Maintenance release: bugfixes, security updates, and better Amazon EC2 support

We've just pushed out a maintenance release for the 2009.10 appliance batch featuring:

With the new Ubuntu 10.04 LTS release (Lucid Lynx) coming out in a couple of weeks this is the last TurnKey release batch based on the Ubuntu 8.04 series.

Note that Ubuntu 8.04 is a Long Term Support release which will continue to be supported by Canonical with security updates for another 3 years (until April 2013).

Unfortunately, unlike Canonical we don't have the resources to support multiple versions of Ubuntu simultaneously. So with this maintenance release we bid 8.04 a fond farewell. We're cleaning house and sweeping all the bugs and outstanding issues out of the way before we begin rebuilding the appliance library from the ground up on top of a brand new distribution.

Fixing all the bugs from the previous release before rebuilding on a new distribution isn't just neat and tidy, it's good engineering!

Bugfixed and out of beta

We've fixed all the major issues reported by the community and are proud to remove the beta label from nearly all the appliances in the library.

Many thanks to everyone who provided feedback and helped us track down bugs. Most of the issues were minor, but a couple (cough Zimbra cough) were nasty!

Security updates

  • Pre-installed all security updates that have come out since our last release batch. Existing installations have already been auto-updated, so you don't need to do anything.

  • We now install security updates on first boot

    Previously appliances were configured to install security updates daily but we've realized that isn't good enough! We need to install security updates on first boot to prevent a window of vulnerability from opening between the time a fresh appliance is deployed and until the cron job that installs the security updates runs.

    On the other hand, installing security updates can take a few minutes and isn't critical in all usage scenarios (e.g., a local development VM) so when the appliance first boots the user is given a time-limited option to skip installation of the security updates.

Subscription to Amazon EC2 AMIs now easy and free

  1. Unified subscription (the easy part): we've created a single unified subscription that includes global access to all TurnKey appliance AMIs in all regions. Previously you had to subscribe to each appliance separately which was unnecessarily complicated.
     
  2. Free (as in beer): we've decided to let users try out TurnKey on EC2 for free while we solicit more feedback from the community on pricing here.

    In the future a reasonable mark-up on usage fees could be a great way to support development and allow users to each share a small part of the burden in keeping the project sustainable. But the devil is in the details, so we want your feedback on that!

New and improved Amazon EC2 AMIs

The latest batch of Amazon EC2 images now features:

  • Support for the us-west-1 region: meaning TurnKey images are now available in all EC2 regions under a new bucket naming scheme:
    • turnkeylinux-us-east-1
    • turnkeylinux-us-west-1
    • turnkeylinux-eu-west-1
  • Support for automating EC2 instance setup: via a new user-data scripts mechanism (blog post).
  • EBS auto-mounting support: replaces the old buggy ebsmount init script in previous images (blog post).

One more thing...

In the next few weeks we'll be launching a private beta of the TurnKey Hub, a web service we're building to make it super simple for users to deploy and manage TurnKey appliances in the cloud. If you're interested in receiving an invitation, register here.

Comments

Anon's picture

what? is this an example of security #fail?

== FLOSS'er ==

Jeremy Davis's picture

Huh?!? Not really quite clear what you're saying!? Is what an example of security?

Jeremy Davis's picture

Once again fantastic job! Congrats on getting the appliances out of beta!

Although I'm really looking forward to testing out the 10.04 based releases, I think this final 8.04 based release speaks volumes about your professionalism as a release team! Good work!

Also whilst TKL won't offically be supporting TKL 8.04 based releases post 10.04 based release, I'm sure people looking for some help may have some luck on the Support Forums. And as Liraz stated Ubuntu Server 8.04 is supported by Canonical for another 12mths. Perhaps once 10.04 based appliances are available, some of these releases (the ones that only include components from the supported repos) could still be available for download? Or perhaps that will overcomplicate things?

I really like your new initial security update function (theoretically anyway as I haven't tested it). This demonstrates that TKL is commited not just to easy to use appliances but also maximising real world security.

The Amazon improvements sound quite monumental in terms of making this technology more user (noob) friendly. The TKL hub sounds very interesting and I'm tempted to stick my hand up for an invite although I've never used Amazon and not sure when I will. Although if I could somehow set it up to boot on demand when required (ie so not paying for it sitting there idle when not needed)  then I think I could find a use for a private cloud web app server for my work. We have a web app we use in house (which runs in a VM on our server) but due to our (slow upload) internet connection it is painful when used offsite (which doesn't happen much - but can be useful). Thoughts anyone?

As I mentioned above, I'm tempted to apply for a TKL Hub beta account but I'm not sure if I'd actually use it, so you guys may not get a lot of value from my involvement....

But as for beta testing 10.04 based releases, count me in! I can't promise how much time I'll be able to spend, but more than happy to do what I can. At the very least I can install some of them and note any obvious gotchas. I have just aquired a number of old PCs - which I plan on refurbishing and selling cheap with Linux pre-installed (perhaps Ubuntu if its not too heavy on them) - so they may make good TKL test bed candidates in the meantime?

Liraz Siri's picture

You know, I kind of suspected we would get the most meaningful feedback on the release from you.

