[ops][neutron] Is it possible to "lock" a floating IP to an instance ?
smooney at redhat.com
Thu Sep 23 10:38:56 UTC 2021
On Thu, 2021-09-23 at 12:20 +0200, Massimo Sgaravatto wrote:
> I have the following use case:
> A user creates a VM and associates a floating IP to such instance
> Is in some way possible to prevent that the floating IP is
> disassociated from that instance by another user of the same project ?
> If it helps, the user owning the instance could be admin (but allowing only
> the admin user to manage floating IPs is not an option)
if you are using novas api to manage floating ips then you might be able to lock the instnace which should prevent changing
the ip assocations and most other instnace actions however if you were to manage teh floating ips form neutron that ouls entirly bypass that.
we had talk about adding the ablity to lock ports for a different usecasue and haing nova lock the port whenever an instance is locked
that might be the way to adress this in the future but for now i dont think you can do this without custom midelware.
> Thanks, Massimo
More information about the openstack-discuss