| <div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><div class="navbar__logo"><img src="/img/navlogo.png" alt="apache-cloudstack" class="themedImage_ToTc themedImage--light_HNdA"><img src="/img/navlogo.png" alt="apache-cloudstack" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate"></b></a></div><div class="navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">About</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/about">About</a></li><li><a class="dropdown__link" href="/history">History</a></li><li><a class="dropdown__link" href="/features">Features</a></li><li><a class="dropdown__link" href="/who">Who We Are</a></li><li><a class="dropdown__link" href="/bylaws">Community Bylaws</a></li><li><a class="dropdown__link" href="/trademark-guidelines">Trademark Guidelines</a></li><li><a class="dropdown__link" href="/security">Security</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Community</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/contribute">Get Involved</a></li><li><a class="dropdown__link" href="/developers">Developer Resources</a></li><li><a class="dropdown__link" href="/mailing-lists">Join Mailing Lists</a></li><li><a href="https://github.com/apache/cloudstack/issues" target="_blank" rel="noopener noreferrer" class="dropdown__link">Issues Tracker<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://join.slack.com/t/apachecloudstack/shared_invite/zt-1u8qwbivp-u16HRI~LWioLmF1G2D3Iyg" target="_blank" rel="noopener noreferrer" class="dropdown__link">Community Slack<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a class="dropdown__link" href="/events">Events and Meetups</a></li><li><a href="https://www.cloudstackcollab.org/" target="_blank" rel="noopener noreferrer" class="dropdown__link">Collab Conference<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Use Cases</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/cloud-builders">Cloud Builders</a></li><li><a class="dropdown__link" href="/kubernetes">Kubernetes</a></li><li><a class="dropdown__link" href="/integrations">Integrations</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Users</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/users">Known Users</a></li><li><a class="dropdown__link" href="/blog/page/blog/tags/case-studies">Case Studies</a></li><li><a href="https://docs.google.com/forms/d/e/1FAIpQLScPHIRetdt-pxPT62IesXMoQUmhQ8ATGKcYZa507mB9uwzn-Q/viewform" target="_blank" rel="noopener noreferrer" class="dropdown__link">Take Survey<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Documentation</a><ul class="dropdown__menu"><li><a href="https://docs.cloudstack.apache.org" target="_blank" rel="noopener noreferrer" class="dropdown__link">CloudStack Documentation<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/Home" target="_blank" rel="noopener noreferrer" class="dropdown__link">Project Wiki<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Books" target="_blank" rel="noopener noreferrer" class="dropdown__link">CloudStack Books<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a class="dropdown__link" href="/api/">API Documentation</a></li></ul></div><a class="navbar__item navbar__link" href="/downloads">Download</a><a class="navbar__item navbar__link" href="/blog">Blog</a><a href="https://github.com/apache/cloudstack" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-github-link" aria-label="GitHub repository"></a><div class="searchBox_ZlJk"><div class="navbar__search searchBarContainer_NW3z"><input placeholder="Search" aria-label="Search" class="navbar__search-input"><div class="loadingRing_RJI3 searchBarLoadingRing_YnHq"><div></div><div></div><div></div><div></div></div><div class="searchHintContainer_Pkmr"><kbd class="searchHint_iIMx">ctrl</kbd><kbd class="searchHint_iIMx">K</kbd></div></div></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">ASF</a><ul class="dropdown__menu"><li><a href="https://www.apache.org/" target="_blank" rel="noopener noreferrer" class="dropdown__link">Foundation</a></li><li><a href="https://www.apache.org/licenses/" target="_blank" rel="noopener noreferrer" class="dropdown__link">License</a></li><li><a href="https://www.apache.org/events/current-event" target="_blank" rel="noopener noreferrer" class="dropdown__link">Events</a></li><li><a href="https://www.apache.org/security/" target="_blank" rel="noopener noreferrer" class="dropdown__link">Security</a></li><li><a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noopener noreferrer" class="dropdown__link">Sponsorship</a></li><li><a href="https://www.apache.org/foundation/policies/privacy.html" target="_blank" rel="noopener noreferrer" class="dropdown__link">Privacy</a></li><li><a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noopener noreferrer" class="dropdown__link">Thanks</a></li></ul></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0"><div