On Mon, Feb 22, 2016 at 10:36 AM, Nux! <n...@li.nux.ro> wrote: > Hi Erik, > > Legit worry point. > > IMHO the updates of the VR and so on should be the job of whoever runs the > cloud, just like it's the same person's job to keep the HVs up to date. >
Well, to some point I agree, but we should do our best to reduce that need IMHO. The hypervisor is under your control and is something you supply to CloudStack. The only reference a lot of people have to the system vm is that they do the initial seeding (from a provided template in most cases), and that is that. In general you don't need to do much inside the system vms, and I fear that there are a lot of clouds out there with uber old system vms because people don't generally think about how they are exposed. At minimum we should write something about it, e.g. "How to make sure your system vm is up to date and secure" and possibly provide some options on how to achieve that. Currently I don't think there's a single sign that you have to worry about it at all. > I'm sure it's possible to get all the VRs registered in some sort of > ansible/puppet thingy and keep track of them this way. > > Sure, atleast ansible support dynamic inventory. > Regarding up to date VM templates, I think part of the problem is solved > as Jenkins is building 4.6 frequently: > http://jenkins.buildacloud.org/job/build-systemvm64-master/ > > It might just be a matter of uploading those to cloudstack.apt-get.eu. > That would solve 2) -- Erik
