F20 System Wide Change: Visible Cloud

Mon Jul 15 10:34:33 UTC 2013

On Mon, Jul 15, 2013 at 12:22:22PM +0200, Jaroslav Reznik wrote:
> = Proposed System Wide Change: Visible Cloud =
> https://fedoraproject.org/wiki/Changes/VisibleCloud
> 
> Change owner(s): Matthew Miller <mattdm at fedoraproject org>
> 
> With Fedora 19's First Class Cloud Images feature [1], we have Amazon EC2 and 
> downloadable cloud images (in qcow2 and raw.xz format) produced and released 
> together with the traditional desktop installer and and livecd images. Now, 
> let's go to the next level and present the cloud images as equal options. 
> 
> == Detailed description ==
> This involves three key changes. They are not significant changes to other 
> packages, but since this has implications for the distribution as a whole, I 
> thought it best considered as bigger than a self-contained change.
> 
> 1. Refactoring of the Fedora web site to put the cloud image on equal footing 
> with the desktop image download. The new F19 cloud images page [2] is very 
> nice thanks to the hard work of the web team, but unfortunately, in order to 
> find it, one has to go down into the cellar, into a disused lavatory with a 
> sign on the door saying Beware of the Leopard. Let's put it on display in the 
> metaphorical front lobby.
> 
> 2. Creating specific release criteria and tests for basic cloud image 
> functionality in, at least, Amazon EC2 and OpenStack. (Tests for smaller 
> public cloud services could be added once those services gain the ability for 
> us to provide official images directly. Tests for Eucalyptus and other IaaS 
> software could be added as well.)
> 
> 3. Building images in Koji using virtualization and Anaconda, rather than 
> using a chroot-based appliance-creator. This will ensure that the cloud image 
> is more in line with The Real Fedora. 
> 
> == Scope ==
> Proposal owner: Coordination; working with web designers and documentation 
> writers to develop the new presentation, working with QA to develop criteria 
> and tests, and working with release engineering to land the changes to image 
> building. I plan to be actively involved in all of these. 
> 
> Other developers: This will probably require a overhaul of the Get Fedora 
> website, as that is current primarily focused on the desktop download. 
> 
> Release engineering: Yes, Jay Greguske, Andrew Thomas, and I are working on 
> the improvements to the image build system and coordinating with Dennis 
> Gilmore. 
> 
> Policies and guidelines: As noted, QA guidelines will need to be updated. 

What's our update story for cloud images ?

While you could run 'yum update' when first booting a cloud image, that
leaves open a window of vulnerability. With an anaconda install you can
enables the updates repo at time of installation to remove this window
of vulnerability. So I think we need to solve it for cloud images too
if we're going to promote them as equal options.

I'm not suggesting we need to rebuild images for every update, but at a
minimum, when we issue CVE / security errata that affects an image, I'd
expect us to also rebuild and publish new cloud images pretty much
synchronously.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|