[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Patch management using Xen--A Hypothetical Scenario!

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Jan Muhammad <janmuhd@xxxxxxxxx>
  • Date: Fri, 19 Feb 2010 12:58:16 +0000 (GMT)
  • Delivery-date: Fri, 19 Feb 2010 05:00:29 -0800
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=zF43AFw/bX1adzvhUA6eqHeNEG+D7fdTCcVwq3vY1QWQtvuLMZc04TKIvIBtXNPqiI3Uv+bqEEqzKbwF6kEc5Lgr8ADW0vrBpSREGHyOupspRC9lNa0RSNzsHdexLzKzZzvhiJtbLV5uzLOPia9l1yLlzCOEp4Pa1v7oh4yCakk=;
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
Hi All,
 
My aim is to simulate patch management via Xen virtual environment, to represent a real life use case scenario; as in real life environments it is difficult; before we apply patches on effected nodes, there's great need to carefully apply those patches to make sure things
don't break or apply patches in a controlled fashion.

Specifically in a situation such as "Cloud Computing" or "Compute Grids" where resources are in shared environment; for example (A hypothetical scenario...). In a joint Project called ENROLLER; Chris is a System admin; having different privileges to apply any "critical updates" related to OS having Sys admin role; John has different privileges such as Grid-Engineer to apply "ONLY Middlware or Shibbeloth-related(a middleware security tool)"
patches (such as GSI or Globus patches); while Alice being a developer
has the rights to apply patches related to "application software" e.g. ONLY Java or Browser related patches........

Can Xen be used in such a scenario with several images (domUs).... because in real life environments things might not work.

How if I try to approach the "secure patch management" in the following
manner (steps):


1.  'patch notification' from Microsoft/Debian or Sun/Xen or Globus for any
patch update [depends upon who should get these update notifications]

2. Get a list of All existing images (domU's) on the system

3. Verify the integrity of the patch(such as checking digital signatures
etc)

4. Identify which of the domU is effected and need to be patched

5. If there's need then "pause" the domU i.e (image) and then apply the
patch; else
6. Clone the image; and test patches on it before applying it to real domU
 
  Or

7. Live migrate the image to other domU or back up area in the dom0
[depending on who can migrate this domU]

8. Once patch is applied and things haven't gone wrong (no side effects), then restart the domU

8. On successful or failure of patch application notify the sys admin via (dom0)

9. Sys admin in turn update the central Information base (any Data-Base
e.g MySQL) for recent changes

Off course all of the above steps would be in some automated
fashion.....


I'm interested in experimenting the above (these may be more or less);

Can any one point me to any related tool/wiki/doc which can have a such use-case....?


-Jan Muhammad

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.