cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nux! <...@li.nux.ro>
Subject Re: Hooking into the SecurityGroups
Date Fri, 01 Apr 2016 16:47:10 GMT
Will,

What I want to do is enable some sort of accounting based on iptables counters (I only want
to measure traffic to certain destinations, i.e. not count inter-vm traffic in a SG zone).
I doubt it's something the events stream can help, but it's a good thing to be aware of nonetheless.

Thanks

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "Will Stevens" <wstevens@cloudops.com>
> To: dev@cloudstack.apache.org
> Cc: "Pierre-Luc Dion" <pdion@cloudops.com>
> Sent: Friday, 1 April, 2016 15:38:19
> Subject: Re: Hooking into the SecurityGroups

> Patrick, did you guys end up doing anything with these events?  I know we
> were messing with that at one point.  Did we learn anything interesting?
> Is it a viable solution for what Nux is trying to do?
> 
> *Will STEVENS*
> Lead Developer
> 
> *CloudOps* *| *Cloud Solutions Experts
> 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
> w cloudops.com *|* tw @CloudOps_
> 
> On Fri, Apr 1, 2016 at 9:59 AM, Patrick Dube <patrickdube91@gmail.com>
> wrote:
> 
>> @swill. You can configure CloudStack to push it's events to both mysql and
>> RabbitMQ or Kafka (
>>
>> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/events.html
>> )
>>
>> On Fri, Apr 1, 2016 at 8:37 AM, Will Stevens <williamstevens@gmail.com>
>> wrote:
>>
>> > Pierre-Luc may have gotten something like this working. I think he tried
>> > something similar.
>> >
>> > I think you can do something like redirect the events to redis and then
>> > with a tool that uses the API and redis, build an event based overlay.
>> >
>> > I would have to look into this deeper, but I think PLD did some work on
>> > this.
>> > Thanks a lot Jayapal!
>> >
>> > Will, that sounds nice but I have not seen anything like this.
>> >
>> > Another interesting thing might be - as Wido suggested - to use libvirt
>> > filters instead of our python scripts and I believe libvirt has it's own
>> > way of hooking stuff into it. Could be another thing to explore, though
>> it
>> > sounds like a level lower than what you're proposing.
>> >
>> > Lucian
>> >
>> > --
>> > Sent from the Delta quadrant using Borg technology!
>> >
>> > Nux!
>> > www.nux.ro
>> >
>> > ----- Original Message -----
>> > > From: "Will Stevens" <williamstevens@gmail.com>
>> > > To: dev@cloudstack.apache.org
>> > > Sent: Friday, 1 April, 2016 12:50:16
>> > > Subject: Re: Hooking into the SecurityGroups
>> >
>> > > Slightly off topic, but relevant. Ideally we could easily hook into the
>> > > event logging and build added logic by simply tying them to specific
>> > > events. This would limit the hackery and would provide a system that
>> > others
>> > > could use without having to change the core. Has anyone done something
>> > like
>> > > this?
>> > > On Apr 1, 2016 6:42 AM, "Nux!" <nux@li.nux.ro> wrote:
>> > >
>> > >> Hi,
>> > >>
>> > >> I want to hook into the SGs and add a few iptables rules every time
a
>> VM
>> > >> is spawned and delete them when the VM is moved/deleted.
>> > >> Has anyone done this before? Any pointers before I go and butcher it?
>> > :-)
>> > >>
>> > >> Lucian
>> > >>
>> > >> --
>> > >> Sent from the Delta quadrant using Borg technology!
>> > >>
>> > >> Nux!
>> > >> www.nux.ro
>> >

Mime
View raw message