stackhpc
diff --git a/‎nova/compute/api.py‎
Lines changed: 50 additions & 13 deletions b/‎nova/compute/api.py‎
Lines changed: 50 additions & 13 deletions
diff --git a/‎nova/compute/utils.py‎
Lines changed: 2 additions & 0 deletions b/‎nova/compute/utils.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎nova/conductor/manager.py‎
Lines changed: 7 additions & 1 deletion b/‎nova/conductor/manager.py‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎nova/tests/functional/test_unified_limits.py‎
Lines changed: 217 additions & 0 deletions b/‎nova/tests/functional/test_unified_limits.py‎
Lines changed: 217 additions & 0 deletions
@@ -60,6 +60,7 @@
 from nova.i18n import _
 from nova.image import glance
 from nova.limit import local as local_limit
+from nova.limit import placement as placement_limits
 from nova.network import constants
 from nova.network import model as network_model
 from nova.network import neutron
@@ -1346,6 +1347,25 @@ def _provision_instances(
         # Check quotas
         num_instances = compute_utils.check_num_instances_quota(
             context, flavor, min_count, max_count)
+
+        # Find out whether or not we are a BFV instance
+        if block_device_mapping:
+            root = block_device_mapping.root_bdm()
+            is_bfv = bool(root and root.is_volume)
+        else:
+            # If we have no BDMs, we're clearly not BFV
+            is_bfv = False
+
+        # NOTE(johngarbutt) when unified limits not used, this just
+        #   returns num_instances back again
+        # NOTE: If we want to enforce quota on port or cyborg resources in the
+        # future, this enforce call will need to move after we have populated
+        # the RequestSpec with all of the requested resources and use the real
+        # RequestSpec to get the overall resource usage of the instance.
+        num_instances = placement_limits.enforce_num_instances_and_flavor(
+                context, context.project_id, flavor,
+                is_bfv, min_count, num_instances)
+
         security_groups = security_group_api.populate_security_groups(
             security_groups)
         port_resource_requests = base_options.pop('port_resource_requests')
@@ -1388,14 +1408,7 @@ def _provision_instances(
                     security_groups=security_groups,
                     port_resource_requests=port_resource_requests,
                     request_level_params=req_lvl_params)
-
-                if block_device_mapping:
-                    # Record whether or not we are a BFV instance
-                    root = block_device_mapping.root_bdm()
-                    req_spec.is_bfv = bool(root and root.is_volume)
-                else:
-                    # If we have no BDMs, we're clearly not BFV
-                    req_spec.is_bfv = False
+                req_spec.is_bfv = is_bfv
 
                 # NOTE(danms): We need to record num_instances on the request
                 # spec as this is how the conductor knows how many were in this
@@ -2660,6 +2673,9 @@ def restore(self, context, instance):
         project_id, user_id = quotas_obj.ids_from_instance(context, instance)
         compute_utils.check_num_instances_quota(context, flavor, 1, 1,
                 project_id=project_id, user_id=user_id)
+        is_bfv = compute_utils.is_volume_backed_instance(context, instance)
+        placement_limits.enforce_num_instances_and_flavor(context, project_id,
+                                                         flavor, is_bfv, 1, 1)
 
         self._record_action_start(context, instance, instance_actions.RESTORE)
 
@@ -3777,9 +3793,22 @@ def _validate_numa_rebuild(instance, image, flavor):
         # TODO(sean-k-mooney): add PCI NUMA affinity policy check.
 
     @staticmethod
-    def _check_quota_for_upsize(context, instance, current_flavor, new_flavor):
+    def _check_quota_for_upsize(context, instance, current_flavor,
+                                new_flavor, is_bfv, is_revert):
         project_id, user_id = quotas_obj.ids_from_instance(context,
                                                            instance)
+        # NOTE(johngarbutt) for resize, check for sum of existing usage
+        # plus the usage from new flavor, as it will be claimed in
+        # placement that way, even if there is no change in flavor
+        # But for revert resize, we are just removing claims in placement
+        # so we can ignore the quota check
+        if not is_revert:
+            placement_limits.enforce_num_instances_and_flavor(context,
+                                                              project_id,
+                                                              new_flavor,
+                                                              is_bfv, 1, 1)
+
+        # Old quota system only looks at the change in size.
         # Deltas will be empty if the resize is not an upsize.
         deltas = compute_utils.upsize_quota_delta(new_flavor,
                                                   current_flavor)
@@ -3821,8 +3850,11 @@ def revert_resize(self, context, instance):
             elevated, instance.uuid, 'finished')
 
