Decent points. You think the difference between the VR/CP is different enough to have a second image?
> On Jan 29, 2015, at 1:41 PM, Paul Angus <paul.an...@shapeblue.com> wrote: > > Hi All, > > I think that there are 3 things people would like to see: > > 1. clear versioning of system vm templates, with some kind of compatibility > matrix so they know which one(s) they can use with different versions of > CloudStack > 2. an easy way to update the system vm template > 3. an easy(ish) way to customise system vm templates > > It might be worth considering have two types of template > a. the console proxy and secondary storage template > b. the virtual router/ VPC template. > > > > Regards > > Paul Angus > Cloud Architect > S: +44 20 3603 0540 | M: +447711418784 | T: CloudyAngus > paul.an...@shapeblue.com > > -----Original Message----- > From: John Kinsella [mailto:j...@stratosec.co] > Sent: 29 January 2015 18:06 > To: dev@cloudstack.apache.org > Subject: Re: [DISCUSS] we need a better SSVM solution > > Interesting… > > Concur on having an open/standardized protocol. Something clustered like > Serf/Consul could be attractive, but the overhead/requirements of those type > of things usually scares me away. > > Having ACS act as a CA would be quite interesting for some things. It’s one > of the reasons I’ve pondered a “hook” in the past to notify 3rd party upon VM > creation/deletion/etc. Wonder if we could take advantage of dogtag or > similar. All that said - setup/management of a CA is a PIA and probably > outside scope of ACS, unless you did a “light” one similar to Puppet by > default... > > An aside on that “hook” idea - something scriptable similar to (I said > “similar to," no flames!) systemd for this could be interesting. > > A good portion of users would resist having an agent installed on the user > VM, but I guess we’re in that position already, and they just wouldn’t get > the added functionality. > > One user experience point: Almost every time Parallels comes out with a new > version, I have to update their agent on my VMs, which on the Windows side > means a reboot. That gets old, and I’ve only got a handful of win VMs there... > > Going to see if I can puppet-ize one of the SSVMs over the weekend to see > what other thoughts come up. > > John > >> On Jan 29, 2015, at 2:06 AM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: >> >> Good ideas John. >> >> I’m in fact already discussing a design I’m calling it "agents framework” >> (suggestions for better name are welcome!), I will try to share and update >> the spec soon that aims for this feature and refactoring work for ACS >> 4.6/master. For now, I’ve shared an architecture diagram here and some high >> level goals: >> >> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Agents+Framework >> >> Along with this, I’ve strong opinions and interests in just getting rid of >> Java based agents in systemvms (to reduce memory footprint) and replace the >> current agent-management server protocol (TCP based, which connects to only >> one management server on prt 8250 even if there are multiple management >> servers) with some interoperable protocol such as json/http, thrift etc that >> allows us to build better/scalable console proxy services (for example). >> People don’t discuss much, but virtual routers and systemvms are not well >> tested at all, we should also need efforts/infra to test these components >> with less human QA. >> >> Regards. >> >>> On 29-Jan-2015, at 2:14 am, John Kinsella <j...@stratosec.co> wrote: >>> >>> Every time there’s an issue (security or otherwise) with the system VM >>> ISOs, it’s a relative pain to fix. They’re sort of a closed system, people >>> know little (relative to other ACS parts, IMHO) about their innards, and >>> updating them is more difficult than it should be. >>> >>> I’d love to see a Better Way. I think these things could be dynamically >>> built, with the option to have them connect to a configuration management >>> (CM) system such as Puppet, Chef, Salt-Stack or whatever else floats >>> people’s boat. >>> >>> One possible use case: >>> * User installs new ACS system. >>> * User logs into mgmt server, goes to Templates area, clicks button to >>> fetch default SSVM image. UI allows providing alternative URL, other >>> options as needed. >>> * (time passes) >>> * Security issue is announced. User goes back into Templates area, selects >>> SSVM template, clicks “Download updated template” and it does. Under >>> infrastructure/system VMs and infrastrucutre/virtual routers, there’s >>> buttons to update one or more running instances to use the new template >>> >>> Another possible use case: >>> * User installs new ACS system >>> * User uploads SSVM template that has CM agent configured to talk to their >>> CM server (I’ve been wanting to lab this for a while now) >>> * As ACS creates system VMs, they phone home to CM server, it provides them >>> with instructions to install various packages and config as needed to be >>> domr/console proxy/whatever. We provide basic “recipes” for CM systems for >>> people to use and grow from. >>> * Security issue is announced. User updates recipe in CM system, a few >>> minutes later the SSVMs are up-to-date. >>> >>> Modification on that use case: We ship the SSVM with puppet/chef/blah >>> installed, part of the SSVM “patch” process configures appropriate CM >>> system. >>> >>> What might make the second use case easier would be to have some hooks in >>> ACS that when a system is created/destroyed/modified, it informs 3rd party >>> via API. >>> >>> (Obviously API calls for all of the above to allow process without touching >>> the UI) >>> >>> Thoughts? >>> >>> John >> >> Regards, >> Rohit Yadav >> Software Architect, ShapeBlue >> M. +91 88 262 30892 | rohit.ya...@shapeblue.com >> Blog: bhaisaab.org | Twitter: @_bhaisaab >> >> >> >> Find out more about ShapeBlue and our range of CloudStack related services >> >> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> >> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >> CloudStack Software >> Engineering<http://shapeblue.com/cloudstack-software-engineering/> >> CloudStack Infrastructure >> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >> CloudStack Bootcamp Training >> Courses<http://shapeblue.com/cloudstack-training/> >> >> This email and any attachments to it may be confidential and are intended >> solely for the use of the individual to whom it is addressed. Any views or >> opinions expressed are solely those of the author and do not necessarily >> represent those of Shape Blue Ltd or related companies. If you are not the >> intended recipient of this email, you must neither take any action based >> upon its contents, nor copy or show it to anyone. Please contact the sender >> if you believe you have received this email in error. Shape Blue Ltd is a >> company incorporated in England & Wales. ShapeBlue Services India LLP is a >> company incorporated in India and is operated under license from Shape Blue >> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil >> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a >> company registered by The Republic of South Africa and is traded under >> license from Shape Blue Ltd. ShapeBlue is a registered trademark. > > Find out more about ShapeBlue and our range of CloudStack related services > > IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Software > Engineering<http://shapeblue.com/cloudstack-software-engineering/> > CloudStack Infrastructure > Support<http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training > Courses<http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based upon > its contents, nor copy or show it to anyone. Please contact the sender if you > believe you have received this email in error. Shape Blue Ltd is a company > incorporated in England & Wales. ShapeBlue Services India LLP is a company > incorporated in India and is operated under license from Shape Blue Ltd. > Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is > operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company > registered by The Republic of South Africa and is traded under license from > Shape Blue Ltd. ShapeBlue is a registered trademark.
