So I am a long time user of EC2 (since 2008), and wanted to give some feedback on some of the questions being raised, and some additional thoughts. Please forgive me if I missed any emails in the threads:
1) default user. There is no standard across distros. For example: Ubuntu -> ubuntu RHEL -> root (violates the Amazon recommendation, but follows RHEL standards) Amazon Linux (CentOS based) -> ec2-user I like "debian" as initially proposed. (This user needs to accept and install the ssh public key handed by Amazon API as part of spinup process, and of course password login should be disabled) 2) Retention of AMIs. Generally there is an expectation that "Official" Public AMIs will not go away, as people bake these things into highly automated infrastructures. I see we are discussing a purging policy, I would be very careful here. (One should stop advertising the depricated AMIs, but generally they should be kept available for those users that have them baked into their automation.) 3) Very happy to see cloud-init support being added to Debian 4) Are we going to be adding the ec2 cli tools to the AMIs? or at least packaging them to make it easier to install? A full list with locations can be found here: http://alestic.com/2012/09/aws-command-line-tools 5) Same question for the cfn-helper tools? (Cloudformation helper) Currently I install like so, but packaging it and baking it into the AMI would be great: apt-get -y install python-setuptools easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-1.0-6.tar.gz 6) Now that EC2 supports overriding the default root EBS volume size, doing a conditional resize2fs upon boot is incredibly useful. 7) So in addition to 32 bit EBS and 64 bit EBS we are going to want to maintain a number of other permutations in each region. Full list: - 32-bit instance store - 64-bit instance store - 32-bit PVM EBS - 64-bit PVM EBS - 64-bit HVM EBS (For cluster nodes, which are currently only available in us-east) 8) AWS services change during the life of a stable release, I believe we are going to have to consider how to allow some EC2 specific packages to get updated beyond just security patches. 9) Not sure I understand the security issue that required the AMIs to be pulled. Is there an explanation somewhere that I missed? 10) Gonna take a little while to get this right.. Please don't rush to label them as "Official", as once you do, you lose quite a bit of flexibility when it comes to users' expectations. 11) At some point, we may want to consider running repos inside of the AWS cloud. If I have time I'll try to do some testing this weekend. (No promises.) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/cacfairwn8wmhpbaagyh4jfzjlm9qjqyxdzsjdj9s_hnn_sg...@mail.gmail.com