A few thoughts regarding some of the points you've raised:

  • Hardy based appliances unlikely to co-exist on the web site with Lucid based appliances: Once we come out with Lucid based appliance, the web site may not advertise the Hardy based images to avoid confusion but they will still be available from sourceforge if anybody is interested. And vice versa, before the Lucid based appliances are officially released we'll probably make betas available on sourceforge while keeping the Hardy based releases on the web site. I'm not ruling out making both versions available in parallel for awhile if there is enough interest from the community, but it would require some work on the web site CMS templates to support that and I fear if we're not careful the end-result would be ugly and confusing.
  • We're fully committed to real-world security of the appliances: In fact, we're increasingly using them ourselves internally so the concerns addressed are really our own. Better safe than sorry: something we learned doing computer security for the military.
  • Amazon EC2 is a good tool to have in your geek toolbox: You pay for Amazon EC2 instances by the hour. With the Hub it will literally be a click of a button to launch a new appliance with an amazing 1gbit network connection for as long as you need it. Development, demonstration purposes, testing. For example, building 40 appliances on a single machine can take many hours and if you make a mistake you have to start all over again. Instead we launch 40 instances in parallel and get all the appliances built in 20 minutes. We then transfer them to sourceforge at 20MB/s. Then the instances go away and it only costs us a few bucks. Basically you can tap into supercomputing scale powers when you need it from a laptop anywhere in the world and only pay for what you use. Powerful stuff.
  • We plan on supporting other clouds as well: The main problem with Amazon EC2 is that the VMs they offer don't start small enough. The smallest instance costs 8.5 cents an hour and has 1.6GB of RAM, 160GB of disk space. For some applications that's overkill. I hope Amazon move to support smaller/cheaper instance sizes but whether or not that happens the Hub will eventually support other cloud providers that do. For example, the smallest Rackspace cloud instance has 256MB RAM and costs just 1.5 cents an hour.
  • Giving new life to old machines: It's amazing how well old machines can run with new versions of Ubuntu. The other day I refurbished a P3 with 256MB RAM as a TV media center type appliance. Gnome wouldn't run with that much memory, but LXDE ran just fine. As a headless file server it didn't even break a sweat.
  • Linus's law - given enough eyeballs, all bugs are shallow: Once we come out with the Lucid beta appliances any time you (and others!) can put into helping testing will be a big help.
Jeremy Davis's picture

I really enjoy my involvement with TKL and its good to give a little something back (although I often wish I could do more).

Responses to your responses :)

  • Hardy/8.04 + Lucid/10.04: Now that you put it like that I totally agree. I think it would definately be confusing to some to see multiple versions of the same appliance side by side - especially seeing as they're not really the same appliance (ie Hardy vs Lucid). I think having them still available (via SourceForge) is a happy medium. Perhaps a link somewhere to the previous releases SourceForge download area may be nice? How about a "Previous Release" link at the end/bottom of the appliance list?
  • Amazon EC2: The more I hear about Amazon EC2 (and cloud computing in general) the more I want to play with it! Not a lot more to say here!
  • Other cloud providers: That's possibly one of the main reasons I haven't really bothered playing in the cloud to date. Whilst 8.5 cents/hr is hardly going to break the bank (in the short term at least), I don't have the need for the computing power on offer. Now 1.5 cents/hr is pretty much on par with a web hosting account (or a lot less if its not always on) but has the flexabilty to be so so much more! That sounds like something I could do some cool stuff with at a resonable price. TKL Hub sounds exciting, I think I'll have to head over to the poll and vote now!
  • New life to old PCs: I love to see old hardware get a second lease on life and I think teamed with opensource software it's a great opportunity to open the net up for some who may not have the cash. Also I think the home server market is only going to continue to grow. Also your comment above and the discussion over on this topic have got me thinking that a customised TKL/Ubuntu Desktop install (probably leveraging TKLPatch as you suggest) is probably a great way to go. If I were to use TKL then that could possibly open up some interesting remote support opportunities too (via SSH or even Webmin?) - but I'll have to ponder that a little more I think.
  • Bug testing: Righto, ready when you are! But one clarifying question: Going back to the the first point and the fact that there isn'y really a huge rush to get the new release out (as Ubuntu 8.04 is still far from EOL) will you maintain the 10.04 based beta appliances over on SourceForge until they are out of beta? (As opposed to the way the 8.04 based ones were basically in beta the whole time - until now that is). That would be a nice way to do it, but will you have access to the beta testing manpower to acheive that in a timely fashion? Or will you do the beta testing in 2 stages - say beta testing initially (SourceForge only access) then once happy with them, replace the current batch here with "Release Candidates" (or similar)?
Liraz Siri's picture

Hardy/8.04 + Lucid/10.04: We're thinking of maybe adding a download link to the updates in the changelog. That way if you want an old version you can just click on the version you want and then scroll down to download it from SF.

Bug testing: We probably won't keep Lucid based appliances in SF for too long (e.g., more than a month or so). Maybe we'll advertise their availability in a side link (e.g., "Beta Lucid build") on the template to get more people to download them and give us feedback. As soon as it looks like there are no major showstoppers, we'll push them out. It'll be a judgement call. There's no fixed schedule.

Jeremy Davis's picture

I think the idea of burying the link to the old appliance revisions in the changelog is a good plan, that way they are still easily available to those who are keen, but not immediately obvious where they may cause confusion.

Also links to beta appliances on appliance pages sounds like a smart plan.

Anon's picture

Really been eagerly waiting for this.

Any news on 64-bit systems in the upcoming LTS?

== FLOSS'er ==

Jeremy Davis's picture

I can't speak for Alon & Liraz but my understanding is that while it is on the agenda, it's highly unlikely any 64 bit appliances will make it into the next release.

It's not really relevant to your question, but there is word on the street that there is a chance that a Debian based Core appliance may make it into the next batch of releases.

Anon's picture

thanks.

Good to know, but sad that it's not making the cut (not even the basic core?).

Guess I'll have to wait for the next LTS.

== FLOSS'er ==

Liraz Siri's picture

64-bit will eventually be available for the upcoming Lucid based appliances but we won't be coming out with it on the first release batch. Maybe a couple of months later...
Anon's picture

sweet!

== FLOSS'er ==

Pages

Add new comment