usage
119 f68199bd Giorgos Korfiatis
  ------------|--------------|--------------|-------|------
120 f68199bd Giorgos Korfiatis
  cyclades.vm   project:uuid   None           5       1
121 f68199bd Giorgos Korfiatis
  cyclades.vm   user:uuid      project:uuid   5       1
122 f68199bd Giorgos Korfiatis
123 111adca0 Giorgos Korfiatis
System default quota
124 111adca0 Giorgos Korfiatis
--------------------
125 f68199bd Giorgos Korfiatis
126 f68199bd Giorgos Korfiatis
Each resource registered in the system is assigned a default quota limit.
127 111adca0 Giorgos Korfiatis
A newly-activated user is given these limits as their base quota. This is
128 111adca0 Giorgos Korfiatis
till now done by copying the default limits as user's entries in
129 111adca0 Giorgos Korfiatis
AstakosUserQuota. Default limits will from now on be copied into the base
130 111adca0 Giorgos Korfiatis
project's resource definitions.
131 111adca0 Giorgos Korfiatis
132 111adca0 Giorgos Korfiatis
Conventional projects are created through a project application, which
133 111adca0 Giorgos Korfiatis
may not specify limits for all resources registered in the system. In
134 111adca0 Giorgos Korfiatis
fact, it may even be impossible to specify a resource, if it is set
135 111adca0 Giorgos Korfiatis
``api_visible=False``. We have to somehow specify these limits. Defaulting
136 111adca0 Giorgos Korfiatis
to zero is not appropriate: if we don't want to control a resource, we
137 111adca0 Giorgos Korfiatis
would like it set to infinite. We thus need an extra skeleton, like the
138 111adca0 Giorgos Korfiatis
one specifying the default base quota, in order to fill in missing limits
139 111adca0 Giorgos Korfiatis
for conventional projects. It will be controled by a new option
140 111adca0 Giorgos Korfiatis
``--project-default`` of command ``resource-modify``.
141 f68199bd Giorgos Korfiatis
142 f68199bd Giorgos Korfiatis
Private projects
143 f68199bd Giorgos Korfiatis
----------------
144 f68199bd Giorgos Korfiatis
145 f68199bd Giorgos Korfiatis
Since the introduction of base projects will explode the number of total
146 f68199bd Giorgos Korfiatis
projects, we will need to control their visibility. We add a new flag
147 f68199bd Giorgos Korfiatis
*private* in project definitions. A private project can only be accessed by
148 f68199bd Giorgos Korfiatis
its owner and members and not be advertised in the UI. Base projects are
149 f68199bd Giorgos Korfiatis
marked as private.
150 f68199bd Giorgos Korfiatis
151 f68199bd Giorgos Korfiatis
Allocation of a new resource
152 f68199bd Giorgos Korfiatis
----------------------------
153 f68199bd Giorgos Korfiatis
154 f68199bd Giorgos Korfiatis
When a service allocates a new resource, it should associate it both with a
155 f68199bd Giorgos Korfiatis
user and a project. The commission issued to the Quotaholder should attempt
156 f68199bd Giorgos Korfiatis
to update all related counters. For example, it should include the following
157 f68199bd Giorgos Korfiatis
provisions::
158 f68199bd Giorgos Korfiatis
159 f68199bd Giorgos Korfiatis
  "provisions": [
160 f68199bd Giorgos Korfiatis
          {
161 f68199bd Giorgos Korfiatis
              "holder": "user:user-uuid",
162 f68199bd Giorgos Korfiatis
              "source": "project:project-uuid",
163 f68199bd Giorgos Korfiatis
              "resource": "cyclades.vm",
164 f68199bd Giorgos Korfiatis
              "quantity": 1
165 f68199bd Giorgos Korfiatis
          },
166 f68199bd Giorgos Korfiatis
          {
167 f68199bd Giorgos Korfiatis
              "holder": "project:project-uuid",
168 f68199bd Giorgos Korfiatis
              "source": None,
169 f68199bd Giorgos Korfiatis
              "resource": "cyclades.vm",
170 f68199bd Giorgos Korfiatis
              "quantity": 1
171 f68199bd Giorgos Korfiatis
          },
172 f68199bd Giorgos Korfiatis
          {
173 f68199bd Giorgos Korfiatis
              "holder": "user:user-uuid",
174 f68199bd Giorgos Korfiatis
              "source": "project:project-uuid",
175 f68199bd Giorgos Korfiatis
              "resource": "cyclades.cpu",
176 f68199bd Giorgos Korfiatis
              "quantity": 2
177 f68199bd Giorgos Korfiatis
          },
178 f68199bd Giorgos Korfiatis
          {
179 f68199bd Giorgos Korfiatis
              "holder": "project:project-uuid",
180 f68199bd Giorgos Korfiatis
              "source": None,
181 f68199bd Giorgos Korfiatis
              "resource": "cyclades.cpu",
182 f68199bd Giorgos Korfiatis
              "quantity": 2
183 f68199bd Giorgos Korfiatis
          }
184 f68199bd Giorgos Korfiatis
  ]
185 f68199bd Giorgos Korfiatis
186 f68199bd Giorgos Korfiatis
If any of these provisions fails, i.e. either on the project-level limits or
187 f68199bd Giorgos Korfiatis
the user-level ones, the whole commission fails.
