remove support for centralized quota distribution

We have decided to switch to a different quota distribution model, which will be implemented soon.
sapcc · Oct 12, 2023 · d775002 · d775002
1 parent 58c1f7a
commit d775002
Show file tree

Hide file tree

Showing 45 changed files with 126 additions and 1,064 deletions.
diff --git a/docs/example-policy.yaml b/docs/example-policy.yaml
@@ -13,10 +13,8 @@ project:edit: rule:project_editor
 project:sync: rule:project_editor
 project:raise: rule:domain_editor
 project:raise_lowpriv: rule:project_editor
-project:raise_centralized: rule:cluster_admin
 project:lower: rule:project_editor
 domain:lower_lowpriv: rule:project_editor
-project:lower_centralized: rule:cluster_admin
 project:set_rate_limit: rule:domain_editor
 project:discover: rule:domain_editor
 

diff --git a/docs/operators/config.md b/docs/operators/config.md
@@ -25,7 +25,7 @@ on the top left corner of this document to get to a specific section of this gui
 | Variable | Default | Description |
 | --- | --- | --- |
 | `LIMES_API_LISTEN_ADDRESS` | `:80` | Bind address for the HTTP API exposed by this service, e.g. `127.0.0.1:80` to bind only on one IP, or `:80` to bind on all interfaces and addresses. |
-| `LIMES_API_POLICY_PATH` | `/etc/limes/policy.yaml` | Path to the oslo.policy file that describes authorization behavior for this service. Please refer to the [OpenStack documentation on policies][policy] for syntax reference. This repository includes an [example policy][ex-pol] that can be used for development setups, or as a basis for writing your own policy. For `:raise`, `:raise_lowpriv`, `:raise_centralized`, `:lower`, `:lower_centralized` and `:set_rate_limit` policies, the object attribute `%(service_type)s` is available to restrict editing to certain service types. |
+| `LIMES_API_POLICY_PATH` | `/etc/limes/policy.yaml` | Path to the oslo.policy file that describes authorization behavior for this service. Please refer to the [OpenStack documentation on policies][policy] for syntax reference. This repository includes an [example policy][ex-pol] that can be used for development setups, or as a basis for writing your own policy. For `:raise`, `:raise_lowpriv`, `:lower` and `:set_rate_limit` policies, the object attribute `%(service_type)s` is available to restrict editing to certain service types. |
 
 ### Audit trail
 
@@ -172,10 +172,6 @@ Each resource uses one of the following quota distribution models:
 * `hierarchical`: This is the default distribution model, wherein quota is distributed to domains by the cloud admins
   (according to the `domain:{raise,raise_lowpriv,lower}` policies), and then the projects by the domain admins
   (according to the `project:{raise,raise_lowpriv,lower}` policies). Domains and projects start out at zero quota.
-* `centralized`: In this model, quota is directly given to projects by the cloud admins (according to the
-  `project:{raise_centralized,lower_centralized}` policies). Projects start out at a generous default quota as
-  configured by the Limes operator. The domain quota cannot be edited and is always reported equal to the projects
-  quota.
 
 Resource-specific distribution models can be configured per resource in the `quota_distribution_configs[]` section. Each
 entry in this section can match multiple resources. Because the semantics of distribution models cross the boundaries of
@@ -185,9 +181,8 @@ always applies to the entire resource across all scopes.
 | Field | Required | Description |
 | --- | --- | --- |
 | `quota_distribution_configs[].resource` | yes | Must contain a regex. The config entry applies to all resources where this regex matches against a slash-concatenated pair of service type and resource name. The anchors `^` and `$` are implied at both ends, so the regex must match the entire phrase. |
-| `quota_distribution_configs[].model` | yes | Either "hierarchical" or "centralized". |
-| `quota_distribution_configs[].default_project_quota` | only for centralized distribution | The default quota value that will be given to new project resources. Only applicable for centralized quota distribution: Hierarchical quota distribution does not have nonzero default quotas. |
-| `quota_distribution_configs[].strict_domain_quota_limit` | no | Reject attempts to increase domain quotas when the sum of all domain quotas would exceed the cluster capacity. Only applicable for hierarchical quota distribution: Centralized quota distribution does not allow setting domain quotas via API. |
+| `quota_distribution_configs[].model` | yes | The string "hierarchical". |
+| `quota_distribution_configs[].strict_domain_quota_limit` | no | Reject attempts to increase domain quotas when the sum of all domain quotas would exceed the cluster capacity. Only applicable for hierarchical quota distribution. |
 
