SUSE Images for Open Telekom Cloud
Link to the Image Browser of SUSE
The subdirectories contain SUSE based cloud images for use in Open Telekom Cloud. The images have originally been built in SUSE Studio. Due to limitations there (you can't set bootinclude via the GUI), the images from SUSE Studio won't work as is on OTC -- as the XEN block driver is not included in initrd.vmx. This can be fixed by doing some postprocessing or by using the kiwi tool directly, as the limitation in SUSE Studio comes purely from the frontend, not the kiwi backend.
The images use cloud-init to do basic configuration and customization at startup. This allows to inject ssh keys, install packages, etc. (via user-data). cloud-init is hardcoded to inject a user linux with a random password (which is displayed for local logins via /etc/issue) and with full sudo power. Please do NOT enable ssh password auth. Of course you can also set users and passwords via user_data.
The images here have been automatically been built on a VM in OTC using kiwi. Configuration (kiwi config and scripts), log files and changelog are available as well.
Huawei has some additional tools that are recommended for OTC guest images. They enhance monitoring capabilities, time synchronization as well as providing guest support for detaching data disks and creating snapshots. These have been built on OBS in my home:garloff:OTC project and the uvp-monitor package from there is included in the images here.
There are two openSUSE42.1 images (one with openstack client tools, the other one prepared for docker) as well as SLES11-SP4 and SLES12-SP1. (You can also find CentOS-6.9 and 7.5 images, Oracle Linux, RHEL, Fedora, and Debian images on the Image Factory.)
- The LVM setup for the root disk on the SLES SAP images suggests it is a good idea to enhance the storage with further disks and extend the volume group to enlarge the disks. This can be done, but for resilient cloud-ready applications, it is recommended to design stateless VMs, where the root disk does not carry any data that is not automatically injected via cloud-init or config management systems (such as ansible, chef, puppet, saltstack) from the outside.
- SLES11SP4 needs an extra reboot after the partition has been grown to fit the system disk, as the kernel will not accept a resized partition without a reboot.
To build these images yourself, install kiwi (e.g. from the OBS Virtualization:Appliances repository), grub and zerofree and call the
./create_appliance.sh script in the config tarball.
The images are currently rebuilt every night -- changelogs, logs, package lists and configs are published along with the images. If the rebuild is identical to the previous, the image won't be puslished here. The images are booted in a sandbox and are subjected to an automated testsuite. The test results are also published here.
The relevant directories above are openSUSE423_JeOS, openSUSE423_Docker, SLES11_SP4, SLES11_SP4_extended, SLES11_SP4_SAPHANA, SLES12_SP1_SAPHANA, SLES12_SP2, SLES12_SP3, SLES12_SP3_SAPHANA.
All other image directories are experiments or are from other team doing work on managed images that are not directly relevant for end customers on OTC.
The images have the upstream repositories and update repositories configured as well as the extra repositories that were used for additional tools. (The images have the repositories from our OTC mirror registered; the direct upstream repos are commented out.) This way, they can be updated easily, although the proper cloud way might be to redeploy everything regularly on a current image (the ones with _latest names).
The images have a minimal configuration and some basic hardening (network and sshd settings). More advanced hardening may be done in the future.
Old images will be purged -- if you need them available, you need to download and archive them yourself.
The images have been signed with the OTC Image Builder key 2048R/03067050 or (starting on 2018-06-01) 2048R/C4C85D49. OTC Image Builder key:
pub 2048R/03067050 2016-01-07 [expires: 2018-01-06] Key fingerprint = 224C DD82 F3E3 8F60 D690 D891 0CDB 8F9F 0306 7050 uid OTC Image Builder sub 2048R/D8876977 2016-01-07 [expires: 2018-01-06]
pub 2048R/C4C85D49 2018-01-06 [expires: 2020-01-06] Key fingerprint = 85C8 D136 9BA0 A102 47E5 F8A3 B52D CBA9 C4C8 5D49 uid [ultimate] OTC ImageBuilder (OTC ImageFactory image signing key 2018/19) sub 2048R/F7DA39F9 2018-01-06 [expires: 2020-01-06]
See the detached signatures in the .asc files. You can get the key from common fileservers. I have signed the key with my personal key 2BFFC5BF.
Questions: Feel free to contact me at email@example.com (remove the -nospam from the address).