188 f68199bd Giorgos Korfiatis
189 f68199bd Giorgos Korfiatis
The astakosclient call ``issue_one_commission`` will be adapted to abstract
190 f68199bd Giorgos Korfiatis
away the need to write both the user-level and the project-level provisions.
191 f68199bd Giorgos Korfiatis
The previous commission will be issued with::
192 f68199bd Giorgos Korfiatis
193 9b94cf0f Giorgos Korfiatis
  issue_one_commission(holder="user-uuid", source="project-uuid",
194 f68199bd Giorgos Korfiatis
                       provisions={"cyclades.vm": 1, "cyclades.cpu": 2})
195 f68199bd Giorgos Korfiatis
196 f68199bd Giorgos Korfiatis
The service is responsible to record this resource-to-project association.
197 f68199bd Giorgos Korfiatis
In Cyclades, each VM, floating IP, or other distinct resource should be
198 f68199bd Giorgos Korfiatis
linked to a project. Pithos should link containers to projects.
199 f68199bd Giorgos Korfiatis
200 f68199bd Giorgos Korfiatis
Astakos will handle its own resource ``astakos.pending_app`` in a special
201 f68199bd Giorgos Korfiatis
way: it will always be charged at the user's base project. This resource
202 f68199bd Giorgos Korfiatis
is marked with ``allow_in_projects = False`` in its definition. Since quota
203 f68199bd Giorgos Korfiatis
is now project-based, this flag will now be interpreted as forbidding usage
204 f68199bd Giorgos Korfiatis
in non-base projects.
205 f68199bd Giorgos Korfiatis
206 f68199bd Giorgos Korfiatis
Resource reassignment
207 f68199bd Giorgos Korfiatis
---------------------
208 f68199bd Giorgos Korfiatis
209 f68199bd Giorgos Korfiatis
The system will support reassigning a resource to a new project. One needs
210 f68199bd Giorgos Korfiatis
to specify all related resource values. Astakosclient will provide a
211 9b94cf0f Giorgos Korfiatis
convenience function ``issue_resource_reassignment`` to construct all needed
212 f68199bd Giorgos Korfiatis
provisions. For instance, reassigning a VM with two CPUs can be done with::
213 f68199bd Giorgos Korfiatis
214 9b94cf0f Giorgos Korfiatis
  issue_resource_reassignment(holder="user-uuid",
215 9b94cf0f Giorgos Korfiatis
                              from_source="from-uuid", to_source="to-uuid",
216 9b94cf0f Giorgos Korfiatis
                              provisions={"cyclades.vm": 1, "cyclades.cpu": 2})
217 f68199bd Giorgos Korfiatis
218 f68199bd Giorgos Korfiatis
This will issue the following provisions to the Quotaholder::
219 f68199bd Giorgos Korfiatis
220 f68199bd Giorgos Korfiatis
  "provisions": [
221 f68199bd Giorgos Korfiatis
          {
222 f68199bd Giorgos Korfiatis
              "holder": "user:user-uuid",
223 f68199bd Giorgos Korfiatis
              "source": "project:from-uuid",
224 f68199bd Giorgos Korfiatis
              "resource": "cyclades.vm",
225 f68199bd Giorgos Korfiatis
              "quantity": -1
226 f68199bd Giorgos Korfiatis
          },
227 f68199bd Giorgos Korfiatis
          {
228 f68199bd Giorgos Korfiatis
              "holder": "project:from-uuid",
229 f68199bd Giorgos Korfiatis
              "source": None,
230 f68199bd Giorgos Korfiatis
              "resource": "cyclades.vm",
231 f68199bd Giorgos Korfiatis
              "quantity": -1
232 f68199bd Giorgos Korfiatis
