From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: Advice about GuixSD on Serveraptor? Date: Tue, 21 Mar 2017 21:06:09 +0000 Message-ID: <20170321210609.rmugh5l26eqicrhd@abyayala> References: <20170209183609.5rztohnqhsleifll@wasp> <20170213214717.GA11352@jasmine> <20170313003252.GA12094@jasmine> <20170321180638.GA3027@jasmine> <87mvcenzvw.fsf@dustycloud.org> <20170321204620.GA30143@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39544) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cqQyx-0004f0-Ax for guix-devel@gnu.org; Tue, 21 Mar 2017 17:06:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cqQyu-0001z6-6L for guix-devel@gnu.org; Tue, 21 Mar 2017 17:06:19 -0400 Received: from fragranza.investici.org ([2a00:1dc0:2479::19]:31976) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cqQyt-0001yj-Rs for guix-devel@gnu.org; Tue, 21 Mar 2017 17:06:16 -0400 Content-Disposition: inline In-Reply-To: <20170321204620.GA30143@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org Leo Famulari transcribed 3.0K bytes: > On Tue, Mar 21, 2017 at 03:22:43PM -0500, Christopher Allan Webber wrote: > > Leo Famulari writes: > > > I can easily create an image to use for this, but I don't want to do it > > > if others think I am going beyond the level of trust placed in me by the > > > Guix project. > > > > So, if you provided the source scheme to generate the image, and signed > > the image, people would both have the option to generate the image > > themselves, or download your signed binary image if they trust you? > > Not exactly... > > Serveraptor offers users a set of images to choose from, but they don't > have a method by which users can upload their own images. You'd have to > make a special arrangement for that. > > So what I'm doing here is trying to provide Serveraptor with a GuixSD > image that they'd offer to users. > > People could regenerate the image themselves, but it would be difficult > to verify that it matches what is offered by Serveraptor. > > There are VPS providers that provide an image upload system but, as far > as I know, none of them accept raw QEMU images. They all want > ISO-formatted images. IN-Berlin wants a raw image (they have read our documentation). The way their system works is that you sent them your ssh pubkey, they initialize a basic Debian system depending on the size you chose, and you can login once you get the hostname etc. They have an out-of-band consoleserver where the ssh key is placed aswell for the machine. I don't work with this non-profit organization, but having a way to define ssh pubkeys in the system config would be super useful for this. Right now I'm about to create my own system and just sent it to them as soon as I feel up to it. If they could simply create the system in their infrastructure, that would be an incredible speedup and reproducible. I don't know much about the out of band consoleserver, I have to ask if that's somehow relevant or if it simply needs some initrd settings to expose it to the server. > > Honestly, at this point the most important thing is to get things to the > > point where we have *a* documented process to install GuixSD on these > > servers; once we have that, and assuming we also have documentation / > > tooling where people could reproduce the whole process (even if they > > used the image you provided, as long as they could reproduce that step > > too) I think we're in a much better state than we are... and we could > > refine further from there. > > My idea is to create a bare-bones GuixSD image using `guix system > vm-image` and provide that to Serveraptor. Users would boot directly > into the system and reconfigure it to fit their needs. > > If by "install GuixSD" you mean "boot the GuixSD USB install and > initialize the system", that does work, but it's not very satisfying > because Serveraptor's management interface does not expose the > virtualized storage devices, so it's difficult (impossible?) to reclaim > the partition used by the installer.