Please contact your support team if you have a question or need assistance for any Rackspace products, services, or articles.
Rackspace was notified of a host level security vulnerability that affects a portion of our Cloud Servers fleet. We will patch and reboot the portion of our infrastructure that is impacted by thisvulnerability. Where possible, we will Live Migrate customer instances to patched infrastructure to reduce the impact of this maintenance on your environment. In some cases, Live Migration is not an option - these customer instances will be impacted during the patch and reboot process. If you have a Cloud Server instance that requires a reboot, you will receive a ticket with the specific date and time that your instance will be rebooted.
As more information is available, we will share with you via this post and in direct customer communication as appropriate.
A: First Generation and Next Generation Cloud Servers, as well as Cloud Big Data, are affected by this vulnerability. No other Rackspace products or services, including OnMetal servers, are impacted.
A: We are leveraging a variety of techniques to resolve this vulnerability. Our preference is to Live Migrate Cloud Server Instances, making this completely seamless to customers and avoiding disruption. However, some servers must be rebooted to apply the patch. If the host on which your Cloud Server resides requires a reboot, you will receive a separate ticket notification with a specific date and time when the reboot will be performed.
A: If we determine an instances is unable to be Live Migrated and the host machine needs to be rebooted, we will send a ticket to inform you of the maintenance window. Your control panel will be updated to reflect this window within a few hours of receiving the ticket.
A: We do have live migration capabilities in portions of our fleet, and will utilize this functionality to move instances to patched host machines throughout the maintenance period. If your cloud server is live migrated to a remediated host, a reboot of your instance will not be required.
A: Our engineering teams have been focused on evaluating the Xen vulnerability, as well as creating and testing patches. We are now beginning to patch empty hosts. Depending on region and flavor class, the amount of patched host capacity may be limited. While it is possible for a newly created cloud server to land on a patched host, we do not have sufficient capacity to guarantee this for all builds.
A: No. Although you can reboot your cloud server at any time, the security patches that must be applied require a reboot of the underlying host to take effect. Rebooting your cloud server early will not allow you to avoid the scheduled host reboot.
A: No. You should not experience any down time as part of a Live Migration. The Live Migration process is a seamless experience for moving instances between host machines. We have completed thousands of Live Migrations since bringing this feature to our cloud, including moving instances between geographically diverse facilities without interruptions in connectivity. When live migrated, instances should experience only a minor blip in connectivity that, in our testing, typically lasts less than one second.
A: We are not able to provide the specific start time of the Live Migration of individual cloud server.
A: A number of factors can influence the duration of a Live Migration. Due to the diversity of customer environments and the elastic nature of cloud infrastructure, we are unable to provide a per-instance estimate of the duration of the Live Migration process.
A: Live Migrations are designed to allow us to migrate customer instances between hosts without noticeable impact to operability. During the live migration process, instances might experience a few seconds of packet loss in the instant that we switch from old host to new host. As a result, we will notify impacted customers only when Live Migration of a particular instance is unsuccessful.
A: No. All attributes associated with your cloud server will remain the same, including your IP address.
A: All updates made to your server during the Live Migration process will persist throughout the migration. Live Migrate does not require that you halt any processes, including the modification of data.
A: We have provided several different methods to determine when your instance reboot is scheduled.
Cloud Control Panel The Cloud Servers list in our Cloud Control Panel (https://mycloud.rackspace.com) will display a visual indicator next to each server that is affected by an upcoming reboot. The same details are available for each individual server on the Cloud Servers detail page. If you create a new Cloud Server, it is possible that it will be placed on a host machine that still requires maintenance. If so, you will see the visual indicator for the reboot window appear within 30 minutes of the build completion.
A CSV export of all Cloud Servers with pending reboots can be downloaded from the Cloud Servers list. Only those servers shown in the Cloud Servers list will be included in the CSV so, if needed, adjust your region selector to include all regions in which you have servers prior to downloading the CSV. Note: The CSV download is not available to Internet Explorer users at this time. The visual indicator notification will be removed from each server following a successful reboot of the host machine during the maintenance window.
First and Next Gen Cloud Servers APIs The reboot window for each Cloud Server affected by this maintenance is populated in the server metadata under a key named "rax:reboot_window". The metadata value is a semi-colon separated set of timestamps, representing the start and end of the server's maintenance window in UTC. For example, a reboot window of 02:00 to 04:00 UTC on March 1st would be represented as: - Key: rax:reboot_window - Value: 2015-03-01T02:00:00Z;2015-03-01T04:00:00Z If you create a new Cloud Server, it is possible that it will be placed on a host machine that still requires maintenance. If so, you will see a visual indicator of the reboot window appear within 30 minutes of the build completion. The metadata key and value will be removed from each server following a successful reboot of the host machine during the maintenance window.
Command Line Tool
We have created a cross-platform command line tool that can be used to retrieve the reboot window(s) for all of your Cloud Servers and optionally generate a CSV file. Additional details are available in the README file of the GitHub repository.
We have successfully completed the maintenance effort associated with this vulnerability. In some cases, we were able to patch hosts without impacting those customers who may have received a ticket notifying of a scheduled reboot.
To date, we’ve learned of no data compromise among Rackspace customers. We apologize for any inconvenience that you may have experienced.
If you notice any issues with your Cloud Server, or if you determine that there is an issue with the applications or services running on your Cloud Server, please contact your Fanatical Support Team.
The Rackspace Community (“Community”) is provided “AS IS” without warranty of any kind. The information on the Community sites is created by members of the Community and is intended for reference and general discussions only. Although some of the content may contain information provided by Rackspace employees, it does not represent an assessment of a particular customer environment or an assessment of any specific compliance with laws or regulations or constitute advice. We recommend that you engage additional expertise in order to further evaluate applicable requirements for your specific environment. For customer specific support issues please contact your Rackspace Support Team.READ MORE
RACKSPACE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THE RACKSPACE OPEN CLOUD COMMUNITY SITE. RACKSPACE RESERVES THE RIGHT TO DISCONTINUE OR MAKE CHANGES TO ITS SERVICES OFFERINGS AND SPECIFICATIONS AT ANY TIME WITHOUT NOTICE. USERS MUST TAKE FULL RESPONSIBILITY FOR APPLICATION OF ANY SERVICES AND/OR PROCESSES MENTIONED IN ANY COMMUNITY DISCUSSIONS. EXCEPT AS SET FORTH IN RACKSPACE GENERAL TERMS AND CONDITIONS, CLOUD TERMS OF SERVICE AND/OR OTHER AGREEMENT YOU SIGN WITH RACKSPACE, RACKSPACE ASSUMES NO LIABILITY WHATSOEVER, AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO ITS SERVICES INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.
ALTHOUGH PART OF THE COMMUNITY GENERATED CONTENT MAY EXPLAIN HOW RACKSPACE SERVICES MAY WORK WITH THIRD PARTY PRODUCTS, THE INFORMATION CONTAINED IN THE COMMUNITY DISCUSSIONS IS NOT DESIGNED TO WORK WITH ALL SCENARIOS. ANY USE OR CHANGES TO THIRD PARTY PRODUCTS AND/OR CONFIGURATIONS SHOULD BE MADE AT THE DISCRETION OF YOUR ADMINISTRATORS AND SUBJECT TO THE APPLICABLE TERMS AND CONDITIONS OF SUCH THIRD PARTY. EVEN THOUGH RACKSPACE EMPLOYEES MAY PARTICIPATE IN THE COMMUNITY DISCUSSIONS, RACKSPACE DOES NOT PROVIDE TECHNICAL SUPPORT FOR THIRD PARTY PRODUCTS, OTHER THAN SPECIFIED IN YOUR HOSTING SERVICES AGREEMENT YOU HAVE SIGNED WITH RACKSPACE AND RACKSPACE ACCEPTS NO RESPONSIBILITY FOR THIRD-PARTY PRODUCTS.READ LESS