[ubuntu-cloud] [ec2ubuntu] Call for ideas for Ubuntu cloud / [UEC|EC2] images / cloud-init
Hedge Hog
hedgehogshiatus at gmail.com
Fri Oct 1 02:06:54 BST 2010
On Fri, Oct 1, 2010 at 8:54 AM, Liraz Siri <liraz at turnkeylinux.org> wrote:
> Mark Russell wrote:
>
>> Being able to automatically assign an Elastic IP on instance start up
>> would be very cool. Here's one solution I found:
>> http://www.krzywanski.net/archives/592. But it requires putting your
>> private key and cert on the image. Seems like you could do something
>> similar but more securely from your workstation though, maybe an option
>> to cloud-utils "uec-run-instances"?
>
> Putting your private key and cert on an image is a bad idea. If one
> machine gets compromised the attacker now has access to your entire EC2
> infrastructure.
>
> The correct solution is to invoke the API to do what you want from
> whatever interface you are using. This BTW, is how the TurnKey Hub
> implements this functionality. On launch you can assign elastic IPs and
> EBS drives. It also auto-configures the firewall rules to suite the
> needs of the specific application deployed:
>
> https://hub.turnkeylinux.org/
>
Other prior-art for addressing this is poolparty
(http://auser.github.com/poolparty/) which I have used for firewall/IP
settings.
There are other libraries too, e.g. Fog
(http://github.com/geemus/fog), but I haven't used Fog for firewall
configuration and IP-assignment.
I'd like cloud-init kept as simple as possible and leave people to
choose more specialized tools for cloud configuration and management,
e.g. Chef.
Perhaps having official Ubuntu packages for Chef might help this?
Also Ubuntu Chef recipes for system level configuration settings would
allow Ubuntu community aggregate their collective experiences, and
make transparent just how an AMI/VM could/should be configured in
particular use-cases.
I'd favor such a approach over making could-init more magical.
HTH
> Cheers,
> Liraz Siri
> Cell: +972-54-2013512
> Twitter: http://twitter.com/lirazsiri
>
> --
> Ubuntu-cloud mailing list
> Ubuntu-cloud at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-cloud
>
--
πόλλ' οἶδ ἀλώπηξ, ἀλλ' ἐχῖνος ἓν μέγα
[The fox knows many things, but the hedgehog knows one big thing.]
Archilochus, Greek poet (c. 680 BC – c. 645 BC)
http://wiki.hedgehogshiatus.com
More information about the Ubuntu-cloud
mailing list