cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Kinsella <...@stratosec.co>
Subject [DISCUSS] we need a better SSVM solution
Date Wed, 28 Jan 2015 20:44:29 GMT
Every time there’s an issue (security or otherwise) with the system VM ISOs, it’s a relative
pain to fix. They’re sort of a closed system, people know little (relative to other ACS
parts, IMHO) about their innards, and updating them is more difficult than it should be.

I’d love to see a Better Way. I think these things could be dynamically built, with the
option to have them connect to a configuration management (CM) system such as Puppet, Chef,
Salt-Stack or whatever else floats people’s boat.

One possible use case:
* User installs new ACS system.
* User logs into mgmt server, goes to Templates area, clicks button to fetch default SSVM
image. UI allows providing alternative URL, other options as needed.
* (time passes)
* Security issue is announced. User goes back into Templates area, selects SSVM template,
clicks “Download updated template” and it does. Under infrastructure/system VMs and infrastrucutre/virtual
routers, there’s buttons to update one or more running instances to use the new template

Another possible use case:
* User installs new ACS system
* User uploads SSVM template that has CM agent configured to talk to their CM server (I’ve
been wanting to lab this for a while now)
* As ACS creates system VMs, they phone home to CM server, it provides them with instructions
to install various packages and config as needed to be domr/console proxy/whatever. We provide
basic “recipes” for CM systems for people to use and grow from.
* Security issue is announced. User updates recipe in CM system, a few minutes later the SSVMs
are up-to-date.

Modification on that use case: We ship the SSVM with puppet/chef/blah installed, part of the
SSVM “patch” process configures appropriate CM system.

What might make the second use case easier would be to have some hooks in ACS that when a
system is created/destroyed/modified, it informs 3rd party via API.

(Obviously API calls for all of the above to allow process without touching the UI)

Thoughts? 

John
Mime
View raw message