#openstack-meeting log

16:03:44 <raildo> #startmeeting hierarchical_multitenancy
16:03:45 <openstack> Meeting started Fri Aug  1 16:03:44 2014 UTC and is due to finish in 60 minutes.  The chair is raildo. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:03:46 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:03:48 <openstack> The meeting name has been set to 'hierarchical_multitenancy'
16:03:50 <Nirbhay_> yes
16:04:21 <raildo> #topic bp nova
16:04:28 <raildo> #link https://review.openstack.org/#/c/110639/
16:05:05 <raildo> Joe Gordon gave a -2 in review
16:05:13 <sajeesh> yes
16:05:45 <raildo> sajeesh: Any response  from him after vinod replied?
16:05:53 <sajeesh> not yet
16:06:10 <sajeesh> yesterday there was no nova meeting
16:06:15 <rodrigods> maybe you should ping him in #openstack-nova
16:06:28 <sajeesh> ok
16:06:32 <raildo> rodrigods: +1
16:06:44 <raildo> or send a email
16:06:49 <sajeesh> ok
16:07:16 <sajeesh> raildo,what is juno-2 and juno-3
16:07:44 <raildo> #action sajeesh should talk to joe gordon in #openstack-nova or  send a email
16:08:00 <raildo> sajeesh: #link https://wiki.openstack.org/wiki/Juno_Release_Schedule
16:08:26 <sajeesh> raildo,ok I will check
16:09:03 <sajeesh> raildo,so we have a chance to get into juno-3 right ?
16:09:10 <raildo> sajeesh: FeatureProposalFreeze for the juno-3 is August 21
16:09:13 <raildo> sajeesh: yes
16:09:25 <sajeesh> ok
16:10:09 <raildo> #topic option --force in Quota
16:10:46 <raildo> Ulrich sent me the following sentence "One issue which is cooking up right now is if we can support the --force option  to set quota below the current usage. We have a good use case for that but it can be tricky and needs to be carefully thought about so that users cannot cheat. "
16:11:15 <sajeesh> ok
16:11:28 <raildo> Nirbhay_: you could better explain this option --force?
16:11:40 <Nirbhay_> yes
16:11:56 <Nirbhay_> but ulrich has agreed to leave for time being
16:12:07 <raildo> ok
16:12:43 <sajeesh> raildo,for the time being we can keep our bp as simple as possible
16:12:52 <rodrigods> sajeesh, ++
16:12:56 <Nirbhay_> yes ++
16:13:23 <Nirbhay_> and there are chances in which user can cheat
16:13:37 <Nirbhay_> I u want i can explain that
16:13:55 <Nirbhay_> Sorry, If you want **
16:14:02 <raildo> #agree There will not  be  the option - force
16:14:37 <sajeesh> raildo,I will test your setup this weekend
16:14:39 <Nirbhay_> ok
16:14:48 <raildo> Nirbhay_: If you can explain, I wonder how it would work, can be useful in the future
16:14:54 <raildo> sajeesh: great
16:15:05 <Nirbhay_> No it has drawback..
16:15:28 <Nirbhay_> let's say we have tree like A->B->C
16:15:44 <sajeesh> ok
16:15:54 <Nirbhay_> And quota limit for A is 100, for B 50 and C 20
16:16:01 <sajeesh> ok
16:16:24 <Nirbhay_> Assume A and B are not using any resouce
16:16:32 <sajeesh> ok
16:16:33 <Nirbhay_> and C is using 10
16:16:51 <Nirbhay_> so if we have reduce quota on C to 10 then is ok
16:16:55 <Nirbhay_> right
16:17:08 <raildo> ok
16:17:10 <Nirbhay_> becuase C has free quota as 10
16:17:34 <sajeesh> ok
16:17:50 <Nirbhay_> now let's say B admin created new project D, C's sibling
16:18:06 <sajeesh> ok
16:18:16 <Nirbhay_> how much max quota can be given to D ?can you calculate
16:18:31 <Nirbhay_> If C's quota is 10
16:18:43 <Nirbhay_> and B has 50, nothing used in B
16:18:47 <sajeesh> 50-10
16:18:50 <Nirbhay_> yes
16:19:00 <Nirbhay_> But now D needs more
16:19:21 <Nirbhay_> but C is using 10 resources so it can not be decreased
16:19:52 <Nirbhay_> in force option B admin can make quota of C to 5 and then add addtional 5 to D
16:20:03 <sajeesh> ok
16:20:05 <Nirbhay_> you all got it
16:20:30 <sajeesh> yes
16:20:30 <Nirbhay_> this feature is what ulrich wanted
16:20:35 <Nirbhay_> but there is issue
16:21:27 <Nirbhay_> so lets say C is using 10 with quota limit 5 and D is using 45 with quota limit 45
16:21:29 <Nirbhay_> ok
16:21:30 <raildo> OK, I understand  better this function :)
16:22:03 <Nirbhay_> but now B admin can missuse force option
16:22:18 <sajeesh> ok
16:22:41 <Nirbhay_> he can reduce the quota of D to 10 let's say. And create 35 new instances in B itself
16:23:53 <Nirbhay_> Then below B total 1in 10(C) + 45(D) + 35(B)= 90 instances are running with quota of B as 50
16:24:37 <Nirbhay_> This happpens then what is meaning of having quota
16:25:53 <Nirbhay_> In case where cloud service sets quota for a company then manager of that can create or let create has many instances as he wants...
