cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: [DISCUSS] Keeping system vms up to date
Date Mon, 22 Feb 2016 12:41:01 GMT
We are comparing different sources, I was comparing the 'official' e.g. the
documented template, not the one regularely built by jenkins.

-- 
Erik


On Mon, Feb 22, 2016 at 1:11 PM, Remi Bergsma <RBergsma@schubergphilis.com>
wrote:

> It _must_ be lying :-)
>
> When I install a systemvm from this last build:
>
> http://jenkins.buildacloud.org/job/build-systemvm64-master/lastBuild/artifact/tools/appliance/dist/systemvm64template-master-4.6.0-xen.vhd.bz2
>
>
> It has 4.6.0 version, but /etc/cloudstack-version shows it was built today.
>
> cat /etc/cloudstack-release
> Cloudstack Release 4.6.0 Mon Feb 22 09:33:04 UTC 2016
>
> Regards,
>
> Remi
>
>
>
>
>
>
> On 22/02/16 12:23, "Erik Weber" <terbolous@gmail.com> wrote:
>
> >On Mon, Feb 22, 2016 at 11:42 AM, Remi Bergsma <
> RBergsma@schubergphilis.com>
> >wrote:
> >
> >> Hi Erik,
> >>
> >> The version might not change, but Jenkins builds new ones every night
> with
> >> latest OS patches:
> >> http://jenkins.buildacloud.org/job/build-systemvm64-master/
> >>
> >> Option 1) and 3) will work once we allow more space on the systemvm
> >> template for it to actually handle installing stuff. You then also
> assume
> >> they have internet acces, which may not be true.
> >>
> >>
> >If they aren't accessible from the internet then securing them isn't as
> >important either.
> >You still have to factor in the internal risk, but that is generally far
> >lower than the external risk.
> >
> >In cases where it is accessible from the internet, but does not have
> >outgoing access to the internet you're up for a treat.
> >
> >
> >
> >> Option 2) I think we already do that?
> >>
> >>
> >
> >Unless the web server is lying to me, then no:
> >eriweb@eriweb:~$ curl -Is
> >
> http://cloudstack.apt-get.eu/systemvm/4.6/systemvm64template-4.6.0-kvm.qcow2.bz2
> >| grep Last-Modified
> >Last-Modified: Mon, 09 Nov 2015 11:30:30 GMT
> >
> >
> >You can always upload a new template and replace it (a global config like
> >> systemvm.minversion or so exists). This will require to reboot all
> routers
> >> currently.
> >>
> >>
> >Sure I know that, but to replace the whole system vm just to update glibc,
> >haproxy or what have you seems a bit extreme.
> >
> >My intention for this thread was to figure out if we can provide
> cloudstack
> >users a way to ensure their system vms are kept up to date.
> >It should be optional so that more advanced users or those without
> internet
> >etc. don't run into issues because of it, while still keeping all those
> >small clouds that 'just works' safe and secure.
> >
> >--
> >Erik
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message