cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remi Bergsma <>
Subject Re: [DISCUSS] Keeping system vms up to date
Date Mon, 22 Feb 2016 12:11:44 GMT
It _must_ be lying :-)

When I install a systemvm from this last build:

It has 4.6.0 version, but /etc/cloudstack-version shows it was built today.

cat /etc/cloudstack-release
Cloudstack Release 4.6.0 Mon Feb 22 09:33:04 UTC 2016



On 22/02/16 12:23, "Erik Weber" <> wrote:

>On Mon, Feb 22, 2016 at 11:42 AM, Remi Bergsma <>
>> Hi Erik,
>> The version might not change, but Jenkins builds new ones every night with
>> latest OS patches:
>> Option 1) and 3) will work once we allow more space on the systemvm
>> template for it to actually handle installing stuff. You then also assume
>> they have internet acces, which may not be true.
>If they aren't accessible from the internet then securing them isn't as
>important either.
>You still have to factor in the internal risk, but that is generally far
>lower than the external risk.
>In cases where it is accessible from the internet, but does not have
>outgoing access to the internet you're up for a treat.
>> Option 2) I think we already do that?
>Unless the web server is lying to me, then no:
>eriweb@eriweb:~$ curl -Is
>| grep Last-Modified
>Last-Modified: Mon, 09 Nov 2015 11:30:30 GMT
>You can always upload a new template and replace it (a global config like
>> systemvm.minversion or so exists). This will require to reboot all routers
>> currently.
>Sure I know that, but to replace the whole system vm just to update glibc,
>haproxy or what have you seems a bit extreme.
>My intention for this thread was to figure out if we can provide cloudstack
>users a way to ensure their system vms are kept up to date.
>It should be optional so that more advanced users or those without internet
>etc. don't run into issues because of it, while still keeping all those
>small clouds that 'just works' safe and secure.
View raw message