← Back to team overview

openstack team mailing list archive

Re: Agreeing a common set of Image Properties

 

Signing would definitely be a great v2 feature.  For v1, we just need some
way to know that an image is provided by the cloud provider, and some idea
of what that image "is".

I believe every cloud is stuck respinning their own images, because we
haven't been able to agree a "golden image" standard.  So signing etc by
the distros is pointless until we get that figured out.

I trust the cloud providers today - I have no choice but to do so.  I think
you're trying to solve a much harder problem - how do I cope in a world
where I trust Canonical but not my cloud?  Once we have hardware trust of
clouds, then we'll have to up our game substantially on every front here.

On Tue, Apr 10, 2012 at 8:04 AM, Scott Moser <smoser@xxxxxxxxxx> wrote:

> The data you're after might be useful to you, and might scratch an itch.
>
I will not discount that, but I would much prefer a bit of metadata
> associated with an image that was signed by an entity I trusted that
> identified the image as good.
>

I have to trust my cloud provider.  A single protected flag in metadata
saying "official cloud image" is no less secure than anything more
complicated at the moment (sadly)

OS distro, version_major, version_minor are even less important where you

don't care (or know) that your OS came from Canonical or RedHat, what you
> were really interested in is running "WhizBang! Fooberator" version 2.0.
>

Unless the distros stop changing config directory locations, or agree a
common init.d approach, then this simply isn't true.

Maybe you're talking about running pre-built appliances?  I'm talking about
not treating the machines as infallible black boxes (I think mine is the
more common use case, but irrespective, mine is definitely a valid use case)

I can see that some tagged info on the contents of the image would be
> useful for certain things, but specifically OS specific information is
> just not that important.
>

It's very important to me as a consumer of images.  How are you coding
image selection for launching instances on the public OpenStack clouds?
 I'm interested in any alternative.

Follow ups

References