20:02:10 <poelcat> #startmeeting
20:02:11 <zodbot> Meeting started Thu Feb  4 20:02:10 2010 UTC.  The chair is poelcat. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:02:12 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
20:02:19 <gregdek> I defer my clock to the more accurate collective clock.  :)
20:02:25 <poelcat> #chair gregdek
20:02:25 <zodbot> Current chairs: gregdek poelcat
20:02:31 <poelcat> who is in the house?
20:02:36 * gregdek is here
20:02:44 * jforbes is here
20:02:48 * gholms takes a seat in the bleachers
20:02:49 * jboggs here
20:02:49 * Oxf13 
20:02:56 <gholms> I've asked smoser from Canonical to stop in and help answer any EC2-related questions we might have.
20:02:57 * jgreguske lurks
20:03:02 * huff 
20:03:08 * ewan is mostly lurking/watching
20:03:43 <gregdek> A good crowd, hm?
20:03:45 <gregdek> Shall we begin?
20:03:47 * mikeburns listening
20:03:51 <poelcat> welcome everyone
20:04:02 <poelcat> #topic creating current fedora EC2 images
20:04:31 * poelcat thought the bot was supposed to do something with that but oh well
20:04:45 <jforbes> Some less than ideal news on that front
20:04:47 <poelcat> who can give a run down on where we are at today?
20:04:49 <gholms> (Maybe that doesn't work here...)
20:04:49 <gregdek> LOL.  Shall we start with the state of the current Fedora kernel?  jforbes?
20:04:51 * lutter here
20:05:10 <jforbes> We are waiting on 2.6.32 to be released as an update for F12, it fixes a couple of issues
20:05:32 <jforbes> Unfortunately the in updates-testing is not going to make it, and we are waiting on
20:05:34 <Oxf13> unfortunately the first offering broke a number of things too
20:05:46 <lutter> what's the story for rawhide ?
20:05:57 * mmcgrath is here but in another meeting as well
20:06:18 <jforbes> lutter: the rawhide kernel is daily snapshots from the linus tree still, I expect we can really look at it once 2.6.33 releases
20:06:22 * mattdm is here but fixing a security problem in another window. awesome.
20:06:46 <poelcat> jforbes: how far out is that?
20:07:36 <lutter> jforbes: it would be great if we can have F13 images in EC2 as soon after F13 release as possible
20:07:44 <jforbes> poelcat: which? for F12 will probably hit updates-testing in the next day or so.  2.6.33 proper, sometime this month
20:07:54 <gregdek> F13 is likely to be based on 2.6.33, then?
20:07:57 <jforbes> lutter: I would liek to see F13 images in EC2 concurrent to real release
20:08:05 <jforbes> gregdek: Yes
20:08:36 <poelcat> jforbes: ulimately i think we're looking for a clearer idea of when F12 might be EC2 ready?
20:08:40 <lutter> jforbes: would be awesome
20:08:53 <gregdek> How much extra work is it to get the 2.6.32 stuff working in F12?  Are we talking small incremental work, or big pain in the ass work?
20:08:57 <jforbes> Remember, we have to make kernels that we put there public for people to use, so I dont think we want to upload every rawhide kernel
20:08:58 <poelcat> F13 is topic #2
20:09:45 <gholms> We also need to do the paperwork to get an AWS account with ACLs that let us upload Fedora kernels.
20:09:51 <gregdek> Is it that we essentially believe that the Xen issues are fixed in 2.6.32 generally, and we're just waiting for a stable enough version to test F12 stuff around?
20:10:02 <poelcat> jforbes: is there a list of steps other people could be working on to help get the F12 piece ready?
20:10:03 <gregdek> gholms: We've got that covered, actually.  I'm working that in parallel with folks at Amaozn.
20:10:04 <jforbes> gregdek: Getting F12 kernels working is not too difficult with 2.6.32, but we need 2.6.32 to actually be an update.  More a technicality, as the issues they are seeing with the current kernel are all about video and kms, not ec2
20:10:11 <gholms> Oh, nice.
20:10:24 <jforbes> gholms: that's done, and we are ready to upload as soon as we have a good kernel to upload
20:10:46 <poelcat> jforbes: when do we think we'll have a good kernel?
20:10:47 <jforbes> poelcat: We still need to define the packageset for F12 (and F13) on what will be the official Fedora
20:11:13 <poelcat> who is working on defining the packageset?
20:11:15 <gregdek> Sounds to me like kernel stuff is just hurry up and wait, meanwhile we should be focusing on AMIs.
20:11:19 <Oxf13> I'm still fuzzy on the tools involved
20:11:22 <gregdek> poelcat, I don't think anyone right now.
20:11:28 <Oxf13> package set/
20:11:29 <Oxf13> eh?
20:11:35 <jforbes> poelcat: Hopefully by next week. Depends on what is the status for the video issues on desktops
20:11:36 <gregdek> Well...
20:11:36 <Oxf13> that seems like an easy one right?
20:11:39 <gholms> I'd start with a minimal image; maybe core and part of base.  I've built some F12 images privately in the past.
20:11:39 <gregdek> ...yes.
20:11:43 <Oxf13> enough to get booted, logged in, and add more packages
20:11:49 <gregdek> Oxf13, yes, I think that's easy.
20:12:02 <gregdek> Oxf13, we just need to identify tools and process and how it actually gets done.
20:12:10 <Oxf13> I'd imagine a kickstart file
20:12:12 <lutter> does anybody have a ks that they could post to the mailing list ?
20:12:13 <jforbes> gregdek: did anyone look at the rpath ami tools for setting up the ssh keys, etc?
20:12:17 <Oxf13> since that's how every other image we create is managed
20:12:25 <gregdek> jforbes, no.
20:12:29 <gregdek> Here's my take:
20:12:35 <huff> lutter: aos ks: has ssh, yum, dhcp, selinux, etc. these were all requirements back in the day
20:12:39 <gregdek> A good AMI is more than just a spin.
20:12:43 <huff> when we started
20:12:52 <lutter> yeah, I'd imagine that's a good start
20:12:52 <gregdek> A spin process is a necessary precondition, but not sufficient.
20:13:01 <mattdm> +1 to that, greg.
20:13:18 <gregdek> So we should probably:
20:13:27 <gregdek> 1. Identify a good spin that we think would be a nice starting point;
20:13:51 <gregdek> (And maybe that's creating some kind of new default "web server" spin or something, some default that will be most beneficial to the most EC2 users);
20:14:13 <gregdek> 2. Figure out what goes on top of that spin to make it a good out-of-the-box AMI.
20:14:14 <Oxf13> I can see the debate now
20:14:34 <gregdek> Oxf13, I'm comfortable making massively wrong choices just to get us moving.  :)
20:14:50 <jforbes> Sure, this can be a moving target.  We just need to define a starting point
20:14:52 <gregdek> "Dear so-and-so, yes, you're right, these packages are wrong.  Don't care.  Moving on."
20:15:06 <Oxf13> yep
20:15:26 <jforbes> gregdek: but we still need something to talk to amazon and set things up... We can't ship the binary ami tools
20:15:35 <gregdek> Is this the time to stand up some dumbed down "web server" spin, or not?
20:15:38 <gholms> That's where euca2ools come in.
20:15:39 <gregdek> jforbes: Good point.
20:15:49 <mattdm> is euca2ools sufficient?
20:16:09 <jforbes> gholms: Yeah, we had also looked at the rpath tools, they are a plugin system as well
20:16:09 <gregdek> You are still required to install the Amazon ec2tools locally, aren't you?
20:16:23 <Oxf13> gregdek: well, we don't have any such spin in existence right now, so we'd be creating it more than "propping it up"
20:16:31 <gholms> gregdek: Required to?
20:16:36 <gregdek> Oxf13, you tell me.  Good idea?  Bad idea?
20:16:41 <huff> gregdek: only if your goign to rebundle
20:16:43 <huff> afask
20:16:43 <jforbes> gregdek: with the rpath tools, there is no requirement for the amazon ec2tools
20:17:06 <gholms> What part of the ec2 tools needs to go on the VMs?
20:17:09 <Oxf13> gregdek: it's no worse than any other idea.  It's a bike shed.  I'm fine with saying the default EC2 image is designed to start as a simple webserver.  You can adjust from there as necessary
20:17:25 <gregdek> gholms, to do anything with EC2, you still need the EC2 client tools locally -- start an AMI, set up your keypair, etc.  I don't think we can ever ship those tools, can we?
20:17:28 * Oxf13 thinks we're talking about two different topics at once.
20:17:32 <gregdek> Yep.
20:17:44 <gregdek> Oxf13 is right.
20:17:50 <gregdek> Can we talk package set for now?
20:17:53 <Oxf13> #proposal EC2 image is a simple webserver at it's base, plus whatever we need for deployment in amazon.
20:17:59 <gregdek> Like it.
20:18:03 <gregdek> Can we put a name next to that?
20:18:08 * poelcat just created a document on gobby cloud-2010-02-04 ... lets add lists, requirements, etc. there
20:18:17 <mattdm> "Fedora Simple Web Server AMI".
20:18:20 <huff> I can provide a base ks file
20:18:26 <huff> based off aos
20:18:32 <gregdek> huff, I like.
20:18:34 <mattdm> Relevant to more fancy steps: anyone who is interested in making awesome Fedora AMIs but hasn't looked at turnkeylinux.org really should.
20:18:42 <gregdek> +1000.
