WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Patch management using Xen--A Hypothetical Scenario!

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Patch management using Xen--A Hypothetical Scenario!
From: Jan Muhammad <janmuhd@xxxxxxxxx>
Date: Fri, 19 Feb 2010 12:58:16 +0000 (GMT)
Delivery-date: Fri, 19 Feb 2010 05:00:29 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1266584296; bh=5h86tGGGyKJ1J/tj+HwlZAeO8pZp9FRbTc85zwrjQss=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=U+PQHPBjewX63dUlo1P4ybhUYCbroO8Scko6LgDyorCVjE53VswIa30Av+cGbYYyW5kzkvGRVWOCkBnpOA6Fzdp+vIO8lKrFbsIvUJGsK3Rd0pTNATRBTgSFxjYSwDduy3UvUym2Vpv3wjjaVLrYkpgT9U5JotBg/mwHWcA+iwA=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=zF43AFw/bX1adzvhUA6eqHeNEG+D7fdTCcVwq3vY1QWQtvuLMZc04TKIvIBtXNPqiI3Uv+bqEEqzKbwF6kEc5Lgr8ADW0vrBpSREGHyOupspRC9lNa0RSNzsHdexLzKzZzvhiJtbLV5uzLOPia9l1yLlzCOEp4Pa1v7oh4yCakk=;
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <7207d96f1002190420x644824bg253769571bf11d59@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi All,
 
My aim is to simulate patch management via Xen virtual environment, to represent a real life use case scenario; as in real life environments it is difficult; before we apply patches on effected nodes, there's great need to carefully apply those patches to make sure things
don't break or apply patches in a controlled fashion.

Specifically in a situation such as "Cloud Computing" or "Compute Grids" where resources are in shared environment; for example (A hypothetical scenario...). In a joint Project called ENROLLER; Chris is a System admin; having different privileges to apply any "critical updates" related to OS having Sys admin role; John has different privileges such as Grid-Engineer to apply "ONLY Middlware or Shibbeloth-related(a middleware security tool)"
patches (such as GSI or Globus patches); while Alice being a developer
has the rights to apply patches related to "application software" e.g. ONLY Java or Browser related patches........

Can Xen be used in such a scenario with several images (domUs).... because in real life environments things might not work.

How if I try to approach the "secure patch management" in the following
manner (steps):


1.  'patch notification' from Microsoft/Debian or Sun/Xen or Globus for any
patch update [depends upon who should get these update notifications]

2. Get a list of All existing images (domU's) on the system

3. Verify the integrity of the patch(such as checking digital signatures
etc)

4. Identify which of the domU is effected and need to be patched

5. If there's need then "pause" the domU i.e (image) and then apply the
patch; else
6. Clone the image; and test patches on it before applying it to real domU
 
  Or

7. Live migrate the image to other domU or back up area in the dom0
[depending on who can migrate this domU]

8. Once patch is applied and things haven't gone wrong (no side effects), then restart the domU

8. On successful or failure of patch application notify the sys admin via (dom0)

9. Sys admin in turn update the central Information base (any Data-Base
e.g MySQL) for recent changes

Off course all of the above steps would be in some automated
fashion.....


I'm interested in experimenting the above (these may be more or less);

Can any one point me to any related tool/wiki/doc which can have a such use-case....?


-Jan Muhammad

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users