[CentOS-devel] [cloud] Features of a cloud VM template

Wed Apr 9 06:03:10 UTC 2014
Juerg Haefliger <juergh at gmail.com>

On Tue, Apr 8, 2014 at 2:24 PM, Nux! <nux at li.nux.ro> wrote:
>
> Hello,
>
> While the Cloud SIG is still being established, let's get to actual
> work and think of a set of features for a CentOS cloud template.
> I am referring here to VMs, not containers (e.g. docker).
>
> This is how I see it so far, please feel free to come with
> suggestions/comments/questions.
>
> A - Single partition for simplicity (and lack of good arguments against
> it)

I was wondering about LVM. It makes reconfiguration much easier (like
adding swap). But growroot doesn't support LVM.


>      - dracut-modules-growroot included so the template partition will
> expand to match target, cloud-init in charge of resize2fs

Only required for kernel < 3.8. Later kernels can do online partition
resizing (handled by cloud-init post initrd).


> B - To swap or not to swap?

Some service providers charge for disk IOs and nobody wants to pay for swap
activity, so I vote against swap.


> C - "tuned-adm profile virtual-host" which translates to:
>      - kern.sched_min_granularity_ns 10ms
>      - kernel.sched_wakeup_granularity_ns 15ms
>      - vm.dirty_ratio 40%
>      - vm.swappiness 30
>      - IO scheduler "deadline"
>      - fs barriers off
>      - CPU governor "performance"
>      - disk readahead 4x

Where do these come from? What's the rational?


> D - tso and gso off on the network interfaces http://s.nux.ro/gsotso

These seem to be settings on the host, not the guest.


> E - network interface remapping (75-persistent-net-generator.rules, BZ
> 912801)

Not authorized to access that bug.


> F - Selinux on. Do we relabel for uniqueness? Seen small VMs run out of
> memory while relabelling..

Ack.


> G - PERSISTENT_DHCLIENT="1" (BZ 1011013)

Ack.


> H - Bundle all the paravirt drivers in the ramdisk
> (virtio/xen/vmware/hyperv) so the same image can boot everywhere?

Seems reasonable. What's the impact on the initrd size?


> I - Per "stack" requirements (e.g. cloudstack relies a lot on root user
> and password logins, openstack tends not to, SSH key only logins etc
> etc)

Can we have a single image that fits all the different requirements?


> That's about all that crosses my mind for now.

K - No firwall. Handled by the service provider.

L - Timezone is set to UTC, Hostname is set to 'centos', lang is
en_US.UTF-8, keyboard is us (or whatever you guys think makes sense).

M - NOZEROCONF=yes

N - Along with the image, we'll also provide md5/sha1/sha256 checksums, gpg
signed files and a manifest (list of installed packages and their versions).


...Juerg


> Thoughts?
>
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140409/d7342563/attachment-0007.html>