-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 16 Jun 2014 23:26:19 -0500 Renich Bon Ciric <renich@xxxxxxxxxxxxxxxx> wrote: > On Mon, Jun 16, 2014 at 10:05 AM, Dennis Gilmore <dennis@xxxxxxxx> > wrote: > > we build all images for Fedora in koji using imagefactory/oz, your > > best bet is to take one of the nightly images and upload and see > > what's broken. note, there is a itern working on an uploading > > service to upload to the different providers. we also have a > > ticket open to gather all the accounts we need to create for > > providing images to all the different providers, this is so we can > > get a definite sign off from Legal on the agreements on uploading. > > In the end if we do not get legals okay for the accounts we can not > > make the accounts and provide images. > > > Well, as far as "it's working" goes, my image works fine. The thing is > to adhere to their recommendations and stuff. some are kind of > questionable. For example, they suggest automatic updates. Another > thing is get your firewall down; since they provide their own > implementation. > > Then, there's the daemon and init scripts they provide, which are not > packaged (as RPM) and should be, IMHO. > > # recommendations > https://developers.google.com/compute/docs/images#buildingimage > > Another thing is that they forbid root login and ask it to be locked. > But they like passwordless sudo; which brings no alternate benefit > other than "easier audit" as they said; which is irrelevant if you get > hacked. > > I'd like to know if we're on to discuss this or just adhere to their > recommendations. they bring some benefits... most of them. > we ship our images with root locked. cloud-init sets up a fedora user with sudo perms. to my displeasure we did disable the firewall in f20. cloud-init is fedora's tool for configuringa ccess to cloud guests and is a drop in replacement for googles versions. I think our existing images should be in compliance and should work, you could try uploading one and seeing what happens Dennis -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJToJZwAAoJEH7ltONmPFDRxQ0P/1INY/xhZ20+ft0ea2JeevTr oe4rwGwnW2MHUPVuOUS7z+ZnXFJEhGD+/BhZ+EtGx6EbcZpZBwB6xwYW6KJ2Gsp0 bMfWzOU40uw8X0hYhqHXVbrGgNaljBgTsVNd75Q/eyZ9bXVuQ1O19N7hmDFPRbza k89uK4MOM44KWDIRE5GorNrSotrMVRuAbzSVcdsXztspTPfKQX8u6fedbF8zpK3c KTZrwiSQ+LOT17UTHoPFhyQ8FdCw+IQxwvRL6/bHToRy2YmggVCJ56Nl0QxBni7o A39fGbKTwRgdEqJoEg1hcT3+DJSZ8I7Ht8Pw2Bpb3klkxCfhP9LMn6GZvjIDxRYJ Fb9y+4i70BbxBiTt3YgaGVvK9w0dvb+/tVc8Ht+FZAKpeK9dz1zkvqLcOO5JHUbc C4EEOGoNvCmlcyiBAbEVhLUcL4AjwX4EruNIF+lZ6RPGgicAx9dHplAmkLwCpxje uAye8u+CQJyGrSK9Zm3eEAPgC16a4i3KtBHx+DZL7uQ0urUwlAQWG3OP9UWb85Mw vjiA0jHoH1thDpqoc9fA4rYzXeZBKEhhG9lJE43n9KaSXiTYowKy79Ls4zkaO0wi 8I/8Z9zPACdRhV+zNDjSolSGfpeP2Jc2bjWFF9HAcezPdjaVdlihJQhy/8HZFDBX mYOJd+SfPC8r9y5GRpWt =nXND -----END PGP SIGNATURE----- _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
