[arch-devops] cloud-images

Christian Rebischke Chris.Rebischke at archlinux.org
Sat Nov 9 20:07:26 UTC 2019


On Sat, Nov 09, 2019 at 08:53:48PM +0100, Florian Pritz wrote:
> On Sun, Nov 03, 2019 at 06:42:07PM +0100, Christian Rebischke via arch-devops <arch-devops at lists.archlinux.org> wrote:
> > 1. Can I have a web-directory, where only I have access to?
> 
> Depends on the specifics, but generally yes. I'm not quite sure why that
> is important though if the image is signed.

Hi Florian,

depends if I should always ask you to upload the image. I am asking for
upload access, because I plan to build the images locally.

Option 2 would be: We have automated builds for the images and either
sign them with a less trusted cloud image key or I download them and
sign them, and I just re-upload the signature for the image.

> > 2. Which key should I use to sign them? A new cloud-image signing key or
> > my personal key? (I think latter should be enough).
> 
> Whatever works better.
> 
> > 3. I expect to build them monthly like the ISOs, how many images do you
> > want to keep? My current assumption is that 1 year of image backup of
> > cloud-images (qcow2) only would cost us around 30-50GB.
> 
> No idea how many are needed. Why do we need more than 1-3?

No idea, 12 months was just a random number. If you would prefer just
the latest image it's okay as well.

> 
> > 4. Do we want to mirror the images?
> 
> That's probably the most important question. If they should be mirrored,
> it might be a good idea to put them in the mirror directory tree
> alongside the ISOs. Then we'd also have to decide if expanding our
> mirror tree by 30-50gb is ok or not. Right now, the whole tree
> (excluding sources) is around 80gb.

If we only serve the latest image it would be just additional 500mb for
the qcow2 image. (The vagrant box images not included.. not sure if we
need to mirror them. I don't think so. They are already mirrored on the
vagrant cloud with a big CDN behind it.)
> 
> Florian


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20191109/955c67cf/attachment.sig>


More information about the arch-devops mailing list