restricting users to a or Zone / Cluster

[Bryan Whitehead <dr...@megahappy.net>]

I'd like to restrict users to a specific cluster in a zone but I don't
see that as possible. Am I correct in this statement?

Is there a way to restrict users to a specific Zone?

Assuming I trust my users and just give them a specific zone to use -
when I setup the zone can I just use the same secondary storage as
others zones are do I need a new set of secondary storages as well?

-Bryan

Re: restricting users to a or Zone / Cluster

[Bryan Whitehead <dr...@megahappy.net>]

So really the only way I can make sure certain hosts get used by a
certain user is to make a separate zone?

Basically, I need to have 2 groups of hosts: on group of hosts that is
dedicated to dev/qa/experimental stuff, the other group of hosts is
production. Looks like I can't just make separate users, clusters, or
domains - I really need to make 2 different zones. :(

On Mon, Mar 18, 2013 at 12:43 AM, Geoff Higginbottom
<ge...@shapeblue.com> wrote:
> Bryan,
>
> You can use Tags to tell CloudStack where you would 'like' it to put resources, but tags are best endeavours.
>
> If you have two clusters, but the one you want to place resources on using Tags is full, CloudStack will simply allocate the resources to the other cluster.
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
>
> D: +44(0)20 3603 0542<tel:+442036030542> | S: +44(0)20 3603 0540<tel:+442036030540> | M: +44(0)7968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<ma...@shapeblue.com> | www.shapeblue.com
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS
>
>
>
> On 18 Mar 2013, at 08:14, "Bryan Whitehead" <dr...@megahappy.net>> wrote:
>
> After reading the URLs above it sounds like I can use tags to get what I want...
>
> If I tag a cluster or a primary storage that is related to a
> particular cluster - then I could also use the same tag when deploying
> Instances to make sure only certain Instances go to a certain cluster
> (or primary storage)? Is that right?
>
> On Sun, Mar 17, 2013 at 8:47 AM, Nitin Mehta <Ni...@citrix.com>> wrote:
> Something close to this is already being worked on. These talk about
> dedicating resources to accounts/domain. See if you can find a flag to
> "restrict" them as well.
> Or you can create an enhancement for the same
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/FS+for+VMs+on+hardwa
> re+dedicated+to+a+specific+account
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resources+
> -+Public+IP+Addresses+and+VLANs+per+Tenant
>
>
> Dedicating templates should be possible by using launchPermissions api for
> templates.
>
> Thanks,
> -Nitin
>
> On 15/03/13 9:22 PM, "Kirk Jantzer" <ki...@gmail.com>> wrote:
>
> Bryan, I like this idea - being able to restrict accounts/users/projects
> to
> certain zones/hypervisors/templates/etc. There's already a lot of
> granularity in CS, why not a little more? :-)
>
>
> On Thu, Mar 14, 2013 at 5:12 PM, Pranav Saxena
> <pr...@citrix.com>>wrote:
>
> Well , you can always set up a private zone by unchecking the public
> checkbox in the zone wizard .
>
> -----Original Message-----
> From: Bryan Whitehead [mailto:driver@megahappy.net]
> Sent: Friday, March 15, 2013 1:55 AM
> To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
> Subject: restricting users to a or Zone / Cluster
>
> I'd like to restrict users to a specific cluster in a zone but I don't
> see
> that as possible. Am I correct in this statement?
>
> Is there a way to restrict users to a specific Zone?
>
> Assuming I trust my users and just give them a specific zone to use -
> when
> I setup the zone can I just use the same secondary storage as others
> zones
> are do I need a new set of secondary storages as well?
>
> -Bryan
>
>
>
>
> --
> Regards,
>
> Kirk Jantzer
> c: (678) 561-5475
>
>
> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: restricting users to a or Zone / Cluster

[Geoff Higginbottom <ge...@shapeblue.com>]

Bryan,

You can use Tags to tell CloudStack where you would 'like' it to put resources, but tags are best endeavours.

If you have two clusters, but the one you want to place resources on using Tags is full, CloudStack will simply allocate the resources to the other cluster.

