Good ideas John. I’m in fact already discussing a design I’m calling it "agents framework” (suggestions for better name are welcome!), I will try to share and update the spec soon that aims for this feature and refactoring work for ACS 4.6/master. For now, I’ve shared an architecture diagram here and some high level goals:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Agents+Framework Along with this, I’ve strong opinions and interests in just getting rid of Java based agents in systemvms (to reduce memory footprint) and replace the current agent-management server protocol (TCP based, which connects to only one management server on prt 8250 even if there are multiple management servers) with some interoperable protocol such as json/http, thrift etc that allows us to build better/scalable console proxy services (for example). People don’t discuss much, but virtual routers and systemvms are not well tested at all, we should also need efforts/infra to test these components with less human QA. Regards. > On 29-Jan-2015, at 2:14 am, John Kinsella <j...@stratosec.co> wrote: > > Every time there’s an issue (security or otherwise) with the system VM ISOs, > it’s a relative pain to fix. They’re sort of a closed system, people know > little (relative to other ACS parts, IMHO) about their innards, and updating > them is more difficult than it should be. > > I’d love to see a Better Way. I think these things could be dynamically > built, with the option to have them connect to a configuration management > (CM) system such as Puppet, Chef, Salt-Stack or whatever else floats people’s > boat. > > One possible use case: > * User installs new ACS system. > * User logs into mgmt server, goes to Templates area, clicks button to fetch > default SSVM image. UI allows providing alternative URL, other options as > needed. > * (time passes) > * Security issue is announced. User goes back into Templates area, selects > SSVM template, clicks “Download updated template” and it does. Under > infrastructure/system VMs and infrastrucutre/virtual routers, there’s buttons > to update one or more running instances to use the new template > > Another possible use case: > * User installs new ACS system > * User uploads SSVM template that has CM agent configured to talk to their CM > server (I’ve been wanting to lab this for a while now) > * As ACS creates system VMs, they phone home to CM server, it provides them > with instructions to install various packages and config as needed to be > domr/console proxy/whatever. We provide basic “recipes” for CM systems for > people to use and grow from. > * Security issue is announced. User updates recipe in CM system, a few > minutes later the SSVMs are up-to-date. > > Modification on that use case: We ship the SSVM with puppet/chef/blah > installed, part of the SSVM “patch” process configures appropriate CM system. > > What might make the second use case easier would be to have some hooks in ACS > that when a system is created/destroyed/modified, it informs 3rd party via > API. > > (Obviously API calls for all of the above to allow process without touching > the UI) > > Thoughts? > > John Regards, Rohit Yadav Software Architect, ShapeBlue M. +91 88 262 30892 | rohit.ya...@shapeblue.com Blog: bhaisaab.org | Twitter: @_bhaisaab Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
