List of packages and configuration for FAI for cloud providers

What is the package set for installation

As close to DI as possible


Classes for configuring images
==============================

DEBIAN - basic
Release-specific

Order is important:
DEBIAN,STRETCH,AMD64,GRUB_PC,STANDARD,CLOUD,EC2
From general to specific
Cloud-provider specific is the last
Earlier variables can be overriden later

Default key repeat 250ms - bad for cloud (and networking in general),
as there is large latency between continents
2 places - for console and for GRUB

STOP_ON_ERROR - FAI returns codes from tasks, and we can stop when some specific task fails

keymap, console - proposal to remove it

release_name: gets overriden later, by release-specific class file

EC2 class overrides apt_cdn URL
GCE class sets NTP - not sure for now if anybody uses it (not - but should)
OPENSTACK sets release - wrong place; file could be empty for now
missing AZURE

We set only main mirror. Additional sources.list entries - in additional files

Setting locale and keyboard
Some cloud provideres offer console, but then we'll need to override default settings (ps105, us layout)
QEMU supports pc104 - but not sure about it

CLOUD class - we set grub-pc, elevator=noop
elevator=noop is suggested for any cloud environment (or even virtual)

In cloud specific classes we override some things.
E.g. in EC2 we add more settings - but as there is only overriding of variables, we must repeat older settings; so here we repeat elevator=noop
grub timeout set to 0; images should start as fast as possible, for per-second-billing and auto-scaling
cloud-init: ec2 as data source; new cloud-init ignores those settings and has heurestics
We cannot tell it "we really know what we're doing" but supposedly is fast and accurate

sysinit instead of GRUB?
less support problems, headless,
GRUB is almost default - but not for arm64, and is not as universal as previously right now
In cloud environment
TO DISCUSS LATER if we continue using GRUB

disk config: basic partition layout. One partition
For now ms-dos, but we should move to GPT for partitions over 2TB
Plan: create GPT class, test it, and if everything works change this to be default
2 variants: GPT and GPT BIOS
We might need EFI parition for GTP: to be tested
Vagrant (VM_IMAGE) uses swap; name should be changed to VAGRANT
Every cloud wants to have primary partition as partition 1
Physical 1, but logical 14 and 15 (I don't understand it fully, somebody please add more notes)

For now 300MB is minimal
For GCE 10GB is minimal


Packages
========

We should support 2 images
Minimal - as small as possible; useful for people doing customizations
Stardard, full-features, to be used by people who want to log-in, interact
Repeat of 3 classes of users from previous sprint

DEBIAN - from FAI-examples
It depends on other classes set
e.g. we install linux-image-amd64 if we are in class AMD64

initramfs-growroot - might be needed, but not for Buster, maybe not even for Stretch

DHCP - need to install it

LVM - should be moved to separate file, not in DEBIAN; we're not using LVM, but maybe other people are using it. Removed for now

For pacakges - isntall installs with Recommends. We might want to install without Recommends for minimal image

STANDARD - useful for remote system
Opinionanted list, we might discuss it for hours
Mostly utils and tracing/net debugging packages

Standard Debian installation might not be the best for the cloud
Minimal images should (might?) be similar to container (Docker)
OTOH Docker images were done by specific people without much discussion
so while we might look at them, they are not requirement and should not be treated as oracle

Rename to avoid conflict with package priorities

Ubuntu - merges Cloud and Server images

Tasksel - Cloud task. It might be good idea - but it was end of discussion last year

People are chosing Debian so they trust us and our opinions
Whether cloud provider or Debian choses and gets hate mail

It is easier to have additional class than merge everything into one class
Allows for easier customisation

Some people remove cloud-init. But is it then cloud image?

CLOUD: mdadm - could be removed, not used by cloud (and above we had LVM)

--------------------------------------------
WE HAVE COMMENTS IN FILES, SO LET'S USE THEM
--------------------------------------------

Jessie cloud-init - from backports, as packages from main are not usable

unattended-upgrades: long-running instances need upgrades
cloud-init only upgrades at boot
Long discussion at debian-devel
By default (in default configuration) unattended only installs upgrades from security - what we want

Conflict between systemd timers and cron for apt
No solution for now, there were discussions on cloud-init list

Why do we need dbus?
It is needed by ACPI shutdown, and libpam-systemd
irqballance

Sources for entropy
Should we consider installing haveged by default? Question to discuss later...
Usually cloud providers provide it, e.g. AWS provides it from KMS
Usually, OpenStack deployer don't care enough, and many wont have any good source of entropy.
Other - by cloud-init

apt-transport-https - on Buster it's in apt by default
But needed for older releases
For security - tor transport. But we'd kill TOR if all AWS Debian instances would try to upgrade at once

Good practice - one package per line
Unless they are releated

GCE - many packages are moved from bootstrap-vz, but now they are taken care of by previous classes
2 variants
PACKAGES install
PACKAGES install STANDARD
The latter will be used only when we have class STANDARDS

GCE.asc - key for Google repository. But do we install non-main in "Official Debian" image?
Plan to move Google packages to main. It requires work, but there is progress

Cloud branding of images
Edit the motd so that it advertize about the cloud image team, how to report bugs, the wiki and maybe our mailing list.
Make it cloud image specific (ie: "This is the official Debian image for GCE").

Files that are installed
Apt sources
Better templates
But cloud-init sets up mirrors

Need to unify sources templates between provider classes (comment: "My God, that's a mess!")
Remove GCE-specific sources and just have one common sources template
With our without backports?
Security - we should add /security as this is official

GCE configures non-free and contrib

New cloud-init is supposed to take over networking configuration

Some files to override some files for GRUB
But this might come from debconf, not necessarily from FAI

Ugly script for EC2 to configure many interfaces with combinations of IPv4 and IPv6 and DHCP
Need to start interface and then run DHCP6 for it in "up" and "down"
Otherwise, if we get IPv4 but not IPv6 interface will be considered down/broken
Might be good to package it, but not just it alone

Console device for ARM is: ttyAMA0, make sure we have in the grub config something like:
biosdevname=0 net.ifnames=0 console=tty0 console=$CONSOLE,115200 earlyprintk=$CONSOLE,115200 consoleblank=0 systemd.show_status=true
with $CONSOLE set to either ttyAMA0 or ttyS0 depending on the platform.

Scripts
Restore capabilities; maybe new version of tar preserves them

Some script for GRUB setup; not sure if it is needed for cloud, or only for bare metal
Here both VAGRANT and VM_IMAGE class - why?

explicit call to grub-upgrade; not sure if this is really needed

Creation of /etc/machine-id
Cleanup of ssh host keys
Change of root login setup for ssh
Some fix for bug in Azure; should be fixed now in Azure, maybe can be removed now?

fcopy for copying file to image; needs to be called explicitly
fcopy is taking classes into consideration
Recursive fcopy is bad

Some commands are repeated in CLOUD and provider-specific classes
We might need to clean those up

GCE - unconditional disable of IPv6

VAGRANT vs VM_IMAGE; one sets up root password, another deletes it
Need to as Emanuel what's going on
Need for discussion on list about Vagrant
Current state might be OK for Vagrant community but does not meet our standards
But providing correct images might mean that Vagrant users will hate us for not
keeping with their standards

cloud init grows partition. If there is no cloud-init we might need to install
and run something that will grow partition

Default user name
debian@ on OpenStack
root@ Digital Ocean
admin@ on EC2
Nothing for Google - you need to use GCE-specific tools for SSH


Tests directory
===============

Not used right now
Code from 9 years ago, not actively maintained

We cannot put our tests in FAI tests directories, as those tests would be executed
during build and not ot the clould

But we might put some tests here e.g. for checking root login disabled
Or check for files that need to be cleaned up

But if we'll want to generate Docker images, we might rethink testing there

Have git push hook to email cloud list (or other list) if somebody pushes change,
so group knows when something changes
@TODO for Sledge to add hooks like for debian-cd