Ask Your Question
0

Can you restrict a user or tenant to a Cinder volume type?

asked 2015-01-08 10:15:57 -0600

wbentley15 gravatar image

I have a need to restrict a user or tenant to only be able to use a set defined Cinder volume type. That volume type is tied to separate backends defined in Cinder. I only want a certain user or tenant to see a defined volume type in Horizon. Is that possible? I sorted thru the Cinder RBAC settings and unable to figure out which one would do this, if at all.

Any assistance on this matter would be great!

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
2

answered 2015-01-08 21:07:59 -0600

wbentley15 gravatar image

Thanks for the great response! I tested out your suggestion and yes, you can restrict a tenant from creating volumes on defined volume types.

The thing to keep in mind is you must know the tenant ID in order to apply the specific volume type quota and apply the quota for each tenant created (now and going forward). Another thing I discovered is I could not find one good example to reference anywhere on the internet :). So here is one:

This lists out all the quotas defined for the tenant:

$ cinder quota-show <tenant_ID>
$ cinder quota-show 0ece405bde4b412fb689a6b072f2744a

Now set your volume type quota for that tenant:

$ cinder quota-update --volumes <volume_count> --volume-type <volume_type_name> <tenant_ID>
$ cinder quota-update --volumes 100 --volume-type lvm-SSD 0ece405bde4b412fb689a6b072f2744a

Before doing the above you need to create the volume types ahead of time of course. I used this blog to help with that and focused on Case 3 - http://www.rushiagr.com/blog/2014/01/16/playing-around-with-cinder-multi-backend/ (http://www.rushiagr.com/blog/2014/01/...) .

The default value for the volume type is '-1'. If you do not reset it with the command above, it will not change. Also, you must pass the '--volumes' parameter with the 'volume-type' parameter. Doing one without the other gives you the appearance that it worked but, when you run the quota-show command again you will see it did not change.

edit flag offensive delete link more
add a comment
0

answered 2015-01-08 12:57:16 -0600

tim-bell gravatar image

You can set a quota for the different cinder types. However, they would still be listed on the horizon panel and with the CLIs.

There is a blueprint for private cinder types. At CERN, we do not wish to make public all of the different volume types we have since some are dedicated for particular projects. Details at https://blueprints.launchpad.net/cind...

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-01-08 10:15:57 -0600

Seen: 2,134 times

Last updated: Jan 08 '15

Related questions

Cinder volume usage by for each tenant

Can't delete volume: LVM-volume is open

Unable to attach volume to instance

dedicated network between cinder and compute

How can I change quota of total volume size?

Cinder volume deletion very slow

How can I change where ephemeral and swap disk are stored?

cinder install fails at mysql Create Database

Add volumen group in cinder

Cinder DB won't populate