Managing Quotas 3.0
This guide will show you how to enable and use the Quota authorization. When quota module is enabled it checks for user resource consumption before letting a Virtual Machine or Image to be created in the OpenNebula system.
Requirements
You don't need to install any additional software.
Considerations & Limitations
Currently, the supported quotas are:
| QUOTA | Unit | Meaning |
|---|---|---|
| cpu | Float | Amount of CPU allowed, retrieved from the CPU parameter of the template |
| memory | Megabytes | Amount of MEMORY allowed, retrieved from the MEMORY parameter of the template |
| num_vms | Integer | Number of Virtual Machines allowed |
| storage | Megabytes | Amount of storage allowed, retrieved from the SIZE of the images owned by the user. |
- You have to take into account that all resources for VMs listed by
onevm listfor a user are counted as used, even if the state of the VM is pending.
- In this version the quotas can only be set by user, in future releases groups will be supported.
Configuration
OpenNebula Configuration
The Auth MAD is not enabled by default, and has to be uncommented in oned.conf. Also an arguments parameter has to be added specifying the authorization system to be used, in this case “quota”. After that, you must restart OpenNebula.
AUTH_MAD = [
executable = "one_auth_mad",
arguments = "--authz quota" ]
Quotas Database Security (done by the administrator)
By default user quota database is an sqlite database located at /var/lib/one/onequota.db. This database on creation does not have secure permissions and the administrator may change its permission and maybe its location. To change its location you can use a full path to the database in the quota module configuration file /etc/one/auth/quota.conf:
:db: sqlite:///somewhere/in/your/hdd/oneauth.db ...
You may also change its permissions to 0600 so the unix user that runs OpenNebula daemons is the only with read/write access permissions.
Default Quotas (done by the administrator)
Default quotas for all users are configured in the quota module configuration file /etc/one/auth/quota.conf. This is the first configuration you will have to do if you enable quota system as any user without explicit quotas can only use that amount of resources.
:defaults: :cpu: 4 :memory: 1024 :num_vms: 4 :storage: 10000
If you do not want to define a kind of quota you just have to leave its value empty. For example if you want to control the virtual machines usage but you do not care about storage you can set the following configuration:
:defaults: :cpu: 4 :memory: 1024 :num_vms: 4 :storage:
Usage
Explicit User Quotas (done by the administrator)
Setting special quotas for a user can be done using onequota command. If you have secured the database only unix user that runs OpenNebula will be able to update them.
Set or Update a User Quota
You can set a new quota for a user or modify an existing one using the onequota set command. You ca use the user id or name and also you can set a single quota or a list of quotas as follows.
onequota set <user> <quota_list> <value_list>
<xterm> $ onequota set 2 cpu 4 $ onequota set cloud_user cpu,memory,num_vms,storage 4,1024,4,10000 </xterm>
List the Defined Quotas
You can list the defined quotas using the onequota list command:
onequota list
<xterm> $ onequota list uid cpu num_vms storage memory
1 8 4 20000 2048 2 4 0 0 0 4 4 4 10000 1024
</xterm>
Show the User Quota and Usage
You can show specific information for a target user about its usage of the cloud and quotas using the onequota show command. You can use the force option to update the usage of the user to the last values instead of reading them from the cache that the authorization module exposes.
onequota show <user> [-f/–force]
<xterm> $ onequota show 1 uid cpu num_vms storage memory
1 8/8 2/4 12930/20000 1024/2048
</xterm>
Delete a User Quota
You can delete the defined quota for a user using the onequota delete command:
onequota delete <user>
<xterm> $ onequota delete 2 $ onequota list uid cpu num_vms storage memory
1 8 4 20000 2048 4 4 4 10000 1024
</xterm>