class="container margin-vert--lg blog-container"><div class="row"><aside class="col col--3"><nav class="sidebar thin-scrollbar"><div class="sidebarItemTitle margin-bottom--md">CloudStack Blog</div><ul class="sidebarItemList clean-list"><li class="sidebarItem"><a class="sidebarItemLink" href="/blog">All Posts</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/news">News</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/announcement">Announcements</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/roundup">Past Events</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/case-studies">Case Studies & Integrations</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/community">Meet the Community</a></li></ul></nav></aside><main class="col col--7" itemscope="" itemtype="http://schema.org/Blog"><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="UPDATE: mitigation instructions have been improved (don't update openswan) and we forgot to mention rebooting."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/cloudstack_and_the_ghost_glibc">CloudStack and the "Ghost" glibc vulnerability</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2015-01-28T00:00:00.000Z" itemprop="datePublished">January 28, 2015</time></div></header><div class="markdown" itemprop="articleBody"><b>UPDATE: mitigation instructions have been improved (don't update openswan) and we forgot to mention rebooting.</b><br><b>UPDATE: Links to updated System VM templates are now below</b><br><br><p>Yesterday, a buffer overflow vulnerability was announced in glibc that affects most current Linux distributions. In CloudStack, the system VMs contain a vulnerable version of glibc. </p><p>CloudStack community members have built an updated system VM template, which ShapeBlue is hosting at <a href="http://packages.shapeblue.com/systemvmtemplate/" target="_blank" rel="noopener noreferrer">http://packages.shapeblue.com/systemvmtemplate/</a> (More information on the packages at <a href="http://shapeblue.com/packages" target="_blank" rel="noopener noreferrer">http://shapeblue.com/packages</a>). </p><p>For instructions on how to update the SystemVM template in CloudStack, see <a href="http://support.citrix.com/article/CTX200024" target="_blank" rel="noopener noreferrer">here</a>.</p><p>For those who wish to patch their running system VMs, ssh into each one and run:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">apt-mark hold openswan apt-get clean apt-get update && apt-get upgrade</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>After updating glibc, the system will need to be rebooted.</p><p>Information about how to connect to your System VMs is available <a href="https://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.0/html/Admin_Guide/accessing-system-vms.html" target="_blank" rel="noopener noreferrer">here</a>.</p><h2>Other CloudStack-related systems may be affected!</h2><p>Please review security updates from Linux distributions you use on your management server, storage systems, hypervisors, as well as other Linux VMs and bare-metal systems running in your environments. <a href="http://www.cyberciti.biz/faq/cve-2015-0235-patch-ghost-on-debian-ubuntu-fedora-centos-rhel-linux/" target="_blank" rel="noopener noreferrer">This post</a> provides instructions for determining if a system is vulnerable, as well as patching directions for common Linux distributions.</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="The Apache CloudStack project is pleased to announce the 4.3.2 release"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/announce_announcing_apache_cloudstack_4">[ANNOUNCE] Announcing Apache CloudStack 4.3.2</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2015-01-09T00:00:00.000Z" itemprop="datePublished">January 9, 2015</time></div></header><div class="markdown" itemprop="articleBody"><p>The Apache CloudStack project is pleased to announce the 4.3.2 release of the CloudStack cloud orchestration platform. This is a minor release of the 4.3 branch which released on March 25, 2014. The 4.3.2 release contains more than 100 bug fixes since the 4.3.1 release. As a bug fix release, no new features are included in 4.3.2.</p><p>As a minor release it is a simple upgrade from 4.3.0 or 4.3.1 with no architectural changes.</p><p><strong>Documentation</strong></p><p>The 4.3.2 release notes includes full list of corrected issues as well as upgrade instructions from previous versions of Apache CloudStack. Please see the Release Notes for a full list of corrected issues and upgrade instructions.</p><p><a href="http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/" target="_blank" rel="noopener noreferrer">http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/</a></p><p>The official installation, administration and API documentation for each release are available on our Documentation Page.</p><p><a href="http://docs.cloudstack.apache.org/" target="_blank" rel="noopener noreferrer">http://docs.cloudstack.apache.org/</a></p><p><strong>Downloads</strong></p><p>The official source code for the 4.3.2 release can be downloaded from our Downloads Page.</p><p><a href="http://cloudstack.apache.org/downloads.html" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/downloads.html</a></p><p><strong>About Apache CloudStack</strong></p><p>Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public and private cloud environments. CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. The project became an Apache top level project in March 2013.</p><p>For additional marketing or communications information, please contact the marketing mailing list: marketing@cloudstack.apache.org</p><p>To learn how to join and contribute to the Apache CloudStack community please visit our website: <a href="http://cloudstack.apache.org" target="_blank" rel="noopener noreferrer">cloudstack.apache.org</a></p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="CVE-2014-7807: Apache CloudStack unauthenticated LDAP binds"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/cve_2014_7807_apache_cloudstack">[CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-12-08T00:00:00.000Z" itemprop="datePublished">December 8, 2014</time></div></header><div class="markdown" itemprop="articleBody"><p>CVE-2014-7807: Apache CloudStack unauthenticated LDAP binds</p><p>CVSS:<br>7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P</p><p>Vendors:<br>The Apache Software Foundation<br>Citrix, Inc.</p><p>Versions Afffected:<br>Apache CloudStack 4.3, 4.4</p><p>Description:<br>Apache CloudStack may be configured to authenticate LDAP users. When so configured, it performs a simple LDAP bind with the name and password provided by a user. Simple LDAP binds are defined with three mechanisms (RFC 4513): 1) username and password; 2) unauthenticated if only a username is specified; and 3) anonymous if neither username or password is specified. Currently, Apache CloudStack does not check if the password was provided which could allow an attacker to bind as an unauthenticated user.</p><p>Mitigation:<br>Users of Apache CloudStack 4.4 and derivatives should update to the latest version (4.4.2)</p><p>An updated release for Apache CloudStack 4.3.2 is in testing. Until that is released, we recommend following the mitigation below:</p><p>By default, many LDAP servers are not configured to allow unauthenticated binds. If the LDAP server in use allow this behaviour, a potential interim solution would be to consider disabling unauthenticated binds.</p><p>Credit:<br>This issue was identified by the Citrix Security Team.</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Command Line Interface Tool Simplifies Apache CloudStack Configuration and Management"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/the_apache_cloudstack_project_announces1">The Apache CloudStack Project Announces Apache™ CloudMonkey™ v5.3.0</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-11-11T00:00:00.000Z" itemprop="datePublished">November 11, 2014</time></div></header><div class="markdown" itemprop="articleBody"><em><h2>Command Line Interface Tool Simplifies Apache CloudStack Configuration and Management</h2></em><p>11 November 2014 —Apache CloudStack, the mature, turnkey Open Source cloud computing software platform used for creating private, public, and hybrid cloud environments, today announced Apache CloudMonkey v5.3.0, the latest feature release of its command line interface tool.</p><p>CloudMonkey is written in Python, and can be used both as an interactive shell and as a command line tool that simplifies CloudStack configuration and management.</p><p>Apache CloudMonkey v5.3.0 is the latest feature release of the 5.x line that was first released in September 2013. Some of the new features and changes include:</p><ul><li>Unicode support in CloudMonkey;</li><li>Better autocompletion for API arguments, filter arguments and config options;</li><li>Current server profile is displayed on the prompt;</li><li>Changing server profile prints masked values of passwords and keys;</li><li>New command line argument -d for display options such as default, json and table;</li><li>New config option “verifysslcert” that enables/disables SSL certificate checking when making HTTP API calls;</li><li>CloudMonkey outputs without color on terminal in non-interactive mode;</li><li>Better error handling, errors written to stderr and non-zero exit codes in case of error;</li><li>Several bugfixes related to networking, server profiles and unicode string handling</li></ul><p></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="downloadsanddocumentation">Downloads and Documentation<a href="#downloadsanddocumentation" class="hash-link" aria-label="Direct link to Downloads and Documentation" title="Direct link to Downloads and Documentation"></a></h3><p></p><p>The official source code for CloudMonkey v5.3.0 can be downloaded from <a href="http://cloudstack.apache.org/downloads.html" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/downloads.html</a>. A community-maintained distribution is available at the Python Package Index (PyPi) at <a href="http://pypi.python.org/pypi/CloudMonkey/" target="_blank" rel="noopener noreferrer">http://pypi.python.org/pypi/CloudMonkey/</a></p><p>CloudMonkey's usage is documented at <a href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+CloudMonkey+CLI" target="_blank" rel="noopener noreferrer">https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+CloudMonkey+CLI</a>Package documentation can be found at <a href="http://pythonhosted.org/cloudmonkey/" target="_blank" rel="noopener noreferrer">http://pythonhosted.org/cloudmonkey/</a></p><p></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="availabilityandoversight">Availability and Oversight<a href="#availabilityandoversight" class="hash-link" aria-label="Direct link to Availability and Oversight" title="Direct link to Availability and Oversight"></a></h3><p></p><p>As with all Apache products, CloudMonkey is released under the Apache License v2.0, and is overseen by a self-selected team of active contributors to the project. The Apache CloudStack Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases.</p><p></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="aboutapachecloudstack">About Apache CloudStack<a href="#aboutapachecloudstack" class="hash-link" aria-label="Direct link to About Apache CloudStack" title="Direct link to About Apache CloudStack"></a></h3><p></p><p>Apache CloudStack is a mature, turnkey integrated Infrastructure-as-a-Service (IaaS) Open Source software platform that allows users to build feature-rich public and private cloud environments. Hailed by Gartner Group as "a solid product", CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. CloudStack entered the Apache Incubator in April 2012 and became an Apache Top-level Project in March 2013. For downloads, documentation, and ways to become involved with Apache CloudStack, visit <a href="http://cloudstack.apache.org/" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/</a> and <a href="https://twitter.com/CloudStack" target="_blank" rel="noopener noreferrer">https://twitter.com/CloudStack</a></p><h1></h1></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Mature, easy-to-deploy Open Source Cloud computing software platform boasts improved efficiency and performance."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/announcing_apache_cloudstack_v4_4">Announcing Apache™ CloudStack™ v4.4.1</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-10-23T00:00:00.000Z" itemprop="datePublished">October 23, 2014</time></div></header><div class="markdown" itemprop="articleBody"><em><h2>Mature, easy-to-deploy Open Source Cloud computing software platform boasts improved efficiency and performance.</h2></em><p>The Apache CloudStack project announced the immediate availability of Apache CloudStack v4.4.1, the latest version of the turnkey Open Source cloud computing software platform used for creating private-, public-, and hybrid cloud environments.</p><p>Apache CloudStack clouds enable billions of dollars' worth of business transactions annually across their clouds, and its maturity and stability has led it to has become the Open Source platform for many service providers to set up on-demand, elastic public cloud computing services, as well as enterprises and others to set up a private or hybrid cloud for use by their own employees.</p><p>"We are delighted to be releasing version 4.4.1 of Apache CloudStack," said Giles Sirett, member of the Apache CloudStack Project Management Committee. "This latest version of CloudStack reflects months of hard work by our diverse developer community and brings even more features to help our service-provider and enterprise users enhance their cloud platforms. Apache CloudStack continues to grow in both deployments and developer community size, and is the platform of choice for thousands of organisations that need to build IaaS environments quickly and securely with a proven, production-grade, technology."</p><p>Lauded by Gartner Group, CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources.</p><p>CloudStack v4.4.1 reflects dozens of new features and improvements, including:</p><ul><li>Improved Storage Management</li><li>Virtual Private Cloud tiers can now span guest networks across availability zones</li><li>Support for VMware Distributed Resource Scheduler</li><li>Improved Support for Hyper-V Zones, VPC and Storage Migration</li></ul><p>A complete overview of all new enhancements can be found in the project release notes at http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.1/</p><p>CloudStack has been used by thousands of organizations worldwide and is in use/production at Alcatel-Lucent, Autodesk, BT Cloud, China Telecom, DATACAENTER Services, DataPipe, Edmunds.com, Exoscale, GreenQloud, Hokkaido University, IDC Frontier, Ikoula, KDDI, KT/Korea Telecom, LeaseWeb, NTT, Orange, PCextreme, Schuberg Philis, Shopzilla, Slovak Telekom, SunGard AS, Taiwan Mobile, Tata, Trader Media Group, TomTom, University of Melbourne, University of Sao Paolo, Verizon, WebMD and Zynga, among others.</p><p>CloudStack originated at Cloud.com, which was acquired by Citrix in 2011. CloudStack was submitted to the Apache Incubator in April 2012 and graduated as an Apache Software Foundation Top-level Project in March 2013.</p><p></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="availability">Availability<a href="#availability" class="hash-link" aria-label="Direct link to Availability" title="Direct link to Availability"></a></h3><p></p><p>CloudStack v4.4.1 is available immediately as a free download from http://cloudstack.apache.org/downloads.html. Apache CloudStack software is released under the Apache License v2.0.</p><p></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="governanceandoversight">Governance and Oversight<a href="#governanceandoversight" class="hash-link" aria-label="Direct link to Governance and Oversight" title="Direct link to Governance and Oversight"></a></h3><p></p><p>Apache CloudStack is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases.</p><p></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="getinvolved">Get Involved!<a href="#getinvolved" class="hash-link" aria-label="Direct link to Get Involved!" title="Direct link to Get Involved!"></a></h3><p></p><p>Apache CloudStack welcomes contribution and community participation through mailing lists as well as attending face-to-face MeetUps, developer trainings, and user events. Catch CloudStack in action at the CloudStack Collaboration Conference, the official user/developer conference of the Apache CloudStack community, 19-21 November 2014 in Budapest, Hungary @CCCEU14 and <a href="http://cloudstackcollab.org" target="_blank" rel="noopener noreferrer">http://cloudstackcollab.org</a></p><p></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="aboutapachecloudstack">About Apache CloudStack<a href="#aboutapachecloudstack" class="hash-link" aria-label="Direct link to About Apache CloudStack" title="Direct link to About Apache CloudStack"></a></h3><p></p><p>Apache CloudStack is a mature, turnkey integrated Infrastructure-as-a-Service (IaaS) Open Source software platform that allows users to build feature-rich public and private cloud environments. Hailed by Gartner Group as "a solid product", CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. CloudStack entered the Apache Incubator in April 2012 and became an Apache Top-level Project in March 2013. For downloads, documentation, and ways to become involved with Apache CloudStack, visit <a href="http://cloudstack.apache.org/" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/</a> and <a href="https://twitter.com/CloudStack" target="_blank" rel="noopener noreferrer">https://twitter.com/CloudStack</a></p><h1></h1><p>© The Apache Software Foundation. "Apache", "CloudStack", "Apache CloudStack", the Apache CloudStack logo, and the Apache CloudStack Cloud Monkey logo are registered trademarks or trademarks of The Apache Software Foundation. All other brands and trademarks are the property of their respective owners.</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="As previously mentioned, the realhostip.com dynamic DNS service is being retired at the end of September."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/cloudstack_s_realhostip_service_to">CloudStack's realhostip service to retire in less than a week!</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-09-26T00:00:00.000Z" itemprop="datePublished">September 26, 2014</time></div></header><div class="markdown" itemprop="articleBody"><p>As <a href="https://blogs.apache.org/cloudstack/entry/realhostip_service_is_being_retired" target="_blank" rel="noopener noreferrer">previously</a> <a href="https://blogs.apache.org/cloudstack/entry/realhostip_reprieve" target="_blank" rel="noopener noreferrer">mentioned</a>, the realhostip.com dynamic DNS service is being retired at the end of September.</p><p>Citrix is reporting that they are still seeing DNS queries against the domain; Those who have not reconfigured their CloudStack installations will find part of their installations breaking once the realhostip service is retired on September 30th.</p><p>If you are running a version of CloudStack older than 4.3 and you have not reconfigured your installation to not use realhostip.com, please take the time to do so now before users are affected. Instructions are available in the <a href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name" target="_blank" rel="noopener noreferrer">CloudStack Wiki</a> as well as other blogs on the Internet.</p></div><footer class="row docusaurus-mt-lg"></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Command Line Interface Tool Simplifies Apache CloudStack Configuration and Management"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/announcing_apache_cloudmonkey_v5_2">Announcing Apache™ CloudMonkey™ v5.2.0</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-08-28T00:00:00.000Z" itemprop="datePublished">August 28, 2014</time></div></header><div class="markdown" itemprop="articleBody"><em><h2>Command Line Interface Tool Simplifies Apache CloudStack Configuration and Management</h2></em><p>28 August 2014 —Apache CloudStack, the mature, turnkey Open Source cloud computing software platform used for creating private, public, and hybrid cloud environments, today announced Apache CloudMonkey v5.2.0, the latest feature release of its command line interface tool.</p><p>CloudMonkey is written in Python, and can be used both as an interactive shell and as a command line tool that simplifies CloudStack configuration and management.</p><p>Apache CloudMonkey v5.2.0 is the latest feature release of the 5.x line that was first released in September 2013. Some of the new features and changes include:</p><ul><li>Multiple server profiles where users can use CloudMonkey against different CloudStack management servers and switch between them using a profile option;</li><li>A default profile under the section [local] is added with default values;</li><li>Some bugfixes related to network requests, error handling, JSON decoding and shell interactivity;</li><li>Every time 'set' is called, CloudMonkey will write the config and reload config file;</li><li>Configuration options 'protocol', 'host', 'port', 'path' are deprecated now but setting them is still allowed which sets a single "url" option, in the config file the [server] section is deprecated now and CloudMonkey won’t read values from this section anymore but instead read from current server profile;</li><li>Missing key/values are automatically set with defaults by CloudMonkey;</li><li>During installation and upgrades, it will detect the platform to install either pyreadline (Windows) or readline (OSX and Linux);</li></ul><p></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="downloadsanddocumentation">Downloads and Documentation<a href="#downloadsanddocumentation" class="hash-link" aria-label="Direct link to Downloads and Documentation" title="Direct link to Downloads and Documentation"></a></h3><p></p><p>The official source code for CloudMonkey v5.2.0 can be downloaded from <a href="http://cloudstack.apache.org/downloads.html" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/downloads.html</a>. A community-maintained distribution is available at the Python Package Index (PyPi) at <a href="http://pypi.python.org/pypi/CloudMonkey/" target="_blank" rel="noopener noreferrer">http://pypi.python.org/pypi/CloudMonkey/</a></p><p>CloudMonkey's usage is documented at <a href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+CloudMonkey+CLI" target="_blank" rel="noopener noreferrer">https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+CloudMonkey+CLI</a>Package documentation can be found at <a href="http://pythonhosted.org/cloudmonkey/" target="_blank" rel="noopener noreferrer">http://pythonhosted.org/cloudmonkey/</a></p><p></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="availabilityandoversight">Availability and Oversight<a href="#availabilityandoversight" class="hash-link" aria-label="Direct link to Availability and Oversight" title="Direct link to Availability and Oversight"></a></h3><p></p><p>As with all Apache products, CloudMonkey is released under the Apache License v2.0, and is overseen by a self-selected team of active contributors to the project. The Apache CloudStack Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases.</p><p></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="aboutapachecloudstack">About Apache CloudStack<a href="#aboutapachecloudstack" class="hash-link" aria-label="Direct link to About Apache CloudStack" title="Direct link to About Apache CloudStack"></a></h3><p></p><p>Apache CloudStack is a mature, turnkey integrated Infrastructure-as-a-Service (IaaS) Open Source software platform that allows users to build feature-rich public and private cloud environments. Hailed by Gartner Group as "a solid product", CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. CloudStack entered the Apache Incubator in April 2012 and became an Apache Top-level Project in March 2013. For downloads, documentation, and ways to become involved with Apache CloudStack, visit <a href="http://cloudstack.apache.org/" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/</a> and <a href="https://twitter.com/CloudStack" target="_blank" rel="noopener noreferrer">https://twitter.com/CloudStack</a></p><h1></h1></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="As mentioned previously, the realhostip.com dynamic DNS resolver service is being retired this summer. During testing of Apache CloudStack version 4.3, we found a few more issues related to realhostip.com that have been addressed for the 4.4 release."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/realhostip_reprieve">Realhostip Reprieve for CloudStack Users</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-06-06T00:00:00.000Z" itemprop="datePublished">June 6, 2014</time></div></header><div class="markdown" itemprop="articleBody"><p>As mentioned previously, the <a href="https://blogs.apache.org/cloudstack/entry/realhostip_service_is_being_retired" target="_blank" rel="noopener noreferrer">realhostip.com dynamic DNS resolver service is being retired this summer</a>. During testing of Apache CloudStack version 4.3, we found a few more issues related to realhostip.com that have been addressed for the 4.4 release.</p><p>In order to give everybody a reasonable window to update their CloudStack installations to use the updated code, the retirement date for the realhostip.com service has been pushed back to <b>September 30th, 2014</b>. This provides an additional 3 months from the original June 30th date.</p><p>Any questions related to the retirement of the realhostip.com service and it's affect on CloudStack installations should be send to the CloudStack Users or Development mailing lists. Further information about how to subscribe and interact with the mailing lists is available at <a href="https://cloudstack.apache.org/mailing-lists.html" target="_blank" rel="noopener noreferrer">https://cloudstack.apache.org/mailing-lists.html</a>.</p></div><footer class="row docusaurus-mt-lg"></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Update: The email infrastructure is back to normal, although it may take some time for the queued messages to completely flush out of the backlog. See the linked post from the ASF infrastructure team below for more details."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/asf_mailing_list_problems">ASF Mailing List Problems (Update: we are back to normal)</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-05-08T00:00:00.000Z" itemprop="datePublished">May 8, 2014</time></div></header><div class="markdown" itemprop="articleBody"><p><strong>Update:</strong> The email infrastructure is back to normal, although it may take some time for the queued messages to completely flush out of the backlog. See the linked post from the ASF infrastructure team below for more details.</p><p>There are ongoing problems with the ASF's email infrastructure that mean no mail delivery is happening for our project's lists. Please check the <a href="https://blogs.apache.org/infra/entry/mail_outage" target="_blank" rel="noopener noreferrer">official ASF infrastructure blog post</a> and <a href="https://twitter.com/infrabot" target="_blank" rel="noopener noreferrer">twitter feed</a> for updates.</p></div><footer class="row docusaurus-mt-lg"></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="UPDATE 1: The instructions below are incomplete. The proper upgrade command is "apt-get install openssl libssl1.0.0". If you've just updated openssl, please go back and update libssl as well."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/how_to_mitigate_openssl_heartbleed">How to Mitigate OpenSSL HeartBleed Vulnerability in Apache CloudStack</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-04-09T00:00:00.000Z" itemprop="datePublished">April 9, 2014</time></div></header><div class="markdown" itemprop="articleBody"><b>UPDATE 1:</b> The instructions below are incomplete. The proper upgrade command is "apt-get install openssl libssl1.0.0". If you've just updated openssl, please go back and update libssl as well.<br><b>UPDATE 2:</b> Adding instructions for VMWare-hosted System VMs (Thanks to Geoff Higginbottom at ShapeBlue)<br><b>UPDATE 3:</b> Added instructions for verification of correct versions installed<br><b>UPDATE 4:</b> Apache CloudStack 4.0-4.1 not vulnerable, they use older Debian/openssl.<br><p>Earlier this week, a security vulnerability was disclosed in OpenSSL, one of the software libraries that Apache CloudStack uses to encrypt data sent over network connections. As the vulnerability has existed in OpenSSL since early 2012, System VMs in Apache CloudStack versions 4.1.1-4.3 are running software using vulnerable versions of OpenSSL. This includes CloudStack's Virtual Router VMs, Console Proxy VMs, and Secondary Storage VMs.</p><p>We are actively working on creating updated System VM templates for each recent version of Apache CloudStack, and for each of the hypervisor platforms which Apache CloudStack supports. Due to our testing and QA processes, this will take several days. In the meantime, we want to provide our users with a temporary workaround for currently running System VMs.</p><p>If you are running Apache CloudStack 4.0.0-incubating through the recent 4.3 release, the following steps will help ensure the security of your cloud infrastructure until an updated version of the System VM template is available:</p><h2> For KVM/Xen hosted systems</h2><ol><li> As an administrator in the CloudStack web UI, navigate to Infrastructure->System VMs</li><li> For each System VM listed, note the host it is running on, and it’s “Link Local IP address."</li><li> With that data, perform the following steps for each System VM:<ol type="a"><li> ssh into that host as root</li><li> From the host, ssh into the SSVM via it’s link local IP address: (e.g. ssh -i /root/.ssh/id_rsa.cloud -p 3922 169.254.3.33)</li><li> On the System VM, first run "apt-get update"</li><li> Then run apt-get install "openssl libssl1.0.0". If a dialog appears asking to restart programs, accept it’s request.</li><li> Next, for Secondary Storage VMs, run /etc/init.d/apache2 restart</li><li> Log out of the System VM and host server</li></ol></li><li>Back in the CloudStack UI, now navigate to Infrastructure->Virtual Routers. For each VR, host it's running on and it's link local IP address, and then repeat steps a-f above.</li></ol><h2> For VMWare hosted systems</h2><ol><li> As an administrator in the CloudStack web UI, navigate to Infrastructure->System VMs</li><li> For each System VM listed, note it's management IP address</li><li> With that data, perform the following steps for each System VM:</li><li> From the Management Server, ssh to the System VM via it's management IP: (eg ssh -i /var/lib/cloud/management/.ssh/id_rsa -p 3922 root@10.40.50.8)</li><li> On the System VM, first run "apt-get update"</li><li> Then run apt-get install "openssl libssl1.0.0". If a dialog appears asking to restart programs, accept it’s request.</li><li> Next, for Secondary Storage VMs, run /etc/init.d/apache2 restart</li><li> Log out of the System VM</li><li>Back in the CloudStack UI, now navigate to Infrastructure->Virtual Routers. For each VR, host it's running on and it's link local IP address, and then repeat steps a-f above.</li></ol><h2>Verification</h2><p>On each System VM, you can test if it has non-vulnerable openssl packages installed by listing installed packages and looking at the installed versions of openssl and libssl. As in the example below, for a system to be non-vulnerable, the packages need to be at or above version 1.0.1e-2+deb7u6:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">root@v-14-VM:~# dpkg -l|grep ssl ii libssl1.0.0:i386 1.0.1e-2+deb7u6 i386 SSL shared libraries ii openssl 1.0.1e-2+deb7u6 i386 Secure Socket Layer (SSL) binary and related cryptographic tools</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>We realize that for larger installations where System VMs are being actively created and destroyed based on customer demand, this is a very rough stop-gap. The Apache CloudStack security team is actively working on a more permanent fix and will be releasing that to the community as soon as possible.</p><p>For Apache CloudStack installations that secure the web-based user-interface with SSL, these may also be vulnerable to HeartBleed, but that is outside the scope of this blog post. We recommend testing your installation with [1] to determine if you need to patch/upgrade the SSL library used by any web servers (or other SSL-based services) you use.</p><a href="http://filippo.io/Heartbleed/" target="_new" rel="noopener noreferrer">http://filippo.io/Heartbleed/</a></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><nav class="pagination-nav" aria-label="Blog list page navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/blog/page/9"><div class="pagination-nav__label">Newer Entries</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/blog/page/11"><div class="pagination-nav__label">Older Entries</div></a></nav></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://cloudstack.apache.org/" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/ACS_logo_slogan.svg" alt="Apache CloudStack logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/ACS_logo_slogan.svg" alt="Apache CloudStack logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright"> |
