Limit access to resources by applying quotas

Key Value
Summary Limit access to resources by applying quotas.
Categories openstack
Difficulty 1
Author Tytus Kurek tytus.kurek@canonical.com

Overview

Duration: 3:00

Before you get started!

Welcome to OpenStack!

In this series of tutorials, we will walk you through all the necessary steps to install, configure and get started with OpenStack. Using just your workstation, you will learn how to use OpenStack for cloud infrastructure implementation purposes, from a single-node installation to large-scale clusters.

This tutorial is the eleventh in the “Phase I - Single-node OpenStack on your workstation” series.

Explore other tutorials >

What is OpenStack?

OpenStack is the most popular open source cloud platform that aggregates distributed compute, network and storage resources in the data centre and enables on-demand provisioning of virtual machines through a self-service portal. OpenStack powers thousands of public and private clouds all over the world, providing rapid access for greater innovation and better economics.

Learn more about OpenStack >

What is MicroStack?

MicroStack is a micro cloud platform based on OpenStack, designed for the edge and small-scale data centre deployments, that can be installed and maintained with minimal effort. MicroStack eliminates the complexity behind OpenStack, providing an opinionated approach to OpenStack architecture design and a straightforward installation method.

Learn more about MicroStack >

What is Charmed OpenStack?

Charmed OpenStack is an enterprise cloud platform based on OpenStack, designed for large-scale data centre deployments, that provides full automation around the initial installation and day-2 operations. Charmed OpenStack abstracts the complexity behind OpenStack, using a composable approach to OpenStack architecture design with model-driven operators (charms).

Learn more about Charmed OpenStack >

In this tutorial, you will learn how to:

  • Use quotas to limit access to resources in OpenStack

  • Manage default quotas

  • Manage per-project quotas

You will only need:

One physical machine with:

MicroStack

These instructions use MicroStack - OpenStack in a snap. MicroStack is also available on other Linux distros, Windows and macOS. Refer to the MicroStack website for more information on how to install MicroStack on other OS than Ubuntu.

Credentials

Duration: 1:00

Make sure you’re logged in as the admin user we created in tutorial 6. Identities.

To log in as the admin user through the OpenStack client, open a new terminal window, execute the following command and type admin when asked for the password:


$ source ~/Downloads/admin-openrc.sh

To log in as the admin user through the OpenStack dashboard, visit https://10.20.20.1 and use the following credentials:

  • Domain - Type mydomain

  • User Name - Type admin

  • Password - Type admin

Manage default quotas

Duration: 3:00

OpenStack supports the concept of quotas, which can limit access to network, compute and storage resources for tenants. Default quotas apply to all projects, but quotas can also be set per project individually. Per-project quotas take precedence over default quotas.

In the following steps, we’ll update default quotas to enable 20 instances per project.

Manage default quotas through the OpenStack client

To list default quotas, execute the following command:


$ openstack --insecure quota show --default

To update the default quota for instances, execute the following command:


$ openstack --insecure quota set --instances 20 --class default

Manage default quotas through the OpenStack dashboard

Navigate to Admin -> System -> Defaults and click the Update Defaults button on the right on the Compute Quotas tab:

To update the default quota for instances, fill in the form as follows:

  • Instances - Type 20

Then click the Update Defaults button:

You are now able to see the default quota for instances updated in Nova’s database:

Manage per-project quotas

Duration: 2:00

In the following steps, we’ll modify quotas for the myproject project to enable only 1 instance.

Manage per-project quotas through the OpenStack client

To update the quota for instances in the myproject project, execute the following command:


$ openstack --insecure quota set --instances 1 myproject

To list quotas for the myproject project, execute the following command:


$ openstack --insecure quota show myproject

Manage per-project quotas through the OpenStack dashboard

Navigate to Identity -> Projects. Then, under the Actions column beside myproject, select Modify Quotas from the drop-down menu:

To update the quota for instances in the myproject project, fill in the form as follows:

  • Instances - Type 1

Then click the Save button:

Note that the project ID (here f09329bda8ee4f239d7a578420d32791) may be different in your environment.

Switch to the “myuser” user account

Duration: 1:00

Make sure you’re logged in as the myuser user we created in tutorial 6. Identities.

To log in as the myuser user through the OpenStack client, open a new terminal window, execute the following command and type mypassword when asked for the password:


$ source ~/Downloads/myproject-openrc.sh

To log in as the myuser user through the OpenStack dashboard, visit https://10.20.20.1 and use the following credentials:

  • Domain - Type mydomain

  • User Name - Type myuser

  • Password - Type mypassword

Attempt to exceed quotas

Duration: 3:00

In the following steps, we’ll attempt to exceed quotas for the myproject project by launching another instance. We’ll attempt to launch an instance called myinstance-2 on the ephemeral storage using the 20.04 image, the myflavor flavor and the mykeypair key pair, attached to the mysubnet subnet with the default security group attached.

Attempt to exceed quotas through the OpenStack client

To attempt to launch the instance, execute the following command:


$ openstack --insecure server create --flavor myflavor --image 20.04 --network mynetwork --key-name mykeypair myinstance-2

Sample output:


Quota exceeded for instances: Requested 1, but already used 1 of 1 instances (HTTP 403) (Request-ID: req-1fe107b8-533d-4136-a7dc-ea09db5d4e65)

Attempt to exceed quotas through the OpenStack dashboard

Navigate to Project -> Compute -> Instances and attempt to click the Launch Instance button on the right. As you can see, the button is grayed out and the (Quota exceeded) message is appended to the button:

Next steps

Duration: 2:00

Congratulations! You have reached the end of this tutorial.

You can now move to the next tutorial - “12. Teardown” - or explore other tutorials.

In this tutorial, you have learnt how to:

  • Use quotas to limit access to resources in OpenStack

  • Manage default quotas

  • Manage per-project quotas

Where to go from here?

1 Like