savanna-all team mailing list archive

Thread
Date

some feedback on the hadoop diskimage-builder element

To: savanna-all@xxxxxxxxxxxxxxxxxxx
From: Robert Collins <robertc@xxxxxxxxxxxxxxxxx>
Date: Fri, 7 Jun 2013 13:41:28 +1200

Hi there, I've had a look through the diskimage builder element -
hadoop - you've put together, to see whether it worked well for you
etc.

There's a few things that could be done to make it a bit more robust /
simpler. Primarily is to separate out the last-mile configuration
stages from software installation. That is, software installation
should happen in the diskimage-builder, but anything that will vary in
environments - e.g. ssh keys, passwords, configuration files - should
be supplied via nova or heat metadata.

Specifics that came to mind when I read through the element:
https://bugs.launchpad.net/savanna/+bug/1188438
https://bugs.launchpad.net/savanna/+bug/1188442

The ssh config tweaking is something we don't have a great answer for
today; I'd be inclined though to make it an idempotent
os-refresh-config script rather than build-time, because as it stands
someone may edit it on the live system, and break whatever it is
hadoop has that depends on those settings. Relatedly, I think it would
be great if the README.md for the element documented the security
caveats (e.g. that systems running hadoop images are vulnerable to
password cracking attacks.

Secondly, there is a dependency system in the elements, so anything
that needs to be baked in but that folk might do differently can be
abstracted by putting it in a separate element - see
https://review.openstack.org/#/c/32059/ for an example.

I've also filed
https://bugs.launchpad.net/diskimage-builder/+bug/1188408 about
something diskimage-builder could make nicer.

Cheers,
Rob

-- 
Robert Collins <rbtcollins@xxxxxx>
Distinguished Technologist
HP Cloud Services

Follow ups

Re: some feedback on the hadoop diskimage-builder element
From: Sergey Lukjanov, 2013-06-07