cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: [DISCUSS] we need a better SSVM solution
Date Wed, 28 Jan 2015 21:09:35 GMT
+1 !
On Jan 28, 2015 10:01 PM, "Erik Weber" <terbolous@gmail.com> wrote:

> On Wed, Jan 28, 2015 at 9:44 PM, John Kinsella <jlk@stratosec.co> wrote:
>
> > Every time there’s an issue (security or otherwise) with the system VM
> > ISOs, it’s a relative pain to fix. They’re sort of a closed system,
> people
> > know little (relative to other ACS parts, IMHO) about their innards, and
> > updating them is more difficult than it should be.
> >
> > I’d love to see a Better Way. I think these things could be dynamically
> > built, with the option to have them connect to a configuration management
> > (CM) system such as Puppet, Chef, Salt-Stack or whatever else floats
> > people’s boat.
> >
> >
> Totally agree, but we should consider the fact that users might not use our
> builds and make it equally easy to update with a custom one.
>
> One possible use case:
> > * User installs new ACS system.
> > * User logs into mgmt server, goes to Templates area, clicks button to
> > fetch default SSVM image. UI allows providing alternative URL, other
> > options as needed.
> > * (time passes)
> > * Security issue is announced. User goes back into Templates area,
> selects
> > SSVM template, clicks “Download updated template” and it does. Under
> > infrastructure/system VMs and infrastrucutre/virtual routers, there’s
> > buttons to update one or more running instances to use the new template
> >
> >
> If the user is using one of the published templates, why not just download
> the new one and send a notification that a new template is ready and that
> systemvms should be scheduled for a restart?
>
>
> > Another possible use case:
> > * User installs new ACS system
> > * User uploads SSVM template that has CM agent configured to talk to
> their
> > CM server (I’ve been wanting to lab this for a while now)
> > * As ACS creates system VMs, they phone home to CM server, it provides
> > them with instructions to install various packages and config as needed
> to
> > be domr/console proxy/whatever. We provide basic “recipes” for CM systems
> > for people to use and grow from.
> > * Security issue is announced. User updates recipe in CM system, a few
> > minutes later the SSVMs are up-to-date.
> >
> > Modification on that use case: We ship the SSVM with puppet/chef/blah
> > installed, part of the SSVM “patch” process configures appropriate CM
> > system.
> >
> > What might make the second use case easier would be to have some hooks in
> > ACS that when a system is created/destroyed/modified, it informs 3rd
> party
> > via API.
> >
> > (Obviously API calls for all of the above to allow process without
> > touching the UI)
> >
> > Thoughts?
> >
> >
> I've wondered for quite some time why we haven't had a simple checkbox in
> the template register view that says 'Use as System VM' or similar.
>
> Anyway, huge +1
>
> --
> Erik
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message