Ask Your Question

wbentley15's profile - activity

2016-02-25 11:35:40 -0600 received badge  Popular Question (source)
2016-02-25 11:35:40 -0600 received badge  Notable Question (source)
2015-07-16 22:39:52 -0600 received badge  Famous Question (source)
2015-06-25 00:04:23 -0600 received badge  Notable Question (source)
2015-06-25 00:04:23 -0600 received badge  Popular Question (source)
2015-04-06 08:27:01 -0600 asked a question How do you log RBAC events with Keystone?

Despite numerous attempts to enable the additional logging for Keystone found at - http://docs.openstack.org/openstack-ops/content/logging_monitoring.html...the only logging level I get in the logs is WARNING. Looking to log all RBAC events for auditing/security purposes. Anyone have success doing this?

2015-04-06 08:26:27 -0600 asked a question How do you log RBAC events with Keystone?

Despite numerous attempts to enable the additional logging for Keystone found at - http://docs.openstack.org/openstack-o... only logging level I get in the logs is WARNING. Looking to log all RBAC events for auditing/security purposes. Anyone have success doing this?

2015-03-09 02:41:07 -0600 received badge  Notable Question (source)
2015-01-15 02:42:01 -0600 received badge  Nice Answer (source)
2015-01-10 00:49:19 -0600 received badge  Self-Learner (source)
2015-01-10 00:49:19 -0600 received badge  Teacher (source)
2015-01-10 00:49:19 -0600 received badge  Popular Question (source)
2015-01-08 21:07:59 -0600 answered a question Can you restrict a user or tenant to a Cinder volume type?

Thanks for the great response! I tested out your suggestion and yes, you can restrict a tenant from creating volumes on defined volume types.

The thing to keep in mind is you must know the tenant ID in order to apply the specific volume type quota and apply the quota for each tenant created (now and going forward). Another thing I discovered is I could not find one good example to reference anywhere on the internet :). So here is one:

This lists out all the quotas defined for the tenant:

$ cinder quota-show <tenant_ID>
$ cinder quota-show 0ece405bde4b412fb689a6b072f2744a

Now set your volume type quota for that tenant:

$ cinder quota-update --volumes <volume_count> --volume-type <volume_type_name> <tenant_ID>
$ cinder quota-update --volumes 100 --volume-type lvm-SSD 0ece405bde4b412fb689a6b072f2744a

Before doing the above you need to create the volume types ahead of time of course. I used this blog to help with that and focused on Case 3 - http://www.rushiagr.com/blog/2014/01/16/playing-around-with-cinder-multi-backend/ (http://www.rushiagr.com/blog/2014/01/...) .

The default value for the volume type is '-1'. If you do not reset it with the command above, it will not change. Also, you must pass the '--volumes' parameter with the 'volume-type' parameter. Doing one without the other gives you the appearance that it worked but, when you run the quota-show command again you will see it did not change.

2015-01-08 10:50:32 -0600 asked a question Can you restrict a user or tenant to a Cinder volume type?

I have a need to restrict a user or tenant to only be able to use a set defined Cinder volume type. That volume type is tied to separate backends defined in Cinder. I only want a certain user or tenant to see a defined volume type in Horizon. Is that possible? I sorted thru the Cinder RBAC settings and unable to figure out which one would do this, if at all.

Any assistance on this matter would be great!