The Apache CloudStack Blog

Wednesday Apr 09, 2014

How to Mitigate OpenSSL HeartBleed Vulnerability in Apache CloudStack

OpenSSL is an important part of Apache CloudStack. In light of the recent "HeartBleed" vulnerability disclosure, we are providing instructions on how to mitigate the vulnerability in your infrastructure.[Read More]

Tuesday Mar 25, 2014

Realhostip Service is Being Retired

Recently the Apache CloudStack PMC was informed that the realhostip.com Dynamic DNS service that CloudStack currently uses as part of the console proxy will be disbanded this summer. The realhostip service will be shut down June 30th, 2014, meaning users have approximately 3 months to mitigate this.

Prior to version 4.3, CloudStack used the realhostip.com service by default. With the release of CloudStack version 4.3 the default communication method with the console proxy is plaintext HTTP.

Who is Affected

CloudStack installations prior to version 4.3 that have not been reconfigured to use a DNS domain other than realhostip.com for Console Proxy or Secondary Storage must make changes to continue functioning past June 30th, 2014.

Steps You Need to Take

If you meet the criteria above, there are several options to prepare for realhostip retirement:

  • Set up wildcard SSL certificate and DNS entries: This method is already well supported within prior versions of CloudStack.
  • Upgrade to CloudStack 4.3 and disable SSL: This is only recommended for development installations, or private clouds that contain no information of importance.
  • Upgrade to CloudStack 4.3, set up static SSL certificate and configure load balancer to point to the correct IP address: While this allows an administrator to skip setting up the DNS entries from the previous option, it is a more advanced option as CloudStack 4.3 does not support automatic load balancer configuration for the Console Proxy. It is hoped this functionality will be available in future releases.

For instructions on how to set up SSL encryption for use with CloudStack console proxy, please read the console proxy section of the CloudStack administration guide.

Additionally, if you will be using an SSL vendor who requires an intermediate CA chain to be installed for proper SSL validation by web browsers, detailed instructions for configuring the intermediate CA chain in CloudStack can be found here.

The Apache CloudStack security team does not recommend running a production cloud with either the realhostip.com SSL certificate, or with no SSL encryption at all.

Announcing Apache CloudStack 4.3.0

Flexible, scalable, Open Source Infrastructure as a Service (IaaS) used by organizations such as Zynga, Datapipe, and ISWest, among others, for creating, managing, and deploying public, private, and hybrid Cloud Computing environments

Forest Hill, MD --25 March 2014-- The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 170 Open Source projects and initiatives, today announced Apache CloudStack v4.3, the latest feature release of the CloudStack cloud orchestration platform.

Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public, private, and hybrid cloud environments. CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. CloudStack became an Apache Top-level Project (TLP) in March 2013. "We are proud to announce CloudStack v4.3," said Hugo Trippaers, Vice President of Apache CloudStack. "This release represents over six months of work from the Apache CloudStack community with many new and improved features."

Under The Hood

CloudStack V4.3 is the next feature release of the 4.x line which first released on November 6, 2012. Some of the noteworthy new and improved features include:

  • Support for Microsoft Hyper-V - Apache CloudStack can now manage Hyper-V hypervisors in addition to KVM, XenServer, VMware, LXC, and Bare Metal
  • Juniper OpenContrail integration - OpenContrail is a software defined networking controller from Juniper that CloudStack now integrates with to provide SDN services
  • SSL Termination support for guest VMs - Apache CloudStack can configure and manage SSL termination in certain load balancer devices
  • Palo Alto Firewall integration - Apache CloudStack can now manage and configure Palo Alto firewalls
  • Remote access VPN for VPC networks - CloudStack's remote access VPN is now available for Virtual Private Cloud networks
  • Site to Site VPN between VRs - CloudStack now allows site-to-site VPN connectivity to it's virtual routing devices. This permits your cloud computing environment to appear as a natural extension of your local network, or for you to easily interconnect multiple environments
  • VXLAN support expansion to include KVM - CloudStack's support for integrating VXLAN, the network virtualization technology that attempts to ameliorate scalability problems with traditional networking
  • SolidFire plugin extension to support KVM and hypervisor snapshots for XenServer and ESX - SolidFire provides guaranteed Storage Quality of Service at the Virtual Machine level
  • Dynamic Compute offering - CloudStack now has the ability to dynamically scale the resources assigned to a running virtual machine instance for those hypervisors which support it

Downloads and Documentation

The official source code for the v4.3 release, as well as individual contributors' convenience binaries, can be downloaded from the Apache CloudStack downloads page at http://cloudstack.apache.org/downloads.html

The CloudStack 4.3 release includes over 110 issues from 4.2.0 and 4.2.1, including fixes for object storage support, documentation, and more. A full list of corrected issues and upgrade instructions are available in the Release Notes http://docs.cloudstack.apache.org/projects/cloudstack-release-notes

Official installation, administration, and API documentation for each release is available at http://docs.cloudstack.apache.org/en/latest/ Apache CloudStack in Action

Join members of the Apache CloudStack community at the CloudStack Collaboration Conference, taking place 9-11 April 2014 immediately following ApacheCon. For more information, visit http://cloudstackcollab.org

Availability and Oversight

As with all Apache products, Apache CloudStack v4.3 is released under the Apache License v2.0, and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project’s day-to-day operations, including community development and product releases. For documentation and ways to become involved with Apache CloudStack, visit http://cloudstack.apache.org/

About The Apache Software Foundation (ASF)

Established in 1999, the all-volunteer Foundation oversees more than one hundred and seventy leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 400 individual Members and 3,500 Committers successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Budget Direct, Citrix, Cloudera, Comcast, Facebook, Google, Hortonworks, HP, Huawei, IBM, InMotion Hosting, Matt Mullenweg, Microsoft, Pivotal, Produban, WANdisco, and Yahoo.

For more information, visit http://www.apache.org/ or follow @TheASF on Twitter.

"Apache", "CloudStack", "Apache CloudStack", and "ApacheCon" are trademarks of The Apache Software Foundation. All other brands and trademarks are the property of their respective owners.

Friday Jan 10, 2014

Announcing Apache CloudStack 4.2.1

The Apache CloudStack project is pleased to announce the 4.2.1 release of the CloudStack cloud orchestration platform. This is a minor release of the 4.2.0 branch which released on Oct 1, 2013. The 4.2.1 release contains more than 150 bug fixes. As a bug fix release, no new features are included in 4.2.1.

The 4.2.1 release includes fixes for a number of issues; including problems with Xenserver VMSnapshots, UCS, device ID for Xen, configurable option to choose single Vs multipart upload for S3 API, allowing network with public IP Address without needing SourceNAT, and documentation fixes.

As a minor release it is a simple upgrade from 4.2.0 with no architectural changes. CloudStack Management Servers Services, and all SystemVMs will require a restart.

This release also addresses two security issues CVE-2013-6398 and CVE-2014-0031

Documentation

The 4.2.1 release notes includes full list of corrected issues as well as upgrade instructions from previous versions of Apache CloudStack. Please see the Release Notes for a full list of corrected issues and upgrade instructions.

The official installation, administration and API documentation for each release are available on our Documentation Page.

Downloads

The official source code for the 4.2.1 release can be downloaded from our Downloads Page.

In addition to the official source code release, individual contributors have also made convenience binaries in the form or RPM and Deb packages available from the download page.

About Apache CloudStack

Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public and private cloud environments. CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. The project became an Apache top level project in March 2013.

For additional marketing or communications information, please contact the marketing mailing list.

To learn how to join and contribute to the Apache CloudStack community please visit our website.

[CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users

Product: Apache CloudStack
Vendor: Apache Software Foundation
Vulnerability type: Information Disclosure
Vulnerable Versions: Apache CloudStack 4.2.0
CVE References: CVE-2014-0031
Risk Level: Low
CVSSv2 Base Scores: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)

Description:

The Apache CloudStack Security Team was notified of a an issue in Apache CloudStack which permits an authenticated user to list network ACLs for other users.

Mitigation:

Upgrading to CloudStack 4.2.1 or higher will mitigate this issue.

References:

https://issues.apache.org/jira/browse/CLOUDSTACK-5145

Credit:

This issue was identified by Marcus Sorensen

[CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access

Product: Apache CloudStack
Vendor: Apache Software Foundation
Vulnerability type: Bypass
Vulnerable Versions: Apache CloudStack 4.1.0, 4.1.1, 4.2.0
CVE References: CVE-2013-2136
Risk Level: Low
CVSSv2 Base Scores: 2.8 (AV:N/AC:M/Au:M/C:P/I:N/A:N)

Description:

The Apache CloudStack Security Team was notified of a an issue in the Apache CloudStack virtual router that failed to preserve source restrictions in firewall rules after a virtual router had been stopped and restarted.

Mitigation:

Upgrading to CloudStack 4.2.1 or higher will mitigate this issue.

References:

https://issues.apache.org/jira/browse/CLOUDSTACK-5263

Credit:

This issue was identified by the Cloud team at Schuberg Philis

Tuesday Oct 01, 2013

Announcing Apache CloudStack 4.2.0

The Apache CloudStack project is excited to announce the 4.2 feature release of the CloudStack cloud orchestration platform. This is the next feature release of the 4.x line which first released on November 6, 2012 with the 4.1 release on June 5. This is the second major release from Apache CloudStack since its graduation from the Apache Incubator on March 20th.

This release represents over six months of work from the Apache CloudStack community with 57 new and 29 improved features being provided. Many new features incorporate contributions from major corporations and support for industry standards. New integrated support of the Cisco UCS compute chassis, SolidFire storage arrays, and the S3 storage protocol are just a few of the features available in this release.

Documentation

The 4.2 release includes over 160 issues from 4.1.0 and 4.1.1 were fixed; including fixes for swift support, fixes to documentation, and more. Please see the Release Notes for a full list of corrected issues and upgrade instructions.

The official installation, administration and API documentation for each release are available on our Documentation Page.

Downloads

The official source code for the 4.2 release can be downloaded from our Downloads Page.

In addition to the official source code release, individual contributors have also made convenience binaries available on the Apache CloudStack download page.

Apache CloudStack

Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public and private cloud environments. CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. The project became an Apache top level project in March 2013.

For additional marketing or communications information, please contact the marketing mailing list.

To learn how to join and contribute to the Apache CloudStack community please visit our website at http://cloudstack.apache.org.

Tuesday Sep 24, 2013

Announcing Apache CloudStack CloudMonkey 5.0.0!

The Apache CloudStack project is pleased to announce the immediate availability of the Apache CloudStack CloudMonkey 5.0.0 release.

Apache CloudStack's CloudMonkey is a Python-based command line utility for interacting with Apache CloudStack IaaS clouds. The software provides an interactive shell environment that includes command discovery, auto-completion and multiple output formats. CloudMonkey can also be used as a simple command line utility, which can be easily integrated into larger shell scripts.

This is the first independently released version of CloudMonkey provided by the Apache CloudStack project community. This release includes pre-cached API command syntax for Apache CloudStack versions up to and including CloudStack 4.2.0.

The release can be obtained from the CloudMonkey section of the Apache CloudStack download page:

http://cloudstack.apache.org/downloads.html

Additionally, the 5.0.0 release is available via the Python Package Index (https://pypi.python.org/pypi/cloudmonkey) and may be installed via pip. Further instructions may be found on the Apache CloudStack download page.

We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at:

http://cloudstack.apache.org/

Thursday Sep 05, 2013

Apache CloudStack Weekly News - 4 September 2013

Welcome back to another exciting issue of the Apache CloudStack Weekly News. This week, 4.2.0 enters it's fourth round of voting, we welcome several new committers and look at some of the major discussions on the Apache CloudStack mailing lists, and much more.

Major Discussions

4.2 is Now being Voted On

The fourth round of voting is now open on the 4.2 release. This release is full of new features, fixes and thousands of hours of work from everyone in the community. It's important to test and cast your vote on the release. Remember that all members of the community are eligible to cast a vote and note any issues that they have with the current release candidate.

4.2 Issues Closure

Sudha Ponnaganti has throughout the 4.2 put together a list of the the current blocker and critical issues that need to be reviewed. If you have issues that have been resolved please review, test, and close out please.

High Quality Documentation

For some time now there has been discussion around a possible replacement to our current use DocBook for our primary document editor. Sebastien Goasguen started a discussion to look at Markdown by Daring Fireball. With there being concern about how to create and maintain high quality documentation, this is an important thread to participate in for anyone interested in the release documents.

After seeing lots of frustrated people with folks I decided to try something out with markdown.

I used pandoc to convert some docbook files to markdown and I used a structure for a book based on 'The little mongodb' book.
We can generate epub and pdf using latex.

See: link

There are two "books" aimed at being step by step recipes. Not long, not convoluted, single OS, etc…simple step by step.

link
link

I am still sanitizing the installation one based on 4.2 .

Comments, flames ?

CloudStack Planet

Speaking in Tech Podcast - The Register

Aaron Delp joined in as a part of talking cloud and especially CloudStack as part of an interview with The Register and their "Speaking in Tech" podcast series.

Aaron's section on ACS is from 17:45 to 26:00 - http://www.theregister.co.uk/2013/08/01/speaking_in_tech_episode_69/

CloudStack Appliances Released

Ilya Musayev a committer of the ACS project and founder of CloudSands project has recently announced the release of a set of pre-built management server appliances available for open use based off the ACS 4.1.1 code base. There are appliances for VMware, Xen and KVM hypervisors.

Objective: Speed up the Apache CloudStack adoption by abstracting the need of going through install process and using pre-installed package instead. Especially useful for a quick POC.

vSphere:
Short URL: link
Long URL: link

KVM:
Short URL: link
Long URL: link

XEN:
Short URL: link
Full URL: link

Minimum Requirements:
1 CPU x 2 GB of RAM

Testing:

Please spend few minutes on testing these out, you can import it as a template into your ACS - power on and see the details on initial start.
I've tested vSphere and KVM version. I don't have XEN instance to try.

Events

New Committers and PMC Members

  • Ilya Musayev has been invited to join the CloudStack PMC, and has accepted.
  • Vijay Bhamidipati has been invited by the PMC to become a committer and has accepted.
  • Toshiaki Hatano has been invited by the PMC to become a committer and has accepted.
  • Kirk Kosinski has been invited by the PMC to become a committer and has accepted.
  • Ian Duffy has been invited by the PMC to become a committer and has accepted.

Friday Aug 16, 2013

Announcing the CloudStack Collaboration Conference - Europe

With two very successful events in the United Stated we know it is time to bring this conference to Europe. This time we’re gathering the community in The Netherlands. More specific, right in the center of Amsterdam in one of its historical landmarks, the Beurs van Berlage.

Starting November 20th with a hack day and continuing with a two day conference, this will be your opportunity to dive into all things CloudStack. Meet the community, discuss new ideas and learn about existing and upcoming features. We have setup the conference to provide an exciting environment to participate in workshops, attend presentations or just sit back and have a drink with other CloudStack enthusiasts.

The Call for Papers is open right now, so send your abstract to cfp@cloudstackcollab.org. If it’s relevant to Apache CloudStack development, deployment, and integration, we’re interested in what you might have to say. We can accommodate workshops, hack sessions, presentation and we want to work with you to make sure you can share what you want with the community. Check the website for more details, http://www.cloudstackcollab.org/call-for-papers

The conference website http://www.cloudstackcollab.org will be regularly updated with new content to keep you informed about the conference. Please check it regularly to be informed about the latest developments regarding the CloudStack Collaboration Conference Europe.

Important Dates

The Call for Papers will run from today (August 16th) to September 30th. We will send out notifications shortly after closing the the Call for Papers.

The Conference Hack Day will be November 20th

The Conference talks and planned sessions begin on November 21th

The Conference ends on November 22th

Registration

We will announce the registration in a short while, please keep an eye on the website http://www.cloudstackcollab.org/ for more details.

Location

The conference will be at the Beurs van Berlage in Amsterdam, The Netherlands. Located in the city center it is close to quite a number of hotels and hostels in Amsterdam. We are looking at the possibility to make a deal with one of the hotels in the immediate vicinity of the conference location. We will update the conference website when we have the details.

Sponsoring

Sponsoring opportunities are available for the CloudStack Collaboration Conference. At the conference website http://www.cloudstackcollab.org/sponsors some of our sponsors will explain you the benefits in a video message. If you’d like to see the sponsorship prospectus or ask about sponsoring, contact sponsors@cloudstackcollab.org.

We’re very pleased to invite the community to Amsterdam and we hope you’ll join us! See you in Amsterdam!

Wednesday Aug 07, 2013

[CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity

The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system.[Read More]

Tuesday Aug 06, 2013

Apache CloudStack 4.1.1 Released

The Apache CloudStack project is pleased to announce the 4.1.1 release of the Apache CloudStack cloud orchestration platform.[Read More]

Thursday Jul 25, 2013

Apache CloudStack Weekly News - 24 July 2013

Welcome back to another exciting issue of the Apache CloudStack Weekly News. This week, we take a look at the progress towards 4.2.0, major discussions on the Apache CloudStack mailing lists, and much more.

[Read More]

Thursday Jul 11, 2013

CloudStack Weekly News - 10 July 2013

The community is busy working on 4.2.0, and there's much to be done before the release is ready. This week, we're taking a look at some of the interesting discussions going on in the the community about the next generation of Apache CloudStack, and functionality we can provide, as well as procedural changes that everyone should be aware of.

[Read More]

Tuesday Jul 02, 2013

Apache CloudStack Weekly News - 1 July 2013

We are half way through the year and a lot of work is done, and lot more is yet to be done. This week we look back at some of the CloudStack Collaboration Conference, work continues on 4.1.1 and 4.2.0, and we have some interesting discussions on how we should release the CloudMonkey and Marvin tools used with CloudStack. There's a by-laws vote underway to look at how and where we decide non-technical issues, and some discussion on the best way to to discuss and do code reviews.

[Read More]

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation