cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sven Vogel <S.Vo...@ewerk.com>
Subject Re: [VOTE] 4.11.3.0 RC1
Date Tue, 18 Jun 2019 19:54:37 GMT
Hi Wei,

Sounds good.

Maybe we should add the fist option to ssvm and csvm too.


Option #1
Disable selective acknowledgments system wide for all newly established TCP connections.

# echo 0 > /proc/sys/net/ipv4/tcp_sack

or

# sysctl -w net.ipv4.tcp_sack=0


...

Sven


Von meinem iPhone gesendet


__

Sven Vogel
Teamlead Platform

EWERK RZ GmbH
Bruhl 24, D-04109 Leipzig
P +49 341 42649 - 11
F +49 341 42649 - 18
S.Vogel@ewerk.com
www.ewerk.com

Geschaftsfuhrer:
Dr. Erik Wende, Hendrik Schubert, Frank Richter
Registergericht: Leipzig HRB 17023

Zertifiziert nach:
ISO/IEC 27001:2013
DIN EN ISO 9001:2015
DIN ISO/IEC 20000-1:2011

EWERK-Blog<https://blog.ewerk.com/> | LinkedIn<https://www.linkedin.com/company/ewerk-group>
| Xing<https://www.xing.com/company/ewerk> | Twitter<https://twitter.com/EWERK_Group>
| Facebook<https://de-de.facebook.com/EWERK.IT/>

Auskunfte und Angebote per Mail sind freibleibend und unverbindlich.

Disclaimer Privacy:
Der Inhalt dieser E-Mail (einschlieslich etwaiger beigefugter Dateien) ist vertraulich und
nur fur den Empfanger bestimmt. Sollten Sie nicht der bestimmungsgemase Empfanger sein, ist
Ihnen jegliche Offenlegung, Vervielfaltigung, Weitergabe oder Nutzung des Inhalts untersagt.
Bitte informieren Sie in diesem Fall unverzuglich den Absender und loschen Sie die E-Mail
(einschlieslich etwaiger beigefugter Dateien) von Ihrem System. Vielen Dank.

The contents of this e-mail (including any attachments) are confidential and may be legally
privileged. If you are not the intended recipient of this e-mail, any disclosure, copying,
distribution or use of its contents is strictly prohibited, and you should please notify the
sender immediately and then delete it (including any attachments) from your system. Thank
you.

Am 18.06.2019 um 20:33 schrieb Wei ZHOU <ustcweizhou@gmail.com<mailto:ustcweizhou@gmail.com>>:

Hi Rohit,

Do we need to change default iptable tables for cpvm and ssvm ?

# iptables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
# ip6tables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j
DROP
(see https://access.redhat.com/security/vulnerabilities/tcpsack)

-Wei


Rohit Yadav <rohit.yadav@shapeblue.com<mailto:rohit.yadav@shapeblue.com>> 于2019年6月18日周二
上午11:57写道:

All,


Due to recently disclosed and fixed tcp/SACK vulnerability and other
security issues (refer https://www.debian.org/security/2019/dsa-4465),
I've rebuilt and synced new 4.11.3.0 systemvmtemplates which has linux
4.9.168-1+deb9u3 (2019-06-16):


http://download.cloudstack.org/systemvm/testing/4.11.3-rc

http://packages.shapeblue.com/testing/systemvm/41130rc1


Kindly continue testing 4.11.3.0 RC1 using above systemvmtemplates. Thanks.


Build log for reference:
http://download.cloudstack.org/systemvm/testing/4.11.3-rc/build.log


Regards,

Rohit Yadav

Software Architect, ShapeBlue

https://www.shapeblue.com

________________________________
From: Riepl, Gregor (SWISS TXT) <Gregor.Riepl@swisstxt.ch<mailto:Gregor.Riepl@swisstxt.ch>>
Sent: Friday, June 14, 2019 7:45:58 PM
To: dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>; users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
Subject: Re: [VOTE] 4.11.3.0 RC1

+1

Based on:
- Packages from http://packages.shapeblue.com/testing/41130rc1/ and
http://packages.shapeblue.com/testing/systemvm/41130rc1/
- Upgrade of our test cloud from 4.11.2 to 4.11.3 worked without problems
(aside from the mentioned template issue)
- Our internal smoke test stack ran successfully

The only thing I'm a bit unhappy about is the backported ostype API fix:
https://github.com/apache/cloudstack/pull/3066
Since this is a breaking API change, I don't think it should be included
in a minor release, even if it fixes an API bug.
It triggers an error in Packer, which we use to create templates.
However, a fix was already commited and will be in the next Packer
release, so I'm ok'ing it: https://github.com/hashicorp/packer/pull/7694

rohit.yadav@shapeblue.com<mailto:rohit.yadav@shapeblue.com>
www.shapeblue.com<http://www.shapeblue.com>
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue





Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message