Re: Providing official virtualisation images of Debian
On Jul 30, 2011, at 10:14, Charles Plessy wrote:
> Le Tue, Jul 26, 2011 at 08:41:06PM -0400, Kyle Moffett a écrit :
>>
>> My current work is here:
>> http://opensource.exmeritus.com/debian-ami/
>>
>> Please report any success or problems!
>
> Dear Kyle,
>
> I am studying debian-installer and your procedure. I see that in you patch for
> network-console, the public keys provided by the user to the instance running
> debian-installer are used not only for d-i's network console, but also copied
> to the AMI in preparation.
That's correct.
For my particular use-case, I needed to support performing one-off installs of
Debian on EC2 for particular service images. I am less interested in supporting
distribution of an "Official Debian Image", and more interested in distributing
an "Official Debian Installer" that lets you build your own custom images.
That's not to say that the former is *bad*, but if you have a reliable official
Debian-Installer then it makes the development of fully-installed images that
much easier.
> I think that this would prevent to share the AMI publicly, as explained in
> http://alestic.com/2011/06/ec2-ami-security (authorized_keys). Others often
> use a rc.local or an init.d script to install user-provided public keys each
> time the instance is ran, like for instance:
> https://github.com/camptocamp/ec2debian-build-ami/blob/master/init.d/ec2-get-credentials
Oh absolutely.
I do have a local script that performs custom service provisioning for our
site-specific configurations as well, plus a few other ancillary helper scripts.
I believe that there are 2 necessary pieces:
(1) Debian-Installer support for running in the EC2 environment and creating
virtual servers from scratch.
(2) A package of scripts and commands to help deal with the quirks of EC2.
Any init scripts should be manually configurable, to disable (for example)
the automatic SSH key download or other similar features.
I've got the first one working, but the second one is still badly needed, as
that is what would make the EC2 images publicly redistributable. Some of the
features should obviously be rebuilt into individual packages; EG: OpenSSH
should support automatically generating SSH host keys during boot, if they don't
exist.
> This is actually one of the reasons why I was wondering if a package containing
> such files would help to progress towards a procedure to create AMIs using
> only material distributed in Debian.
This would be really cool. We have a few helpers that we would happily share.
One in particular that I find extremely useful is an "mkephemeralfs.sh" init
script. It will automatically run "sfdisk" and "mkfs" to create partitions and
filesystems on the ephemeral EC2 data volumes.
Another tool we would contribute is a perl script (written using the Perl module
Net::Amazon::EC2) to identify all of the Amazon EBS volumes associated with a
particular LVM VG and simultaneously snapshot them all. It relies on the tool
"xfs_freeze" (which actually works on all filesystems since 2.6.32), and will
also freeze any other bare partitions sharing the same EBS volumes.
I'll try to get both tools posted as soon as I have time.
Cheers,
Kyle Moffett
Reply to: