| Key | Value |
|---|---|
| Summary | Limit access to resources by applying quotas. |
| Categories | openstack |
| Difficulty | 1 |
| Author | Tytus Kurek tytus.kurek@canonical.com |
Overview
Duration: 3:00
Before you get started!
Welcome to OpenStack!
In this series of tutorials, we will walk you through all the necessary steps to install, configure and get started with OpenStack. Using just a single machine, you will learn how to use OpenStack for cloud infrastructure implementation purposes, from a single-node installation to large-scale clusters.
This tutorial is the eleventh in the “Phase I - Learn OpenStack” series.
What is OpenStack?
OpenStack is a collection of open source projects designed to work together to form the basis of a cloud. OpenStack can be used for both private and public cloud implementation.
What is Sunbeam?
Sunbeam is an upstream project under the governance of the OpenInfra Foundation (OIF), which was created to lower the barrier to entry for OpenStack, simplify its adoption process, and set the foundation for an autonomous private cloud. Sunbeam uses cloud-native architecture and total bottom-up automation to make OpenStack more accessible to newcomers and to help users get to grips with the platform immediately.
What is MicroStack?
MicroStack (based on Sunbeam) is an OpenStack distribution designed for small-scale cloud environments. While it is available with full commercial support from Canonical, it can also be self-deployed with no friction, effectively eliminating the need for a paid consulting engagement. MicroStack currently includes core OpenStack services only, but is expected to evolve quickly to ensure full feature parity with Canonical’s Charmed OpenStack soon.
In this tutorial, you will learn how to:
- Use quotas to limit access to resources in OpenStack
- Manage default quotas
- Manage per-project quotas
You will only need:
One fresh physical or virtual machine with:
- The latest Ubuntu LTS installed,
- Static IP address assigned to its primary network interface,
- OpenSSH server installed and configured,
- 4+ core amd64 CPU,
- 16 GB of RAM,
- 50 GB of SSD storage,
- OpenStack cloud bootstrapped, configured and sample instance launched,
- OpenStack client set up,
- Sample identities created,
- Sample instance launched.
Credentials
Duration: 1:00
Make sure you’re logged in as the admin user we created in tutorial 6. Identities.
To log in as the admin user through the OpenStack client, open a new terminal window, execute the following command and type admin when asked for the password:
$ source ~/Downloads/admin-openrc.sh
To log in as the admin user through the OpenStack dashboard, visit https://10.20.20.1 and use the following credentials:
-
Domain - Type
mydomain -
User Name - Type
admin -
Password - Type
admin
Manage default quotas
Duration: 3:00
OpenStack supports the concept of quotas, which can limit access to network, compute and storage resources for tenants. Default quotas apply to all projects, but quotas can also be set per project individually. Per-project quotas take precedence over default quotas.
In the following steps, we’ll update default quotas to enable 20 instances per project.
Manage default quotas through the OpenStack client
To list default quotas, execute the following command:
$ openstack quota show --default
To update the default quota for instances, execute the following command:
$ openstack quota set --instances 20 --class default
Manage default quotas through the OpenStack dashboard
Navigate to Admin → System → Defaults and click the Update Defaults button on the right on the Compute Quotas tab:
To update the default quota for instances, fill in the form as follows:
- Instances - Type
20
Then click the Update Defaults button:
You are now able to see the default quota for instances updated in Nova’s database:
Manage per-project quotas
Duration: 2:00
In the following steps, we’ll modify quotas for the myproject project to enable only 1 instance.
Manage per-project quotas through the OpenStack client
To update the quota for instances in the myproject project, execute the following command:
$ openstack quota set --instances 1 myproject
To list quotas for the myproject project, execute the following command:
$ openstack quota show myproject
Manage per-project quotas through the OpenStack dashboard
Navigate to Identity → Projects. Then, under the Actions column beside myproject, select Modify Quotas from the drop-down menu:
To update the quota for instances in the myproject project, fill in the form as follows:
- Instances - Type
1
Then click the Save button:
Note that the project ID (here f09329bda8ee4f239d7a578420d32791) may be different in your environment.
Switch to the “myuser” user account
Duration: 1:00
Make sure you’re logged in as the myuser user we created in tutorial 6. Identities.
To log in as the myuser user through the OpenStack client, open a new terminal window, execute the following command and type mypassword when asked for the password:
$ source ~/Downloads/myproject-openrc.sh
To log in as the myuser user through the OpenStack dashboard, visit https://10.20.20.1 and use the following credentials:
-
Domain - Type
mydomain -
User Name - Type
myuser -
Password - Type
mypassword
Attempt to exceed quotas
Duration: 3:00
In the following steps, we’ll attempt to exceed quotas for the myproject project by launching another instance. We’ll attempt to launch an instance called myinstance-2 on the ephemeral storage using the ubuntu-jammy image, the myflavor flavor and the mykeypair key pair, attached to the mysubnet subnet with the default security group attached.
Attempt to exceed quotas through the OpenStack client
To attempt to launch the instance, execute the following command:
$ openstack server create --flavor myflavor --image ubuntu-jammy --network mynetwork --key-name mykeypair myinstance-2
Sample output:
Quota exceeded for instances: Requested 1, but already used 1 of 1 instances (HTTP 403) (Request-ID: req-1fe107b8-533d-4136-a7dc-ea09db5d4e65)
Attempt to exceed quotas through the OpenStack dashboard
Navigate to Project → Compute → Instances and attempt to click the Launch Instance button on the right. As you can see, the button is grayed out and the (Quota exceeded) message is appended to the button:
Next steps
Duration: 2:00
Congratulations! You have reached the end of this tutorial.
You can now move to the next tutorial - “12. Teardown” - or explore other tutorials.
In this tutorial, you have learnt how to:
- Use quotas to limit access to resources in OpenStack
- Manage default quotas
- Manage per-project quotas