Bug#906263: cloud.debian.org: Cloud images do not boot (KVM) without a video device

2018-08-17 Thread Max Khon 
Thomas,

On Sat, 18 Aug 2018 at 02:56, Thomas Goirand  wrote:

> On 08/16/2018 10:18 AM, Max Khon wrote:
> > Debian 9 cloud images do not boot if a KVM VM does not have a video
> device
> > (OpenStack creates such VMs if remote console is not configured in
> > nova-compute):
> > qemu-system-x86_64 consumes 100% CPU and the VM is not booted.
> >
> > The fix is to uncomment "GRUB_TERMINAL=console" in /etc/default/grub and
> > run "update-grub"
> >
> > Note that Ubuntu cloud images have the following configuration in
> > /etc/default/grub:
> > GRUB_TERMINAL="serial console"
> > GRUB_SERIAL_COMMAND="serial --speed=115200"
>
> Hi Max,
>
> Why would one want to configure OpenStack to not provide a video console
> using VNC / SPICE? I don't get it...


1) OpenStack juju charms by default have VNC/SPICE unconfigured

2) There was no such issue in Debian 8 cloud images. Not to mention Ubuntu
and CentOS

3) Why do we want to have an
image that sometimes does not work - it took
me a while to figure out why Debian 9 is the only image that does not boot
in our private cloud

4) Any serious reasons to be different on this matter to other major Linux
distributions?

Max

Bug#906263: cloud.debian.org: Cloud images do not boot (KVM) without a video device

2018-08-17 Thread Jeremy Stanley 
On 2018-08-17 16:24:21 -0400 (-0400), Jonathan Proulx wrote:
[...]
> Not sure why Max doesn't but one reason is OpenStack's VNC isn't
> really secured except by proxy so if you get bridged into the network
> the hypervisors are on you can connect to the VNC consoles directly on
> the hyprevisor with no auth.
[...]

Not to mention, at least for all the instances I run, a remote
serial console already provides 100% of the features I need to
perform OOB diagnostics in case I screw up boot options, guest
networking, sshd, whatever:

https://docs.openstack.org/nova/queens/admin/remote-console-access.html#serial-console

I can imagine for some deployments, none of the users might
want/need a graphical OOB console for their instances at all so
wouldn't want to incur the overhead (especially securing it, as
Jonathan so notes.)
-- 
Jeremy Stanley

Bug#906263: cloud.debian.org: Cloud images do not boot (KVM) without a video device

2018-08-17 Thread Jonathan Proulx 
On Fri, Aug 17, 2018 at 09:56:28PM +0200, Thomas Goirand wrote:

:Hi Max,
:
:Why would one want to configure OpenStack to not provide a video console
:using VNC / SPICE? I don't get it...

Not sure why Max doesn't but one reason is OpenStack's VNC isn't
really secured except by proxy so if you get bridged into the network
the hypervisors are on you can connect to the VNC consoles directly on
the hyprevisor with no auth.

This may have happened to me before where some insufficient firewall
rules exposed raw VNC ports of some of me VMs to the public internet,
which I discoved after a soemone out side did.

So I can image wanting to run "headless" even though we do still
provide VNC, just a bit more carefully.

-Jon

Bug#906263: cloud.debian.org: Cloud images do not boot (KVM) without a video device

2018-08-17 Thread Thomas Goirand 
On 08/16/2018 10:18 AM, Max Khon wrote:
> Package: cloud.debian.org 
> Severity: normal
> 
> Dear Maintainer,
> 
> Debian 9 cloud images do not boot if a KVM VM does not have a video device
> (OpenStack creates such VMs if remote console is not configured in
> nova-compute):
> qemu-system-x86_64 consumes 100% CPU and the VM is not booted.
> 
> The fix is to uncomment "GRUB_TERMINAL=console" in /etc/default/grub and
> run "update-grub"
> 
> Note that Ubuntu cloud images have the following configuration in
> /etc/default/grub:
> GRUB_TERMINAL="serial console"
> GRUB_SERIAL_COMMAND="serial --speed=115200"

Hi Max,

Why would one want to configure OpenStack to not provide a video console
using VNC / SPICE? I don't get it...

Cheers,

Thomas Goirand (zigo)

Re: Cloud sprint: please do not have it conflict with the OpenStack summit

2018-08-17 Thread Marcin Kulisz 
On 2018-08-14 11:08:35, Thomas Goirand wrote:
> On 08/13/2018 08:37 PM, Jeremy Stanley wrote:
> > On 2018-08-13 16:03:32 + (+), Luca Filipozzi wrote:
> >> On Sat, Aug 11, 2018 at 11:10:57AM +0200, Thomas Goirand wrote:
> >>> Something I forgot to mention at Debconf. The OpenStack summit will be
> >>> held on 13-15 November. 2 years ago, I missed the cloud sprint because I
> >>> was attending the OpenStack summit in Barcelona. If we decide again to
> >>> have a cloud sprint this year, can we please make it so that it's at
> >>> least 1 week and a half away from the OpenStack summit scheduled dates?
> >>
> >> Thanks for letting us know about the OpenStack Summit's dates. I've
> >> revised our request to DO/Google to exclude that week.
> > 
> > I've also talked to the event organizers with the OpenStack
> > Foundation and they could likely accommodate a Debian Cloud Sprint
> > at some of their future events if that's any help. Debian shares a
> > lot of the same ideals with the OpenStack community (even provided
> > fundamental inspiration for many of them), and the OSF sees healthy
> > Debian support on and under cloud infrastructure as a good thing for
> > the whole ecosystem.
> > 
> > It sounds like you've mostly got logistics worked out for this
> > upcoming one, but if you're interested definitely let me know and I
> > can help coordinate. They're telling me they've got available
> > conference rooms and such at a week-long working event coming up in
> > Denver during September; judging from the other thread it seems like
> > that's a lot sooner than would be convenient though.
> > 
> 
> Jeremy,
> 
> Thanks a lot for this initiative. I think it's a wonderful idea indeed.

I agree, it can be interesting.
-- 

|_|0|_|  |
|_|_|0|  "Panta rei" |
|0|0|0|  kuLa    |

gpg --keyserver pgp.mit.edu --recv-keys 0x686930DD58C338B3
3DF1  A4DF  C732  4688  38BC  F121  6869  30DD  58C3  38B3


signature.asc
Description: PGP signature