16:26:07 <sajeesh> nirbhay,if possible can you please send a mail regarding this
16:26:13 <Nirbhay_> ok
16:26:16 <raildo> +1
16:26:30 <sajeesh> raildo,in keystone have you taken care of the backward compatibilty..I mean other services currently doesn't know about nested projects ,incuding nova
16:26:54 <raildo> yes
16:26:59 <sajeesh> ok
16:27:14 <raildo> We are developing an extension for OS-inherit
16:27:20 <sajeesh> ok
16:27:26 <raildo> http://docs.openstack.org/api/openstack-identity-service/3/content/api-1.html
16:27:41 <sajeesh> ok,I will check it
16:27:45 <Nirbhay_> raildo: we also need to discuss what to do when project is deleted
16:27:52 <raildo> and this needs to be enable in keystone.conf
16:27:58 <sajeesh> ok
16:28:03 <raildo> Nirbhay_:  yes
16:28:21 <raildo> #topic deleting project
16:28:36 <Nirbhay_> by default quota =0 only solves case of project creation...
16:29:07 <raildo> yes
16:30:05 <Nirbhay_> raildo: can you suggest any thing on deletion of projects
16:30:39 <Nirbhay_> how should nova adjust quota of parent when child is deleted
16:31:03 <Nirbhay_> right now nova will not come to know abt project deletion in keystone..
16:31:39 <raildo> The existing bug about notification impacts exactly this point
16:31:57 <Nirbhay_> ok
16:31:57 <raildo> We have to resolve this bug, or find a WA for that.
16:32:12 <sajeesh> ok
16:32:30 <Nirbhay_> but then we to read notification in nova
16:33:34 <raildo> #link https://bugs.launchpad.net/keystone/+bug/967832
16:33:38 <uvirtbot> Launchpad bug 967832 in neutron "Resources owned by a project/tenant are not cleaned up after that project is deleted from keystone" [Undecided,In progress]
16:33:50 <sajeesh> ok
16:34:20 <Nirbhay_> yes I have seen it
16:34:36 <raildo> IMO, if I delete a project, I must delete all instances contained in it
16:35:35 <Nirbhay_> raildo: here issue is not of deleting instances
16:36:10 <Nirbhay_> if I forgot to reduce quota then, even if I have deleted instances
16:36:36 <Nirbhay_> parent will not update is allocate quota..
16:37:22 <Nirbhay_> *** its allocated quota value
16:38:32 <raildo> well, if a child project is deleted, the parent quota should be updated. I believe that the child used quota,  should enter in free-quota in  parent project.
16:38:36 <sajeesh> raildo,sorry I am connecting from an outside centre which will close now.I will check the logs. I will send you a detailed mail.
16:38:42 <Nirbhay_> yes
16:38:48 <raildo> ok sajeesh
16:38:49 <raildo> bye
16:38:53 <sajeesh> bye all
16:39:11 <Nirbhay_> sajeesh: bye
16:40:48 <raildo> According to the email I sent, we saw that the Keystone sends the notification. The question is how the Nova'll consume it
16:40:56 <Nirbhay_> yes
16:41:07 <raildo> I believe we should look like ceilometer uses this notification
16:41:13 <Nirbhay_> yes
16:41:31 <Nirbhay_> i remember in mail have given link for that
16:41:36 <raildo> I do not see another way to solve this problem.
