cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remi Bergsma <RBerg...@schubergphilis.com>
Subject Re: [DISCUSS] Keeping system vms up to date
Date Mon, 22 Feb 2016 12:11:44 GMT
It _must_ be lying :-)

When I install a systemvm from this last build:
http://jenkins.buildacloud.org/job/build-systemvm64-master/lastBuild/artifact/tools/appliance/dist/systemvm64template-master-4.6.0-xen.vhd.bz2


It has 4.6.0 version, but /etc/cloudstack-version shows it was built today.

cat /etc/cloudstack-release
Cloudstack Release 4.6.0 Mon Feb 22 09:33:04 UTC 2016

Regards,

Remi






On 22/02/16 12:23, "Erik Weber" <terbolous@gmail.com> wrote:

>On Mon, Feb 22, 2016 at 11:42 AM, Remi Bergsma <RBergsma@schubergphilis.com>
>wrote:
>
>> Hi Erik,
>>
>> The version might not change, but Jenkins builds new ones every night with
>> latest OS patches:
>> http://jenkins.buildacloud.org/job/build-systemvm64-master/
>>
>> Option 1) and 3) will work once we allow more space on the systemvm
>> template for it to actually handle installing stuff. You then also assume
>> they have internet acces, which may not be true.
>>
>>
>If they aren't accessible from the internet then securing them isn't as
>important either.
>You still have to factor in the internal risk, but that is generally far
>lower than the external risk.
>
>In cases where it is accessible from the internet, but does not have
>outgoing access to the internet you're up for a treat.
>
>
>
>> Option 2) I think we already do that?
>>
>>
>
>Unless the web server is lying to me, then no:
>eriweb@eriweb:~$ curl -Is
>http://cloudstack.apt-get.eu/systemvm/4.6/systemvm64template-4.6.0-kvm.qcow2.bz2
>| grep Last-Modified
>Last-Modified: Mon, 09 Nov 2015 11:30:30 GMT
>
>
>You can always upload a new template and replace it (a global config like
>> systemvm.minversion or so exists). This will require to reboot all routers
>> currently.
>>
>>
>Sure I know that, but to replace the whole system vm just to update glibc,
>haproxy or what have you seems a bit extreme.
>
>My intention for this thread was to figure out if we can provide cloudstack
>users a way to ensure their system vms are kept up to date.
>It should be optional so that more advanced users or those without internet
>etc. don't run into issues because of it, while still keeping all those
>small clouds that 'just works' safe and secure.
>
>-- 
>Erik
Mime
View raw message