cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Mikhailovsky <and...@arhont.com>
Subject Re: [DISCUSS] we need a better SSVM solution
Date Thu, 29 Jan 2015 14:21:42 GMT
I am also +1 on this. 

For large deployments it is a must feature to automatically upgrade a zone or region level
system vms. I think that ACS should not only automatically upgrade the templates, but also
have the option to automatically upgrade the running system vms. 

It would also be awesome if ACS could fire up a temporary/redundant virtual router before
upgrading the live one. This will minimise the downtime. Similar to what the redundant virtual
routers do. Once the live router is upgraded and switched to master/primary function, the
temporary one could be automatically deleted. 

Andrei 

----- Original Message -----

> From: "Daan Hoogland" <daan.hoogland@gmail.com>
> To: "dev" <dev@cloudstack.apache.org>
> Sent: Thursday, 29 January, 2015 10:52:53 AM
> Subject: Re: [DISCUSS] we need a better SSVM solution

> I don't like the puppet/chef idea but at Schuberg Philis we use
> ansible which negates most of my opposition :p

> I would rather have a 'upload or sysvmtemplate' the system vm
> template
> has some requirements so I think we would either require it to be
> build (on the ms?) or be checked during upload. At least the MS
> should
> allow for automatic update. Remi and I got some inspiration last
> night
> from our update of about 200 routers and some ssvm's and cpvm's. To
> cut it short; i'm with scenario 1.

> On Wed, Jan 28, 2015 at 10:09 PM, Andrija Panic
> <andrija.panic@gmail.com> wrote:
> > +1 !
> > On Jan 28, 2015 10:01 PM, "Erik Weber" <terbolous@gmail.com> wrote:
> >
> >> On Wed, Jan 28, 2015 at 9:44 PM, John Kinsella <jlk@stratosec.co>
> >> wrote:
> >>
> >> > Every time there’s an issue (security or otherwise) with the
> >> > system VM
> >> > ISOs, it’s a relative pain to fix. They’re sort of a closed
> >> > system,
> >> people
> >> > know little (relative to other ACS parts, IMHO) about their
> >> > innards, and
> >> > updating them is more difficult than it should be.
> >> >
> >> > I’d love to see a Better Way. I think these things could be
> >> > dynamically
> >> > built, with the option to have them connect to a configuration
> >> > management
> >> > (CM) system such as Puppet, Chef, Salt-Stack or whatever else
> >> > floats
> >> > people’s boat.
> >> >
> >> >
> >> Totally agree, but we should consider the fact that users might
> >> not use our
> >> builds and make it equally easy to update with a custom one.
> >>
> >> One possible use case:
> >> > * User installs new ACS system.
> >> > * User logs into mgmt server, goes to Templates area, clicks
> >> > button to
> >> > fetch default SSVM image. UI allows providing alternative URL,
> >> > other
> >> > options as needed.
> >> > * (time passes)
> >> > * Security issue is announced. User goes back into Templates
> >> > area,
> >> selects
> >> > SSVM template, clicks “Download updated template” and it does.
> >> > Under
> >> > infrastructure/system VMs and infrastrucutre/virtual routers,
> >> > there’s
> >> > buttons to update one or more running instances to use the new
> >> > template
> >> >
> >> >
> >> If the user is using one of the published templates, why not just
> >> download
> >> the new one and send a notification that a new template is ready
> >> and that
> >> systemvms should be scheduled for a restart?
> >>
> >>
> >> > Another possible use case:
> >> > * User installs new ACS system
> >> > * User uploads SSVM template that has CM agent configured to
> >> > talk to
> >> their
> >> > CM server (I’ve been wanting to lab this for a while now)
> >> > * As ACS creates system VMs, they phone home to CM server, it
> >> > provides
> >> > them with instructions to install various packages and config as
> >> > needed
> >> to
> >> > be domr/console proxy/whatever. We provide basic “recipes” for
> >> > CM systems
> >> > for people to use and grow from.
> >> > * Security issue is announced. User updates recipe in CM system,
> >> > a few
> >> > minutes later the SSVMs are up-to-date.
> >> >
> >> > Modification on that use case: We ship the SSVM with
> >> > puppet/chef/blah
> >> > installed, part of the SSVM “patch” process configures
> >> > appropriate CM
> >> > system.
> >> >
> >> > What might make the second use case easier would be to have some
> >> > hooks in
> >> > ACS that when a system is created/destroyed/modified, it informs
> >> > 3rd
> >> party
> >> > via API.
> >> >
> >> > (Obviously API calls for all of the above to allow process
> >> > without
> >> > touching the UI)
> >> >
> >> > Thoughts?
> >> >
> >> >
> >> I've wondered for quite some time why we haven't had a simple
> >> checkbox in
> >> the template register view that says 'Use as System VM' or
> >> similar.
> >>
> >> Anyway, huge +1
> >>
> >> --
> >> Erik
> >>

> --
> Daan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message