cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ChunFeng" <chunf...@domolo.com>
Subject Re:[DISCUSS] we need a better SSVM solution
Date Thu, 29 Jan 2015 03:20:30 GMT
+1


some trivial cases:


When user upload a template , add option or tags to identify the template is SystemVm template
.


Allow user have their own custom "SystemVm Service Offering " , in which has an option for
user assign/choice systemvm template .



------------------


Regards,


ChunFeng




 

 
 
 
------------------ Original ------------------
From:  "John Kinsella"<jlk@stratosec.co>;
Date:  Thu, Jan 29, 2015 04:44 AM
To:  "<dev@cloudstack.apache.org>"<dev@cloudstack.apache.org>; 

Subject:  [DISCUSS] we need a better SSVM solution

 
Every time there’s an issue (security or otherwise) with the system VM ISOs, it’s a relative
pain to fix. They’re sort of a closed system, people know little (relative to other ACS
parts, IMHO) about their innards, and updating them is more difficult than it should be.

I’d love to see a Better Way. I think these things could be dynamically built, with the
option to have them connect to a configuration management (CM) system such as Puppet, Chef,
Salt-Stack or whatever else floats people’s boat.

One possible use case:
* User installs new ACS system.
* User logs into mgmt server, goes to Templates area, clicks button to fetch default SSVM
image. UI allows providing alternative URL, other options as needed.
* (time passes)
* Security issue is announced. User goes back into Templates area, selects SSVM template,
clicks “Download updated template” and it does. Under infrastructure/system VMs and infrastrucutre/virtual
routers, there’s buttons to update one or more running instances to use the new template

Another possible use case:
* User installs new ACS system
* User uploads SSVM template that has CM agent configured to talk to their CM server (I’ve
been wanting to lab this for a while now)
* As ACS creates system VMs, they phone home to CM server, it provides them with instructions
to install various packages and config as needed to be domr/console proxy/whatever. We provide
basic “recipes” for CM systems for people to use and grow from.
* Security issue is announced. User updates recipe in CM system, a few minutes later the SSVMs
are up-to-date.

Modification on that use case: We ship the SSVM with puppet/chef/blah installed, part of the
SSVM “patch” process configures appropriate CM system.

What might make the second use case easier would be to have some hooks in ACS that when a
system is created/destroyed/modified, it informs 3rd party via API.

(Obviously API calls for all of the above to allow process without touching the UI)

Thoughts? 

John
Mime
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message