Hello Guido, Iustin, list, We are writing to inform you about our current efforts in developing around Ganeti, and request your feedback and commentary.
For VM deployment, we started with ganeti-instance-debootstrap, and also worked with Ganeti Instance Image. Although they proved very useful in the beginning, we faced the problem of secure, isolated deployment of VMs based on custom, potentially untrusted, images, a problem that you also mention in your XenSummit 2011 talk. To address this, we have developed snf-image http://code.grnet.gr/projects/snf-image/wiki a Ganeti OS provider targetting VM deployment based on custom, untrusted images. Since it's dangerous to have the physical machine touch image data, it follows a split model, whereas a very small part of the OS provider runs on the physical machine, then passes control to a small helper VM, which undertakes all customization, e.g., injection of files, installation of bootloader, or setting hostname and passwords. This overcomes the problem of ganeti-instance-{debootstrap,image} running “chroot grub” on the host, or mounting untrusted filesystems. It's still a work-in-progress, but we have been using it for quite some time to deploy a number of Linux (Fedora, CentOS, Debian, Ubuntu), and Windows (Server 2008R2) images. We're releasing it under the GPL, in the hope that it will prove useful to the Ganeti community, as it has for us. We'd be glad to receive any comments, feedback, suggestions for future improvement you may have. Vangelis
signature.asc
Description: Digital signature