Re: [Openstack-operators] tracking history of floating IP
Hi, We have developed a simple MySQL trigger to register the floating ip usage: https://github.com/FranceGrilles/openstack-triggers (a recent modification has not been yet committed, that cover the case where Heat is assigning a floating ip). Cheers, Jerome Le 18/03/2018 à 18:28, Cedlerouge a écrit : > Hi all > > I need to get history of a floating IP, to know which instance or which > user used the floating IP at a specific time in the past. > I believe this is based on events. Is panko (whith ceilometer) the > solution or do i setup an ELK to do this ? > Or Maybe you use another solution, I'm interested on if you have some > advice or feedback > > Best regards > -- Jerome Pansanel, PhD Technical Director at France Grilles Grid & Cloud Computing Operations Manager at IPHC IPHC|| GSM: +33 (0)6 25 19 24 43 23 rue du Loess, BP 28 || Tel: +33 (0)3 88 10 66 24 F-67037 STRASBOURG Cedex 2 || Fax: +33 (0)3 88 10 62 34 ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] User_id Based Policy Enforcement
Dear Hamza, You may contact the primary assignee to get the status of this feature: https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/user-id-based-policy-enforcement.html Best regards, Jerome Pansanel Le 15/01/2017 à 08:44, Hamza Achi a écrit : > Hello, > > According to this Nova-spec of Newton release [1], user_id:%(user_id)s > syntax should work to constrain some operations to user_id instead of > project_id. Like deleting and rebuilding VMs. > > But it is not working, users within the same project can delete, > rebuild..the VMs of each other. i added these rules in > /etc/nova/policy.json (i used devstack stable/newton branch): > > "admin_required": "role:admin or is_admin:1", > "owner" : "user_id:%(user_id)s", > "admin_or_owner": "rule:admin_required or rule:owner", > "compute:delete": "rule:admin_or_owner", > "compute:resize": "rule:admin_or_owner", > "compute:rebuild": "rule:admin_or_owner", > "compute:reboot": "rule:admin_or_owner", > "compute:start": "rule:admin_or_owner", > "compute:stop": "rule:admin_or_owner" > > > Can you please point out what i am missing ? > > Thank you, > Hamza > > > [1] > https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/user-id-based-policy-enforcement.html > > > ___ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -- Jerome Pansanel, PhD Technical Director at France Grilles Grid & Cloud Computing Operations Manager at IPHC IPHC|| GSM: +33 (0)6 25 19 24 43 23 rue du Loess, BP 28 || Tel: +33 (0)3 88 10 66 24 F-67037 STRASBOURG Cedex 2 || Fax: +33 (0)3 88 10 62 34 ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] Nova 2.1 and user permissions in the policy file
Hi, Le 23/05/2016 18:23, Sean Dague a écrit : > On 05/23/2016 11:56 AM, Tim Bell wrote: >> On 23/05/16 17:02, "Sean Dague" <s...@dague.net> wrote: >> >>> On 05/23/2016 10:24 AM, Tim Bell wrote: >>>> >>>> [...] >>>> There can be security implications also so I’d recommend those using >>>> this current v2 feature to review the bug to understand the potential >>>> impacts as clouds enable v2.1. >>> >>> While I understand from the bug report what your use case is now, I'm >>> kind of wondering what the shared resources / actions of these 150 >>> people are in this project. Are they all in the same project for other >>> reasons? >> >> The resource pool (i.e. quota) is shared between all of the developers. >> A smaller team is responsible for maintaining the image set for the project >> and also providing 2nd line support (such as reboot/problem diagnosis…). > > Ok, so Bob can take up all the instances and go on vacation, and it's a > 2nd line support call to handle shutting them down? It definitely > creates some weird situations where you can all pull from the pool, and > once pulled only you can give back. > > What's the current policy patch look like? (i.e. which operations are > you changing to user_id). > >> I do not know the EMBL-EBI use case or the EGI Federated Cloud scenarios >> which are also mentioned in the review. The EGI Federated Cloud scenarios is almost the same. We have tenants for several projects and a "catch-all" tenant for small projects (1 or 2 person per project). Therefore, it is important to be sure that a user from one project does not interact with VMs from another one. You may find the patch that we are using here: - Liberty: https://github.com/vin-c/cloud-security/tree/liberty/patch > > Those would be good. I honestly think we need someone to start capturing > these in a spec, because a huge part of the disconnect here was this was > a backdoor feature that no one on the development side really understood > existed, was never tested, and didn't think it was the way things were > supposed to be working. And if we are bringing it back we really need to > capture the use cases a lot more clearly so in 5 years we don't do the > same thing again. > > -Sean > Jerome -- Jerome Pansanel Technical Director at France Grilles Grid & Cloud Computing Operations Manager at IPHC IPHC|| GSM: +33 (0)6 25 19 24 43 23 rue du Loess, BP 28 || Tel: +33 (0)3 88 10 66 24 F-67037 STRASBOURG Cedex 2 || Fax: +33 (0)3 88 10 62 34 ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] European Operators
+1 ! Jerome Le 17/09/2015 10:08, Olivier Cant a écrit : Also very intrested. Olivier On 17/09/15S38 10:02, Salman Toor wrote: Hi, Why Not! I think its a great Idea. I want to join. Regards.. Salman PhD, Scientific Computing Researcher, IT Department, Uppsala University. Cloud Application Expert, UPPMAX. Visiting Researcher, Helsinki Institute of Physics (HIP). salman.t...@it.uu.se <mailto:salman.t...@it.uu.se> http://www.it.uu.se/katalog/salto690 On 17 Sep 2015, at 09:52, Matt Jarvis <matt.jar...@datacentred.co.uk <mailto:matt.jar...@datacentred.co.uk>> wrote: Hi All Don't know how many European folks are on this list, but just wondering if there's any interest in a European Operators meet up ? Matt -- Matt Jarvis Head of Cloud Computing DataCentred Office: (+44)0161 8703985 Mobile: (+44)07983 725372 Email: matt.jar...@datacentred.co.uk <mailto:matt.jar...@datacentred.co.uk> Website: http://www.datacentred.co.uk <http://www.datacentred.co.uk/> DataCentred Limited registered in England and Wales no. 05611763___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org <mailto:OpenStack-operators@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -- Exxoss <http://www.exxoss.com> *Olivier Cant*, CEO | Gsm: +32(0)497/64.18.22 *Exxoss, SPRL <http://www.exxoss.com>* Rue de la station, 2, 4347, Fexhe-le-haut-clocher | Telephone: +32(0)4/341.25.81 | Fax: +32(0)4/371.94.06 Twitter <http://twitter.com/exxossIT> Facebook <http://facebook.com/exxoss> Linked In <https://www.linkedin.com/company/exxoss> ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -- Jerome Pansanel Technical Director at France Grilles Grid & Cloud Computing Operations Manager at IPHC IPHC|| GSM: +33 (0)6 25 19 24 43 23 rue du Loess, BP 28 || Tel: +33 (0)3 88 10 66 24 F-67037 STRASBOURG Cedex 2 || Fax: +33 (0)3 88 10 62 34 ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators