[Openstack] Security group isolation on same physical host

2012-06-07 Thread Mitchell Broome
So I'm running into a problem where two different virtual machines on the same physical host can get to each other bypassing security groups. As a test, I have removed all rules from the default security group and created two other groups for testing (test1 and test2) that only have inbound ssh ac

Re: [Openstack] Security group isolation on same physical host

2012-06-07 Thread Mitchell Broome
Looks like I tracked down the problem. I needed to enable netfilter on the bridge. On Thu, Jun 7, 2012 at 10:00 AM, Mitchell Broome wrote: > So I'm running into a problem where two different virtual machines on > the same physical host can get to each other bypassing security >

Re: [Openstack] Configuring Openstack (Essex) to use existing Dynamic DNS servers

2012-06-12 Thread Mitchell Broome
I didn't find anything that caught my eye either. I'm not sure if it's the kind of thing your looking for but I ended up writing my own integration. Basically, I'm watching the qpid queue (haven't tried rabbitmq) for messages related to the creation and deletion of instances and pushing the data

Re: [Openstack] Anyone using instance metadata?

2012-07-04 Thread Mitchell Broome
We are using metadata tags to maintain assorted information about instances that doesn't have to be provided to the instance it's self. Things like letting users assign notes to their instances which shouldn't be exposed as userdata (which we use to configure the machines). It would be really nice

[Openstack] EC2 api and tenants

2012-08-02 Thread Mitchell Broome
I'm using essex 2012.1 and I'm running into an issue with tenant separation using the ec2 api. I end up having to give a user the 'admin' role in keytone to create instances within a tenant. I can live with that but the problem is, now that the user has 'admin', they also see all of the instances

Re: [Openstack] EC2 api and tenants

2012-08-03 Thread Mitchell Broome
, I'm just making use of netadmin and sysadmin rather than creating new rules in policy.json. On Thu, Aug 2, 2012 at 6:51 PM, Ryan Lane wrote: > On Thu, Aug 2, 2012 at 1:23 PM, Mitchell Broome > wrote: >> I'm using essex 2012.1 and I'm running into an issue with tenant &g

[Openstack] Quotas in folsom

2012-10-29 Thread Mitchell Broome
I'm running into quota problems trying to increase the number of security groups and rules within security groups per tenant. Setting quota_security_groups and quota_security_group_rules in nova.conf seem to have no effect. There also doesn't seem to be any way to change the quota limits for secu