As a long-time user, I second Alan's concerns. Reproducibility of cloud images doesn't seem to be a priority for the major distros, and at best, the marketplace throws up a roadblock requiring acceptance through the AWS dashboard when setting up a new account. On Wed, Feb 10, 2016 at 10:53 AM Alan Ivey <alanivey at gmail.com> wrote: > Hi everyone, > > I'd like to revisit the thread about how the CentOS 7 AMIs are created ( > https://lists.centos.org/pipermail/centos-devel/2015-July/013652.html) > and see if the process can be published in the > https://github.com/CentOS/sig-cloud-instance-build repository or another > relevant location. > > With CentOS 7 AMIs only being available in the Marketplace, all resulting > EC2 instances have the Marketplace codes attached to the EBS volumes. A > significant restriction of this is that a resulting image cannot be the > non-primary volume of an instance unless it is powered down. This presents > itself to be a problem in at least the following scenarios: > > - Unable to attach a CentOS 7 boot volume to another instance for > repair without either creating a temporary instance or shutting down an > existing one. For example, if you messed up the /etc/sudoers file and > logged out, and wanted to repair, you would not be able to repair by > mounting to another instance and editing the file without incurring > additional (albeit small) cost, or having an existing instance be > temporarily unavailable. > - The "amazon-chroot" Packer Builder ( > https://www.packer.io/docs/builders/amazon-chroot.html) does not work > because it starts by mounting a copy of the snapshot tied to the AMI as > part of a scripted operation and therefore cannot power off to do so > > Custom AMIs, snapshots, copied EBS volumes, etc, all have the marketplace > codes copied to them and inherit the restrictions. If an org was to use > these features for automating environments and was disconnected from the > original Marketplace agreement, they may be unaware of this limitation. > > I would also appreciate being able to have the additional transparency of > seeing how an AWS AMI is created as the docker/openstack/etc images from > the repository referenced above. This would be useful in environments with > regulatory compliance concerns, such as AWS GovCloud, HIPAA, FedRAMP, etc. > > I understand the benefit that Marketplace registrations allow for the > ability to notify users of any changes, and I am not necessarily advocating > for switching away from the Marketplace as the primary AMI location. I > would like to be provided the opportunity to build a private AMI in the > exact same procedure as the official image so as to avert the restrictions > provided by the Marketplace. > > *[Note: I previously posted this question to centos-virt > <https://lists.centos.org/pipermail/centos-virt/2016-February/004907.html>, > but I did not receive any feedback and I have since noticed that **https://wiki.centos.org/SpecialInterestGroup/Cloud > <https://wiki.centos.org/SpecialInterestGroup/Cloud> refers to the > CentOS-Devel list for discussion. My apologies to subscribers of both > lists.**]* > > Thank you, > Alan > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > https://lists.centos.org/mailman/listinfo/centos-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20160211/41a7866c/attachment-0008.html>