Differences between revisions 19 and 21 (spanning 2 versions)
Revision 19 as of 2013-04-23 20:05:33
Size: 6418
Editor: GeoffSimmons
Comment: Limit automatic linking.
Revision 21 as of 2013-05-06 18:33:23
Size: 7337
Comment:
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
== Official Debian Images ==
(Work in Progress)
== Debian Images ==
Line 7: Line 6:
For discussion about Debian on various cloud providers, please visit [[http://lists.debian.org/debian-cloud/|Debian-Cloud mailing list]]. These images result from a collaboration between Debian and Google. Debian community members are welcome to help improve and maintain the images in Google Compute Engine. This includes directly uploading the Debian images which Google publicizes to Google Compute Engine customers.

The images deviate in these ways from official Debian images:
 * Currently, all images must run Google-provided kernels, currently version 3.3.8. These kernels have module loading and direct memory access (e.g. /dev/mem) disabled for security purposes. /proc/config.gz lists the configuration details, and [[https://developers.google.com/compute/docs/kernels|source is available]]. Google is working to lift this restriction and expects to allow arbitrary kernels in the future.
 * Certain non-Debian software is installed to facilitate integration, all freely licensed under the Apache License 2.0:
  * Three debs: google-startup-scripts, google-compute-daemon, imagebundle (mostly or completely replaceable with cloud-init if someone does the work)
  * Two unpackaged command-line utilities installed in /usr/local/share/google and symlinked into /usr/local/bin: gcutil and gsutil (optimal packaging situation TBD)

Google is interested in working with Debian to resolve these issues and achieve official Debian image status. In the meantime, Debian has indicated that it's okay with these images being labeled as Debian instead of Debian-based.

For discussion about Debian on various cloud providers, please visit the [[http://lists.debian.org/debian-cloud/|debian-cloud mailing list]].

== Using existing images ==
Debian publishes its images via the debian-cloud project. End users are able to use them simply by adding a suitable --image option when creating their instance, e.g.

    * gcutil addinstance mynewinstance --image=projects/debian-cloud/global/images/<image-name>

To see the list of available images, use:

    * gcutil --project=debian-cloud listimages
Line 14: Line 32:
  If you want to help with the Cloud/GoogleComputeEngineImage effort and don't already have a Google Compute Engine space to work in, contact David(cache@google.com) and Jimmy (jimmy@debian.org).   If you want to help with the Cloud/GoogleComputeEngineImage effort and don't already have a Google Compute Engine space to work in, contact David (cache@google.com) and Jimmy (jkaplowitz@google.com).
Line 22: Line 40:
 1. '''Create images using our github fork on any Linux machine'''  1. '''Create images using the build script (see below) fork on any Linux machine'''
Line 25: Line 43:
    * sudo ./build-debian-cloud gce --codename squeeze --volume-size 10     * sudo ./build-debian-cloud gce --codename wheezy
Line 29: Line 47:
  The image will end up in the same directory. From there, follow the steps to [[https://developers.google.com/compute/docs/images#installinganimage|upload and use a custom image|target="_blank"]] in Google Compute Engine, beginning with step 4. Once official Debian images are published via the debian-cloud project, end users will be able to use them simply by adding a suitable --image option when creating their instance, e.g.

    * gcutil addinstance mynewinstance --image=projects/debian-cloud/gloabal/images/<image-name>
  The image will end up in the same directory. From there, follow the steps to [[https://developers.google.com/compute/docs/images#installinganimage|upload and use a custom image|target="_blank"]] in Google Compute Engine, beginning with step 4.
Line 36: Line 52:
  To find the correct <kernal-name>, choose from a list of available kernels:   To find the correct <kernel-name>, choose from a list of available kernels:
Line 38: Line 54:

  If you omit --preferred_kernel, simply choose the newest available kernel when prompted by gcutil.
Line 41: Line 59:
Anders Ingemann has created a build script for bootstrapping instances that runs automatically and needs no user interaction. You can also attach custom scripts to the script as well. Download or clone the script on [[https://github.com/andsens/build-debian-cloud | github]]. Any bugs or suggestions should be reported via the github issue tracker. Anders Ingemann has created a build script for bootstrapping instances that runs automatically and needs no user interaction. You can also attach custom scripts to the script as well. Download or clone the script on [[https://github.com/andsens/build-debian-cloud | github]]. Any bugs or suggestions should be reported via the github issue tracker or discussed on debian-cloud.

Note: [[https://github.com/google/build-debian-cloud | Google's fork]] of Anders' repository may sometimes have newer changes specific to Google Compute Engine, including ones used to build Debian images. Pull requests are regularly submitted to Anders and merged upstream in his repository.

Line 68: Line 90:
== User-contributed images ==
|| arch || version || GCE project || Image Name || Kernel ID || size || maintainer ||
|| x86_64 || squeeze || debian-cloud || projects/debian-cloud/global/images/debian-squeeze-20130418 || projects/google/global/kernels/gce-v20130325 || 10G || jkaplowitz@google.com ||
|| x86_64 || wheezy || debian-cloud || projects/debian-cloud/global/images/debian-wheezy-20130418 || projects/google/global/kernels/gce-v20130325 || 10G || jkaplowitz@google.com ||

== Notes on Kernel ==
You may notice that all Google Compute Engine images are booted using an
injected Linux 3.3.8 kernel using a configuration to reduce security
vulnerabilities. Most notably, that configuration disables modules and access
to /dev/mem. We are working to add support for booting from arbitrary kernels,
as we know it’s an important freedom. In the meantime, /proc/config.gz will
show the enabled options. View the [[https://developers.google.com/compute/docs/kernels#source|kernel source documentation|target="_blank"]] for more information.
Line 94: Line 103:
== Access to test account, for Debian Developers interested in testing, or working on official images == == Access to test account, for Debian Developers interested in testing, or working on Debian images ==
Line 96: Line 105:
The Google GCE team has created two projects for Debian’s use for Google Compute Engine. Billing for Compute and Storage has been waived on these projects. The first project, ‘debian-cloud’ is intended for pushing new images for customers. The second project ‘debian-cloud-experiments’ is intended for Debian volunteers to experiment with the project. It has a small quota and must be shared. We can work with Debian to maintain who can use these projects, or we can push management off to trusted parties in Debian. Google Compute Engine is working toward toward general availability, so over time it will become easier for anyone to get involved. Google has created two Google Compute Engine projects for Debian’s use. Billing for Google Compute Engine and Google Cloud Storage has been waived on these projects. The first project, ‘debian-cloud’, is intended for pushing new images to customers. The second project ‘debian-cloud-experiments’ is intended for Debian volunteers to experiment with the project. It has a small quota and must be shared. Google will work with Debian to manage access to these projects. Google Compute Engine is working toward toward general availability, so over time it will become easier for anyone to get involved. Until then, Google is happy to facilitate access for this purpose.

Cloud/?Google Compute Engine Image lists for Google Compute Engine

Debian Images

These images result from a collaboration between Debian and Google. Debian community members are welcome to help improve and maintain the images in Google Compute Engine. This includes directly uploading the Debian images which Google publicizes to Google Compute Engine customers.

The images deviate in these ways from official Debian images:

  • Currently, all images must run Google-provided kernels, currently version 3.3.8. These kernels have module loading and direct memory access (e.g. /dev/mem) disabled for security purposes. /proc/config.gz lists the configuration details, and source is available. Google is working to lift this restriction and expects to allow arbitrary kernels in the future.

  • Certain non-Debian software is installed to facilitate integration, all freely licensed under the Apache License 2.0:
    • Three debs: google-startup-scripts, google-compute-daemon, imagebundle (mostly or completely replaceable with cloud-init if someone does the work)
    • Two unpackaged command-line utilities installed in /usr/local/share/google and symlinked into /usr/local/bin: gcutil and gsutil (optimal packaging situation TBD)

Google is interested in working with Debian to resolve these issues and achieve official Debian image status. In the meantime, Debian has indicated that it's okay with these images being labeled as Debian instead of Debian-based.

For discussion about Debian on various cloud providers, please visit the debian-cloud mailing list.

Using existing images

Debian publishes its images via the debian-cloud project. End users are able to use them simply by adding a suitable --image option when creating their instance, e.g.

  • gcutil addinstance mynewinstance --image=projects/debian-cloud/global/images/<image-name>

To see the list of available images, use:

  • gcutil --project=debian-cloud listimages

Building a GoogleComputeEngineImage

To build a Debian image for Google Compute Engine, follow these instructions:

  1. Request access to Google Compute Engine

    • If you want to help with the Cloud/GoogleComputeEngineImage effort and don't already have a Google Compute Engine space to work in, contact David (cache@google.com) and Jimmy (jkaplowitz@google.com). Be sure to provide the following information in your email:

      • A description of how you can help
      • The email of your Google account (Google Apps and consumer accounts are both fine)
      We will add people to the appropriate projects, within certain constraints. See "Access To Test Account for Debian Developers" below for more information.
  2. Create images using the build script (see below) fork on any Linux machine

    • Example command line (root access is needed for the loopback mounting process):
      • # Either squeeze or wheezy should work.
      • sudo ./build-debian-cloud gce --codename wheezy
  3. Follow the steps to upload and use a custom image

    • The image will end up in the same directory. From there, follow the steps to upload and use a custom image in Google Compute Engine, beginning with step 4. Note the linked instructions tell you to run:

      • gcutil --project=<project-id> addimage <image-name> <image-uri> --preferred_kernel=/projects/google/global/kernels/<kernel-name>

      To find the correct <kernel-name>, choose from a list of available kernels:

      • gcutil listkernels --project=google (rather than your own project)
      If you omit --preferred_kernel, simply choose the newest available kernel when prompted by gcutil.

Image Build Script

Anders Ingemann has created a build script for bootstrapping instances that runs automatically and needs no user interaction. You can also attach custom scripts to the script as well. Download or clone the script on github. Any bugs or suggestions should be reported via the github issue tracker or discussed on debian-cloud.

Note: Google's fork of Anders' repository may sometimes have newer changes specific to Google Compute Engine, including ones used to build Debian images. Pull requests are regularly submitted to Anders and merged upstream in his repository.

Using An Image

To use an image, use the gcutil tool and provide the --image flag in your request:

gcutil --project=<project-id> addinstance <instance-name> --image=projects/debian-cloud/global/images/<image-name>

Listing All Images

To list all available Debian Google Compute Engine images, use gcutil listimages:

gcutil --project=debian-cloud listimages

Deprecated Images

As Google Compute Engine releases new images, older images will be deprecated and eventually removed. When this happens, Google Compute Engine sets the deprecation status on an image and if your instances or disks uses a deprecated image, you will need to restart them with a newer, non-deprecated image.

Use the gcutil tool to list images and review their deprecation status, if any.

gcutil --project=debian-cloud listimages

A list of deprecation statuses are available in the Images reference documentation.

Future Plans

Not yet available

SSH user accounts

One intentional difference from the Amazon EC2 images is that, instead of sshing in via a default “admin” account, we install a cron job in /etc/cron.d to manage accounts in line with the Google Compute Engine documentation. For more information, review how ssh works on Google Compute Engine.

GCE Documentation

Google Compute Engine home page, including documentation: https://developers.google.com/compute/

Google Contacts

If you have any questions, concerns, or general feedback, please don’t hesitate to contact the Google Compute team (gc-team@google.com) or David McWherter (cache@google.com) or me (jimmy@debian.org or jkaplowitz@google.com) directly about this effort.

Access to test account, for Debian Developers interested in testing, or working on Debian images

Google has created two Google Compute Engine projects for Debian’s use. Billing for Google Compute Engine and Google Cloud Storage has been waived on these projects. The first project, ‘debian-cloud’, is intended for pushing new images to customers. The second project ‘debian-cloud-experiments’ is intended for Debian volunteers to experiment with the project. It has a small quota and must be shared. Google will work with Debian to manage access to these projects. Google Compute Engine is working toward toward general availability, so over time it will become easier for anyone to get involved. Until then, Google is happy to facilitate access for this purpose.