'morning Hari. I can think of at least one use case where allowing the "user" to specify the IP would be required - when migrating an IP from one CAP to ACS or from one VM to another.
Anyways - I think what the real answer to your question is would be to have a granular security model around the API calls. At that point you could specify what users/groups have the ability to assign specific IPs to a specific instance. So I'd vote to implement for now, and attack a granular api security model sooner rather than later. John On Dec 18, 2012, at 4:15 PM, Hari Kannan <hari.kan...@citrix.com> wrote: > Regarding " User can specify the IP address from the guest subnet if not CS > picks the IP from the guest subnet " comment in the FS > > I don't see a need to do this - because, it is a shared network, how does he > know what is used up and what is not? So, he could go through a sequence of > steps only to get an error message back that it is not possible (and keep > doing this until success) > > One possibility is telling him what is available - it may not be a big deal > to reveal the used/unused IPs in isolated network (although it would be hard > to show from a large CIDR what is used/available), but we wont even be able > to tell him what is used/unused in a shared network - > > Any thoughts? > > Hari Kannan > > -----Original Message----- > From: John Kinsella [mailto:j...@stratosec.co] > Sent: Tuesday, December 18, 2012 10:36 AM > To: cloudstack-dev@incubator.apache.org > Subject: Re: Functional Specification for the multiple IPs per NIC > > Is there any logic behind 30? At some point, we're going to be asked, so I'd > like to have a decent answer. :) > > On the rest of this, I'd like to get some level of consensus on the design. > What looks best to me: > * Improve UserData/CloudInit support in CloudStack (I'm willing to work on > this, consider it important) - allow expiration of data, wider variety of > data supported > * Create the multi-IPs-per-NIC code to get IPs via CloudInit (Need to think > through Windows equivalent) > * Update the password changing script to use CloudInit > > Thoughts? Or Jayapal have you already started work on the multi-IP feature? > > On Dec 18, 2012, at 2:03 AM, Jayapal Reddy Uradi > <jayapalreddy.ur...@citrix.com> wrote: > >> Regarding IP limit, it can be made as configurable using global settings >> and default value will be 30. >> >> >> Thanks, >> Jayapal >> >>> -----Original Message----- >>> From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] >>> Sent: Monday, December 17, 2012 12:59 PM >>> To: CloudStack DeveloperList >>> Subject: Re: Functional Specification for the multiple IPs per NIC >>> >>> In basic/shared networks the allocation is bounded by what is already >>> "used- up". To prevent tenants from hogging all the available ips, >>> there needs to be limits. >>> >>> On 12/15/12 8:38 AM, "John Kinsella" <j...@stratosec.co> wrote: >>> >>>> I'd remove the limitation of having 30 IPs per interface. Modern >>>> OSes can support way more. >>>> >>>> Why no support for basic networking? I can see a small hosting >>>> provider with a basic setup wanting to manage web servers... >>>> >>>> John >>>> >>>> On Dec 14, 2012, at 9:37 AM, Jayapal Reddy Uradi >>>> <jayapalreddy.ur...@citrix.com> wrote: >>>> >>>>> Hi All, >>>>> >>>>> Current guest VM by default having one NIC and one IP address assigned. >>>>> If your wants extra IP for the guest VM, there no provision from >>>>> the CS. >>>>> >>>>> Using multiple IP address per NIC feature CS can associate IP >>>>> address for the NIC, user can take that IP and assign it to the VM. >>>>> >>>>> Please find the FS for the more details. >>>>> >>>>> >>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Multiple+IP+ >>>>> a >>> dd >>>>> res >>>>> s+per+NIC >>>>> >>>>> Please provide your comments on the FS. >>>>> >>>>> >>>>> Thanks, >>>>> jayapal >>>> >>>> Stratosec - Secure Infrastructure as a Service >>>> o: 415.315.9385 >>>> @johnlkinsella >>>> >> >> > > Stratosec - Secure Infrastructure as a Service > o: 415.315.9385 > @johnlkinsella > > Stratosec - Secure Infrastructure as a Service o: 415.315.9385 @johnlkinsella
