[one-users] question about best way to assign IP's to various users

Simon Boulet simon at nostalgeek.com
Wed Feb 27 08:45:07 PST 2013 

I was thinking of adding  an "IP reservation" feature that would mark IP as
reserved for a given user. Then that user could have template that
specifies which IP they want for each VM (when creating the VM / template).
That would allow for VMs to be destroyed without the IP being returned to
the available pool.

- Create a global VNET with all your IP.
- Mark IPs as reserved for a given user
- User create template /launch VM with their IP, IP changes to "in use" by
the VM.
- When reserved IPs are released (by the user), they turn in "reserved"
state for that user (instead of available for other users)
- As the Admin, you can add (or remove) IP reservation if the user needs
more IP

Would this solve your issue?

Simon


On Wed, Feb 27, 2013 at 11:03 AM, Gary S. Cuozzo <gary at isgsoftware.net>wrote:

> Thank you for the feedback.
>
> It seems like with this approach, the users will get IP's assigned by ONE
> as they use IP's up to their quota.  While the number of IP's they can use
> is important (quota), our use case is a bit different in that all public
> IP's are pre-assigned and static for any VM.  The VM's are mostly web &
> email servers & other app servers.  So they require properly configured
> forward & reverse DNS and generally don't change once they are
> established.  We may allocate more IP's for a user to have, upon request,
> but they are always predetermined for each VM.
>
> I thought by giving each user their own virtual network, I could control
> specifically which IP's their VM's could use and account for it globally in
> the "master" virtual network by putting a hold on them once they are
> assigned to a user's network.
>
> I think as long as ONE doesn't care if the same IP could be part of 2
> different virtual networks, this would work well for us.  It would only be
> officially used by one network at any time.
>
> Thanks again,
> gary
>
> ------------------------------
> *Sent: *Wednesday, February 27, 2013 5:48:55 AM
> *Subject: *Re: [one-users] question about best way to assign IP's to
> various users
>
>
> Hi,
>
> Here is how I would do it:
>
> Create a VNet as oneadmin, and grant your users permission to USE it. This
> can be done moving the vnet to the user's group (onevnet chgrp), changing
> the permissions (onevnet chmod), or using ACL rules (oneacl). See [1] for
> more information about all this.
>
> Now you have a way to see which IPs are used, and by whom. To limit how
> many IPs can your users take from the vnet, set the NETWORK quota [2].
>
> Note that you need to set the quota for each user or group individually,
> but the batchquota command will make this easier. In the upcoming 4.0
> version you will be able to set the default quota, that will apply to
> everyone.
>
> I hope this fits your scenario.
> Regards
>
> [1] http://opennebula.org/documentation:rel3.8:auth_overview
> [2] http://opennebula.org/documentation:rel3.8:quota_auth
> --
> Carlos Martín, MSc
> Project Engineer
> OpenNebula - The Open-source Solution for Data Center Virtualization
> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
>
>
> On Wed, Feb 27, 2013 at 8:45 AM, Gary S. Cuozzo <gary at isgsoftware.net>wrote:
>
>> Hello users,
>> I am trying to figure out a good way to manage assignments IP addresses
>> to various users.  We have a /22 of public IP addresses and I want to be
>> able to give various users access to their IP's that we've allocated.  I
>> would also like to be able to see a global view of IP's in use.
>>
>> What I was thinking is to have a master network defined and use it to
>> simply "hold" IP's as they are assigned so that it's easy to just click and
>> see what's used.  Then, I would create each user their own networks which
>> have each IP they have been allowed to use.  If I assign them additional
>> IP's, I would add them to their specific network and then mark them as
>> "hold" in the master.
>>
>> I this method ok, or am I off base?  Is there a better way to accomplish
>> what I'm looking for?
>>
>> Thanks for any ideas,
>> gary
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130227/962fde0b/attachment-0002.htm>

More information about the Users mailing list