Regards

Geoff Higginbottom
CTO / Cloud Architect


D: +44(0)20 3603 0542<tel:+442036030542> | S: +44(0)20 3603 0540<tel:+442036030540> | M: +44(0)7968161581<tel:+447968161581>

geoff.higginbottom@shapeblue.com<ma...@shapeblue.com> | www.shapeblue.com

ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS



On 18 Mar 2013, at 08:14, "Bryan Whitehead" <dr...@megahappy.net>> wrote:

After reading the URLs above it sounds like I can use tags to get what I want...

If I tag a cluster or a primary storage that is related to a
particular cluster - then I could also use the same tag when deploying
Instances to make sure only certain Instances go to a certain cluster
(or primary storage)? Is that right?

On Sun, Mar 17, 2013 at 8:47 AM, Nitin Mehta <Ni...@citrix.com>> wrote:
Something close to this is already being worked on. These talk about
dedicating resources to accounts/domain. See if you can find a flag to
"restrict" them as well.
Or you can create an enhancement for the same

https://cwiki.apache.org/confluence/display/CLOUDSTACK/FS+for+VMs+on+hardwa
re+dedicated+to+a+specific+account

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resources+
-+Public+IP+Addresses+and+VLANs+per+Tenant


Dedicating templates should be possible by using launchPermissions api for
templates.

Thanks,
-Nitin

On 15/03/13 9:22 PM, "Kirk Jantzer" <ki...@gmail.com>> wrote:

Bryan, I like this idea - being able to restrict accounts/users/projects
to
certain zones/hypervisors/templates/etc. There's already a lot of
granularity in CS, why not a little more? :-)


On Thu, Mar 14, 2013 at 5:12 PM, Pranav Saxena
<pr...@citrix.com>>wrote:

Well , you can always set up a private zone by unchecking the public
checkbox in the zone wizard .

-----Original Message-----
From: Bryan Whitehead [mailto:driver@megahappy.net]
Sent: Friday, March 15, 2013 1:55 AM
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: restricting users to a or Zone / Cluster

I'd like to restrict users to a specific cluster in a zone but I don't
see
that as possible. Am I correct in this statement?

Is there a way to restrict users to a specific Zone?

Assuming I trust my users and just give them a specific zone to use -
when
I setup the zone can I just use the same secondary storage as others
zones
are do I need a new set of secondary storages as well?

-Bryan




--
Regards,

Kirk Jantzer
c: (678) 561-5475


This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: restricting users to a or Zone / Cluster

[Bryan Whitehead <dr...@megahappy.net>]

After reading the URLs above it sounds like I can use tags to get what I want...

If I tag a cluster or a primary storage that is related to a
particular cluster - then I could also use the same tag when deploying
Instances to make sure only certain Instances go to a certain cluster
(or primary storage)? Is that right?

On Sun, Mar 17, 2013 at 8:47 AM, Nitin Mehta <Ni...@citrix.com> wrote:
> Something close to this is already being worked on. These talk about
> dedicating resources to accounts/domain. See if you can find a flag to
> "restrict" them as well.
> Or you can create an enhancement for the same
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/FS+for+VMs+on+hardwa
> re+dedicated+to+a+specific+account
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resources+
> -+Public+IP+Addresses+and+VLANs+per+Tenant
>
>
> Dedicating templates should be possible by using launchPermissions api for
> templates.
>
> Thanks,
> -Nitin
>
> On 15/03/13 9:22 PM, "Kirk Jantzer" <ki...@gmail.com> wrote:
>
>>Bryan, I like this idea - being able to restrict accounts/users/projects
>>to
>>certain zones/hypervisors/templates/etc. There's already a lot of
>>granularity in CS, why not a little more? :-)
>>
>>
>>On Thu, Mar 14, 2013 at 5:12 PM, Pranav Saxena
>><pr...@citrix.com>wrote:
>>
>>> Well , you can always set up a private zone by unchecking the public
>>> checkbox in the zone wizard .
>>>
>>> -----Original Message-----
>>> From: Bryan Whitehead [mailto:driver@megahappy.net]
>>> Sent: Friday, March 15, 2013 1:55 AM
>>> To: cloudstack-users@incubator.apache.org
>>> Subject: restricting users to a or Zone / Cluster
>>>
>>> I'd like to restrict users to a specific cluster in a zone but I don't
>>>see
>>> that as possible. Am I correct in this statement?
>>>
>>> Is there a way to restrict users to a specific Zone?
>>>
>>> Assuming I trust my users and just give them a specific zone to use -
>>>when
>>> I setup the zone can I just use the same secondary storage as others
>>>zones
>>> are do I need a new set of secondary storages as well?
>>>
>>> -Bryan
>>>
>>
>>
>>
>>--
>>Regards,
>>
>>Kirk Jantzer
>>c: (678) 561-5475
>

Re: restricting users to a or Zone / Cluster

[Nitin Mehta <Ni...@citrix.com>]

Something close to this is already being worked on. These talk about
dedicating resources to accounts/domain. See if you can find a flag to
"restrict" them as well.
Or you can create an enhancement for the same

https://cwiki.apache.org/confluence/display/CLOUDSTACK/FS+for+VMs+on+hardwa
re+dedicated+to+a+specific+account

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resources+
-+Public+IP+Addresses+and+VLANs+per+Tenant


Dedicating templates should be possible by using launchPermissions api for
templates.

Thanks,
-Nitin

On 15/03/13 9:22 PM, "Kirk Jantzer" <ki...@gmail.com> wrote:

>Bryan, I like this idea - being able to restrict accounts/users/projects
>to
>certain zones/hypervisors/templates/etc. There's already a lot of
>granularity in CS, why not a little more? :-)
>
>
>On Thu, Mar 14, 2013 at 5:12 PM, Pranav Saxena
><pr...@citrix.com>wrote:
>
>> Well , you can always set up a private zone by unchecking the public
>> checkbox in the zone wizard .
>>
>> -----Original Message-----
>> From: Bryan Whitehead [mailto:driver@megahappy.net]
>> Sent: Friday, March 15, 2013 1:55 AM
>> To: cloudstack-users@incubator.apache.org
>> Subject: restricting users to a or Zone / Cluster
>>
>> I'd like to restrict users to a specific cluster in a zone but I don't
>>see
>> that as possible. Am I correct in this statement?
>>
>> Is there a way to restrict users to a specific Zone?
>>
>> Assuming I trust my users and just give them a specific zone to use -
>>when
>> I setup the zone can I just use the same secondary storage as others
>>zones
>> are do I need a new set of secondary storages as well?
>>
>> -Bryan
>>
>
>
>
>-- 
>Regards,
>
>Kirk Jantzer
>c: (678) 561-5475

Re: restricting users to a or Zone / Cluster

[Kirk Jantzer <ki...@gmail.com>]

Bryan, I like this idea - being able to restrict accounts/users/projects to
certain zones/hypervisors/templates/etc. There's already a lot of
granularity in CS, why not a little more? :-)


On Thu, Mar 14, 2013 at 5:12 PM, Pranav Saxena <pr...@citrix.com>wrote:

> Well , you can always set up a private zone by unchecking the public
> checkbox in the zone wizard .
>
> -----Original Message-----
> From: Bryan Whitehead [mailto:driver@megahappy.net]
> Sent: Friday, March 15, 2013 1:55 AM
> To: cloudstack-users@incubator.apache.org
> Subject: restricting users to a or Zone / Cluster
>
> I'd like to restrict users to a specific cluster in a zone but I don't see
> that as possible. Am I correct in this statement?
>
> Is there a way to restrict users to a specific Zone?
>
> Assuming I trust my users and just give them a specific zone to use - when
> I setup the zone can I just use the same secondary storage as others zones
> are do I need a new set of secondary storages as well?
>
> -Bryan
>



-- 
Regards,

Kirk Jantzer
c: (678) 561-5475

RE: restricting users to a or Zone / Cluster

[Pranav Saxena <pr...@citrix.com>]

Well , you can always set up a private zone by unchecking the public checkbox in the zone wizard . 

-----Original Message-----
From: Bryan Whitehead [mailto:driver@megahappy.net] 
Sent: Friday, March 15, 2013 1:55 AM
To: cloudstack-users@incubator.apache.org
Subject: restricting users to a or Zone / Cluster

I'd like to restrict users to a specific cluster in a zone but I don't see that as possible. Am I correct in this statement?

Is there a way to restrict users to a specific Zone?

Assuming I trust my users and just give them a specific zone to use - when I setup the zone can I just use the same secondary storage as others zones are do I need a new set of secondary storages as well?

-Bryan