         # If this is a resize down, a revert might go over quota.
+        reqspec = objects.RequestSpec.get_by_instance_uuid(
+            context, instance.uuid)
         self._check_quota_for_upsize(context, instance, instance.flavor,
-                                     instance.old_flavor)
+                                     instance.old_flavor, reqspec.is_bfv,
+                                     is_revert=True)
 
         # The AZ for the server may have changed when it was migrated so while
         # we are in the API and have access to the API DB, update the
@@ -3846,8 +3878,6 @@ def revert_resize(self, context, instance):
         # the scheduler will be using the wrong values. There's no need to do
         # this if the flavor hasn't changed though and we're migrating rather
         # than resizing.
-        reqspec = objects.RequestSpec.get_by_instance_uuid(
-            context, instance.uuid)
         if reqspec.flavor['id'] != instance.old_flavor['id']:
             reqspec.flavor = instance.old_flavor
             reqspec.numa_topology = hardware.numa_get_constraints(
@@ -4149,9 +4179,16 @@ def resize(self, context, instance, flavor_id=None, clean_shutdown=True,
 
         # ensure there is sufficient headroom for upsizes
         if flavor_id:
+            # Figure out if the instance is volume-backed but only if we didn't
+            # already figure that out above (avoid the extra db hit).
+            if volume_backed is None:
+                # TODO(johngarbutt) should we just use the request spec?
+                volume_backed = compute_utils.is_volume_backed_instance(
+                    context, instance)
             self._check_quota_for_upsize(context, instance,
                                          current_flavor,
-                                         new_flavor)
+                                         new_flavor, volume_backed,
+                                         is_revert=False)
 
         if not same_flavor:
             image = utils.get_image_from_system_metadata(
 
@@ -1110,6 +1110,8 @@ def check_num_instances_quota(
     deltas = {'instances': max_count, 'cores': req_cores, 'ram': req_ram}
 
     try:
+        # NOTE(johngarbutt) when using unified limits, this is call
+        # is a no op, and as such, this function always returns max_count
         objects.Quotas.check_deltas(context, deltas,
                                     project_id, user_id=user_id,
                                     check_project_id=project_id,
 
@@ -23,6 +23,7 @@
 
 from oslo_config import cfg
 from oslo_db import exception as db_exc
+from oslo_limit import exception as limit_exceptions
 from oslo_log import log as logging
 import oslo_messaging as messaging
 from oslo_serialization import jsonutils
@@ -45,6 +46,7 @@
 from nova import exception
 from nova.i18n import _
 from nova.image import glance
+from nova.limit import placement as placement_limits
 from nova import manager
 from nova.network import neutron
 from nova import notifications
@@ -1632,7 +1634,11 @@ def schedule_and_build_instances(self, context, build_requests,
                 compute_utils.check_num_instances_quota(
                     context, instance.flavor, 0, 0,
                     orig_num_req=len(build_requests))
-            except exception.TooManyInstances as exc:
+                placement_limits.enforce_num_instances_and_flavor(
+                    context, context.project_id, instance.flavor,
+                    request_specs[0].is_bfv, 0, 0)
+            except (exception.TooManyInstances,
+                    limit_exceptions.ProjectOverLimit) as exc:
                 with excutils.save_and_reraise_exception():
                     self._cleanup_build_artifacts(context, exc, instances,
                                                   build_requests,
 
@@ -0,0 +1,217 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from oslo_limit import fixture as limit_fixture
+from oslo_serialization import base64
+from oslo_utils.fixture import uuidsentinel as uuids
+
+from nova import context as nova_context
+from nova.limit import local as local_limit
+from nova.objects import flavor as flavor_obj
+from nova.objects import instance_group as group_obj
+from nova.tests.functional.api import client
+from nova.tests.functional import integrated_helpers
+
+
+class UnifiedLimitsTest(integrated_helpers._IntegratedTestBase):
+
+    def setUp(self):
+        super(UnifiedLimitsTest, self).setUp()
+        # Use different project_ids for non-admin and admin.
+        self.api.project_id = 'fake'
+        self.admin_api.project_id = 'admin'
+
+        self.flags(driver="nova.quota.UnifiedLimitsDriver", group="quota")
+        reglimits = {local_limit.SERVER_METADATA_ITEMS: 128,
+                     local_limit.INJECTED_FILES: 5,
+                     local_limit.INJECTED_FILES_CONTENT: 10 * 1024,
+                     local_limit.INJECTED_FILES_PATH: 255,
+                     local_limit.KEY_PAIRS: 100,
+                     local_limit.SERVER_GROUPS: 10,
+                     local_limit.SERVER_GROUP_MEMBERS: 1,
+                     'servers': 4,
+                     'class:VCPU': 8,
+                     'class:MEMORY_MB': 32768,
+                     'class:DISK_GB': 250}
+        projlimits = {self.api.project_id: {'servers': 2,
+                                            'class:VCPU': 4,
+                                            'class:MEMORY_MB': 16384,
+                                            'class:DISK_GB': 100}}
+        self.useFixture(limit_fixture.LimitFixture(reglimits, projlimits))
+        self.ctx = nova_context.get_admin_context()
+
+    def _setup_services(self):
+        # Use driver with lots of resources so we don't get NoValidHost while
+        # testing quotas. Need to do this before services are started.
+        self.flags(compute_driver='fake.FakeDriver')
+        super(UnifiedLimitsTest, self)._setup_services()
+
+    def test_servers(self):
+        # First test the project limit using the non-admin project.
+        for i in range(2):
+            self._create_server(api=self.api)
+
+        # Attempt to create a third server should fail.
+        e = self.assertRaises(
+            client.OpenStackApiException, self._create_server, api=self.api)
+        self.assertEqual(403, e.response.status_code)
+        self.assertIn('servers', e.response.text)
+
+        # Then test the default limit using the admin project.
+        for i in range(4):
+            self._create_server(api=self.admin_api)
+
+        # Attempt to create a fifth server should fail.
+        e = self.assertRaises(
+            client.OpenStackApiException, self._create_server,
+            api=self.admin_api)
+        self.assertEqual(403, e.response.status_code)
+        self.assertIn('servers', e.response.text)
+
+    def test_vcpu(self):
+        # First test the project limit using the non-admin project.
+        # m1.large has vcpus=4 and our project limit is 4, should succeed.
+        flavor = flavor_obj.Flavor.get_by_name(self.ctx, 'm1.large')
+        self._create_server(api=self.api, flavor_id=flavor.flavorid)
+
+        # m1.small has vcpus=1, should fail because we are at quota.
+        flavor = flavor_obj.Flavor.get_by_name(self.ctx, 'm1.small')
+        e = self.assertRaises(
+            client.OpenStackApiException, self._create_server, api=self.api,
+            flavor_id=flavor.flavorid)
+        self.assertEqual(403, e.response.status_code)
+        self.assertIn('class:VCPU', e.response.text)
+
+        # Then test the default limit of 8 using the admin project.
+        flavor = flavor_obj.Flavor.get_by_name(self.ctx, 'm1.large')
+        for i in range(2):
+            self._create_server(api=self.admin_api, flavor_id=flavor.flavorid)
+
+        # Attempt to create another server with vcpus=1 should fail because we
+        # are at quota.
+        flavor = flavor_obj.Flavor.get_by_name(self.ctx, 'm1.small')
+        e = self.assertRaises(
+            client.OpenStackApiException, self._create_server,
+            api=self.admin_api, flavor_id=flavor.flavorid)
+        self.assertEqual(403, e.response.status_code)
+        self.assertIn('class:VCPU', e.response.text)
+
+    def test_memory_mb(self):
+        # First test the project limit using the non-admin project.
+        flavor = flavor_obj.Flavor(
+            context=self.ctx, memory_mb=16384, vcpus=1, root_gb=1,
+            flavorid='9', name='m1.custom')
+        flavor.create()
+        self._create_server(api=self.api, flavor_id=flavor.flavorid)
+
+        # Attempt to create another should fail as we are at quota.
+        e = self.assertRaises(
+            client.OpenStackApiException, self._create_server, api=self.api,
+            flavor_id=flavor.flavorid)
+        self.assertEqual(403, e.response.status_code)
+        self.assertIn('class:MEMORY_MB', e.response.text)
+
+        # Then test the default limit of 32768 using the admin project.
+        for i in range(2):
+            self._create_server(api=self.admin_api, flavor_id=flavor.flavorid)
+
+        # Attempt to create another server should fail because we are at quota.
+        e = self.assertRaises(
+            client.OpenStackApiException, self._create_server,
+            api=self.admin_api, flavor_id=flavor.flavorid)
+        self.assertEqual(403, e.response.status_code)
+        self.assertIn('class:MEMORY_MB', e.response.text)
+
+    def test_disk_gb(self):
+        # First test the project limit using the non-admin project.
+        flavor = flavor_obj.Flavor(
+            context=self.ctx, memory_mb=1, vcpus=1, root_gb=100,
+            flavorid='9', name='m1.custom')
+        flavor.create()
+        self._create_server(api=self.api, flavor_id=flavor.flavorid)
+
+        # Attempt to create another should fail as we are at quota.
+        e = self.assertRaises(
+            client.OpenStackApiException, self._create_server, api=self.api,
+            flavor_id=flavor.flavorid)
+        self.assertEqual(403, e.response.status_code)
+        self.assertIn('class:DISK_GB', e.response.text)
+
+        # Then test the default limit of 250 using the admin project.
+        for i in range(2):
+            self._create_server(api=self.admin_api, flavor_id=flavor.flavorid)
+
+        # Attempt to create another server should fail because we are at quota.
+        e = self.assertRaises(
+            client.OpenStackApiException, self._create_server,
+            api=self.admin_api, flavor_id=flavor.flavorid)
+        self.assertEqual(403, e.response.status_code)
+        self.assertIn('class:DISK_GB', e.response.text)
+
+    def test_no_injected_files(self):
+        self._create_server()
+
+    def test_max_injected_files(self):
+        # Quota is 5.
+        files = []
+        contents = base64.encode_as_text('some content')
+        for i in range(5):
+            files.append(('/my/path%d' % i, contents))
+        server = self._build_server()
+        personality = [
+            {'path': item[0], 'contents': item[1]} for item in files]
+        server['personality'] = personality
+        self.api.post_server({'server': server})
+
+    def test_max_injected_file_content_bytes(self):
+        # Quota is 10 * 1024
+        # Hm, apparently quota is checked against the base64 encoded string
+        # even though the api-ref claims the limit is for the decoded data.
+        # Subtract 3072 characters to account for that.
+        content = base64.encode_as_bytes(
+            ''.join(['a' for i in range(10 * 1024 - 3072)]))
+        server = self._build_server()
+        personality = [{'path': '/test/path', 'contents': content}]
+        server['personality'] = personality
+        self.api.post_server({'server': server})
+
+    def test_max_injected_file_path_bytes(self):
+        # Quota is 255.
+        path = ''.join(['a' for i in range(255)])
+        contents = base64.encode_as_text('some content')
+        server = self._build_server()
+        personality = [{'path': path, 'contents': contents}]
+        server['personality'] = personality
+        self.api.post_server({'server': server})
+
+    def test_server_group_members(self):
+        # Create a server group.
+        instance_group = group_obj.InstanceGroup(
+            self.ctx, policy="anti-affinity")
+        instance_group.name = "foo"
+        instance_group.project_id = self.ctx.project_id
+        instance_group.user_id = self.ctx.user_id
+        instance_group.uuid = uuids.instance_group
+        instance_group.create()
+
+        # Quota for server group members is 1.
+        server = self._build_server()
+        hints = {'group': uuids.instance_group}
+        req = {'server': server, 'os:scheduler_hints': hints}
+        self.admin_api.post_server(req)
+
+        # Attempt to create another server in the group should fail because we
+        # are at quota.
+        e = self.assertRaises(
+            client.OpenStackApiException, self.admin_api.post_server, req)
+        self.assertEqual(403, e.response.status_code)
+        self.assertIn('server_group_members', e.response.text)