Hi all,
I have found one VM of this user on our node Lannion3, and I stopped it.
We’ll wait until another decision to see what to do with it.
# nova list --all --tenant d5275af31d724a40ac8be3c68c38858a
+--------------------------------------+---------+----------------------------------+---------+------------+-------------+------------------------------+
| ID | Name | Tenant ID | Status | Task State | Power State | Networks |
+--------------------------------------+---------+----------------------------------+---------+------------+-------------+------------------------------+
| 7c47fa4b-48ca-4429-9335-ed558c232cc2 | ibroker | d5275af31d724a40ac8be3c68c38858a | SHUTOFF | - | Shutdown | node-int-net-01=192.168.6.41 |
+--------------------------------------+---------+----------------------------------+---------+------------+-------------+------------------------------+
BR,
Cristian CMECIU
Fiware-Lab/ Lannion Region
ImaginLab Support Engineer
De : fiware-lab-federation-nodes-bounces at lists.fiware.org [mailto:fiware-lab-federation-nodes-bounces at lists.fiware.org] De la part de José Ignacio Carretero
Envoyé : jeudi 16 mars 2017 13:17
À : Pietropaolo Alfonso <Alfonso.Pietropaolo at eng.it>; Giorgio Robino <giorgio.robino at cnit.it>
Cc : fiware-lab-federation-nodes at lists.fiware.org
Objet : Re: [Fiware-lab-federation-nodes] Discovered Unknown/Suspicious VMs on FIWARE Lab Genoa node
However, it seems that this user has been approved not only in Crete node but it has been approved "more widely". I mean in every node.
The user has used resources from other several nodes including Spain2, Crete, Lannion3, Mexico, etc. --- I have changed his privileges to restrict his access to Crete node (that's what he asked for and what it was approved). So, he shouldn't be able to access any other regions using the cloud portal.
In Spain2 I've disassociated his Public IP and stopped his VMs (not destroyed them at all).
Now we can think about what to do with his "extra" resources in the other nodes. Any suggestions are welcomed.
Thank you Giorgio for your notification.
Regards,
José Ignacio
El 16/03/17 a las 12:50, Pietropaolo Alfonso escribió:
Searching from Jira the user id mostafa-hisham it seems that the user was approved and hosted on the Crete node...
Alfonso
Alfonso Pietropaolo
Research and Development Laboratory
<https://imail.eng.it/ecp/Customize/www.eng.it> Engineering Ingegneria Informatica S.p.A.
Via Riccardo Morandi, 32 00148 Roma - Italy
Tel. 0683074834
Skype: alfopietro
Il giorno 16 mar 2017, alle ore 12:06, Giorgio Robino <giorgio.robino at cnit.it <mailto:giorgio.robino at cnit.it> > ha scritto:
Hi Fernando, all,
we just discovered two unknown/suspicious VMs in status active, on Genoa node.
As far as we know, as administrators of Fiware Lab Genoa node,
we are the only ones in charge to allocate VMs requests (replying specific FIWARE FLUA-XXXX tickets).
That's correct?
Any tenant without an explicit ticket flow request, have to be considered not authorized.
That's correct?
