Matthew Thode <prometheanf...@gentoo.org> writes:
> I've updated the openstack images to make them smaller, make them work
> with dynamic ethernet interface add/delete, and make the disk resize on
> first boot. I've also made nomultilib and hardened images.
Good work on these images, prometheanfire. I've launched a few
instances and they work nicely.
I have some feedback:
- root can log in at the console with no password. This may have been
intentional but it's unusual in the industry. Consider a 'passwd -l
root' to lock the account from any access (until a sudo'ed 'gentoo'
user decides to set one).
- I noticed there is a reboot during the first launch. I assume this is
because of the disk resize. Consider these two other mechanisms for
accomplishing the resize (I've implemented both at my job, but in
other distros).
1) The initramfs has additional code that grows the / partition before
it is mounted. Probably genkernel doesn't support this today, but
it could.
2) / is on a small LVM logical volume. At early boot, an 'lvextend'
grows the lv to use the full disk without requiring the kernel to
re-read the partition table. This is the approach most distros
take.
Eliminating the reboot would shave some time off the launch. Also
cloud-init would be able to execute its new-instance code on the
system's final state (larger disk) instead of the intermediate
(pre-reboot, small-disk) state.
- I see the kernel sources are deleted (and a dangling symlink remains).
What Rackspace has done with its Gentoo images (and I've appreciated
it) is leave the kernel sources there. If I need some obscure module,
I can quickly build the single module and modprobe it.
I was able to make kernel adjustments by using /proc/config.gz,
re-installing the sources, building, and rebooting. It just took longer.
- The root disk is 5GB, and can grow from there. If it could fit into
1G, then m1.tiny's could be launched. This is probably a low-value
activity since 1G is hard to achieve (no portage tree!) and m1.tiny's
aren't useful generally.
Thanks for considering these enhancements for future builds. I'd love
to hear feedback on any of these suggestions.
--
Erik Mackdanz
