Skip to main content

Posts

Showing posts from September, 2014

OpenStack: Restrict instance deletion

In OpenStack, by default users who are members of a  tenant can delete all instances in that tenant, even if it is spinned up by other users. If you want to restrict that, you  need to tweak the nova policy file  ie /etc/nova/policy.json Add the following lines in the file:     "admin_or_user":"is_admin:True or user_id:%(user_id)s",     "compute:delete":"rule:admin_or_user", Make the same changes in the /etc/openstack-dashboard/nova_policy.json file also Now restart the openstack-nova-api service Now user will be able to delete only those instances spinned up by them. Admin users will be able to delete all instances

OpenStack : Assign floating IP using heat template

Creating Yaml templates that assign floating IPs to your instances being spawned can be a bit tricky.Let us look at a scenario where we need to spin up a VM, assign a floating IP from a pool and make reference to this floating IP in your userdata as well. We will make use of the network ID of the internal and external network, as well as the Subnet ID of the internal network The logical workflow is as follows:   Create a port resource using internal network and internal subnet IDs Create a floating IP resource , referring to the external network ID   Associate the floating IP to the port   In the server resource being created, associate the port resource   Now we will see how this can be implemented using both HOT and AWS template formats