Re: Debian images on Microsoft Azure cloud

2015-11-11 Thread Richard Hartmann 
Without any official hat, I agree with Md that the changes to the
installed packages seem reasonable, as sparse as possible, and driven
by technological necessity.

I would like to see an official list of packages and checksums
(ideally both SHA-512 and SHA 3-512 as compute & storage are cheap and
using two families increases resilience significantly) & size of the
base image and all files in the base install, sent to list and signed
by a DD, though. Putting said base image and signed list into a place
where DSA can safe-guard it long-term would be the cherry on top.
This seems to be reasonable in terms of actual effort and could help
establish a baseline for a published list of known-good system states.

It's also a request which we could reasonably extend to everyone
interested in publishing their images on the respective platforms,
both retroactively and going forward.


Richard

Re: Debian images on Microsoft Azure cloud

2015-11-11 Thread Marcin Kulisz 
On 2015-11-11 12:53:26, Martin Zobel-Helas wrote:

Hello,

> I would suggest we open a seperate thread on the debian-cloud mailing
> list for defining a list of official requirements for all vendors. As
> long as we define the first version of that list i would suggest though
> that those are nice to have for the Azure (and all other) images but
> will not block us from releasing the images.

I just created wiki page[1] where we could put those requirements. It's
simple but should do the job.

1. https://wiki.debian.org/Cloud/Images_requirements
-- 

|_|0|_|  |
|_|_|0| "Heghlu'Meh QaQ jajVam"  |
|0|0|0|  kuLa -  |

gpg --keyserver pgp.mit.edu --recv-keys 0x58C338B3
3DF1 A4DF C732 4688 38BC F121 6869 30DD  58C3 38B3


signature.asc
Description: PGP signature

Re: Debian images on Microsoft Azure cloud

2015-11-11 Thread Marcin Kulisz 
On 2015-11-11 16:11:14, Anders Ingemann wrote:
> > From what I know it's not possible to build and then upload to Marketplace
> AWS
> images.
> 
> You got me thinking :-)
> It *should* actually be possible to bootstrap EBS backed instances locally:
> http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/
> importing-your-volumes-into-amazon-ebs.html
> You can upload EBS snapshots. AWS supports VMDK, VHD and RAW formats!

Yes but then you have to add some additional bits which I'm not so sure is
going to be so easy, but I may be wrong. I never actually got into this step.

> I didn't know that until just now, hence my previous insistence on runniong
> bootstrap-vz in a ec2 environment.
> This is definitely something we could support in bootstrap-vz.

I'm not sure if it's possible but would be great to have it.
-- 

|_|0|_|  |
|_|_|0| "Heghlu'Meh QaQ jajVam"  |
|0|0|0|  kuLa -  |

gpg --keyserver pgp.mit.edu --recv-keys 0x58C338B3
3DF1 A4DF C732 4688 38BC F121 6869 30DD  58C3 38B3


signature.asc
Description: PGP signature

Re: Debian images on Microsoft Azure cloud

2015-11-11 Thread Marcin Kulisz 
n 2015-11-11 14:53:36, Steve McIntyre wrote:

Hi,

> My only concern is that I'd be happier if the builds were created and
> hosted on Debian project machines, like our existing official
> buildsi.

This would be ideal.

> I've been discussing that with other people for other types of
> build. How awkward/difficult would that be?

From what I know it's not possible to build and then upload to Marketplace AWS
images.

There is a way of triggering build of this images on AWS hosts from Debian
infrastructure with bootstrap-vz though.

I know it's not "ideal" but right now I don't know about any other option.
-- 

|_|0|_|  |
|_|_|0| "Heghlu'Meh QaQ jajVam"  |
|0|0|0|  kuLa -  |

gpg --keyserver pgp.mit.edu --recv-keys 0x58C338B3
3DF1 A4DF C732 4688 38BC F121 6869 30DD  58C3 38B3


signature.asc
Description: PGP signature

Re: Debian images on Microsoft Azure cloud

2015-11-11 Thread Richard Hartmann 
On Wed, Nov 11, 2015 at 12:53 PM, Martin Zobel-Helas
 wrote:

> a "find / -exec sha3sum {} \; > logfile.log" should be easily doable.


