* GuixSD on commodity hosting platforms, hoster: IN-Berlin
@ 2017-02-09 18:36 ng0
2017-02-09 20:38 ` Jan Nieuwenhuizen
2017-02-13 21:47 ` Leo Famulari
0 siblings, 2 replies; 34+ messages in thread
From: ng0 @ 2017-02-09 18:36 UTC (permalink / raw)
To: guix-devel
Hi,
today I had a short message exchange with the hoster "IN-Berlin"[0], a
non-commercial group predating the widespread access of internet in
Germany.
It turns out that it could be as simple as providing them with the raw
disk image, so I will give it a try soon.
Is anyone interested in the documentation or success of this experiment?
I'm not involved with IN-Berlin and I don't want them to offer GuixSD
until it is "safe to use" on servers. The default is Debian for the
virtual server options.
0: http://in-berlin.de
--
ng0 -- https://www.inventati.org/patternsinthechaos/
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-09 18:36 GuixSD on commodity hosting platforms, hoster: IN-Berlin ng0
@ 2017-02-09 20:38 ` Jan Nieuwenhuizen
2017-02-10 15:35 ` Ludovic Courtès
2017-02-10 22:48 ` ng0
2017-02-13 21:47 ` Leo Famulari
1 sibling, 2 replies; 34+ messages in thread
From: Jan Nieuwenhuizen @ 2017-02-09 20:38 UTC (permalink / raw)
To: guix-devel
ng0 writes:
> It turns out that it could be as simple as providing them with the raw
> disk image, so I will give it a try soon.
Can you share the config.scm of that?
> Is anyone interested in the documentation or success of this experiment?
On the future of Guix-panel it was said (by Ludo'?) that getting GuixSD
on a mainstream hosting platform was very good to have.
I'm interested in how this goes and would like to try the gentle folks
of An Meaisín Dénártha (https://anmd.org) if that is useful.
Greetings,
--janneke
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.nl
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-09 20:38 ` Jan Nieuwenhuizen
@ 2017-02-10 15:35 ` Ludovic Courtès
2017-02-10 22:48 ` ng0
1 sibling, 0 replies; 34+ messages in thread
From: Ludovic Courtès @ 2017-02-10 15:35 UTC (permalink / raw)
To: Jan Nieuwenhuizen; +Cc: guix-devel
Hey!
Jan Nieuwenhuizen <janneke@gnu.org> skribis:
> On the future of Guix-panel it was said (by Ludo'?) that getting GuixSD
> on a mainstream hosting platform was very good to have.
I think that was Chris but I agree that it would be great.
Ludo’.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-09 20:38 ` Jan Nieuwenhuizen
2017-02-10 15:35 ` Ludovic Courtès
@ 2017-02-10 22:48 ` ng0
2017-02-10 22:59 ` ng0
2017-02-11 10:37 ` Jan Nieuwenhuizen
1 sibling, 2 replies; 34+ messages in thread
From: ng0 @ 2017-02-10 22:48 UTC (permalink / raw)
To: Jan Nieuwenhuizen; +Cc: guix-devel
On 17-02-09 21:38:27, Jan Nieuwenhuizen wrote:
> ng0 writes:
>
> > It turns out that it could be as simple as providing them with the raw
> > disk image, so I will give it a try soon.
>
> Can you share the config.scm of that?
What do you mean? I will just test generally if it works on their
infrastructure. Afterwards I will set up some services for myself to
have something to test the server side of things I build and package.
There will be no public config to share, only at some point afterwards
when I decide to share a stripped down config or set of configs.
In the long run it would be nice if IN-Berlin could offer GuixSD in
addition to Debian, but as we all know, there's a reason for the "beta"
and until it's marked as beta I won't get to this point of discussion.
Just a general check if it works. The way it works for the current
Debian setup, asking for GuixSD would be no problem. No problem with a
raw image, so for them it won't matter if there'll be an .iso later on.
I used IN-Berlin before, started when I offered OpenNIC resolvers and a
tor-relay, and more afterwards. For users based in Germany I can
recommend it. I say Germany, because I have no idea if their registry
system would work well for anyone not living in Germany, I don't even
know about Austria. In case anyone is interested, asking via email will
resolve questions.
>
> > Is anyone interested in the documentation or success of this experiment?
>
> On the future of Guix-panel it was said (by Ludo'?) that getting GuixSD
> on a mainstream hosting platform was very good to have.
>
> I'm interested in how this goes and would like to try the gentle folks
> of An Meaisín Dénártha (https://anmd.org) if that is useful.
>
> Greetings,
> --janneke
>
> --
> Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
> Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.nl
>
--
ng0 -- https://www.inventati.org/patternsinthechaos/
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-10 22:48 ` ng0
@ 2017-02-10 22:59 ` ng0
2017-02-11 10:37 ` Jan Nieuwenhuizen
1 sibling, 0 replies; 34+ messages in thread
From: ng0 @ 2017-02-10 22:59 UTC (permalink / raw)
To: Jan Nieuwenhuizen, guix-devel
On 17-02-10 22:48:34, ng0 wrote:
> On 17-02-09 21:38:27, Jan Nieuwenhuizen wrote:
> > ng0 writes:
> >
> > > It turns out that it could be as simple as providing them with the raw
> > > disk image, so I will give it a try soon.
> >
> > Can you share the config.scm of that?
>
> What do you mean? I will just test generally if it works on their
> infrastructure. Afterwards I will set up some services for myself to
> have something to test the server side of things I build and package.
> There will be no public config to share, only at some point afterwards
> when I decide to share a stripped down config or set of configs.
>
> In the long run it would be nice if IN-Berlin could offer GuixSD in
> addition to Debian, but as we all know, there's a reason for the "beta"
> and until it's marked as beta I won't get to this point of discussion.
> Just a general check if it works. The way it works for the current
> Debian setup, asking for GuixSD would be no problem. No problem with a
> raw image, so for them it won't matter if there'll be an .iso later on.
>
> I used IN-Berlin before, started when I offered OpenNIC resolvers and a
> tor-relay, and more afterwards. For users based in Germany I can
> recommend it. I say Germany, because I have no idea if their registry
> system would work well for anyone not living in Germany, I don't even
> know about Austria. In case anyone is interested, asking via email will
> resolve questions.
>
>
> >
> > > Is anyone interested in the documentation or success of this experiment?
> >
> > On the future of Guix-panel it was said (by Ludo'?) that getting GuixSD
> > on a mainstream hosting platform was very good to have.
Adding to the last reply: I think with mainstream platform something
like AWS and some other cloud server solutions were targeted. My idea is
just IN-Berlin, afterwards I'm done with the topic for myself for now,
I have no intention to push this any further.
> >
> > I'm interested in how this goes and would like to try the gentle folks
> > of An Meaisín Dénártha (https://anmd.org) if that is useful.
> >
> > Greetings,
> > --janneke
> >
> > --
> > Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
> > Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.nl
> >
>
> --
> ng0 -- https://www.inventati.org/patternsinthechaos/
>
--
ng0 -- https://www.inventati.org/patternsinthechaos/
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-10 22:48 ` ng0
2017-02-10 22:59 ` ng0
@ 2017-02-11 10:37 ` Jan Nieuwenhuizen
2017-02-11 13:35 ` ng0
1 sibling, 1 reply; 34+ messages in thread
From: Jan Nieuwenhuizen @ 2017-02-11 10:37 UTC (permalink / raw)
To: guix-devel
ng0 writes:
>> > It turns out that it could be as simple as providing them with the raw
>> > disk image, so I will give it a try soon.