          },
233 f68199bd Giorgos Korfiatis
          {
234 f68199bd Giorgos Korfiatis
              "holder": "user:user-uuid",
235 f68199bd Giorgos Korfiatis
              "source": "project:from-uuid",
236 f68199bd Giorgos Korfiatis
              "resource": "cyclades.cpu",
237 f68199bd Giorgos Korfiatis
              "quantity": -2
238 f68199bd Giorgos Korfiatis
          },
239 f68199bd Giorgos Korfiatis
          {
240 f68199bd Giorgos Korfiatis
              "holder": "project:from-uuid",
241 f68199bd Giorgos Korfiatis
              "source": None,
242 f68199bd Giorgos Korfiatis
              "resource": "cyclades.cpu",
243 f68199bd Giorgos Korfiatis
              "quantity": -2
244 f68199bd Giorgos Korfiatis
          },
245 f68199bd Giorgos Korfiatis
          {
246 f68199bd Giorgos Korfiatis
              "holder": "user:user-uuid",
247 f68199bd Giorgos Korfiatis
              "source": "project:to-uuid",
248 f68199bd Giorgos Korfiatis
              "resource": "cyclades.vm",
249 f68199bd Giorgos Korfiatis
              "quantity": 1
250 f68199bd Giorgos Korfiatis
          },
251 f68199bd Giorgos Korfiatis
          {
252 f68199bd Giorgos Korfiatis
              "holder": "project:to-uuid",
253 f68199bd Giorgos Korfiatis
              "source": None,
254 f68199bd Giorgos Korfiatis
              "resource": "cyclades.vm",
255 f68199bd Giorgos Korfiatis
              "quantity": 1
256 f68199bd Giorgos Korfiatis
          }
257 f68199bd Giorgos Korfiatis
          {
258 f68199bd Giorgos Korfiatis
              "holder": "user:user-uuid",
259 f68199bd Giorgos Korfiatis
              "source": "project:to-uuid",
260 f68199bd Giorgos Korfiatis
              "resource": "cyclades.cpu",
261 f68199bd Giorgos Korfiatis
              "quantity": 2
262 f68199bd Giorgos Korfiatis
          },
263 f68199bd Giorgos Korfiatis
          {
264 f68199bd Giorgos Korfiatis
              "holder": "project:to-uuid",
265 f68199bd Giorgos Korfiatis
              "source": None,
266 f68199bd Giorgos Korfiatis
              "resource": "cyclades.cpu",
267 f68199bd Giorgos Korfiatis
              "quantity": 2
268 f68199bd Giorgos Korfiatis
          }
269 f68199bd Giorgos Korfiatis
  ]
270 f68199bd Giorgos Korfiatis
271 f68199bd Giorgos Korfiatis
API extensions
272 f68199bd Giorgos Korfiatis
--------------
273 f68199bd Giorgos Korfiatis
274 f68199bd Giorgos Korfiatis
API call ``GET /quotas`` is extended to incorporate project-level quota. The
275 f68199bd Giorgos Korfiatis
response contains entries for all projects for which a user/project pair
276 f68199bd Giorgos Korfiatis
exists in the quotaholder::
277 f68199bd Giorgos Korfiatis
278 f68199bd Giorgos Korfiatis
  {
279 f68199bd Giorgos Korfiatis
      "project1-uuid": {
280 f68199bd Giorgos Korfiatis
          "cyclades.ram": {
281 f68199bd Giorgos Korfiatis
              "usage": 2147483648,
282 f68199bd Giorgos Korfiatis
              "limit": 2147483648,
283 f68199bd Giorgos Korfiatis
              "pending": 0,
284 f68199bd Giorgos Korfiatis
              "project_usage": ...,
285 f68199bd Giorgos Korfiatis
              "project_limit": ...,
286 f68199bd Giorgos Korfiatis
              "project_pending": ...
