Federated Cloud Virtual Machine Image Preparation

From EGIWiki
Jump to: navigation, search
Overview For users For resource providers Infrastructure status Site-specific configuration Architecture



Contents


Overview

Packaging your application in a custom VM image is a suggested solution in one of the following cases:

Custom VM images can be crafted in different ways. The two main possibilities are:

In this guide we will focus on the first option, because it tends to produce cleaner images and reduces the risks of hardware conflicts. Snapshotting may be also restricted by the cloud providers or by security policies.

Advantages

Disadvantages

Image size and layout

The bigger the VM image, the longer it will take to be distributed to the cloud providers and the longer it will take to be started on the infrastructure. As a general rule, always try to make images as smaller as possible following these guidelines:

For the disk layout is recommended to use a single partition (no /boot, no swap) and to avoid LVM. This will allow the cloud provider to easily resize your partition when instantiated and to modify files in it if needed.

Contextualization and credentials

Your images should never include any credentials on them. Instead you should use contextualization. cloud-init is a tool that will simplify the contextualization process for you. This is widely available as packages in major OS distributions and is supported by all the providers of the EGI Federated Cloud and most of the commercial providers.

cloud-init documentation contains detailed examples on how to create users, run scripts, install packages and several other actions supported by the tool.

For complex setups, specially when applications involve multiple VMs it is recommendable to use cloud-init to bootstrap some Configuration Management Software that will manage the configuration of the VMs during runtime.

Security

You should also follow the best practice guides for each service that's exposed to the outside world. See for example guides for:

The hardening guidelines contain some extra tests that may be useful to run when preparing an image.

Tools

Whenever possible, automate the process of creating your images. This will allow you to:

EGI uses packer as a tool for automating the creation of our base images. This tool can use VirtualBox as hypervisor for the creation of the images and guarantees identical results under different platforms and providers.

Check the VMI-endorsement github repo with all the packer recipes used to build our images and re-use them as needed for your images.


Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Print/export