Managing Patching Compliance Using DROWN OpenSSL Vulnerability as an Example

As you have probably noticed by now, the attack on OpenSSL known as DROWN – Decrypting RSA using Obsolete and Weakened eNcryption has recently been discovered. Red Hat Product Security have provided patches for OpenSSL and recommend to apply them to affected systems.

In this post, we will discuss how Red Hat CloudForms and ManageIQ can assist in identifying environments at risk of the DROWN OpenSSL cross-protocol vulnerability. In addition, CloudForms can audit your environments and validate that the patches have been applied.

How can Red Hat CloudForms help?

CloudForms provides a policy based compliance check which can be used to verify software and configuration of servers and validate security requirements. These policies are created as a combination of an event, a condition and an action, and use a scope (usually set to infrastructure or guests) to determine if the policy needs to run. Additional information on using policies can be found in the product documentation: Defining policies and profiles.

Continue reading “Managing Patching Compliance Using DROWN OpenSSL Vulnerability as an Example”

Red Hat Summit OpenStack Management with CloudForms

Here are my slides from Red Hat Summit, its a repeat of the OpenStack Summit presentation with two important things!

  1. The videos are now all up individually on youtube.
  2. It now includes the Heat/Cloudformations orchestration demonstration.

Here are the slides, the videos can be found in links after each relevant slide. Enjoy!

Continue reading “Red Hat Summit OpenStack Management with CloudForms”

OpenStack Summit 2015

Today, Wednesday 20th May 2015 I presented the following deck to OpenStack Summit @ Vancouver. Its all ManageIQ branded, e.g. the upstream to Red Hat CloudForms. The videos have NO audio as I spoke over, if I get the audio sometime I will update! UPDATED…… you can watch the OpenStack show video of the presentation – HERE

Continue reading “OpenStack Summit 2015”

RESTapi – A teach yourself lab!

Here is a lab I put together for a recent event, it was well received and I think it is very valuable to the ManageIQ and CloudForms user bases.

In the lab you will GET and POST RESTapi actions. Its a basic look at some common use cases such as,

  • Query a VM’s hardware inventory.
  • Query the VMS for any who are tagged with “Function/Database”
  • Show the tags on a specific VM
  • Create new Category and Tag in the appliance
  • Assign a Category/Tag to a VM
  • Provision a VM
  • Query the status of the Provision request.

Continue reading “RESTapi – A teach yourself lab!”

CLOUDFORMS 5.3.0 GEM List

Here is the list of GEMs and their info that are included in the CLOUDFORMS 5.3.0 appliance. I thought it would be useful to post, I need this recently for some work I am doing. It was really easy as most things in CLOUDFORMS usually are I simply wrote some ruby to utilise an existing gem called GEMS, that pulls this data from rubygems.org. I wrapped the code in some file open and close, e.g. I dumped the list of gems in the appliance using “gem list > gems.txt” then had my little nugget of code read that in. Here it is.

Continue reading “CLOUDFORMS 5.3.0 GEM List”

Shell-Shock – Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)

UPDATED : Video version of this blog…..found here… http://youtu.be/RDcIIyYK044

So this Shell-Shock stuff is hitting the press quite a bit!

Fncy finding out really quickly if your Red Hat Enterprise Linux 6.5 systems are patched correctly? Even if they are turned off right now? Wow that is clever not even the virtual infrastructure players can do that…I know…its cool. Here it is..

Continue reading “Shell-Shock – Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)”

Placement Profile – Best Fit Cluster using Tags

CloudFORMS has workflows for many different tasks including approval, quotas and placement to name just a few. This blog entry is going to add to the placement category of workflows. A previous post of mine showed how you could place new workloads NOT_NEAR “Workload Placement by Type (Not Near That)” other workloads which I still think is really cool. This placement workflow is quite simple, it matches template tags against cluster tags. Example;

Continue reading “Placement Profile – Best Fit Cluster using Tags”

CloudFORMS CFME on KVM

If you so happen to have the VMware OVF version of CloudFORMs CFME, and you want to convert to run on KVM, this is how.

1. If the OVF is zipped, Unzip the appliance image:

$ unzip evm-v5.1.0.4-r.zip

2. Convert each of the 5 disks from VMDK format to RAW:
$ for i in `seq 1 5`; do qemu-img convert -p evm-v5.1.0.4-r/ovf-disk$i.vmdk disk$i.img; done

Continue reading “CloudFORMS CFME on KVM”

Clone from Template (RHEV)

Enable CloudFORMS to clone a template, and retaining the disk layout. So CloudFORMS currently deploys new virtual machines in RHEV either by PXE or ISO. It does this by cloning a BLANK template and attaching new disks, where a PXE or ISO process will install an operating system. Those from the VMware world and those in Windows land will want to deploy directly from a template a clone, without having to install an operating system, because the template already has it installed in its disk. Reasonable request…. this is how…

Continue reading “Clone from Template (RHEV)”