Hi all,
Please see the proposal below and let me know if you have any suggestions, are interested in being involved, or any other comments, thoughts, or flames.
================================================================
Atomic Host SIG
The CentOS Atomic Host SIG will work on a CentOS-based Atomic Host image that provides a minimal image using rpm-ostree, as well as tools and documentation for users to create their own CentOS/Atomic images with custom package sets.
## Goals
* Ship a minimal CentOS Atomic Host that focuses on running Docker containers in production. * Provide ISO images installable with Anacona, and images suited for OpenStack, CloudStack, Amazon Web Services/Eucalyptus, and Google Compute Engine. * Provide tools and documentation that can be used to spin custom images from CentOS packages to be deployed with Atomic (rpm-ostree) tools. * Provide regular releases as underlying tools (e.g. rpm-ostree) advance, while maintaining stability for in-place upgrades. * Establish a time-based release cadence. * All code included in the Atomic image will be under an OSI-approved license. * Unless differentation is absolutely necessary, all packages common to CentOS core and CentOS Atomic will be identical.
## Mailing List and Communication
Work for the CentOS Atomic image relevant to CentOS build systems, etc. will take place on centos-devel. Work related to upstream Atomic will take place on the Atomic mailing lists.
Note that the Atomic community comprises efforts underway with CentOS, Fedora, and Red Hat Enterprise Linux, as well as upstreams like Docker and OpenShift (GearD) so discussions may span several communities and mailing lists.
## SIG Membership
The Atomic Host SIG will have a steering committee and committers. The steering committee will consist initially of Joe Brockmeier, Jason Brooks, Jim Perrin, Brian Proffitt, Greg DeKoenigsberg, and _________ (?). New committers and steering committee members are appointed by the steering committee.
Committer privileges, once earned, do not expire unless revoked by the steering committee.
The steering committee will appoint a chair to interface with the CentOS Board.
## Meetings
The CentOS Atomic SIG will initially meet weekly until all pieces are in place for regular releases, then as needed.
## Roadmap and (Action) TODO List
* Define package set * Establish builds for target environments (cloud deployments and bare metal) * Define orchestration tool(s) for CentOS Atomic * Establish test / QA processes * Set long-term release cadence, upgrade policies
## Further Info
* Project Atomic (http://projectatomic.io) * Fedora Atomic Initiative (http://rpm-ostree.cloud.fedoraproject.org/#/)
================================================================
Best,
jzb
Top posting some status updates:
The board voted to approve this SIG earlier this week, with a caveat for build requirements.
Most SIG ideas use the basic repo or rpm structure, whereas rpm-ostree has a fundamental shift in the build process for images. We'll be reaching out to the SIG leaders to identify what build resources may be necessary and how best to address those needs in a manner that can be reasonably automated. Once we have an idea of scope and tasks, we can start moving forward with this.
On 06/30/2014 10:05 AM, Joe Brockmeier wrote:
Hi all,
Please see the proposal below and let me know if you have any suggestions, are interested in being involved, or any other comments, thoughts, or flames.
================================================================
Atomic Host SIG
The CentOS Atomic Host SIG will work on a CentOS-based Atomic Host image that provides a minimal image using rpm-ostree, as well as tools and documentation for users to create their own CentOS/Atomic images with custom package sets.
## Goals
- Ship a minimal CentOS Atomic Host that focuses on running Docker
containers in production.
- Provide ISO images installable with Anacona, and images suited for
OpenStack, CloudStack, Amazon Web Services/Eucalyptus, and Google Compute Engine.
- Provide tools and documentation that can be used to spin custom images
from CentOS packages to be deployed with Atomic (rpm-ostree) tools.
- Provide regular releases as underlying tools (e.g. rpm-ostree)
advance, while maintaining stability for in-place upgrades.
- Establish a time-based release cadence.
- All code included in the Atomic image will be under an OSI-approved
license.
- Unless differentation is absolutely necessary, all packages common to
CentOS core and CentOS Atomic will be identical.
## Mailing List and Communication
Work for the CentOS Atomic image relevant to CentOS build systems, etc. will take place on centos-devel. Work related to upstream Atomic will take place on the Atomic mailing lists.
Note that the Atomic community comprises efforts underway with CentOS, Fedora, and Red Hat Enterprise Linux, as well as upstreams like Docker and OpenShift (GearD) so discussions may span several communities and mailing lists.
## SIG Membership
The Atomic Host SIG will have a steering committee and committers. The steering committee will consist initially of Joe Brockmeier, Jason Brooks, Jim Perrin, Brian Proffitt, Greg DeKoenigsberg, and _________ (?). New committers and steering committee members are appointed by the steering committee.
Committer privileges, once earned, do not expire unless revoked by the steering committee.
The steering committee will appoint a chair to interface with the CentOS Board.
## Meetings
The CentOS Atomic SIG will initially meet weekly until all pieces are in place for regular releases, then as needed.
## Roadmap and (Action) TODO List
- Define package set
- Establish builds for target environments (cloud deployments and bare
metal)
- Define orchestration tool(s) for CentOS Atomic
- Establish test / QA processes
- Set long-term release cadence, upgrade policies
## Further Info
- Project Atomic (http://projectatomic.io)
- Fedora Atomic Initiative (http://rpm-ostree.cloud.fedoraproject.org/#/)
================================================================
Best,
jzb
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
Hi all --
I've uploaded [0] a test image for a Project Atomic [1] host based on CentOS 7 [2], intended to help with the development of an official CentOS 7 image as part of the CentOS Atomic SIG [3].
The image has no default password, to access the image, use with cloud-init, and the user name "fedora" [4] or, if you're using virt-manager, or another virtualization tool without cloud-init support, boot from the ISO image "atomic-cidata.iso" in this directory, which will set the "fedora" user password to "password" and prompt immediately for a password change. For info on creating you own cloud-init iso, see [5].
For information on how to build your own CentOS or Fedora-based Atomic image, see [6].
[0] http://209.132.178.157/images [1] http://www.projectatomic.io/ [2] https://www.centos.org/ [3] http://www.projectatomic.io/blog/2014/06/centos-atomic-host-sig-propposed/ [4] The cloud-init package included here comes from EPEL, which comes from fedora, which explains why "fedora" is the user name. [5] http://cloudinit.readthedocs.org/en/latest/topics/datasources.html#config-dr... [6] https://github.com/jasonbrooks/byo-atomic
Regards, Jason
PS: The site where this image is stored is hosted from a Fedora 20 container running on an instance of this CentOS 7 Atomic image.
PPS: cockpit is segfaulting in this image currently, but docker & geard work
----- Original Message -----
From: "Jim Perrin" jperrin@centos.org To: centos-devel@centos.org Sent: Friday, July 18, 2014 6:39:47 AM Subject: Re: [CentOS-devel] CentOS Atomic Host SIG Proposal
Top posting some status updates:
The board voted to approve this SIG earlier this week, with a caveat for build requirements.
Most SIG ideas use the basic repo or rpm structure, whereas rpm-ostree has a fundamental shift in the build process for images. We'll be reaching out to the SIG leaders to identify what build resources may be necessary and how best to address those needs in a manner that can be reasonably automated. Once we have an idea of scope and tasks, we can start moving forward with this.
On 06/30/2014 10:05 AM, Joe Brockmeier wrote:
Hi all,
Please see the proposal below and let me know if you have any suggestions, are interested in being involved, or any other comments, thoughts, or flames.
================================================================
Atomic Host SIG
The CentOS Atomic Host SIG will work on a CentOS-based Atomic Host image that provides a minimal image using rpm-ostree, as well as tools and documentation for users to create their own CentOS/Atomic images with custom package sets.
## Goals
- Ship a minimal CentOS Atomic Host that focuses on running Docker
containers in production.
- Provide ISO images installable with Anacona, and images suited for
OpenStack, CloudStack, Amazon Web Services/Eucalyptus, and Google Compute Engine.
- Provide tools and documentation that can be used to spin custom images
from CentOS packages to be deployed with Atomic (rpm-ostree) tools.
- Provide regular releases as underlying tools (e.g. rpm-ostree)
advance, while maintaining stability for in-place upgrades.
- Establish a time-based release cadence.
- All code included in the Atomic image will be under an OSI-approved
license.
- Unless differentation is absolutely necessary, all packages common to
CentOS core and CentOS Atomic will be identical.
## Mailing List and Communication
Work for the CentOS Atomic image relevant to CentOS build systems, etc. will take place on centos-devel. Work related to upstream Atomic will take place on the Atomic mailing lists.
Note that the Atomic community comprises efforts underway with CentOS, Fedora, and Red Hat Enterprise Linux, as well as upstreams like Docker and OpenShift (GearD) so discussions may span several communities and mailing lists.
## SIG Membership
The Atomic Host SIG will have a steering committee and committers. The steering committee will consist initially of Joe Brockmeier, Jason Brooks, Jim Perrin, Brian Proffitt, Greg DeKoenigsberg, and _________ (?). New committers and steering committee members are appointed by the steering committee.
Committer privileges, once earned, do not expire unless revoked by the steering committee.
The steering committee will appoint a chair to interface with the CentOS Board.
## Meetings
The CentOS Atomic SIG will initially meet weekly until all pieces are in place for regular releases, then as needed.
## Roadmap and (Action) TODO List
- Define package set
- Establish builds for target environments (cloud deployments and bare
metal)
- Define orchestration tool(s) for CentOS Atomic
- Establish test / QA processes
- Set long-term release cadence, upgrade policies
## Further Info
- Project Atomic (http://projectatomic.io)
- Fedora Atomic Initiative (http://rpm-ostree.cloud.fedoraproject.org/#/)
================================================================
Best,
jzb
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
-- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 25 Jul 2014, Jason Brooks wrote:
I've uploaded [0] a test image for a Project Atomic [1] host based on CentOS 7 [2], intended to help with the development of an official CentOS 7 image as part of the CentOS Atomic SIG [3]. ...
Jason, would you please be so kind as to Gnupg 'clearsign' [1] the SHASUM file with a key of record at the MIT keyserver, and hopefully endorsed by someone on the list at [2]. There are several Red Hatters and Fedorians
The security model for distributing these blogs is potentially broken as your initial post makes it.
-Hypothetically, a Dr Evil, or a MitM, could subvert both the images and the SHASUM file.
- Transit is over a non SSL protected channel and so subject to invisible MitM.
- I do not know the provenance of a un-named IP on the internet.
- It is not clear how the distribution is maintained or potentially shared with anonymous others
If the image was built by a scripted process, I would also appreciate seeing such automation scripting as well
Thanks,
- -- Russ herrold
[1] http://orcorc.blogspot.com/2008/08/gnupg-few-minutes-on-using-detached-and.h... [2] https://pgp.mit.edu/pks/lookup?op=vindex&search=0x311875419B649644
This is just a test image, totally unofficial. I expect the SIG eventually to distribute images with all the sorts of measures you suggest.
For now, for enhanced trustability, I suggest people build their own.
Regards,
Jason
R P Herrold herrold@owlriver.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 25 Jul 2014, Jason Brooks wrote:
I've uploaded [0] a test image for a Project Atomic [1] host based on CentOS 7 [2], intended to help with the development of an official CentOS 7 image as part of the CentOS Atomic SIG [3]. ...
Jason, would you please be so kind as to Gnupg 'clearsign' [1] the SHASUM file with a key of record at the MIT keyserver, and hopefully endorsed by someone on the list at [2]. There are several Red Hatters and Fedorians
The security model for distributing these blogs is potentially broken as your initial post makes it.
-Hypothetically, a Dr Evil, or a MitM, could subvert both the images and the SHASUM file.
- Transit is over a non SSL protected channel and so subject to invisible MitM.
- I do not know the provenance of a un-named IP on the internet.
- It is not clear how the distribution is maintained or potentially shared with anonymous others
If the image was built by a scripted process, I would also appreciate seeing such automation scripting as well
Thanks,
- -- Russ herrold
[1] http://orcorc.blogspot.com/2008/08/gnupg-few-minutes-on-using-detached-and.h... [2] https://pgp.mit.edu/pks/lookup?op=vindex&search=0x311875419B649644
_______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On Fri, 25 Jul 2014, Jason Brooks wrote:
For now, for enhanced trustability, I suggest people build their own.
earlier that day:
R P Herrold herrold@owlriver.com wrote:
...
If the image was built by a scripted process, I would also appreciate seeing such automation scripting as well
I had looked at the pipermail archive before asking ... The back archive of the Atomic devel mailing list has some back and forth that left me confused as to what actually worked
When I wrote that last Friday, I was hoping for a 'worked example' from what you had done and posted (seemingly actually working to some extant), so that I might replicate it locally
-- Russ herrold
----- Original Message -----
From: "R P Herrold" herrold@owlriver.com To: "Jason Brooks" jbrooks@redhat.com Cc: "The CentOS developers mailing list." centos-devel@centos.org, atomic-devel@projectatomic.io Sent: Monday, July 28, 2014 8:28:20 AM Subject: [CentOS-devel] CentOS Atomic Host SIG Proposal
On Fri, 25 Jul 2014, Jason Brooks wrote:
For now, for enhanced trustability, I suggest people build their own.
earlier that day:
R P Herrold herrold@owlriver.com wrote:
...
If the image was built by a scripted process, I would also appreciate seeing such automation scripting as well
I had looked at the pipermail archive before asking ... The back archive of the Atomic devel mailing list has some back and forth that left me confused as to what actually worked
When I wrote that last Friday, I was hoping for a 'worked example' from what you had done and posted (seemingly actually working to some extant), so that I might replicate it locally
The directions to build your own are here:
https://github.com/jasonbrooks/byo-atomic
If you try and it doesn't work, please let me know -- it should work, though, this is how I made the image I posted.
Regards, Jason
-- Russ herrold _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
-
Jason Brooks -
Jim Perrin -
Joe Brockmeier -
R P Herrold