Bug#850790: cloud.debian.org: Distribute Debian cloud images to LXD

2017-01-18 Thread Thomas Goirand 
On 01/13/2017 09:02 PM, Jeremy Bicha wrote:
> Ok, well not having openssh-server installed is a bit unexpected for me.
> 
> However, my main issue is with cloud-init being pre-installed. If
> that's in place, I can easily add openssh-server and you can easily
> remove it so it's not as important which is decided. Also, I'd prefer
> to have root disabled from the beginning and log in with an admin user
> account using an SSH key, which I can easily do with cloud-init.

In the OpenStack image, the user is "debian", and that user can "sudo
su" to root (and root is disabled by default). It's the same for Ubuntu
(which uses "ubuntu" as a user, if I'm not mistaking). I expect that we
do the same for all other Debian images.

> I think cloud-init is more or less a standard for a basic Linux server
> image these days.

It's even a standard for Windows too! :)

Cheers,

Thomas Goirand (zigo)

Bug#850790: cloud.debian.org: Distribute Debian cloud images to LXD

2017-01-14 Thread Vincent Ladeuil 
> Eirik Schwenke  writes:

> On Tue, 10 Jan 2017 03:19:45 -0500 Jeremy Bicha  wrote:
>> Package: cloud.debian.org
>> 
>> I have set up LXD to test Ubuntu images. For more info, see Stephane's
>> tutorials from last year. [1]
>> 
>> The standard Ubuntu images are the Ubuntu cloud images. I tried
>> testing a Debian image, but it was too basic to be useful without more
>> work. I expected it to have openssh-server and cloud-init installed.

+1

> Hi,

> as a Debian/LXD user I Don *not* expect a default image to listen on the
> network - especially with Lxd that has an easy to use built-in 
console/shell
> access.

As a tester, I prefer an ssh access out of the box that I can
parametrize with cloud-init.

I prefer to install packages over ssh as in several edge cases,
cloud-init failures to install packages are harder to diagnose than the
ones over ssh.

> That way I can for example install and expose only opensmtpd as a public
> facing mail server, and not worry that any other component (eg openssl)
> allows remote login etc.

We can all have our cake here, cloud-init can be configured to /remove/
packages (via a provided command).

Worst case scenario you can uninstall ssh and cloud-init when you
install and configure opensmtpd.

> For certain deployments it might make sense to expose ssh on a "container"
> or single-service/single-purpose image/vm - but not in general, IMNHO.

In my case, it makes complete sense to be able to configure a container
in a fully automated way but that requires cloud-init and ssh.

And for the record, I did attempt several times to install cloud-init
and ssh on the actual lxd images (last attempt was several weeks ago) to
bootstrap and never achieved full automation :-/

Having cloud-init and ssh in lxd images will make my life better :-)

   Vincent

Bug#850790: cloud.debian.org: Distribute Debian cloud images to LXD

2017-01-13 Thread Jeremy Bicha 
Ok, well not having openssh-server installed is a bit unexpected for me.

However, my main issue is with cloud-init being pre-installed. If
that's in place, I can easily add openssh-server and you can easily
remove it so it's not as important which is decided. Also, I'd prefer
to have root disabled from the beginning and log in with an admin user
account using an SSH key, which I can easily do with cloud-init.

I think cloud-init is more or less a standard for a basic Linux server
image these days.

Note that many of cloud-init's tasks are only run on the first boot.
So installing cloud-init later does not do any good. Instead I have to
configure everything by hand or by script when I already have a
cloud-init config I could have used.

Thanks,
Jeremy Bicha

Bug#850790: cloud.debian.org: Distribute Debian cloud images to LXD

2017-01-10 Thread Eirik Schwenke 
On Tue, 10 Jan 2017 03:19:45 -0500 Jeremy Bicha  wrote:
> Package: cloud.debian.org
> 
> I have set up LXD to test Ubuntu images. For more info, see Stephane's
> tutorials from last year. [1]
> 
> The standard Ubuntu images are the Ubuntu cloud images. I tried
> testing a Debian image, but it was too basic to be useful without more
> work. I expected it to have openssh-server and cloud-init installed.

Hi,

as  a Debian/LXD user I Don *not* expect a default image to listen on the 
network - especially with Lxd that has an easy to use built-in console/shell 
access.

That way I can for example install and expose only opensmtpd as a public facing 
mail server, and not worry that any other component (eg openssl) allows remote 
login etc.

For certain deployments it might make sense to expose ssh on a "container" or 
single-service/single-purpose image/vm - but not in general, IMNHO.

Best regards,

Eirik Schwenke

Bug#850790: cloud.debian.org: Distribute Debian cloud images to LXD

2017-01-10 Thread Jeremy Bicha 
Package: cloud.debian.org

I have set up LXD to test Ubuntu images. For more info, see Stephane's
tutorials from last year. [1]

The standard Ubuntu images are the Ubuntu cloud images. I tried
testing a Debian image, but it was too basic to be useful without more
work. I expected it to have openssh-server and cloud-init installed.

I think it would be good if the official Debian cloud images could be
distributed as the default Debian in the LXD image archive.

Using cloud-init with LXD works like this, assuming you have a
cloud-init-config.yml ready.

$ lxc init images:debian/stretch FOO
$ lxc config set FOO user.user-data - < cloud-init-config.yml
$ lxc start FOO

And if you wanted to see how it works already with Ubuntu, use this
first line instead:
$ lxc init ubuntu:16.04 FOO

[1] https://www.stgraber.org/2016/03/11/lxd-2-0-blog-post-series-012/

Thanks,
Jeremy Bicha