Re: agents inside VMs (was: Oracle Cloud Infrastructure)

To: debian-cloud@lists.debian.org
Subject: Re: agents inside VMs (was: Oracle Cloud Infrastructure)
From: Thomas Goirand <zigo@debian.org>
Date: Mon, 31 Dec 2018 11:47:32 +0100
Message-id: <[🔎] 3f0cf8be-24ea-aa72-1bd9-8c7646c686ac@debian.org>
In-reply-to: <[🔎] 20181229232601.GK5864@mit.edu>
References: <[🔎] 3d262f07-460f-8255-5bc4-089fd570c62b@oracle.com> <[🔎] 502735ec-180a-4027-d4c3-6c6e65ee62f8@debian.org> <[🔎] 9305251b-0dd5-ed5b-d42b-2256e4612de9@oracle.com> <[🔎] 9ed09c49-1ce1-deb3-6750-8f1ea5649ed6@debian.org> <[🔎] bc79dd0f-c996-5159-53d5-b8c53a3a34c6@oracle.com> <[🔎] fb623163-646c-d265-149b-e0a43586f78a@debian.org> <[🔎] 20181229204101.besz7xg5elgtnihk@yuggoth.org> <[🔎] 20181229232601.GK5864@mit.edu>

On 12/30/18 12:26 AM, Theodore Y. Ts'o wrote:
> I can understand how adding features via a cloud-specific agent is not
> viewed as particularly exciting for someone who wants to use VM's
> across multiple providers.

That's not the unique problem.

I've heard people from Google and Azure both complaining that they want
their agent to move fast, and they don't like the typical life cycle of
Debian stable, which prevents them from updating the agent often.

> Unfortunately, if the VM is starting with a common fixed image which
> is used by all customers, there has to be some way to set up ssh keys
> that can be used to log in as root.

Usually, you don't login as root. In the case of Debian, the default
user is "debian", and this user has "sudo su" rights. The ssh public key
is written in /home/debian/.ssh/authorized_keys by cloud-init at boot
time. Cloud-init does that by contacting a metadata server (there are
other ways, like config drive, which also comes with its issues, but
that's out of scope of this thread).

> And if the model is that requests
> to resize disks or take snapshot of disks can originated external to
> the VM, then there needs to be some way to let the VM know that the
> disk has changed in size, or that the VM should call the FIFREEZE
> ioctl on a disk in preparation for a snapshot.

Isn't there is a way to send this to the kernel as a signal from the
hardware? If there's currently no way, then probably we should think
about it.

> There currently is a
> standardized way that will work across all OS's, and all cloud
> providers, so this sort of things gets done via agents.

I very much would like to see a common agent being invented and become a
standard. This could even be part of the kernel or something. With such
standard, it would be easier to audit the agent code, the same way I
very much prefer cloud-init over any other specific solution.

> The shortcoming with OpenStack is that you end up having to support
> the lowest common denominator of functionality.

I really don't understand this sentence, even less with your example.

Cheers,

Thomas Goirand (zigo)

Reply to:

References:
- Oracle Cloud Infrastructure
  - From: Paul Graydon <paul.graydon@oracle.com>
- Re: Oracle Cloud Infrastructure
  - From: Thomas Goirand <zigo@debian.org>
- Re: Oracle Cloud Infrastructure
  - From: Paul Graydon <paul.graydon@oracle.com>
- Re: Oracle Cloud Infrastructure
  - From: Thomas Goirand <zigo@debian.org>
- Re: Oracle Cloud Infrastructure
  - From: Paul Graydon <paul.graydon@oracle.com>
- Re: Oracle Cloud Infrastructure
  - From: Thomas Goirand <zigo@debian.org>
- Re: Oracle Cloud Infrastructure
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Oracle Cloud Infrastructure
  - From: "Theodore Y. Ts'o" <tytso@mit.edu>

Prev by Date: Re: Oracle Cloud Infrastructure
Next by Date: Re: Oracle Cloud Infrastructure
Previous by thread: Re: Oracle Cloud Infrastructure
Next by thread: Re: Oracle Cloud Infrastructure
Index(es):
- Date
- Thread