[one-users] question about best way to assign IP's to various users

Ruben S. Montero rsmontero at opennebula.org
Tue Mar 19 14:49:37 PDT 2013


Hi

This is very interesting indeed, I've just filled an issue to implement it
in 4.2.

http://dev.opennebula.org/issues/1818

Thanks for your feedback!!!

Ruben


On Wed, Feb 27, 2013 at 6:06 PM, Gary S. Cuozzo <gary at isgsoftware.net>wrote:

> Hi Simon,
> Yes!  This is a perfect solution for my use case.  This is how we
> currently do it (adding the specific IP to the template) and having it also
> be "reserved" and showing the user even if the VM is not running would be
> awesome.  That is one area where it's lacking right now is that if the VM
> gets shutdown, the IP now appears to be unused.
>
> The workflow you specified is spot-on for how we'd like to work as we
> generally set the template up for our users and just let them use it.
>
> Thanks very much.  I'd love to see this implemented.
> gary
>
>
> ------------------------------
> *Sent: *Wednesday, February 27, 2013 11:45:07 AM
>
> *Subject: *Re: [one-users] question about best way to assign IP's to
> various users
>
> I was thinking of adding  an "IP reservation" feature that would mark IP
> as reserved for a given user. Then that user could have template that
> specifies which IP they want for each VM (when creating the VM / template).
> That would allow for VMs to be destroyed without the IP being returned to
> the available pool.
>
> - Create a global VNET with all your IP.
> - Mark IPs as reserved for a given user
> - User create template /launch VM with their IP, IP changes to "in use" by
> the VM.
> - When reserved IPs are released (by the user), they turn in "reserved"
> state for that user (instead of available for other users)
> - As the Admin, you can add (or remove) IP reservation if the user needs
> more IP
>
> Would this solve your issue?
>
> Simon
>
>
> On Wed, Feb 27, 2013 at 11:03 AM, Gary S. Cuozzo <gary at isgsoftware.net>wrote:
>
>> Thank you for the feedback.
>>
>> It seems like with this approach, the users will get IP's assigned by ONE
>> as they use IP's up to their quota.  While the number of IP's they can use
>> is important (quota), our use case is a bit different in that all public
>> IP's are pre-assigned and static for any VM.  The VM's are mostly web &
>> email servers & other app servers.  So they require properly configured
>> forward & reverse DNS and generally don't change once they are
>> established.  We may allocate more IP's for a user to have, upon request,
>> but they are always predetermined for each VM.
>>
>> I thought by giving each user their own virtual network, I could control
>> specifically which IP's their VM's could use and account for it globally in
>> the "master" virtual network by putting a hold on them once they are
>> assigned to a user's network.
>>
>> I think as long as ONE doesn't care if the same IP could be part of 2
>> different virtual networks, this would work well for us.  It would only be
>> officially used by one network at any time.
>>
>> Thanks again,
>> gary
>>
>> ------------------------------
>> *Sent: *Wednesday, February 27, 2013 5:48:55 AM
>> *Subject: *Re: [one-users] question about best way to assign IP's to
>> various users
>>
>>
>> Hi,
>>
>> Here is how I would do it:
>>
>> Create a VNet as oneadmin, and grant your users permission to USE it.
>> This can be done moving the vnet to the user's group (onevnet chgrp),
>> changing the permissions (onevnet chmod), or using ACL rules (oneacl). See
>> [1] for more information about all this.
>>
>> Now you have a way to see which IPs are used, and by whom. To limit how
>> many IPs can your users take from the vnet, set the NETWORK quota [2].
>>
>> Note that you need to set the quota for each user or group individually,
>> but the batchquota command will make this easier. In the upcoming 4.0
>> version you will be able to set the default quota, that will apply to
>> everyone.
>>
>> I hope this fits your scenario.
>> Regards
>>
>> [1] http://opennebula.org/documentation:rel3.8:auth_overview
>> [2] http://opennebula.org/documentation:rel3.8:quota_auth
>> --
>> Carlos Martín, MSc
>> Project Engineer
>> OpenNebula - The Open-source Solution for Data Center Virtualization
>> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
>>
>>
>> On Wed, Feb 27, 2013 at 8:45 AM, Gary S. Cuozzo <gary at isgsoftware.net>wrote:
>>
>>> Hello users,
>>> I am trying to figure out a good way to manage assignments IP addresses
>>> to various users.  We have a /22 of public IP addresses and I want to be
>>> able to give various users access to their IP's that we've allocated.  I
>>> would also like to be able to see a global view of IP's in use.
>>>
>>> What I was thinking is to have a master network defined and use it to
>>> simply "hold" IP's as they are assigned so that it's easy to just click and
>>> see what's used.  Then, I would create each user their own networks which
>>> have each IP they have been allowed to use.  If I assign them additional
>>> IP's, I would add them to their specific network and then mark them as
>>> "hold" in the master.
>>>
>>> I this method ok, or am I off base?  Is there a better way to accomplish
>>> what I'm looking for?
>>>
>>> Thanks for any ideas,
>>> gary
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130319/5ff0dc5b/attachment-0001.htm>


More information about the Users mailing list