While doing some testing, I had something happen that is very concerning
in regards to security. Below lays out the variables I'm working with:
* MOS 9.2
* Openstack environment is using Cinder Block Device Driver (chose 'LVM'
option vs 'Ceph' option when setting the block device option during the
creation of the environment)
* Instance created, it's disk image lives on 1 compute host that has
'cinder block device' installed on it and the instance itself was
migrated to run on a different compute host after it was created. This
wasn't intended but happened.
I rebooted both compute nodes as a test to see how it dealt with an
unexpected outage, one running the instance and one hosting it's root
disk via Cinder BDD. Within Horizon, I had the instance's console page
pull up and during that time, I literally saw the bootup of the compute
node's host operating system and not the instance itself. I know this
because when it finished booting, the hostname was that of the local
compute node that the instance was running from. It was also Ubuntu
14.04 and not the cirros 'TestVM' image (I dont have a Ubuntu 14.04
image in Glance at all). The instance that hosted the disk was rebooted
after the one running the instance meaning the root disk wasn't
available when the instance attempted to boot.
I've never seen anything like this and was not aware you can get the
compute node's console via a VNC session. In any case, I was really
concerned about this as if this were to happen for whatever reason in a
production setup, customers other than admin may gain access to the
compute node's console for brute force attempts, a reboot or other
potentially malicious activities.
Has anyone ever seen this behaviour before?
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