20:18:48 <gregdek> They are doing it right, from what I hear.
20:18:48 <bobmcw> fwiw, we have an httpd (+mod_cluster for jboss) AMI we build
20:19:21 <gregdek> OK, so we've got some proposed package sets.
20:19:27 <gregdek> How do we actually build an AMI?  :)
20:19:38 <bobmcw> thincrust, boxgrinder
20:19:45 <gholms> thincrust is a good start.
20:19:59 <Oxf13> those playing at home may not know what these terms are
20:20:03 <gholms> Although thincrust hardcodes a couple big no-nos.
20:20:07 <bobmcw> thincrust.net
20:20:18 <huff> gholms: i i can fix that
20:20:18 <Oxf13> from the fedora point of view, we have two current tools at our disposal.  livecd-creator and appliance-creator
20:20:19 * jforbes has only built them by hand, and with rBuilder (which won't work for us)
20:20:23 <gregdek> thincrust looks lovely to me.  gholms, what are the nonos?
20:20:24 <bobmcw> http://jboss.org/stormgrind
20:20:37 <Oxf13> both use the same backend to basically make a chroot, install packages into the chroot, and do something with that chroot after the fact
20:20:45 <Oxf13> either isofs, or loopback fs or whatever.
20:20:46 <gholms> gregdek: Non-Fedora kernel and ec2-api-tools on the AMIs.
20:20:52 <huff> im currently adding some functalitu to AC now and should do a release soon if you have any extras send them my way
20:20:58 <gregdek> gholms, ah, right.
20:21:11 <gregdek> ec2-api-tools is a sticky question.
20:21:12 <Oxf13> so what is thincrust?
20:21:22 <bobmcw> don't really *need* ec2-api-tools on the image
20:21:25 <gregdek> thincrust = turn a kickstart into a VM with one command.
20:21:34 * gholms agrees with bobmcw
20:21:48 <Oxf13> is thincrust in Fedora?
20:21:51 <gregdek> And thincrust also contains a "make this VM into an AMI" tool -- jboggs, is that basically right?
20:21:55 <gregdek> Oxf13, yes it is.
20:21:56 <gholms> Oxf13: appliance-tools
20:21:57 <jboggs> yeah
20:21:59 <huff> appliance-tools is in fedora
20:21:59 <bobmcw> ec2-converter, yeah
20:22:09 <bobmcw> boxgrinder builds upon all of that, replacing some bits
20:22:09 <Oxf13> thincrust == appliance-tools ?
20:22:16 <gregdek> Oxf13, basically.
20:22:32 <huff> appliance-tools is on part
20:22:36 <huff> creates teh image
20:22:37 <huff> the
20:22:56 <gregdek> So there's "generic vm" and there's "AMI".
20:23:06 <bobmcw> raw and ami, yessir
20:23:22 <bobmcw> most things can run raw, or be converted to an appropriate format from raw
20:23:24 <gregdek> One tool creates "generic vm" from kickstart, and another tool "transmogrifies raw into ami".  True for both thincrust and boxgrinder?
20:23:27 <huff> there is an image and an ami is that image with meta-data
20:23:44 <gregdek> bobmcw, is boxgrinder in Fedora?
20:23:48 <bobmcw> no, not yet
20:23:58 <gregdek> Can we add that as a TODO that we track?
20:24:04 <gholms> An ami also has a custom fstab and init script.
20:24:17 <gregdek> bobmcw, what's the diff between boxgrinder and thincrust?
20:24:18 <bobmcw> gregdek: boxgrinder is currently tied to jboss tech
20:24:23 <bobmcw> so we need jboss in fedora also :)
20:24:36 <gregdek> bobmcw, hee hee!  That's another meeting.  :)
20:24:41 <bobmcw> mgoldmann's the boxgrinder lead, I mostly observe these days, but...
20:24:42 <huff> bobmcw: what does boxgrider give us ontop of the thincrust tools, im just not fam with the project
20:25:13 <bobmcw> the same general principles as thincrust, we do some things differently in our conversions (libguestfs to crack images) and to expedite building multiple types of VMs
20:25:30 <bobmcw> ie, we build a base, then crack and add Ec2-specific bits, then do the same from the base for vmware-etc
20:25:44 <bobmcw> since we assume we need to produce N types of images for any input
20:25:51 <bobmcw> raw, ec2, vmware, etc
20:26:03 <gregdek> bobmcw, is boxgrinder java/x-platform?
20:26:04 <bobmcw> handling things like disk format and other weirdness
20:26:15 * mgoldmann is back
20:26:16 <bobmcw> boxgrinder is primarily ruby, and until recently was purely c-ruby
20:26:19 <gholms> Ooh, that would make providing downloadable VMware images easy, too.
20:26:29 <bobmcw> on top of the functionality, we also have a 3-tier arch on it
20:26:31 <Oxf13> so eventually boxgrinder might be useful
20:26:37 <bobmcw> boxgrinder-build as the main library of logic
20:26:41 <gregdek> Sounds like boxgrinder is getting more cycles... but has more deps to figure out.
20:26:43 <mgoldmann> http://www.jboss.org/stormgrind/projects/boxgrinder.html
20:26:43 <bobmcw> -rest as a REST API server, as a service
20:26:51 <Oxf13> but in the context of a stated goal of producing ec2 images, it seems that thincrust/appliance-creator is enough to get going
20:26:55 <bobmcw> and -studio, purely in my head at this point, to help in the construction of images
20:26:58 <bobmcw> akin to SuSE Studio
20:27:01 <mgoldmann> http://community.jboss.org/wiki/StormGrindBoxGrinderDocumentation
20:27:03 <gregdek> Oxf13, for now I think that's right.
20:27:14 <huff> bobmcw: your still using appliance-creator to build the base image
20:27:16 <bobmcw> the servery bits are targetting TorqueBox at the moment
20:27:22 <mgoldmann> huff: yes
20:27:30 <bobmcw> torquebox.org, the ruby appserver built on jboss AS
20:27:33 <gregdek> bobmcw, if boxgrinder is all ruby, where is jboss required?
20:27:39 <gregdek> Ah, ok.
20:27:42 <mgoldmann> that's the one thing we're using from thincrust tooling
20:27:54 <mgoldmann> gregdek: it's not required
20:27:54 <bobmcw> and starting to use stuff like the jboss MQ tech to drive build farms of appliance building nodes
20:27:58 <gregdek> Hm!
20:28:11 <gregdek> Then we should really make it a priority to get boxgrinder into fedora.
20:28:16 <bobmcw> but we could move to some other tech.  just torquebox is my baby, so I push it where I can :)
20:28:18 * stickster comes in late and apologizes, just got off an impromptu meeting with mgr.
20:28:19 <gregdek> In parallel.
20:28:26 <mgoldmann> we just wanted a tool we could build images for cloud for JBoss projects, that's all
20:29:18 <lutter> is there any way to resolve the weird thincrust/boxgrinder split ? It's very confusing to the outside world
20:29:49 <bobmcw> lutter: thincrust seems to be winding down as a project
20:29:51 <gregdek> 1. start with thinrust;
20:29:59 <gregdek> 2. commit to moving to boxgrinder when we are able.
20:30:00 <gregdek> Make sense?
20:30:06 <gholms> gregdek: +1
20:30:07 <mgoldmann> sure!
20:30:09 <bobmcw> lutter: but it could also just be considered the foundation upon which we build, sorta
20:30:13 <lutter> bobmcw: it's anybody's project for the taking
20:30:15 <Oxf13> gregdek: that's my thought too
20:30:26 <lutter> (well, huff or bkearney might have a different opinion)
20:30:27 <gregdek> I like thincrust, but it's soon to be deprecated, it seems. Still, we wanna start now.
20:30:44 <huff> no sounds good to me
20:30:45 <bobmcw> gregdek: one thing we ship is a meta-appliance, so you can easily prop up a boxgrinder server on ec2 to spew out more
20:30:47 <bobmcw> easy bootstrap
20:30:52 <gregdek> Clever.  ;)
20:30:59 <gregdek> All right.
20:31:08 <bobmcw> plus, pushing your AMIs to S3 is free/fast if you're already on EC2
20:31:08 <gregdek> So now that we know we're starting with thincrust for now...
20:31:14 <gregdek> ...what do we do, exactly?
20:31:30 <mattdm> e-mailed thincrust list the other day, asking if it was still active. Bryan Kearney replies "Yes, it is an ongoing concern."
20:31:37 <Oxf13> if we've decided on a toolchain
20:31:41 <gregdek> Put together a script that transmogrifies spin into vm into ami automagically and see if it works?
20:31:50 <Oxf13> then what we need to do is take the previous decision on the package set, and get it into a format appropriate for the toolchain
20:31:53 <Oxf13> which should be a .ks file
20:32:07 * gholms wants a very minimal baseline
20:32:20 <Oxf13> gholms: we've already decided that it's going to be a simple web server
20:32:27 <gholms> Yeah...
20:32:33 <mattdm> there's a project goals question here....
20:32:42 <mattdm> initially, simple web server is good...
20:32:43 <Oxf13> gholms: @core, perhaps some of @base, and the httpd stack
20:32:45 <mgoldmann> bear in mind, that current thincrust ec2-converter doesn't work and it was building only 32 bit images earlier...
20:33:04 <mattdm> but is the intention of this project to eventually produce application-level appliances that just magically work out of the box?
20:33:21 <mattdm> or are we planning to work entirely below that level?
20:33:32 <Oxf13> mattdm: I'm not sure about eventual.  I am only looking at the first goal of getting usable useful recent Fedora offerings into Amazon EC2
20:33:50 <Oxf13> that's an obtainable goal, with clear benefits
20:33:52 <gholms> I would rather just provide "Fedora in the Cloud" and let users customize it.
20:33:57 <mattdm> just want to be explicit about that.
20:34:04 <jforbes> mattdm: once the base image is public, and the kernel is publically available, people can build there own images easily
20:34:11 <gregdek> mattdm, I think one step at a time.  Initial goal is "usable default AMIs that don't suck and users can expand upon."
20:34:19 <gregdek> Everything must start from there anyway.
20:34:21 * mattdm nods
20:34:27 * gholms nods
20:34:35 <jforbes> s/there/their
20:34:48 <Oxf13> ok, I think we've reached two conclusions, maybe 3
20:35:00 <poelcat> can we document this as we go in Gobby or using meetbot?
20:35:10 <Oxf13> is meet bot in here?
20:35:12 <gregdek> poelcat, can you restate in meetbotspeak?
20:35:13 * poelcat does not have time to create notes or do recap today
20:35:17 <gregdek> Ah, ok.
20:35:18 <gholms> Oxf13: Yep
20:35:22 <gregdek> Who knows meetbotspeak well?
20:35:25 <Oxf13> is this a live meeting?
20:35:29 * gholms raises hand
20:35:30 <gregdek> Oxf13, yep.
20:35:33 <gholms> Oxf13: Yep
20:35:34 <gregdek> gholms?
20:35:40 <poelcat> gregdek: if i understood what to capture... we've covered 10 different topics at once :)
20:35:44 <gholms> I can give it a shot.
20:35:45 <gregdek> LOL
20:35:57 <Oxf13> #info Initial goal of project is to provide Useful usable recent Fedora images in Amazon EC2
20:36:08 <gregdek> Oxf13, yep.
20:36:23 * gregdek waits for the full Oxf13 recap.  :)
20:36:26 <Oxf13> #info The initial image will consist of a simple webserver and the tools to add/remove packages from there, plus whatever is necessary for EC2
20:36:49 <mgoldmann> A JEOS-like appliance would be sufficient IMHO, at least for start. http://github.com/stormgrind/boxgrinder-build/blob/master/appliances/jeos.appl
20:36:57 <Oxf13> #info The initial toolset to accomplish this will be thincrust/appliance-creator, however we will be looking at stormgrind in the future
20:37:02 <gregdek> The big open question is WHO and WHEN?
20:37:12 <Oxf13> Ok, that's the end of my recapping
20:37:16 <gregdek> I guess that's two questions.  :)
20:37:36 <Oxf13> so action items!
20:37:40 <gholms> At the very least we want something in time for F13.
20:37:49 <Oxf13> I do believe huff volunteered to author the .ks file for the appliance
20:37:53 <Oxf13> huff: is that correct?
20:37:55 <huff> I can delever a fist pass base ks with min packageset extra stuff in post for amazon spicific stuff,
20:37:58 <huff> yea
20:38:04 <gregdek> Maybe I'm naive but seems to me that if we get a decent ks, we can start making broken-but-instructive images almost immediately.
20:38:14 <Oxf13> #action huff to deliver a first pass base ks with min packageset extra stuff in post for amazon specific stuff.
20:38:22 * jforbes has the kernel
20:38:23 <mgoldmann> FYI: we are in #stormgrind if you have additional questions about BoxGrinder
20:38:32 <Oxf13> #action jforbes continues to wrangle a kernel for us to use
20:38:40 <Oxf13> the big question I have in my mind right now
20:39:06 <Oxf13> who is working on figuring out what tools we can or need to use in order to get the image to run in EC2, and to get the image uploaded to EC2
20:39:22 <gregdek> 1. Uploading.
20:39:26 <gregdek> We have two accounts:
20:39:27 <mgoldmann> boxgrinder has this out of the box
20:39:33 <gholms> euca2ools can bundle and upload.
20:39:40 <Oxf13> mgoldmann: but is it using software that is acceptable for Fedora?
20:39:45 <gregdek> One "official" account that will be the home of all "official" spins.
20:39:47 <mgoldmann> Ruby?
20:39:49 <Oxf13> same question for gholms
20:39:57 <bobmcw> mgoldmann: do we rely on the ec2-tools though?
20:39:59 <gregdek> And one "scratch" account that we can use for all unofficial stuff.
20:40:01 <mattdm> is there anything we need that euca2ools can't do?
20:40:08 <mgoldmann> bobmcw: no
20:40:10 <bobmcw> or just the right_aws gems?
20:40:10 <Oxf13> lets take a step back here
20:40:10 <gholms> Oxf13: euca2ools has passed approval
20:40:15 <gregdek> Is euca2ools in Fedora?
20:40:21 <mgoldmann> bobmcw: ah, yes, we are
20:40:32 <Oxf13> in previous discussions it seemed that amazon required  use of some non-free stuff to either create the image, or upload the image
20:40:34 <jforbes> can euca2ools set up the ssh keys, etc to a running instance?
20:40:37 <mgoldmann> bobmcw: bundling is done via ec2-ami-tool IIRC
20:40:42 <gholms> jforbes: Yes
20:40:46 <jforbes> excellent!
20:40:48 <Oxf13> is that not the case?
20:40:54 <gregdek> OK, I want to understand clearly.
20:40:55 <bobmcw> jforbes: "set ssh keys" just means "pass a string to launch"
20:41:04 <bobmcw> ec2 itself creates and holds your pubkey
20:41:25 <mattdm> euca2ools is a reimplementation implementation of the non-free amazon tools.
20:41:30 <Oxf13> #topic image upload
20:41:34 <jforbes> bobmcw: Yeah, familiar with it, just making sure.  We had a different tool at rPath, but it has a plugin system and a bunch of crap that is useless to fedora
20:41:45 <bobmcw> mattdm: name-compatible?  ec2-describe-instances and such?
20:41:46 <Oxf13> #info We have two accounts with amazon
20:41:46 * mattdm is typing faster than he is thinking
20:41:50 <gregdek> Here's what I *think* I understand: Amazon has API hooks, and then they create a set of APIs, licensed in a funky way, that use those hooks.  Is euca2ools a clean rewrite of those tools, basically?
20:41:53 <bobmcw> iff so, then the boxgrinder stuff could use it
20:41:58 <gholms> bobmcw: s/ec2/euca/
20:42:04 <bobmcw> 'k, we could adjust
20:42:10 <Oxf13> #info one "official" account for "official" spins, and one scratch account for unofficial stuff
20:42:22 <bobmcw> gregdek: amazon publishes a SOAP WSDL API document
20:42:29 <gholms> bobmcw: I can't provide symlinks without breaking ec2-ami-tools from rpmfusion.
20:42:31 <bobmcw> along with a client capable of speaking to it
20:42:35 <mattdm> no not same names. s/ec2/euca/.
20:42:48 <bobmcw> gholms: we can accomodate that sort change
20:42:52 <gregdek> bobmcw, ok, and euca2ools is written to that spec?
20:42:59 * gregdek gets it.  I think.
20:43:01 <bobmcw> gregdek: no idea, but I gotta assume so
20:43:08 <Oxf13> just so we're clear...
20:43:11 <gregdek> bobmcw, lol.  Can someone provide clarity there?
20:43:16 <bobmcw> WSDL is like CORBA IDL
20:43:24 <mattdm> gholms: maybe symlinks in a subpackage?
20:43:44 <bobmcw> $TOOL_PREFIX="euca" in our scripts will suffice if needed
20:44:06 <Oxf13> euca2ools is A) all we will need to upload images, and B) non-reliant on anything non-free or non-redistributable, and C) not going to cause the wrath of amazon to fall upon us?
20:44:08 <gholms> mattdm: It's still a file conflict; fesco would shoot me.
20:44:09 <bobmcw> gregdek: I'm pretty ignorant of eucalyptus in general
20:44:23 <gregdek> Oxf13, +1.
20:44:30 <gregdek> We need a clear answer to that question.
20:44:32 <Oxf13> gholms: other option is use of Alternatives for amazon tools
20:44:38 <huff> also, AFAIK, you need special tools to bundle and upload aki and ari's and to assioacite them
20:44:44 <jforbes> The only thing I know about eucalyptus is that tybstar is working there now :)
20:44:49 <huff> this may have changed
20:44:51 <jforbes> huff: Yes, and those tools are NDA
20:44:56 <Oxf13> huff: now we're talking jibberish again :)
20:44:59 <gholms> Oxf13: That's a possibility.
20:45:00 <gregdek> huff, that's ok, we can separate that out.
20:45:01 <bobmcw> kernels and ramdisks
20:45:01 <huff> always
20:45:19 <Oxf13> gholms: can we get an answer to my above question?
20:45:37 <gregdek> I believe that Oxf13 is the 100% critical path question.
20:45:45 * gholms scrolls up
20:45:48 <huff> Oxf13: what ?
20:45:50 <gregdek> That we must have a clear answer to before we can proceed at al.
20:45:58 <gregdek> euca2ools is A) all we will need to upload images, and B) non-reliant on anything non-free or non-redistributable, and C) not going to cause the wrath of amazon to fall upon us?
20:46:01 <gregdek> (Restating)
20:46:14 <bobmcw> I think (c) is probably the only question
20:46:34 <gholms> A:  Yes for AMIs, I can't say for the rest
20:46:35 <bobmcw> sounds like eucatools does (a) and (b)
20:46:37 <jforbes> I don't think C is a question, Amazon provides the API for a reason
20:46:45 <gregdek> If (a) and (b) are true, I can't imagine that (c) will be an issue.
20:46:45 <gholms> B: completely FOSS
20:46:47 <mattdm> B:  is true.
20:46:52 <gregdek> All right.
20:46:58 <gholms> C: unlikely
20:47:03 <bobmcw> and normal mortals don't get to upload kernels normally, do we?
20:47:07 <gregdek> Then we need to take an action to expedite getting euca2ools into Fedora.
20:47:10 <Oxf13> perhaps we need a recap of terms
20:47:11 <bobmcw> gotta do a dance with Bezos to get a new kernel up there
20:47:16 <Oxf13> right now we were talking about an OS image
20:47:22 <Oxf13> but there are also kernel/initrd images yes?
20:47:28 <bobmcw> yes
20:47:29 <jforbes> Oxf13: yes
20:47:32 <Oxf13> alright
20:47:36 <jforbes> Oxf13: AMI is the os image.
20:47:37 <Oxf13> so correct me if I'm wrong
20:47:40 <gregdek> Yep.  And that is a separate discussion.  Only we will have the right to upload AKIs.
20:47:46 <gholms> gregdek: The review is done; I'm working on fixing a problem with adding it to pkgdb.
20:47:49 <Oxf13> but eucatools is only for uploading the OS image (sans kernel)?
20:47:52 <gregdek> Which is a tricky thing, tbh.
20:47:54 <bobmcw> Oxf13: yes
20:47:55 <gregdek> Oxf13, correct.
20:47:57 <mattdm> Will it be possible to upload new kernels for _every kernel update_ from Fedora?
20:48:04 <jforbes> mattdm: kind of
20:48:05 <bobmcw> mattdm: if we have friends in Amazon
20:48:06 <Oxf13> #info eucatools is only for uploading the OS image.  The kernel is handled differently
20:48:06 <gregdek> mattdm, that's our call.
20:48:12 <Oxf13> Ok, so.
20:48:12 <gregdek> bobmcw, we do have friends at amazon.
20:48:17 <bobmcw> 'k
20:48:17 <Oxf13> to recap
20:48:32 <jforbes> mattdm: the expectation is that security fixes will get updated to ec2, but not necessarily every kernel with bugfixes that don't apply
20:48:44 * gregdek notes that a former FPL works at amazon.  :)
20:48:47 <Oxf13> #info simple webserver ks -> appliance-creator -> eucatools == OS image in Amazon EC2
20:48:56 <gregdek> Oxf13, yep.
20:48:58 <mattdm> good enough for me.
20:49:04 <Oxf13> gregdek: he works about 40 minutes from my house
20:49:13 <jforbes> gregdek: msw is there now too
20:49:18 <gregdek> Oxf13, buy that dirty ol' bastard a drink for me sometime.
20:49:21 <Oxf13> Ok, with the above recap, I think we can close out the OS image portion of this discussion.
20:49:26 <gregdek> +1
20:49:27 <poelcat> smoser: how do you guys do this process?
20:49:35 <Oxf13> which brings us to the kernel side of things
20:49:38 <Oxf13> #topic kernel upload
20:49:50 <smoser> reading
20:50:26 <smoser> euca2ools is not capable of uploading a kernel.
20:50:33 <gregdek> Nor should it be.
20:50:35 <Oxf13> so before we can even boot an OS image, regardless of the OS image, we have to have a kernel available.
20:50:45 <Oxf13> how do we get a kernel available?
20:50:46 <gholms> Sure it should.  That's what account ACLs are for.
20:50:49 <smoser> you have to use the blessed ec2-api-tools and ec2-ami-tools to do that.
20:50:51 <gregdek> Oxf13, correct.  And right now, the only kernel up there is FC8.
20:51:01 <jforbes> kernel upload is fairly restrictive, though a simple process (made even easier with dracut)
20:51:03 <huff> so my thoughts are to generate the aki and ari in post of ks
20:51:04 <smoser> we publish all kernels that are used in a build.
20:51:10 <gregdek> gholms, ok, maybe.  But it our case, not.  :)
20:51:16 <gholms> gregdek: :)
20:51:23 <smoser> we use buckets and names to differenciate: https://wiki.ubuntu.com/UEC/Images/NamingConvention
20:51:51 <Oxf13> lets back up a second here.
20:51:52 <huff> not sure if that will work or not
20:51:59 <jforbes> Oxf13: I have the kernel tools, and will be writing something up to share with kylem and davej as well, to make sure kernels can be uploaded, and I am not the only one capable
20:52:24 <Oxf13> to upload the kernel, you need a vmlinuz and initramfs right?  Anything else?
20:52:34 <gholms> You upload them separately.
20:52:42 <gregdek> Funky.
20:52:44 <jforbes> Oxf13: actually we specifically need a vmlinux, vmlinuz is not allowed
20:52:51 <Oxf13> oh
20:52:52 <gregdek> Super funky.  :)
20:53:01 <jforbes> debuginfo to the rescue
20:53:03 <Oxf13> so then, we cannot use the existing Fedora RPMS
20:53:11 <gregdek> Not for kernel, i guess.
20:53:15 <Oxf13> at least without some modification
20:53:20 <huff> alsothe initrd has to be differnt for lagre (64 bit) and small
20:53:22 <gholms> Do the images even need the kernels themselves installed?
20:53:24 <huff> 32bit
20:53:30 <gholms> Modules, sure.
20:53:37 <huff> gholms: yes for the modules
20:53:39 <gregdek> We should prob bang out a clear list of all packages that need to have ec2 versions.
20:53:54 <Oxf13> #info vmlinux (not vmlinuz) and initramfs files need to be uploaded (separately)
20:53:55 <huff> ec2 versions?
20:53:57 <jforbes> Oxf13: well, we can use the vmlinux from the debuginfo, but we need an dracut image
20:54:06 <Oxf13> jforbes: right
20:54:20 <Oxf13> my spidersense is pinging awfully hard right now.
20:54:25 <gholms> Does it need to differ from the stock one?
20:54:30 <gregdek> Oxf13, yep.  That's why you're here.  :)
20:54:31 <Oxf13> gholms: there is no stock one
20:54:47 <Oxf13> gholms: initramfs is created upon kernel install to your filesystem
20:54:47 <gholms> Oh, right...
20:54:50 <gregdek> At some point, this probably requires some funky compromises.  Part of why we're here is to figure out what those are ASAP.
20:55:03 <Oxf13> we'll get to my spidysense in a moment.
20:55:06 <huff> initrd can but build in post of ks
20:55:30 <Oxf13> before we dive into the mechanics of generating the vmlinux and initramfs, lets talk more about the upload process
20:55:36 <jforbes> huff: the kernel image should be there before you are even building your ks
20:55:49 <Oxf13> What are the requirements to upload, provided we have the necessary vmlinux and initramfs in hand?
20:56:22 <jforbes> Oxf13: we use their nda'd tools to create and upload the image, then we set the permissions to make them publicly visible
20:56:37 * gregdek wanders afk for a sec...
20:56:52 * gholms wonders how the eucalyptus people add kernels
20:56:55 <huff> ec2-bundle needs to be run on 1.raw disk image, 2.initrd image and, 3.vmlinux
20:57:09 <huff> then ec2-upload need to be runon all three
20:57:16 <Oxf13> jforbes: it's necessary for the /creation/ phase as well?
20:57:24 <Oxf13> jforbes: can you walk us through that briefly?
20:58:07 <huff> then you have to link them togeather
20:58:26 <jforbes> Oxf13: creation? Essentially we call the bundle tool with a path to the vmlinux file to create the kernel image, then call the upload, then set the acls.. do the same for the ramdisk
20:58:41 <huff> yep, build, bundle, upload,link
20:58:50 <jforbes> huff: kind of, the bundle tool is different for aki and aris, and nothing binds them together othe than the ami definition
20:58:57 <huff> right
20:59:15 * gregdek back
20:59:38 <Oxf13> jforbes: do we know what it does to that vmlinux file?  Is it bundling something into it that wasn't already there?
20:59:53 <huff> just splits it up and adds meta data
20:59:57 <Oxf13> is it doing anything more than just taking what's there and re-arranging it slightly for the upload?
21:00:06 <jforbes> Oxf13: nope, not doing anything to it of concern
21:00:50 <huff> amazon just restricts who can upload kernels, thats why the bundle tool is different for aki and aris
21:00:51 <Oxf13> ok.
21:00:53 <jforbes> Oh, we do have to worry about regions, though that is a different discussion
21:01:17 <huff> jforbes: there is a migrate tool to move toEU oncein US
21:01:28 <jforbes> huff: there are 2 US now
21:01:32 <huff> o
21:01:39 <Oxf13> ok, so the tool adds nothing material to the image, nothing that is used beyond their infrastructure
21:01:46 <Oxf13> #info the tool adds nothing material to the image, nothing that is used beyond their infrastructure
21:01:47 <jforbes> new, as f last month I believe
21:01:52 <jforbes> Oxf13: correct
21:02:06 <Oxf13> and I assume the tool authenticates you somehow?
21:02:16 <gholms> Oxf13: It uses x.509.
21:02:21 <jforbes> Oxf13: with a pem, a key, and UID
21:02:23 <Oxf13> ok.
