It _must_ be lying :-) When I install a systemvm from this last build: http://jenkins.buildacloud.org/job/build-systemvm64-master/lastBuild/artifact/tools/appliance/dist/systemvm64template-master-4.6.0-xen.vhd.bz2
It has 4.6.0 version, but /etc/cloudstack-version shows it was built today. cat /etc/cloudstack-release Cloudstack Release 4.6.0 Mon Feb 22 09:33:04 UTC 2016 Regards, Remi On 22/02/16 12:23, "Erik Weber" <terbol...@gmail.com> wrote: >On Mon, Feb 22, 2016 at 11:42 AM, Remi Bergsma <rberg...@schubergphilis.com> >wrote: > >> Hi Erik, >> >> The version might not change, but Jenkins builds new ones every night with >> latest OS patches: >> http://jenkins.buildacloud.org/job/build-systemvm64-master/ >> >> Option 1) and 3) will work once we allow more space on the systemvm >> template for it to actually handle installing stuff. You then also assume >> they have internet acces, which may not be true. >> >> >If they aren't accessible from the internet then securing them isn't as >important either. >You still have to factor in the internal risk, but that is generally far >lower than the external risk. > >In cases where it is accessible from the internet, but does not have >outgoing access to the internet you're up for a treat. > > > >> Option 2) I think we already do that? >> >> > >Unless the web server is lying to me, then no: >eriweb@eriweb:~$ curl -Is >http://cloudstack.apt-get.eu/systemvm/4.6/systemvm64template-4.6.0-kvm.qcow2.bz2 >| grep Last-Modified >Last-Modified: Mon, 09 Nov 2015 11:30:30 GMT > > >You can always upload a new template and replace it (a global config like >> systemvm.minversion or so exists). This will require to reboot all routers >> currently. >> >> >Sure I know that, but to replace the whole system vm just to update glibc, >haproxy or what have you seems a bit extreme. > >My intention for this thread was to figure out if we can provide cloudstack >users a way to ensure their system vms are kept up to date. >It should be optional so that more advanced users or those without internet >etc. don't run into issues because of it, while still keeping all those >small clouds that 'just works' safe and secure. > >-- >Erik