287 f68199bd Giorgos Korfiatis
          },
288 f68199bd Giorgos Korfiatis
          "cyclades.vm": {
289 f68199bd Giorgos Korfiatis
              ...
290 f68199bd Giorgos Korfiatis
          }
291 f68199bd Giorgos Korfiatis
      }
292 f68199bd Giorgos Korfiatis
      "project2-uuid": {
293 f68199bd Giorgos Korfiatis
          ...
294 f68199bd Giorgos Korfiatis
      }
295 f68199bd Giorgos Korfiatis
  }
296 f68199bd Giorgos Korfiatis
297 f68199bd Giorgos Korfiatis
An extra or differentiated call may be needed to retrieve the project quota
298 f68199bd Giorgos Korfiatis
regardless of user::
299 f68199bd Giorgos Korfiatis
300 f68199bd Giorgos Korfiatis
  GET /quotas?mode=projects
301 f68199bd Giorgos Korfiatis
302 f68199bd Giorgos Korfiatis
  {
303 f68199bd Giorgos Korfiatis
      "project-uuid": {
304 f68199bd Giorgos Korfiatis
          "cyclades.ram": {
305 f68199bd Giorgos Korfiatis
              "project_usage": 2147483648,
306 f68199bd Giorgos Korfiatis
              "project_limit": 2147483648,
307 f68199bd Giorgos Korfiatis
              "project_pending": 0
308 f68199bd Giorgos Korfiatis
          }
309 f68199bd Giorgos Korfiatis
          "cyclades.vm": {
310 f68199bd Giorgos Korfiatis
              ...
311 f68199bd Giorgos Korfiatis
          }
312 f68199bd Giorgos Korfiatis
      }
313 f68199bd Giorgos Korfiatis
  }
314 f68199bd Giorgos Korfiatis
315 f68199bd Giorgos Korfiatis
All service API calls that create resources can specify the project where
316 9b94cf0f Giorgos Korfiatis
they will be attributed.
317 9b94cf0f Giorgos Korfiatis
318 9b94cf0f Giorgos Korfiatis
In cyclades, ``POST /servers`` (likewise for networks and floating IPs) will
319 9b94cf0f Giorgos Korfiatis
receive an extra argument ``project``. If it is missing, the user's base
320 9b94cf0f Giorgos Korfiatis
project will be assumed. In calls detailing a resource (e.g., ``GET
321 9b94cf0f Giorgos Korfiatis
/servers/<server_id>``), the field ``tenant_id`` will contain the
322 9b94cf0f Giorgos Korfiatis
project id.
323 9b94cf0f Giorgos Korfiatis
324 9b94cf0f Giorgos Korfiatis
Moreover, extra calls will be needed for resource reassignment,
325 f68199bd Giorgos Korfiatis
e.g::
326 f68199bd Giorgos Korfiatis
327 f68199bd Giorgos Korfiatis
  POST /servers/<server-id>/action
328 f68199bd Giorgos Korfiatis
329 f68199bd Giorgos Korfiatis
  {
330 9b94cf0f Giorgos Korfiatis
      "reassign": {"project": <project-id>}
331 f68199bd Giorgos Korfiatis
  }
332 f68199bd Giorgos Korfiatis
333 9b94cf0f Giorgos Korfiatis
In pithos, ``PUT`` and ``POST`` calls at the container level will accept an
334 9b94cf0f Giorgos Korfiatis
extra optional policy ``project``. The former call assigns a newly created
335 9b94cf0f Giorgos Korfiatis
container to a given project, the latter reassigns an existing container.
336 9b94cf0f Giorgos Korfiatis
Field ``x-container-policy-project`` will be retrieved by a ``HEAD`` call at
337 9b94cf0f Giorgos Korfiatis
the container level.
