[one-users] question about best way to assign IP's to various users

Gary S. Cuozzo gary at isgsoftware.net
Wed Feb 27 09:06:55 PST 2013 

Hi Simon, 
Yes! This is a perfect solution for my use case. This is how we currently do it (adding the specific IP to the template) and having it also be "reserved" and showing the user even if the VM is not running would be awesome. That is one area where it's lacking right now is that if the VM gets shutdown, the IP now appears to be unused. 

The workflow you specified is spot-on for how we'd like to work as we generally set the template up for our users and just let them use it. 

Thanks very much. I'd love to see this implemented. 
gary 


----- Original Message -----

Sent: Wednesday, February 27, 2013 11:45:07 AM 
Subject: Re: [one-users] question about best way to assign IP's to various users 


I was thinking of adding an "IP reservation" feature that would mark IP as reserved for a given user. Then that user could have template that specifies which IP they want for each VM (when creating the VM / template). That would allow for VMs to be destroyed without the IP being returned to the available pool. 


- Create a global VNET with all your IP. 
- Mark IPs as reserved for a given user 
- User create template /launch VM with their IP, IP changes to "in use" by the VM. 
- When reserved IPs are released (by the user), they turn in "reserved" state for that user (instead of available for other users) 
- As the Admin, you can add (or remove) IP reservation if the user needs more IP 


Would this solve your issue? 


Simon 



On Wed, Feb 27, 2013 at 11:03 AM, Gary S. Cuozzo < gary at isgsoftware.net > wrote: 




Thank you for the feedback. 

It seems like with this approach, the users will get IP's assigned by ONE as they use IP's up to their quota. While the number of IP's they can use is important (quota), our use case is a bit different in that all public IP's are pre-assigned and static for any VM. The VM's are mostly web & email servers & other app servers. So they require properly configured forward & reverse DNS and generally don't change once they are established. We may allocate more IP's for a user to have, upon request, but they are always predetermined for each VM. 

I thought by giving each user their own virtual network, I could control specifically which IP's their VM's could use and account for it globally in the "master" virtual network by putting a hold on them once they are assigned to a user's network. 

I think as long as ONE doesn't care if the same IP could be part of 2 different virtual networks, this would work well for us. It would only be officially used by one network at any time. 

Thanks again, 
gary 



Sent: Wednesday, February 27, 2013 5:48:55 AM 
Subject: Re: [one-users] question about best way to assign IP's to various users 



Hi, 


Here is how I would do it: 


Create a VNet as oneadmin, and grant your users permission to USE it. This can be done moving the vnet to the user's group (onevnet chgrp), changing the permissions (onevnet chmod), or using ACL rules (oneacl). See [1] for more information about all this. 


Now you have a way to see which IPs are used, and by whom. To limit how many IPs can your users take from the vnet, set the NETWORK quota [2]. 


Note that you need to set the quota for each user or group individually, but the batchquota command will make this easier. In the upcoming 4.0 version you will be able to set the default quota, that will apply to everyone. 


I hope this fits your scenario. 
Regards 


[1] http://opennebula.org/documentation:rel3.8:auth_overview 
[2] http://opennebula.org/documentation:rel3.8:quota_auth 

-- 
Carlos Martín, MSc 
Project Engineer 
OpenNebula - The Open-source Solution for Data Center Virtualization 
www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula 


On Wed, Feb 27, 2013 at 8:45 AM, Gary S. Cuozzo < gary at isgsoftware.net > wrote: 

<blockquote>


Hello users, 
I am trying to figure out a good way to manage assignments IP addresses to various users. We have a /22 of public IP addresses and I want to be able to give various users access to their IP's that we've allocated. I would also like to be able to see a global view of IP's in use. 

What I was thinking is to have a master network defined and use it to simply "hold" IP's as they are assigned so that it's easy to just click and see what's used. Then, I would create each user their own networks which have each IP they have been allowed to use. If I assign them additional IP's, I would add them to their specific network and then mark them as "hold" in the master. 

I this method ok, or am I off base? Is there a better way to accomplish what I'm looking for? 

Thanks for any ideas, 
gary 


_______________________________________________ 
Users mailing list 
Users at lists.opennebula.org 
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org 






_______________________________________________ 
Users mailing list 
Users at lists.opennebula.org 
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org 


</blockquote>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130227/a99c34e1/attachment-0001.htm>

More information about the Users mailing list