* Package name : warewulf Version : 3.8.1 Upstream Author : Gregory M. Kurtzer <gmkurtzer@gmail.com> * URL : https://warewulf.lbl.gov/ * License : BSD-3-Clause-like Programming Lang: Perl, Bourne, Bash Description : Systems management suite for Linux clusters Warewulf is an operating system management toolkit designed to facilitate large scale deployments of systems on physical, virtual and cloud-based infrastructures. It facilitates elastic and large deployments consisting of groups of homogenous systems. Compute nodes are managed via the warewulf suite that is installed to a head node. The head node executes services used to provision the operating system to compute nodes, which execute an iPXE agent. The essential services are tftpd, dhcpd, httpd and nfsd. Warewulf consists of a set of scripts which automate configuration of these services via a command-line interface. The upstream Warewulf source package includes embedded source tarballs for parted, ipxe, e2fsprogs, busybox, libarchive and unionfs. Thus, the upstream builds include binary code for these packages that are already available for Debian. A goal of this project is to remove these embedded packages from the build and ship packages that target the "all" architecture. Warewulf's upstream build also includes packaging of a compute node initrd image, created from the embedded packages. The Debian package will not include an initrd image. Rather, a script to create the initrd image via mkinitramfs and custom hooks will be used by the administrator to build the compute node initrd image after installing warewulf to the head node. This technique has the benefit of easing an administrator's task of updating the initrd image, when necessary. Warewulf is used by administrators who need to manage clusters of linux computers, and also by those who need to deploy operating system images over a LAN. I use it in my development environment for these purposes. I plan to maintain Warewulf within the debian-hpc team, of which I am a member. As my role is Debian Maintainer, the initial upload will require assistance from a sponsor.
Hi Brian,
while I appreciate your initiative, I'm a bit skeptical about the
inclusion of warewulf in Debian for the following reasons:
a) Development in the project has stalled for quite a while. It used to
be basically a one-man show driven by Gregory M. Kurtzer who now runs a
startup (https://www.sylabs.io/) pushing the singularity container
software.
b) The software is quite complex and involves system components which
are rather security critical. Given that we cannot count on upstream
concerning fixing security issues, I consider it a substantial risk that
we might have a hard time struggling with critical security bugs.
c) Given its complexity, the software is also rather involved
concerning its packaging process. Hence, I believe it only makes sense to
include it in Debian if there is a strong commitment from you and at
least one other DD for the long-term maintenance.
Because of these points I wouldn't be in favor of including warewulf in
Debian. I looked at it myself about a possible inclusion in our own
cluster OS Qlustar for a while, but didn't find it suitable for
basically the above reasons.
Please note, this is only my personal opinion and if the majority of the
Debian HPC team thinks otherwise, I have no problem with it. I just
think it's better to have this discussion now, rather than after you have
done all the work and it possibly would have been in vain ...
Cheers,
Roland
BS> Package: wnpp Severity: wishlist Owner: "Brian T. Smith"
BS> <bsmith@systemfabricworks.com> X-Debbugs-CC:
BS> debian-devel@lists.debian.org, debian-hpc@lists.debian.org
BS> * Package name : warewulf
BS> Version : 3.8.1 Upstream Author : Gregory M. Kurtzer
BS> <gmkurtzer@gmail.com>
BS> * URL : https://warewulf.lbl.gov/
BS> * License : BSD-3-Clause-like
BS> Programming Lang: Perl, Bourne, Bash Description : Systems
BS> management suite for Linux clusters
BS> Warewulf is an operating system management toolkit designed to
BS> facilitate large scale deployments of systems on physical,
BS> virtual and cloud-based infrastructures. It facilitates elastic
BS> and large deployments consisting of groups of homogenous
BS> systems.
BS> Compute nodes are managed via the warewulf suite that is
BS> installed to a head node. The head node executes services used
BS> to provision the operating system to compute nodes, which
BS> execute an iPXE agent. The essential services are tftpd, dhcpd,
BS> httpd and nfsd. Warewulf consists of a set of scripts which
BS> automate configuration of these services via a command-line
BS> interface.
BS> The upstream Warewulf source package includes embedded source
BS> tarballs for parted, ipxe, e2fsprogs, busybox, libarchive and
BS> unionfs. Thus, the upstream builds include binary code for these
BS> packages that are already available for Debian. A goal of this
BS> project is to remove these embedded packages from the build and
BS> ship packages that target the "all" architecture.
BS> Warewulf's upstream build also includes packaging of a compute
BS> node initrd image, created from the embedded packages. The
BS> Debian package will not include an initrd image. Rather, a
BS> script to create the initrd image via mkinitramfs and custom
BS> hooks will be used by the administrator to build the compute
BS> node initrd image after installing warewulf to the head node.
BS> This technique has the benefit of easing an administrator's task
BS> of updating the initrd image, when necessary.
BS> Warewulf is used by administrators who need to manage clusters
BS> of linux computers, and also by those who need to deploy
BS> operating system images over a LAN. I use it in my development
BS> environment for these purposes.
BS> I plan to maintain Warewulf within the debian-hpc team, of which
BS> I am a member. As my role is Debian Maintainer, the initial
BS> upload will require assistance from a sponsor.
Hi Roland, Agreed that the github repository is not seeing a lot of new development work. They are responding to issues and incorporating pull requests. The warewulf project doesn't look dead. The major security problem I found is the use of embedded software tarballs that would not be receiving any security updates unless addressed specifically by warewulf developers. The work I have done removes the warewulf dependency upon the embedded tarballs and uses the binaries delivered by the standard Debian packages. I'm still going through the scripts, so there my be glaring issues that I'm not aware of. Searching the web hasn't revealed any major security discussions regarding warewulf. If there is a link to such an article or you wish to specify what you found, please let me know. I had hoped to share my work with the Debian community. If there is little support for including the package, then I agree that the ITP is a wasted effort. Thanks for responding and bringing up your concerns. I'm having to do the packaging and fixes already for my own project. Getting it fully vetted and suitable for upload is, obviously, a much bigger effort.
Hello Brian, I wonder what's the status of the work in progress packaging of warewulf. I would be very happy to see it properly packaged and included in the official Debian main archive. Please let me know. Thank you for what you have done so far and for what you are doing!
Hi Francesco, This fell by the wayside due to the reasons discussed in this bug. Changing to RFP.
On Sat, 2 Jan 2021 14:08:45 -0600 Brian Smith <bsmith@systemfabricworks.com> wrote: [...] That's very sad. Thanks anyway for starting the packaging effort. Is your incomplete work in progress stored somewhere (for instance in a public version control repository), so that other people interested can take advantage of what you have already done? Is there a better alternative to warewulf? [Perceus] seems to be a basically dead project. I am not aware of any other similar systems... What are you currently using to manage an HPC cluster, if I may ask? [Perceus]: see <http://moo.nac.uci.edu/~hjm/Perceus-Report.html>
Hi Francesco, https://github.com/SystemFabricWorks/debian-warewulf3 The following build command works on stretch: $ gbp buildpackage I had intended to clean this up before publishing it. As far as the current state is concerned, I believe it does provision debian stretch -- to some degree. For Debian, not that I am aware of. xCat seems to get a lot of attention. I haven't used it, and the documentation says "Ubuntu". "managed" through manual configuration of dhcpd, etc. This begs the question : "Why don't I use my own packaging of warewulf?" The packaging wasn't completed and the requirements for this cluster change on a regular basis. The lack of interest in warewulf discouraged me from going further down that road. Wish i had a better answer for you.