338 9b94cf0f Giorgos Korfiatis
339 f68199bd Giorgos Korfiatis
User interface
340 f68199bd Giorgos Korfiatis
--------------
341 f68199bd Giorgos Korfiatis
342 f68199bd Giorgos Korfiatis
User quota will be presented per project, including the aggregate activity
343 f68199bd Giorgos Korfiatis
of other project members: the Resource Usage page will include a drop-down
344 f68199bd Giorgos Korfiatis
menu with all relevant projects. By default, user's base project will
345 f68199bd Giorgos Korfiatis
be assumed. When choosing a project, usage for all resources will be
346 f68199bd Giorgos Korfiatis
presented for the given project in the following style::
347 f68199bd Giorgos Korfiatis
348 f68199bd Giorgos Korfiatis
                        limit
349 f68199bd Giorgos Korfiatis
    used                ^                    taken by others
350 f68199bd Giorgos Korfiatis
  |::::::|..............|...........|::::::::::::::::::::::::::::::::::|
351 f68199bd Giorgos Korfiatis
         ^              ^                                              ^
352 f68199bd Giorgos Korfiatis
         usage          effective                                      project
353 f68199bd Giorgos Korfiatis
                        limit                                          limit
354 f68199bd Giorgos Korfiatis
355 f68199bd Giorgos Korfiatis
356 f68199bd Giorgos Korfiatis
                        limit
357 f68199bd Giorgos Korfiatis
    used                ^          taken by others
358 f68199bd Giorgos Korfiatis
  |::::::|........|:::::|::::::::::::::::::::::::::::::::::::::::::::::|
359 f68199bd Giorgos Korfiatis
         ^        ^                                                    ^
360 f68199bd Giorgos Korfiatis
         usage    effective                                            project
361 f68199bd Giorgos Korfiatis
                  limit                                                limit
362 f68199bd Giorgos Korfiatis
363 f68199bd Giorgos Korfiatis
Text accompanying the bar could mention usage based on the effective limit,
364 f68199bd Giorgos Korfiatis
e.g.: `usage` out of `effective limit` Virtual Machines. Likewise the shaded
365 f68199bd Giorgos Korfiatis
`used` part of the bar could express the same ratio in percentage terms.
366 f68199bd Giorgos Korfiatis
367 f68199bd Giorgos Korfiatis
Given the above-mentioned response of the ``/quotas`` call, the effective
368 f68199bd Giorgos Korfiatis
limit can be computed by::
369 f68199bd Giorgos Korfiatis
370 f68199bd Giorgos Korfiatis
  taken_by_others = project_usage - usage
371 f68199bd Giorgos Korfiatis
  effective_limit = min(limit, project_limit - taken_by_others)
372 f68199bd Giorgos Korfiatis
373 f68199bd Giorgos Korfiatis
Projects show up in a number of service-specific user interactions, too.
374 f68199bd Giorgos Korfiatis
When creating a Cyclades VM, the flavor-choosing window should first ask
375 f68199bd Giorgos Korfiatis
for the project where the VM will be charged before showing the
376 f68199bd Giorgos Korfiatis
available resource combinations. Likewise, creating a new container in
377 f68199bd Giorgos Korfiatis
Pithos will prompt for picking a project to associate with.
378 f68199bd Giorgos Korfiatis
379 f68199bd Giorgos Korfiatis
Resource presentation (e.g. Cyclades VMs) will also mention the associated
380 f68199bd Giorgos Korfiatis
project and provide an action to reassign the resource to a different
381 f68199bd Giorgos Korfiatis
project.
