Re: Debian images for Google Compute Engine
I'll chat with our product documentation folks tomorrow to figure out
how best to get some data on your wiki.
Regarding ssh/users/etc, Google Compute has a simple user-and-ssh-key
management process we use that helps people get started, but it is
only so flexible and scalable. We generally imagine that OS
providers, especially tools, like cloud-init, will figure out how to
do user management in a more standard way, using standard
==jimmy --- I don't really know what the difference between
debootstrap and debian-installer is, but it sounds like it's a
decision to be made in the ec2debian-build-cloud toolchain whether to
use it or not.
On Wed, Apr 17, 2013 at 6:01 PM, Jimmy Kaplowitz <email@example.com> wrote:
> Hi Charles,
> On Thu, Apr 18, 2013 at 09:19:59AM +0900, Charles Plessy wrote:
>> Do you think you can summarise how to access the GCE images in a page on the Debian
>> wiki, for instance http://wiki.debian.org/Cloud/GoogleComputeEngineImage ? You
>> can see http://wiki.debian.org/Cloud/AmazonEC2Image and http://wiki.debian.org/Cloud/WindowsAzureImage
>> for examples.
> Sure. Right now what we have published is not images themselves, but tools for
> anyone to make their own. While we have of course built images internally and
> done testing, we would love for Debian to be the provider of official Debian
> images in Google Compute Engine. Publishing those images can be done by anyone
> we add to the debian-cloud project and does not need to be done by Googlers.
> A quick summary of usage for the very near term:
> 1) If you want to help and don't already have Google Compute Engine space in
> which to work, email David and me saying how you want to help and giving the
> name of your Google account (Google Apps and consumer accounts are both fine).
> We'll add people to whichever projects are appropriate for how they're helping,
> within the constraints in my previous email.
> 2) Use our github fork on any Linux machine to create the images. I'll submit a
> pull request tomorrow so that Anders can merge it into his tree. Example
> command line (root is needed for the loopback mounting process):
> # Either squeeze or wheezy should work.
> sudo ./build-debian-cloud gce --codename squeeze --volume-size 10
> 3) The image will end up in the same directory. From there, follow the steps to
> upload and use a custom image in Google Compute Engine, beginning with step 4
> here: https://developers.google.com/compute/docs/images#installinganimage
> Once official Debian images are published via the debian-cloud project, end
> users will be able to use them simply by adding a suitable --image option when
> creating their instance.
>> I have a question about SSH. I browsed a bit further the documentation in
>> https://developers.google.com/compute/docs/instances#standardssh, where I could
>> read: "username: [Required The username to log in that instance. Typically,
>> this is the username of the local user running gcutil." Will this be the
>> standard on Debian images as well ? Do you think that it is a practice to be
>> recommended for our other images ? We chose "admin" as default account,
>> following Ubuntu's practice to provide a default account, and adding the
>> constraint that it must not be branded, but if there is an even better choice,
>> we should consider it.
> That language applies to the Debian image as well. gcutil and the authorization
> model of Google Compute Engine provide flexibility in this regard. For example,
> by default, every team member of a Google Compute Engine project with "Can
> edit" or "Is owner" has ssh rights to new instances. This is controllable even
> at a per-instance level. This is managed by a cron job installed by one of our
> debs, also called from our startup logic - feel free to look at how it works if
> you're curious, it's all readable and Apache-license scripts.
>> Another question, for the mid-long term, do you think that it would be possible
>> to use the Debian Installer directly ?
> We're already using debootstrap, as ec2debian-build-ami did. I'm curious how
> you'd want debian-installer to work, but if it supports arbitrary image files
> as target, someone might be able to do it.
> - Jimmy Kaplowitz