Hi All, I think that there are 3 things people would like to see:
1. clear versioning of system vm templates, with some kind of compatibility matrix so they know which one(s) they can use with different versions of CloudStack 2. an easy way to update the system vm template 3. an easy(ish) way to customise system vm templates It might be worth considering have two types of template a. the console proxy and secondary storage template b. the virtual router/ VPC template. Regards Paul Angus Cloud Architect S: +44 20 3603 0540 | M: +447711418784 | T: CloudyAngus paul.an...@shapeblue.com -----Original Message----- From: John Kinsella [mailto:j...@stratosec.co] Sent: 29 January 2015 18:06 To: dev@cloudstack.apache.org Subject: Re: [DISCUSS] we need a better SSVM solution Interesting… Concur on having an open/standardized protocol. Something clustered like Serf/Consul could be attractive, but the overhead/requirements of those type of things usually scares me away. Having ACS act as a CA would be quite interesting for some things. It’s one of the reasons I’ve pondered a “hook” in the past to notify 3rd party upon VM creation/deletion/etc. Wonder if we could take advantage of dogtag or similar. All that said - setup/management of a CA is a PIA and probably outside scope of ACS, unless you did a “light” one similar to Puppet by default... An aside on that “hook” idea - something scriptable similar to (I said “similar to," no flames!) systemd for this could be interesting. A good portion of users would resist having an agent installed on the user VM, but I guess we’re in that position already, and they just wouldn’t get the added functionality. One user experience point: Almost every time Parallels comes out with a new version, I have to update their agent on my VMs, which on the Windows side means a reboot. That gets old, and I’ve only got a handful of win VMs there... Going to see if I can puppet-ize one of the SSVMs over the weekend to see what other thoughts come up. John > On Jan 29, 2015, at 2:06 AM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > > Good ideas John. > > I’m in fact already discussing a design I’m calling it "agents framework” > (suggestions for better name are welcome!), I will try to share and update > the spec soon that aims for this feature and refactoring work for ACS > 4.6/master. For now, I’ve shared an architecture diagram here and some high > level goals: > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Agents+Framework > > Along with this, I’ve strong opinions and interests in just getting rid of > Java based agents in systemvms (to reduce memory footprint) and replace the > current agent-management server protocol (TCP based, which connects to only > one management server on prt 8250 even if there are multiple management > servers) with some interoperable protocol such as json/http, thrift etc that > allows us to build better/scalable console proxy services (for example). > People don’t discuss much, but virtual routers and systemvms are not well > tested at all, we should also need efforts/infra to test these components > with less human QA. > > Regards. > >> On 29-Jan-2015, at 2:14 am, John Kinsella <j...@stratosec.co> wrote: >> >> Every time there’s an issue (security or otherwise) with the system VM ISOs, >> it’s a relative pain to fix. They’re sort of a closed system, people know >> little (relative to other ACS parts, IMHO) about their innards, and updating >> them is more difficult than it should be. >> >> I’d love to see a Better Way. I think these things could be dynamically >> built, with the option to have them connect to a configuration management >> (CM) system such as Puppet, Chef, Salt-Stack or whatever else floats >> people’s boat. >> >> One possible use case: >> * User installs new ACS system. >> * User logs into mgmt server, goes to Templates area, clicks button to fetch >> default SSVM image. UI allows providing alternative URL, other options as >> needed. >> * (time passes) >> * Security issue is announced. User goes back into Templates area, selects >> SSVM template, clicks “Download updated template” and it does. Under >> infrastructure/system VMs and infrastrucutre/virtual routers, there’s >> buttons to update one or more running instances to use the new template >> >> Another possible use case: >> * User installs new ACS system >> * User uploads SSVM template that has CM agent configured to talk to their >> CM server (I’ve been wanting to lab this for a while now) >> * As ACS creates system VMs, they phone home to CM server, it provides them >> with instructions to install various packages and config as needed to be >> domr/console proxy/whatever. We provide basic “recipes” for CM systems for >> people to use and grow from. >> * Security issue is announced. User updates recipe in CM system, a few >> minutes later the SSVMs are up-to-date. >> >> Modification on that use case: We ship the SSVM with puppet/chef/blah >> installed, part of the SSVM “patch” process configures appropriate CM system. >> >> What might make the second use case easier would be to have some hooks in >> ACS that when a system is created/destroyed/modified, it informs 3rd party >> via API. >> >> (Obviously API calls for all of the above to allow process without touching >> the UI) >> >> Thoughts? >> >> John > > Regards, > Rohit Yadav > Software Architect, ShapeBlue > M. +91 88 262 30892 | rohit.ya...@shapeblue.com > Blog: bhaisaab.org | Twitter: @_bhaisaab > > > > Find out more about ShapeBlue and our range of CloudStack related services > > IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Software > Engineering<http://shapeblue.com/cloudstack-software-engineering/> > CloudStack Infrastructure > Support<http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training > Courses<http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based upon > its contents, nor copy or show it to anyone. Please contact the sender if you > believe you have received this email in error. Shape Blue Ltd is a company > incorporated in England & Wales. ShapeBlue Services India LLP is a company > incorporated in India and is operated under license from Shape Blue Ltd. > Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is > operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company > registered by The Republic of South Africa and is traded under license from > Shape Blue Ltd. ShapeBlue is a registered trademark. Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