16:41:44 <Nirbhay_> yes me too
16:42:09 <Nirbhay_> or other for the time being is to neglect deltion of project..
16:42:45 <raildo> # action to investigate how the ceilometer consumes Keystone's notifications  and find a way of Nova  makingthe same .
16:42:56 <raildo> making the same thing*
16:43:11 <Nirbhay_> yes
16:43:52 <Nirbhay_> deletion of project without freeing its quota will lead to quota leak, just like memory leak we have when we do not free RAM
16:44:34 <raildo> Nirbhay_: yes
16:44:40 <Nirbhay_> raildo: for time being we can go ahead with current design and neglect the effect of deletion of a project
16:45:32 <raildo> Making a brainstorm. Is not there a way to Nova check if the  project still exist?
16:45:49 <Nirbhay_> we can check that
16:46:07 <Nirbhay_> I vinod knows better on this
16:46:33 <Nirbhay_> before any update on we check that all child of project exist or not
16:46:50 <raildo> try to do a Get Project , if he does not return,  deletes instances, liberates the quota ...
16:47:14 <Nirbhay_> before any update on **quota** we can heck that all child of project exist or not
16:47:23 <Nirbhay_> yes
16:47:28 <Nirbhay_> +!
16:47:29 <raildo> Nirbhay_: for now,  that's a good WA
16:47:31 <Nirbhay_> +1
16:47:36 <VINOD_> Nirbhay: that is possible....
16:47:57 <VINOD_> In nova, with the token, a query to Keystone can be sent using its API to check the project existence
16:48:08 <raildo> #agree before any update on **quota** we can check that all child of project exist or not
16:48:23 <raildo> VINOD_: ++
16:48:35 <VINOD_> The only problem i could see is RBAC rules...
16:49:27 <Nirbhay_> raildo: ur BP has answer for vinod's doubt
16:49:30 <VINOD_> If lets say a user with a role "xyz" is allowed to update the quota (in policy.json file of nova)...but the same role cannot list the projects (in policy.json file of kEYSTONE)
16:49:48 <Nirbhay_> a token to parent can be used to get token for child if role is inheritable
16:50:09 <raildo> Nirbhay_: yes
16:50:50 <Nirbhay_> then it should work
16:51:07 <raildo> By default, all users can list projects  and how it is configured, I believe it is not a problem.
16:51:18 <VINOD_> I had given a different scenario....The admin of Keystone and the admin of Nova can modify their own policy.json files...
16:51:25 <VINOD_> raildo: yes...you are right...
16:52:09 <VINOD_> but what i am saying is the case when the policy files updated in the way i had told in the above example...
16:53:50 <Nirbhay_> vinod: token contains list of child project why we need to go to keystone again
16:54:22 <raildo> VINOD_: I don't see  any solution in mind now. I'll think a bit more on this point.
16:54:57 <VINOD_> Nirbhay: I thought you were asking the possibility of getting list at runtime in Nova
16:55:04 <Nirbhay_> we get scoped token to parent, if we find any child missing in token list then can make its quota as zero..and update of quota of child whose is requested
16:55:09 <VINOD_> raildo: I will check and will get back to you
16:55:19 <raildo> VINOD_: thanks :)
16:55:31 <Nirbhay_> not at runtime
16:55:52 <VINOD_> Nirbhay: Last week also we discussed problem with this...the race conditions....
16:56:15 <VINOD_> Then what about in the delete case
16:56:29 <Nirbhay_> ok yes race condition may happen
16:56:57 <VINOD_> Also, if a child is missing in the token....you are saying to set it to zero...but how you can be sure that the admin has given right query...
16:57:05 <Nirbhay_> yes
16:57:23 <raildo> The time the meeting ended. We can discuss the rest by email.
16:57:24 <VINOD_> i mean if hierarchy A->B->C->D.....in the token at B, C is listed has child...but if i ask to update the quota of D....
16:57:28 <VINOD_> ok
16:57:31 <VINOD_> raildo: ok
16:57:36 <Nirbhay_> ok bye to all
16:57:40 <VINOD_> bye
16:57:44 <raildo> #endmeeting