From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: Re: AWS + OpenStack support Date: Mon, 10 Apr 2017 21:16:08 -0700 Message-ID: <874lxvo9yv.fsf@gmail.com> References: <87lgr8hv48.fsf@ofosos.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50962) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cxnE1-0007fI-4F for guix-devel@gnu.org; Tue, 11 Apr 2017 00:16:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cxnDz-0000kq-KG for guix-devel@gnu.org; Tue, 11 Apr 2017 00:16:17 -0400 Received: from mail-pg0-x22e.google.com ([2607:f8b0:400e:c05::22e]:36702) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cxnDz-0000kV-Bs for guix-devel@gnu.org; Tue, 11 Apr 2017 00:16:15 -0400 Received: by mail-pg0-x22e.google.com with SMTP id g2so114505879pge.3 for ; Mon, 10 Apr 2017 21:16:13 -0700 (PDT) In-Reply-To: <87lgr8hv48.fsf@ofosos.org> (Mark Meyer's message of "Mon, 10 Apr 2017 22:21:11 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Mark Meyer Cc: guix-devel --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Mark Meyer writes: > Hi list, is anybody interested in having support for running guix on AWS > and/or OpenStack? I think it'd be awesome if this were easier to do! This topic has come up before: https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00757.html https://lists.gnu.org/archive/html/help-guix/2016-11/msg00075.html Long story short, instead of starting with a base image and modifying it (e.g., by injecting credentials at first boot via the EC2 metadata service), one appealing alternative is to use EC2's VM import feature to actually import precisely the system that you want to launch: https://aws.amazon.com/ec2/vm-import/ Customizations, such as SSH credentials, would be specified in a GuixSD operating system configuration file and built into the VM image, so neither the EC2 metadata service, nor hacks like the "cloud-init" script used by some distros, would enter into the picture at all. Some preliminary work in a similar spirit was already done in the branch 'wip-deploy', but I don't think it was EC2-specific in any way. Perhaps by looking there, you can find some inspiration? > Basically these `cloud' environments provide some form of instance > configuration. You're supposed to create an image of your OS and it'll > self configure upon (first) boot. This includes more than enabling > DHCP. Generally AWS will provide a so called metadata server. The > important thing serves are your public keys. You'll generally specify a > set of public keys on instance startup. At first I thought that doing what you suggest was a good idea, but now I think it'd be better to implement the plan I mentioned above. > So I'd like to extend Shepherd with a first-boot service that runs `guix > system reconfigure'. And as a second step I want to include a Guile > package that queries the metadata server. You should be able to do > something like > > (user "guix-sd" > (public-keys (metadata-get-keys))) I don't think a "first boot" service like this is a good idea. To learn more about why, please read the following conversation between myself (marusich) and Dave (davexunit) on IRC: https://gnunet.org/bot/log/guix/2016-11-30 > Is anybody interested in publicly accessible AMIs for AWS? An AMI is an > Amazon Machine Image. When you got an AMI for your system, you can spin > up an instance with minimal configuration. I think it would be better to spend your energy on creating a mechanism that allows an individual to build a GuixSD image from their own operating system configuration file, import that into EC2, and then launch an instance from it. If such a feature were available in GuixSD, you could do it once from a desktop/laptop with a slow internet connection to create a "control server" in the cloud (with a fast internet connection), and then you could run it from the control server as needed to quickly spin up whatever other instances you might need. > I would like to do the aforementioned steps during the next weekend, > which will be a four day weekend in my country, so there's some time to > kill. Even if you just figured out a way to construct a VM image of the kind that can be imported into EC2, I think it would be a great first step in the right direction! Thank you for taking the time to look into this! =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAljsWIgACgkQ3UCaFdgi Rp3w8xAAg9bf1C31xYlyAliMuFly229iuXjGBTot280skY1Ky8EmVfyNvidhVXP/ C/f//4nIRUAYQHzs1T1i3/30MxPPoDhbaXvkpp27LVRTsMao5lPmtbKJ1F4Ou2h4 EguaySXPDsUXVloIJIPIH/9GgLsuw8BMrpkgy1ITVsL8vk4DYfJnUX9E67TOF0zU pHKrdD/BQ5kHvdW+ui2hGzM/+uRkTm2z3SRVxwbKjqHNQpdgZztiHqAQQGI71x/y KVawBaz09VxSXmWo6wbGX20C9SWkifL+3vx1GcXfuPebJfrAkdqzCHoDgpJaqcKI SRAqkG/m5Nxr8rHYdnUWde9sxsGlHBXNw0g+fyEXW5sA3VtvU+m+gt3SYC99AJSN tNGxNQACuf7YCoVaGnjQM6qODYuEVYUcvKLGpBZ15s5ezD85iU4CvMZMoYBD3AAE 2ZbyNvQB08UGvitdW9RVdQwsyE2s2Ih7uJ9diNhQHEuN3Wi8A3TVLoKnkgSK3H/+ aQZhDbJTcHy9Ft+w033Kad+6zGV915NTexk2TXRpCG9KzK/3F4njLFGgYvUsSmx8 98o/xSEq6Y3p8T6Tekj88MXei5h6c36TGIcK+9HcnAsw+h9hypWw81bgRyala6RW OC+e24CrcoYIYWSf9pLr+t7OlB4kWL9G2bCbeoVjxlBNDSAaIzQ= =aqT4 -----END PGP SIGNATURE----- --=-=-=--