[one-users] question about best way to assign IP's to various users

Gary S. Cuozzo gary at isgsoftware.net
Wed Feb 27 08:03:56 PST 2013


Thank you for the feedback. 

It seems like with this approach, the users will get IP's assigned by ONE as they use IP's up to their quota. While the number of IP's they can use is important (quota), our use case is a bit different in that all public IP's are pre-assigned and static for any VM. The VM's are mostly web & email servers & other app servers. So they require properly configured forward & reverse DNS and generally don't change once they are established. We may allocate more IP's for a user to have, upon request, but they are always predetermined for each VM. 

I thought by giving each user their own virtual network, I could control specifically which IP's their VM's could use and account for it globally in the "master" virtual network by putting a hold on them once they are assigned to a user's network. 

I think as long as ONE doesn't care if the same IP could be part of 2 different virtual networks, this would work well for us. It would only be officially used by one network at any time. 

Thanks again, 
gary 

----- Original Message -----

Sent: Wednesday, February 27, 2013 5:48:55 AM 
Subject: Re: [one-users] question about best way to assign IP's to various users 

Hi, 


Here is how I would do it: 


Create a VNet as oneadmin, and grant your users permission to USE it. This can be done moving the vnet to the user's group (onevnet chgrp), changing the permissions (onevnet chmod), or using ACL rules (oneacl). See [1] for more information about all this. 


Now you have a way to see which IPs are used, and by whom. To limit how many IPs can your users take from the vnet, set the NETWORK quota [2]. 


Note that you need to set the quota for each user or group individually, but the batchquota command will make this easier. In the upcoming 4.0 version you will be able to set the default quota, that will apply to everyone. 


I hope this fits your scenario. 
Regards 


[1] http://opennebula.org/documentation:rel3.8:auth_overview 
[2] http://opennebula.org/documentation:rel3.8:quota_auth 

-- 
Carlos Martín, MSc 
Project Engineer 
OpenNebula - The Open-source Solution for Data Center Virtualization 
www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula 


On Wed, Feb 27, 2013 at 8:45 AM, Gary S. Cuozzo < gary at isgsoftware.net > wrote: 




Hello users, 
I am trying to figure out a good way to manage assignments IP addresses to various users. We have a /22 of public IP addresses and I want to be able to give various users access to their IP's that we've allocated. I would also like to be able to see a global view of IP's in use. 

What I was thinking is to have a master network defined and use it to simply "hold" IP's as they are assigned so that it's easy to just click and see what's used. Then, I would create each user their own networks which have each IP they have been allowed to use. If I assign them additional IP's, I would add them to their specific network and then mark them as "hold" in the master. 

I this method ok, or am I off base? Is there a better way to accomplish what I'm looking for? 

Thanks for any ideas, 
gary 


_______________________________________________ 
Users mailing list 
Users at lists.opennebula.org 
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130227/6612f0df/attachment-0002.htm>


More information about the Users mailing list