[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian images for Google Compute Engine

Hi Charles,

On Thu, Apr 18, 2013 at 09:19:59AM +0900, Charles Plessy wrote:
> Do you think you can summarise how to access the GCE images in a page on the Debian
> wiki, for instance http://wiki.debian.org/Cloud/GoogleComputeEngineImage ?  You
> can see http://wiki.debian.org/Cloud/AmazonEC2Image and http://wiki.debian.org/Cloud/WindowsAzureImage
> for examples.

Sure. Right now what we have published is not images themselves, but tools for
anyone to make their own. While we have of course built images internally and
done testing, we would love for Debian to be the provider of official Debian
images in Google Compute Engine. Publishing those images can be done by anyone
we add to the debian-cloud project and does not need to be done by Googlers.

A quick summary of usage for the very near term:

1) If you want to help and don't already have Google Compute Engine space in
which to work, email David and me saying how you want to help and giving the
name of your Google account (Google Apps and consumer accounts are both fine).
We'll add people to whichever projects are appropriate for how they're helping,
within the constraints in my previous email.

2) Use our github fork on any Linux machine to create the images. I'll submit a
pull request tomorrow so that Anders can merge it into his tree. Example
command line (root is needed for the loopback mounting process):

# Either squeeze or wheezy should work.
sudo ./build-debian-cloud gce --codename squeeze --volume-size 10

3) The image will end up in the same directory. From there, follow the steps to
upload and use a custom image in Google Compute Engine, beginning with step 4
here: https://developers.google.com/compute/docs/images#installinganimage

Once official Debian images are published via the debian-cloud project, end
users will be able to use them simply by adding a suitable --image option when
creating their instance.

> I have a question about SSH.  I browsed a bit further the documentation in
> https://developers.google.com/compute/docs/instances#standardssh, where I could
> read: "username: [Required The username to log in that instance. Typically,
> this is the username of the local user running gcutil."  Will this be the
> standard on Debian images as well ?  Do you think that it is a practice to be
> recommended for our other images ?  We chose "admin" as default account,
> following Ubuntu's practice to provide a default account, and adding the
> constraint that it must not be branded, but if there is an even better choice,
> we should consider it.

That language applies to the Debian image as well. gcutil and the authorization
model of Google Compute Engine provide flexibility in this regard. For example,
by default, every team member of a Google Compute Engine project with "Can
edit" or "Is owner" has ssh rights to new instances. This is controllable even
at a per-instance level. This is managed by a cron job installed by one of our
debs, also called from our startup logic - feel free to look at how it works if
you're curious, it's all readable and Apache-license scripts.

> Another question, for the mid-long term, do you think that it would be possible
> to use the Debian Installer directly ?

We're already using debootstrap, as ec2debian-build-ami did. I'm curious how
you'd want debian-installer to work, but if it supports arbitrary image files
as target, someone might be able to do it.

- Jimmy Kaplowitz

Reply to: