Entries by Rohit Yadav

,

What’s coming in the new CloudMonkey 6.0?

Background The original CloudMonkey was contributed to the Apache CloudStack project on 31 Oct 2012 under the Apache License 2.0. It is written in Python and shipped using the Python CheeseShop, and since its inception has gone through several refactors and rewrites. While this has worked well over the years, the installation and usage have been limited […]

,

Secure Live KVM VM Migration with CloudStack 4.11.1

Introduction CloudStack 4.11.1 introduces a new security enhancement on top of the new CA framework to secure live KVM VM migrations. This feature allows live migration of guest VMs across KVM hosts using secured TLS enabled libvirtd process. Without this feature, the live migration of guest VMs across KVM hosts would use an unsecured TCP connection, which is prone […]

, ,

What’s new in CloudStack 4.11?

Version 4.11 of Apache CloudStack has been released with some exciting new features and a long list of improvements and fixes. It includes more than 400 commits, 220 pull requests, and fixes more than 250 issues.  This version has been worked on for 8 months and is the first release of the 4.11 LTS releases, […]

,

CloudStack CA Framework

Introduction The CloudStack management server listens by default on port 8250 for agents, and this is secured by one-way SSL authentication using the management server’s self-generated server certificates. While this encrypts the connection, it does not authenticate and validate the connecting agent (client). Upcoming features such as support for container/application cluster services require certificate management, and the emerging […]

, , , ,

Shapeblue Security Advisory For CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability

Overview Apache CloudStack provides a registerUserKeys API that allows a user to create or recreate a secret key and an API key to use for authentication when using the CloudStack API. A malicious user can request this API action in conjunction with the ID of another CloudStack user/account.  The newly created or re-generated API keys for […]

, , , ,

CloudStack Test Automation with Trillian and Jenkins

In the previous post, we introduced and described Trillian that can build various environments in which we could deploy a CloudStack zone and run Marvin based integration tests. In this post, we’ll describe how we are using Jenkins and Trillian to test CloudStack builds in various environments. Build Pipeline Our build pipeline can be seen in the attached […]

, , ,

Shapeblue Security Advisory For CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability

Overview Apache CloudStack contains an authentication module providing “single sign-on” functionality via the SAML data format. Under certain conditions, a user could manage to access the user interface without providing proper credentials. As the SAML plugin is disabled by default, this issue only affects installations that have enabled and use SAML-based authentication. Mitigation: Users of […]

, , ,

Shapeblue Security Advisory for CVE-2015-0235, aka the Ghost vulnerability

Overview A vulnerability has been recently disclosed by Qualys that could result in a remote attacker being able to execute malicious instructions on vulnerable systems. The vulnerability affects Linux based operating systems. This is better known as GHOST ‘glibc’ vulnerability (CVE-2015-0235): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 What is ShapeBlue Doing ShapeBlue has analysed the impact of this issue on Apache CloudStack (ACS).  The […]

What’s new in CloudMonkey 5.3.0?

The Apache CloudStack community recently released CloudMonkey 5.3.0. In this post, Rohit Yadav Software Architect at ShapeBlue talks about this release and his work on the new server profile feature. For more information on CloudMonkey and its usage click here. At ShapeBlue we offer CloudStack infrastructure support and in doing so we rely heavily on tools such as CloudMonkey […]

Public CloudStack Packages

ShapeBlue , today, announced that we will be publicly hosting our public CloudStack repository and SystemVM templates. But why have we decided to do this ? Access to our CloudStack product patches Part of ShapeBlue’s CloudStack Software Engineering services, we provide a product patching service to our customers where we  take an official CloudStack release that our […]