That would be great! I can break down the work a little bit to help
describe where we are at with different parts of the initiative.
Hopefully it will be useful for your colleagues in case they haven't
been closely following the effort.
# keystone
Based on the initial note in this thread, I'm sure you're aware of
keystone's status with respect to unified limits. But to recap, the
initial implementation landed in Queens and targeted flat
enforcement [0]. During the Rocky PTG we sat down with other
services and a few operators to explain the current status in
keystone and if either developers or operators had feedback on the
API specifically. Notes were captured in etherpad [1]. We spent the
Rocky cycle fixing usability issues with the API [2] and
implementing support for a hierarchical enforcement model [3].
At this point keystone is ready for services to start consuming the
unified limits work. The unified limits API is still marked as
stable and it will likely stay that way until we have at least one
project using unified limits. We can use that as an opportunity to
do a final flush of any changes that need to be made to the API
before fully supporting it. The keystone team expects that to be a
quick transition, as we don't want to keep the API hanging in an
experimental state. It's really just a safe guard to make sure we
have the opportunity to use it in another service before fully
committing to the API. Ultimately, we don't want to prematurely mark
the API as supported when other services aren't even using it yet,
and then realize it has issues that could have been fixed prior to
the adoption phase.
# oslo.limit
In parallel with the keystone work, we created a new library to aid
services in consuming limits. Currently, the sole purpose of
oslo.limit is to abstract project and project hierarchy information
away from the service, so that services don't have to reimplement
client code to understand project trees, which could arguably become
complex and lead to inconsistencies in u-x across services.
Ideally, a service should be able to pass some relatively basic
information to oslo.limit and expect an answer on whether or not
usage for that claim is valid. For example, here is a project ID,
resource name, and resource quantity, tell me if this project is
over it's associated limit or default limit.
We're currently working on implementing the enforcement bits of
oslo.limit, which requires making API calls to keystone in order to
retrieve the deployed enforcement model, limit information, and
project hierarchies. Then it needs to reason about those things and
calculate usage from the service in order to determine if the
request claim is valid or not. There are patches up for this work,
and reviews are always welcome [4].
Note that we haven't released oslo.limit yet, but once the basic
enforcement described above is implemented we will. Then services
can officially pull it into their code as a dependency and we can
work out remaining bugs in both keystone and oslo.limit. Once we're
confident in both the API and the library, we'll bump oslo.limit to
version 1.0 at the same time we graduate the unified limits API from
"experimental" to "supported". Note that oslo libraries <1.0 are
considered experimental, which fits nicely with the unified limit
API being experimental as we shake out usability issues in both
pieces of software.
# services
Finally, we'll be in a position to start integrating oslo.limit into
services. I imagine this to be a coordinated effort between
keystone, oslo, and service developers. I do have a patch up that
adds a conceptual overview for developers consuming oslo.limit [5],
which renders into [6].
To be honest, this is going to be a very large piece of work and
it's going to require a lot of communication. In my opinion, I think
we can use the first couple iterations to generate some well-written
usage documentation. Any questions coming from developers in this
phase should probably be answered in documentation if we want to
enable folks to pick this up and run with it. Otherwise, I could see
the handful of people pushing the effort becoming a bottle neck in
adoption.
Hopefully this helps paint the landscape of where things are
currently with respect to each piece. As always, let me know if you
have any additional questions. If people want to discuss online, you
can find me, and other contributors familiar with this topic, in
#openstack-keystone or #openstack-dev on IRC (nic: lbragstad).
[0]
http://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/limits-api.html
[1] https://etherpad.openstack.org/p/unified-limits-rocky-ptg
[2] https://tinyurl.com/y6ucarwm
[3]
http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/strict-two-level-enforcement-model.html
[4]
https://review.openstack.org/#/q/project:openstack/oslo.limit+status:open
[5] https://review.openstack.org/#/c/600265/
[6]
http://logs.openstack.org/65/600265/3/check/openstack-tox-docs/a6bcf38/html/user/usage.html
On Thu, Sep 6, 2018 at 8:56 PM Jaze Lee <jaze...@gmail.com
<mailto:jaze...@gmail.com>> wrote:
Lance Bragstad <lbrags...@gmail.com
<mailto:lbrags...@gmail.com>> 于
2018年9月6日周四 下午10:01写道:
>
> I wish there was a better answer for this question, but
currently
there are only a handful of us working on the initiative. If
you, or
someone you know, is interested in getting involved, I'll happily
help onboard people.
Well,I can recommend some my colleges to work on this. I wish
in S,
all service can use unified limits to do quota job.
>
> On Wed, Sep 5, 2018 at 8:52 PM Jaze Lee <jaze...@gmail.com
<mailto:jaze...@gmail.com>> wrote:
>>
>> On Stein only one service?
>> Is there some methods to move this more fast?
>> Lance Bragstad <lbrags...@gmail.com
<mailto:lbrags...@gmail.com>> 于2018年9月5日周三 下午9:29写道:
>> >
>> > Not yet. Keystone worked through a bunch of usability
improvements with the unified limits API last release and created
the oslo.limit library. We have a patch or two left to land in
oslo.limit before projects can really start using unified limits
[0].
>> >
>> > We're hoping to get this working with at least one
resource in
another service (nova, cinder, etc...) in Stein.
>> >
>> > [0]
https://review.openstack.org/#/q/status:open+project:openstack/oslo.limit+branch:master+topic:limit_init
>> >
>> > On Wed, Sep 5, 2018 at 5:20 AM Jaze Lee <jaze...@gmail.com
<mailto:jaze...@gmail.com>> wrote:
>> >>
>> >> Hello,
>> >> Does nova and cinder use keystone's unified limits api
to do quota job?
>> >> If not, is there a plan to do this?
>> >> Thanks a lot.
>> >>
>> >> --
>> >> 谦谦君子
>> >>
>> >>
__________________________________________________________________________
>> >> OpenStack Development Mailing List (not for usage questions)
>> >> Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
>> >>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> >
>> >
__________________________________________________________________________
>> > OpenStack Development Mailing List (not for usage questions)
>> > Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
>> >
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>> --
>> 谦谦君子
>>
>>
__________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
>>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-- 谦谦君子
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