At the moment, we put VMs in status suspended:
root at controller01:~# nova list --all-tenants
+--------------------------------------+----------------+----------------------------------+-----------+------------+-------------+------------------------------------------------------------+
| ID | Name | Tenant ID | Status | Task State | Power State | Networks |
+--------------------------------------+----------------+----------------------------------+-----------+------------+-------------+------------------------------------------------------------+
| 4f68086a-968c-43f5-9a83-68f7d5786b27 | Hima1 | d5275af31d724a40ac8be3c68c38858a | SUSPENDED | - | Running | node-int-net-01=172.18.1.176, 130.251.135.187 |
| 87756965-5402-4bf0-9785-04d736d1db49 | iotul | d5275af31d724a40ac8be3c68c38858a | SUSPENDED | - | Running | node-int-net-01=172.18.1.191 |
+--------------------------------------+----------------+----------------------------------+-----------+------------+-------------+------------------------------------------------------------+
VMs details here below:
root at controller01:~# nova show 4f68086a-968c-43f5-9a83-68f7d5786b27
+--------------------------------------+-------------------------------------------------------------+
| Property | Value |
+--------------------------------------+-------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | compute02.domain.tld |
| OS-EXT-SRV-ATTR:hypervisor_hostname | compute02.domain.tld |
| OS-EXT-SRV-ATTR:instance_name | instance-00004bed |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | - |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2017-03-15T19:09:49.000000 |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2017-03-15T19:08:30Z |
| flavor | m1.large (4) |
| hostId | aea193f566c67314b0fdf88a6bad0b12f9c3319119373770630ac724 |
| id | 4f68086a-968c-43f5-9a83-68f7d5786b27 |
| image | orion-psb-image-R5.4 (c894ce60-b9a2-48be-b1e2-c28185908fb0) |
| key_name | hima |
| metadata | {"region": "Genoa", "nid": "344"} |
| name | Hima1 |
| node-int-net-01 network | 172.18.1.176, 130.251.135.187 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | ACTIVE |
| tenant_id | d5275af31d724a40ac8be3c68c38858a |
| updated | 2017-03-15T19:09:49Z |
| user_id | mostafa-hisham |
+--------------------------------------+-------------------------------------------------------------+
root at controller01:~# nova show 87756965-5402-4bf0-9785-04d736d1db49
+--------------------------------------+----------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | compute03.domain.tld |
| OS-EXT-SRV-ATTR:hypervisor_hostname | compute03.domain.tld |
| OS-EXT-SRV-ATTR:instance_name | instance-0000460e |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | - |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2017-02-28T16:58:58.000000 |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2017-02-28T16:57:40Z |
| flavor | m1.medium (3) |
| hostId | 7d3e4c05dd8d58708387259119b5aefe2058623abc4b3f758070299e |
| id | 87756965-5402-4bf0-9785-04d736d1db49 |
| image | base_debian_7 (b66abb99-f08d-4880-9139-b2d6b5e3d3a8) |
| key_name | ultk |
| metadata | {"region": "Genoa"} |
| name | iotul |
| node-int-net-01 network | 172.18.1.191 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | ACTIVE |
| tenant_id | d5275af31d724a40ac8be3c68c38858a |
| updated | 2017-02-28T16:58:59Z |
| user_id | mostafa-hisham |
+--------------------------------------+----------------------------------------------------------+
How do you suggest to proceed?
Thanks & regards
giorgio
__________________________________________________________________________________________
You can get more information about our cookies and privacy policies on the following links:
- <http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Privacy_Policy> http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Privacy_Policy
- <http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Cookies_Policy_FIWARE> http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Cookies_Policy_FIWARE
Fiware-lab-federation-nodes mailing list
<mailto:Fiware-lab-federation-nodes at lists.fiware.org> Fiware-lab-federation-nodes at lists.fiware.org
<https://lists.fiware.org/listinfo/fiware-lab-federation-nodes> https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
__________________________________________________________________________________________
You can get more information about our cookies and privacy policies on the following links:
- http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Privacy_Policy
- http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Cookies_Policy_FIWARE
Fiware-lab-federation-nodes mailing list
Fiware-lab-federation-nodes at lists.fiware.org <mailto:Fiware-lab-federation-nodes at lists.fiware.org>
https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
--
−−−
José Ignacio Carretero
FIWARE Cloud and Platform Expert
FIWARE Foundation
Franklinstrasse 13A
10587 Berlin
email: joseignacio.carretero at fiware.org <mailto:joseignacio.carretero at fiware.org>
www: http://fiware.org
twitter: @jicarreterogu @FIWARE
skype: jicarretero
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20170316/d0f6c19b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6250 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20170316/d0f6c19b/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 251283 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20170316/d0f6c19b/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4598 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20170316/d0f6c19b/attachment-0001.bin>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy