Skip to main content

The Apache CloudStack project is pleased to announce the 4.2.1 release of the CloudStack cloud orchestration platform. This is a minor release of the 4.2.0 branch which released on Oct 1, 2013. The 4.2.1 release contains more than 150 bug fixes. As a bug fix release, no new features are included in 4.2.1.

The 4.2.1 release includes fixes for a number of issues; including problems with Xenserver VMSnapshots, UCS, device ID for Xen, configurable option to choose single Vs multipart upload for S3 API, allowing network with public IP Address without needing SourceNAT, and documentation fixes.

As a minor release it is a simple upgrade from 4.2.0 with no architectural changes. CloudStack Management Servers Services, and all SystemVMs will require a restart.

This release also addresses two security issues CVE-2013-6398 and CVE-2014-0031

Documentation

The 4.2.1 release notes includes full list of corrected issues as well as upgrade instructions from previous versions of Apache CloudStack. Please see the Release Notes for a full list of corrected issues and upgrade instructions.

The official installation, administration and API documentation for each release are available on our Documentation Page.

Downloads

The official source code for the 4.2.1 release can be downloaded from our Downloads Page.

In addition to the official source code release, individual contributors have also made convenience binaries in the form or RPM and Deb packages available from the download page.

About Apache CloudStack

Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public and private cloud environments. CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. The project became an Apache top level project in March 2013.

For additional marketing or communications information, please contact the marketing mailing list.

To learn how to join and contribute to the Apache CloudStack community please visit our website.

Product: Apache CloudStack
Vendor: Apache Software Foundation
Vulnerability type: Bypass
Vulnerable Versions: Apache CloudStack 4.1.0, 4.1.1, 4.2.0
CVE References: CVE-2013-2136
Risk Level: Low
CVSSv2 Base Scores: 2.8 (AV:N/AC:M/Au:M/C:P/I:N/A:N)

Description:

The Apache CloudStack Security Team was notified of a an issue in the Apache CloudStack virtual router that failed to preserve source restrictions in firewall rules after a virtual router had been stopped and restarted.

Mitigation:

Upgrading to CloudStack 4.2.1 or higher will mitigate this issue.

References:

https://issues.apache.org/jira/browse/CLOUDSTACK-5263

Credit:

This issue was identified by the Cloud team at Schuberg Philis

Product: Apache CloudStack
Vendor: Apache Software Foundation
Vulnerability type: Information Disclosure
Vulnerable Versions: Apache CloudStack 4.2.0
CVE References: CVE-2014-0031
Risk Level: Low
CVSSv2 Base Scores: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)

Description:

The Apache CloudStack Security Team was notified of a an issue in Apache CloudStack which permits an authenticated user to list network ACLs for other users.

Mitigation:

Upgrading to CloudStack 4.2.1 or higher will mitigate this issue.

References:

https://issues.apache.org/jira/browse/CLOUDSTACK-5145

Credit:

This issue was identified by Marcus Sorensen

The Apache CloudStack project is excited to announce the 4.2 feature release of the CloudStack cloud orchestration platform. This is the next feature release of the 4.x line which first released on November 6, 2012 with the 4.1 release on June 5. This is the second major release from Apache CloudStack since its graduation from the Apache Incubator on March 20th.

This release represents over six months of work from the Apache CloudStack community with 57 new and 29 improved features being provided. Many new features incorporate contributions from major corporations and support for industry standards. New integrated support of the Cisco UCS compute chassis, SolidFire storage arrays, and the S3 storage protocol are just a few of the features available in this release.

Documentation

The 4.2 release includes over 160 issues from 4.1.0 and 4.1.1 were fixed; including fixes for swift support, fixes to documentation, and more. Please see the Release Notes for a full list of corrected issues and upgrade instructions.

The official installation, administration and API documentation for each release are available on our Documentation Page.

Downloads

The official source code for the 4.2 release can be downloaded from our Downloads Page.

In addition to the official source code release, individual contributors have also made convenience binaries available on theApache CloudStack download page.

Apache CloudStack

Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public and private cloud environments. CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. The project became an Apache top level project in March 2013.

For additional marketing or communications information, please contact the marketing mailing list.

To learn how to join and contribute to the Apache CloudStack community please visit our website at http://cloudstack.apache.org.

The Apache CloudStack project is pleased to announce the immediate availability of the Apache CloudStack CloudMonkey 5.0.0 release.

Apache CloudStack's CloudMonkey is a Python-based command line utility for interacting with Apache CloudStack IaaS clouds. The software provides an interactive shell environment that includes command discovery, auto-completion and multiple output formats. CloudMonkey can also be used as a simple command line utility, which can be easily integrated into larger shell scripts.

This is the first independently released version of CloudMonkey provided by the Apache CloudStack project community. This release includes pre-cached API command syntax for Apache CloudStack versions up to and including CloudStack 4.2.0.

The release can be obtained from the CloudMonkey section of the Apache CloudStack download page:

http://cloudstack.apache.org/downloads.html

Additionally, the 5.0.0 release is available via the Python Package Index (https://pypi.python.org/pypi/cloudmonkey) and may be installed via pip. Further instructions may be found on the Apache CloudStack download page.

We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at:

http://cloudstack.apache.org/

Welcome back to another exciting issue of the Apache CloudStack Weekly News. This week, 4.2.0 enters it's fourth round of voting, we welcome several new committers and look at some of the major discussions on the Apache CloudStack mailing lists, and much more.

Major Discussions

4.2 is Now being Voted On

The fourth round of voting is now open on the 4.2 release. This release is full of new features, fixes and thousands of hours of work from everyone in the community. It's important to test and cast your vote on the release. Remember that all members of the community are eligible to cast a vote and note any issues that they have with the current release candidate.

4.2 Issues Closure

Sudha Ponnaganti has throughout the 4.2 put together a list of the current blocker and critical issues that need to be reviewed. If you have issues that have been resolved please review, test, and close out please.

High Quality Documentation

For some time now there has been discussion around a possible replacement to our current use DocBook for our primary document editor. Sebastien Goasguen started a discussion to look at Markdown by Daring Fireball. With there being concern about how to create and maintain high quality documentation, this is an important thread to participate in for anyone interested in the release documents.

After seeing lots of frustrated people with folks I decided to try something out with markdown.

I used pandoc to convert some docbook files to markdown and I used a structure for a book based on 'The little mongodb' book.
We can generate epub and pdf using latex.

See: link

There are two "books" aimed at being step by step recipes. Not long, not convoluted, single OS, etc…simple step by step.

link
link

I am still sanitizing the installation one based on 4.2 .

Comments, flames ?

CloudStack Planet

Speaking in Tech Podcast - The Register

Aaron Delp joined in as a part of talking cloud and especially CloudStack as part of an interview with The Register and their "Speaking in Tech" podcast series.

Aaron's section on ACS is from 17:45 to 26:00 - http://www.theregister.co.uk/2013/08/01/speaking_in_tech_episode_69/

CloudStack Appliances Released

Ilya Musayev a committer of the ACS project and founder of CloudSands project has recently announced the release of a set of pre-built management server appliances available for open use based off the ACS 4.1.1 code base. There are appliances for VMware, Xen and KVM hypervisors.

Objective: Speed up the Apache CloudStack adoption by abstracting the need of going through install process and using pre-installed package instead. Especially useful for a quick POC.

vSphere:
Short URL: link
Long URL: link

KVM:
Short URL: link
Long URL: link

XEN:
Short URL: link
Full URL: link

Minimum Requirements:
1 CPU x 2 GB of RAM

Testing:

Please spend few minutes on testing these out, you can import it as a template into your ACS - power on and see the details on initial start.
I've tested vSphere and KVM version. I don't have XEN instance to try.

Events

New Committers and PMC Members

  • Ilya Musayev has been invited to join the CloudStack PMC, and has accepted.
  • Vijay Bhamidipati has been invited by the PMC to become a committer and has accepted.
  • Toshiaki Hatano has been invited by the PMC to become a committer and has accepted.
  • Kirk Kosinski has been invited by the PMC to become a committer and has accepted.
  • Ian Duffy has been invited by the PMC to become a committer and has accepted.

With two very successful events in the United Stated we know it is time to bring this conference to Europe. This time we’re gathering the community in The Netherlands. More specific, right in the center of Amsterdam in one of its historical landmarks, the Beurs van Berlage.

Starting November 20th with a hack day and continuing with a two day conference, this will be your opportunity to dive into all things CloudStack. Meet the community, discuss new ideas and learn about existing and upcoming features. We have setup the conference to provide an exciting environment to participate in workshops, attend presentations or just sit back and have a drink with other CloudStack enthusiasts.

The Call for Papers is open right now, so send your abstract to cfp@cloudstackcollab.org. If it’s relevant to Apache CloudStack development, deployment, and integration, we’re interested in what you might have to say. We can accommodate workshops, hack sessions, presentation and we want to work with you to make sure you can share what you want with the community. Check the website for more details, http://www.cloudstackcollab.org/call-for-papers

The conference website http://www.cloudstackcollab.org will be regularly updated with new content to keep you informed about the conference. Please check it regularly to be informed about the latest developments regarding the CloudStack Collaboration Conference Europe.

Important Dates

The Call for Papers will run from today (August 16th) to September 30th. We will send out notifications shortly after closing the Call for Papers.

The Conference Hack Day will be November 20th

The Conference talks and planned sessions begin on November 21th

The Conference ends on November 22th

Registration

We will announce the registration in a short while, please keep an eye on the website http://www.cloudstackcollab.org/ for more details.

Location

The conference will be at the Beurs van Berlage in Amsterdam, The Netherlands. Located in the city center it is close to quite a number of hotels and hostels in Amsterdam. We are looking at the possibility to make a deal with one of the hotels in the immediate vicinity of the conference location. We will update the conference website when we have the details.

Sponsoring

Sponsoring opportunities are available for the CloudStack Collaboration Conference. At the conference website http://www.cloudstackcollab.org/sponsors some of our sponsors will explain you the benefits in a video message. If you’d like to see the sponsorship prospectus or ask about sponsoring, contact sponsors@cloudstackcollab.org.

We’re very pleased to invite the community to Amsterdam and we hope you’ll join us! See you in Amsterdam!

Product: Apache CloudStack
Vendor: The Apache Software Foundation
Vulnerability Type(s): Cross-site scripting (XSS)
Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0
CVE References: CVE-2013-2136
Risk Level: Low
CVSSv2 Base Scores: 4 (AV:N/AC:L/Au:S/C:N/I:P/A:N)

Description:

The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system.

Mitigation:

Updating to Apache CloudStack versions 4.1.1 or higher will mitigate this vulnerability.

Please see the 4.1.1 release notes for further information about how to upgrade:

http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html

References:

https://issues.apache.org/jira/browse/CLOUDSTACK-2936

Credit:

This issue was identified by Oleg Boytsev from strongserver.org.

The Apache CloudStack project is pleased to announce the 4.1.1 release of the Apache CloudStack cloud orchestration platform.

This is a minor release of the 4.1.0 branch which released on June 5, 2013. The 4.1.1 release contains more than 45 bug fixes. As a bug-fix only release, no new features are included.

Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public and private cloud environments. CloudStack includes an intuitive user interface and rich API for managing the compute, networking, software, and storage resources. The project became an Apache top level project in arch 2013.

More information about Apache CloudStack can be found at: http://cloudstack.apache.org/

Release Notes

The 4.1.1 release includes fixes for a number of issues; including problems with snapshots, fixes to documentation, and more. Please see the Release Notes file for a full list of corrected issues in this release and upgrade instructions.

http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html

The 4.1.1 release also addresses a cross-site scripting (XSS) vulnerability identified by CVE-2013-2136.

Downloads

The official source code release can be downloaded from:

http://cloudstack.apache.org/downloads.html

In addition to the official source code release, individual contributors have also made convenience binaries available on the Apache CloudStack download page.

Welcome back to another exciting issue of the Apache CloudStack Weekly News. This week, we take a look at the progress towards 4.2.0, major discussions on the Apache CloudStack mailing lists, and much more.

Major Discussions

4.2 Release Coding Starting to Wrap-up

With a less than a week left before code freeze for the 4.2 release on 7/29, there is a lot of work still to be done and a lot of bugs that need to be worked out. With this major release many new and existing features need the blocker and critical bugs cleared out as soon as possible. There's been great teamwork in the community. Animesh Chaturvedi points out the work that still needs to be done:

...For the days remaining to code freeze, lets prioritize fixing blockers and critical over majors. As from last week in order to clear up our backlog I request you to help out on aggressively fixing the issues. The unassigned issue list is available at http://s.apache.org/BlH/. When you fix a bug in 4.2 please make sure it is also fixed in master.

The outstanding resolved issues now stand at 492 with 250 blockers and critical still to be verified. As with fixing issues now we need to focus on blockers and critical first.

The detailed bug status is captured below.

BugsThis Week    Last Week    
  Blocker Critical Major Total Blocker Critical Major Total
Incoming 29 48 64 144 31 40 46 120
Outgoing 37 68 51 159 33 38 65 140
Open Unassigned 6 13 149 208 6 46 120 226
Open Total 24 68 239 392 30 84 213 388

The status for features or improvement is depicted in table below

New Features / Improvements Today Last Week
Closed 13 12
Resolved 60 59
In Progress 9 10
Reopened 2 2
Ready To Review 0 0
Open 18 19
Total 102 102
4.1.1 Release Candidate Vote is Now Open

4.1.1 patch release has been in the works for a while now and has quite a few fixes in it since the release of 4.1.0 on June 5th. The release candidate was cut on Monday and the Vote is now open until Saturday. Please provide your testing results and vote.

Bylaws change for Committer and PMC Member Nomination

To make the process of allowing for nomination of Committers and PMC members into the CloudStack community, Chip Childers has started a discussion on changing the bylaws to change the voting process of the PMC Group from a lazy consensus to a majority process. Join in the discussion.

As it stands now, we currently use a "Lazy Consensus" model (yes Noah, I know we didn't define that term correctly as of now, but I think that's a different discussion). We currently have that term defined as:

Lazy Consensus - Lazy consensus requires 3 binding +1 votes and no binding -1 votes.

I'd like to propose that we change the PMC and Committer voting rule to use the Lazy 2/3 Majority approach defined as:

Lazy 2/3 majority votes requires at least 3 binding votes and twice as many binding +1 votes as binding -1 votes.
...

Possibly Ending the IRC Chats

After low attendance in weekly IRC chats, Joe Brockmeier has raised the question about the need for regular IRC chats. IRC chats have been in place for a long time with the community. Make sure to stay involved with the discussion and let your voice be heard.

How Your Coding May Affect Others

Brian Federle noticed when working on the GUI code in Master recently that the tab style had changed. This started a large rebase and merge of the UI code of other developers in the community. While the original commit had the best intention and was committed correctly for 4.3, the review and commit were done within a short time frame and didn't give the community much time to see it and understand the impact. Make sure to communicate and be aware of what impacts your code might have on others working on the same objects as you.

Chip Childers pointed out:

...that sweeping changes like this (or architectural changes as well) are best done early in a release cycle. The challenge we've run into here is that while 4.2 work is proceeding, master is open for 4.3 changes (and there is a preference that if something big is going to come in, nows the time to do it).

New Components in JIRA

To help clarify better on what a bug is all about, and to get it to the right visibility on it, Prasanna Santhanam and Animesh Chaturvedi have added several new component fields in JIRA to help with bug distinction. The new components:

  • Infra - Infrastructure managed by the project - CloudStack - (jenkins, builds, repos, mirrors)
  • SystemVM - SystemVM appliances, images, scripts, ssvm, cpvm
  • Virtual Router - Anything related to the Virtual Router appliance
  • XCP - Xen Cloud Platform
  • UCS - Cisco UCS System
  • Upgrade - Upgrade scripts, process, database

CloudStack Planet

Do You Have One of the Coolest CloudStack Clouds?

Gregg Watkins is doing a video on the Coolest Clouds and is looking for participants. Gregg has already spent most of the summer working with the project putting together videos on CloudStack, the CloudStack Collaboration Conference and is now looking to show case some of the best clouds in the world ran on Apache CloudStack. If you would like to participate please reach out to Gregg on the Dev or User lists.

The last video I plan on making this summer is a short video featuring some
of the coolest clouds and I am hoping you all will help me since we are all
so spread out.

Here is what I am needing to make this project a success: A webcam
interview of you (questions below) and screen casts/capture of your cloud
in action.

Because my fellowship ends August 9th I will need this information by no
later than the 29th of July.

While I appreciate how busy all of you are, I am hoping you can carve a few
moments out of a day this week and complete the questions and capture some
of your cloud. If you need any assistance in either capturing video
interviews or screens please let me know and I can help you.

This project is a great way to get your project some more visibility and I
thank you in advance for any help you can provide. Please let me know if
you have any questions or concerns.
...

Apache Whirr and CloudStack for Big Data in the Clouds

Sebastien Goasguen has a tutorial on his blog about using Apache Whirr with CloudStack. "In this tutorial we introduce Apache Whirr, an application that can be used to define, provision and configure big data solutions on CloudStack based clouds. Whirr automatically starts instances in the cloud and boostrapps hadoop on them. It can also add packages such as Hive, Hbase and Yarn for map-reduce jobs."

Events

New Committers and PMC Members

No new committers or PMC members have been announced in the last newsletter period.