cloud authentication, general documentation
by Brian LaMere
Greetings all - was suggested I might be able to ask a question here, I'll
go back to lurking if not!
There are a lot of ways to solve the problem of authenticating to hundreds
of disposable systems. The method I'm currently putting in place during our
move from Slicehost to EC2 is to set up a multi-master 389 Directory
Server. I'm using openssh-lpk, which was originally an old patch that never
got in to the official openssh package but that is becoming a helper daemon
(instead of a patch) as of Fedora14. I installed the Fed14 packages on my
Fed13 instance; I'm a bad person. What I can then do is put public keys for
users in the directory server, and then - since the AMI is set up to ask my
ldap server for info - viola! Brand new instances can already be key-auth'd
by brand new accounts, without creating the account on the other side (and
thus, without putting the key in authorized_hosts), in a way that is dynamic
enough that I can add/revoke auth to any number of instances within
seconds. There's more to it than what I've said, but hopefully you get the
idea.
I had to mostly just do it all with little guidance (not a big deal, but I
like using tested methods...) as I didn't find much "out there" about
authing to a cloud. Is documentation about what I've done the sort of thing
in which Cloud SIG would be interested? Most such documentation is
currently found in snippets of someone's blog somewhere; there are many
necessary incidentals to making cloud computing successful for an
enterprise, so it would seem they'd be better addressed, especially for
small/mid-sized companies that don't need complicated setups. Things like
cfengine seem somehow...innappropriate...for disposable systems that are
going to created in a "blessed" state anyway, and only need minor tweeks.
On that note, is Cloud SIG working on gathering documentation of the "making
a Cloud useful, once it exists" variety?
thanks!
Brian LaMere
ps - I mentioned it to gholms already via email, but the official python
package for Slicehost (pyactiveresource) is not yet a fedora package; should
it be one? Or is it simple enough that it's assumed someone will just pip
install it, if needed?
13 years, 9 months
Cloud SIG Meeting Reminder: 2010/07/22, 2100 UTC, in #fedora-meeting
by Robyn Bergeron
Hey everyone - sorry for the late reminder. I've been at OSCON all
week and time is escaping me. :D
>From catching up on the mailing list it looks like we have lots of
people interested in discussing some of the OpenStack stuff, and we
may even have some of those folks coming (yay). http://openstack.org
if you want to catch the details on what they're up to. So I arrange
the agenda a little loosely with discussion on that first - I think if
we have any leftover details we can probably cover that stuff on the
mailing list.
See you soon!
-Robyn
Meeting Details: Thursday @2100 UTC (In NA - East coast, 5pm; West coast, 2pm.)
Meeting channel: #fedora-meeting, irc.freenode.net
Other details are available at https://fedoraproject.org/wiki/Cloud_SIG.
Next meeting: 2010/07/22 - 2100 UTC (5pm Eastern), in #fedora-meeting.
* OpenStack discussion, possibly with invited OpenStack folks.
* Documentation stuff - have some items in the wiki to-do list, if
you want to pick something up.
* Question: Would it be good for us to have a trac instance to
keep better track of things to be done?
13 years, 9 months
Cloud SIG meeting minutes - 2010/07/15
by Robyn Bergeron
Sorry - forgot to send out. Hope everyone is having a great weekend.
-Robyn
Minutes: http://meetbot.fedoraproject.org/fedora-meeting/2010-07-15/cloud_sig.2010...
Full Log: http://meetbot.fedoraproject.org/fedora-meeting/2010-07-15/cloud_sig.2010...
==========================
#fedora-meeting: Cloud SIG
==========================
Meeting started by rbergeron at 21:00:31 UTC. The full logs are
available at
http://meetbot.fedoraproject.org/fedora-meeting/2010-07-15/cloud_sig.2010...
.
Meeting summary
---------------
* Agenda (rbergeron, 21:01:56)
* LINK:
http://fedoraproject.org/wiki/Cloud_SIG#Upcoming_meeting_agenda
(rbergeron, 21:02:04)
* Last meeting's actions (rbergeron, 21:02:23)
* jforbes is looking at the .ks file that got updated from huff - will
skip ahead to ec2 testing since we know f13 boots there thanks to
mgoldmann. (rbergeron, 21:09:06)
* ACTION: rbergeron to actually really put to-do stuff on wiki.
