Re: Bug#756521: ITP: kadeploy -- Scalable, efficient and reliable cluster provisioning solution
Le Sat, Aug 02, 2014 at 07:22:24AM +0200, Lucas Nussbaum a écrit :
> On 02/08/14 at 09:51 +0800, Paul Wise wrote:
> >
> > One downside of cloning Debian based images is that debootstrap, dpkg
> > and package maintainer scripts leave system-specific files (like
> > openssh private keys, systemd machine ids, dbus machine ids etc) in
> > the resulting image and you have to workaround that after generating
> > the image.
> >
> > How does Kadeploy currently deal with this sort of issue?
>
> There's a post-installation phase where machine-specific files are
> copied to the cloned system.
>
> > Perhaps we need to merge the Debian cloud/live team's handling of this
> > issue and put that in a package that Kadeploy can use...
>
> Yes, or at least the Kadeploy developers should take a look at what is
> done there, to make sure that the same things are covered on both sides.
Ideally, the packages providing software using machine-specific keys or IDs,
etc., should provide the functionalities to facilitate the production of
generic machine images.
A straightforward way is exemplified by the case of SSH, where the server keys
are regenerated if they are absent. It then only takes to delete the keys when
preparing images to avoid the problem of duplicated IDs or privacy leaks.
Following similar ways with other packages when possible will avoid the
proliferation of parallel solutions.
This said, a check list or a checking program for inspecting images and
finding if machine-speficif files are still present would be nice…
Have a nice week-end,
--
Charles Plessy
Tsurumi, Kanagawa, Japan
Reply to: