Feature #65551
open[rgw][accounts] bucket quota management at account-level
0%
Description
Account feature has been introduced by https://github.com/ceph/ceph/pull/54333 and we are planning to migrate our radosgw users to accounts. As described at https://docs.ceph.com/en/latest/radosgw/account/#resource-ownership,
Because the resources are owned by the account rather than its users, all usage statistics and quota enforcement apply to the account as a whole rather than its individual users.
Resource management would now be done at account-level.
Currently, we set quotas at both "user" and "bucket" scopes for all our users: e.g.,
"bucket_quota": { "enabled": true, "check_on_raw": false, "max_size": -1, "max_size_kb": 0, "max_objects": 2000000 }, "user_quota": { "enabled": true, "check_on_raw": false, "max_size": 10001000000512, "max_size_kb": 9766601563, "max_objects": -1 },
and update bucket quotas on-demand if need be for a particular user.
However, "quota set" radosgw-admin cmd doesn't support setting bucket-scoped quotas for accounts but only for users. We can perhaps use "rgw bucket default quota max objects" ceph/rgw config item to set the default bucket quota for newly created users but IAM users (users created under an account using aws API) do not honor this config item.
>>> iam_client3.create_user(UserName="myiamuser") {'User': {'Path': '/', 'UserName': 'myiamuser', 'UserId': '267ec9ca-f2ac-4864-af5e-33bb7ae00963', 'Arn': 'arn:aws:iam::RGW12879111715873415:user/myiamuser', 'CreateDate': datetime.datetime(2024, 4, 17, 14, 31, 19, 180196, tzinfo=tzutc())}, 'ResponseMetadata': {'RequestId': 'tx00000cae4d083bcdaf11d-00661fdd37-54126-default', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amz-request-id': 'tx00000cae4d083bcdaf11d-00661fdd37-54126-default', 'content-type': 'application/xml', 'server': 'Ceph Object Gateway (squid)', 'content-length': '495', 'date': 'Wed, 17 Apr 2024 14:31:19 GMT', 'connection': 'Keep-Alive'}, 'RetryAttempts': 0}} --> 'UserId': '267ec9ca-f2ac-4864-af5e-33bb7ae00963' $ ./bin/radosgw-admin -c ./ceph.conf user info --uid=267ec9ca-f2ac-4864-af5e-33bb7ae00963 | jq '.bucket_quota' { "enabled": false, "check_on_raw": false, "max_size": -1, "max_size_kb": 0, "max_objects": -1 }
Opening this feature request to see whether we can let bucket quota management be done at account-level similar to how it is currently done for non-accounted rgw users and have all users under an account honor these limits.