(rbergeron, 21:09:15)
* Just a friendly reminder that if anyone wants to work on
documentation stuff of any type -
http://fedoraproject.org/wiki/Publishing_image_to_EC2 is one placd
we can start (rbergeron, 21:09:53)
* jforbes got us on feature list for F14.
http://fedoraproject.org/wiki/Features/EC2 (rbergeron, 21:11:11)
* What's next? (rbergeron, 21:13:44)
* Start by documenting how to boot an image from EC2 (rbergeron,
21:15:38)
* ami-988b60f1 is an example, document the use of it, and we change
the names to the official release when it is ready (rbergeron,
21:17:19)
* amazon documentation should be linked off the ec2 login page - can
be a good reference point. (rbergeron, 21:17:43)
* need separate docs for publishing to ec2, and booting an image from
ec2. (rbergeron, 21:20:36)
* But booting and using is the more important, and one that can be
worked on now (in fact testers can use it for testing instructions)
(rbergeron, 21:21:08)
* AOB? (rbergeron, 21:23:16)
* Interesting information on boxgrinder on list, i encourage everyone
to check it out :)
http://lists.fedoraproject.org/pipermail/cloud/2010-July/000230.html
(rbergeron, 21:24:22)
Meeting ended at 21:27:46 UTC.
Action Items
------------
* rbergeron to actually really put to-do stuff on wiki.
Action Items, by person
-----------------------
* rbergeron
* rbergeron to actually really put to-do stuff on wiki.
* **UNASSIGNED**
* (none)
People Present (lines said)
---------------------------
* rbergeron (61)
* jforbes (18)
* smooge (6)
* zodbot (3)
* imcleod (1)
* ke4qqq (1)
13 years, 9 months
Cloud SIG Meeting Reminder: 2010/07/15, 2100 UTC, in #fedora-meeting
by Robyn Bergeron
Meeting time! We've had lots of good things happening this week -
details are falling into place. Woot!
Meeting Details: Thursday @2100 UTC (In NA - East coast, 5pm; West coast, 2pm.)
Meeting channel: #fedora-meeting, irc.freenode.net
Other details are available at https://fedoraproject.org/wiki/Cloud_SIG.
Agenda:
* Status check: Action items from previous meeting.
o ke4qqq Research and report back on possible costs of
testing, if amazon has a recommendation on testing with large groups
of testers, check into cost approval with ... whoever would pay for
it.
o jforbes to respond to gholms mailing list email on eucatools stuff.
o jforbes to continue trying to get ahold of huff on .ks
stuff (get http://github.com/huff/kickstart-stuff/blob/master/fedora-ec2-min.ks
updated to F13)
o rbergeron to talk to spevack about location of the huff
(done. --Rbergero 05:17, 15 July 2010 (UTC)
o jforbes to send patched .ks file to the list with testing
instructions
o rbergeron to put more of this to-do stuff in wiki to-do
list, mail to mailing list.
o rbergeron to ping spevack about getting account info to
create mirrors, get info to mdomsch. (done. --Rbergero 05:17, 15 July
2010 (UTC)
o jeevan_ullas to make a wiki page of to-dos for eucalyptus
o rbergeron to put more of this to-do stuff in wiki to-do
list, mail to mailing list.
* Documentation
o jforbes to start populating the wiki page with basic
information as time allows
* Question: Would it be good for us to have a trac instance?
* Status Update: kernel status
* Add your agenda item here.
We still have room on the agenda for other items, if anyone has
something they'd like to cover.
See you there!
-Robyn
13 years, 9 months
Fedora 13 on EC2
by Marek Goldmann
In short: it works!
== Wait, what?
Recently Amazon released new AKI images with PvGrub [1] which enables running kernels shipped with AMI instead of selecting AKI/ARI pair available on Amazon.
http://thecloudmarket.com/search?search_term=pvgrub
== How I can create my Fedora 13 image to run on EC2?
This week I added support (with David's help!) for Fedora 13 for EC2 to BoxGrinder [2], BoxGrinder is a tool for creating appliances (virtual machines) for various virtual environments (Xen, KVM, VMware, EC2). You can learn more about BoxGrinder reading the documentation [3]. New BoxGrinder Build version which has Fedora 13 support backed in, will be released this week! Feel free to watch our blog [4].
I used the following definition:
name: jeos-f13
summary: Just Enough Operating System based on Fedora 13
os:
name: fedora
version: 13
hardware:
partitions:
"/":
size: 2
packages:
includes:
- bash
- kernel-PAE
- grub
- e2fsprogs
- passwd
- policycoreutils
- chkconfig
- rootfiles
- yum
- vim-minimal
- acpid
- dhclient
- iputils
- openssh-server
- openssh-clients
- system-config-firewall-base
If you want still use kickstarts, Huff will provide a jeos kickstart file too, right?
== Is there a Fedora 13 AMI available NOW?
Yes, you can use this AMI:
ami-988b60f1
Bear in mind: this is only a temporary 32 bit version. I'll create new JEOS images for 32 and 64 bit this week, stay tuned.
So, take care and test the image!
[1] http://wiki.xensource.com/xenwiki/PvGrub
[2] http://www.jboss.org/stormgrind/projects/boxgrinder.html
[3] http://community.jboss.org/wiki/BoxGrinderDocumentation
[4] http://cloudpress.org/
--Marek
13 years, 9 months
Cloud SIG meeting minutes - 2010/07/01
by Robyn Bergeron
Thanks to everyone for coming. Please read logs - we've made some
progress on the kernel situation, and are starting to think about
future needs in terms of a to-do list as well as documentation. Any
questions - please pipe up on the mailing list!
Cheers,
-robyn
Meeting Minutes:
http://meetbot.fedoraproject.org/fedora-meeting/2010-07-01/fedora_cloud_s...
Full Log: http://meetbot.fedoraproject.org/fedora-meeting/2010-07-01/fedora_cloud_s...
==========================
#fedora-meeting: Cloud SIG
==========================
Meeting started by jforbes at 21:01:18 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting/2010-07-01/fedora_cloud_s...
.
Meeting summary
---------------
* Agenda (rbergeron, 21:03:28)
* LINK:
http://fedoraproject.org/wiki/Cloud_SIG#Upcoming_meeting_agenda
(rbergeron, 21:03:31)
* Status check: Action items from previous meeting (rbergeron,
21:03:43)
* huff to post AMI feature set to mailing list - he's not around :)
(rbergeron, 21:04:44)
* ke4qqq waiting on amazon for info on testing costs for getting a
block of people access without having to use their own accounts
(rbergeron, 21:06:00)
* jforbes on track to submit for F14 feature list (rbergeron,
21:07:14)
* got news from amazon - Namely
ec2-public-images/pv-grub-hd00-V1.01-x86_64.gz (rbergeron,
21:07:27)
* EC2 pvgrub images are now public and accessible (rbergeron,
21:07:38)
* now we don't need to submit AKI and ARIs anymore, we use the kernel
inside the image. (rbergeron, 21:08:45)
* ACTION: jforbes to ping gholms about eucatools <--> kernel <-->
pvgrub image (rbergeron, 21:15:04)
* jeevan_ullas sent mail to the list with some packaging information
for eucalyptus, other possible packages / dependencies we might want
to start thinking about / looking for packagers for. (rbergeron,
21:16:14)
* ACTION: jeevan_ullas to make a wiki page of to-dos for eucalyptus
(rbergeron, 21:17:29)
* kernel status (rbergeron, 21:17:59)
* We are still waiting for the kernel update to push. (rbergeron,
21:19:05)
* trying to get an eta. (rbergeron, 21:19:11)
* LINK: http://fedoraproject.org/wiki/FeatureList (rbergeron,
21:20:43)
* ACTION: jforbes to submit to [[FeatureList]] this week now that we
have pvgrub info (rbergeron, 21:22:02)
* open floor (rbergeron, 21:29:35)
* To Do / Schedule List (rbergeron, 21:29:57)
* so after the kernel is pushed, we need the actual images, which is
the ks file that huff is working on (rbergeron, 21:31:20)
* can start working on that now with local xen testing - the kernel
update makes our kernel work on older RHEL releases, but we can test
and tune the ks file on rhel 5.3 or newer hosts (rbergeron,
21:31:50)
* Testing without ec2 requires a xen host (rbergeron, 21:33:49)
* once you have a xen host, you can simply create an image with
appliance-tools using the kickstart file from huff (it is in a
public repository, need to find location) (rbergeron, 21:34:18)
* boot the image, make sure it works, make sure critical packages are
there, report back if anything else is needed or something doesn't
work (rbergeron, 21:34:32)
* report back if things work tooo (rbergeron, 21:34:43)
* ACTION: rbergeron to put this testing info into the wiki
(rbergeron, 21:35:11)
* ACTION: rbergeron to start framing todo list on the wiki
(rbergeron, 21:35:18)
* LINK:
http://github.com/huff/kickstart-stuff/blob/master/fedora-ec2-min.ks
(jforbes, 21:35:48)
* LINK:
http://github.com/huff/kickstart-stuff/blob/master/fedora-ec2-min.ks
(rbergeron, 21:36:06)
* LINK: http://github.com/huff/kickstart-stuff/ is the top level
(jforbes, 21:36:59)
* LINK: http://github.com/huff/kickstart-stuff/ is the top level
(rbergeron, 21:37:14)
* ACTION: jforbes to get with huff and get
http://github.com/huff/kickstart-stuff/blob/master/fedora-ec2-min.ks
updated to F13 (rbergeron, 21:38:16)
* ACTION: sparks to create basic wiki page for publishing images to
EC2 documentation (rbergeron, 21:49:47)
* ACTION: jforbes to pstart populating with basic information as time
allows (rbergeron, 21:50:35)
* LINK: https://fedoraproject.org/wiki/Publishing_image_to_EC2
(Sparks, 21:50:56)
* ACTION: sparks to talk to ke4qqq (he'll be under the bus) - get some
more background on cloud stuff, what's going on, etc. (rbergeron,
21:51:37)
* ACTION: rbergeron to take a typing class from mavis beacon
(rbergeron, 21:51:47)
Meeting ended at 21:59:27 UTC.
Action Items
------------
* jforbes to ping gholms about eucatools <--> kernel <--> pvgrub image
* jeevan_ullas to make a wiki page of to-dos for eucalyptus
* jforbes to submit to [[FeatureList]] this week now that we have pvgrub
info
* rbergeron to put this testing info into the wiki
* rbergeron to start framing todo list on the wiki
* jforbes to get with huff and get
http://github.com/huff/kickstart-stuff/blob/master/fedora-ec2-min.ks
updated to F13
* sparks to create basic wiki page for publishing images to EC2
documentation
* jforbes to pstart populating with basic information as time allows
* sparks to talk to ke4qqq (he'll be under the bus) - get some more
background on cloud stuff, what's going on, etc.
* rbergeron to take a typing class from mavis beacon
Action Items, by person
-----------------------
* jeevan_ullas
* jeevan_ullas to make a wiki page of to-dos for eucalyptus
* jforbes
* jforbes to ping gholms about eucatools <--> kernel <--> pvgrub image
* jforbes to submit to [[FeatureList]] this week now that we have
pvgrub info
* jforbes to get with huff and get
http://github.com/huff/kickstart-stuff/blob/master/fedora-ec2-min.ks
updated to F13
* jforbes to pstart populating with basic information as time allows
* ke4qqq
* sparks to talk to ke4qqq (he'll be under the bus) - get some more
background on cloud stuff, what's going on, etc.
* rbergeron
* rbergeron to put this testing info into the wiki
* rbergeron to start framing todo list on the wiki
* rbergeron to take a typing class from mavis beacon
* **UNASSIGNED**
* sparks to create basic wiki page for publishing images to EC2
documentation
People Present (lines said)
---------------------------
* rbergeron (142)
* jforbes (58)
* Sparks (15)
* smooge (14)
* jeevan_ullas (12)
* ke4qqq (8)
* zodbot (4)
* eric-smith (2)
* jeevan_ullas_ (2)
13 years, 9 months
Cloud SIG meeting minutes - 2010/07/08
by Robyn Bergeron
<Prof. Farnsworth>Good news everyone!*</Prof. Farnsworth> The kernel
update has been pushed to stable and should be available tomorrow. We
should now be able to plow ahead with testing and ks file stuff.
jforbes is also submitting into FeatureList this week. Hooray,
Progress!
Please see the logs for more information. If you have any updates and
weren't able to make the meeting, please update us on the list!
Thanks to all who came!
-Robyn
*apologies to those not familiar with Futurama.
http://www.youtube.com/watch?v=1D1cap6yETA
Meeting Minutes:
http://meetbot.fedoraproject.org/fedora-meeting/2010-07-08/fedora-meeting...
Full Logs: http://meetbot.fedoraproject.org/fedora-meeting/2010-07-08/fedora-meeting...
==========================
#fedora-meeting: Cloud SIG
==========================
Meeting started by rbergeron at 21:00:22 UTC. The full logs are
available at
http://meetbot.fedoraproject.org/fedora-meeting/2010-07-08/fedora-meeting...
Meeting summary
---------------
* Agenda (rbergeron, 21:02:06)
* LINK:
https://fedoraproject.org/wiki/Cloud_SIG#Upcoming_meeting_agenda
(rbergeron, 21:02:11)
* LINK: https://fedoraproject.org/wiki/Publishing_image_to_EC2
(rbergeron, 21:03:29)
* LINK:
http://lists.fedoraproject.org/pipermail/cloud/2010-July/000223.html
(rbergeron, 21:05:45)
* So we will need the new version of eucatools, but time is not so
critical on that as we can manually work aroudn it (rbergeron,
21:07:35)
* ACTION: jforbes to respond to gholms mailing list email on eucatools
stuff. (rbergeron, 21:09:09)
* jforbes in the middle of creating FeatureList submission, woot.
(rbergeron, 21:10:23)
* ACTION: jforbes to continue trying to get ahold of huff on .ks
stuff. (rbergeron, 21:12:44)
* LINK: https://fedoraproject.org/wiki/Cloud_SIG#To-Do_List
(rbergeron, 21:14:05)
* kernel news... kernel is in updates-testing So test and give it
karma! (rbergeron, 21:15:02)
* ACTION: rbergeron to talk to spevack about location of the huff
(rbergeron, 21:17:18)
* update has been pushed to stable - so should be available tomorrow
(rbergeron, 21:19:18)
* ACTION: jforbes to send patched .ks file to the list with testing
instructions (rbergeron, 21:22:15)
* ACTION: rbergeron to put more of this to-do stuff in wiki to-do
list, mail to mailing list. (rbergeron, 21:24:14)
* Open Floor (rbergeron, 21:45:24)
* mirrors: we're not there yet, but soon as we have an image, and a
few running instances, we want to set up a mirror in each
availability zone (rbergeron, 21:46:27)
* ACTION: rbergeron to ping spevack about getting account info to
create mirrors (rbergeron, 21:47:04)
* ACTION: said account info for mdomsch :) (rbergeron, 21:47:13)
* no rush; we'll want to set them up using the fedora images created
(rbergeron, 21:47:43)
* or a RHEL-like image (rbergeron, 21:47:49)
* also need info on disk space for mirroring images; how to do it, and
where (rbergeron, 21:49:15)
* LINK: http://rix.si/files/greg-plow.png (rbergeron, 21:55:31)
Meeting ended at 21:55:54 UTC.
Action Items
------------
* jforbes to respond to gholms mailing list email on eucatools stuff.
* jforbes to continue trying to get ahold of huff on .ks stuff.
* rbergeron to talk to spevack about location of the huff
* jforbes to send patched .ks file to the list with testing instructions
* rbergeron to put more of this to-do stuff in wiki to-do list, mail to
mailing list.
* rbergeron to ping spevack about getting account info to create mirrors
* said account info for mdomsch :)
13 years, 9 months
Pre-release euca2ools available for testing
by Garrett Holmstrom
Good news, everyone! Almost immediately after I commented about the
lengthy time since their last release the python-boto people published
an alpha of their latest code. So I built it [0] and the latest
euca2ools snapshot [1] and threw them up on the web for you folks to
test* if you wish. The source packages stand alongside the noarch
packages should you need to rebuild them. Since they can't yet go in
the official repos, just let me or upstream know if you encounter any bugs.
I also quit putting off building euca2ools 1.2 for el6, so it should
appear in the epel repos after the next push.
Happy hacking,
GH
[0]
http://www.physics.umn.edu/~holms/repo/custom/13/python-boto-2.0-0.1.a2.f...
[1]
http://www.physics.umn.edu/~holms/repo/custom/13/euca2ools-1.2-3.20100701...
* Standard disclaimer: Pre-release code may opt to ruin your potted
plants or maim your cat instead of run correctly, so please take proper
precautions when testing.
13 years, 9 months
Cloud SIG Meeting Reminder: 2010/07/08, 2100 UTC, in #fedora-meeting
by Robyn Bergeron
Meeting Details: Thursday @2100 UTC (In NA - East coast, 5pm; West coast, 2pm.)
Meeting channel: #fedora-meeting, irc.freenode.net
Other details are available at https://fedoraproject.org/wiki/Cloud_SIG.
Agenda:
* Status check: Action items from previous meeting
(http://meetbot.fedoraproject.org/fedora-meeting/2010-07-01/fedora_cloud_s...)
o ke4qqq Research and report back on possible costs of
testing, if amazon has a recommendation on testing with large groups
of testers, check into cost approval with ... whoever would pay for
it.
o sparks to create basic wiki page for publishing images to
EC2 documentation; jforbes to start populating with basic information
as time allows
o jforbes to ping gholms about eucatools <--> kernel <--> pvgrub image
o jforbes to submit to FeatureList this week now that we
have pvgrub info
o jforbes to get with huff and get
http://github.com/huff/kickstart-stuff/blob/master/fedora-ec2-min.ks
updated to F13
o jeevan_ullas to make a wiki page of to-dos for eucalyptus
o rbergeron to put this testing info into the wiki
o rbergeron to start framing todo list on the wiki
o huff to post AMI feature set to mailing list
* Status Update: kernel status
We still have room on the agenda for other items, if anyone has
something they'd like to cover.
See you there!
-Robyn
13 years, 9 months