Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is resource usage being monitored? #1762

Closed
betolink opened this issue Oct 12, 2022 · 13 comments
Closed

Is resource usage being monitored? #1762

betolink opened this issue Oct 12, 2022 · 13 comments
Assignees

Comments

@betolink
Copy link
Contributor

Context

Last December we had an unauthorized access incident with the Openscapes hub and I was wondering if there are alerts in place in case one of our users gets hacked and starts mining bitcoin (hypothetical). A little related to this, it would be neat if in the admin dashboard we could see the instance type each user is running and maybe this already exist but another thing it would be nice is a weekly/monthly report on usage statistics like CPU/memory/network (inbound/egress) per user.

Proposal

No response

Updates and actions

No response

@yuvipanda
Copy link
Member

Hey @betolink! Yes we keep a look out, and we are also implementing more active alerts now (see #1804). Sorry we missed this issue - we're mostly looking for support questions and what not from support@2i2c.org.

Perhaps we can give you access to the grafana instance for openscapes and that would help?

@consideRatio
Copy link
Member

Perhaps we can give you access to the grafana instance for openscapes and that would help?

I've just given access to @betolink (https://grafana.openscapes.2i2c.cloud).

@betolink
Copy link
Contributor Author

betolink commented Feb 8, 2023

@consideRatio maybe a dummy question but.. how do I login or set my password for the first time? (since there is no "sign with Github" button)

@consideRatio
Copy link
Member

@consideRatio maybe a dummy question but.. how do I login or set my password for the first time? (since there is no "sign with Github" button)

Arrrgh sorry, the state got reset. @yuvipanda do you have time to consider #2178 which includes the openscape changes and more?

@yuvipanda
Copy link
Member

@consideRatio approved

@consideRatio
Copy link
Member

@betolink @yuvipanda merged

I think in 10 minutes, it should work again @betolink !

@betolink
Copy link
Contributor Author

betolink commented Feb 9, 2023

This is weird, the OAuth redirect didn't work for some reason. @consideRatio

Screenshot from 2023-02-09 09-36-30

@consideRatio
Copy link
Member

consideRatio commented Feb 9, 2023

These were the logs:

logger=context userId=0 orgId=0 uname= t=2023-02-09T15:39:04.360084321Z level=error msg="login.OAuthLogin(get info from github)" error="user not a member of one of the required organizations"
logger=context userId=0 orgId=0 uname= t=2023-02-09T15:39:04.360195518Z level=error msg="Request Completed" method=GET path=/login/github status=500 remote_addr=192.168.61.164 time_ms=903 duration=903.474392ms size=1365 referer=https://grafana.openscapes.2i2c.cloud/ handler=/login/:name

grafana.ini:
server:
root_url: https://grafana.openscapes.2i2c.cloud/
auth.github:
enabled: true
allowed_organizations: 2i2c-org NASA-Openscapes

Hmmm...

  • Did you agree on providing permissions to read the organization memberships etc?
  • Are you logging in with a member of the github org NASA-Openscapes - which should be your current account.

Note that I can sign in with my membership in 2i2c-org, but for you it said error="user not a member of one of the required organizations"

@betolink
Copy link
Contributor Author

betolink commented Feb 9, 2023

Yep, I thought it was linked to my Github user and I just noticed it needs the Openscapes read access, since I'm not an admin there I just requested it. Thanks @consideRatio !!

@consideRatio
Copy link
Member

@betolink ah so the organization must allow the GitHub OAuth application to read whom are members so it can determine if you are part of it. I was thinking it was you that would grant the GitHub OAuth application permission to know if you are part of the organization.

Thank you @betolink for figuring this out and helping me understand this part as well!

@betolink
Copy link
Contributor Author

betolink commented Feb 9, 2023

@consideRatio great news! I can access the dashboard but I don't think I'm an admin so I can't add more users, would it be possible to add @BriannaLind and @amfriesz
Thanks!

@consideRatio
Copy link
Member

@betolink from user activity in the grafana instance, I see that this seems resolved on your end - presumably by adding @BriannaLind and @amfriesz to the nasa-openscapes organization?

Thanks for sorting it out yourself! For anything further, please refer to https://docs.2i2c.org/en/latest/support.html.

@betolink
Copy link
Contributor Author

Thanks @consideRatio !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
Development

No branches or pull requests

3 participants