>>
>> Can you share the config.scm of that?
>
> What do you mean?
I imagined you will be running something like
guix system disk-image in-berlin.scm
It is this `in-berlin.scm' file that I was referring to.
Also, I assumed that hosting providers have some of basic set of
requirements for the images that they take. I remember to have heard
there are several (ugh) cloud/stack standards that one could target.
That would mean that you will be spending some effort to get
`in-berlin.scm' just right, and I would like to make use of that instead
of figuring it all out again myself when I try another hosting provider.
Greetings, janneke
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.nl
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-11 10:37 ` Jan Nieuwenhuizen
@ 2017-02-11 13:35 ` ng0
0 siblings, 0 replies; 34+ messages in thread
From: ng0 @ 2017-02-11 13:35 UTC (permalink / raw)
To: Jan Nieuwenhuizen; +Cc: guix-devel
On 17-02-11 11:37:27, Jan Nieuwenhuizen wrote:
> ng0 writes:
>
> >> > It turns out that it could be as simple as providing them with the raw
> >> > disk image, so I will give it a try soon.
> >>
> >> Can you share the config.scm of that?
> >
> > What do you mean?
>
> I imagined you will be running something like
>
> guix system disk-image in-berlin.scm
>
> It is this `in-berlin.scm' file that I was referring to.
>
> Also, I assumed that hosting providers have some of basic set of
> requirements for the images that they take. I remember to have heard
> there are several (ugh) cloud/stack standards that one could target.
It's different with IN-Berlin:
AH>Wir installieren die VMs mit Debian Netboot + Preseed direkt in ein LV
AH>(RAW-Format).
AH>
AH>Du erhälst ja Konslolenzugriff auf eine VM und wir können dir zur Installation
AH>auch ein beliebiges ISO einbinden.
Their VMs are installed with Debian Netboot + Preseed directly in an LV
(RAW-Format). You get Consoleaccess to the VM (out of band, there's a
dedicated console server) and they can mount some ISO image for
installation if you wish.
> That would mean that you will be spending some effort to get
> `in-berlin.scm' just right, and I would like to make use of that instead
> of figuring it all out again myself when I try another hosting provider.
>
> Greetings, janneke
>
> --
> Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
> Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.nl
>
I think what I will do is request some outputs of lshw etc, or rent a
very minimal machine so I can adapt settings myself, but my hope is
GuixSD will just work* out of the box with only an added sshd and some
other minimal changes.
* work, as in ready to start installing more software.
--
ng0 -- https://www.inventati.org/patternsinthechaos/
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-09 18:36 GuixSD on commodity hosting platforms, hoster: IN-Berlin ng0
2017-02-09 20:38 ` Jan Nieuwenhuizen
@ 2017-02-13 21:47 ` Leo Famulari
2017-02-14 9:24 ` Ludovic Courtès
` (2 more replies)
1 sibling, 3 replies; 34+ messages in thread
From: Leo Famulari @ 2017-02-13 21:47 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1179 bytes --]
On Thu, Feb 09, 2017 at 06:36:09PM +0000, ng0 wrote:
> today I had a short message exchange with the hoster "IN-Berlin"[0], a
> non-commercial group predating the widespread access of internet in
> Germany.
>
> It turns out that it could be as simple as providing them with the raw
> disk image, so I will give it a try soon.
A few months ago I had a brief discussion with a representative of
<https://serveraptor.com> about offering GuixSD there.
They said that could accept a bootable ISO or qcow2 image.
So, we could give them the 0.12.0 GuixSD installer image, after
converting it to the qcow2 format.
I used the following command to convert the installer to qcow2:
$ xz -d guixsd-usb-install-0.12.0.x86_64-linux.xz \
&& qemu-img convert -O qcow2 guixsd-usb-install-0.12.0.x86_64-linux \
guixsd-usb-install-0.12.0.x86_64-linux.qcow2
The results are available at
<https://famulari.name/a2249a95c83f60bc75efe89b6fe4f01d/>.
I'd like for someone to try this conversion themself and verify that it
creates the same qcow2 file.
If it does, then we can ask Serveraptor to make it available for testing
on their platform.
What do you think?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-13 21:47 ` Leo Famulari
@ 2017-02-14 9:24 ` Ludovic Courtès
2017-02-14 10:10 ` ng0
2017-02-14 16:42 ` Leo Famulari
2017-02-16 15:34 ` Christopher Allan Webber
2017-03-13 0:32 ` Advice about GuixSD on Serveraptor? Leo Famulari
2 siblings, 2 replies; 34+ messages in thread
From: Ludovic Courtès @ 2017-02-14 9:24 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> skribis:
> On Thu, Feb 09, 2017 at 06:36:09PM +0000, ng0 wrote:
>> today I had a short message exchange with the hoster "IN-Berlin"[0], a
>> non-commercial group predating the widespread access of internet in
>> Germany.
>>
>> It turns out that it could be as simple as providing them with the raw
>> disk image, so I will give it a try soon.
>
> A few months ago I had a brief discussion with a representative of
> <https://serveraptor.com> about offering GuixSD there.
>
> They said that could accept a bootable ISO or qcow2 image.
>
> So, we could give them the 0.12.0 GuixSD installer image, after
> converting it to the qcow2 format.
>
> I used the following command to convert the installer to qcow2:
>
> $ xz -d guixsd-usb-install-0.12.0.x86_64-linux.xz \
> && qemu-img convert -O qcow2 guixsd-usb-install-0.12.0.x86_64-linux \
> guixsd-usb-install-0.12.0.x86_64-linux.qcow2
>
> The results are available at
> <https://famulari.name/a2249a95c83f60bc75efe89b6fe4f01d/>.
>
> I'd like for someone to try this conversion themself and verify that it
> creates the same qcow2 file.
The image itself is most likely not bit-reproducible, if that’s what you
mean (non-reproducible packages, uncontrolled file system layout, etc.)
> If it does, then we can ask Serveraptor to make it available for testing
> on their platform.
That would be great!
For these use cases, I wonder if it makes sense to provide the
installation image. Wouldn’t it be more convenient if we provided, say,
the “bare-bones” image or a variant thereof? That way, as a user, you
could directly use it as-is, or just run ‘reconfigure’ in it.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-14 9:24 ` Ludovic Courtès
@ 2017-02-14 10:10 ` ng0
2017-02-14 16:42 ` Leo Famulari
1 sibling, 0 replies; 34+ messages in thread
From: ng0 @ 2017-02-14 10:10 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
On 17-02-14 10:24:57, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
>
> > On Thu, Feb 09, 2017 at 06:36:09PM +0000, ng0 wrote:
> >> today I had a short message exchange with the hoster "IN-Berlin"[0], a
> >> non-commercial group predating the widespread access of internet in
> >> Germany.
> >>
> >> It turns out that it could be as simple as providing them with the raw
> >> disk image, so I will give it a try soon.
> >
> > A few months ago I had a brief discussion with a representative of
> > <https://serveraptor.com> about offering GuixSD there.
> >
> > They said that could accept a bootable ISO or qcow2 image.
> >
> > So, we could give them the 0.12.0 GuixSD installer image, after
> > converting it to the qcow2 format.
> >
> > I used the following command to convert the installer to qcow2:
> >
> > $ xz -d guixsd-usb-install-0.12.0.x86_64-linux.xz \
> > && qemu-img convert -O qcow2 guixsd-usb-install-0.12.0.x86_64-linux \
> > guixsd-usb-install-0.12.0.x86_64-linux.qcow2
> >
> > The results are available at
> > <https://famulari.name/a2249a95c83f60bc75efe89b6fe4f01d/>.
> >
> > I'd like for someone to try this conversion themself and verify that it
> > creates the same qcow2 file.
>
> The image itself is most likely not bit-reproducible, if that’s what you
> mean (non-reproducible packages, uncontrolled file system layout, etc.)
>
> > If it does, then we can ask Serveraptor to make it available for testing
> > on their platform.
>
> That would be great!
>
> For these use cases, I wonder if it makes sense to provide the
> installation image. Wouldn’t it be more convenient if we provided, say,
> the “bare-bones” image or a variant thereof? That way, as a user, you
> could directly use it as-is, or just run ‘reconfigure’ in it.
>
> Thanks,
> Ludo’.
>
I'd include an openssh aswell, but for IN-Berlin this is what I'll be
using in March, a variant of the barebones image.
I think in their special case even the installer would work, but with
the bare-bones there's already "something".
Maybe once it works I give "just the installer" a try on a second VM.
--
ng0 -- https://www.inventati.org/patternsinthechaos/
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-14 9:24 ` Ludovic Courtès
2017-02-14 10:10 ` ng0
@ 2017-02-14 16:42 ` Leo Famulari
1 sibling, 0 replies; 34+ messages in thread
From: Leo Famulari @ 2017-02-14 16:42 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1330 bytes --]
On Tue, Feb 14, 2017 at 10:24:57AM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> > I'd like for someone to try this conversion themself and verify that it
> > creates the same qcow2 file.
>
> The image itself is most likely not bit-reproducible, if that’s what you
> mean (non-reproducible packages, uncontrolled file system layout, etc.)
I meant that I'd like someone to try downloading the official 0.12.0
x86_64-linux installer image that Ricardo released and attempt the
image format conversion.
If they get the same result, then it removes me from the chain of people
that Serveraptor users have to trust. Instead, they'd trust Serveraptor
to offer them the same image that I'm providing from my site.
> > If it does, then we can ask Serveraptor to make it available for testing
> > on their platform.
>
> That would be great!
>
> For these use cases, I wonder if it makes sense to provide the
> installation image. Wouldn’t it be more convenient if we provided, say,
> the “bare-bones” image or a variant thereof? That way, as a user, you
> could directly use it as-is, or just run ‘reconfigure’ in it.
Okay, I'll wait a bit for someone to try to the conversion. At the same
time, I'll ask Serveraptor what makes more sense for their platform.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: GuixSD on commodity hosting platforms, hoster: IN-Berlin
2017-02-13 21:47 ` Leo Famulari
2017-02-14 9:24 ` Ludovic Courtès
@ 2017-02-16 15:34 ` Christopher Allan Webber
2017-03-13 0:32 ` Advice about GuixSD on Serveraptor? Leo Famulari
2 siblings, 0 replies; 34+ messages in thread
From: Christopher Allan Webber @ 2017-02-16 15:34 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari writes:
> I'd like for someone to try this conversion themself and verify that it
> creates the same qcow2 file.
>
> If it does, then we can ask Serveraptor to make it available for testing
> on their platform.
Leo and I worked on this off-list, and verified! I was able to make the
same thing.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Advice about GuixSD on Serveraptor?
2017-02-13 21:47 ` Leo Famulari
2017-02-14 9:24 ` Ludovic Courtès
2017-02-16 15:34 ` Christopher Allan Webber
@ 2017-03-13 0:32 ` Leo Famulari
2017-03-21 18:06 ` Leo Famulari
2 siblings, 1 reply; 34+ messages in thread
From: Leo Famulari @ 2017-03-13 0:32 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1700 bytes --]
On Mon, Feb 13, 2017 at 04:47:17PM -0500, Leo Famulari wrote:
> A few months ago I had a brief discussion with a representative of
> <https://serveraptor.com> about offering GuixSD there.
>
> They said that could accept a bootable ISO or qcow2 image.
>
> So, we could give them the 0.12.0 GuixSD installer image, after
> converting it to the qcow2 format.
>
> I used the following command to convert the installer to qcow2:
>
> $ xz -d guixsd-usb-install-0.12.0.x86_64-linux.xz \
> && qemu-img convert -O qcow2 guixsd-usb-install-0.12.0.x86_64-linux \
> guixsd-usb-install-0.12.0.x86_64-linux.qcow2
I'm not sure yet, but perhaps the installation image will be
inappropriate for the Serveraptor environment.
So far, I've been able to install and reconfigure GuixSD, but I can't
re-partition the system so that the installer image's disk space can be
reclaimed afterwards. The installer is mounted as /dev/vda1, and I
installed to /dev/vda2. I can do some re-partitioning while the system
is online, but I can't move the installed system's partition "to the
left".
I also tried expanding the installer's partition while the system is
running, so that I could use `resize2fs` and then reconfigure directly
from the installer, before I realized that the installer's root
filesystem is a unionfs, which complicates things...
I had wanted to use the GuixSD installer because the image format
conversion is reproducible. So, nobody would have to trust me to provide
the right thing.
Of course, it would be a lot simpler if we made a barebones system with
`guix system vm-image`.
If we can't use the installer, how should we create and provide another
image?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-13 0:32 ` Advice about GuixSD on Serveraptor? Leo Famulari
@ 2017-03-21 18:06 ` Leo Famulari
2017-03-21 20:22 ` Christopher Allan Webber
0 siblings, 1 reply; 34+ messages in thread
From: Leo Famulari @ 2017-03-21 18:06 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 614 bytes --]
On Sun, Mar 12, 2017 at 08:32:52PM -0400, Leo Famulari wrote:
> I had wanted to use the GuixSD installer because the image format
> conversion is reproducible. So, nobody would have to trust me to provide
> the right thing.
>
> Of course, it would be a lot simpler if we made a barebones system with
> `guix system vm-image`.
>
> If we can't use the installer, how should we create and provide another
> image?
Any advice or guidance?
I can easily create an image to use for this, but I don't want to do it
if others think I am going beyond the level of trust placed in me by the
Guix project.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-21 18:06 ` Leo Famulari
@ 2017-03-21 20:22 ` Christopher Allan Webber
2017-03-21 20:46 ` Leo Famulari
0 siblings, 1 reply; 34+ messages in thread
From: Christopher Allan Webber @ 2017-03-21 20:22 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari writes:
> On Sun, Mar 12, 2017 at 08:32:52PM -0400, Leo Famulari wrote:
>> I had wanted to use the GuixSD installer because the image format
>> conversion is reproducible. So, nobody would have to trust me to provide
>> the right thing.
>>
>> Of course, it would be a lot simpler if we made a barebones system with
>> `guix system vm-image`.
>>
>> If we can't use the installer, how should we create and provide another
>> image?
>
> Any advice or guidance?
>
> I can easily create an image to use for this, but I don't want to do it
> if others think I am going beyond the level of trust placed in me by the
> Guix project.
So, if you provided the source scheme to generate the image, and signed
the image, people would both have the option to generate the image
themselves, or download your signed binary image if they trust you?
Honestly, at this point the most important thing is to get things to the
point where we have *a* documented process to install GuixSD on these
servers; once we have that, and assuming we also have documentation /
tooling where people could reproduce the whole process (even if they
used the image you provided, as long as they could reproduce that step
too) I think we're in a much better state than we are... and we could
refine further from there.
My opinion, anyway!
- Chris
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-21 20:22 ` Christopher Allan Webber
@ 2017-03-21 20:46 ` Leo Famulari
2017-03-21 20:53 ` Leo Famulari
2017-03-21 21:06 ` ng0
0 siblings, 2 replies; 34+ messages in thread
From: Leo Famulari @ 2017-03-21 20:46 UTC (permalink / raw)
To: Christopher Allan Webber; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 2082 bytes --]
On Tue, Mar 21, 2017 at 03:22:43PM -0500, Christopher Allan Webber wrote:
> Leo Famulari writes:
> > I can easily create an image to use for this, but I don't want to do it
> > if others think I am going beyond the level of trust placed in me by the
> > Guix project.
>
> So, if you provided the source scheme to generate the image, and signed
> the image, people would both have the option to generate the image
> themselves, or download your signed binary image if they trust you?
Not exactly...
Serveraptor offers users a set of images to choose from, but they don't
have a method by which users can upload their own images. You'd have to
make a special arrangement for that.
So what I'm doing here is trying to provide Serveraptor with a GuixSD
image that they'd offer to users.
People could regenerate the image themselves, but it would be difficult
to verify that it matches what is offered by Serveraptor.
There are VPS providers that provide an image upload system but, as far
as I know, none of them accept raw QEMU images. They all want
ISO-formatted images.
> Honestly, at this point the most important thing is to get things to the
> point where we have *a* documented process to install GuixSD on these
> servers; once we have that, and assuming we also have documentation /
> tooling where people could reproduce the whole process (even if they
> used the image you provided, as long as they could reproduce that step
> too) I think we're in a much better state than we are... and we could
> refine further from there.
My idea is to create a bare-bones GuixSD image using `guix system
vm-image` and provide that to Serveraptor. Users would boot directly
into the system and reconfigure it to fit their needs.
If by "install GuixSD" you mean "boot the GuixSD USB install and
initialize the system", that does work, but it's not very satisfying
because Serveraptor's management interface does not expose the
virtualized storage devices, so it's difficult (impossible?) to reclaim
the partition used by the installer.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-21 20:46 ` Leo Famulari
@ 2017-03-21 20:53 ` Leo Famulari
2017-03-22 7:36 ` Thomas Danckaert
2017-03-22 12:04 ` Ricardo Wurmus
2017-03-21 21:06 ` ng0
1 sibling, 2 replies; 34+ messages in thread
From: Leo Famulari @ 2017-03-21 20:53 UTC (permalink / raw)
To: Christopher Allan Webber; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 478 bytes --]
On Tue, Mar 21, 2017 at 04:46:20PM -0400, Leo Famulari wrote:
> So what I'm doing here is trying to provide Serveraptor with a GuixSD
> image that they'd offer to users.
>
> People could regenerate the image themselves, but it would be difficult
> to verify that it matches what is offered by Serveraptor.
And to clarify my previous question: Should this QEMU image be created
by me, or should it be created by a Guix maintainer as part of the Guix
release process?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-21 20:46 ` Leo Famulari
2017-03-21 20:53 ` Leo Famulari
@ 2017-03-21 21:06 ` ng0
2017-03-22 17:15 ` Leo Famulari
1 sibling, 1 reply; 34+ messages in thread
From: ng0 @ 2017-03-21 21:06 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari transcribed 3.0K bytes:
> On Tue, Mar 21, 2017 at 03:22:43PM -0500, Christopher Allan Webber wrote:
> > Leo Famulari writes:
> > > I can easily create an image to use for this, but I don't want to do it
> > > if others think I am going beyond the level of trust placed in me by the
> > > Guix project.
> >
> > So, if you provided the source scheme to generate the image, and signed
> > the image, people would both have the option to generate the image
> > themselves, or download your signed binary image if they trust you?
>
> Not exactly...
>
> Serveraptor offers users a set of images to choose from, but they don't
> have a method by which users can upload their own images. You'd have to
> make a special arrangement for that.
>
> So what I'm doing here is trying to provide Serveraptor with a GuixSD
> image that they'd offer to users.
>
> People could regenerate the image themselves, but it would be difficult
> to verify that it matches what is offered by Serveraptor.
>
> There are VPS providers that provide an image upload system but, as far
> as I know, none of them accept raw QEMU images. They all want
> ISO-formatted images.
IN-Berlin wants a raw image (they have read our documentation).
The way their system works is that you sent
them your ssh pubkey, they initialize a basic Debian system depending on
the size you chose, and you can login once you get the hostname etc.
They have an out-of-band consoleserver where the ssh key is placed
aswell for the machine.
I don't work with this non-profit organization, but having a way to
define ssh pubkeys in the system config would be super useful for this.
Right now I'm about to create my own system and just sent it to them as
soon as I feel up to it.
If they could simply create the system in their infrastructure, that
would be an incredible speedup and reproducible.
I don't know much about the out of band consoleserver, I have to ask
if that's somehow relevant or if it simply needs some initrd settings to
expose it to the server.
> > Honestly, at this point the most important thing is to get things to the
> > point where we have *a* documented process to install GuixSD on these
> > servers; once we have that, and assuming we also have documentation /
> > tooling where people could reproduce the whole process (even if they
> > used the image you provided, as long as they could reproduce that step
> > too) I think we're in a much better state than we are... and we could
> > refine further from there.
>
> My idea is to create a bare-bones GuixSD image using `guix system
> vm-image` and provide that to Serveraptor. Users would boot directly
> into the system and reconfigure it to fit their needs.
>
> If by "install GuixSD" you mean "boot the GuixSD USB install and
> initialize the system", that does work, but it's not very satisfying
> because Serveraptor's management interface does not expose the
> virtualized storage devices, so it's difficult (impossible?) to reclaim
> the partition used by the installer.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-21 20:53 ` Leo Famulari
@ 2017-03-22 7:36 ` Thomas Danckaert
2017-03-22 17:17 ` Leo Famulari
2017-03-22 12:04 ` Ricardo Wurmus
1 sibling, 1 reply; 34+ messages in thread
From: Thomas Danckaert @ 2017-03-22 7:36 UTC (permalink / raw)
To: leo; +Cc: guix-devel
From: Leo Famulari <leo@famulari.name>
Subject: Re: Advice about GuixSD on Serveraptor?
Date: Tue, 21 Mar 2017 16:53:35 -0400
> On Tue, Mar 21, 2017 at 04:46:20PM -0400, Leo Famulari wrote:
>> So what I'm doing here is trying to provide Serveraptor with a
>> GuixSD
>> image that they'd offer to users.
>>
>> People could regenerate the image themselves, but it would be
>> difficult
>> to verify that it matches what is offered by Serveraptor.
>
> And to clarify my previous question: Should this QEMU image be
> created
> by me, or should it be created by a Guix maintainer as part of the
> Guix
> release process?
Hi,
to add my 2 cents: I think it would be fine if you provided the
image, if you are confident that it works.
When GuixSD becomes widely available on various hosting providers,
the Guix maintainers cannot provide all those images (or guarantee
their correctness) anyway (I imagine that typically an employee of
such a service would create the image?). Even now, when you provide
an image to Serveraptor, you have no way to verify if Serveraptor
provides the same image to their users (I think?).
Once Serveraptor provides the image you created (or any other GuixSD
image) to its users, the responsibility lies with them.
Serveraptor's users will have to trust Serveraptor (and, if they use
your image, Serveraptor has to trust you, but it sounds like they
already do :-) ).
Thomas
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-21 20:53 ` Leo Famulari
2017-03-22 7:36 ` Thomas Danckaert
@ 2017-03-22 12:04 ` Ricardo Wurmus
2017-03-22 17:20 ` Leo Famulari
1 sibling, 1 reply; 34+ messages in thread
From: Ricardo Wurmus @ 2017-03-22 12:04 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> writes:
> On Tue, Mar 21, 2017 at 04:46:20PM -0400, Leo Famulari wrote:
>> So what I'm doing here is trying to provide Serveraptor with a GuixSD
>> image that they'd offer to users.
>>
>> People could regenerate the image themselves, but it would be difficult
>> to verify that it matches what is offered by Serveraptor.
>
> And to clarify my previous question: Should this QEMU image be created
> by me, or should it be created by a Guix maintainer as part of the Guix
> release process?
I’m not sure. I guess it would be better for users if it was signed by
a maintainer key, but on the other hand I don’t know if we can commit to
publishing QEMU images with every release.
Could we build an image with Hydra instead and just provide the latest
build to Serveraptor? How would updates to the image be handled? Do
they offer some sort of API to upload new images or is this a process
that depends on humans making decisions?
--
Ricardo
GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
https://elephly.net
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-21 21:06 ` ng0
@ 2017-03-22 17:15 ` Leo Famulari
2017-03-22 19:20 ` ng0
0 siblings, 1 reply; 34+ messages in thread
From: Leo Famulari @ 2017-03-22 17:15 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1021 bytes --]
On Tue, Mar 21, 2017 at 09:06:09PM +0000, ng0 wrote:
> IN-Berlin wants a raw image (they have read our documentation).
> The way their system works is that you sent
> them your ssh pubkey, they initialize a basic Debian system depending on
> the size you chose, and you can login once you get the hostname etc.
> They have an out-of-band consoleserver where the ssh key is placed
> aswell for the machine.
> I don't work with this non-profit organization, but having a way to
> define ssh pubkeys in the system config would be super useful for this.
> Right now I'm about to create my own system and just sent it to them as
> soon as I feel up to it.
> If they could simply create the system in their infrastructure, that
> would be an incredible speedup and reproducible.
> I don't know much about the out of band consoleserver, I have to ask
> if that's somehow relevant or if it simply needs some initrd settings to
> expose it to the server.
Interesting! I'll probably take a look at this when I got some free
time.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-22 7:36 ` Thomas Danckaert
@ 2017-03-22 17:17 ` Leo Famulari
0 siblings, 0 replies; 34+ messages in thread
From: Leo Famulari @ 2017-03-22 17:17 UTC (permalink / raw)
To: Thomas Danckaert; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 413 bytes --]
On Wed, Mar 22, 2017 at 08:36:19AM +0100, Thomas Danckaert wrote:
[...]
> the image?). Even now, when you provide an image to Serveraptor, you have
> no way to verify if Serveraptor provides the same image to their users (I
> think?).
The "best" idea I had was to use a tool like mtree to hash every file on
the filesystem, and then compare it to the booted system. "Best" because
I think it's impractical :)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-22 12:04 ` Ricardo Wurmus
@ 2017-03-22 17:20 ` Leo Famulari
2017-03-22 17:23 ` Leo Famulari
0 siblings, 1 reply; 34+ messages in thread
From: Leo Famulari @ 2017-03-22 17:20 UTC (permalink / raw)
To: Ricardo Wurmus; +Cc: guix-devel
On Wed, Mar 22, 2017 at 01:04:46PM +0100, Ricardo Wurmus wrote:
> Leo Famulari <leo@famulari.name> writes:
> > And to clarify my previous question: Should this QEMU image be created
> > by me, or should it be created by a Guix maintainer as part of the Guix
> > release process?
>
> I’m not sure. I guess it would be better for users if it was signed by
> a maintainer key, but on the other hand I don’t know if we can commit to
> publishing QEMU images with every release.
Okay.
> Could we build an image with Hydra instead and just provide the latest
> build to Serveraptor? How would updates to the image be handled? Do
> they offer some sort of API to upload new images or is this a process
> that depends on humans making decisions?
It's not a bad idea to build it on Hydra. Hydra already builds a
usb-image / disk-image job [0], so we could add a qemu-image job, too.
I think that updates to the image would have to be handled manually. One
of us could send them a link to the new image and they'd make it
available to their users.
My expectation is that Serveraptor would offer our latest release, and
users would be expected to update their systems, as on bare-metal.
[0]
https://hydra.gnu.org/job/gnu/core-updates/usb-image.x86_64-linux
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-22 17:20 ` Leo Famulari
@ 2017-03-22 17:23 ` Leo Famulari
2017-03-24 9:36 ` Ludovic Courtès
0 siblings, 1 reply; 34+ messages in thread
From: Leo Famulari @ 2017-03-22 17:23 UTC (permalink / raw)
To: Ricardo Wurmus; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 433 bytes --]
On Wed, Mar 22, 2017 at 01:20:53PM -0400, Leo Famulari wrote:
> It's not a bad idea to build it on Hydra. Hydra already builds a
> usb-image / disk-image job [0], so we could add a qemu-image job, too.
Actually, we used to build a qemu-image on Hydra, but we removed because
it was troublesome and unused.
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=a3a27745013f3e5a287de3bf0187b2f72beb6965
Maybe we should try again :)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-22 17:15 ` Leo Famulari
@ 2017-03-22 19:20 ` ng0
2017-03-22 21:01 ` ng0
0 siblings, 1 reply; 34+ messages in thread
From: ng0 @ 2017-03-22 19:20 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari transcribed 2.0K bytes:
> On Tue, Mar 21, 2017 at 09:06:09PM +0000, ng0 wrote:
> > IN-Berlin wants a raw image (they have read our documentation).
> > The way their system works is that you sent
> > them your ssh pubkey, they initialize a basic Debian system depending on
> > the size you chose, and you can login once you get the hostname etc.
> > They have an out-of-band consoleserver where the ssh key is placed
> > aswell for the machine.
> > I don't work with this non-profit organization, but having a way to
> > define ssh pubkeys in the system config would be super useful for this.
> > Right now I'm about to create my own system and just sent it to them as
> > soon as I feel up to it.
> > If they could simply create the system in their infrastructure, that
> > would be an incredible speedup and reproducible.
> > I don't know much about the out of band consoleserver, I have to ask
> > if that's somehow relevant or if it simply needs some initrd settings to
> > expose it to the server.
>
> Interesting! I'll probably take a look at this when I got some free
> time.
I'll write an email to IN-Berlin asking about the consoleserver this
week.
If it's nothing special, we could provide this bare image, and people
could download it as the GuixSD with ssh + whatever is needed for it to
work out in server context as a start.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-22 19:20 ` ng0
@ 2017-03-22 21:01 ` ng0
2017-03-24 4:35 ` Chris Marusich
0 siblings, 1 reply; 34+ messages in thread
From: ng0 @ 2017-03-22 21:01 UTC (permalink / raw)
To: Leo Famulari, guix-devel
ng0 transcribed 1.3K bytes:
> Leo Famulari transcribed 2.0K bytes:
> > On Tue, Mar 21, 2017 at 09:06:09PM +0000, ng0 wrote:
> > > IN-Berlin wants a raw image (they have read our documentation).
> > > The way their system works is that you sent
> > > them your ssh pubkey, they initialize a basic Debian system depending on
> > > the size you chose, and you can login once you get the hostname etc.
> > > They have an out-of-band consoleserver where the ssh key is placed
> > > aswell for the machine.
> > > I don't work with this non-profit organization, but having a way to
> > > define ssh pubkeys in the system config would be super useful for this.
> > > Right now I'm about to create my own system and just sent it to them as
> > > soon as I feel up to it.
> > > If they could simply create the system in their infrastructure, that
> > > would be an incredible speedup and reproducible.
> > > I don't know much about the out of band consoleserver, I have to ask
> > > if that's somehow relevant or if it simply needs some initrd settings to
> > > expose it to the server.
> >
> > Interesting! I'll probably take a look at this when I got some free
> > time.
>
> I'll write an email to IN-Berlin asking about the consoleserver this
> week.
> If it's nothing special, we could provide this bare image, and people
> could download it as the GuixSD with ssh + whatever is needed for it to
> work out in server context as a start.
>
I just realized the last sentence is not good.
Correction:
If IN-Berlin uses (or needs) nothing special for the consoleserver to
make use of the virtual servers within IN-Berlin infrastructure, I think
it would be best if we (as Guix) could provide an extended bare image
for servers which would include ssh-daemon on default port with password
login enabled, where the password is not empty. That's a workaround I
can imagine to be generic enough for all use cases.
For the one of IN-Berlin and maybe similar hosters who use ssh pubkeys,
it would be great to document for them how to recreate this image in
easy steps and insert the clients ssh pubkey for the root account (or an
named user) on the system.
What do you think about this?
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-22 21:01 ` ng0
@ 2017-03-24 4:35 ` Chris Marusich
2017-03-24 16:34 ` ng0
0 siblings, 1 reply; 34+ messages in thread
From: Chris Marusich @ 2017-03-24 4:35 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1458 bytes --]
ng0 <contact.ng0@cryptolab.net> writes:
> If IN-Berlin uses (or needs) nothing special for the consoleserver to
> make use of the virtual servers within IN-Berlin infrastructure, I think
> it would be best if we (as Guix) could provide an extended bare image
> for servers which would include ssh-daemon on default port with password
> login enabled, where the password is not empty. That's a workaround I
> can imagine to be generic enough for all use cases.
> For the one of IN-Berlin and maybe similar hosters who use ssh pubkeys,
> it would be great to document for them how to recreate this image in
> easy steps and insert the clients ssh pubkey for the root account (or an
> named user) on the system.
>
> What do you think about this?
Instead of providing a pre-built image of a specific system with
pre-built credentials, wouldn't it be better to add a feature that, in
the spirit of a command like 'guix disk-image', builds an entire system
that can then be imported as-is into IN-Berlin?
In general, such a feature would be useful. One can imagine leveraging
a feature like this to import custom GuixSD systems into various hosting
services - Amazon EC2, Rackspace, wherever. Instead of starting with a
pre-built image that might be hard to reproduce or verify, and then
mutating that system to suit your needs, you could just import the exact
system that you want to deploy. Wouldn't that be better?
--
Chris
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-22 17:23 ` Leo Famulari
@ 2017-03-24 9:36 ` Ludovic Courtès
2017-03-24 15:26 ` Leo Famulari
0 siblings, 1 reply; 34+ messages in thread
From: Ludovic Courtès @ 2017-03-24 9:36 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Hi!
Leo Famulari <leo@famulari.name> skribis:
> On Wed, Mar 22, 2017 at 01:20:53PM -0400, Leo Famulari wrote:
>> It's not a bad idea to build it on Hydra. Hydra already builds a
>> usb-image / disk-image job [0], so we could add a qemu-image job, too.
>
> Actually, we used to build a qemu-image on Hydra, but we removed because
> it was troublesome and unused.
>
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=a3a27745013f3e5a287de3bf0187b2f72beb6965
>
> Maybe we should try again :)
Yup, we could reinstate it if needed. That said, we wouldn’t too many
downloads from hydra.gnu.org…
Ludo’.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-24 9:36 ` Ludovic Courtès
@ 2017-03-24 15:26 ` Leo Famulari
2017-03-26 10:20 ` Ludovic Courtès
0 siblings, 1 reply; 34+ messages in thread
From: Leo Famulari @ 2017-03-24 15:26 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
On Fri, Mar 24, 2017 at 10:36:08AM +0100, Ludovic Courtès wrote:
> Hi!
>
> Leo Famulari <leo@famulari.name> skribis:
>
> > On Wed, Mar 22, 2017 at 01:20:53PM -0400, Leo Famulari wrote:
> >> It's not a bad idea to build it on Hydra. Hydra already builds a
> >> usb-image / disk-image job [0], so we could add a qemu-image job, too.
> >
> > Actually, we used to build a qemu-image on Hydra, but we removed because
> > it was troublesome and unused.
> >
> > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=a3a27745013f3e5a287de3bf0187b2f72beb6965
> >
> > Maybe we should try again :)
>
> Yup, we could reinstate it if needed. That said, we wouldn’t too many
> downloads from hydra.gnu.org…
If we took that route, I'd point the Serveraptor admin to the Hydra link
and ask them to download it once themselves, rather than having each
client download it.
But, making a qemu-image at each evaluation is not so good for
general distribution, because we won't have tested it as thoroughly as
the release image. We'd want the qemu-image to build only if all the
system tests passed.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-24 4:35 ` Chris Marusich
@ 2017-03-24 16:34 ` ng0
2017-03-25 9:01 ` Chris Marusich
0 siblings, 1 reply; 34+ messages in thread
From: ng0 @ 2017-03-24 16:34 UTC (permalink / raw)
To: Chris Marusich; +Cc: guix-devel
Chris Marusich transcribed 2.4K bytes:
> ng0 <contact.ng0@cryptolab.net> writes:
>
> > If IN-Berlin uses (or needs) nothing special for the consoleserver to
> > make use of the virtual servers within IN-Berlin infrastructure, I think
> > it would be best if we (as Guix) could provide an extended bare image
> > for servers which would include ssh-daemon on default port with password
> > login enabled, where the password is not empty. That's a workaround I
> > can imagine to be generic enough for all use cases.
> > For the one of IN-Berlin and maybe similar hosters who use ssh pubkeys,
> > it would be great to document for them how to recreate this image in
> > easy steps and insert the clients ssh pubkey for the root account (or an
> > named user) on the system.
> >
> > What do you think about this?
>
> Instead of providing a pre-built image of a specific system with
> pre-built credentials, wouldn't it be better to add a feature that, in
> the spirit of a command like 'guix disk-image', builds an entire system
> that can then be imported as-is into IN-Berlin?
>
> In general, such a feature would be useful. One can imagine leveraging
> a feature like this to import custom GuixSD systems into various hosting
> services - Amazon EC2, Rackspace, wherever. Instead of starting with a
> pre-built image that might be hard to reproduce or verify, and then
> mutating that system to suit your needs, you could just import the exact
> system that you want to deploy. Wouldn't that be better?
>
> --
> Chris
Their system works in the way that you provide the key and they give you
access via ssh to the new server. My suggestion was a work-around.
Beyond that, can you please explain what exactly you mean? I don't want
to read between the lines as there are multiple ways I could interpret
this message.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-24 16:34 ` ng0
@ 2017-03-25 9:01 ` Chris Marusich
2017-03-26 10:26 ` Ludovic Courtès
2017-03-26 11:54 ` ng0
0 siblings, 2 replies; 34+ messages in thread
From: Chris Marusich @ 2017-03-25 9:01 UTC (permalink / raw)
To: Leo Famulari, ng0; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 5098 bytes --]
ng0 <contact.ng0@cryptolab.net> writes:
> Chris Marusich transcribed 2.4K bytes:
>> ng0 <contact.ng0@cryptolab.net> writes:
>>
>> > If IN-Berlin uses (or needs) nothing special for the consoleserver to
>> > make use of the virtual servers within IN-Berlin infrastructure, I think
>> > it would be best if we (as Guix) could provide an extended bare image
>> > for servers which would include ssh-daemon on default port with password
>> > login enabled, where the password is not empty. That's a workaround I
>> > can imagine to be generic enough for all use cases.
>> > For the one of IN-Berlin and maybe similar hosters who use ssh pubkeys,
>> > it would be great to document for them how to recreate this image in
>> > easy steps and insert the clients ssh pubkey for the root account (or an
>> > named user) on the system.
>> >
>> > What do you think about this?
>>
>> Instead of providing a pre-built image of a specific system with
>> pre-built credentials, wouldn't it be better to add a feature that, in
>> the spirit of a command like 'guix disk-image', builds an entire system
>> that can then be imported as-is into IN-Berlin?
>>
>> In general, such a feature would be useful. One can imagine leveraging
>> a feature like this to import custom GuixSD systems into various hosting
>> services - Amazon EC2, Rackspace, wherever. Instead of starting with a
>> pre-built image that might be hard to reproduce or verify, and then
>> mutating that system to suit your needs, you could just import the exact
>> system that you want to deploy. Wouldn't that be better?
>>
>> --
>> Chris
>
> Their system works in the way that you provide the key and they give you
> access via ssh to the new server. My suggestion was a work-around.
I think your proposed solution is a good one. It sounds like that's a
good way to get a GuixSD server running on IN-Berlin at this time.
> Beyond that, can you please explain what exactly you mean? I don't want
> to read between the lines as there are multiple ways I could interpret
> this message.
Sure, let me see if I can clarify what I was thinking.
For example, the Amazon EC2 service provides web APIs that one can call
to import an existing VM image into the service. One can then launch
EC2 instances (virtual machines) from that image. I'm sure that some
other services have similar APIs. With Guix, we can declaratively
configure the entire operating system (including the pre-installation of
SSH credentials to enable remote access) and build an image (or a VM) of
that system. In theory, it should be possible to create a tool (e.g.,
"guix deploy") which not only creates the precise system image you want
from an operating system configuration file, but also imports it into a
hosting service, like Amazon EC2, and provisions a virtual (or physical)
machine from that image.
The same principle could apply even for providers that don't currently
support programmatic importation of system images (like IN-Berlin,
maybe?). For example, if a company offers to accept a bootable disk
image and provide you with a physical server that runs that image, you
could also "import" a system into that service by building the image and
then providing it (manually) to them. If instead of a disk image they
require a bootable ISO-9669 file system image (i.e., a bootable CD-ROM
image) or a special VM format like OVF, then that's just an
implementation detail. In theory it's still possible to "import" an
entire system by building an entire system in the format that they need,
and then (manually) providing it to them.
Based on your description, it sounds like IN-Berlin's process requires
manual touch points, so I think it's a fine solution to provide
IN-Berlin with your public SSH key (or a temporary password) along with
instructions for how to build the GuixSD system you want, wait for them
to provision the server, and then log in remotely to further customize
the system. However, I think it would be really cool if you could just
specify the final, customized system (SSH keys and all) in an operating
system configuration file and then invoke a tool like "guix
deploy-to-ec2 my-system-config.scm" to build the system described by
my-system-config.scm, import it into EC2 (or some other service or
provider), and run it on there. It would be really cool because your
system wouldn't start in a possibly stale or difficult-to-reproduce base
system, and you wouldn't need to perform additional customization after
the system starts up. All customizations (to the extent that they are
managed by Guix - things like the contents of user home directories and
the state contained in databases running on the system are not managed
by Guix) would be declared in the operating system configuration file.
Currently, I don't think Guix has the features necessary to support this
kind of programmatic importation of GuixSD systems into service
providers like Amazon EC2. But the potential is there, and it's good to
think big.
--
Chris
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-24 15:26 ` Leo Famulari
@ 2017-03-26 10:20 ` Ludovic Courtès
0 siblings, 0 replies; 34+ messages in thread
From: Ludovic Courtès @ 2017-03-26 10:20 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> skribis:
> On Fri, Mar 24, 2017 at 10:36:08AM +0100, Ludovic Courtès wrote:
>> Hi!
>>
>> Leo Famulari <leo@famulari.name> skribis:
>>
>> > On Wed, Mar 22, 2017 at 01:20:53PM -0400, Leo Famulari wrote:
>> >> It's not a bad idea to build it on Hydra. Hydra already builds a
>> >> usb-image / disk-image job [0], so we could add a qemu-image job, too.
>> >
>> > Actually, we used to build a qemu-image on Hydra, but we removed because
>> > it was troublesome and unused.
>> >
>> > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=a3a27745013f3e5a287de3bf0187b2f72beb6965
>> >
>> > Maybe we should try again :)
>>
>> Yup, we could reinstate it if needed. That said, we wouldn’t too many
>> downloads from hydra.gnu.org…
>
> If we took that route, I'd point the Serveraptor admin to the Hydra link
> and ask them to download it once themselves, rather than having each
> client download it.
>
> But, making a qemu-image at each evaluation is not so good for
> general distribution, because we won't have tested it as thoroughly as
> the release image. We'd want the qemu-image to build only if all the
> system tests passed.
Yeah I think recent Hydra can present a release page if and only if some
other derivations also succeeded with the same commit.
Anyway, let us know what you think is the right approach for now!
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-25 9:01 ` Chris Marusich
@ 2017-03-26 10:26 ` Ludovic Courtès
2017-03-26 11:54 ` ng0
1 sibling, 0 replies; 34+ messages in thread
From: Ludovic Courtès @ 2017-03-26 10:26 UTC (permalink / raw)
To: Chris Marusich; +Cc: guix-devel
Hi!
Chris Marusich <cmmarusich@gmail.com> skribis:
> For example, the Amazon EC2 service provides web APIs that one can call
> to import an existing VM image into the service. One can then launch
> EC2 instances (virtual machines) from that image. I'm sure that some
> other services have similar APIs. With Guix, we can declaratively
> configure the entire operating system (including the pre-installation of
> SSH credentials to enable remote access) and build an image (or a VM) of
> that system. In theory, it should be possible to create a tool (e.g.,
> "guix deploy") which not only creates the precise system image you want
> from an operating system configuration file, but also imports it into a
> hosting service, like Amazon EC2, and provisions a virtual (or physical)
> machine from that image.
Yes, I think that’s one of the targets David had in mind for ‘guix
deploy’.
[...]
> Currently, I don't think Guix has the features necessary to support this
> kind of programmatic importation of GuixSD systems into service
> providers like Amazon EC2. But the potential is there, and it's good to
> think big.
