List of packages and configuration for FAI for cloud providers What is the package set for installation As close to DI as possible Classes for configuring images ============================== DEBIAN - basic Release-specific Order is important: DEBIAN,STRETCH,AMD64,GRUB_PC,STANDARD,CLOUD,EC2 From general to specific Cloud-provider specific is the last Earlier variables can be overriden later Default key repeat 250ms - bad for cloud (and networking in general), as there is large latency between continents 2 places - for console and for GRUB STOP_ON_ERROR - FAI returns codes from tasks, and we can stop when some specific task fails keymap, console - proposal to remove it release_name: gets overriden later, by release-specific class file EC2 class overrides apt_cdn URL GCE class sets NTP - not sure for now if anybody uses it (not - but should) OPENSTACK sets release - wrong place; file could be empty for now missing AZURE We set only main mirror. Additional sources.list entries - in additional files Setting locale and keyboard Some cloud provideres offer console, but then we'll need to override default settings (ps105, us layout) QEMU supports pc104 - but not sure about it CLOUD class - we set grub-pc, elevator=noop elevator=noop is suggested for any cloud environment (or even virtual) In cloud specific classes we override some things. E.g. in EC2 we add more settings - but as there is only overriding of variables, we must repeat older settings; so here we repeat elevator=noop grub timeout set to 0; images should start as fast as possible, for per-second-billing and auto-scaling cloud-init: ec2 as data source; new cloud-init ignores those settings and has heurestics We cannot tell it "we really know what we're doing" but supposedly is fast and accurate sysinit instead of GRUB? less support problems, headless, GRUB is almost default - but not for arm64, and is not as universal as previously right now In cloud environment TO DISCUSS LATER if we continue using GRUB disk config: basic partition layout. One partition For now ms-dos, but we should move to GPT for partitions over 2TB Plan: create GPT class, test it, and if everything works change this to be default 2 variants: GPT and GPT BIOS We might need EFI parition for GTP: to be tested Vagrant (VM_IMAGE) uses swap; name should be changed to VAGRANT Every cloud wants to have primary partition as partition 1 Physical 1, but logical 14 and 15 (I don't understand it fully, somebody please add more notes) For now 300MB is minimal For GCE 10GB is minimal Packages ======== We should support 2 images Minimal - as small as possible; useful for people doing customizations Stardard, full-features, to be used by people who want to log-in, interact Repeat of 3 classes of users from previous sprint DEBIAN - from FAI-examples It depends on other classes set e.g. we install linux-image-amd64 if we are in class AMD64 initramfs-growroot - might be needed, but not for Buster, maybe not even for Stretch DHCP - need to install it LVM - should be moved to separate file, not in DEBIAN; we're not using LVM, but maybe other people are using it. Removed for now For pacakges - isntall installs with Recommends. We might want to install without Recommends for minimal image STANDARD - useful for remote system Opinionanted list, we might discuss it for hours Mostly utils and tracing/net debugging packages Standard Debian installation might not be the best for the cloud Minimal images should (might?) be similar to container (Docker) OTOH Docker images were done by specific people without much discussion so while we might look at them, they are not requirement and should not be treated as oracle Rename to avoid conflict with package priorities Ubuntu - merges Cloud and Server images Tasksel - Cloud task. It might be good idea - but it was end of discussion last year People are chosing Debian so they trust us and our opinions Whether cloud provider or Debian choses and gets hate mail It is easier to have additional class than merge everything into one class Allows for easier customisation Some people remove cloud-init. But is it then cloud image? CLOUD: mdadm - could be removed, not used by cloud (and above we had LVM) -------------------------------------------- WE HAVE COMMENTS IN FILES, SO LET'S USE THEM -------------------------------------------- Jessie cloud-init - from backports, as packages from main are not usable unattended-upgrades: long-running instances need upgrades cloud-init only upgrades at boot Long discussion at debian-devel By default (in default configuration) unattended only installs upgrades from security - what we want Conflict between systemd timers and cron for apt No solution for now, there were discussions on cloud-init list Why do we need dbus? It is needed by ACPI shutdown, and libpam-systemd irqballance Sources for entropy Should we consider installing haveged by default? Question to discuss later... Usually cloud providers provide it, e.g. AWS provides it from KMS Usually, OpenStack deployer don't care enough, and many wont have any good source of entropy. Other - by cloud-init apt-transport-https - on Buster it's in apt by default But needed for older releases For security - tor transport. But we'd kill TOR if all AWS Debian instances would try to upgrade at once Good practice - one package per line Unless they are releated GCE - many packages are moved from bootstrap-vz, but now they are taken care of by previous classes 2 variants PACKAGES install PACKAGES install STANDARD The latter will be used only when we have class STANDARDS GCE.asc - key for Google repository. But do we install non-main in "Official Debian" image? Plan to move Google packages to main. It requires work, but there is progress Cloud branding of images Edit the motd so that it advertize about the cloud image team, how to report bugs, the wiki and maybe our mailing list. Make it cloud image specific (ie: "This is the official Debian image for GCE"). Files that are installed Apt sources Better templates But cloud-init sets up mirrors Need to unify sources templates between provider classes (comment: "My God, that's a mess!") Remove GCE-specific sources and just have one common sources template With our without backports? Security - we should add /security as this is official GCE configures non-free and contrib New cloud-init is supposed to take over networking configuration Some files to override some files for GRUB But this might come from debconf, not necessarily from FAI Ugly script for EC2 to configure many interfaces with combinations of IPv4 and IPv6 and DHCP Need to start interface and then run DHCP6 for it in "up" and "down" Otherwise, if we get IPv4 but not IPv6 interface will be considered down/broken Might be good to package it, but not just it alone Console device for ARM is: ttyAMA0, make sure we have in the grub config something like: biosdevname=0 net.ifnames=0 console=tty0 console=$CONSOLE,115200 earlyprintk=$CONSOLE,115200 consoleblank=0 systemd.show_status=true with $CONSOLE set to either ttyAMA0 or ttyS0 depending on the platform. Scripts Restore capabilities; maybe new version of tar preserves them Some script for GRUB setup; not sure if it is needed for cloud, or only for bare metal Here both VAGRANT and VM_IMAGE class - why? explicit call to grub-upgrade; not sure if this is really needed Creation of /etc/machine-id Cleanup of ssh host keys Change of root login setup for ssh Some fix for bug in Azure; should be fixed now in Azure, maybe can be removed now? fcopy for copying file to image; needs to be called explicitly fcopy is taking classes into consideration Recursive fcopy is bad Some commands are repeated in CLOUD and provider-specific classes We might need to clean those up GCE - unconditional disable of IPv6 VAGRANT vs VM_IMAGE; one sets up root password, another deletes it Need to as Emanuel what's going on Need for discussion on list about Vagrant Current state might be OK for Vagrant community but does not meet our standards But providing correct images might mean that Vagrant users will hate us for not keeping with their standards cloud init grows partition. If there is no cloud-init we might need to install and run something that will grow partition Default user name debian@ on OpenStack root@ Digital Ocean admin@ on EC2 Nothing for Google - you need to use GCE-specific tools for SSH Tests directory =============== Not used right now Code from 9 years ago, not actively maintained We cannot put our tests in FAI tests directories, as those tests would be executed during build and not ot the clould But we might put some tests here e.g. for checking root login disabled Or check for files that need to be cleaned up But if we'll want to generate Docker images, we might rethink testing there Have git push hook to email cloud list (or other list) if somebody pushes change, so group knows when something changes @TODO for Sledge to add hooks like for debian-cd