Le Sat, Aug 02, 2014 at 07:22:24AM +0200, Lucas Nussbaum a écrit : > On 02/08/14 at 09:51 +0800, Paul Wise wrote: > > > > One downside of cloning Debian based images is that debootstrap, dpkg > > and package maintainer scripts leave system-specific files (like > > openssh private keys, systemd machine ids, dbus machine ids etc) in > > the resulting image and you have to workaround that after generating > > the image. > > > > How does Kadeploy currently deal with this sort of issue? > > There's a post-installation phase where machine-specific files are > copied to the cloned system. > > > Perhaps we need to merge the Debian cloud/live team's handling of this > > issue and put that in a package that Kadeploy can use... > > Yes, or at least the Kadeploy developers should take a look at what is > done there, to make sure that the same things are covered on both sides.
Ideally, the packages providing software using machine-specific keys or IDs, etc., should provide the functionalities to facilitate the production of generic machine images. A straightforward way is exemplified by the case of SSH, where the server keys are regenerated if they are absent. It then only takes to delete the keys when preparing images to avoid the problem of duplicated IDs or privacy leaks. Following similar ways with other packages when possible will avoid the proliferation of parallel solutions. This said, a check list or a checking program for inspecting images and finding if machine-speficif files are still present would be nice… Have a nice week-end, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140802070326.ga9...@falafel.plessy.net
