Advanced Swift Features: Part 1

Introduction

This series of blog posts will cover some advanced features of Swift. All features require the latest version of Swift from the OpenStack Grizzly release. These features also assume that you are already running a Swift storage cluster.

Quotas

Setting limits, or quotas, on storage services is a staple feature in most environments. After all, you don't want one user taking up 90% of your available storage, leaving everyone else fending for the last 10%.

Quotas, however, have an odd place in the cloud. A cloud is supposed to be "elastic". No matter how much of a resource you request, the cloud magically has room for it. Further, if you're running a public cloud service and are charging customers based on the amount of resources they're using (storage space in this case), placing a limit on the customer also places a limit on your income.

Regardless of how uncloudy quotas seem, there are valid cases for them. It's for these cases that Swift recently implemented the ability to limit how much storage space a user can take up.

Implementing Quota Support

On your Swift proxy server, you'll want to make a few changes to the /etc/swift/proxy-server.conf file.

In the [pipeline:main] section, add container_quotas and account_quotas just before proxy-server:

[pipeline:main]
pipeline = healthcheck cache swift3 s3token authtoken keystone proxy-logging container_quotas account_quotas proxy-server

Next, at the bottom of the file, add the following:

[filter:account_quotas]
use = egg:swift#account_quotas

[filter:container_quotas]
use = egg:swift#container_quotas

Next, in order to manage quotas, you need to give a user the ResellerAdmin role on each project you wish to limit. The easiest thing to do is use the "admin" user and simply apply the role on every project.

To do this, first create the ResellerAdmin role:

$ keystone role-create --name ResellerAdmin
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | b3bfa6eaf2e647ea9223e91869c5662f |
|   name   |               foo                |
+----------+----------------------------------+

Make note of the "id" as you'll use it again.

Next, apply the ResellerAdmin role to a project. For example, let's say there's a project called Foo. Obtain the ID of project Foo:

$ keystone tenant-list | grep Foo
| a2a763c8d89a498d8da7a7599d580f4a | Foo |   True  |

Finally, obtain the ID of the admin user:

$ keystone user-list | grep admin
| 1d020f0b027f4b5fbb64d94c61e2f695 |  admin   |   True  |     root@localhost    |

Armed with these three IDs, you can now apply the ResellerAdmin role to the admin user on project Foo:

$ keystone user-role-add --user 1d020f0b027f4b5fbb64d94c61e2f695 --role b3bfa6eaf2e647ea9223e91869c5662f --tenant a2a763c8d89a498d8da7a7599d580f4a

Using Quotas

With the role applied, the admin user can now manage a quota on project Foo:

$ export OS_USERNAME="Foo:admin"
$ swift post -m quota-bytes:1073741824

You can confirm that the quota was set by doing:

$ swift stat
  Account: AUTH_a2a763c8d89a498d8da7a7599d580f4a
Containers: 0
  Objects: 0
    Bytes: 0
Meta Quota-Bytes: 1073741824
X-Timestamp: 1371050521.29419
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes

What's with the 1073741824? Swift quotas are measured in bytes. 1073741824 bytes equals 1 gigabyte of space.

Did you know that DAIR gives you 200 gigabytes (or 214,748,364,800 bytes) of object storage space for free?

See previous post '€” Advanced Swift Features: Part 2