 ## Supported discovery methods
 

diff --git a/docs/users/api-spec-resources.md b/docs/users/api-spec-resources.md
@@ -59,21 +59,6 @@ PiB   - pebibytes = 2^50 bytes
 EiB   - exbibytes = 2^60 bytes
 ```
 
-### Quota distribution models
-
-The above explanation of quota and usage describes **hierarchical quota distribution**, which is the default quota
-distribution model in Limes. Limes operators can also choose to have certain resources governed by the **centralized
-quota distribution** model instead. Under the centralized quota distribution model:
-
-- Project quotas start out at a resource-specific default value, and changes are only allowed to a very restricted set
-  of users (usually cloud admins).
-- Domain quota is not managed explicitly and, instead, always reported equal to the projects quota.
-
-The default project quota values are chosen by the Limes operator so that most projects never need to go above them. The
-centralized quota distribution model is suited for resources of secondary importance, where global usage is unlikely to
-be exceed the available capacity and the precise control afforded by hierarchical quota distribution is not needed. It
-trades a little loss of control for a potentially big gain in ease of process.
-
 ### Physical usage
 
 In addition to usage, some resources also report **physical usage**. In this case, "usage" refers to fixed resource
@@ -101,10 +86,6 @@ Bursting allows users in a project to quickly respond to heightened resource nee
 to be permanent, users should request a quota extension from their domain admin or cloud admin, since burst usage is
 usually billed at a higher price than regular usage.
 
-Bursting is not supported for resources with centralized quota distribution, since the default quota is assumed to be
-enough for most usecases in this distribution model, and any higher quota usage should be approved by cloud admins to
-avoid putting too much load on the resource.
-
 ### Scaling relations
 
 Limes can advertise **scaling relations** between resources. If resource X is marked as **scaling with** resource Y, it
@@ -240,7 +221,7 @@ The objects at `cluster.services[].resources[]` may contain the following fields
 | `unit` | string | The unit of this resource (only shown for measured resources). |
 | `category` | string | The category of this resource (only shown when there is one). |
 | `contained_in` | string | The name of another resource (if any) within the same service that this resource is [contained in](#contained-resources). |
-| `quota_distribution_model` | string | The resource's [quota distribution model](#quota-distribution-model). Possible values are "hierarchical" and "centralized". |
+| `quota_distribution_model` | string | The resource's [quota distribution model](#quota-distribution-model). The only possible value is "hierarchical". |
 | `capacity` | unsigned integer | The available capacity for this resource. |
 | `raw_capacity` | unsigned integer | The available raw capacity for this resource (only shown for [overcommitted resources](#overcommit)). |
 | `per_availability_zone` | list of objects | A breakdown of this resource's capacity by availability zone (only shown for resources supporting a breakdown by AZ). |
@@ -331,7 +312,7 @@ The objects at `domains[].services[].resources[]` may contain the following fiel
 | `unit` | string | The unit of this resource (only shown for measured resources). |
 | `category` | string | The category of this resource (only shown when there is one). |
 | `contained_in` | string | The name of another resource (if any) within the same service that this resource is [contained in](#contained-resources). |
-| `quota_distribution_model` | string | The resource's [quota distribution model](#quota-distribution-model). Possible values are "hierarchical" and "centralized". |
+| `quota_distribution_model` | string | The resource's [quota distribution model](#quota-distribution-model). The only possible value is "hierarchical". |
 | `scales_with` | object | Only present when this resource is [scaling with](#scaling-relations) another resource. |
 | `scales_with.resource_name` | string | The name of the resource that this resource is scaling with. |
 | `scales_with.service_type` | string | The type name of the service containing the resource that this resource is scaling with. |
@@ -552,16 +533,13 @@ The objects at `projects[].services[].resources[]` may contain the following fie
 | `unit` | string | The unit of this resource (only shown for measured resources). |
 | `category` | string | The category of this resource (only shown when there is one). |
 | `contained_in` | string | The name of another resource (if any) within the same service that this resource is [contained in](#contained-resources). |
-| `quota_distribution_model` | string | The resource's [quota distribution model](#quota-distribution-model). Possible values are "hierarchical" and "centralized". |
-| `commitment_config` | object | Only present if commitments can be created for this resource. |
-| `commitment_config.durations` | list of strings | Acceptable durations for commitments on this resource, each expressed as a comma-separated sequence of positive integer multiples of time units like "1 year, 3 months". Acceptable time units include "second", "minute", "hour", "day", "month" and "year". |
+| `quota_distribution_model` | string | The resource's [quota distribution model](#quota-distribution-model). The only possible value is "hierarchical". |
 | `scales_with` | object | Only present when this resource is [scaling with](#scaling-relations) another resource. |
 | `scales_with.resource_name` | string | The name of the resource that this resource is scaling with. |
 | `scales_with.service_type` | string | The type name of the service containing the resource that this resource is scaling with. |
 | `scales_with.factor` | unsigned float | The factor with which this resource is scaling with the other resource. |
 | `annotations` | object | An object with string keys and string values containing arbitrary metadata that was configured for this resource in this project by Limes's operator. |
 | `quota` | unsigned integer | The granted quota for this resource in this project. |
-| `default_quota` | unsigned integer | The default quota for this resource in new projects (only shown when `quota_distribution_model` is `centralized`, and when the granted quota differs from the default quota). |
 | `usable_quota` | unsigned integer | The usable quota for this resource in this project (see [quota bursting](#quota-bursting) for details; only shown if different from the granted quota). |
 | `usage` | unsigned integer | The usage of this resource in this project. |
 | `burst_usage` | unsigned integer | The value of `usage - quota` in this project (only shown for [burstable resources](#quota-bursting) and if greater than zero). |