Re: Trying to find the new AMIs is pretty impossible if you don't know where to look.
On Wed, Nov 21, 2012 at 10:08 AM, James Bromberger <james@rcpt.to> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 21/11/2012 5:15 PM, Stefano Zacchiroli wrote:
>> On Wed, Nov 21, 2012 at 07:43:51PM +1100, Chris Fordham wrote:
>>> Please make this information public e.g. on the wiki so users can
>>> understand the agreement between a FOSS and commercial entity.
>>
>> FWIW, everything has been mentioned publicly on this list already. But
>> sure enough there's a need to advertise the information more clearly on
>> official places, such as the Debian website (hence my mention of work in
>> progress on that front in my previous mail...).
>>
>
>
> Hello all,
First let me thank you for all the work you have been doing to make
this happen!!
> Sorry for my delay in catching up - its rather hectic at work on various
> fronts -- none the least of which was, amongst all this work of generating
> images, testing, fixing generation issues, and repeating, we had a rather
> intense week with a new Region launch in Australia last week - some of you
> may have seen a very timely patch to the ec2debian-build-ami and a set of
> Images in that region very quickly afterwards!
>
>
> I'm still wading through some threads, so I apologise if I am missing some
> pieces. But I wanted to ping out some of the questions I've seen raised.
> Most of this is already answered on the wiki.
>
>
> The images themselves were generated by Debian Developers (me), in an AWS
> account for Debian Developers (I will add login accounts for any DD -
> contact me), with the charges for that account being absorbed by Amazon. The
> script used to generate these images is under a DSFG compliant license. The
> script now uses the Eucalyptus tools, which is also DFSG compliant.
>
>
> The final images I generated were made 'public' to all AWS customers. A
> separate team - the Amazon Marketplace team, then duplicated this final
> image into their AWS account, and redistributed this to all AWS Regions
> world-wide. They have done the same for numerous Open Source operating
> system projects recently. In addition, I will push a copy of the snapshot
> public for anyone to inspect. As someone pointed out, a dd of a block device
> may expose deleted data - that was the security issue that we had with the
> first generated image (now destroyed, along with the key that was used); see
> commits under https://github.com/andsens/ec2debian-build-ami/commits/master
> that talk about 'shred'.
So is the "final" master image used, is that going to remain "public",
and is there any plan to replicate it to all regions? I ask because
even though I am now thinking (based on online and offline feedback
from a number of people), that having Marketplace AMIs is a good
thing, I also think at some point we should also maintain a parallel
set of (also Official) "community AMIs", that one can access without
jumping through any technical hoops. (Perhaps this is tied into the
"Quick start" AMI exploration?)
> The issue of finding images: I am working on further improvements to this;
> please see the current listing as a phase 1. The Quick Start that Stefano
> raised - that is my hope, it may take some time, as I have to talk with a
> load of people. All the while, more testing on the images for those able to,
> feedback welcome (even if its minor we can start to think about it for the
> net point release, or Wheezy).
>
>
> You're quite correct that searching for "Debian" finds a number of AMIs - as
> many people have built images in AWS on top of Debian, and they are pleased
> enough to include the Debian name in their creations. This does make it a
> little noisy, something I am aware of, and I am looking to see what may be
> done to improve upon this further by working with the various teams at AWS.
I suspect this is resolvable, as at least one other distro, has their
official AMIs show up at the top of their search results compared to
any third party appliances.
> One last point that may not yet have been noticed is the CloudFormation
> template as a way of launching these AMIs easily in AWS. CloudFormation
> templates are a way you can start an entire environment quickly across a set
> of resources, none the least of which is an EC2 instance from a given AMI,
> in a given Region. To that end, I have generated a CF template here:
>
> http://wiki.debian.org/Cloud/AmazonEC2Image/Squeeze#CFTemplate
>
> (however, this is an editible wiki, so please confirm your AMI IDs match
> those on the AWS Marketplace to be sure; see the end of this email, and
> verify my GPG signature).
Two thoughts here:
1) Thank you!! I have some minor questions, I'll ask in a separate thread.
2) Do we want to consider using an official git repo for things like
this? (I'm not really thinking it makes sense to package it at this
point though.)
> For those that asked about the agreement with the AWS marketplace team, a
> copy of which is here:
> http://wiki.debian.org/Cloud/AmazonEC2Image/Marketplace/Terms%20and%20Conditions
>
>
>
> Having read all of these pages, let me reiterate:
>
> * Debian has not paid any money for this
> * Debian is not collecting any money for this
> * Amazon is incurring all charges
> * Publishing AMIs here is enabling potential new users to discover Debian,
> and giving a (potentially) trusted image
> * All work to generate this is done with Free Software
> * All work within the account to generate has been done by Debian Developer,
> in concert with Anders Ingemann as maintainer the ec2debian-build-ami
> scripts.
> * The ec2debian-build-ami script is now being packaged, and hopefully
> someone here can sponsor its upload (well done Marcin)
> * The cloud-init package is currently needing help; contact Charles PLessy
> * This image requires you to SSH as 'admin',and "sudo -i" to root. I'm just
> sayin', cause people are missing it.
> * The image will require apt-get update before you can install anything
> * I endeavour to create new point releases with any other DD who wants to
> help, and with Anders invaluable assistance we'll support generating Wheezy
> images RSN (someone say 'freeze'?)
> * DD Yasuhiro Araki in Tokyo, also working at AWS, is looking to generate
> HSM images in addition to the Para-virtualisation (PVM) ones we have just
> made; contributions welcome.
>
> Lastly, thanks everyone for gathering on this list, and for the input we've
> had. Its been pretty quick, but its great that we've managed to get there.
> As always, thanks to Anders, Charles, and Stefano, and various others within
> AWS who have assisted.
>
> Sincerely,
>
> James
>
> (Yes, another night and I haven't managed to dump the final snapshots to the
> bucket, just too much going on, and wanted to get this out to people)
>
> PS: CloudFormation template follows for Debian 6.0.6 AMIs generated on
> 19/Nov/2012 (note Sydney/ap-southeast-2 is missing as AWS Marketplace is not
> available there yet).
>
>
> {
> "Parameters" : {
> "KeyName" : {
> "Description" : "SSH Key Name",
> "Type" : "String",
> "Default" : "My-Key"
> },
> "MyInstanceSize": {
> "Description": "Instance size",
> "Type": "String",
> "Default" : "t1.micro"
> },
> "MyInstanceName": {
> "Description": "Instance name",
> "Type": "String"
> }
> },
> "Mappings" : {
> "Debian606" : {
> "us-east-1" : { "32" : "ami-a121a6c8", "64" :
> "ami-4d20a724"},
> "us-west-1" : { "32" : "ami-e4da52d4", "64" :
> "ami-ecda52dc"},
> "us-west-2" : { "32" : "ami-2c735269", "64" :
> "ami-36735273"},
> "us-gov-west-1" : { "32" : "", "64" : ""},
> "eu-west-1" : { "32" : "ami-75cdcf01", "64" :
> "ami-7fcdcf0b"},
> "ap-southeast-1" : { "32" : "ami-947d3ec6", "64" :
> "ami-867d3ed4"},
> "ap-southeast-2" : { "32" : "", "64" : ""},
> "ap-northeast-1" : { "32" : "ami-a650e9a7", "64" :
> "ami-be50e9bf"},
> "sa-east-1" : { "32" : "ami-0689511b", "64" :
> "ami-0289511f"},
> },
> "release" : {
> "stable" : { "squeeze" : "Debian606" }
> }
> },
> "Resources" : {
> "MyInstance" : {
> "Type" : "AWS::EC2::Instance",
> "Properties" : {
> "SecurityGroups" : [ { "Ref" :
> "MySecurityGroup" } ],
> "KeyName" : { "Ref": "KeyName" },
> "Tags" : [{"Key": "Name", "Value": {"Ref" :
> "MyInstanceName"} } ],
> "ImageId" : { "Fn::FindInMap" : [
> "Debian606", { "Ref" : "AWS::Region" }, "64" ]},
> "InstanceType" : { "Ref" : "MyInstanceSize"
> },
> "UserData" : { "Fn::Base64" : "" }
> }
> },
> "MySecurityGroup" : {
> "Type" : "AWS::EC2::SecurityGroup",
> "Properties" : {
> "GroupDescription" : "Permit inbound SSH",
> "SecurityGroupIngress" : [
> {
> "IpProtocol" : "tcp",
> "FromPort" : "22",
> "ToPort" : "22",
> "CidrIp" : "0.0.0.0/0"
> }
> ]
> }
> }
> }
>
>
> - --
> /Mobile:/ +61 422 166 708, /Email:/ james_AT_rcpt.to
> PLUG President 2012: http://www.plug.org.au <http//www.plug.org.au>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>
> iQIcBAEBAgAGBQJQrO5pAAoJEK7IKHSdhcU8Q4UP/RiYrNByIZe6bFoa7YgcmkYl
> whizJJmWprrHOhsdzmp2gQG8rqnBsj6bDfrEPKNz1MlmysItJSU9r71oAT88xA6D
> ZdjDc7119//yehT7YsLTmiK2r5qMOPsJARwmkGvo+dQQKf+vEvjKHYpciDlg4B2y
> G2fUkjIVWGQINLsOIeTkex39w512O5BvsGDkAJz7Cm6Q+NmEqH7nILcXyYgWoy4D
> 1sXznaqKiGgf8JHITIvtG7JeHPUYmxSR4I8hDRgRwnZ1e2UJ/HHWwMqQlkD1XJWd
> 2aKeuH7UZxFV+nbfa1767lLrerwPwCwwTCcRDwtSmQE4wrsHm6fcaerE4wV3pGiO
> 3E6cUpyI+M65/4JnDLq/GCUIQqLBb6d25BOw9OFeh9BQX5mpuv/TAxqt6PvW+pjw
> um1f47H4D/+mMivfCKpAz+LaIBnobf3EevPZix7BkNJk728odZgGcf0iUwDSlUfB
> ksOg1o9SCImcVl3wZi0KN1SzajQ2wdhyU7zWuYC2Y4+DxZRhod36pJM+/YtGtCxG
> s7SLBS8N3/tzR8ipwnib8oU+hcth3MdpnxwLsWgzo/dSiFuqFuKsGYkljds3/DsE
> dQ3NakPBzDKyI53iiCHRy39f9qIRWFqNDZ2agaxvvFtN6ONV9Tt56VcMwxyhvvPk
> /iZnz61LWstX/Vp4PvZd
> =1r9+
> -----END PGP SIGNATURE-----
>
Reply to: