Entries by Rohit Yadav

Apache CloudStack on RaspberryPi4 with KVM

IoTs have gained interest over recent times. In this article, Rohit Yadav, Principal Engineer at ShapeBlue, explores and shares his personal experience of setting up an Apache CloudStack based IaaS cloud on Raspberry Pi4, a popular single-board ARM64 IoT computer that can run GNU/Linux kernel with KVM. The article presents the use case of Apache […]

,

Secure Live KVM VM Migration with CloudStack 4.11.1 | CloudStack Feature Deep Dive

Introduction CloudStack 4.11.1 introduces a new security enhancement on top of the new CA framework to secure live KVM VM migrations. This feature allows live migration of guest VMs across KVM hosts using secured TLS enabled libvirtd process. Without this feature, the live migration of guest VMs across KVM hosts would use an unsecured TCP connection, which is prone […]

CloudStack CA Framework | CloudStack Feature Deep Dive

Introduction The CloudStack management server listens by default on port 8250 for agents, and this is secured by one-way SSL authentication using the management server’s self-generated server certificates. While this encrypts the connection, it does not authenticate and validate the connecting agent (client). Upcoming features such as support for container/application cluster services require certificate management, and the emerging […]

Shapeblue Security Advisory For CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability

Overview Apache CloudStack provides a registerUserKeys API that allows a user to create or recreate a secret key and an API key to use for authentication when using the CloudStack API. A malicious user can request this API action in conjunction with the ID of another CloudStack user/account.  The newly created or re-generated API keys for […]

CloudStack Test Automation with Trillian and Jenkins

In the previous post, we introduced and described Trillian that can build various environments in which we could deploy a CloudStack zone and run Marvin based integration tests. In this post, we’ll describe how we are using Jenkins and Trillian to test CloudStack builds in various environments. Build Pipeline Our build pipeline can be seen in the attached […]

Shapeblue Security Advisory For CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability

Overview Apache CloudStack contains an authentication module providing “single sign-on” functionality via the SAML data format. Under certain conditions, a user could manage to access the user interface without providing proper credentials. As the SAML plugin is disabled by default, this issue only affects installations that have enabled and use SAML-based authentication. Mitigation: Users of […]

Shapeblue Security Advisory for CVE-2015-0235, aka the Ghost vulnerability

Overview A vulnerability has been recently disclosed by Qualys that could result in a remote attacker being able to execute malicious instructions on vulnerable systems. The vulnerability affects Linux based operating systems. This is better known as GHOST ‘glibc’ vulnerability (CVE-2015-0235): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 What is ShapeBlue Doing ShapeBlue has analysed the impact of this issue on Apache CloudStack (ACS).  The […]

What’s new in CloudMonkey 5.3.0? | CloudStack Feature Deep Dive

The Apache CloudStack community recently released CloudMonkey 5.3.0. In this post, Rohit Yadav Software Architect at ShapeBlue talks about this release and his work on the new server profile feature. For more information on CloudMonkey and its usage click here. At ShapeBlue we offer CloudStack infrastructure support and in doing so we rely heavily on tools such as CloudMonkey […]