Oracle Linux Images for Open Telekom Cloud
The subdirectories contain Oracle Linux cloud images for use in Open Telekom Cloud. The images are built using the kiwi tool.
The images use cloud-init to do basic configuration and customization at startup. This allows to inject ssh keys, install packages, etc. Currently, OTC does not offer an interface to inject custom metadata yet, unfortunately. Also, cloud-init is currently hardcoded to inject a user linux with the password cloud.1234 and with full sudo power. Please do NOT enable ssh password auth without changing the password. Injecting a password via the OTC web interface is currently not supported.
The images here have been automatically been built on a VM in OTC using kiwi. Configuration (kiwi config and scripts), log files and changelog are available as well.
Huawei has some additional tools that are recommended for OTC guest images. They enhance monitoring capabilities, time synchronization as well as providing guest support for detaching data disks and creating snapshots. These have been built on OBS in my home:garloff:OTC project and the uvp-monitor package is included in the images here. (For CentOS-6/OEL-6, we also need an additional kernel module from above OBS project which is still being worked on.)
There are OracleLinux-6.9 and 7.5 images.
- The OEL-6 needs an extra reboot to make the partition resize effective on first boot. (cloud-init grows the partition and root filesystem to fill the root disk size.)
- The kmod-uvpmod package is preinstalled on OEL-6 to ensure that monitoring is working. As these contain kernel modules (although papackaged properly as kmods), this could cause issues when dealing with Oracle support.
To build these images yourself, install kiwi (e.g. from the OBS Virtualization:Appliances repository), zerofree, grub, yum and call the
./create_appliance.sh script in the config tarball.
The images are currently rebuilt every night -- changelogs, logs, package lists and configs are published along with the images. If the rebuild is identical to the previous, the image won't be puslished here. Also there is no automated test beyond the image build success yet.
The images have the upstream repositories and update repositories configured as well as the extra repositories that were used for additional tools. This way, they can be updated easily, although the proper cloud way might be to redeploy everything regularly on a current image.
The images have a minimal configuration and some basic hardening (network and sshd settings). More advanced hardening may be done in the future.
Old images will be purged -- if you need them available, you need to download and archive them yourself.
The images have been signed with the OTC Image Builder key 2048R/03067050 or (starting on 2018-06-01) 2048R/C4C85D49.
OTC Image Builder key:
pub 2048R/03067050 2016-01-07 [expires: 2018-01-06] Key fingerprint = 224C DD82 F3E3 8F60 D690 D891 0CDB 8F9F 0306 7050 uid OTC Image Builder sub 2048R/D8876977 2016-01-07 [expires: 2018-01-06] pub 2048R/C4C85D49 2018-01-06 [expires: 2020-01-06] Key fingerprint = 85C8 D136 9BA0 A102 47E5 F8A3 B52D CBA9 C4C8 5D49 uid [ultimate] OTC ImageBuilder (OTC ImageFactory image signing key 2018/19) sub 2048R/F7DA39F9 2018-01-06 [expires: 2020-01-06]
See the detached signatures in the .asc files. You can get the key from common keyservers. I have signed the keys with my personal key 2BFFC5BF.
Questions: Feel free to contact me at firstname.lastname@example.org (remove the -nospam from the address).