> I would suggest we open a seperate thread on the debian-cloud mailing
> list for defining a list of official requirements for all vendors.

There's already been some ideas floating around, but consolidating
that makes sense.


> As
> long as we define the first version of that list i would suggest though
> that those are nice to have for the Azure (and all other) images but
> will not block us from releasing the images.

Agreed. Good faith effort on all sides, etc.


Richard

Re: Debian images on Microsoft Azure cloud

2015-11-11 Thread Anders Ingemann 
On Wed, Nov 11, 2015 at 5:02 PM Marcin Kulisz  wrote:

> n 2015-11-11 14:53:36, Steve McIntyre wrote:
>
> Hi,
>
> > My only concern is that I'd be happier if the builds were created and
> > hosted on Debian project machines, like our existing official
> > buildsi.
>
> This would be ideal.
>
> > I've been discussing that with other people for other types of
> > build. How awkward/difficult would that be?
>
> From what I know it's not possible to build and then upload to Marketplace
> AWS
> images.
>
> There is a way of triggering build of this images on AWS hosts from Debian
> infrastructure with bootstrap-vz though.
>
> I know it's not "ideal" but right now I don't know about any other option.
> --
>
> |_|0|_|  |
> |_|_|0| "Heghlu'Meh QaQ jajVam"  |
> |0|0|0|  kuLa -  |
>
> gpg --keyserver pgp.mit.edu --recv-keys 0x58C338B3
> 3DF1 A4DF C732 4688 38BC F121 6869 30DD  58C3 38B3
>

> From what I know it's not possible to build and then upload to
Marketplace AWS
images.

You got me thinking :-)
It *should* actually be possible to bootstrap EBS backed instances locally:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/importing-your-volumes-into-amazon-ebs.html
You can upload EBS snapshots. AWS supports VMDK, VHD and RAW formats!
I didn't know that until just now, hence my previous insistence on runniong
bootstrap-vz in a ec2 environment.
This is definitely something we could support in bootstrap-vz.

p.s.: Explicitly CC'ed Tiago and James to get their attention and input on
this, though maybe it should be in another thread
-- 
Anders Ingemann

Re: Debian images on Microsoft Azure cloud

2015-11-11 Thread Brian Gupta 
On Wed, Nov 11, 2015 at 9:53 AM, Steve McIntyre  wrote:
> On Tue, Nov 10, 2015 at 07:34:04PM +, Martin Zobel-Helas wrote:
>>Hi all,
>
> Hey Martin,
>
>>as announced during DebConf15 and in <55d03d49.1030...@debian.org> and

Cloud Image Guidelines

2015-11-11 Thread Emmanuel Kasper 
Hi

I would like to remind the existence of

https://wiki.debian.org/Teams/DPL/OfficialImages

from 2013, which is a summup from a discussion from this list IIRC.

Emmanuel

Re: Debian images on Microsoft Azure cloud

2015-11-11 Thread Vincent Bernat 
 ❦ 11 novembre 2015 17:49 GMT, Marcin Kulisz  :

>> I would suggest we open a seperate thread on the debian-cloud mailing
>> list for defining a list of official requirements for all vendors. As
>> long as we define the first version of that list i would suggest though
>> that those are nice to have for the Azure (and all other) images but
>> will not block us from releasing the images.
>
> I just created wiki page[1] where we could put those requirements. It's
> simple but should do the job.
>
> 1. https://wiki.debian.org/Cloud/Images_requirements

Currently, both the Openstack images and the image built for Azure are
using extlinux instead of Grub. I think this is mostly due to a personal
preference from Zigo. extlinux works fine but this is a deviation of
what a user would expect of a regular Debian installation.

Should cloud images be allowed to change the bootloader?
-- 
Don't patch bad code - rewrite it.
- The Elements of Programming Style (Kernighan & Plauger)


signature.asc
Description: PGP signature