[ec2-beta] document: EC2 Ubuntu sudo Guide

Wed Mar 11 14:54:44 GMT 2009

On Wed, Mar 11, 2009 at 07:12:51AM -0500, Michael Greenly wrote:
>> You yourself mentioned that you've begun to setup a lot of stuff by
>> using scripts rather than doing so interactively. If you have all of
>> this scripted, you could just do that on first boot, couldn't you?
>> You'd save the trouble of rebundling, wouldn't have to use S3 space
>> to store the AMI, etc., etc.
> That's exactly how I started out.  Pushing configuration's up on first
> boot like you describe.  The thing is for anything except really
> trivial configurations this isn't practical.  One of my application
> configuration scripts takes about 30 minutes to run.

Ok. I'm not trying to make the argument that there's never a reason to
rebundle. Of course there is. I'm just saying that there's plenty of
situations where rebundling is neither necessary nor the more convenient
option.

Example scenario:

You might have a single master MySQL server (running locally or in EC2
with the DB backed by EBS). Getting that up and running is a simple
matter of putting in a new mysql config and attaching the EBS volume.
Certainly less than 10 commands. With an Ubuntu mirror inside EC2, this
is fast and cheap, and having it install on boot automatically makes
sure that the packages are up-to-date. In short: I wouldn't bother
rebundling.

Then you might have a set of slave MySQL servers. Depending on the
dynamism and volume of your data, there might not be any point in
prebundling anything. Perhaps you'd just grab an initial dataset at boot
or perhaps you'd prebundle an initial dataset and sync up. It varies.

Then you might have a bunch of servers hosting a *lot* of almost
completely static content. I would almost certainly rebundle an image
for this.

Lastly, I'd have a stack of application servers that only have code on
them. I would very likely not prebundle an image for them. I'd grab a
bzr checkout at boot and run with it. The bundled image would be out of
date almost immediately for actively developed web site, the amount of
code is rarely large enough to justify any sort of rebundling anyway as
it bootstraps quite quickly.

> About half of that time is just waiting for 'apt-get install' with the
> rest used to build custom packages from source. 

Why not build the custom packages outside of EC2 and just install them
at boot time?

> Most people after using EC2 will very quickly realize that the extra 2
> commands to bundle and register their AMI is completely worth it.  It
> reduces my 30+ minute restart time down to less than 30 seconds.

It's not just about the commands you need to run. It's also about making
sure the images are kept up-to-date. It's about the extra space you need
to use on S3 to store your image. And last but not least, it's about the
fact that sometimes the base AMI is useful as it is.

>>> Everyone in this conversation has entirely missed my point about
>>> this.  This is not something I'm advocating or ever do with live
>>> servers.  This is about an EC2 instance on first boot that still has
>>> not been configured for use.  Don't think of it as the Ubuntu
>>> distribution image.  Think of it as a pre-distribution.  In this
>>> situation there's no advantage to sudo and there are disadvantages.
>>> I'm not the one failing to evolve.  You guys are all stuck in
>>> "that's how we do it" mode and can't look beyond that.
>> I'm perfectly happy to discuss the merits, benefits and drawbacks of
>> using sudo instead of direct root logins. I'm less happy to do so if
>> the primary "drawback" is that "everyone else does it differently".
> Honestly I'm not so much asking that this be changed, just more that
> it not be treated as a sin.  On first boot during scripted
> configurations, which will be common on ec2, it's an extremely useful
> tool that does not weaken security.  

I don't think this discussion can usefully continue, unless you either
accept that people will actually log into these instances and use them
as is, or that I reject the idea that anyone will ever, ever do so.

Also, it's worth noting that the use of sudo isn't all about security.
In the default configuration (not just on EC2, but on the desktop as
well)), there's only the one user, and they're essentially free to do as
they please, provided they enter their very own password. sudo is there
to protect them from themselves, and to make it that much more difficult
to shoot themselves in the foot.

> I guess my request would be a blessed command that enables/disables
> root logins.

Didn't someone provide a link to something like that in this thread? I'm
not sure. Besides, Ubuntu has a wiki. Anyone can put anything on there.

-- 
Soren Hansen                 | 
Lead Virtualisation Engineer | Ubuntu Server Team
Canonical Ltd.               | http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/mailman/private/ec2/attachments/20090311/c8a78a5c/attachment-0002.pgp 