cts/server.html#cmdoption-openstack-server-create-user-data
[2]
https://docs.openstack.org/nova/2023.1/configuration/config.html#api.dhcp_domain
[3] https://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss
--
Jeremy Stanley
signature.asc
Description: PGP signature
that in
order to be able to use Debian as a virtual machine from some other
operating system.
--
Jeremy Stanley
signature.asc
Description: PGP signature
modules.html#resolv-conf
--
Jeremy Stanley
signature.asc
Description: PGP signature
ilding
is presumably a lot more work involving sensitive things like key
management. But since you're the one volunteering to do it... ;)
Also note that the checksums aren't missing, those are already
available. It's just signatures of the checksums lists which are not
yet.
--
Jeremy Stanley
signatu
currently signatures for those checksums.
Unfortunately, the readme served at
https://cdimage.debian.org/mirror/cdimage/cloud/ suggests otherwise:
"These checksum files are also signed - see SHA512SUMS.sign, etc."
How can we go about adjusting the text there to reflect reality?
--
d in Debian, so
if you did want to follow one of the other suggestions to customize
an image by booting a virtual machine and then imaging the result of
your modifications, that's all doable in a handful of Python
function calls.
--
Jeremy Stanley
signature.asc
Description: PGP signature
other environments expecting to configure IPv6 via
DHCP with the Bullseye cloud images.
--
Jeremy Stanley
ng merely
"somewhat related." That said, you can work around all of it by
supplying cloud-init configuration in userdata. It's not the best
user experience, but I find cloud-init's own defaults a little too
aggressive for my tastes and basically always end up passing
--user-data=cloud
's even
been suggestions to not allow "." in server names at all since some
people apparently see that as a security issue (on very specious
grounds in my opinion, I definitely don't agree that it's a
legitimate risk):
https://launchpad.net/bugs/1888722
--
Jeremy Stanley
signature.asc
Description: PGP signature
n entry to turn
up the network interface with v4 DHCP and no v6 config at all).
--
Jeremy Stanley
signature.asc
Description: PGP signature
es and bridges to handle network.
[...]
It uses a (usually very stripped-down) qemu with KVM to provide
lightweight virtual machines under Kata's container runtime so they
can be treated as containers by orchestrators like Kubernetes while
still having the isolation properties of a VM.
--
Jeremy Stanley
signature.asc
Description: PGP signature
generic ...
[...]
Not to wax pedantic, but OpenStack users would probably still need
the generic images for bare metal instances (OpenStack covers far
more than just virtual machines, that's merely one of the various
sorts of resources it can orchestrate).
--
Jeremy Stanley
signature.asc
Description: PGP signature
the
average user today is probably only going to have an account in a
single provider and/or will otherwise likely be fine with the image
that provider spoon-feeds them, "multi-cloud" is becoming a hot
topic and normal users are turning into power users who will need
similar solutions in
o elucidate)... are you talking about
tab autocompletion of the commands for its CLI or something? If you
just mean it has a CLI, then I don't expect that's particularly
novel. Even OpenStack has one.
https://packages.debian.org/sid/python3-openstackclient
--
Jeremy Stanley
signature.asc
Description: PGP signature
an installer to do that?
How do you perform a fresh installation of other operating systems
these days, if not with an installer and some removeable storage
device? Is that likely to change, and if so how?
--
Jeremy Stanley
signature.asc
Description: PGP signature
ing
polls in OpenStack and other OIF communities).
--
Jeremy Stanley
signature.asc
Description: PGP signature
set Nova to pass a configdrive (and
possibly also explicitly request one at instance creation).
--
Jeremy Stanley
signature.asc
Description: PGP signature
Hopefully this is a typo? Upstream we build Octavia images with
diskimage-builder for testing purposes, and they come in at well
under a gigabyte:
https://tarballs.opendev.org/openstack/octavia/test-images/
Did you mean impossible to save an artifact bigger than 256MB?
--
Jeremy Stanley
sign
a
handful of servers. No idea if this helps, though it might give you
some ideas at least.
--
Jeremy Stanley
signature.asc
Description: PGP signature
uld be responsible for setting up DNS
resolution on server instances from services metadata entries in the
configdrive's network_data.json (or from Nova's metadata service).
I have to wonder if this bug report could be relevant:
https://launchpad.net/bugs/1850310
--
Jeremy Stan
ploads cripple storage networks when lots of compute nodes
try to fetch copies of a new image into their cache all at once. The
bigger the image, the more pronounced the impact from that
thundering herd.
--
Jeremy Stanley
signature.asc
Description: PGP signature
ty of hypervisor environments not just
OpenStack managed ones):
https://cloud.debian.org/images/openstack/current/
Those have arm64 variants as well as amd64.
--
Jeremy Stanley
signature.asc
Description: PGP signature
ing upgrading the other layers.
Also the usual failure mode for this is the middle layer
spontaneously going away, so if you're not also the service
provider, you have little if any insight into the actual problem.
--
Jeremy Stanley
signature.asc
Description: PGP signature
across
multiple service providers and can't guarantee that I can find the
same exact image in each of them. (I'm also not a DCIF user, and
this is probably why.)
--
Jeremy Stanley
signature.asc
Description: PGP signature
.
Works just fine for OpenStack as long as the administrator turns it
on.
https://docs.openstack.org/security-guide/instance-management/security-services-for-instances.html#entropy-to-instances
>
--
Jeremy Stanley
signature.asc
Description: PGP signature
hat risks one accepts when
> using haveged.
While you're at it, defining "fail to boot" would be nice. Just
because sshd won't start, it doesn't necessarily mean the machine
isn't "booted" in some sense, only that maybe you can't log into it
(substitute httpd and inability to browse the Web sites served from
it, or whatever you prefer).
--
Jeremy Stanley
signature.asc
Description: PGP signature
re plenty of legitimate reasons to trunk tagged VLAN traffic
directly into a virtual machine too (for example, a wide variety of
NFV use cases).
--
Jeremy Stanley
signature.asc
Description: PGP signature
..]
Unfortunately, even though there's been some activity on the
Corymbia fork of euca2ools, skimming the commit history and sources
it looks like no work has been done on Py3K support. Worth trying
just to be sure, but I would not get my hopes up.
--
Jeremy Stanley
signature.asc
Description: PGP signature
ove wiki page. I saw Thomas talking to some of those folks in
IRC about it as well, so hopefully we'll get at least a few of them
in the room.
http://lists.openstack.org/pipermail/openstack-discuss/2019-August/008564.html
--
Jeremy Stanley
signature.asc
Description: PGP signature
e to link to... just the organizing thread
here? Something else?
--
Jeremy Stanley
signature.asc
Description: PGP signature
ully it's been a very
long time since I've needed to touch or even care about Windows in
any way), but Samba still ought to be capable of providing an AD
server without all the Windows overhead. Also you can probably do
something similar with FreeIPA.
--
Jeremy Stanley
signature.asc
Descrip
On 2019-08-07 12:32:55 +0200 (+0200), Bastian Blank wrote:
> On Mon, Aug 05, 2019 at 01:33:26PM +0000, Jeremy Stanley wrote:
> > You mentioned Kubernetes (which I haven't really used so have yet to
> > notice), but who else's "current" software encodes checks
nestly curious as I
still only ever see checksums in hexidecimal notation. The
sha512sum(1) manpage makes no mention of having support for
verifying base64-encoded checksums, for example.
There's something to be said for sticking with traditional
standards; newer is not always better.
--
Jeremy Stanley
ect which
other users are quite probably unable to identify and correct on
their own.
--
Jeremy Stanley
signature.asc
Description: PGP signature
nstack/ospurge/tree/README.rst
which can be used by a non-admin service account to clean out all
resources in a project, though that's a bit more of a sledgehammer
approach.
--
Jeremy Stanley
signature.asc
Description: PGP signature
able of just building/uploading their own
images so perhaps this is moot.
[*]
https://docs.openstack.org/cinder/latest/contributor/api_microversion_history.html
--
Jeremy Stanley
signature.asc
Description: PGP signature
emon
installed on my guest instances. OpenStack isn't *just* for
"private cloud" and there are some 75+ different "public cloud"
providers worldwide running OpenStack from which to choose if you're
not a fan of closed/proprietary hosting platforms. Buy local, run
free.
--
Jeremy Stanley
signature.asc
Description: PGP signature
hosting them on services running libre code has been surprisingly
phlegmatic, disappointingly so even given its usual zeal for the
very free and open software Debian itself distributes.
--
Jeremy Stanley
signature.asc
Description: PGP signature
n to having root access on a
serial line or local console with no authentication, but in the case
of virtual machines I just remind myself that if you can't trust the
operators of the environment then you can't trust the workloads you
put there either (much like unmonitored physical access t
st using proprietary platforms simply because they're
popular/convenient. A big part of what defines the Debian community
for me is its ideals when it comes to supporting the free software
movement and the larger open source community as a whole.
--
Jeremy Stanley
signature.asc
Description: PGP signature
mote-console-access.html#serial-console
I can imagine for some deployments, none of the users might
want/need a graphical OOB console for their instances at all so
wouldn't want to incur the overhead (especially securing it, as
Jonathan so notes.)
--
Jeremy Stanley
consistency from one environment to
the next.
--
Jeremy Stanley
signature.asc
Description: PGP signature
On 2017-02-07 17:53:05 +0100 (+0100), Vincent Bernat wrote:
> ❦ 7 février 2017 15:49 GMT, Jeremy Stanley <fu...@yuggoth.org> :
[...]
> > For that matter, "good" (in my opinion) OpenStack service providers
> > hand out relevant network configuration via DHCP/SLA
g at all. ConfigDrive has the
potential downside of being static for the lifetime of the server
instance, while the EC2 metadata service is a horrible SPoF which
you often see overloaded and timing out requests causing instances
to fail to boot entirely.
--
Jeremy Stanley
arious distro images (including Debian images) with
diskimage-builder and uploading them into OVH daily for our own use.
It's been working well for us for quite some time.
--
Jeremy Stanley
the future state of
the mirror and avoid a cutover if it seems to be in a "broken"
state.
No idea if AFS would be an option in your case, but it's working
well for us at a pretty high client volume and update frequency.
--
Jeremy Stanley
ot;nova-agent" source at
https://github.com/rackerlabs/openstack-guest-agents-unix seems to
be Apache-licensed as best I can tell (just not packaged in Debian).
--
Jeremy Stanley
However, it's worth keeping in mind that non-contiguous write
alterations to a mounted image (even if you fstrim afterward) still
negatively impact subsequent compressability.
--
Jeremy Stanley
images on their platform.
[...]
I gather Oracle IaaS is OpenStack-based, so it's entirely possible
existing work for official Debian images which boot in OpenStack
environments could be leveraged (unless they've gone with an unusual
choice for their hypervisor backend).
--
Jeremy Stanley
On 2013-03-30 12:33:25 +0900 (+0900), Charles Plessy wrote:
[...]
This misses Free hardware. Do we distribute packages that are
related to the conception and production of free hardware ?
Absolutely. Debian distributes free software to draw electronic
schematics, lay out printed circuit boards
On 2013-03-18 21:29:17 + (+), Michael Dorrington wrote:
[...]
And I would hope that to be the Debian official position, that of
running a Free Software solution is recommended over a SaaS
solution.
And I dispute the statement about freedom in:
as in depends on if it is a private
51 matches
Mail list logo