382 f68199bd Giorgos Korfiatis
383 f68199bd Giorgos Korfiatis
Command-line interface
384 f68199bd Giorgos Korfiatis
----------------------
385 f68199bd Giorgos Korfiatis
386 f68199bd Giorgos Korfiatis
Quota can be queried per user or project::
387 f68199bd Giorgos Korfiatis
388 f68199bd Giorgos Korfiatis
  # snf-manage user-show <id> --quota
389 f68199bd Giorgos Korfiatis
390 f68199bd Giorgos Korfiatis
  project  resource    limit  effective_limit usage
391 f68199bd Giorgos Korfiatis
  -------------------------------------------------
392 f68199bd Giorgos Korfiatis
  uuid     cyclades.vm 10     9               5
393 f68199bd Giorgos Korfiatis
394 f68199bd Giorgos Korfiatis
  # snf-manage project-show <id> --quota
395 f68199bd Giorgos Korfiatis
396 f68199bd Giorgos Korfiatis
  resource    limit  usage
397 f68199bd Giorgos Korfiatis
  ------------------------
398 f68199bd Giorgos Korfiatis
  cyclades.vm 100    50
399 f68199bd Giorgos Korfiatis
400 f68199bd Giorgos Korfiatis
A new command ``snf-manage project-modify`` will automate the process of
401 f68199bd Giorgos Korfiatis
applying/approving applications in order to modify some project settings,
402 f68199bd Giorgos Korfiatis
such as the quota limits.
403 f68199bd Giorgos Korfiatis
404 f68199bd Giorgos Korfiatis
Currently, the administrator can change the user base quota with:
405 f68199bd Giorgos Korfiatis
``snf-manage user-modify <id> --set-base-quota <resource> <capacity>``.
406 f68199bd Giorgos Korfiatis
This will be removed in favor of the ``project-modify`` command, so that all
407 111adca0 Giorgos Korfiatis
quota are handled in a uniform way. Similar to ``user-modify --all``,
408 111adca0 Giorgos Korfiatis
``project-modify`` will get options ``--all-base`` and ``--all-non-base`` to
409 111adca0 Giorgos Korfiatis
allow updating quota in bulk.
410 f68199bd Giorgos Korfiatis
411 f68199bd Giorgos Korfiatis
Migration steps
412 f68199bd Giorgos Korfiatis
===============
413 f68199bd Giorgos Korfiatis
414 f68199bd Giorgos Korfiatis
Project conversion
415 f68199bd Giorgos Korfiatis
------------------
416 f68199bd Giorgos Korfiatis
417 f68199bd Giorgos Korfiatis
Existing projects need to be converted to resource-pool ones. The following
418 f68199bd Giorgos Korfiatis
steps must be taken in Astakos:
419 f68199bd Giorgos Korfiatis
  * compute project-level limits for each resource as
420 f68199bd Giorgos Korfiatis
    max_members * member-level limit
421 f68199bd Giorgos Korfiatis
  * create base projects based on base quota for each user
422 f68199bd Giorgos Korfiatis
  * make Quotaholder entries for projects and user/project pairs
423 f68199bd Giorgos Korfiatis
  * assign all current usage to the base projects (both project
424 f68199bd Giorgos Korfiatis
    and user/project entries)
425 f68199bd Giorgos Korfiatis
  * set usage for all other entries to zero
426 f68199bd Giorgos Korfiatis
427 f68199bd Giorgos Korfiatis
Cyclades and Pithos should initialize their project attribute on each resource
428 f68199bd Giorgos Korfiatis
with the user's base project, that is, the same UUID as the resource owner.
429 f68199bd Giorgos Korfiatis
430 f68199bd Giorgos Korfiatis
Initial resource reassignment
431 f68199bd Giorgos Korfiatis
-----------------------------
432 f68199bd Giorgos Korfiatis
433 f68199bd Giorgos Korfiatis
Once migration has finished, users will be off-quota on their base project,
434 f68199bd Giorgos Korfiatis
if they had used additional quota from projects. To alleviate this
435 f68199bd Giorgos Korfiatis
situation, each service can attempt to reassign resources to other projects,
436 f68199bd Giorgos Korfiatis
following this strategy:
437 f68199bd Giorgos Korfiatis
  * consult Astakos for projects and quota for a given user
438 f68199bd Giorgos Korfiatis
  * select resources that can fit in another project
439 f68199bd Giorgos Korfiatis
  * issue a commission to decrease usage of the base project and likewise
440 f68199bd Giorgos Korfiatis
    increase usage of the available project
441 f68199bd Giorgos Korfiatis
  * record the new ProjectUUID for the reassigned resources