On 4/8/19 2:32 PM, Jeremy Stanley wrote:
On 2019-04-08 03:39:51 +0000 (+0000), Mark Voelker wrote:
I don’t think I have a perfect answer here, but just to add fodder to the discussion: it’s often been suggested in the past that one way of dealing with this is to simply ensure that you can bring your image to any cloud you work with. Thus, rather than relying on an image to be named the same across the clouds you deal with, you can simply provide it yourself on those clouds so you know it’s identical. Many of the caveats to this approach should be fairly obvious (footprint, duplication, quotas, format conversion, etc), but for some workflows it provides the sorts of useful guarantees an end user may want. [...]
The other problem this works around is that, even if providers offer similar images under the same names or via the same image property metadata, there's no guarantee that what's on the images is identical (same versions of the same set of packages preinstalled with the same initial configurations, same root filesystem formatting and parameters, et cetera). I too just upload identical images to different providers, even for my personal use, so that I have some increased assurance of parity for the instances I boot there.
The nice thing, is that Glance provides checksums. Meaning that, if you do: openstack image show -c checksum -f value \ debian-9.8.2-20190303-openstack-amd64.qcow2 then you can make sure that's the same MD5 than at: http://cdimage.debian.org/cdimage/openstack/archive/9.8.2-20190303/MD5SUMS In such case, you know your cloud provider hasn't modified the official Debian image. It's just a shame that Glance doesn't show MD5 and not sha512 sums by default... Cheers, Thomas Goirand (zigo)