Re: AWS + OpenStack support

[Chris Marusich <cmmarusich@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3399 bytes --]

Mark Meyer <mark@ofosos.org> writes:

> Hi list, is anybody interested in having support for running guix on AWS
> and/or OpenStack?

I think it'd be awesome if this were easier to do!  This topic has come
up before:

https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00757.html
https://lists.gnu.org/archive/html/help-guix/2016-11/msg00075.html

Long story short, instead of starting with a base image and modifying it
(e.g., by injecting credentials at first boot via the EC2 metadata
service), one appealing alternative is to use EC2's VM import feature to
actually import precisely the system that you want to launch:

https://aws.amazon.com/ec2/vm-import/

Customizations, such as SSH credentials, would be specified in a GuixSD
operating system configuration file and built into the VM image, so
neither the EC2 metadata service, nor hacks like the "cloud-init" script
used by some distros, would enter into the picture at all.

Some preliminary work in a similar spirit was already done in the branch
'wip-deploy', but I don't think it was EC2-specific in any way.  Perhaps
by looking there, you can find some inspiration?

> Basically these `cloud' environments provide some form of instance
> configuration. You're supposed to create an image of your OS and it'll
> self configure upon (first) boot. This includes more than enabling
> DHCP. Generally AWS will provide a so called metadata server. The
> important thing serves are your public keys. You'll generally specify a
> set of public keys on instance startup.

At first I thought that doing what you suggest was a good idea, but now
I think it'd be better to implement the plan I mentioned above.

> So I'd like to extend Shepherd with a first-boot service that runs `guix
> system reconfigure'. And as a second step I want to include a Guile
> package that queries the metadata server. You should be able to do
> something like
>
>   (user "guix-sd"
>         (public-keys (metadata-get-keys)))

I don't think a "first boot" service like this is a good idea.  To learn
more about why, please read the following conversation between myself
(marusich) and Dave (davexunit) on IRC:

https://gnunet.org/bot/log/guix/2016-11-30

> Is anybody interested in publicly accessible AMIs for AWS? An AMI is an
> Amazon Machine Image. When you got an AMI for your system, you can spin
> up an instance with minimal configuration.

I think it would be better to spend your energy on creating a mechanism
that allows an individual to build a GuixSD image from their own
operating system configuration file, import that into EC2, and then
launch an instance from it.  If such a feature were available in GuixSD,
you could do it once from a desktop/laptop with a slow internet
connection to create a "control server" in the cloud (with a fast
internet connection), and then you could run it from the control server
as needed to quickly spin up whatever other instances you might need.

> I would like to do the aforementioned steps during the next weekend,
> which will be a four day weekend in my country, so there's some time to
> kill.

Even if you just figured out a way to construct a VM image of the kind
that can be imported into EC2, I think it would be a great first step in
the right direction!

Thank you for taking the time to look into this!

-- 
Chris

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]