[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please, provide a fixed Cloud Image URL for Debian

Excerpts from Martinx - ジェームズ's message of 2016-08-10 17:58:05 -0400:
> Guys,
> 
>  When we talk about Cloud Images for OpenStack, both Ubuntu and CentOS
> provides fixed URLs that never changes.
> 
>  This way, we can easily automate Glance to download images by demand, we
> can have new images, without adding new images into glance!
> 
>  Exemplifying:
> 
> 
>  CentOS 6/7 fixed image URL:
> 
>  http://cloud.centos.org/centos/6/images/CentOS-6-x86_64-GenericCloud.qcow2c
>  http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2c
> 
>  Ubuntu 16.04 fixed image URL:
> 
> 
> http://uec-images.ubuntu.com/releases/16.04/release/ubuntu-16.04-server-cloudimg-amd64-disk1.img
> 
> 
>  Then, on Glance, here is how I'm adding those images:
> 
> 
>   - glance image-create --location
> http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2c
> --name "CentOS 7 - 64-bit - Cloud Based Image" --is-public true
> --container-format bare --disk-format qcow2
>   - glance image-create --location
> http://cloud.centos.org/centos/6/images/CentOS-6-x86_64-GenericCloud.qcow2c
> --name "CentOS 6 - 64-bit - Cloud Based Image" --is-public true
> --container-format bare --disk-format qcow2
> 
>  - glance image-create --location
> http://uec-images.ubuntu.com/releases/16.04/release/ubuntu-16.04-server-cloudimg-amd64-disk1.img
> --name "Ubuntu 16.04 LTS - Xenial Xerus - 64-bit - Cloud Based Image"
> --is-public true --container-format bare --disk-format qcow2
>

FYI, you've just told the whole world that all they need to do is
flood your DNS resolver with responses to uec-images.ubuntu.com or
cloud.centos.org, and they can make your Ubuntu and CentOS users run
their own trojaned Ubuntu and CentOS images.

You need to go through the act of downloading, verifying, and uploading
your images. Automation can do that, but in that case, the automation
can also handle Debian's image scheme.

> 
>  I'm using my own Ansible automation to do this:
> 
> 
> https://github.com/sandvine-eng/svauto/blob/dev/ansible/roles/os_glance_images/tasks/main.yml
> 
> 
>  The problem with Debian is that there is no fixed URL! Debian images
> disappears from time to time, which breaks my automation and that "Glance
> download by demand feature", like this:
> 
>  Debian 8.5 image URL:
> 
> 
> 
> http://cdimage.debian.org/cdimage/openstack/8.5.0/debian-8.5.0-openstack-amd64.qcow2
> 
>  This image will be gone, soon as Debian launches 8.6.0!!! This is bad.
> 
> 
>  So, can Debian provides something like this:
> 
> 
> http://cdimage.debian.org/cdimage/openstack/8/debian-8-openstack-amd64.qcow2
> that always points to the latest stable release image of 8 series (Jessie)?
> 
> 
>  For example, this:
> 
>  http://cloud.centos.org/centos/6/images/CentOS-6-x86_64-GenericCloud.qcow2c
> pointed to CentOS 6.7, but now, it is 6.8! Glance will download the new
> image, without any human action.
> 


I think a fixed URL for downloading images of major versions would in
fact be good. But you still need to verify the integrity of that image,
for the internet is dark, and full of terrors.
Reply to: