Upload File

dont break the glass

20
Don’t Break the Glass! In case of emergency…

Upload: john-kinsella

Post on 01-Jul-2015

210 views

Category:

Technology


1 download

Report

DESCRIPTION

My talk on working with the CloudStack Database for data recovery and unintended manipulation. From CloudStack Collaboration Conference North America 2014

TRANSCRIPT

Page 1: Dont break the glass

Don’t Break the Glass!In case of emergency…

Page 2: Dont break the glass

Intro• Apache CloudStack committer, PMC member• Security Guy• Founder of Stratosec• …hacker, reverse-engineer• @johnlkinsella, #CCCNA14

Page 3: Dont break the glass

Goal

Provide bread crumbs for you to gain expertise on CloudStack’s data model so you can react quickly in an emergency

situation.

Page 4: Dont break the glass

TOC• What Should Production Look Like?• My Nightmare• My response• How to prepare• How we’re trying to make things better• Homework

Page 5: Dont break the glass

What Should Production Look Like?• Briefly:

– Redundant management servers– Redundant databases– Redundant storage (primary and secondary)– Redundant infrastructure– Data backups – encrypted

– Pro tip: store backups outside CloudStack.

Page 6: Dont break the glass

One Painful February Day…• Made a change in control panel prior to giving customer

access

• Control panel interpreted this as “Delete the Customer.”

• More precisely: “Delete the Customer, VMs and all storage. Now.”

Page 7: Dont break the glass

Wait, What??• Took about 15 seconds to realize what happened

• Looking in CloudStack Management UI, saw VM shutting down, then being expunged.

Page 8: Dont break the glass

Periodic Table…

Page 9: Dont break the glass

Emergency Steps• Shut down ACS management server immediately

• Fire up your favorite SQL tool (I recommend Squirrel SQL)

Page 10: Dont break the glass

With your Data Recovery Shrine of Choice

Immediately Establish Contact

Establish Contact With Data Shrine

Page 11: Dont break the glass

Know how CloudStack Works• Steps to delete a VM:

– Shut down– Destroy– Expunge volumes– Expunge VM

Page 12: Dont break the glass

The “SQL API”• DB Tables:

– vm_instance– volumes– nics– user– account

• Common Fields:• account_id• instance_id• created/updated/removed• state• removed

BACK UP DB BEFORE MAKING CHANGES!

Page 13: Dont break the glass

Actual SQL

Page 14: Dont break the glass

Make change in SQL.

Page 15: Dont break the glass

Bonus: changing VM’s IPUPDATE user_ip_address SET allocated=(SELECT allocated FROM (SELECT allocated, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193';UPDATE user_ip_address SET account_id=(SELECT account_id FROM (SELECT account_id, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193';UPDATE user_ip_address SET domain_id=(SELECT domain_id FROM (SELECT allocated, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193';UPDATE user_ip_address SET state='Allocated' WHERE public_ip_address='184.172.14.193';UPDATE user_ip_address SET network_id=(SELECT network_id FROM (SELECT network_id, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193';UPDATE nics SET ip4_address='184.172.14.193' WHERE instance_id=1797;UPDATE vm_instance SET private_ip_address='184.172.14.193' WHERE instance_name='i-2-1797-VM';

Page 16: Dont break the glass

Move VM between accountsUPDATE user_ip_address SET account_id=10 WHERE id=29;UPDATE user_ip_address SET domain_id=8 WHERE id=29;UPDATE user_ip_address SET network_id=217 WHERE id=29;UPDATE vm_network_map SET network_id=217 WHERE vm_id=144;UPDATE vm_instance SET domain_id=8 WHERE id=29;UPDATE op_networks SET nics_count=nics_count+1 WHERE id=217;UPDATE op_networks SET mac_address_seq=mac_address_seq+1 WHERE id=217;UPDATE nics SET broadcast_uri='vlan://230' WHERE id=179;UPDATE nics SET network_id=217 WHERE id=179;UPDATE nics SET isolation_uri='vlan://230' WHERE id=179;UPDATE firewall_rules SET account_id=10 WHERE ip_address_id=29;UPDATE firewall_rules SET domain_id=8 WHERE ip_address_id=29;UPDATE firewall_rules SET network_id=217 WHERE ip_address_id=29;

Page 17: Dont break the glass

How you can prepare• Create written cloud policy, audit production to match

• Test your backups

• Become familiar with CloudStack internals

• Do you really need frequent data expunge processes?

Page 18: Dont break the glass

Next: Production Lock• Feature: Allow our customers to ensure that no

automations will modify or delete their compute or storage instances

– Working for VM– Adding for storage, networks– Need to add to UI

Page 19: Dont break the glass

Homework• Pick a user VM in your Cloud. Via the database:

– Find the VM instance record– Find the VM’s nics in the database– Find the VM’s storage in the database– Try deleting a VM via normal means, then before

expunge, restore via SQL

Page 20: Dont break the glass

kthxbye!• http://cloudstack.apache.org

[email protected]

@johnlkinsella

http://theresnomon.co

http://cloudstack.apache.org/
mailto:[email protected]
http://twitter.com/johnlkinsella
http://theresnomon.co/

Break the Glass Plan for the US Treasury Dept. by Neel Kashkari

Factors Enabling Women to Break Glass Ceiling & Emerge as ...adalyajournal.com/gallery/11-jan-2270.pdf · Factors Enabling Women to Break Glass Ceiling & Emerge as Entrepreneurs in

VISTABRIK - Eastern Glass Blockeasternglassblock.com/literature/GB-262VISTABRIKGlassBlock.pdf · Impact Resistant Try to break a Vistabrik Glass Block; we dare you! Compared to conventional

Glass Evidence. Automobile Accidents Automobile Accidents – Windshield, head lamps Store Break-in Store Break-in – Window glass with trace evidence Suspect

The Army FAO Training Program: Time to Break More Glass

Model-driven specification and enforcement of RBAC break-glass … · 2015. 3. 30. · Model-driven specification and enforcement of RBAC break-glass policies for process-aware information

Break the Glass

Musical Instruments 1 Musical Instruments. Musical Instruments 2 Introductory Question Sound can break glass. Which is most likely to break: Sound can

Glass Break Detection System Midterm Presentation October 7, 2010

Final Presentation Glass Break Detection Team 11-16-10

GLASS BREAK DETECTORS MouseGS - AMC Elettronica

PGB.pdf · SWAN PGB PIR, Shock and Glass Break detector 2 separate relays for PIR and Glass Break Exceptional detection of plated and tempered glass Compact design for commercial

MSP430F2274 BASED GLASS BREAK DETECTOR

Nalgene Reusable Plastic Labware - Thermo Fisher Scientific...Break the glass habit Break the habit of using glass labware and take advantage of the benefits of plastic: durable, light

Glass Break MotIoN AlArM · Glass Break MotIoN AlArM InStaLLatIOn & OPEratInG I nStrUCtIO IMPOrtant: Please read these instructions carefully before use. AM120. WarnInG this product

University Apartments on Brooklyn PROJECT MANUAL · J. Door Glazing: [Clear float glass] [Tempered float glass (clear)] [Tempered float glass (bronze tint)] [Break glass] [Tempered

14 Ventilation Skill Drills. 2 Objectives (1 of 2) Break glass with a hand tool. Break a window with a ladder. Break windows on upper floors using the

The Dewerstone Cottage - Plymouth VTS• Use second key to reset ‘break glass’ box • Insert key in slot near top of red ‘break glass’ box • Turn to retract yellow banner

The Glass Association of North America is a registered ...€¦ · •Annealed Glass •0.030” Interlayer •0.060” Interlayer •Heat‐Strengthened Glass •Higher initial break

break the glass habit - assets.thermofisher.com · break the glass habit make your lab a safer place . Break the habit of using glass labware and take advantage of the benefits of

Slideshare 52 Ways to Break through the Glass Ceiling

JPMorgan Chase - Bend, Don’t Break...JPMorgan Chase Institute Bend, Dont Break: Small Business Financial Resilience After Hurricanes Harvey and Irma 2 We find that cash flows retracted

Controlling Break-The-Glass Through Alignment1 · break-the-glass that allows users to bypass security mechanisms in case of emergencies. However, break-the-glass introduces a weak

Dont Break The Law Talk

CHEMICAL CORPS: BREAK GLASS IN CASE OF WAR

Can Public Policy Break the Glass Ceiling? · 2 Center for American Progress | Can Public Policy Break the Glass Ceiling? Through an in-depth analysis of the results of Norway’s

Extending Access Control Models with Break-glass

How to Break Through the Glass Ceiling

The Glass Labyrinth - 50/50 by 2030 Foundation€¦ · Leadership progress for women is not one simple glass ceiling to break through. Rather, it involves a glass labyrinth that needs

Cassandra Community Webinar | In Case of Emergency Break Glass

Why do Pharmaceutical Glass Containers Break: The … · Why do Pharmaceutical Glass Containers Break: The Underestimated Power of Strength Testing and Fractography Most times in

In case of emergency, break glass ceilingfwlstagingbucket.s3-website-ap-southeast-1.amazonaws.com/...In case of emergency, break glass ceiling Women C-suite executives show all the

Heat Treated Glass KT - Vitro Architectural Glass · Tempered glass, on the other hand, is designed to break into innumerable small, roughly cubical pieces. In fact, it is this break

In case of emergency break glass! · In case of emergency break glass! As part of promotion of the national Law on protection of whistleblowers, the representatives of 69 national

MSP430F2274 BASED GLASS BREAK DETECTOR - Olimex