<div dir="ltr">Hi Diego!<div><br></div><div>I did not reinstall OpenStack components or Compute Node... It was a fresh install, that I started using into production.</div><div><br></div><div>I already did this before, I mean, reinstall things without formatting the server but, I always remove all the remaining instances, with virt-manager, before starting it over again, but not this time.</div>
<div><br></div><div>This security breach is happening right now here and I don't know what can I do to fix it, or what should I type on a BUG at Launchpad...</div><div><br></div><div><b><u>This problem is very serious</u></b>, mostly because "Tenant A" can't see its own instances, so, he is unable to use the OpenStack anymore and, "Tenant B" isn't aware that someone else is accessing its Instances without his permission.</div>
<div><br></div><div>I'm sure that this problem is worth to take a look by someone more expert than I.</div><div><br></div><div>Tks!</div><div>Thiago</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On 23 December 2013 18:12, Diego Parrilla Santamaría <span dir="ltr"><<a href="mailto:diego.parrilla.santamaria@gmail.com" target="_blank">diego.parrilla.santamaria@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Did you reinstall your system? If so, are you sure you deleted the previous running VMs in the compute server?<div><br></div><div>I have seen this before when trying to launch a VM and thers are 'forgotten' VMs running with the same uuid in libvirt+kvm. </div>
<div><br></div><div>If it's a bug, it's really a good one...</div><div><br></div><div>Cheers</div><div>Diego</div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"> -- <br><span style="border-collapse:separate;font-family:Times"><span style="border-collapse:collapse;font-family:arial,sans-serif"><div align="left" style="font-size:13px">
<div><font><span lang="ES" style="font-family:Arial">Diego Parrilla<br><a href="http://www.stackops.com/" title="file:///C:/Documents%20and%20Settings/carolina.capsir.per1/Application%20Data/Microsoft/Signatures/www.garrigues.com
www.garrigues.com" style="color:rgb(7,77,143)" target="_blank"><span title="file:///C:/Documents%20and%20Settings/carolina.capsir.per1/Application%20Data/Microsoft/Signatures/www.garrigues.com"></span></a></span></font><font face="Arial" style="font-family:arial,helvetica,sans-serif"><b>CEO</b><font size="1"><br>
</font></font><span style="border-collapse:separate;font-family:Times;font-size:medium"><span style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"></span></span><b><font face="Arial" style="font-family:arial,helvetica,sans-serif"><a href="http://www.stackops.com/" target="_blank"><b>www.stackops.com</b></a> | </font></b><font face="Arial" style="font-family:arial,helvetica,sans-serif"><font size="1"> <a href="mailto:diego.parrilla@stackops.com" target="_blank">diego.parrilla@stackops.com</a></font></font><span style="border-collapse:separate;font-family:Times;font-size:medium"><span style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><font color="#004438" face="Arial"><b><b><span lang="EN-GB" style="font-size:10pt"></span></b></b></font></span></span><font face="Arial" style="font-family:arial,helvetica,sans-serif"><font size="1"> | US: </font></font><span style="border-collapse:separate;font-family:Times;font-size:medium"><span style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><font face="Arial" style="font-family:arial,helvetica,sans-serif"><font size="1"><a href="tel:%2B1%20%28512%29%20646-0068" value="+15126460068" target="_blank">+1 (512) 646-0068</a> | EU: </font></font></span></span><span style="font-family:arial,helvetica,sans-serif;font-size:x-small"><a href="tel:%2B34%2091%20005-2164" value="+34910052164" target="_blank">+34 91 005-2164</a> | </span><a style="font-size:x-small;font-family:arial,helvetica,sans-serif">skype:diegoparrilla</a></div>
</div><div style="font-size:13px"><font color="#004438" face="Arial"><b><p><span style="border-collapse:separate;font-size:medium;font-family:Times"><span style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><span style="border-collapse:separate;font-family:Times;font-size:medium"><span style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><font color="#004438" face="Arial"><b><b><span lang="EN-GB" style="font-size:10pt"><img src="http://stackops.s3-external-3.amazonaws.com/STACKOPSLOGO-ICON.png"></span></b></b></font></span></span></span></span></p>
</b></font></div></span></span><div><br></div></div></div>
<br><br><div class="gmail_quote"><div><div class="h5">On Mon, Dec 23, 2013 at 8:56 PM, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div dir="ltr">Hi!<div class="gmail_extra"><br><br><div class="gmail_quote"><div>On 23 December 2013 16:53, gustavo panizzo <gfa> <span dir="ltr"><<a href="mailto:gfa@zumbi.com.ar" target="_blank">gfa@zumbi.com.ar</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div>is the user member of the two tenants?<br></div></blockquote>
<div><br></div></div><div>No. "Tenant B" have only, and only one user. I never created a user that belongs to more than 1 tenant, my cloud is very simple and small. And "Tenant A" user is a member of its own Project, not two.</div>
<div><br></div><div>Only my "Tenant C", have <u>two users</u> but, no user belongs to two tenants. I'm quite sure about this.</div><div><br></div><div>Anyway, you made me a interesting question, how can I see the that? I mean, is there a command option to list all the tenants that a user is member of? I can see the keystone options like "user-role-list", or "tenant-get" but, I can't find a option to list the tenants that a user is a member of. Tips?!</div>
<div><br></div><div>Tks!</div><div><div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><div class="gmail_quote">
<div><div>"Martinx - ジェームズ" <<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>> wrote:</div></div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div><div>
<div dir="ltr">Stackers!<div><br></div><div>I need a bit help here...</div><div><br></div><div>My OpenStack Havana (Ubuntu 12.04.3) was working smoothly and, I don't know what had happened here but, now, I'm seeing some weird problems.</div>
<div><br></div><div>Right now, the "Tenant A" is seeing the VNC Consoles of "Tenant B" !!!</div><div><br></div><div>How is that even possible?! There is no authentication here to deal with this kind of things!? I'm really worried about this.</div>
<div><br></div><div>Look:</div><div><br></div><div>"Tenant A" Instances:</div><div><br></div><div><img src="http://i.imgur.com/guewQZs.png" alt="Inline images 1" width="474" height="296"><br></div><div><br></div>
<div><br></div><div>"Tenant A" accessing the VNC Console of a "Tenant B" Instance!!!</div><div><br></div><div><img src="http://i.imgur.com/piTTmXo.png" alt="Inline images 2" width="474" height="296"><br>
</div><div><br></div><div><br></div><div>This is a very serious problem, since I'm giving to the "Tenant A", almost total access to "Tenant B" Instances!! This kind of situation should NEVER occur!</div>
<div><br></div><div>What can I do to completely block this?</div><div><br></div><div>I just started a new Instance for "Tenant A", and I'm seeing ANOTHER VNC Console from "Tenant B"!!</div><div><br>
</div><div>Regards,</div><div>Thiago</div></div>
<p style="margin-top:2.5em;margin-bottom:1em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(0,0,0)"></p></div></div><pre><hr><div><br>Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
</div></pre></blockquote></div><br>
--<br>
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333</div></blockquote></div></div></div><br></div></div>
<br></div></div>_______________________________________________<div class="im"><br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></div></blockquote></div><br></div>
</blockquote></div><br></div>