[bitfolk] Reboots will be necessary to address security issu…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
Andy Smith at ->
Author: Andy Smith
Date:  
To: announce
Subject: [bitfolk] Reboots will be necessary to address security issues, probably early hours 24+25 August 2021

Reply to this message
gpg: Signature made Thu Aug 12 15:26:20 2021 UTC
gpg: using DSA key 0E4236CB52951E14536066222099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hello,

Unfortunately some serious security bugs have been discovered in the
Xen hypervisor and fixes for these have now been pre-disclosed, with
an embargo that ends at 1200Z on 25 August 2021.

As a result we will need to apply these fixes and reboot everything
before that time. We are likely to do this in the early hours of the
morning UK time, on Tuesday 24 and Wednesday 25 August.

In the next few days individual emails will be sent out confirming
to you which hour long maintenance window your services are in. The
times will be in UTC; please note that UK is currently observing
daylight savings and as such is currently at UTC+1.

We expect the work to take between 15 and 45 minutes per bare metal
host. We are going to take the opportunity to complete upgrading the
kernel and hypervisor on some of the hosts that haven't had that
done yet, which is why the work may take a few minutes more for some
hosts.

There are two hosts left that we are trying to migrate customers off
of ("hen" and "paradox"). That was supposed to be done by now but
that effort has been hampered by the other issues we've been having
and is dragging on. We don't intend to patch or reboot those two
hosts, instead mitigating issues with configuration and renewing
efforts to clear customers off of them. If you are concerned about
that we will be happy to move your service as a priority.

If you have opted in to suspend and restore¹ then your VM will be
suspended to storage and restored again after the host it is on is
rebooted. Otherwise your VM will be cleanly shut down and booted
again later.

If you cannot tolerate the downtime then please contact
support@???. We will be able to migrate² you to
already-patched hardware before the regular maintenance starts, at a
time of your choosing. You can expect a few tens of seconds of
pausing in that case. This process uses suspend&restore so has the
same caveats.

Thanks,
Andy

¹ https://tools.bitfolk.com/wiki/Suspend_and_restore

² https://tools.bitfolk.com/wiki/Suspend_and_restore#Migration

--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce@???
https://lists.bitfolk.com/mailman/listinfo/announce
This message was posted to the following mailing lists:
announce
Mailing List Info | Nearby Messages		<-[bitfolk] 2021-07-19 ~19:30Z - ~20:45Z: Emergency reboot of server "limoncello"Re: [bitfolk] Reboots will be necessary to address security issues, probably early hours 24+25 August 2021->
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] Routing issues?Re: [bitfolk] Reboots will be necessary to address security issues, probably early hours 24+25 August 2021->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)