Ah, I see, you can limit that on a vserver level …
Von: Alexander Griesser AGriesser@anexia-it.com Gesendet: Freitag, 6. November 2020 17:12 An: Geissler, Norbert (IT IN OPS ED SP WIN&NAS) norbert.geissler@siemens.com Cc: Toasters toasters@teaparty.net Betreff: AW: SVM Trident limits/config
I can limit the number of volumes already, just can’t limit the size… I can, however, automate the creation of an SVM, so currently my only good option seems to be to provide one SVM per customer volume and limit the size oft he volume the SVM can create to whatever I want to sell them and to set max-volumes to 1 (or two, if the root volume also counts).
Alexander Griesser Head of Systems Operations
ANEXIA Internetdienstleistungs GmbH
E-Mail: AGriesser@anexia-it.commailto:AGriesser@anexia-it.com Web: http://www.anexia-it.comhttp://www.anexia-it.com/
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
Von: Geissler, Norbert <norbert.geissler@siemens.commailto:norbert.geissler@siemens.com> Gesendet: Freitag, 6. November 2020 17:09 An: Alexander Griesser <AGriesser@anexia-it.commailto:AGriesser@anexia-it.com> Cc: Toasters <toasters@teaparty.netmailto:toasters@teaparty.net> Betreff: AW: SVM Trident limits/config
Hi Alexander,
you should also ask them to not create 500 volumes of size 1GB . Your aggregate (and all other k8s cluster user) may not like that … 😉 Norbert Geissler
Siemens AG IT IN OPS ED SP WIN&NAS Otto-Hahn-Ring 6 81739 Muenchen, Germany Fax: +49 89 636-43003 Mobile: +49 162 4110898 mailto:norbert.geissler@siemens.com www.siemens.comhttps://siemens.com [cid:image001.gif@01D6B461.939A03E0] Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Klaus Helmrich, Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
Von: Toasters <toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net> Im Auftrag von Alexander Griesser Gesendet: Freitag, 6. November 2020 16:20 An: Sean Daly <keas666@gmail.commailto:keas666@gmail.com>; Parisi, Justin <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> Cc: Toasters <toasters@teaparty.netmailto:toasters@teaparty.net> Betreff: AW: SVM Trident limits/config
I do not manage the k8s cluster. Customers deploy them on their own and are now asking for a SVM to create persistent storage, so I can currently only ask them to please not create 20 100TB volumes 😊
Alexander Griesser Head of Systems Operations
ANEXIA Internetdienstleistungs GmbH
E-Mail: AGriesser@anexia-it.commailto:AGriesser@anexia-it.com Web: http://www.anexia-it.comhttp://www.anexia-it.com/
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
Von: Sean Daly <keas666@gmail.commailto:keas666@gmail.com> Gesendet: Freitag, 6. November 2020 16:18 An: Parisi, Justin <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> Cc: Alexander Griesser <AGriesser@anexia-it.commailto:AGriesser@anexia-it.com>; Toasters <toasters@teaparty.netmailto:toasters@teaparty.net> Betreff: Re: SVM Trident limits/config
Can you not use the Kubernetes Resource Quoting objects to control the same ( Limits applied at the openshift/k8 cluster side ) ?
https://kubernetes.io/docs/concepts/policy/resource-quotas/
You would need to have a mechanism to control these resource quota numbers across multiple namespaces/ in a given cluster to make sure you did not exceed what was available to provision in the associated trident backend aggregate for the SVM you were pointing at .
This seemed like an approach to me anyway . Is the above not feasible ?
On Fri, Nov 6, 2020 at 9:42 AM Parisi, Justin <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> wrote: Nice workaround!
We do know of this limitation and are looking to try to address in future releases, btw.
From: Alexander Griesser <AGriesser@anexia-it.commailto:AGriesser@anexia-it.com> Sent: Friday, November 6, 2020 9:37 AM To: Parisi, Justin <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com>; Toasters <toasters@teaparty.netmailto:toasters@teaparty.net> Subject: AW: SVM Trident limits/config
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hah, I think I just found a way to do that. I’ts not perfect, but I can at least set a maximum to get some control on that. I can limit the maximum number of volumes an SVM can create with:
vserver modify -vserver vs1 -max-volumes 10
And with the following rule, I can disallow the creation of a volume > 10G:
security login role create -vserver vNFS_440019_onepanel01 -role restricted -cmddirname "volume" -access all -query "-size <=10G"
Creation of a volume with size 10G: vNFS_440019_onepanel01::> vol create -aggregate superion_data -size 10g -volume test1 vNFS_440019_onepanel01::> vol show Vserver Volume Aggregate State Type Size Available Used% --------- ------------ ------------ ---------- ---- ---------- ---------- ----- vNFS_440019_onepanel01 test1 superion_data online RW 10GB 9.50GB 0%
11G: vNFS_440019_onepanel01::> vol create -aggregate superion_data -size 11g -volume test2
Error: command failed: not authorized for that command
Trying to resize the previously created 10G volume to 11G: vNFS_440019_onepanel01::> vol size -volume test2 -new-size +1g
Error: command failed: not authorized for that command
Not perfect, but better than nothing.
Alexander Griesser Head of Systems Operations
ANEXIA Internetdienstleistungs GmbH
E-Mail: AGriesser@anexia-it.commailto:AGriesser@anexia-it.com Web: http://www.anexia-it.comhttp://www.anexia-it.com/
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
Von: Parisi, Justin <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> Gesendet: Freitag, 6. November 2020 15:19 An: Alexander Griesser <AGriesser@anexia-it.commailto:AGriesser@anexia-it.com>; Toasters <toasters@teaparty.netmailto:toasters@teaparty.net> Betreff: RE: SVM Trident limits/config
No, there is not a way to do that.
From: Toasters <toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net> On Behalf Of Alexander Griesser Sent: Friday, November 6, 2020 9:07 AM To: Toasters <toasters@teaparty.netmailto:toasters@teaparty.net> Subject: SVM Trident limits/config
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hey there,
due to popular demand, I’m currently playing around with the trident integration and am following the docs here: https://netapp-trident.readthedocs.io/en/stable-v18.07/docker/install/ndvp_o...
From what I can see, there’s no easy way to limit the total amount of volume space created from within the SVM. I can limit the amount of volumes that can be created, but I cannot limit the maximum total size of those – or is there any option to do that?
I just want to make sure that none of these clients are using more resources than assigned (without having to assign dedicated aggregates). Is that possible?
Thanks,
Alexander Griesser Head of Systems Operations
ANEXIA Internetdienstleistungs GmbH
E-Mail: AGriesser@anexia-it.commailto:AGriesser@anexia-it.com Web: http://www.anexia-it.comhttp://www.anexia-it.com/
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
_______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net https://www.teaparty.net/mailman/listinfo/toasters
