Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 97264172E6 for ; Fri, 3 Oct 2014 15:30:46 +0000 (UTC) Received: (qmail 26945 invoked by uid 500); 3 Oct 2014 15:30:46 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 26899 invoked by uid 500); 3 Oct 2014 15:30:46 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 26886 invoked by uid 99); 3 Oct 2014 15:30:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Oct 2014 15:30:45 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: 74.125.82.41 is neither permitted nor denied by domain of lbarfield@tqhosting.com) Received: from [74.125.82.41] (HELO mail-wg0-f41.google.com) (74.125.82.41) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Oct 2014 15:30:41 +0000 Received: by mail-wg0-f41.google.com with SMTP id b13so1787700wgh.12 for ; Fri, 03 Oct 2014 08:30:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=r0B6PZFVCpL/YIfTAcBrsaKnlopculKU8rmgCHy9Ko8=; b=VKnVeD9J6UP8eCsVg+XZCOCV51FkWXrwjQ7Yp24b4OTK1U5N6oj/DINdSBVrVHkggY 7vxDSthqKPkXS3grk/TloM3byJ7YZUPc/Ck77a+OOEtAndFs8Jk0EOv2TQi3Vnnnidas eI6tnk2XbhkACB04cOCoocTfxgvB99n1Pxv2K9kkij/m69Is/QxIG+k33fcSj7DMhC1E gbv6VFyZPDaP7wLkyUK87aOmi5SnY0mSLfUcdQJ7gENoy3CquzRfNjSha2IAeykOCUuO Hrm3yOdfiYWZQALyaWv8y/w4fWf20cGB3KgnoqGBrtZJscfPHCMiQJQj8NEj988Ln+CC 4MAw== X-Gm-Message-State: ALoCoQlF/lTyMvapIvI7SrjR6P/8m222Onse0BQslOZNACoHWjkUYfMGdyt3e/d9rOpCGuLzZer8 MIME-Version: 1.0 X-Received: by 10.180.97.101 with SMTP id dz5mr13312910wib.52.1412350219926; Fri, 03 Oct 2014 08:30:19 -0700 (PDT) Received: by 10.180.85.130 with HTTP; Fri, 3 Oct 2014 08:30:19 -0700 (PDT) In-Reply-To: References: <93016359-BDA3-4B25-9383-FF8213E3AF82@gmail.com> <43A11A1933FEF445A080F7D886872646164737EF@SJCPEX01CL02.citrite.net> <43A11A1933FEF445A080F7D8868726461647518E@SJCPEX01CL02.citrite.net> <43A11A1933FEF445A080F7D88687264616476BCB@SJCPEX01CL02.citrite.net> <43A11A1933FEF445A080F7D88687264616476C2C@SJCPEX01CL02.citrite.net> <8751caa5d8d698c4067c7a18df49250d@mail.gmail.com> Date: Fri, 3 Oct 2014 11:30:19 -0400 Message-ID: Subject: Re: Shellshock From: Logan Barfield To: dev@cloudstack.apache.org Content-Type: multipart/alternative; boundary=f46d043747ad2858e50504866987 X-Virus-Checked: Checked by ClamAV on apache.org --f46d043747ad2858e50504866987 Content-Type: text/plain; charset=UTF-8 >From a service provider perspective I would agree that this issue needs to be addressed as soon as possible. In the short term it would make sense for CloudStack to release a patched SystemVM template and upgrade instructions. In the long term I think the better option would be to allow the templates to be patched more easily (i.e. make changes and save the template). Thank You, Logan Barfield Tranquil Hosting On Fri, Oct 3, 2014 at 10:03 AM, Alex Brett wrote: > On 03 October 2014 13:52, Adrian Lewis [adrian@alsiconsulting.co.uk] > wrote: > > The only solution I can think of is to 'apt-get update bash' on every > > system VM but clearly these get fired up dynamically. Is it possible to > > boot the template, make modifications and then use as a replacement > system > > VM? Are there processes that happen on boot that only happen once and > > therefore need resetting to recreate the template? > > This isn't a quick fix, so not suitable for this specific issue, but > something I've wondered for a while is rather than keep having to build new > system VM templates for every small change, would we be better integrating > a tool such as Puppet / Chef, so we can bring a system VM 'up to date' when > it boots, as long as it's the right 'base'. > > What I'm thinking here (using Puppet terminology as that's what I'm > familiar with, but could be any similar mechanism or even just a simple > script) is when the system VM loads up, it connects to the management > server and retrieves a manifest, which it then applies. That manifest would > specify: > - Packages to update (including if necessary any apt/yum repo information) > - Config files to put in place > - Anything else required like starting any services etc > > While it would slightly delay the boot process, it would ensure that on > e.g. upgrade, you don't have to immediately replace your system VM template > unless a substantial change (e.g. base system VM distro / partition layout) > has been made. You could still bring in an updated template to speed things > up, but it would be far less urgent to do so... > > Any thoughts on this anybody? > > Alex > --f46d043747ad2858e50504866987--