cloudstack-users-cn mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject realhostip将于2014年6月30日停止使用,cloudstack 4.3以下版本将受影响
Date Wed, 28 May 2014 09:18:49 GMT
Recently the Apache CloudStack PMC was informed that the Dynamic DNS service that CloudStack currently uses as
part of the console proxy will be disbanded this summer. The
realhostip service will be shut down June 30th, 2014, meaning users
have approximately 3 months to mitigate this.

Prior to version 4.3, CloudStack used the service by
default. With the release of CloudStack version 4.3 the default
communication method with the console proxy is plaintext HTTP.

Who is Affected

CloudStack installations prior to version 4.3 that have not been
reconfigured to use a DNS domain other than for Console
Proxy or Secondary Storage must make changes to continue functioning
past June 30th, 2014.

Steps You Need to Take

If you meet the criteria above, there are several options to prepare
for realhostip retirement:

Set up wildcard SSL certificate and DNS entries: This method is
already well supported within prior versions of CloudStack.
Upgrade to CloudStack 4.3 and disable SSL: This is only recommended
for development installations, or private clouds that contain no
information of importance.
Upgrade to CloudStack 4.3, set up static SSL certificate and configure
load balancer to point to the correct IP address: While this allows an
administrator to skip setting up the DNS entries from the previous
option, it is a more advanced option as CloudStack 4.3 does not
support automatic load balancer configuration for the Console Proxy.
It is hoped this functionality will be available in future releases.

For instructions on how to set up SSL encryption for use with
CloudStack console proxy, please read the console proxy section of the
CloudStack administration guide.

Additionally, if you will be using an SSL vendor who requires an
intermediate CA chain to be installed for proper SSL validation by web
browsers, detailed instructions for configuring the intermediate CA
chain in CloudStack can be found here.

The Apache CloudStack security team does not recommend running a
production cloud with either the SSL certificate, or
with no SSL encryption at all.

白清杰 (Born Bai)



View raw message