...
- Live and Automatic Patching:
- Once ssh/scp based patching is implemented and there exists internal Java Service/APIs to trigger this; why can't we do this on the fly too for example during minor-release upgrades or upgrades where systemvmtemplate is not upgraded.
- A new script/tool/utility to facilitate live patching (the tool is scp'd to systemvm/VR too).
- It may also be useful to introduce a new live API or extend current API such as upgradeRouterTemplate with a new live=true|false parameter. This can allow root-admins to manually select and live-upgrade their routers without restarting network with cleanup=true.
- Explore automatic upgrade/patching of routers, which can be triggered via some checksum-checks; or simply when restartNetwork is triggered without cleanup (i.e. VR is not destroyed) but with a new parameter to enable/allow live patching of scripts/software.
- Live patching mechanism to explore pre/post patch and validation hooks, ability to restore upon patchingfailure (heal & failsafe)
- If live patching uses ssh, can it be used to patch when upgrade older systemvms/systemvmtemplates and VR:
- ssvm/cpvm: their internal nics, config etc hasn't changed in ages, in general, all it requires is (a) update the jars, (b) update certs incl ca-certificates, (c) updating maybe the JRE and (d) restart the cloud process
- routers: their internal nics order hasn't changed in ages, in general it may require (a) update cloud scripts, (b) restarting all enabled services; however between major ACS versions the userspace software (haproxy, apache, dnsmasq etc) has significantly changes so those may not be guaranteed to work.
- Investigate and explore multi-hop ssh jump to scp payload to VR/systemvms, otherwise continue to use hypervisor-specific patching/scp mechanism.
NOTE:
Amongst several changes made to the systemVM template in terms of the upgrade workflow and patching process, a few things to bear in mind as developer / RMs would be:
- Update parent pom.xml file to point to the latest available version of SystemVM template - https://github.com/apache/cloudstack/blob/main/pom.xml#L52
- Update the compatibility matrix table in the documentation for every release with regards to the livePatch support , i.e., if a new template gets created, live patching would not be relevant for that version - http://docs.cloudstack.apache.org/en/latest/upgrading/upgrade/_sysvm_restart.html?#system-vms-and-virtual-routers