21:02:43 * poelcat has to leave for another meeting
21:02:45 <Oxf13> does the fact that you uploaded it using their tool count as the "blessing" or is there anything else?
21:02:54 <Oxf13> poelcat: thanks, I'll keep meetbotting the notes
21:03:06 <jforbes> Oxf13: that is the blessing, and one of the reasons it is restricted
21:03:09 <gregdek> We have a pem for the Fedora "scratch account" for anyone who wants it, btw.
21:03:16 <gregdek> poelcat, thanks.  :)
21:03:36 <gholms> FYI:  euca2ools doesn't yet implement image migration
21:03:39 <Oxf13> #info uploading by the tools counts as the blessing
21:04:23 <Oxf13> jforbes: do the best of your knowledge, is the vmlinux/initramfs bundle/upload step the only part of this process which requires non-free tools?
21:04:39 <jforbes> Oxf13: correct
21:04:48 <huff> Oxf13: also chaning attrubutes
21:04:55 <jforbes> Oxf13: for everything else, if a free tool isn't written, the API exists
21:05:06 <Oxf13> #info vmlinux/initramfs bundle/upload step is the only part of the process which requires non-free tooling.
21:05:09 <huff> ie: assiocate our kernel to our images
21:05:17 <jforbes> huff: p
21:05:17 <Oxf13> huff: that can't be done via the API?
21:05:22 <jforbes> huff: err, no
21:05:29 <gholms> That can be done with euca2ools.
21:05:44 <jforbes> huff: once the kernels/ramdisks are uploaded and public, anyone can link them to any image via the APU
21:05:47 <jforbes> err API
21:06:08 <ewan> My understanding is that each AMI machine image essentially says which kernel it wants to use - yes?
21:06:17 <gholms> ewan: Yes.
21:06:20 <huff> are you sure you can change the images kernel and ramdisk attrbute with euca2ools.
21:06:26 <jforbes> ewan: yes, and by not stating it implies the default
21:06:52 <huff> how do we set the default
21:06:59 <gholms> huff: euca-bundle-image takes --kernel and --ramdisk parameters.
21:07:01 <huff> ie our image should default to our images
21:07:10 <huff> gholms: ok
21:07:28 <Oxf13> alright, lets break out some action items here
21:07:53 <jforbes> huff: we set the default when we create our image
21:08:07 <Oxf13> jforbes: can I assign you the task of documenting the kernel/initramfs upload process, and sharing credentials with the other fedora kernel folks?
21:08:10 <jforbes> huff: outside of that, there is only one default, the amazon kernels
21:08:16 <jforbes> Oxf13: absolutely
21:08:29 <Oxf13> #action jforbes will document kernel/initramfs upload process
21:08:31 <gholms> I will push euca2ools as soon as infrastructure lets me.
21:08:39 <Oxf13> #action jforbes will share upload credentials with Fedora kernel developers
21:08:57 <Oxf13> We've talked this subject up a buch, but there is one concern I'm going to lay down
21:09:04 <Oxf13> and it's going to be ... uncomfortable.
21:09:08 <mattdm> yay
21:09:15 <Oxf13> GPL compliance.
21:09:15 * gholms braces himself
21:09:20 <Oxf13> #topic GPL Compliance
21:09:32 <gholms> Dun dun duuuun!
21:09:33 <Oxf13> We actually stopped pre-producing initramfs images in our kernel builds due to this
21:09:54 <Oxf13> the initramfs includes bits and pieces of many other software projects, only in binary form
21:10:14 * gholms notes that #topic didn't work again
21:10:15 <Oxf13> were we to distribute that initramfs, we'd be on the hook to provide the source to those projects as well
21:10:29 <jforbes> Oxf13: But if they are only built using the released repository bits, we are already providing them right?
21:10:33 <gregdek> Hm... zodbot has op.  Weird.
21:10:46 <Oxf13> jforbes: thats if, and only if, we only provide the /release/ kernel, and not any update kernel
21:11:02 <jforbes> Oxf13: we ship source with update kernels too
21:11:11 <Oxf13> that also assumes that the Amazon kernel images are not available longer than the time which our Fedora source is available.
21:11:42 <Oxf13> jforbes: we don't guarantee that the version of tools you use during creation of an initramfs from updates will always be available
21:11:46 * gregdek wonders if we should consider moving fedora source to amazon at some point...
21:11:50 <Oxf13> jforbes: we expire updates rather rapidly
21:12:36 <Oxf13> so if you build an image today with updates that includes say plymouth, and in 3 weeks a new plymouth comes out, the version  you used will be removed from our servers, and thus the source to the bits in your image are no longer available in the assumed location
21:13:08 <Oxf13> there are obviously things we can do to track and store sources somewhere, however in the interest of getting F12 out the door we decided to just not pre-generate the images, and side step the issue
21:13:09 <gholms> How much can be rebuilt from cvs?
21:13:14 <mattdm> (and practically speaking i've run into that as a real problem. not with kernels but with other updates.)
21:13:26 <Oxf13> gholms: it could be rebuild, provided nobody moved a tag.
21:13:32 <Oxf13> gholms: it could also be rescued from Koji
21:13:44 <Oxf13> but the point is that the content would not be in the typical place.
21:13:49 <gregdek> Is our relationship with Amazon a useful way to solve this problem by throwing massive amounts of source into S3?
21:14:06 <Oxf13> and since the binary bits are sitting in amazon, without source next to it, it breaks how we comply with GPL requirements
21:14:19 <Oxf13> with Fedora, we publish source alongside binaries, and we keep them in lock step
21:14:30 * mattdm idly considers putting the source into the initramfs....
21:14:45 <Oxf13> I don't imagine there is anywhere within the Amazon EC2 infrastructure that we could drop all the srpms involved with the kernel
21:14:57 <Oxf13> mattdm: this is a problem for more than just the kernel
21:15:06 <Oxf13> it's worse for the kernel due to the initramfs
21:15:08 <gholms> Not even a EBS snapshot?
21:15:14 <Oxf13> but we also have to provide srpms for the OS image
21:15:25 <Oxf13> or provide some sort of written notice as to where the srpms can be found
21:15:30 <gregdek> Oxf13, why on earth not?  s3 is one of the most massive datastores on the planet.
21:15:35 <Oxf13> we've never done the written notice.
21:15:40 <jforbes> Oxf13: for one thing, the expectation on images going forward is that the kernel is the only thing we will update
21:15:44 <mattdm> written-notice route is a pain because of its requirements.
21:15:50 <Oxf13> gregdek: I do believe there is specific language about distributing source with binary
21:15:58 <mattdm> better to provide the source.
21:16:01 <Oxf13> gregdek: saying that "they're both in amazon, go find them" isn't sufficient
21:16:03 <jforbes> Oxf13: so we build new ramdisks on release with no updates outside of kernel
21:16:32 <Oxf13> jforbes: or, we make sure that we build kernel images only with bits found in the OS image we've uploaded, and make sure to track the sources used in the OS image
21:16:41 <Oxf13> basically we're going to need some accounting here
21:16:50 <Oxf13> what binaries go into the OS image, and what binaries go into the kernel images
21:17:08 <Oxf13> and a place to stash the srpms and a way to connect the two for GPL sake
21:17:33 <huff> I can generate a list of rpms inthe os image
21:17:45 <huff> we do this for ovirt node
21:17:52 <Oxf13> relevant GPL(v2) language:
21:17:53 <Oxf13> 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
21:17:57 <Oxf13> a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
21:18:32 <Oxf13> On the Fedora download pages we provide source links next to all the binary links
21:18:44 <Oxf13> in the case of the live images, we bundle a README.sources file
21:19:39 <jforbes> And this would be very much like a live image
21:19:43 <Oxf13> Sources for all packages used in this live image can be found under:
21:19:43 <Oxf13> http://download.fedoraproject.org/pub/fedora/linux/releases/12/Everything/source/
21:19:49 <Oxf13> that's the content of the readme file
21:20:14 <Oxf13> things get fuzzy when we do OS images or kernel images from updates, again because we don't guarantee the life of the srpm
21:20:20 <gholms> That would mean no kernel/busybox/etc updates.
21:20:20 <Oxf13> unlike with the full releases
21:20:46 <Oxf13> and since Amazon separates the kernel/initramfs from the os image, we'd have to have a notice bundled with the kernel
21:20:53 <Oxf13> as well as a notice bundled with the OS image
21:21:03 <jforbes> Oxf13: users cannot see the kernel
21:21:12 <Oxf13> which is a problem
21:21:14 <gholms> But they load it.
21:21:20 <jforbes> Oxf13: xen booting with the kernel outside of the image, the kernel is never visible
21:21:26 <Oxf13> how do we inform the users where they can get the source code to the binary that's being provided to them?
21:21:42 <jforbes> Oxf13: the same kernel should be installed into the image
21:22:25 <Oxf13> so we have to ensure that we always have at least one official image that matches one official kernel, maintaining at least a 1:1 relationship
21:22:27 <jforbes> Though realistically once a kernel is public, anyone can link it to any image
21:22:36 <Oxf13> and deliver the "find the sources here" type message in the OS
21:22:44 <Oxf13> jforbes: yeah, that's a concern.
21:22:48 <ewan> The AMIs will surely /need/ to have the same kernel installed as they boot with if they're to be able to load modules.
21:23:13 <jforbes> Oxf13: no more of a concern than once we ship any binary rpm anywhere, anyone can put it whever the hell they choose
21:23:16 <Oxf13> by uploading the kernel to amazon and making it "public" we're essentially distributing those binaries
21:23:19 <gholms> They let users specify alternate kernels at their own peril.
21:23:34 <Oxf13> jforbes: it it different
21:23:45 <Oxf13> jforbes: when we distribute a binary rpm, we distribute the srpm along side it
21:23:48 <gholms> Would it be sufficient to put the sources in the same bucket as the vmlinux?
21:23:57 <Oxf13> jforbes: when we stop distributing the binary rpm, we take down the srpm
21:24:04 <gregdek> If you can tell what kernel you're using at runtime, surely there can be a script that generates a link to the source of the kernel you're currently running?
21:24:06 <jforbes> Oxf13: We do, but people redistributing it might not, which is what we are saying here as well
21:24:18 <Oxf13> jforbes: except /we/ are the ones "distributing" it
21:24:27 <gholms> gregdek: Then we'd have to hold onto the srpms for three years.
21:24:28 <mattdm> or, amazon is.
21:24:31 <Oxf13> we put it on amazon, we marked it as public.  that constitutes distribution
21:24:54 <Oxf13> at least in my mind it does
21:24:56 <gregdek> gholms, for the kernels, yes.  But amazon makes that *way* easier than it is now.
21:24:56 <jforbes> Oxf13: Oxf13 no, we distribute it once to amazon, just like when we upload a kernel rpm to an ftp server or anywhere else
21:25:20 <gholms> smoser: How do you folks deal with GPL compliance for kernel and initramfs updates?
21:25:58 <jforbes> Oxf13: we include a source link in our image as well.  Once that is done, people have the ability to do whatever they want with it... Our distribution of it is clean, other people might choose to redistribute, and we cannot control what they do with it
21:26:21 <Oxf13> jforbes: we're still missing a step though
21:26:32 <Oxf13> jforbes: when we put a binary up on our master server, we put the srpm along with it
21:26:34 <jforbes> Oxf13: of course Amazon has packaged our kernels before this as well
21:26:44 <Oxf13> jforbes: so that when folks choose to consume it, they have the opportunity to consume the srpm as well
21:26:54 <jforbes> Oxf13: and when we put our images on EC2, we will have a link to the sources as well
21:26:56 <Oxf13> jforbes: if we put our kernel up on amazon, where do we put the matching source?
21:27:04 <Oxf13> ok, where does that link go?
21:27:06 <gholms> Oxf13: Would it be sufficient to put the sources in the same bucket as the kernels?
21:27:16 <Oxf13> gholms: define "bucket"
21:27:20 <huff> in the same bucket
21:27:25 <gholms> An S3 bucket
21:27:35 <gregdek> My guess is that Amazon, or more likely EC2 users, are likely breaking these rules out of ignorance currently.
21:27:54 <gregdek> Who, for instance, uploaded the current F8 kernels?
21:28:01 <jforbes> gregdek: Amazon did
21:28:14 <gholms> The plot thickens!
21:28:15 <gregdek> Do they have the srpms available?
21:28:18 <gregdek> I'll wager not.  ;)
21:28:27 <Oxf13> my bet is on simple ignorance.  I think about these things because I'm paid to :/
21:28:34 <jforbes> gregdek: And they probably counted on the fact that the source was available from us when they put it there.  It ins't anymore unless you look at cvs
21:28:46 <Oxf13> jforbes: it is on the archive server
21:28:50 <gholms> There's a chance it's in the archives.
21:28:52 <gregdek> My point is not to slam Amazon, of course.  My point is that it's not Amazon's business to solve this problem; it's ours.
21:29:00 <Oxf13> gregdek: +1
21:29:22 <Oxf13> and really, we just have to make a reasonable effort to provide people who get the binaries with the option to get the sources
21:29:22 <gregdek> And we have much less wiggle room, because it's our name on the line.  That's part of what this whole exercise is about.
21:29:34 <mattdm> +1
21:29:38 <gregdek> OK, good discussion...
21:29:39 <Oxf13> we certainly don't have to shove the source down their throat
21:29:43 <gregdek> ...where are we?
21:29:44 <jboggs> the F8 kernel amazon has is some random koji build that never quite lined up with any update
21:29:50 <Oxf13> I think we've made some decisions
21:29:51 <gregdek> jboggs, lulz
21:29:56 <Oxf13> jboggs: awesome.
21:29:59 <gregdek> EXACTLY!  :)
21:30:02 <jforbes> gregdek: so maybe we bring this up with amazon, and see about making a sources server available.  the sources go into an S3 bucket that is visible from the EC2 web server
21:30:14 <jboggs> and koji dropped it so gone for now, i think bobmcw has a copy
21:30:20 <Oxf13> lets recap a bit
21:30:36 <gregdek> Yep.  I can bang out a note to nthomas.  It may take a while to resolve, but we can get started.
21:30:37 <Oxf13> I think we decided to deliver a README-SOURCES file with the OS version, that points to the release tree from whence the image came
21:30:51 <Oxf13> is everybody in agreement with that?
21:30:54 <jforbes> gregdek: maybe get amazon to pick up the tab for a machine instance to run that web server, and we inlcude only the sources from the kernels we upload to EC2 in that server
21:30:55 <gregdek> +1
21:31:01 <gregdek> jforbes, definitely.
21:31:02 <gholms> +1
21:31:03 <mattdm> so far good.
21:31:05 <Oxf13> ok
21:31:12 <Oxf13> #info deliver a README-SOURCES file with the OS version, that points to the release tree from whence the image came
21:31:31 * gregdek hopes zodbot is getting all this... :/
21:31:39 <huff> Oxf13: is that on the image?
21:31:40 <Oxf13> also, to simplify, for now OS images will only come from GOLD releases, they will not include updates
21:31:40 <gholms> gregdek: http://meetbot.fedoraproject.org/fedora-cloud/2010-02-04/fedora-cloud.2010-02-04-20.02.log.txt
21:31:55 <Oxf13> huff: with the live torrents, we've placed teh file in the torrent, along side the iso
21:32:00 <gholms> We can let people update them after launch if need be.
21:32:08 <Oxf13> huff: I'm not exactly sure where we'd place it on EC2, implementation detail
21:32:13 <Oxf13> gholms: yep!
21:32:30 <mattdm> can we make them update automatically on first boot?
21:32:33 <Oxf13> #info to simplify the initial offering, images will only come from GOLD releases, they will not include updates.
21:32:34 <jforbes> That's the problem with kernel, people cannot update it after launch, so we need to handle security
21:32:48 * gholms nods
21:32:52 <ewan> IIRC S3 buckets can be directly web-accessible, so you don't necessarily need a web server on EC2 to export the sources; just publisj the S3 URLs.
21:32:55 <gregdek> fwiw, gafton asked the pointed question "how often will you update?"  So they're looking ahead to some of this stuff.
21:33:01 <Oxf13> mattdm: we can highly recommend it, but if we don't do that for Fedora, that would mean alteration of the image, and that gets us into "Remix" land as opposed to "Fedora" land
21:33:05 <gregdek> ewan, I agree.
21:33:24 <Oxf13> and as for the kernel/initramfs
21:33:31 <mattdm> eh, we can make a package that does it and get it in fedora.
21:33:47 <jforbes> ewan: if that's the case, we can solve this ourselves, just drop the sources into a bucket for kernel updates, and include that URL in the sources file
21:33:50 <Oxf13> I think what we have is the idea of providing a README-SOURCES with the kernel/initramfs that directs people to the same place the OS image sources are found
21:34:26 <Oxf13> and we have agreed to keep the kernel and OS image in lock step
21:34:31 <Oxf13> does that sound right?
21:34:34 <gregdek> +1
21:34:35 <gholms> Ubuntu's EC2 init script downloads the instance's user-data and executes it if it begins with #!.  Something like that would make it really easy for users to auto-update if they wish.
21:34:55 <Oxf13> ok.
21:35:19 <Oxf13> #info We have the idea of providing a README-SOURCES with the kernel/initramfs that directs people to the same place the OS image sources are found
21:35:30 <jforbes> Oxf13: kind of, if we do kernel updates, we would be pointing to a different place for sources, so just make the README-SOURCES point to the gold release and the kernel s3 bucket
21:35:34 <Oxf13> #info We have agreed to keep the kernel/initramfs and OS image in lock step as to share the same sources
21:36:00 <Oxf13> #info we will have to do something different if we provide updated kernel images
21:36:49 <gregdek> Which, at some point, we will.
21:36:52 <Oxf13> alright
21:36:55 <gregdek> But not today.  :)
21:37:07 <jforbes> Why not just do it from the beginning?
21:37:10 <Oxf13> dangit I had the tickle of another point, but I've forgotten it
21:37:26 <gregdek> Hm.
21:37:27 <Oxf13> jforbes: we lack the tools to proprely discover what binaries in the initramfs came from which srpms
21:37:27 <jforbes> When we put the first kernel there, include sources in the kernel S3 bucket?
21:37:33 <gregdek> Ah, right.
21:37:38 <Oxf13> the kernel is easy, the initramfs is much harder
21:37:51 <gregdek> Oxf13, can we document the need for that tool?
21:37:59 <jforbes> Oxf13: no, OS image comes from gold, all except for kernel.  We create the initrd on a gold image
21:38:29 <Oxf13> #info in the future, to provide updated kernel/initramfs images with matching kernels, we'll need a tool to discover which initramfs binaries came from which sources
21:38:38 <Oxf13> jforbes: that's not going to work if we have to fix a bug in something that's in the initramfs
21:38:39 <mattdm> I think self-updating-by-default is an extremely important goal, even if we can't do it from the start. It's very different from the typical fedora desktop install.
21:38:51 <mattdm> But I'm okay with whatever decision we need to make now to get going.
21:38:57 <jforbes> Oxf13: those should be release blockers, and not make gold in the future
21:39:08 <Oxf13> jforbes: and I'd like a fully functioning crystal ball (:
21:39:24 <Oxf13> riding on a pony
21:39:33 <Oxf13> farting a rainbow
21:39:44 <gholms> ...
21:39:48 <jforbes> mattdm: self updating by default is difficult, because users have to pay for bandwidth used to update unless we host an updates server there (Ubuntu does)
21:40:11 <gregdek> We can negotiate that, I think.
21:40:14 <gregdek> And should.
21:40:20 <mattdm> we should definitely host an updates server, then. that's important.
21:40:23 <gregdek> In fact, I think it's already come up.
21:40:27 <gholms> How hard would it be to host three mirrors there?
21:40:36 <jforbes> gregdek: I agree.  But until we can do that, we cannot enforce self updating AMIs
21:40:44 <gregdek> Yeah.  One step at a time.
21:40:46 <mattdm> fair enough.
21:40:52 <gregdek> But it's an intention we should make clear asap.
21:40:58 <Oxf13> ok, I think I'm done with the GPL compliance issue
21:41:02 <Oxf13> and I'm ready to move on
21:41:16 <Oxf13> unless anybody else has something to say about it
21:41:16 <gholms> Do we need to talk about init scripts and the like?
21:41:16 <gregdek> How do I denote an action item?
21:41:22 <Oxf13> gregdek: #action
21:41:22 <gholms> gregdek: #action
21:41:36 <Oxf13> gholms: yeah, I think the next topic would be "running the image"
21:41:48 <gregdek> #action ask amazon to host srpms on s3 for fedora akis
21:42:02 <Oxf13> gregdek: gotta assign it to somebody
21:42:03 <gregdek> #action ask amazon to host update servers for fedora
21:42:10 <gregdek> Oh, they're both me
21:42:12 <Oxf13> well, you don't, but.
21:42:18 <gregdek> I'll know it from the notes.  :)
21:42:33 <huff> i have a feeling there not gettign recorded anyhow
21:42:39 <gregdek> huff, me too.
21:42:42 <Oxf13> they are
21:42:50 <gregdek> I may be trolling the log -- at least I know the log file is writing.
21:42:54 <Oxf13> we've confirmed multiple times that zodbot is catching this
21:42:58 <gregdek> And this will all go into a wiki anyway.
21:43:06 <Oxf13> ok, #topic Running the Image
21:43:08 <Oxf13> er
21:43:11 <gholms> #topic Running the Image
21:43:12 <Oxf13> #topic Running the Image
21:43:17 <gholms> (sorry)
21:43:26 <huff> #topic Running the Image
21:43:27 <Oxf13> Lets assume we've got the stuff uploaded, sorted out source issues, and a user is ready to go
21:43:30 <gregdek> #topic Running the image
21:43:34 <gregdek> Ah HAH!
21:43:34 <gholms> :D
21:43:42 <gregdek> You have to be /op to tell zodbot what to do, I think.
21:43:45 <gregdek> Grr.
21:43:51 <Oxf13> gregdek: you must be the meeting chairperson
21:43:51 <gregdek> Which means it's lost most of this stuff.
21:43:56 <Oxf13> only the chair can update the topic
21:44:00 <gregdek> Ah, ok.
21:44:03 <Oxf13> but I think it'll catch #info from other people
21:44:05 <gholms> That reminds me, no one set the meeting title.
21:44:10 <gregdek> Well, sorry for discovering that late.  :)
21:44:21 <Oxf13> gregdek: can you do #chair Oxf13  ?
21:44:50 <gregdek> #chair Oxf13
21:44:50 <zodbot> Current chairs: Oxf13 gregdek poelcat
21:44:50 <Oxf13> well anyway
21:44:59 <gregdek> Kinda late now.  ;)
21:45:05 <Oxf13> yep, but oh well
21:45:25 <Oxf13> What happens when a user decides they want to run Fedora in EC2?
21:45:43 <jforbes> Oxf13: it runs?
21:45:52 <huff> Oxf13: you do ec2-run #ami number and pass it an ssh key
21:46:02 <jforbes> Oxf13: There are a couple of interfaces, users can select a public image, and just run it
21:46:04 <Oxf13> how do they pick it, what is displayed to them, what happens when it boots for the first time?
21:46:10 <gholms> The user could also pull up the AWS Console and look in the list of Fedora AMIs.
21:46:25 <gregdek> Oxf13, huge lists, visible by api search tool or web search on ec2 web ui.
21:46:45 <jforbes> Oxf13: every time it boots is the first time unless they are using persistent storage, which is a new option, and I am unfamiliar with
21:46:49 <gholms> After booting the user gets an IP address that he or she can SSH to with an SSH key he or she created beforehand.
21:47:02 * mattdm has to go. thanks everyone.
21:47:10 <huff> the image has to grab that ssh key
21:47:13 <gholms> (We need to write an init script to fetch the public keys)
21:47:18 <gregdek> Oxf13, it may be useful for you to just go and do it.  I can send you a great jumpstart document and our x509 cert (which i'll send gpg armored).
21:47:19 <huff> in the past i did this in rc.local
21:47:29 <huff> but an init script would be bettter
21:47:42 <gholms> Maybe a ec2-config package with an init script?
21:48:05 <huff> we also wrote a cheap first boot utility
21:48:06 <Oxf13> ok, so we somehow need to get the user's ssh key stuffed into the system, into root's authorized_keys file?
21:48:21 <jforbes> That is one of the things that amiconfig did
21:48:22 <Oxf13> does the root account have a password by default, or is that something we do in the image creation?
21:48:24 <gholms> Oxf13: Yep
21:48:31 <Oxf13> jforbes: but we're not using amiconfig are we?
21:48:35 <jforbes> Oxf13: root account has an ssh key
21:48:38 <huff> root has no pw
21:48:40 <jforbes> Oxf13: we can, it is open source
21:48:48 <gregdek> Oxf13, that's the user's business.  They set it up using the apis or the ec2 web ui.
21:48:49 <gholms> Typically one completely disables SSH password auth.
21:48:51 <jforbes> Oxf13: that is the rPath tool
21:48:52 <Oxf13> ok..  lets try to gather some of this.
21:49:07 <Oxf13> #info Every boot is the "first boot" without use of persistent storage
21:49:12 <gregdek> Yep.
21:49:19 <gregdek> Which is where EBS comes in.
21:49:21 <Oxf13> #info User's SSH key needs to get into the system's root authorized_keys file
21:49:25 <gregdek> EBS = Elastic Block Storage
21:49:48 <gholms> EBS lets a user create persistent disks.  You can boot from these.
21:49:55 <Oxf13> is getting the key implanted the job of a outside of the image tool, or something that has to go inside the image?
21:50:00 <gregdek> Oxf13, we're providing a raw image.  The user configures that image thru tools themselves.
21:50:07 * gregdek goes to find a good walkthru...
21:50:14 <gregdek> It's better if you just read.
21:50:15 <gholms> Oxf13: That has to go in the image.
21:50:17 <huff> Oxf13: in the image
21:50:36 <smoser> gholms, way above, the kernels and ramdisks are available just like any other ubuntu build
21:50:44 <smoser> and as such, source is available that way
21:51:06 <gholms> smoser: How long do the sources stick around?
21:51:13 <gholms> A user could modify the non-persistent image we provide and give his or her own copy persistence using EBS.
21:51:25 <smoser> i'm not sure what the normal ubuntu policy is, but "quite a while"
21:51:35 <jforbes> That is an interesting sticking point here
21:51:36 <smoser> definitely for any supported release you can get it
21:51:50 <jforbes> Images are tied to a kernel/ramdisk by their config
21:51:53 <gholms> smoser: Then you just reference it in a readme file somewhere?
21:52:15 <smoser> i really dont' know. its just no difference
21:52:16 <Oxf13> #info the tool to stuff user's ssh key goes /inside/ the image
21:52:17 <jforbes> Once our kernels are public, we won't know what images will reference them.  We need a policy on how long a kernel will stick around
21:52:19 <smoser> from everything eles
21:52:41 <gholms> jforbes: How long do we support gold releases?
21:52:43 <gregdek> http://paulstamatiou.com/how-to-getting-started-with-amazon-ec2
21:52:56 <jforbes> gholms: just over a year typically
21:53:04 <gregdek> This is a great overview for n00bs on how a user starts their own image.  Mustread, I think.
21:53:15 <gholms> Mmm... mustard...
21:53:22 <smooge> sorry for the meeting
21:53:24 <gholms> jforbes: I mean, do we make people update before offering them help?
21:53:28 <smooge> missing th emeeing
21:53:32 <gregdek> smooge, np.
21:54:01 <jforbes> gholms: AFAIK, if we delete a kernel image, a users AMI which references it will no longer boot...
21:54:40 <Oxf13> that's going to suck
21:54:42 <gholms> If we support the kernel that ships with releases for the lifetime of the release then we could stick with the two-releases-plus-a-month rule.
21:54:54 <gholms> We could also just leave old kernels up there.
