Projects and Quota: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 23: | Line 23: | ||
* Projects that involve users from '''multiple bwCloud-OS [[Registration#Regions|regions]]''' | * Projects that involve users from '''multiple bwCloud-OS [[Registration#Regions|regions]]''' | ||
Such collaboration is also supported through the use of '''access tokens''' ([[Programmatic Access and Automation#Application Credentials|Application Credentials]]). | Such collaboration is also supported through the use of '''access tokens''' ([[Programmatic Access and Automation#Application Credentials|Application Credentials]]). | ||
<blockquote>'''Note:''' If the only goal is to allow multiple users to connect to the same virtual machine, you can simply add their '''SSH public keys''' to the <code>~/.ssh/authorized_keys</code> file on the VM. | |||
In that case, a group project is '''not required'''.</blockquote> | In that case, a group project is '''not required'''.</blockquote> | ||
== What does resource administration look like in a group project? == | |||
OpenStack uses a very simple role and rights model: | |||
* There is the role of '''“Administrator”''', which is reserved exclusively for members of the '''bwCloud-OS operations team'''. | |||
* All regular users — including those in group projects — have the same '''standard user permissions'''. | |||
This means that a group project functions the same as a personal project, with one key difference: '''multiple users''' are assigned to the same project. | |||
As a result: | |||
* Every group member can '''see all shared resources''' (instances, images, security groups, etc.). | |||
* All members can '''create, modify, or delete''' resources. | |||
* There are '''no internal role distinctions''' within a project — all members have '''equal rights'''. | |||
== How can I request a group project? == | == How can I request a group project? == | ||
| Line 56: | Line 68: | ||
== Why is it necessary to specify a group project owner? == | == Why is it necessary to specify a group project owner? == | ||
The person designated as the '''project owner''' is needed for several important reasons: | |||
The | # '''Billing and accountability''' If cost allocation is introduced in the future, any billing or formal communication related to the group project will be directed to the group owner's institution or department. (Note: The owner can be changed later if needed.) | ||
# '''Primary contact for the bwCloud-OS team''' The group owner acts as the main contact person for the bwCloud-OS team — for operational issues, incidents, and support inquiries. | |||
# '''User and membership management''' The owner is responsible for managing group membership. We can only accept requests to add or remove members from the owner (or a designated replacement), since all group members have the same technical permissions and we otherwise cannot verify authority. | |||
== Can the project owner be a functional or shared account? == | |||
No. All accounts and identifiers used in bwCloud-OS — including those for '''project owners''' and '''project members''' — must be assigned to '''individual, identifiable persons'''. | |||
Group projects are '''not an exception''' to this rule. The same identity and accountability requirements apply as for personal projects. | |||
== Are the group members alterable? == | == Are the group members alterable? == | ||
| Line 88: | Line 102: | ||
== How do I move an instance to another project? == | == How do I move an instance to another project? == | ||
Revision as of 20:23, 19 October 2025
| In a Nutshell |
|
Group Projects
In which situations is a group project useful?
Group projects allow multiple users to share and jointly manage resources within a single bwCloud-OS project. This is particularly useful for:
- Collaborative administration of servers with a long-term or operational purpose
- Teaching or training scenarios, where students or participants need to work together
- Projects that involve users from multiple bwCloud-OS regions
Such collaboration is also supported through the use of access tokens (Application Credentials).
Note: If the only goal is to allow multiple users to connect to the same virtual machine, you can simply add their SSH public keys to the
~/.ssh/authorized_keysfile on the VM. In that case, a group project is not required.
What does resource administration look like in a group project?
OpenStack uses a very simple role and rights model:
- There is the role of “Administrator”, which is reserved exclusively for members of the bwCloud-OS operations team.
- All regular users — including those in group projects — have the same standard user permissions.
This means that a group project functions the same as a personal project, with one key difference: multiple users are assigned to the same project.
As a result:
- Every group member can see all shared resources (instances, images, security groups, etc.).
- All members can create, modify, or delete resources.
- There are no internal role distinctions within a project — all members have equal rights.
How can I request a group project?
To create a group project, you need to submit a support ticket with specific information about your request. Please note:
- Only users who are already registered in bwCloud-OS can be added as project members.
- The project must have a designated owner. Please review the role of the project owner, who is responsible for managing the project and its quota usage.
Use the following template in your request:
SUBJECT: NEW_PROJECT REGION: NAME MOTIVATION: TEXT OWNER_UUID: UUID PROJECT_NAME: NAME (maximum 16 characters) MEMBER_UUIDS: UUID, UUID, ... NUMBER_VM:: INTEGER RAM_GB: INTEGER VCPU: INTEGER STORAGE_GB: INTEGER SPECIAL_QUOTA: TEXT CUT_OFF_DATE: dd.mm.yyyy
Why is it necessary to specify a group project owner?
The person designated as the project owner is needed for several important reasons:
- Billing and accountability If cost allocation is introduced in the future, any billing or formal communication related to the group project will be directed to the group owner's institution or department. (Note: The owner can be changed later if needed.)
- Primary contact for the bwCloud-OS team The group owner acts as the main contact person for the bwCloud-OS team — for operational issues, incidents, and support inquiries.
- User and membership management The owner is responsible for managing group membership. We can only accept requests to add or remove members from the owner (or a designated replacement), since all group members have the same technical permissions and we otherwise cannot verify authority.
Can the project owner be a functional or shared account?
No. All accounts and identifiers used in bwCloud-OS — including those for project owners and project members — must be assigned to individual, identifiable persons.
Group projects are not an exception to this rule. The same identity and accountability requirements apply as for personal projects.
Are the group members alterable?
At bwCloud-OS registered users can be added to a group project. Members can also be removed from the project. Requests to change group members can only be made by the group owner. Answer the questions below and use the template for your request:
SUBJECT: MEMBER_PROJECT NEW_OWNER: UUID PROJECT: UUID MEMBERS_ADD: UUID, UUID, ... MEMBERS_REMOVE: UUID, UUID, ...
Write us a Ticket. We will check your request and, if possible, grant the request.
How can I switch between projects?
A user can be a member of several group projects. The quota of a project is bound to exactly one bwCloud-OS region.
The target region and project can be choosen via the button at the top left of the dashboard.
How do I move an instance to another project?
An instance cannot be moved to another project per se. However, the following work around is possible. rerequisite is appropriate quota in the target project.
- Source Project
- Create a Snapshot/ a shadow copy of the instance. -> Snapshot appears under 'Images'.
- Under Images from the snapshot create a Volume. -> The volume appears under Volumes.
- Under Volumes create a Transfer for the volume and note the Transfer ID and the Authorization Key.
- Target Project
- Under Volumes select Accept transfer.
- Specify the saved Transfer ID and Authorization Key.-> The volume appears under Volumes.
- Convert/upload the volume to an Image. -> The image appears under Images (, this may take some time).
- Under Images start the image.
Quota
Project Quota
Quota refers to the resource limits assigned to a project – such as vCPUs, RAM, networks, and storage. There are two types of projects:
- Private User Project: Owned by a single individual; no additional members can be added. Quotas depend on the region and the assigned entitlements.
- Group Project: Multiple users collaborate and can flexibly allocate (quota) resources.
Request Quota increase
Answer the points below and use that template for your request via our Support Portal:
SUBJECT: NEW_QUOTA MOTIVATION: TEXT USER_UUID: UUID PROJECT_UUID: UUID (or ask for a new one) NUMBER_VM:: INTEGER RAM_GB: INTEGER VCPU: INTEGER STORAGE_GB: INTEGER SPECIAL_QUOTA: TEXT CUT_OFF_DATE: dd.mm.yyyy
We will check your request and, if possible, grant the request.
Specific Rules for Individual Institutions
Special rules apply to users at the University of Stuttgart, which are explained in more detail here.