Patch Management for Tenant VMs which is used to update mandatory service for openstack tenant infrastructure

1. Problem Statement & what Are We Trying to Accomplish?

Description of Project:

Most of the Compute VM’s booted & which are running for quite long time needs to be regulated with the mandatory patches for security issues, bug fixes, patch bundles or incorporate new feature.

The approach here is by ideally setting up a local repository by using the standard set of mirrors which can be downloaded & synchronized. When you configure a repository, you’ll want to create it in a partition with sufficient space. It may be helpful to configure a separate partition for your repository, to ensure that there is sufficient space on your system, and to keep updates from crowding out the space required by other services on your server

On the Hosted VM’s checking the available updates or identifying the needed packages & updating the packages accordingly. This can be done by a daily cron job for KVM & ESX VM’s or by patch assistant programs which run’s on regular basis for patch update for windows VM’s.

2. Solution
The solution proposed here is based on per tenant based VM’s. A common issue with Open Stack is failing to set an appropriate patch set of mandatory patches for the already launched instances. But however the new VM instances may have the latest patches. As a result, the VM’s are prone to security & vulnerability issues on the network.
The patch groups are sets of patches from the local repository on the server that are applied to an instance. They are tenant specific, and all the VM’s in the same tenant can have access to it. I mean it will have the same set of patches for the set of VM’s booted in the same tenant.