[Fiware-lab-federation-nodes] [CESNET #196603] Re: Discovered Unknown/Suspicious VMs on FIWARE Lab Genoa node

[Giorgio Robino]

Thanks José, Alfonso, Cristian

in facts appears to me an anomaly,
here (genoa node) we would proceed with deletion  of mentioned VMs.

As Cristian did:
we keep VMs as suspended and

We’ll wait until another decision to see what to do with it.

Looking forward Fernando's feedback

giorgio


------ Messaggio originale ------
Da: "José Ignacio Carretero via RT" <xifi-support at rt4.cesnet.cz>
A: giorgio.robino at cnit.it
Cc: fernando.lopez at fiware.org
Inviato: 16/03/2017 13:18:25
Oggetto: [CESNET #196603] Re: [Fiware-lab-federation-nodes] Discovered 
Unknown/Suspicious VMs on FIWARE Lab Genoa node

>However, it seems that this user has been approved not only in Crete
>node but it has been approved "more widely". I mean in every node.
>
>The user has used resources from other several nodes including Spain2,
>Crete, Lannion3, Mexico, etc. --- I have changed his privileges to
>restrict his access to Crete node (that's what he asked for and what it
>was approved). So, he shouldn't be able to access any other regions
>using the cloud portal.
>
>In Spain2 I've disassociated his Public IP and stopped his VMs (not
>destroyed them at all).
>
>Now we can think about what to do with his "extra" resources in the
>other nodes. Any suggestions are welcomed.
>
>Thank you Giorgio for your notification.
>
>Regards,
>José Ignacio
>
>El 16/03/17 a las 12:50, Pietropaolo Alfonso escribió:
>>  Searching from Jira the user id mostafa-hisham it seems that the user
>>  was approved and hosted on the Crete node...
>>
>>  Alfonso
>>
>>  *Alfonso Pietropaolo*
>>
>>  Research and Development Laboratory
>>  Engineering Ingegneria Informatica S.p.A.
>>  <https://imail.eng.it/ecp/Customize/www.eng.it>
>>  Via Riccardo Morandi, 32 00148 Roma - Italy
>>  Tel. 0683074834
>>  Skype: alfopietro
>>
>>
>>
>>>  Il giorno 16 mar 2017, alle ore 12:06, Giorgio Robino
>>>  <giorgio.robino at cnit.it <mailto:giorgio.robino at cnit.it>> ha scritto:
>>>
>>>  Hi Fernando, all,
>>>
>>>  we just discovered two unknown/suspicious VMs in status active, on
>>>  Genoa node.
>>>
>>>  As far as we know, as administrators of Fiware Lab Genoa node,
>>>  we are the only ones in charge to allocate VMs requests (replying
>>>  specific FIWARE FLUA-XXXX tickets).
>>>  That's correct?
>>>
>>>  Any tenant without an explicit ticket flow request, have to be
>>>  considered not authorized.
>>>  That's correct?
>>>
>>>  At the moment, we put VMs in status suspended:
>>>
>>>  root at controller01:~# nova list --all-tenants
>>>  
>>>+--------------------------------------+----------------+----------------------------------+-----------+------------+-------------+------------------------------------------------------------+
>>>  | ID | Name | Tenant ID
>>>                     | Status | Task State | Power State | Networks |
>>>  
>>>+--------------------------------------+----------------+----------------------------------+-----------+------------+-------------+------------------------------------------------------------+
>>>  | 4f68086a-968c-43f5-9a83-68f7d5786b27 | Hima1 |
>>>  d5275af31d724a40ac8be3c68c38858a | SUSPENDED | - | Running
>>>    | node-int-net-01=172.18.1.176, 130.251.135.187 |
>>>  | 87756965-5402-4bf0-9785-04d736d1db49 | iotul |
>>>  d5275af31d724a40ac8be3c68c38858a | SUSPENDED | - | Running
>>>    | node-int-net-01=172.18.1.191 |
>>>  
>>>+--------------------------------------+----------------+----------------------------------+-----------+------------+-------------+------------------------------------------------------------+
>>>  VMs details here below:
>>>
>>>  root at controller01:~# nova show 4f68086a-968c-43f5-9a83-68f7d5786b27
>>>  
>>>+--------------------------------------+-------------------------------------------------------------+
>>>  | Property | Value
>>>                        |
>>>  
>>>+--------------------------------------+-------------------------------------------------------------+
>>>  | OS-DCF:diskConfig | MANUAL
>>>                         |
>>>  | OS-EXT-AZ:availability_zone | nova
>>>                       |
>>>  | OS-EXT-SRV-ATTR:host | compute02.domain.tld |
>>>  | OS-EXT-SRV-ATTR:hypervisor_hostname | compute02.domain.tld |
>>>  | OS-EXT-SRV-ATTR:instance_name | instance-00004bed |
>>>  | OS-EXT-STS:power_state | 1
>>>                    |
>>>  | OS-EXT-STS:task_state | -
>>>                    |
>>>  | OS-EXT-STS:vm_state | active
>>>                         |
>>>  | OS-SRV-USG:launched_at | 2017-03-15T19:09:49.000000 |
>>>  | OS-SRV-USG:terminated_at | -
>>>                    |
>>>  | accessIPv4 |
>>>                  |
>>>  | accessIPv6 |
>>>                  |
>>>  | config_drive |
>>>                  |
>>>  | created | 2017-03-15T19:08:30Z |
>>>  | flavor | m1.large (4)
>>>                               |
>>>  | hostId |
>>>  aea193f566c67314b0fdf88a6bad0b12f9c3319119373770630ac724 |
>>>  | id |
>>>  4f68086a-968c-43f5-9a83-68f7d5786b27 |
>>>  | image | orion-psb-image-R5.4
>>>  (c894ce60-b9a2-48be-b1e2-c28185908fb0) |
>>>  | key_name | hima
>>>                       |
>>>  | metadata | {"region": "Genoa", "nid":
>>>  "344"} |
>>>  | name | Hima1
>>>                        |
>>>  | node-int-net-01 network | 172.18.1.176,
>>>  130.251.135.187 |
>>>  | os-extended-volumes:volumes_attached | []
>>>                     |
>>>  | progress | 0
>>>                    |
>>>  | security_groups | default
>>>                          |
>>>  | status | ACTIVE
>>>                         |
>>>  | tenant_id |
>>>  d5275af31d724a40ac8be3c68c38858a |
>>>  | updated | 2017-03-15T19:09:49Z |
>>>  | user_id | mostafa-hisham
>>>                                 |
>>>  
>>>+--------------------------------------+-------------------------------------------------------------+
>>>
>>>  root at controller01:~# nova show 87756965-5402-4bf0-9785-04d736d1db49
>>>  
>>>+--------------------------------------+----------------------------------------------------------+
>>>  | Property | Value
>>>                     |
>>>  
>>>+--------------------------------------+----------------------------------------------------------+
>>>  | OS-DCF:diskConfig | MANUAL
>>>                      |
>>>  | OS-EXT-AZ:availability_zone | nova
>>>                    |
>>>  | OS-EXT-SRV-ATTR:host | compute03.domain.tld |
>>>  | OS-EXT-SRV-ATTR:hypervisor_hostname | compute03.domain.tld |
>>>  | OS-EXT-SRV-ATTR:instance_name | instance-0000460e |
>>>  | OS-EXT-STS:power_state | 1
>>>                 |
>>>  | OS-EXT-STS:task_state | -
>>>                 |
>>>  | OS-EXT-STS:vm_state | active
>>>                      |
>>>  | OS-SRV-USG:launched_at | 2017-02-28T16:58:58.000000 |
>>>  | OS-SRV-USG:terminated_at | -
>>>                 |
>>>  | accessIPv4 |
>>>               |
>>>  | accessIPv6 |
>>>               |
>>>  | config_drive |
>>>               |
>>>  | created | 2017-02-28T16:57:40Z |
>>>  | flavor | m1.medium (3)
>>>                             |
>>>  | hostId |
>>>  7d3e4c05dd8d58708387259119b5aefe2058623abc4b3f758070299e |
>>>  | id |
>>>  87756965-5402-4bf0-9785-04d736d1db49 |
>>>  | image | base_debian_7
>>>  (b66abb99-f08d-4880-9139-b2d6b5e3d3a8) |
>>>  | key_name | ultk
>>>                    |
>>>  | metadata | {"region": "Genoa"}
>>>                               |
>>>  | name | iotul
>>>                     |
>>>  | node-int-net-01 network | 172.18.1.191
>>>                            |
>>>  | os-extended-volumes:volumes_attached | []
>>>                  |
>>>  | progress | 0
>>>                 |
>>>  | security_groups | default
>>>                       |
>>>  | status | ACTIVE
>>>                      |
>>>  | tenant_id |
>>>  d5275af31d724a40ac8be3c68c38858a |
>>>  | updated | 2017-02-28T16:58:59Z |
>>>  | user_id | mostafa-hisham
>>>                              |
>>>  
>>>+--------------------------------------+----------------------------------------------------------+
>>>
>>>
>>>  How do you suggest to proceed?
>>>
>>>  Thanks & regards
>>>  giorgio
>>>  
>>>__________________________________________________________________________________________
>>>
>>>  You can get more information about our cookies and privacy policies
>>>  on the following links:
>>>  
>>>-http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Privacy_Policy
>>>  
>>>-http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Cookies_Policy_FIWARE
>>>
>>>  Fiware-lab-federation-nodes mailing list
>>>  Fiware-lab-federation-nodes at lists.fiware.org
>>>  <mailto:Fiware-lab-federation-nodes at lists.fiware.org>
>>>  https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
>>
>>
>>
>>  
>>__________________________________________________________________________________________
>>
>>  You can get more information about our cookies and privacy policies 
>>on the following links:
>>  - 
>>http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Privacy_Policy
>>  - 
>>http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Cookies_Policy_FIWARE
>>
>>  Fiware-lab-federation-nodes mailing list
>>  Fiware-lab-federation-nodes at lists.fiware.org
>>  https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
>>
>
>--
>−−−
>José Ignacio Carretero 	
>
>FIWARE Cloud and Platform Expert
>FIWARE Foundation 	
>  FIWARE Foundation
>Franklinstrasse 13A
>10587 Berlin
>email: joseignacio.carretero at fiware.org
><mailto:joseignacio.carretero at fiware.org>
>www: http://fiware.org
>twitter: @jicarreterogu @FIWARE
>skype: jicarretero 	
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20170316/15a6ae6e/attachment-0001.html>