UsingCloudGuestImages
Using Ubuntu Cloud Guest Images
The goal of this page is to document how a cloud infrastructure provider can offer the best experience to their users by offering the standard images that we produce.
Image location
All our latest cloud images are always made available on
The latest images are available for a given release at
where <release> is the code name of the release (ie lucid for 10.04LTS, oneiric for 11.10, etc...)
Image updates
Our images are generally updated once a month to incrementally include the latest patch for this release. See our SRU policy for a list of what we consider acceptable changes at:
A running instance should be able to update itself automatically using the unattended-upgrades package or manually using apt-get update/upgrade commands. On most cloud technologies (AWS, OpenStack, Eucalyptus, etc..), these updates should include kernel updates without changing the image itself as the images are set up to use the in-image kernel (instance should still be restarted for these types of changes to take effect though).
What is changed between two updates
Each cloud image is publish with a manifest file containing the version of each of the packages included in the image. In order to compute a change list between two version of an image, you need to use a diff tool such as:
mfdiff will compare 2 package lists, and output a list of changes including the relative changelog entries as pulled from http://changelogs.ubuntu.com/changelogs/ . There are known issues with mfdiff if the specific package versions listed in the manifest are no longer available in the archive.
mdiff will genreate an output such as (example intentionally truncated):
./mfdiff amd64 lucid mfs/releases/lucid/release-20110719/ubuntu-10.04-server-uec-amd64.manifest mfs/lucid/20111028/lucid-server-cloudimg-i386.manifest
new: {'libc6-i686': '2.11.1-0ubuntu7.8', 'libc6-xen': '2.11.1-0ubuntu7.8'}
removed: {}
changed: ['linux-image-virtual', 'dhcp3-common', 'parted', 'libk5crypto3', 'libpam-runtime', 'libdbus-1-3', 'apt', 'aptitude', 'linux-image-ec2', 'logrotate', 'libpam0g', 'dbus', 'linux-image-2.6.32-34-virtual', 'libpng12-0', 'byobu', 'libgssapi-krb5-2', 'libparted0debian1', 'tzdata', 'python-apt', 'linux-virtual', 'linux-image-2.6.32-319-ec2', 'landscape-common', 'apt-utils', 'libpam-modules', 'ca-certificates', 'python-smartpm', 'libkrb5-3', 'landscape-client', 'dhcp3-client', 'apt-transport-https', 'libkrb5support0', 'linux-ec2']
==== krb5: 1.8.1+dfsg-2ubuntu0.9 => 1.8.1+dfsg-2ubuntu0.10 ====
==== libk5crypto3 libkrb5support0 libkrb5-3 libgssapi-krb5-2
* SECURITY UPDATE: fix multiple kdc DoS issues:
- db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c,
ldap/libkdb_ldap/lockout.c:
+ more strict checking for null pointers
+ disable assert and return when db is locked
+ applied inline from upstream
- CVE-2011-1528 and CVE-2011-1529
- MITKRB5-SA-2011-006
==== dhcp3: 3.1.3-2ubuntu3.2 => 3.1.3-2ubuntu3.3 ====
==== dhcp3-common dhcp3-client
* SECURITY UPDATE: denial of service via specially crafted packets
- debian/patches/CVE-2011-2748-2749.dpatch: tighten up restriction in
common/discover.c, properly calculate length in common/options.c,
validate packet->options in server/dhcp.c.
- CVE-2011-2748
- CVE-2011-2749If you do not feel like creating this list yourself, see the section below Getting informed of image changes
Providing local mirrors
Setting up a local mirror in each data-center that you will deploy will help your customers in obtaining updates and installing software quicker. A good reference, even if you do not plan to be a public mirror, is:
Once this is done, we will happily help you to ensure that the images you pull from us will directly fetch their updates from your local mirrors.
Getting informed of image changes
We encourage our cloud images users to subscribe to our ubuntu-cloud-announce mailing list which will inform them of any major modification that will be happening to the images.
UsingCloudGuestImages (last edited 2011-10-28 16:48:30 by mx)