Right, ‘guix deploy’ doesn’t exist yet. That said, the branch is there
<https://git.savannah.gnu.org/cgit/guix.git/log/?h=wip-deploy> with
interfaces meant to support deployment to physical machines over SSH,
VMs, containers, etc., though the only backend available is VMs at this
point.
I think it’s about time to revive this branch!
Ludo’.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Advice about GuixSD on Serveraptor?
2017-03-25 9:01 ` Chris Marusich
2017-03-26 10:26 ` Ludovic Courtès
@ 2017-03-26 11:54 ` ng0
1 sibling, 0 replies; 34+ messages in thread
From: ng0 @ 2017-03-26 11:54 UTC (permalink / raw)
To: Chris Marusich; +Cc: guix-devel
Chris Marusich transcribed 5.9K bytes:
> ng0 <contact.ng0@cryptolab.net> writes:
>
> > Chris Marusich transcribed 2.4K bytes:
> >> ng0 <contact.ng0@cryptolab.net> writes:
> >>
> >> > If IN-Berlin uses (or needs) nothing special for the consoleserver to
> >> > make use of the virtual servers within IN-Berlin infrastructure, I think
> >> > it would be best if we (as Guix) could provide an extended bare image
> >> > for servers which would include ssh-daemon on default port with password
> >> > login enabled, where the password is not empty. That's a workaround I
> >> > can imagine to be generic enough for all use cases.
> >> > For the one of IN-Berlin and maybe similar hosters who use ssh pubkeys,
> >> > it would be great to document for them how to recreate this image in
> >> > easy steps and insert the clients ssh pubkey for the root account (or an
> >> > named user) on the system.
> >> >
> >> > What do you think about this?
> >>
> >> Instead of providing a pre-built image of a specific system with
> >> pre-built credentials, wouldn't it be better to add a feature that, in
> >> the spirit of a command like 'guix disk-image', builds an entire system
> >> that can then be imported as-is into IN-Berlin?
> >>
> >> In general, such a feature would be useful. One can imagine leveraging
> >> a feature like this to import custom GuixSD systems into various hosting
> >> services - Amazon EC2, Rackspace, wherever. Instead of starting with a
> >> pre-built image that might be hard to reproduce or verify, and then
> >> mutating that system to suit your needs, you could just import the exact
> >> system that you want to deploy. Wouldn't that be better?
> >>
> >> --
> >> Chris
> >
> > Their system works in the way that you provide the key and they give you
> > access via ssh to the new server. My suggestion was a work-around.
>
> I think your proposed solution is a good one. It sounds like that's a
> good way to get a GuixSD server running on IN-Berlin at this time.
>
> > Beyond that, can you please explain what exactly you mean? I don't want
> > to read between the lines as there are multiple ways I could interpret
> > this message.
>
> Sure, let me see if I can clarify what I was thinking.
Thanks, I think once guix deploy has basic functionality it would be
good to get IN-Berlin involved at my end, so that we can understand
their workflow (working with raw images + consoleserver), and integrate
GuixSD in their currently Debian-only system.
> For example, the Amazon EC2 service provides web APIs that one can call
> to import an existing VM image into the service. One can then launch
> EC2 instances (virtual machines) from that image. I'm sure that some
> other services have similar APIs. With Guix, we can declaratively
> configure the entire operating system (including the pre-installation of
> SSH credentials to enable remote access) and build an image (or a VM) of
> that system. In theory, it should be possible to create a tool (e.g.,
> "guix deploy") which not only creates the precise system image you want
> from an operating system configuration file, but also imports it into a
> hosting service, like Amazon EC2, and provisions a virtual (or physical)
> machine from that image.
>
> The same principle could apply even for providers that don't currently
> support programmatic importation of system images (like IN-Berlin,
> maybe?). For example, if a company offers to accept a bootable disk
> image and provide you with a physical server that runs that image, you
> could also "import" a system into that service by building the image and
> then providing it (manually) to them. If instead of a disk image they
> require a bootable ISO-9669 file system image (i.e., a bootable CD-ROM
> image) or a special VM format like OVF, then that's just an
> implementation detail. In theory it's still possible to "import" an
> entire system by building an entire system in the format that they need,
> and then (manually) providing it to them.
>
> Based on your description, it sounds like IN-Berlin's process requires
> manual touch points, so I think it's a fine solution to provide
> IN-Berlin with your public SSH key (or a temporary password) along with
> instructions for how to build the GuixSD system you want, wait for them
> to provision the server, and then log in remotely to further customize
> the system. However, I think it would be really cool if you could just
> specify the final, customized system (SSH keys and all) in an operating
> system configuration file and then invoke a tool like "guix
> deploy-to-ec2 my-system-config.scm" to build the system described by
> my-system-config.scm, import it into EC2 (or some other service or
> provider), and run it on there. It would be really cool because your
> system wouldn't start in a possibly stale or difficult-to-reproduce base
> system, and you wouldn't need to perform additional customization after
> the system starts up. All customizations (to the extent that they are
> managed by Guix - things like the contents of user home directories and
> the state contained in databases running on the system are not managed
> by Guix) would be declared in the operating system configuration file.
>
> Currently, I don't think Guix has the features necessary to support this
> kind of programmatic importation of GuixSD systems into service
> providers like Amazon EC2. But the potential is there, and it's good to
> think big.
>
> --
> Chris
^ permalink raw reply [flat|nested] 34+ messages in thread
end of thread, other threads:[~2017-03-26 10:55 UTC | newest]
Thread overview: 34+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-09 18:36 GuixSD on commodity hosting platforms, hoster: IN-Berlin ng0
2017-02-09 20:38 ` Jan Nieuwenhuizen
2017-02-10 15:35 ` Ludovic Courtès
2017-02-10 22:48 ` ng0
2017-02-10 22:59 ` ng0
2017-02-11 10:37 ` Jan Nieuwenhuizen
2017-02-11 13:35 ` ng0
2017-02-13 21:47 ` Leo Famulari
2017-02-14 9:24 ` Ludovic Courtès
2017-02-14 10:10 ` ng0
2017-02-14 16:42 ` Leo Famulari
2017-02-16 15:34 ` Christopher Allan Webber
2017-03-13 0:32 ` Advice about GuixSD on Serveraptor? Leo Famulari
2017-03-21 18:06 ` Leo Famulari
2017-03-21 20:22 ` Christopher Allan Webber
2017-03-21 20:46 ` Leo Famulari
2017-03-21 20:53 ` Leo Famulari
2017-03-22 7:36 ` Thomas Danckaert
2017-03-22 17:17 ` Leo Famulari
2017-03-22 12:04 ` Ricardo Wurmus
2017-03-22 17:20 ` Leo Famulari
2017-03-22 17:23 ` Leo Famulari
2017-03-24 9:36 ` Ludovic Courtès
2017-03-24 15:26 ` Leo Famulari
2017-03-26 10:20 ` Ludovic Courtès
2017-03-21 21:06 ` ng0
2017-03-22 17:15 ` Leo Famulari
2017-03-22 19:20 ` ng0
2017-03-22 21:01 ` ng0
2017-03-24 4:35 ` Chris Marusich
2017-03-24 16:34 ` ng0
2017-03-25 9:01 ` Chris Marusich
2017-03-26 10:26 ` Ludovic Courtès
2017-03-26 11:54 ` ng0
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.