On Thu, Jul 23, 2015 at 3:54 PM, Alvise Dorigo <[email protected]> wrote: > If the VM doesn't have a floating IP, the Y IP address that is exposed on > the internet (and therefore the one that will be commuticated to the > security people) is the one of the OpenStack router. > > Given the private IP of the machine we are able to find the UUID of the VM > (even if this was already deleted) and then the id of the relevant user who > created it. > But the problem is how to find this private IP address.
Interesting: how do you do it? In Kilo, apparently, the ports are deleted also from the DB, do you have some sort of trigger? And how is the mapping between port and instance id done? For your question, I guess the only solution is to periodically save the output of "conntrack -L" on the network node, to be run *within* the router namespace. A possible solution (that I haven't tested yet), is to use ulogd https://home.regit.org/2014/02/logging-connection-tracking-event-with-ulogd/ .a. -- [email protected] [email protected] +41 (0)44 635 42 22 S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ University of Zurich Winterthurerstrasse 190 CH-8057 Zurich Switzerland _______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
