Hi all,
we have also a VM on Vicenza node…..
We procede to remove it.
BR
Mauro
Da: fiware-lab-federation-nodes-bounces at lists.fiware.org [mailto:fiware-lab-federation-nodes-bounces at lists.fiware.org] Per conto di Spyros Argyropoulos
Inviato: giovedì 16 marzo 2017 14:27
A: Giorgio Robino; fernando.lopez at fiware.org; Pietropaolo Alfonso; xifi-support at rt4.cesnet.cz
Cc: fiware-lab-federation-nodes at lists.fiware.org
Oggetto: Re: [Fiware-lab-federation-nodes] [CESNET #196603] Re: Discovered Unknown/Suspicious VMs on FIWARE Lab Genoa node
Hi All,
This user has become a 'community user' after a 'FIWARE LAB Upgrade Account' Request to the Region of Crete (FLUA-2658 : Assign Resources and Status for: Creating IoT using mobile sensors).
We provided the requested resources without changing the status of the selected Regions.
Now in the the Region of Crete there are two VMs of this user.
BR,
Spyros.
Spyros Argyropoulos, Computer & Informatics Eng.
Intelligent Systems Laboratory
School of Electrical and Computer Engineering
Technical University of Crete
University Campus - Kounoupidiana
73100 Chania, Crete
GREECE
Phone: +3028210 37342
Fax: +3028210 37542
On 16/3/2017 2:52 μμ, Giorgio Robino wrote:
Thanks José, Alfonso, Cristian
in facts appears to me an anomaly,
here (genoa node) we would proceed with deletion of mentioned VMs.
As Cristian did:
we keep VMs as suspended and
We’ll wait until another decision to see what to do with it.
Looking forward Fernando's feedback
giorgio
------ Messaggio originale ------
Da: "José Ignacio Carretero via RT" <xifi-support at rt4.cesnet.cz<mailto:xifi-support at rt4.cesnet.cz>>
A: giorgio.robino at cnit.it<mailto:giorgio.robino at cnit.it>
Cc: fernando.lopez at fiware.org<mailto:fernando.lopez at fiware.org>
Inviato: 16/03/2017 13:18:25
Oggetto: [CESNET #196603] Re: [Fiware-lab-federation-nodes] Discovered Unknown/Suspicious VMs on FIWARE Lab Genoa node
However, it seems that this user has been approved not only in Crete
node but it has been approved "more widely". I mean in every node.
The user has used resources from other several nodes including Spain2,
Crete, Lannion3, Mexico, etc. --- I have changed his privileges to
restrict his access to Crete node (that's what he asked for and what it
was approved). So, he shouldn't be able to access any other regions
using the cloud portal.
In Spain2 I've disassociated his Public IP and stopped his VMs (not
destroyed them at all).
Now we can think about what to do with his "extra" resources in the
other nodes. Any suggestions are welcomed.
Thank you Giorgio for your notification.
Regards,
José Ignacio
El 16/03/17 a las 12:50, Pietropaolo Alfonso escribió:
Searching from Jira the user id mostafa-hisham it seems that the user
was approved and hosted on the Crete node...
Alfonso
*Alfonso Pietropaolo*
Research and Development Laboratory
Engineering Ingegneria Informatica S.p.A.
<https://imail.eng.it/ecp/Customize/www.eng.it>
Via Riccardo Morandi, 32 00148 Roma - Italy
Tel. 0683074834
Skype: alfopietro
Il giorno 16 mar 2017, alle ore 12:06, Giorgio Robino
<giorgio.robino at cnit.it<mailto:giorgio.robino at cnit.it> <mailto:giorgio.robino at cnit.it<mailto:giorgio.robino at cnit.it>>> ha scritto:
Hi Fernando, all,
we just discovered two unknown/suspicious VMs in status active, on
Genoa node.
As far as we know, as administrators of Fiware Lab Genoa node,
we are the only ones in charge to allocate VMs requests (replying
specific FIWARE FLUA-XXXX tickets).
That's correct?
Any tenant without an explicit ticket flow request, have to be
considered not authorized.
That's correct?
At the moment, we put VMs in status suspended:
root at controller01:~# nova list --all-tenants
+--------------------------------------+----------------+----------------------------------+-----------+------------+-------------+------------------------------------------------------------+
| ID | Name | Tenant ID
| Status | Task State | Power State | Networks |
+--------------------------------------+----------------+----------------------------------+-----------+------------+-------------+------------------------------------------------------------+
| 4f68086a-968c-43f5-9a83-68f7d5786b27 | Hima1 |
d5275af31d724a40ac8be3c68c38858a | SUSPENDED | - | Running
| node-int-net-01=172.18.1.176, 130.251.135.187 |
| 87756965-5402-4bf0-9785-04d736d1db49 | iotul |
d5275af31d724a40ac8be3c68c38858a | SUSPENDED | - | Running
| node-int-net-01=172.18.1.191 |
+--------------------------------------+----------------+----------------------------------+-----------+------------+-------------+------------------------------------------------------------+
VMs details here below:
root at controller01:~# nova show 4f68086a-968c-43f5-9a83-68f7d5786b27
+--------------------------------------+-------------------------------------------------------------+
| Property | Value
|
+--------------------------------------+-------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL
|
| OS-EXT-AZ:availability_zone | nova
|
| OS-EXT-SRV-ATTR:host | compute02.domain.tld |
| OS-EXT-SRV-ATTR:hypervisor_hostname | compute02.domain.tld |
| OS-EXT-SRV-ATTR:instance_name | instance-00004bed |
| OS-EXT-STS:power_state | 1
|
| OS-EXT-STS:task_state | -
|
| OS-EXT-STS:vm_state | active
|
| OS-SRV-USG:launched_at | 2017-03-15T19:09:49.000000 |
| OS-SRV-USG:terminated_at | -
|
| accessIPv4 |
|
| accessIPv6 |
|
| config_drive |
|
| created | 2017-03-15T19:08:30Z |
| flavor | m1.large (4)
|
| hostId |
aea193f566c67314b0fdf88a6bad0b12f9c3319119373770630ac724 |
| id |
4f68086a-968c-43f5-9a83-68f7d5786b27 |
| image | orion-psb-image-R5.4
(c894ce60-b9a2-48be-b1e2-c28185908fb0) |
| key_name | hima
|
| metadata | {"region": "Genoa", "nid":
"344"} |
| name | Hima1
|
| node-int-net-01 network | 172.18.1.176,
130.251.135.187 |
| os-extended-volumes:volumes_attached | []
|
| progress | 0
|
| security_groups | default
|
| status | ACTIVE
|
| tenant_id |
d5275af31d724a40ac8be3c68c38858a |
| updated | 2017-03-15T19:09:49Z |
| user_id | mostafa-hisham
|
+--------------------------------------+-------------------------------------------------------------+
root at controller01:~# nova show 87756965-5402-4bf0-9785-04d736d1db49
+--------------------------------------+----------------------------------------------------------+
| Property | Value
|
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL
|
| OS-EXT-AZ:availability_zone | nova
|
| OS-EXT-SRV-ATTR:host | compute03.domain.tld |
| OS-EXT-SRV-ATTR:hypervisor_hostname | compute03.domain.tld |
| OS-EXT-SRV-ATTR:instance_name | instance-0000460e |
| OS-EXT-STS:power_state | 1
|
| OS-EXT-STS:task_state | -
|
| OS-EXT-STS:vm_state | active
|
| OS-SRV-USG:launched_at | 2017-02-28T16:58:58.000000 |
| OS-SRV-USG:terminated_at | -
|
| accessIPv4 |
|
| accessIPv6 |
|
| config_drive |
|
| created | 2017-02-28T16:57:40Z |
| flavor | m1.medium (3)
|
| hostId |
7d3e4c05dd8d58708387259119b5aefe2058623abc4b3f758070299e |
| id |
87756965-5402-4bf0-9785-04d736d1db49 |
| image | base_debian_7
(b66abb99-f08d-4880-9139-b2d6b5e3d3a8) |
| key_name | ultk
|
| metadata | {"region": "Genoa"}
|
| name | iotul
|
| node-int-net-01 network | 172.18.1.191
|
| os-extended-volumes:volumes_attached | []
|
| progress | 0
|
| security_groups | default
|
| status | ACTIVE
|
| tenant_id |
d5275af31d724a40ac8be3c68c38858a |
| updated | 2017-02-28T16:58:59Z |
| user_id | mostafa-hisham
|
+--------------------------------------+----------------------------------------------------------+
How do you suggest to proceed?
Thanks & regards
giorgio
__________________________________________________________________________________________
You can get more information about our cookies and privacy policies
on the following links:
-http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Privacy_Policy
-http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Cookies_Policy_FIWARE
Fiware-lab-federation-nodes mailing list
Fiware-lab-federation-nodes at lists.fiware.org<mailto:Fiware-lab-federation-nodes at lists.fiware.org>
<mailto:Fiware-lab-federation-nodes at lists.fiware.org<mailto:Fiware-lab-federation-nodes at lists.fiware.org>>
https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
__________________________________________________________________________________________
You can get more information about our cookies and privacy policies on the following links:
- http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Privacy_Policy
- http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Cookies_Policy_FIWARE
Fiware-lab-federation-nodes mailing list
Fiware-lab-federation-nodes at lists.fiware.org<mailto:Fiware-lab-federation-nodes at lists.fiware.org>
https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
--
−−−
José Ignacio Carretero
FIWARE Cloud and Platform Expert
FIWARE Foundation
FIWARE Foundation
Franklinstrasse 13A
10587 Berlin
email: joseignacio.carretero at fiware.org<mailto:joseignacio.carretero at fiware.org>
<mailto:joseignacio.carretero at fiware.org<mailto:joseignacio.carretero at fiware.org>>
www: http://fiware.org
twitter: @jicarreterogu @FIWARE
skype: jicarretero
__________________________________________________________________________________________
You can get more information about our cookies and privacy policies on the following links:
- http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Privacy_Policy
- http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Cookies_Policy_FIWARE
Fiware-lab-federation-nodes mailing list
Fiware-lab-federation-nodes at lists.fiware.org<mailto:Fiware-lab-federation-nodes at lists.fiware.org>
https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20170316/9191f8d5/attachment-0001.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy