Re: Using CentOS-6.x on KVM-hosts - what are the threats?

[Vladimir Melnik]

Thank you for this article, your piece of advice helped me very much some time 
ago and I always install cloud-qemu-img to each host since 2014 when I had 
moved from 2.2 to 4.2 :)

On Fri, Feb 24, 2017 at 10:30:38AM +, Nux! wrote:
> This might still be an issue
> 
> http://www.nux.ro/oldblog/archive/2014/01/Taking_KVM_volume_snapshots_with_Cloudstack_4_2_on_CentOS_6_5.html
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro
> 
> - Original Message -
> > From: "Vladimir Melnik" 
> > To: "users" 
> > Sent: Friday, 17 February, 2017 18:53:14
> > Subject: Using CentOS-6.x on KVM-hosts - what are the threats?
> 
> > Dear colleagues,
> > 
> > I've just realized that my KVM-hosts are running CentOS-6 whilst it's
> > recommended to use CentOS-7 with the new versions of ACS. Everything
> > seems to be fine (some of these hosts are working for a few years),
> > hosts are working and things are great, but I'd like to ask a couple of
> > questions. Here they are.
> > 
> > (1) How high is the chance of the next version of ACS (4.10 or 4.11)
> > will be incompatible with CentOS-6? Should I worry about that and
> > consider upgrading to CentOS-7 immediately?
> > 
> > (2) What ACS features I'm missing because of that? I suppose that I'll
> > be disappointed if I try to limit a VM's IO-consumption, just because
> > old good QEMU-0.9 won't support it. Am I right? Are there other things
> > that are worth of upgraging to CentOS-7?
> > 
> > Thank you very much in advance for your replies!
> > 
> > --
> > V.Melnik

-- 
V.Melnik

Re: Using CentOS-6.x on KVM-hosts - what are the threats?

[Vladimir Melnik]

Thank you for the comment, Simon! The most funny thing is that I've added 3
new hosts to my infrastructure in December, their hardware is awesome, so
their hardware refresh is not a matter of the nearest future. :) Anyhow, 6.x
works great and the only thing I regret is lacking certain features (such as
IOpS limits).

 

I'm also maintaining a cluster of 5 hosts (primary storages aren't local,
they're connected via GlusterFS & NFS) which've been running 6.x too. I've
upgraded 3 of hosts from 6.x to 7.x, but when I'm trying to migrate a VM
from the "old" hosts to the "new" ones, the migration is being timed out and
the VM is being frozen in the "paused" state. I noticed a difference in the
CPU-flags set: all the hosts running 7.x have the "nopl" flag, but the hosts
running 6.x don't. This option appears only after installing 7.x and maybe
this is the cause. Does anyone have any suggestions on the reason that
causes freezing the VMs when they've been migrating from the 6.x-powered
hosts to the 7.x-powered ones? Is that the "nopl" flag? Is that anything
else? Thanks to all!

How would you like your Cloudstack templates?

[Nux!]

Hello,

Since templates are being discussed, I wanted to chip in and let you know I am 
about to revamp the templates at OpenVM.eu which I have neglected a bit.
The roadmap is short and should look something like this:

- we build everything from scratch (as opposed to trying to reuse and modify 
upstream images - I'm doing this for ubu/deb now) - except coreos which is 
weird and provide compatible images anyway

- all the kickstarts and preseeds will be on github, everyone is welcome to 
chip in with improvements or build their own

- separate per hypervisor type template builds, xenserver builds will ship 
xs-tools, vmware builds will ship openvm-tools, kvm will ship qemu-ga, hyperv 
will include their tools


The hw is sponsored, I am not paying for it. I'm happy to allow responsible PMC 
members access to it.

Also happy to host systemvm templates at OpenVM as a "neutral third party".



Now a few questions to which I'd really like some feedback.

1. Cloud-init is rather stubborn in using a default unprivileged user instead 
of root.
Should I use per distro users - ubuntu for ubuntu, centos for centos, freebsd 
for freebsd - or should I use something like "cloud" or "admin" for all of them?

2. I currently disable IPv6 in the templates I build from scratch as it is a 
pain point with Cloudstack at the moment - alas. Should I just leave the 
defaults on (ie enabled)?


Thanks!



--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

Re: How would you like your Cloudstack templates?

[Wido den Hollander]

> Op 25 februari 2017 om 12:40 schreef Nux! :
> 
> 
> Hello,
> 
> Since templates are being discussed, I wanted to chip in and let you know I 
> am about to revamp the templates at OpenVM.eu which I have neglected a bit.
> The roadmap is short and should look something like this:
> 
> - we build everything from scratch (as opposed to trying to reuse and modify 
> upstream images - I'm doing this for ubu/deb now) - except coreos which is 
> weird and provide compatible images anyway
> 
> - all the kickstarts and preseeds will be on github, everyone is welcome to 
> chip in with improvements or build their own
> 
> - separate per hypervisor type template builds, xenserver builds will ship 
> xs-tools, vmware builds will ship openvm-tools, kvm will ship qemu-ga, hyperv 
> will include their tools
> 
> 
> The hw is sponsored, I am not paying for it. I'm happy to allow responsible 
> PMC members access to it.
> 
> Also happy to host systemvm templates at OpenVM as a "neutral third party".
> 
> 
> 
> Now a few questions to which I'd really like some feedback.
> 
> 1. Cloud-init is rather stubborn in using a default unprivileged user instead 
> of root.
> Should I use per distro users - ubuntu for ubuntu, centos for centos, freebsd 
> for freebsd - or should I use something like "cloud" or "admin" for all of 
> them?
> 
> 2. I currently disable IPv6 in the templates I build from scratch as it is a 
> pain point with Cloudstack at the moment - alas. Should I just leave the 
> defaults on (ie enabled)?
> 

I say keep IPv6 enabled on the defaults of Linux. As Basic Networking will have 
IPv6 support starting with 4.10 :-)

Wido

> 
> Thanks!
> 
> 
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro

AW: Introducing Vishwas

[Vogel, Sven]

Welcome, cool :) KVM :)


-Ursprüngliche Nachricht-
Von: Vishwas Pathak [mailto:vishwas_pat...@accelerite.com] 
Gesendet: Freitag, 24. Februar 2017 10:08
An: d...@cloudstack.apache.org; users@cloudstack.apache.org
Betreff: Introducing Vishwas

Hello CloudStack team,

My name is Vishwas Pathak and I am working with Accelerite CloudPlatform 
testing team. Earlier I have worked in storage systems, cloud computing, 
virtualization and telecom messaging domains. Excited to be part of this 
community and happy to contribute.

Currently I am working on testing the Accelerite CloudPlatform product. So far 
have worked on Xen server and VMWare based environments. Did some testing for 
KVM as well. 

Looking forward to work with all of you.


Regards,
Vishwas Pathak
www.accelerite.com






DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.

latest security vulnerability "Cloudbleed"

[Suresh Sadhu]

HI All,

On February 18th, 2017, Google security researchers discovered a potentially 
dangerous leak in Cloudflare's services that resulted in the exposure of 
sensitive data belonging to thousands of companies and their users. The media 
has dubbed the leak "Cloudbleed.". The flaw was exposed via an issue with an 
HTML parser.

http://gizmodo.com/cloudbleed-is-a-problem-but-it-gets-worse-1792721147


Regards
Sadhu






DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.

Re: latest security vulnerability "Cloudbleed"

[Rene Moser]

Hi Suresh

And this is interesting for cloudstack users because of... what reason?

René

On 02/25/2017 04:26 PM, Suresh Sadhu wrote:
> HI All,
> 
> On February 18th, 2017, Google security researchers discovered a potentially 
> dangerous leak in Cloudflare's services that resulted in the exposure of 
> sensitive data belonging to thousands of companies and their users. The media 
> has dubbed the leak "Cloudbleed.". The flaw was exposed via an issue with an 
> HTML parser.
> 
> http://gizmodo.com/cloudbleed-is-a-problem-but-it-gets-worse-1792721147
> 
> 
> Regards
> Sadhu
> 
> 
> 
> 
> 
> 
> DISCLAIMER
> ==
> This e-mail may contain privileged and confidential information which is the 
> property of Accelerite, a Persistent Systems business. It is intended only 
> for the use of the individual or entity to which it is addressed. If you are 
> not the intended recipient, you are not authorized to read, retain, copy, 
> print, distribute or use this message. If you have received this 
> communication in error, please notify the sender and delete all copies of 
> this message. Accelerite, a Persistent Systems business does not accept any 
> liability for virus infected mails.
> 

RE: latest security vulnerability "Cloudbleed"

[Suresh Sadhu]

would like to know  does any of users got impacted who might be using their 
services. That is the reason send  this to users list and not on dev list .


regards
sadhu

-Original Message-
From: Rene Moser [mailto:m...@renemoser.net]
Sent: Saturday, February 25, 2017 9:07 PM
To: users@cloudstack.apache.org
Subject: Re: latest security vulnerability "Cloudbleed"

Hi Suresh

And this is interesting for cloudstack users because of... what reason?

René

On 02/25/2017 04:26 PM, Suresh Sadhu wrote:
> HI All,
>
> On February 18th, 2017, Google security researchers discovered a potentially 
> dangerous leak in Cloudflare's services that resulted in the exposure of 
> sensitive data belonging to thousands of companies and their users. The media 
> has dubbed the leak "Cloudbleed.". The flaw was exposed via an issue with an 
> HTML parser.
>
> http://gizmodo.com/cloudbleed-is-a-problem-but-it-gets-worse-1792721147
>
>
> Regards
> Sadhu
>
>
>
>
>
>
> DISCLAIMER
> ==
> This e-mail may contain privileged and confidential information which is the 
> property of Accelerite, a Persistent Systems business. It is intended only 
> for the use of the individual or entity to which it is addressed. If you are 
> not the intended recipient, you are not authorized to read, retain, copy, 
> print, distribute or use this message. If you have received this 
> communication in error, please notify the sender and delete all copies of 
> this message. Accelerite, a Persistent Systems business does not accept any 
> liability for virus infected mails.
>



DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.

Re: How would you like your Cloudstack templates?

[Chiradeep Vittal]

Use the distro default 

> On Feb 25, 2017, at 3:40 AM, Nux!  wrote:
> 
> Hello,
> 
> Since templates are being discussed, I wanted to chip in and let you know I 
> am about to revamp the templates at OpenVM.eu which I have neglected a bit.
> The roadmap is short and should look something like this:
> 
> - we build everything from scratch (as opposed to trying to reuse and modify 
> upstream images - I'm doing this for ubu/deb now) - except coreos which is 
> weird and provide compatible images anyway
> 
> - all the kickstarts and preseeds will be on github, everyone is welcome to 
> chip in with improvements or build their own
> 
> - separate per hypervisor type template builds, xenserver builds will ship 
> xs-tools, vmware builds will ship openvm-tools, kvm will ship qemu-ga, hyperv 
> will include their tools
> 
> 
> The hw is sponsored, I am not paying for it. I'm happy to allow responsible 
> PMC members access to it.
> 
> Also happy to host systemvm templates at OpenVM as a "neutral third party".
> 
> 
> 
> Now a few questions to which I'd really like some feedback.
> 
> 1. Cloud-init is rather stubborn in using a default unprivileged user instead 
> of root.
> Should I use per distro users - ubuntu for ubuntu, centos for centos, freebsd 
> for freebsd - or should I use something like "cloud" or "admin" for all of 
> them?
> 
> 2. I currently disable IPv6 in the templates I build from scratch as it is a 
> pain point with Cloudstack at the moment - alas. Should I just leave the 
> defaults on (ie enabled)?
> 
> 
> Thanks!
> 
> 
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro