[Users] users quota and limit ips

Jiri Belka jbelka at redhat.com
Thu Apr 18 14:48:47 UTC 2013


On Thu, 18 Apr 2013 16:15:38 +0200
Andrej Bagon <andrej.bagon at arnes.si> wrote:

> Hi all,
> 
> we are wondering how can we limit a user to use IPs we give him and not
> others.
> Best is understood from an example:
> - we give a user a quota (with x CPU, y memory and z disk space)
> - a user can create one VirtualMachine with all the resources, or more
> VirtualMachines with smaller resources.
> - we want to give a user a pool of IPs. He should not use other IPs. If
> he uses other IP it should not be routable.
> 
> Is there a solution for this problem?

Normal solution:

* mirror port on your switch which is forwarded to a NIDS
  and search for unauthoried IPs MACs pairs

"Software foo can to everything" solution:

* libvirt know nwfilter
* vdsm has hooks

thus combination of your own nwfilters, custom properties and vdsm
hooks.

Or raise a RFE so we could assing nwfilters to a VM.



More information about the Users mailing list