[arch-devops] cloud-images
Dear devops team, Recently I have pushed cloud-init back to [community][1], one Arch Linux user did some improvements on the cloud-init codebase as well and they are going to officially support arch linux with version 19.3[2]. Therefore I have added support for cloud-images to the arch-boxes project[3]. These images are qcow2 images and are expected to be installed in cloud-environments like Openstack. The only thing what is missing is a way to distribute the images and release them. My current plan has been that I build and sign them locally and then upload them to a web directory (This is the most secure way as possible right now). For this I need answers for a few questions: 1. Can I have a web-directory, where only I have access to? 2. Which key should I use to sign them? A new cloud-image signing key or my personal key? (I think latter should be enough). 3. I expect to build them monthly like the ISOs, how many images do you want to keep? My current assumption is that 1 year of image backup of cloud-images (qcow2) only would cost us around 30-50GB. 4. Do we want to mirror the images? Best greetings Chris [1] https://www.archlinux.org/packages/community/any/cloud-init/ [2] https://git.launchpad.net/cloud-init/commit/?id=5d5a32e039782ce3e1c0843082fe... [3] https://github.com/archlinux/arch-boxes/commit/9d9f04f9618367e2af8d92bef2d5e...
On Sun, Nov 03, 2019 at 06:42:07PM +0100, Christian Rebischke via arch-devops <arch-devops@lists.archlinux.org> wrote:
1. Can I have a web-directory, where only I have access to?
Depends on the specifics, but generally yes. I'm not quite sure why that is important though if the image is signed.
2. Which key should I use to sign them? A new cloud-image signing key or my personal key? (I think latter should be enough).
Whatever works better.
3. I expect to build them monthly like the ISOs, how many images do you want to keep? My current assumption is that 1 year of image backup of cloud-images (qcow2) only would cost us around 30-50GB.
No idea how many are needed. Why do we need more than 1-3?
4. Do we want to mirror the images?
That's probably the most important question. If they should be mirrored, it might be a good idea to put them in the mirror directory tree alongside the ISOs. Then we'd also have to decide if expanding our mirror tree by 30-50gb is ok or not. Right now, the whole tree (excluding sources) is around 80gb. Florian
On Sat, Nov 09, 2019 at 08:53:48PM +0100, Florian Pritz wrote:
On Sun, Nov 03, 2019 at 06:42:07PM +0100, Christian Rebischke via arch-devops <arch-devops@lists.archlinux.org> wrote:
1. Can I have a web-directory, where only I have access to?
Depends on the specifics, but generally yes. I'm not quite sure why that is important though if the image is signed.
Hi Florian, depends if I should always ask you to upload the image. I am asking for upload access, because I plan to build the images locally. Option 2 would be: We have automated builds for the images and either sign them with a less trusted cloud image key or I download them and sign them, and I just re-upload the signature for the image.
2. Which key should I use to sign them? A new cloud-image signing key or my personal key? (I think latter should be enough).
Whatever works better.
3. I expect to build them monthly like the ISOs, how many images do you want to keep? My current assumption is that 1 year of image backup of cloud-images (qcow2) only would cost us around 30-50GB.
No idea how many are needed. Why do we need more than 1-3?
No idea, 12 months was just a random number. If you would prefer just the latest image it's okay as well.
4. Do we want to mirror the images?
That's probably the most important question. If they should be mirrored, it might be a good idea to put them in the mirror directory tree alongside the ISOs. Then we'd also have to decide if expanding our mirror tree by 30-50gb is ok or not. Right now, the whole tree (excluding sources) is around 80gb.
If we only serve the latest image it would be just additional 500mb for the qcow2 image. (The vagrant box images not included.. not sure if we need to mirror them. I don't think so. They are already mirrored on the vagrant cloud with a big CDN behind it.)
Florian
Hi everybody, I just wanted to revive this thread and state the current requirements for Arch Linux qcow2 images. The qcow2 images are finally stable enough for the public, therefore I would like to make them available on the same location as the ISO + link to it via our website. The images will be signed by me locally and then uploaded. For this, I've created the following todo list: 1. Build qcow2 image + sign it 2. Get access to a web directory from the devops team 3. Upload it to the web directory 4. Patch the archlinux.org website to link to the image location The image is round about 1.5GB big in size. The only question that still hunts me is: Do we want to mirror this image or not? The image is expected to be updated once per month. So I don't see such a big impact on mirroring. My fear is that, if we don't mirror, we will maybe encounter higher load and traffic on the image serving server. Chris
participants (2)
-
Christian Rebischke
-
Florian Pritz