21:54:55 <Oxf13> right, that's a 13 month life span
21:55:18 <Oxf13> after 13 months, we don't guarantee that the URLS used to access the source remain valid
21:55:26 <jforbes> gholms: right, both are options, though I prefer to not leave ancient kernels there
21:55:32 <gholms> Heck, Amazon still hosts FC4 kernels.
21:55:36 * jgreguske bails for another meeting, and ceases active reading
21:55:51 <Oxf13> that's darn near criminal
21:55:55 * gholms nods
21:56:26 <gholms> I think the question here is whether or not we want to break everyone's EBS images after a period of time, and if so, how long.
21:56:35 <Oxf13> ok, it seems to me that we'll need to create and package whatever mechanism we want to use to handle the ssh key
21:56:40 <Oxf13> and make sure we include that in the image
21:56:52 <gregdek> Um... that's part of euca2ools, right?
21:56:58 <Oxf13> do we have something like that written somewhere?
21:57:08 <gholms> Oxf13: appliance-tools has a short script that does that.
21:57:22 <huff> we do it in rclocal
21:57:36 <huff> i think
21:57:43 * gregdek waitwaitwait.
21:57:50 <gregdek> In order to ssh to an ec2 box...
21:57:52 <Oxf13> if it's a interpreted script that'sfine
21:57:59 <jforbes> rclocal isn't of value here
21:57:59 <gregdek> ...you must create a keypair.
21:57:59 <Oxf13> since that is source itself.
21:58:42 <huff> gregdek: yep an when you launch the image you pass it the the name
21:58:43 <gholms> Oxf13: Here's a script that will do it:  http://fpaste.org/LOyT/
21:58:51 <gregdek> OK.  Got it.
21:58:58 <gholms> By "it" I mean download public keys.
21:59:14 <gregdek> Wait, public keys?
21:59:25 <Oxf13> is that a magic IP address there?
21:59:29 <gholms> The instance has to download your public keys so you can log in.
21:59:35 <huff> Oxf13: yea
21:59:36 <gholms> Oxf13: It is.
21:59:51 <gholms> Oxf13: People on Eucalyptus usually have to change that.
21:59:58 <gregdek> We *are* assuming creation of a new keypair at time of "user decides to pick image foo", yes?
22:00:18 <gholms> gregdek: We shouldn't.
22:00:19 <huff> gregdek: you have to have one assiocated with your aws account
22:00:41 <gholms> That would mean I would have to create a new key for every instance type I want to launch.
22:00:53 <huff> no you can use the same one for multiple
22:00:54 <gregdek> Ah, right.  User creates keypair as part of account for all machines, ok.
22:00:59 <gregdek> Nevermind.  :)
22:01:16 <Oxf13> ok
22:01:20 <gregdek> You just specify which of *your* keypairs you use when you instantiate an image.
22:01:30 <gholms> We can leave key creation and specification up to the web UI and euca2ools.  All the image has to care about is downloading them.
22:01:33 <Oxf13> Then they're up and running and everything is great
22:01:52 <Oxf13> which leads us to....
22:01:55 <Oxf13> #topic Updates
22:02:07 <Oxf13> this goes back to gregdek's action plan of getting a Fedora mirror in S3
22:02:21 <Oxf13> if you get that, we need to make sure S3 becomes a mirrormanager site default mirror
22:02:27 <gregdek> Yep.
22:02:35 <gregdek> This has two pieces: tech and admin.
22:02:37 <Oxf13> gregdek: would you want to take that on as well?  It's really simple.
22:02:43 <gregdek> yeah, I can do that.
22:02:50 <Oxf13> (and by take that on I mean file the ticket for mdomsch to do it)
22:02:59 <gregdek> LOLyupyup
22:02:59 <Oxf13> #action gregdek will handle getting S3 setup in MirrorManager
22:03:03 <gholms> It's simple as long as we know what all of EC2's IPs are.
22:03:15 <Oxf13> gholms: right, "simple" (:
22:03:33 <gholms> There's also the matter of differing internal and external IP addresses.
22:03:33 <gregdek> I suspect there will be "complications", so it may take a while to work through Amazon's process underbelly.  But I'll hase it.
22:03:35 <Oxf13> #info some would like images to autoupdate, perhaps by force
22:03:36 <gregdek> chase it.
22:03:52 <gregdek> I dunno about forcing updates on users.
22:03:55 <Oxf13> I had read earlier about loading user data in and executing any scripts found
22:03:58 <gregdek> I think that's kinda not what cloud is about.
22:04:12 <Oxf13> Can somebody expand upon that?  Is there a way for us to provide reference scripts to do the updating, without forcing it?
22:04:21 <Oxf13> gregdek: I'm with you on that, I just wanted it noted for the record
22:04:25 <gregdek> ok :)
22:04:30 <gholms> A user can specify a "user data" file/string.  Ubuntu's init script executes that on bootup if it begins with #!.
22:04:43 * jforbes doesn't like autoupdate either, these are servers
22:04:45 <Oxf13> gholms: ok, so that's specific to Ubuntu
22:05:00 <gholms> So if a user hands euca-run-instance a file with "#!/bin/sh \n yum -y upgrade" that will accomplish it.
22:05:15 <gregdek> Oooh, cool.
22:05:17 <Oxf13> provided we had something in the image that knows to execute the incoming files?
22:05:17 <jforbes> gholms: that works
22:05:23 <gholms> But we would have to write that into the init script.
22:05:29 <Oxf13> what is "the init script" ?
22:05:49 <gholms> An init script that I presume we would have to write alongside the ssh key script.
22:05:58 <gregdek> So I'm guessing that some of these things will start to become obvious as we start doin' stuff.
22:06:09 <gregdek> And we're at the 2 hour mark.
22:06:12 <Oxf13> yep
22:06:16 <gregdek> Can we get to the "next meeting" topic?
22:06:20 <Oxf13> I think we made a bunch of progress today
22:06:31 <gregdek> Yepyep!
22:06:34 <Oxf13> and I think gregdek is right, there is only so far we can go without having images in hand to walk through it
22:06:47 <Oxf13> #topic Next Meeting?
22:07:01 <Oxf13> other than the infrastructure meeting conflict, this day worked for me
22:07:10 <Oxf13> should we try one hour later next week?
22:07:14 <gregdek> Is 4pm eastern better for folks?  I know that infrastructure would prefer it, and having those dudes available will be really helpful.
22:07:31 <Oxf13> it's fine by me
22:07:33 <gregdek> I know that's 10pm for CET...
22:07:39 <jforbes> Works for me
22:07:46 * gholms has to leave at 6pm EST on Thursdays
22:08:00 <gregdek> All the more reason to keep the meetings to an hour.  :)
22:08:01 <Oxf13> hopefully we won't be doing 2 hour meetings every week
22:08:02 <gholms> Otherwise that works for me.
22:08:03 <gregdek> Is weekly good for now?
22:08:11 <Oxf13> i think so, as things are moving fast
22:08:14 <gholms> Sure.
22:08:16 <gregdek> okeydoke.
22:08:31 <jforbes> Yeah, I think weekly is a good idea until things are a bit more developed
22:08:35 <gholms> Should I post that init script somewhere and #link to it before we're through here?
22:08:40 <gregdek> yespls
22:08:51 <gholms> (Of course now it'll be under the wrong topic)
22:09:04 <gregdek> meh, that's ok.
22:09:10 <gregdek> It's all fodder for a wiki page anyway.  :)
22:09:22 <jforbes> gregdek: one more bit, I am going to do the virt status update, and I thought I would point people to the cloud-sig since there is a lot of cross interest there.  Do we have a wiki page yet, or where should I point people?
22:10:01 <gregdek> jforbes, one sec...
22:10:32 <gholms> #link http://www.physics.umn.edu/~holms/download-sshkeys
22:10:36 <gregdek> https://fedoraproject.org/wiki/Cloud_SIG
22:10:38 * gholms hopes that worked
22:10:41 <gregdek> I will create this page now.  :)
22:10:50 <jforbes> gregdek: thanks :)
22:11:02 <Oxf13> zodbot will pick up links without #link
22:11:11 <gholms> Good to know...
22:11:28 <gregdek> OK, send them there.  It will have content soon.
22:11:34 <gholms> Anything else?
22:11:39 <Oxf13> Everybody with action items should be prepared to report on them next week
22:11:46 <gregdek> #action gregdek will update wiki page with recap, mailing list info, irc info, etc.
22:11:54 <gholms> I should have euca2ools pushed by then.
22:12:27 <gregdek> So we're done?
22:12:43 <gholms> There's also a public Eucalyptus instance people can use for testing if anyone's interested.
22:12:48 <gregdek> gholms, link?
22:13:05 <huff> he posted it
22:13:06 <gholms> https://mayhem9.cs.ucsb.edu:8443/
22:13:08 <gregdek> ah ok
22:13:10 <gregdek> :)
22:13:19 <gregdek> How do we call this meeting over?  :)
22:13:25 <gholms> #endmeeting
22:13:40 <gregdek> Anyone have anything else?
22:13:44 <gregdek> Meeting over in 5...
22:13:47 <gregdek> 4...
22:13:49 <gregdek> 3...
22:13:52 <gregdek> 2...
22:13:55 <gregdek> 1...
22:13:56 <gholms> 0.5!
22:13:59 <gregdek> 1/2...
22:14:01 <gregdek> :)
22:14:03 <gregdek> #endmeeting